Code Coverage |
||||||||||
Classes and Traits |
Functions and Methods |
Lines |
||||||||
| Total | |
0.00% |
0 / 1 |
|
0.00% |
0 / 3 |
CRAP | |
0.00% |
0 / 79 |
| CommentAccessControlHandler | |
0.00% |
0 / 1 |
|
0.00% |
0 / 3 |
812 | |
0.00% |
0 / 79 |
| checkAccess | |
0.00% |
0 / 1 |
132 | |
0.00% |
0 / 20 |
|||
| checkCreateAccess | |
0.00% |
0 / 1 |
2 | |
0.00% |
0 / 2 |
|||
| checkFieldAccess | |
0.00% |
0 / 1 |
272 | |
0.00% |
0 / 57 |
|||
| <?php | |
| /** | |
| * @file | |
| * Contains \Drupal\comment\CommentAccessControlHandler. | |
| */ | |
| namespace Drupal\comment; | |
| use Drupal\Core\Access\AccessResult; | |
| use Drupal\Core\Entity\EntityAccessControlHandler; | |
| use Drupal\Core\Entity\EntityInterface; | |
| use Drupal\Core\Field\FieldDefinitionInterface; | |
| use Drupal\Core\Field\FieldItemListInterface; | |
| use Drupal\Core\Session\AccountInterface; | |
| /** | |
| * Defines the access control handler for the comment entity type. | |
| * | |
| * @see \Drupal\comment\Entity\Comment | |
| */ | |
| class CommentAccessControlHandler extends EntityAccessControlHandler { | |
| /** | |
| * {@inheritdoc} | |
| */ | |
| protected function checkAccess(EntityInterface $entity, $operation, AccountInterface $account) { | |
| /** @var \Drupal\comment\CommentInterface|\Drupal\user\EntityOwnerInterface $entity */ | |
| $comment_admin = $account->hasPermission('administer comments'); | |
| if ($operation == 'approve') { | |
| return AccessResult::allowedIf($comment_admin && !$entity->isPublished()) | |
| ->cachePerPermissions() | |
| ->cacheUntilEntityChanges($entity); | |
| } | |
| if ($comment_admin) { | |
| $access = AccessResult::allowed()->cachePerPermissions(); | |
| return ($operation != 'view') ? $access : $access->andIf($entity->getCommentedEntity()->access($operation, $account, TRUE)); | |
| } | |
| switch ($operation) { | |
| case 'view': | |
| return AccessResult::allowedIf($account->hasPermission('access comments') && $entity->isPublished())->cachePerPermissions()->cacheUntilEntityChanges($entity) | |
| ->andIf($entity->getCommentedEntity()->access($operation, $account, TRUE)); | |
| case 'update': | |
| return AccessResult::allowedIf($account->id() && $account->id() == $entity->getOwnerId() && $entity->isPublished() && $account->hasPermission('edit own comments'))->cachePerPermissions()->cachePerUser()->cacheUntilEntityChanges($entity); | |
| default: | |
| // No opinion. | |
| return AccessResult::neutral()->cachePerPermissions(); | |
| } | |
| } | |
| /** | |
| * {@inheritdoc} | |
| */ | |
| protected function checkCreateAccess(AccountInterface $account, array $context, $entity_bundle = NULL) { | |
| return AccessResult::allowedIfHasPermission($account, 'post comments'); | |
| } | |
| /** | |
| * {@inheritdoc} | |
| */ | |
| protected function checkFieldAccess($operation, FieldDefinitionInterface $field_definition, AccountInterface $account, FieldItemListInterface $items = NULL) { | |
| if ($operation == 'edit') { | |
| // Only users with the "administer comments" permission can edit | |
| // administrative fields. | |
| $administrative_fields = array( | |
| 'uid', | |
| 'status', | |
| 'created', | |
| 'date', | |
| ); | |
| if (in_array($field_definition->getName(), $administrative_fields, TRUE)) { | |
| return AccessResult::allowedIfHasPermission($account, 'administer comments'); | |
| } | |
| // No user can change read-only fields. | |
| $read_only_fields = array( | |
| 'hostname', | |
| 'changed', | |
| 'cid', | |
| 'thread', | |
| ); | |
| // These fields can be edited during comment creation. | |
| $create_only_fields = [ | |
| 'comment_type', | |
| 'uuid', | |
| 'entity_id', | |
| 'entity_type', | |
| 'field_name', | |
| 'pid', | |
| ]; | |
| if ($items && ($entity = $items->getEntity()) && $entity->isNew() && in_array($field_definition->getName(), $create_only_fields, TRUE)) { | |
| // We are creating a new comment, user can edit create only fields. | |
| return AccessResult::allowedIfHasPermission($account, 'post comments')->addCacheableDependency($entity); | |
| } | |
| // We are editing an existing comment - create only fields are now read | |
| // only. | |
| $read_only_fields = array_merge($read_only_fields, $create_only_fields); | |
| if (in_array($field_definition->getName(), $read_only_fields, TRUE)) { | |
| return AccessResult::forbidden(); | |
| } | |
| // If the field is configured to accept anonymous contact details - admins | |
| // can edit name, homepage and mail. Anonymous users can also fill in the | |
| // fields on comment creation. | |
| if (in_array($field_definition->getName(), ['name', 'mail', 'homepage'], TRUE)) { | |
| if (!$items) { | |
| // We cannot make a decision about access to edit these fields if we | |
| // don't have any items and therefore cannot determine the Comment | |
| // entity. In this case we err on the side of caution and prevent edit | |
| // access. | |
| return AccessResult::forbidden(); | |
| } | |
| /** @var \Drupal\comment\CommentInterface $entity */ | |
| $entity = $items->getEntity(); | |
| $commented_entity = $entity->getCommentedEntity(); | |
| $anonymous_contact = $commented_entity->get($entity->getFieldName())->getFieldDefinition()->getSetting('anonymous'); | |
| $admin_access = AccessResult::allowedIfHasPermission($account, 'administer comments'); | |
| $anonymous_access = AccessResult::allowedIf($entity->isNew() && $account->isAnonymous() && $anonymous_contact != COMMENT_ANONYMOUS_MAYNOT_CONTACT && $account->hasPermission('post comments')) | |
| ->cachePerPermissions() | |
| ->cacheUntilEntityChanges($entity) | |
| ->cacheUntilEntityChanges($field_definition->getConfig($commented_entity->bundle())) | |
| ->cacheUntilEntityChanges($commented_entity); | |
| return $admin_access->orIf($anonymous_access); | |
| } | |
| } | |
| if ($operation == 'view') { | |
| // Nobody has access to the hostname. | |
| if ($field_definition->getName() == 'hostname') { | |
| return AccessResult::forbidden(); | |
| } | |
| // The mail field is hidden from non-admins. | |
| if ($field_definition->getName() == 'mail') { | |
| return AccessResult::allowedIfHasPermission($account, 'administer comments'); | |
| } | |
| } | |
| return parent::checkFieldAccess($operation, $field_definition, $account, $items); | |
| } | |
| } |