class CommentSelection

Same name and namespace in other branches
  1. 9 core/modules/comment/src/Plugin/EntityReferenceSelection/CommentSelection.php \Drupal\comment\Plugin\EntityReferenceSelection\CommentSelection
  2. 8.9.x core/modules/comment/src/Plugin/EntityReferenceSelection/CommentSelection.php \Drupal\comment\Plugin\EntityReferenceSelection\CommentSelection
  3. 11.x core/modules/comment/src/Plugin/EntityReferenceSelection/CommentSelection.php \Drupal\comment\Plugin\EntityReferenceSelection\CommentSelection

Provides specific access control for the comment entity type.

Hierarchy

Expanded class hierarchy of CommentSelection

File

core/modules/comment/src/Plugin/EntityReferenceSelection/CommentSelection.php, line 15

Namespace

Drupal\comment\Plugin\EntityReferenceSelection
View source
class CommentSelection extends DefaultSelection {
  
  /**
   * {@inheritdoc}
   */
  protected function buildEntityQuery($match = NULL, $match_operator = 'CONTAINS') {
    $query = parent::buildEntityQuery($match, $match_operator);
    // Adding the 'comment_access' tag is sadly insufficient for comments:
    // core requires us to also know about the concept of 'published' and
    // 'unpublished'.
    if (!$this->currentUser
      ->hasPermission('administer comments')) {
      $query->condition('status', CommentInterface::PUBLISHED);
    }
    return $query;
  }
  
  /**
   * {@inheritdoc}
   */
  public function createNewEntity($entity_type_id, $bundle, $label, $uid) {
    $comment = parent::createNewEntity($entity_type_id, $bundle, $label, $uid);
    // In order to create a referenceable comment, it needs to published.
    /** @var \Drupal\comment\CommentInterface $comment */
    $comment->setPublished();
    return $comment;
  }
  
  /**
   * {@inheritdoc}
   */
  public function validateReferenceableNewEntities(array $entities) {
    $entities = parent::validateReferenceableNewEntities($entities);
    // Mirror the conditions checked in buildEntityQuery().
    if (!$this->currentUser
      ->hasPermission('administer comments')) {
      $entities = array_filter($entities, function ($comment) {
        /** @var \Drupal\comment\CommentInterface $comment */
        return $comment->isPublished();
      });
    }
    return $entities;
  }
  
  /**
   * {@inheritdoc}
   */
  public function validateReferenceableEntities(array $ids) {
    $result = [];
    if ($ids) {
      $target_type = $this->configuration['target_type'];
      $entity_type = $this->entityTypeManager
        ->getDefinition($target_type);
      $query = $this->buildEntityQuery();
      // Mirror the conditions checked in buildEntityQuery().
      if (!$this->currentUser
        ->hasPermission('administer comments')) {
        $query->condition('status', 1);
      }
      $result = $query->condition($entity_type->getKey('id'), $ids, 'IN')
        ->execute();
    }
    return $result;
  }
  
  /**
   * {@inheritdoc}
   */
  public function entityQueryAlter(SelectInterface $query) {
    parent::entityQueryAlter($query);
    $tables = $query->getTables();
    $data_table = 'comment_field_data';
    if (!isset($tables['comment_field_data']['alias'])) {
      // If no conditions join against the comment data table, it should be
      // joined manually to allow node access processing.
      $query->innerJoin($data_table, NULL, "[base_table].[cid] = [{$data_table}].[cid] AND [{$data_table}].[default_langcode] = 1");
    }
    // Historically, comments were always linked to 'node' entities, but that is
    // no longer the case, as the 'node' module might not even be enabled.
    // Comments can now be linked to any entity and they can also be referenced
    // by other entities, so we won't have a single table to join to. That
    // actually means that we can no longer optimize the query on those cases.
    // However, the most common case remains to be comment replies, and in this
    // case, we can get the host entity type if the 'entity' value is present
    // and perform the extra joins and alterations needed.
    $comment = $this->getConfiguration()['entity'];
    if ($comment instanceof CommentInterface) {
      $host_entity_type_id = $comment->getCommentedEntityTypeId();
      /** @var \Drupal\Core\Entity\EntityTypeInterface $host_entity_type */
      $host_entity_type = $this->entityTypeManager
        ->getDefinition($host_entity_type_id);
      $host_entity_field_data_table = $host_entity_type->getDataTable();
      // Not all entities have a data table, so check first.
      if ($host_entity_field_data_table) {
        $id_key = $host_entity_type->getKey('id');
        // The Comment module doesn't implement per-comment access, so it
        // checks instead that the user has access to the host entity.
        $entity_alias = $query->innerJoin($host_entity_field_data_table, 'n', "[%alias].[{$id_key}] = [{$data_table}].[entity_id] AND [{$data_table}].[entity_type] = '{$host_entity_type_id}'");
        // Pass the query to the entity access control.
        $this->reAlterQuery($query, $host_entity_type_id . '_access', $entity_alias);
        // Additional checks for "node" entities.
        if ($host_entity_type_id === 'node') {
          // Passing the query to node_query_node_access_alter() is sadly
          // insufficient for nodes.
          // @see \Drupal\node\Plugin\EntityReferenceSelection\NodeSelection::buildEntityQuery()
          if (!$this->currentUser
            ->hasPermission('bypass node access') && !$this->moduleHandler
            ->hasImplementations('node_grants')) {
            $query->condition($entity_alias . '.status', 1);
          }
        }
      }
    }
  }
  
  /**
   * {@inheritdoc}
   */
  public function getReferenceableEntities($match = NULL, $match_operator = 'CONTAINS', $limit = 0) {
    $target_type = $this->getConfiguration()['target_type'];
    $query = $this->buildEntityQuery($match, $match_operator);
    if ($limit > 0) {
      $query->range(0, $limit);
    }
    $result = $query->execute();
    if (empty($result)) {
      return [];
    }
    $options = [];
    $entities = $this->entityTypeManager
      ->getStorage($target_type)
      ->loadMultiple($result);
    foreach ($entities as $entity_id => $entity) {
      // Additional access check as comments might be attached to entities
      // which the current user does not have access to.
      if ($entity->access('view', $this->currentUser)) {
        $bundle = $entity->bundle();
        $options[$bundle][$entity_id] = Html::escape($this->entityRepository
          ->getTranslationFromContext($entity)
          ->label() ?? '');
      }
    }
    return $options;
  }
  
  /**
   * {@inheritdoc}
   */
  public function countReferenceableEntities($match = NULL, $match_operator = 'CONTAINS') {
    $options = $this->getReferenceableEntities($match, $match_operator);
    return count($options, COUNT_RECURSIVE) - count($options);
  }

}

Members

Title Sort descending Modifiers Object type Summary Overriden Title Overrides
CommentSelection::buildEntityQuery protected function Builds an EntityQuery to get referenceable entities. Overrides DefaultSelection::buildEntityQuery
CommentSelection::countReferenceableEntities public function Counts entities that are referenceable. Overrides DefaultSelection::countReferenceableEntities
CommentSelection::createNewEntity public function Creates a new entity object that can be used as a valid reference. Overrides DefaultSelection::createNewEntity
CommentSelection::entityQueryAlter public function Allows the selection to alter the SelectQuery generated by EntityFieldQuery. Overrides SelectionPluginBase::entityQueryAlter
CommentSelection::getReferenceableEntities public function Gets the list of referenceable entities. Overrides DefaultSelection::getReferenceableEntities
CommentSelection::validateReferenceableEntities public function Validates which existing entities can be referenced. Overrides DefaultSelection::validateReferenceableEntities
CommentSelection::validateReferenceableNewEntities public function Validates which newly created entities can be referenced. Overrides DefaultSelection::validateReferenceableNewEntities
DefaultSelection::$currentUser protected property The current user.
DefaultSelection::$entityFieldManager protected property The entity field manager service.
DefaultSelection::$entityRepository protected property The entity repository.
DefaultSelection::$entityTypeBundleInfo public property Entity type bundle info service.
DefaultSelection::$entityTypeManager protected property The entity type manager service.
DefaultSelection::$moduleHandler protected property The module handler service.
DefaultSelection::buildConfigurationForm public function Form constructor. Overrides SelectionPluginBase::buildConfigurationForm 3
DefaultSelection::create public static function Creates an instance of the plugin. Overrides ContainerFactoryPluginInterface::create 2
DefaultSelection::defaultConfiguration public function Gets default configuration for this plugin. Overrides SelectionPluginBase::defaultConfiguration 3
DefaultSelection::elementValidateFilter public static function Form element validation handler; Filters the #value property of an element.
DefaultSelection::reAlterQuery protected function Helper method: Passes a query to the alteration system again.
DefaultSelection::validateConfigurationForm public function Form validation handler. Overrides SelectionPluginBase::validateConfigurationForm
DefaultSelection::__construct public function Constructs a new DefaultSelection object. Overrides SelectionPluginBase::__construct 1
SelectionPluginBase::calculateDependencies public function Calculates dependencies for the configured plugin. Overrides DependentPluginInterface::calculateDependencies
SelectionPluginBase::getConfiguration public function Gets this plugin's configuration. Overrides ConfigurableInterface::getConfiguration
SelectionPluginBase::setConfiguration public function Sets the configuration for this plugin instance. Overrides ConfigurableInterface::setConfiguration
SelectionPluginBase::submitConfigurationForm public function Form submission handler. Overrides PluginFormInterface::submitConfigurationForm

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.