summaryrefslogtreecommitdiffstats
path: root/core/modules/node/src/NodeGrantDatabaseStorageInterface.php
blob: 329d9a104964db65216366a4afe6d3b80339e4b3 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
<?php

namespace Drupal\node;

use Drupal\Core\Session\AccountInterface;

/**
 * Provides an interface for node access grant storage.
 *
 * @ingroup node_access
 */
interface NodeGrantDatabaseStorageInterface {

  /**
   * Checks all grants for a given account.
   *
   * @param \Drupal\Core\Session\AccountInterface $account
   *   A user object representing the user for whom the operation is to be
   *   performed.
   *
   * @return int
   *   Status of the access check.
   */
  public function checkAll(AccountInterface $account);

  /**
   * Alters a query when node access is required.
   *
   * @param mixed $query
   *   Query that is being altered.
   * @param array $tables
   *   A list of tables that need to be part of the alter.
   * @param string $op
   *   The operation to be performed on the node. Possible values are:
   *   - "view"
   *   - "update"
   *   - "delete"
   *   - "create"
   * @param \Drupal\Core\Session\AccountInterface $account
   *   A user object representing the user for whom the operation is to be
   *   performed.
   * @param string $base_table
   *   The base table of the query.
   *
   * @return int
   *   Status of the access check.
   */
  public function alterQuery($query, array $tables, $op, AccountInterface $account, $base_table);

  /**
   * Writes a list of grants to the database, deleting previously saved ones.
   *
   * If a realm is provided, it will only delete grants from that realm, but
   * it will always delete a grant from the 'all' realm. Modules that use
   * node access can use this method when doing mass updates due to widespread
   * permission changes.
   *
   * Note: Don't call this method directly from a contributed module. Call
   * \Drupal\node\NodeAccessControlHandlerInterface::acquireGrants() instead.
   *
   * @param \Drupal\node\NodeInterface $node
   *   The node whose grants are being written.
   * @param array $grants
   *   A list of grants to write. Each grant is an array that must contain the
   *   following keys: realm, gid, grant_view, grant_update, grant_delete.
   *   The realm is specified by a particular module; the gid is as well, and
   *   is a module-defined id to define grant privileges. each grant_* field
   *   is a boolean value.
   * @param string $realm
   *   (optional) If provided, read/write grants for that realm only. Defaults to
   *   NULL.
   * @param bool $delete
   *   (optional) If false, does not delete records. This is only for optimization
   *   purposes, and assumes the caller has already performed a mass delete of
   *   some form. Defaults to TRUE.
   */
  public function write(NodeInterface $node, array $grants, $realm = NULL, $delete = TRUE);

  /**
   * Deletes all node access entries.
   */
  public function delete();

  /**
   * Creates the default node access grant entry.
   */
  public function writeDefault();

  /**
   * Determines access to nodes based on node grants.
   *
   * @param \Drupal\node\NodeInterface $node
   *   The entity for which to check 'create' access.
   * @param string $operation
   *   The entity operation. Usually one of 'view', 'edit', 'create' or
   *   'delete'.
   * @param \Drupal\Core\Session\AccountInterface $account
   *   The user for which to check access.
   *
   * @return \Drupal\Core\Access\AccessResultInterface
   *   The access result, either allowed or neutral. If there are no node
   *   grants, the default grant defined by writeDefault() is applied.
   *
   * @see hook_node_grants()
   * @see hook_node_access_records()
   * @see \Drupal\node\NodeGrantDatabaseStorageInterface::writeDefault()
   */
  public function access(NodeInterface $node, $operation, AccountInterface $account);

  /**
   * Counts available node grants.
   *
   * @return int
   *   Returns the amount of node grants.
   */
  public function count();

  /**
   * Remove the access records belonging to certain nodes.
   *
   * @param array $nids
   *   A list of node IDs. The grant records belonging to these nodes will be
   *   deleted.
   */
  public function deleteNodeRecords(array $nids);

}