Determines access to nodes based on node grants.
\Drupal\Core\Entity\EntityInterface $node: The entity for which to check 'create' access.
string $operation: The entity operation. Usually one of 'view', 'edit', 'create' or 'delete'.
string $langcode: The language code for which to check access.
\Drupal\Core\Session\AccountInterface $account: The user for which to check access.
bool|null TRUE if access was granted, FALSE if access was denied or NULL if no module implements hook_node_grants(), the node does not (yet) have an id or none of the implementing modules explicitly granted or denied access.
protected function accessGrants(EntityInterface $node, $operation, $langcode, AccountInterface $account) {
// If no module implements the hook or the node does not have an id there is
// no point in querying the database for access grants.
if (!module_implements('node_grants') || !$node
->id()) {
return;
}
// Check the database for potential access grants.
$query = db_select('node_access');
$query
->addExpression('1');
// Only interested for granting in the current operation.
$query
->condition('grant_' . $operation, 1, '>=');
// Check for grants for this node and the correct langcode.
$nids = db_and()
->condition('nid', $node
->id())
->condition('langcode', $langcode);
// If the node is published, also take the default grant into account. The
// default is saved with a node ID of 0.
$status = $node instanceof EntityNG ? $node->status : $node
->get('status', $langcode)->value;
if ($status) {
$nids = db_or()
->condition($nids)
->condition('nid', 0);
}
$query
->condition($nids);
$query
->range(0, 1);
$grants = db_or();
foreach (node_access_grants($operation, $account instanceof User ? $account
->getBCEntity() : $account) as $realm => $gids) {
foreach ($gids as $gid) {
$grants
->condition(db_and()
->condition('gid', $gid)
->condition('realm', $realm));
}
}
if (count($grants) > 0) {
$query
->condition($grants);
}
return $query
->execute()
->fetchField();
}