gabesullice/entity_access_policies

该软件包最新版本(dev-master)没有可用的许可证信息。

为任何实体提供自定义访问策略

维护者

详细信息

github.com/gabesullice/entity_access_policies

源代码

问题

安装: 40

依赖项: 1

建议者: 0

安全: 0

星标: 0

关注者: 1

分支: 1

开放问题: 0

类型:drupal-module

dev-master 2017-06-21 16:43 UTC

Unknown License 31f74cb08093619f182ab8a1884409af996ad739

This package is not auto-updated.

Last update: 2024-09-15 04:42:00 UTC

README

实体访问策略允许您为任何Drupal 8实体类型表达细粒度的访问控制规则。

概念很简单。您将您的实体置于锁定状态。

警告:这是一个 alpha 软件版本。实际上,这里的理念正在Drupal.org上积极讨论,许多人都提出了很多有见地的想法。这是一个实验性的实现,可能会发生变化。

概述

受到 hook_node_grantshook_node_access_records 系统的启发,实体访问策略非常灵活,同时易于理解,不仅限于节点。

实体访问策略是插件,就像Drupal 8中的块。

您只需两个文件就可以定义自己的自定义访问策略

  1. 模块 info.yml
  2. 和位于 src/Plugin/entity_access_policies/Policy/YourCustomPolicy.php 的文件。

模块目录结构如下所示

custom_module/
  custom_module.info.yml
  src/
    Plugin/
      entity_access_policies/
        Policy/
          YourCustomPolicy.php

策略文件

策略文件非常简单,策略只是一个具有三个方法(getLocks()getKeys()applies())的类。

您还需要使用简单的注解告诉Drupal关于您的策略类。

以下是一个示例

<?php

namespace Drupal\custom_module\Plugin\entity_access_policies\Policy;

use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Session\AccountInterface;

// This just helps get you started. But you can make your own if you want.
use Drupal\entity_access_policies\Lock\DefaultLock; 

// Ditto!
use Drupal\entity_access_policies\Policy\PolicyBase; 

/**
 * @Policy(
 *   id = "your_custom_policy_name",
 *   label = @Translation("Your Human-readable Policy Name"),
 * )
 */
class YourCustomPolicy extends PolicyBase {

  /**
   * You can use this to limit your policy to a particular entity type or
   * bundle. This is here in case calculating your locks is really time
   * consuming.
   */
  public function applies(EntityInterface $entity) {
    return TRUE; // Apply this policy to all the things!
  }

  /**
   * Locks secure the entity actions you want to be controlled. When you give a
   * user a corresponding key (ID), that user will be able to "unlock" all the
   * operations you've specified from here. You can return as 
   */
  public function getLocks(EntityInterface $entity) {
    $lock = DefaultLock::create(
      999, // ID. This can be dynamic, it just has to be an integer.
      ['view', 'update', 'delete'], // Operations. You can do any or all of these.
      $entity->language(), // Language. We just want this to apply to the default langauge.
    );
    
    // Always return an array, other than that, you can return 0 or as many
    // locks as your heart desires.
    return [$lock];
  }

  /**
   * Keys "unlock" the operations you've allowed by creating locks above. Just
   * return a list of integer IDs that correspond to the locks you want to
   * "open" from above.
   */
  public function getKeys(AccountInterface $account) {
    if ($account->hasPermission('not_the_number_of_the_beast')) {
      return [999]; // Now, this user can open up the "lock" from above.
    }

    // Welp, this user didn't have the right permission, so they can't open
    // anything. They don't get _any_ keys.
    return [];
  }

}

"这没有我希望的那么简单" :(

等等,还有更多!如果您不想这么做,您可以不做任何事。其他模块可以为您创建这些插件。一个这样的例子是基于属性的访问策略模块。它允许您像这样在YAML中构建自己的策略

id: 'first_letter_is_a'
entity_types: ['node']
operations: ['view', 'delete']
entity_condition:
  members:
  - type: condition
    property: 'title.0.value'
    operator: 'STARTS_WITH'
    comparison: 'B'
user_condition:
  members:
  - type: condition
    property: 'name.0.value'
    operator: 'STARTS_WITH'
    comparison: 'a'

这将允许任何以 a 开头的用户查看或删除标题以 B 开头的节点。我不知道你为什么要这样做,但重点是 您可以

实体访问策略是一个新事物™,目前还没有大量预制的策略插件生态。所以,标出您的领土。构建您自己的,并使其可配置。然后告诉我关于它;)