function CommentSelection::entityQueryAlter

Overrides SelectionPluginBase::entityQueryAlter

File

core/modules/comment/src/Plugin/EntityReferenceSelection/CommentSelection.php, line 68

Class

CommentSelection

Provides specific access control for the comment entity type.

Namespace

Code

public function entityQueryAlter(SelectInterface $query) {
    parent::entityQueryAlter($query);
    $tables = $query->getTables();
    $data_table = 'comment_field_data';
    if (!isset($tables['comment_field_data']['alias'])) {
        // If no conditions join against the comment data table, it should be
        // joined manually to allow node access processing.
        $query->innerJoin($data_table, NULL, "base_table.cid = {$data_table}.cid AND {$data_table}.default_langcode = 1");
    }
    // The Comment module doesn't implement any proper comment access,
    // and as a consequence doesn't make sure that comments cannot be viewed
    // when the user doesn't have access to the node.
    $node_alias = $query->innerJoin('node_field_data', 'n', '%alias.nid = ' . $data_table . '.entity_id AND ' . $data_table . ".entity_type = 'node'");
    // Pass the query to the node access control.
    $this->reAlterQuery($query, 'node_access', $node_alias);
    // Passing the query to node_query_node_access_alter() is sadly
    // insufficient for nodes.
    // @see \Drupal\node\Plugin\EntityReferenceSelection\NodeSelection::buildEntityQuery()
    if (!$this->currentUser
        ->hasPermission('bypass node access') && !count($this->moduleHandler
        ->getImplementations('node_grants'))) {
        $query->condition($node_alias . '.status', 1);
    }
}