og.module

<?php

/**
 * @file
 * Enable users to create and manage groups with roles and permissions.
 */

use Drupal\Core\Access\AccessResult;
use Drupal\Core\Entity\ContentEntityInterface;
use Drupal\Core\Entity\EntityInterface;
use Drupal\Core\Entity\EntityTypeInterface;
use Drupal\Core\Field\BaseFieldDefinition;
use Drupal\Core\Session\AccountInterface;
use Drupal\og\Og;
use Drupal\og\OgGroupAudienceHelper;
use Drupal\user\EntityOwnerInterface;
use Drupal\user\UserInterface;

/**
 * Group default roles and permissions field.
 */
define('OG_DEFAULT_ACCESS_FIELD', 'og_roles_permissions');

/**
 * Implements hook_entity_insert().
 *
 * Subscribe the group manager.
 */
function og_entity_insert(EntityInterface $entity) {
  if (!Og::isGroup($entity->getEntityTypeId(), $entity->bundle())) {
    // Not a group entity.
    return;
  }

  if (!$entity instanceof EntityOwnerInterface) {
    return;
  }

  if (!$entity->getOwner()) {
    // User is anonymous, se we cannot set a membership for them.
    return;
  }

  $membership = Og::createMembership($entity, $entity->getOwner());
  $membership->save();
}

/**
 * Implements hook_entity_predelete().
 */
function og_entity_predelete(EntityInterface $entity) {
  if (Og::isGroup($entity->getEntityTypeId(), $entity->bundle())) {
    // Register orphaned group content for deletion, if this option has been
    // enabled.
    $config = \Drupal::config('og.settings');
    if ($config->get('delete_orphans')) {
      $plugin_id = $config->get('delete_orphans_plugin_id');
      /** @var \Drupal\og\OgDeleteOrphansInterface $plugin */
      $plugin = \Drupal::service('plugin.manager.og.delete_orphans')->createInstance($plugin_id, []);
      $plugin->register($entity);
    }

    // @todo Delete user roles.
    // @see https://github.com/amitaibu/og/issues/175
    // og_delete_user_roles_by_group($entity_type, $entity);
  }
  if ($entity instanceof UserInterface) {
    // @todo Delete memberships when deleting users.
    // @see https://github.com/amitaibu/og/issues/176
  }
}

/**
 * Implements hook_entity_access().
 */
function og_entity_access(EntityInterface $entity, $operation, AccountInterface $account) {
  // We only care about content entities that are groups or group content.
  if (!$entity instanceof ContentEntityInterface) {
    return AccessResult::neutral();
  }

  if ($operation == 'view') {
    return AccessResult::neutral();
  }

  $entity_type_id = $entity->getEntityTypeId();
  $bundle_id = $entity->bundle();

  if (!Og::isGroup($entity_type_id, $bundle_id) && !Og::isGroupContent($entity_type_id, $bundle_id)) {
    return AccessResult::neutral();
  }

  // If the user has permission to administer all groups, allow access.
  if ($account->hasPermission('administer group')) {
    return AccessResult::allowed();
  }

  /** @var \Drupal\Core\Access\AccessResult $access */
  $access = \Drupal::service('og.access')->userAccessEntity($operation, $entity, $account);

  if ($access->isAllowed()) {
    return $access;
  }

  if ($entity_type_id == 'node') {
    $node_access_strict = \Drupal::config('og.settings')->get('node_access_strict');

    // Otherwise, ignore or deny based on whether strict node access is set.
    return AccessResult::forbiddenIf($node_access_strict);
  }

  return AccessResult::forbidden();
}

/**
 * Implements hook_entity_create_access().
 */
function og_entity_create_access(AccountInterface $account, array $context, $bundle) {
  $entity_type_id = $context['entity_type_id'];

  if (!Og::isGroupContent($entity_type_id, $bundle)) {
    // Not a group content.
    return AccessResult::neutral();
  }

  $access_result = AccessResult::allowedIfHasPermission($account, 'administer group');
  if ($access_result->isAllowed()) {
    return $access_result;
  }

  $node_access_strict = \Drupal::config('og.settings')->get('node_access_strict');
  if ($entity_type_id == 'node' && !$node_access_strict && $account->hasPermission("create $bundle content")) {
    // The user has the core permission and strict node access is not set.
    return AccessResult::neutral();
  }

  // We can't check if user has create permissions, as there is no group
  // context. However, we can check if there are any groups the user will be
  // able to select, and if not, we don't allow access but if there are,
  // AccessResult::neutral() will be returned in order to not override other
  // access results.
  // @see \Drupal\og\Plugin\EntityReferenceSelection\OgSelection::buildEntityQuery()
  $required = FALSE;

  $field_definitions = \Drupal::service('entity_field.manager')->getFieldDefinitions($entity_type_id, $bundle);
  foreach ($field_definitions as $field_name => $field_definition) {
    /** @var \Drupal\Core\Field\FieldDefinitionInterface $field_definition */
    if (!OgGroupAudienceHelper::isGroupAudienceField($field_definition)) {
      continue;
    }

    $handler = Og::getSelectionHandler($field_definition);

    if ($handler->getReferenceableEntities()) {
      return AccessResult::neutral();
    }

    // Allow users to create content outside of groups, if none of the
    // audience fields is required.
    $required = $field_definition->isRequired();
  }

  // Otherwise, ignore or deny based on whether strict entity access is set.
  return $required ? AccessResult::forbiddenIf($node_access_strict) : AccessResult::neutral();
}

/**
 * Implements hook_entity_bundle_field_info().
 *
 * Add a read only property to group entities as a group flag.
 */
function og_entity_bundle_field_info(EntityTypeInterface $entity_type, $bundle, array $base_field_definitions) {
  if (!Og::isGroup($entity_type->id(), $bundle)) {
    // Not a group type.
    return NULL;
  }

  $fields = [];
  $fields['og_group'] = BaseFieldDefinition::create('og_group')
    ->setLabel(t('OG Group'))
    ->setComputed(TRUE)
    ->setTranslatable(FALSE)
    ->setDefaultValue(TRUE)
    ->setReadOnly(TRUE);

  return $fields;
}

/**
 * Implements hook_entity_bundle_field_info_alter().
 *
 * Set the default field formatter of fields of type OG group.
 */
function og_entity_bundle_field_info_alter(&$fields, EntityTypeInterface $entity_type, $bundle) {
  if (!isset($fields['og_group'])) {
    // No OG group fields.
    return;
  }

  $fields['og_group']->setDisplayOptions('view', [
    'weight' => 0,
    'type' => 'og_group_subscribe',
  ])->setDisplayConfigurable('view', TRUE);
}

/**
 * Implements hook_field_formatter_info_alter().
 *
 * Allow OG audience fields to have entity reference formatters.
 */
function og_field_formatter_info_alter(array &$info) {
  foreach (array_keys($info) as $key) {
    if (!in_array('entity_reference', $info[$key]['field_types'])) {
      // Not an entity reference formatter.
      continue;
    }

    $info[$key]['field_types'][] = OgGroupAudienceHelper::GROUP_REFERENCE;
  }
}

/**
 * Implements hook_field_widget_info_alter().
 */
function og_field_widget_info_alter(array &$info) {
  $info['options_buttons']['field_types'][] = OgGroupAudienceHelper::GROUP_REFERENCE;
}

/**
 * Implements hook_entity_type_alter().
 *
 * Add link template to groups. We add it to all the entity types, and later on
 * return the correct access, depending if the bundle is indeed a group and
 * accessible. We do not filter here the entity type by groups, so whenever
 * GroupTypeManager::addGroup is called, it's enough to mark route to be rebuilt
 * via RouteBuilder::setRebuildNeeded.
 */
function og_entity_type_alter(array &$entity_types) {
  /** @var \Drupal\Core\Entity\EntityTypeInterface $entity_type */
  foreach ($entity_types as $entity_type_id => $entity_type) {
    $entity_type->setLinkTemplate('og-admin-routes', "/group/$entity_type_id/{{$entity_type_id}}/admin");
  }
}