Issue #3458767: Replace node grants for "public" and "community" visibilities

modules/social_features/social_node/social_node.module

@@ -7,7 +7,6 @@
 
 use Drupal\Core\Database\Query\AlterableInterface;
 use Drupal\Core\Database\Query\SelectInterface;
-use Drupal\node\NodeInterface;
 use Drupal\social_node\Entity\Node;
 use Drupal\social_node\QueryAccess\NodeEntityQueryAlter;
 use Drupal\social_node\SocialNodeForm;
@@ -46,29 +45,6 @@ function social_node_social_tagging_type(): string {
   return 'node';
 }
 
-/**
- * Implements hook_node_access_records_alter().
- */
-function social_node_node_access_records_alter(array &$grants, NodeInterface $node): void {
-  if (
-    !$node->hasField('field_content_visibility') ||
-    $node->get('field_content_visibility')->isEmpty()
-  ) {
-    return;
-  }
-
-  $visibility = $node->get('field_content_visibility')->getString();
-
-  if ($visibility !== 'public') {
-    // Remove "view" realm for all visibility options except "public".
-    foreach ($grants as &$grant) {
-      if ($grant['realm'] === 'gnode_anonymous') {
-        $grant['grant_view'] = 0;
-      }
-    }
-  }
-}
-
 /**
  * Implements hook_query_TAG_alter() for "node_access".
  */

modules/social_features/social_node/social_node.services.yml

@@ -5,3 +5,8 @@ services:
       - '@session.flash_bag'
       - '@page_cache_kill_switch'
       - '@module_handler'
+
+  Drupal\social_node\EventSubscriber\NodeQueryAccessAlterSubscriber:
+    arguments: ['@entity_field.manager']
+    tags:
+      - { name: event_subscriber }

modules/social_features/social_node/src/EventSubscriber/NodeQueryAccessAlterSubscriber.php

@@ -0,0 +1,83 @@
+<?php
+
+declare(strict_types=1);
+
+namespace Drupal\social_node\EventSubscriber;
+
+use Drupal\Core\Entity\EntityFieldManagerInterface;
+use Drupal\field\Entity\FieldStorageConfig;
+use Drupal\social_node\Event\NodeQueryAccessEvent;
+use Drupal\social_node\Event\SocialNodeEvents;
+use Drupal\social_node\SocialNodeQueryAccessAlterInterface;
+
+/**
+ * Alters query access for node type entity.
+ */
+class NodeQueryAccessAlterSubscriber implements SocialNodeQueryAccessAlterInterface {
+
+  /**
+   * Constructs NodeQueryAccessAlterSubscriber.
+   *
+   * @param \Drupal\Core\Entity\EntityFieldManagerInterface $entityFieldManager
+   *   The entity field manager.
+   */
+  public function __construct(
+    private readonly EntityFieldManagerInterface $entityFieldManager,
+  ) {}
+
+  /**
+   * {@inheritdoc}
+   */
+  public static function getSubscribedEvents(): array {
+    $events[SocialNodeEvents::NODE_QUERY_ACCESS_ALTER][] = ['alterQueryAccess'];
+    return $events;
+  }
+
+  /**
+   * {@inheritdoc}
+   */
+  public function alterQueryAccess(NodeQueryAccessEvent $event): void {
+    $fields = $this->entityFieldManager->getFieldStorageDefinitions('node');
+    if (!isset($fields['field_content_visibility'])) {
+      return;
+    }
+
+    /** @var \Drupal\field\Entity\FieldStorageConfig $field */
+    $field_storage = $fields['field_content_visibility'];
+
+    // Gets allowed values from function if exists.
+    $function = $field_storage->getSetting('allowed_values_function');
+    $visibilities = !empty($function)
+      ? array_keys((array) $function($field_storage))
+      : array_keys((array) $field_storage->getSetting('allowed_values'));
+
+    if (empty($visibilities)) {
+      return;
+    }
+
+    $target_visibilities = array_intersect(['public', 'community'], $visibilities);
+
+    $account = $event->account();
+    $or = $event->getConditions();
+
+    $node_table = $event->ensureNodeDataTable();
+    $visibility_table = $event->ensureNodeFieldTableJoin('field_content_visibility');
+
+    // Get all node types where we have visibility field.
+    $field_storage = FieldStorageConfig::loadByName('node', 'field_content_visibility');
+    $bundles = $field_storage->getBundles();
+
+    foreach ($bundles as $bundle) {
+      foreach ($target_visibilities as $visibility) {
+        if ($account->hasPermission("view node.$bundle.field_content_visibility:$visibility content")) {
+          $or->condition(
+            $event->query()->andConditionGroup()
+              ->condition("$node_table.type", $bundle)
+              ->condition("$visibility_table.field_content_visibility_value", $visibility)
+          );
+        }
+      }
+    }
+  }
+
+}