1 |
85ad3d82
|
Assos Assos
|
<?php
|
2 |
|
|
|
3 |
|
|
/**
|
4 |
|
|
* @file Content access administration UI.
|
5 |
|
|
*/
|
6 |
|
|
|
7 |
|
|
/**
|
8 |
|
|
* Specifies the threshold until we try to mass update node grants immediately.
|
9 |
|
|
*/
|
10 |
|
|
define('CONTENT_ACCESS_MASS_UPDATE_THRESHOLD', 1000);
|
11 |
|
|
|
12 |
|
|
/**
|
13 |
|
|
* Per node settings page.
|
14 |
|
|
*/
|
15 |
|
|
function content_access_page($form, &$form_state, $node) {
|
16 |
|
|
drupal_set_title(t('Access control for @title', array('@title' => $node->title)));
|
17 |
|
|
|
18 |
|
|
foreach (_content_access_get_operations() as $op => $label) {
|
19 |
|
|
$defaults[$op] = content_access_per_node_setting($op, $node);
|
20 |
|
|
}
|
21 |
|
|
|
22 |
|
|
// Get roles form
|
23 |
|
|
content_access_role_based_form($form, $defaults, $node->type);
|
24 |
|
|
|
25 |
|
|
// Add an after_build handler that disables checkboxes, which are enforced by permissions.
|
26 |
|
|
$form['per_role']['#after_build'] = array('content_access_force_permissions');
|
27 |
|
|
|
28 |
|
|
// ACL form
|
29 |
|
|
if (module_exists('acl')) {
|
30 |
|
|
// This is disabled when there is no node passed.
|
31 |
|
|
$form['acl'] = array(
|
32 |
|
|
'#type' => 'fieldset',
|
33 |
|
|
'#title' => t('User access control lists'),
|
34 |
|
|
'#description' => t('These settings allow you to grant access to specific users.'),
|
35 |
|
|
'#collapsible' => TRUE,
|
36 |
|
|
'#tree' => TRUE,
|
37 |
|
|
);
|
38 |
|
|
|
39 |
|
|
foreach (array('view', 'update', 'delete') as $op) {
|
40 |
|
|
$acl_id = content_access_get_acl_id($node, $op);
|
41 |
|
|
acl_node_add_acl($node->nid, $acl_id, (int) ($op == 'view'), (int) ($op == 'update'), (int) ($op == 'delete'), content_access_get_settings('priority', $node->type));
|
42 |
|
|
|
43 |
|
|
$form['acl'][$op] = acl_edit_form($form_state, $acl_id, t('Grant !op access', array('!op' => $op)));
|
44 |
|
|
$form['acl'][$op]['#collapsed'] = !isset($_POST['acl_' . $acl_id]) && !unserialize($form['acl'][$op]['user_list']['#default_value']);
|
45 |
|
|
}
|
46 |
|
|
}
|
47 |
|
|
|
48 |
|
|
$form_state['node'] = $node;
|
49 |
|
|
|
50 |
|
|
$form['reset'] = array(
|
51 |
|
|
'#type' => 'submit',
|
52 |
|
|
'#value' => t('Reset to defaults'),
|
53 |
|
|
'#weight' => 10,
|
54 |
|
|
'#submit' => array('content_access_page_reset'),
|
55 |
|
|
'#access' => count(content_access_get_per_node_settings($node)) > 0,
|
56 |
|
|
);
|
57 |
|
|
$form['submit'] = array(
|
58 |
|
|
'#type' => 'submit',
|
59 |
|
|
'#value' => t('Submit'),
|
60 |
|
|
'#weight' => 10,
|
61 |
|
|
);
|
62 |
|
|
|
63 |
|
|
// @todo not true anymore?
|
64 |
|
|
// http://drupal.org/update/modules/6/7#hook_node_access_records
|
65 |
|
|
if (!$node->status) {
|
66 |
|
|
drupal_set_message(t("Warning: Your content is not published, so this settings are not taken into account as long as the content remains unpublished."), 'error');
|
67 |
|
|
}
|
68 |
|
|
|
69 |
|
|
return $form;
|
70 |
|
|
}
|
71 |
|
|
|
72 |
|
|
/**
|
73 |
|
|
* Submit callback for content_access_page().
|
74 |
|
|
*/
|
75 |
|
|
function content_access_page_submit($form, &$form_state) {
|
76 |
|
|
$settings = array();
|
77 |
|
|
$node = $form_state['node'];
|
78 |
|
|
|
79 |
|
|
foreach (_content_access_get_operations() as $op => $label) {
|
80 |
|
|
// Set the settings so that further calls will return this settings.
|
81 |
|
|
$settings[$op] = array_keys(array_filter($form_state['values'][$op]));
|
82 |
|
|
}
|
83 |
|
|
|
84 |
|
|
// Save per-node settings.
|
85 |
|
|
content_access_save_per_node_settings($node, $settings);
|
86 |
|
|
|
87 |
|
|
if (module_exists('acl')) {
|
88 |
|
|
foreach (array('view', 'update', 'delete') as $op) {
|
89 |
|
|
acl_save_form($form_state['values']['acl'][$op]);
|
90 |
|
|
module_invoke_all('user_acl', $settings);
|
91 |
|
|
}
|
92 |
|
|
}
|
93 |
|
|
|
94 |
|
|
// Apply new settings.
|
95 |
|
|
node_access_acquire_grants($node);
|
96 |
|
|
|
97 |
|
|
module_invoke_all('per_node', $settings);
|
98 |
|
|
|
99 |
|
|
drupal_set_message(t('Your changes have been saved.'));
|
100 |
|
|
}
|
101 |
|
|
|
102 |
|
|
/**
|
103 |
|
|
* Submit callback for reset on content_access_page().
|
104 |
|
|
*/
|
105 |
|
|
function content_access_page_reset($form, &$form_state) {
|
106 |
|
|
content_access_delete_per_node_settings($form_state['node']);
|
107 |
|
|
node_access_acquire_grants($form_state['node']);
|
108 |
|
|
|
109 |
|
|
drupal_set_message(t('The permissions have been reseted to the content type defaults.'));
|
110 |
|
|
}
|
111 |
|
|
|
112 |
|
|
/**
|
113 |
|
|
* Per content type settings form.
|
114 |
|
|
*/
|
115 |
|
|
function content_access_admin_settings($form, &$form_state, $content_type) {
|
116 |
|
|
$type = $content_type->type;
|
117 |
|
|
|
118 |
|
|
$form_state['type'] = $type;
|
119 |
|
|
|
120 |
|
|
// Add role based per content type settings
|
121 |
|
|
$defaults = array();
|
122 |
|
|
foreach (_content_access_get_operations() as $op => $label) {
|
123 |
|
|
$defaults[$op] = content_access_get_settings($op, $type);
|
124 |
|
|
}
|
125 |
|
|
content_access_role_based_form($form, $defaults, $type);
|
126 |
|
|
|
127 |
|
|
// Per node:
|
128 |
|
|
$form['node'] = array(
|
129 |
|
|
'#type' => 'fieldset',
|
130 |
|
|
'#title' => t('Per content node access control settings'),
|
131 |
|
|
'#collapsible' => TRUE,
|
132 |
|
|
'#description' => t('Optionally you can enable per content node access control settings. If enabled, a new tab for the content access settings appears when viewing content. You have to configure permission to access these settings at the !permissions page.', array('!permissions' => l(t('permissions'), 'admin/people/permissions'))),
|
133 |
|
|
);
|
134 |
|
|
$form['node']['per_node'] = array(
|
135 |
|
|
'#type' => 'checkbox',
|
136 |
|
|
'#title' => t('Enable per content node access control settings'),
|
137 |
|
|
'#default_value' => content_access_get_settings('per_node', $type),
|
138 |
|
|
);
|
139 |
|
|
|
140 |
|
|
$form['advanced'] = array(
|
141 |
|
|
'#type' => 'fieldset',
|
142 |
|
|
'#title' => t('Advanced'),
|
143 |
|
|
'#collapsible' => TRUE,
|
144 |
|
|
'#collapsed' => TRUE,
|
145 |
|
|
);
|
146 |
|
|
$form['advanced']['priority'] = array(
|
147 |
|
|
'#type' => 'weight',
|
148 |
|
|
'#title' => t('Give content node grants priority'),
|
149 |
|
|
'#default_value' => content_access_get_settings('priority', $type),
|
150 |
|
|
'#description' => t('If you are only using this access control module, you can safely ignore this. If you are using multiple access control modules you can adjust the priority of this module.'),
|
151 |
|
|
);
|
152 |
|
|
$form['submit'] = array(
|
153 |
|
|
'#type' => 'submit',
|
154 |
|
|
'#value' => t('Submit'),
|
155 |
|
|
'#weight' => 10,
|
156 |
|
|
);
|
157 |
|
|
|
158 |
|
|
return $form;
|
159 |
|
|
}
|
160 |
|
|
|
161 |
|
|
/**
|
162 |
|
|
* Submit handler for per content type settings form.
|
163 |
|
|
*/
|
164 |
|
|
function content_access_admin_settings_submit($form, &$form_state) {
|
165 |
|
|
$roles_permissions = user_role_permissions(user_roles());
|
166 |
|
|
$permissions = user_permission_get_modules();
|
167 |
|
|
$type = $form_state['type'];
|
168 |
|
|
|
169 |
|
|
// Remove disabled modules permissions, so they can't raise exception
|
170 |
|
|
// in content_access_save_permissions()
|
171 |
|
|
foreach ($roles_permissions as $rid => $role_permissions) {
|
172 |
|
|
foreach ($role_permissions as $permission => $value) {
|
173 |
|
|
if (!array_key_exists($permission, $permissions)) {
|
174 |
|
|
unset($roles_permissions[$rid][$permission]);
|
175 |
|
|
}
|
176 |
|
|
}
|
177 |
|
|
}
|
178 |
|
|
|
179 |
|
|
foreach (array('update', 'update_own', 'delete', 'delete_own') as $op) {
|
180 |
|
|
foreach ($form_state['values'][$op] as $rid => $value) {
|
181 |
|
|
$permission = content_access_get_permission_by_op($op, $form_state['type']);
|
182 |
|
|
if ($value) {
|
183 |
|
|
$roles_permissions[$rid][$permission] = TRUE;
|
184 |
|
|
}
|
185 |
|
|
else {
|
186 |
|
|
$roles_permissions[$rid][$permission] = FALSE;
|
187 |
|
|
}
|
188 |
|
|
}
|
189 |
|
|
// Don't save the setting, so its default value (get permission) is applied
|
190 |
|
|
// always.
|
191 |
|
|
unset($form_state['values'][$op]);
|
192 |
|
|
}
|
193 |
|
|
content_access_save_permissions($roles_permissions);
|
194 |
|
|
|
195 |
|
|
// Update content access settings
|
196 |
|
|
$settings = content_access_get_settings('all', $type);
|
197 |
|
|
foreach (content_access_available_settings() as $setting) {
|
198 |
|
|
if (isset($form_state['values'][$setting])) {
|
199 |
|
|
$settings[$setting] = is_array($form_state['values'][$setting]) ? array_keys(array_filter($form_state['values'][$setting])) : $form_state['values'][$setting];
|
200 |
|
|
}
|
201 |
|
|
}
|
202 |
|
|
content_access_set_settings($settings, $type);
|
203 |
|
|
|
204 |
|
|
// Mass update the nodes, but only if necessary.
|
205 |
|
|
if (content_access_get_settings('per_node', $type) ||
|
206 |
|
|
content_access_get_settings('view', $type) != $form['per_role']['view']['#default_value'] ||
|
207 |
|
|
content_access_get_settings('view_own', $type) != $form['per_role']['view_own']['#default_value'] ||
|
208 |
|
|
content_access_get_settings('priority', $type) != $form['advanced']['priority']['#default_value'] ||
|
209 |
|
|
content_access_get_settings('per_node', $type) != $form['node']['per_node']['#default_value']
|
210 |
|
|
) {
|
211 |
|
|
|
212 |
|
|
// If per node has been disabled and we use the ACL integration, we have to remove possible ACLs now.
|
213 |
|
|
if (!content_access_get_settings('per_node', $type) && $form['node']['per_node']['#default_value'] && module_exists('acl')) {
|
214 |
|
|
_content_access_remove_acls($type);
|
215 |
|
|
}
|
216 |
|
|
|
217 |
|
|
if (content_access_mass_update(array($type))) {
|
218 |
|
|
drupal_set_message(t('Permissions have been successfully rebuilt for the content type @types.', array('@types' => node_type_get_name($type))));
|
219 |
|
|
}
|
220 |
|
|
}
|
221 |
|
|
|
222 |
|
|
drupal_set_message(t('Your changes have been saved.'));
|
223 |
|
|
}
|
224 |
|
|
|
225 |
|
|
/**
|
226 |
|
|
* Mass updates node access records for nodes of the given types.
|
227 |
|
|
* @param $types
|
228 |
|
|
* An array of content type names.
|
229 |
|
|
* @return
|
230 |
|
|
* Whether the operation has been processed successfully (TRUE) or postponed (FALSE).
|
231 |
|
|
*/
|
232 |
|
|
function content_access_mass_update($types) {
|
233 |
|
|
$q = db_select('node', 'n')
|
234 |
|
|
->fields('n', array('nid'))
|
235 |
|
|
->condition('n.type', $types, 'IN');
|
236 |
|
|
|
237 |
|
|
$count = $q->countQuery()->execute()->fetchField();
|
238 |
|
|
|
239 |
|
|
node_access_needs_rebuild(TRUE);
|
240 |
|
|
|
241 |
|
|
// If there not too much nodes affected, try to do it.
|
242 |
|
|
if ($count <= CONTENT_ACCESS_MASS_UPDATE_THRESHOLD) {
|
243 |
|
|
$records = $q->execute();
|
244 |
|
|
foreach ($records as $node) {
|
245 |
|
|
node_access_acquire_grants(node_load($node->nid));
|
246 |
|
|
}
|
247 |
|
|
|
248 |
|
|
cache_clear_all();
|
249 |
|
|
node_access_needs_rebuild(FALSE);
|
250 |
|
|
return TRUE;
|
251 |
|
|
}
|
252 |
|
|
return FALSE;
|
253 |
|
|
}
|
254 |
|
|
|
255 |
|
|
/**
|
256 |
|
|
* Saves the given permissions by role to the database.
|
257 |
|
|
*/
|
258 |
|
|
function content_access_save_permissions($roles_permissions) {
|
259 |
|
|
foreach ($roles_permissions as $rid => $permissions) {
|
260 |
|
|
user_role_change_permissions($rid, $permissions);
|
261 |
|
|
}
|
262 |
|
|
}
|
263 |
|
|
|
264 |
|
|
/**
|
265 |
|
|
* Builds the role based permission form for the given defaults.
|
266 |
|
|
*
|
267 |
|
|
* @param $defaults
|
268 |
|
|
* Array of defaults for all operations.
|
269 |
|
|
*/
|
270 |
|
|
function content_access_role_based_form(&$form, $defaults = array(), $type = NULL) {
|
271 |
|
|
$form['per_role'] = array(
|
272 |
|
|
'#type' => 'fieldset',
|
273 |
|
|
'#title' => t('Role based access control settings'),
|
274 |
|
|
'#collapsible' => TRUE,
|
275 |
|
|
'#description' => t('Note that users need at least the %access_content permission to be able to deal in any way with content.', array('%access_content' => t('access content'))) .
|
276 |
|
|
' ' . t('Furthermore note that content which is not @published is treated in a different way by drupal: It can be viewed only by its author or users with the %administer_nodes permission.', array('@published' => t('published'), '%administer_nodes' => t('administer nodes'))),
|
277 |
|
|
);
|
278 |
|
|
|
279 |
|
|
$operations = _content_access_get_operations($type);
|
280 |
|
|
$roles = array_map('filter_xss_admin', user_roles());
|
281 |
|
|
foreach ($operations as $op => $label) {
|
282 |
|
|
// Make sure defaults are set properly
|
283 |
|
|
$defaults += array($op => array());
|
284 |
|
|
|
285 |
|
|
$form['per_role'][$op] = array('#type' => 'checkboxes',
|
286 |
|
|
'#prefix' => '<div class="content_access-div">',
|
287 |
|
|
'#suffix' => '</div>',
|
288 |
|
|
'#options' => $roles,
|
289 |
|
|
'#title' => $label,
|
290 |
|
|
'#default_value' => $defaults[$op],
|
291 |
|
|
'#process' => array('form_process_checkboxes', 'content_access_disable_checkboxes'),
|
292 |
|
|
);
|
293 |
|
|
}
|
294 |
|
|
|
295 |
|
|
$form['per_role']['clearer'] = array(
|
296 |
|
|
'#value' => '<br clear="all" />',
|
297 |
|
|
);
|
298 |
|
|
|
299 |
|
|
drupal_add_css(drupal_get_path('module', 'content_access') . '/content_access.css');
|
300 |
|
|
|
301 |
|
|
return $form;
|
302 |
|
|
}
|
303 |
|
|
|
304 |
|
|
/**
|
305 |
|
|
* Formapi #after_build callback, that disables checkboxes for roles without access to content.
|
306 |
|
|
*/
|
307 |
|
|
function content_access_force_permissions($element, &$form_state) {
|
308 |
|
|
foreach (array('update', 'update_own', 'delete', 'delete_own') as $op) {
|
309 |
|
|
foreach (content_access_get_settings($op, $form_state['node']->type) as $rid) {
|
310 |
|
|
$element[$op][$rid]['#disabled'] = TRUE;
|
311 |
|
|
$element[$op][$rid]['#attributes']['disabled'] = 'disabled';
|
312 |
|
|
$element[$op][$rid]['#value'] = TRUE;
|
313 |
|
|
$element[$op][$rid]['#checked'] = TRUE;
|
314 |
|
|
$element[$op][$rid]['#prefix'] = '<span' . drupal_attributes(array('title' => t("Permission is granted due to the content type's access control settings."))) . '>';
|
315 |
|
|
$element[$op][$rid]['#suffix'] = "</span>";
|
316 |
|
|
}
|
317 |
|
|
}
|
318 |
|
|
return $element;
|
319 |
|
|
}
|
320 |
|
|
|
321 |
|
|
/**
|
322 |
|
|
* Submit callback for the user permissions form.
|
323 |
|
|
* Trigger changes to node permissions to rebuild our grants.
|
324 |
|
|
*/
|
325 |
|
|
function content_access_user_admin_perm_submit($form, $form_state) {
|
326 |
|
|
// Check for each content type, which has per node access activated
|
327 |
|
|
// whether permissions have been changed.
|
328 |
|
|
$types = array();
|
329 |
|
|
foreach (array_filter(content_access_get_settings('per_node')) as $type => $value) {
|
330 |
|
|
foreach (_content_access_get_node_permissions($type) as $perm) {
|
331 |
|
|
foreach (user_roles() as $rid => $role) {
|
332 |
|
|
if (isset($form_state['values'][$rid]) && in_array($perm, $form['checkboxes'][$rid]['#default_value']) != in_array($perm, $form_state['values'][$rid])) {
|
333 |
|
|
//permission changed!
|
334 |
|
|
$types[$type] = node_get_types('name', $type);
|
335 |
|
|
continue 2;
|
336 |
|
|
}
|
337 |
|
|
}
|
338 |
|
|
}
|
339 |
|
|
}
|
340 |
|
|
if ($types && content_access_mass_update(array_keys($types))) {
|
341 |
|
|
drupal_set_message(format_plural(count($types),
|
342 |
|
|
'Permissions have been successfully rebuilt for the content type @types.',
|
343 |
|
|
'Permissions have been successfully rebuilt for the content types @types.',
|
344 |
|
|
array('@types' => implode(', ', $types))
|
345 |
|
|
));
|
346 |
|
|
}
|
347 |
|
|
} |