1
|
<?php
|
2
|
|
3
|
/**
|
4
|
* @file
|
5
|
* Administrative interface for the Field Permissions module.
|
6
|
*/
|
7
|
|
8
|
/**
|
9
|
* Obtain the list of field permissions.
|
10
|
*
|
11
|
* @param $field_label
|
12
|
* The human readable name of the field to use when constructing permission
|
13
|
* names. Usually this will be derived from one or more of the field instance
|
14
|
* labels.
|
15
|
*/
|
16
|
function field_permissions_list($field_label = '') {
|
17
|
return array(
|
18
|
'create' => array(
|
19
|
'label' => t('Create field'),
|
20
|
'title' => t('Create own value for field %field', array('%field' => $field_label)),
|
21
|
),
|
22
|
'edit own' => array(
|
23
|
'label' => t('Edit own field'),
|
24
|
'title' => t('Edit own value for field %field', array('%field' => $field_label)),
|
25
|
),
|
26
|
'edit' => array(
|
27
|
'label' => t('Edit field'),
|
28
|
'title' => t("Edit anyone's value for field %field", array('%field' => $field_label)),
|
29
|
),
|
30
|
'view own' => array(
|
31
|
'label' => t('View own field'),
|
32
|
'title' => t('View own value for field %field', array('%field' => $field_label)),
|
33
|
),
|
34
|
'view' => array(
|
35
|
'label' => t('View field'),
|
36
|
'title' => t("View anyone's value for field %field", array('%field' => $field_label)),
|
37
|
),
|
38
|
);
|
39
|
}
|
40
|
|
41
|
/**
|
42
|
* Returns field permissions in a format suitable for use in hook_permission().
|
43
|
*
|
44
|
* @param $field
|
45
|
* The field to return permissions for.
|
46
|
* @param $label
|
47
|
* (optional) The human readable name of the field to use when constructing
|
48
|
* permission names; for example, this might be the label of one of the
|
49
|
* corresponding field instances. If not provided, an appropriate label will
|
50
|
* be automatically derived from all the field's instances.
|
51
|
*
|
52
|
* @return
|
53
|
* An array of permission information, suitable for use in hook_permission().
|
54
|
*/
|
55
|
function field_permissions_list_field_permissions($field, $label = NULL) {
|
56
|
$description = '';
|
57
|
|
58
|
// If there is no preferred label, construct one from all the instance
|
59
|
// labels.
|
60
|
if (!isset($label)) {
|
61
|
$labels = array();
|
62
|
foreach ($field['bundles'] as $entity_type => $bundles) {
|
63
|
foreach ($bundles as $bundle_name) {
|
64
|
$instance = field_info_instance($entity_type, $field['field_name'], $bundle_name);
|
65
|
$labels[] = $instance['label'];
|
66
|
}
|
67
|
}
|
68
|
// If all the instances have the same label, just use that. Otherwise, use
|
69
|
// the field name (with the full list of instance labels as the permission
|
70
|
// description).
|
71
|
$labels = array_unique($labels);
|
72
|
if (count($labels) == 1) {
|
73
|
$label = array_shift($labels);
|
74
|
}
|
75
|
else {
|
76
|
$label = $field['field_name'];
|
77
|
$description = t('This field appears as: %instances', array('%instances' => implode(', ', $labels)));
|
78
|
}
|
79
|
}
|
80
|
|
81
|
$permissions = array();
|
82
|
foreach (field_permissions_list($label) as $permission_type => $permission_info) {
|
83
|
$permission = $permission_type . ' ' . $field['field_name'];
|
84
|
$permissions[$permission] = array(
|
85
|
'title' => $permission_info['title'],
|
86
|
'description' => $description,
|
87
|
);
|
88
|
}
|
89
|
|
90
|
return $permissions;
|
91
|
}
|
92
|
|
93
|
/**
|
94
|
* Implementation of hook_permission().
|
95
|
*/
|
96
|
function _field_permissions_permission() {
|
97
|
$perms = array(
|
98
|
'administer field permissions' => array(
|
99
|
'title' => t('Administer field permissions'),
|
100
|
'description' => t('Manage field permissions and field permissions settings.'),
|
101
|
'restrict access' => TRUE,
|
102
|
),
|
103
|
'access private fields' => array(
|
104
|
'title' => t("Access other users' private fields"),
|
105
|
'description' => t('View and edit the stored values of all private fields.'),
|
106
|
'restrict access' => TRUE,
|
107
|
),
|
108
|
);
|
109
|
|
110
|
foreach (field_info_fields() as $field) {
|
111
|
if (isset($field['field_permissions']['type']) && $field['field_permissions']['type'] == FIELD_PERMISSIONS_CUSTOM) {
|
112
|
$perms += field_permissions_list_field_permissions($field);
|
113
|
}
|
114
|
}
|
115
|
|
116
|
return $perms;
|
117
|
}
|
118
|
|
119
|
/**
|
120
|
* Alter the field settings form.
|
121
|
*/
|
122
|
function _field_permissions_field_settings_form_alter(&$form, $form_state, $form_id) {
|
123
|
// Put the field permissions extensions at the top of the field settings
|
124
|
// fieldset.
|
125
|
$form['field']['field_permissions'] = array(
|
126
|
'#weight' => -10,
|
127
|
'#access' => user_access('administer field permissions'),
|
128
|
);
|
129
|
|
130
|
$form['field']['field_permissions']['type'] = array(
|
131
|
'#title' => t('Field visibility and permissions'),
|
132
|
'#type' => 'radios',
|
133
|
'#options' => array(
|
134
|
FIELD_PERMISSIONS_PUBLIC => t('Public (author and administrators can edit, everyone can view)'),
|
135
|
FIELD_PERMISSIONS_PRIVATE => t('Private (only author and administrators can edit and view)'),
|
136
|
FIELD_PERMISSIONS_CUSTOM => t('Custom permissions'),
|
137
|
),
|
138
|
'#default_value' => isset($form['#field']['field_permissions']['type']) ? $form['#field']['field_permissions']['type'] : FIELD_PERMISSIONS_PUBLIC,
|
139
|
);
|
140
|
|
141
|
// Add the container in which the field permissions matrix will be displayed.
|
142
|
// (and make it so that it is only visible when custom permissions are being
|
143
|
// used).
|
144
|
$form['field']['field_permissions']['permissions'] = array(
|
145
|
'#type' => 'container',
|
146
|
'#states' => array(
|
147
|
'visible' => array(
|
148
|
// We must cast this to a string until http://drupal.org/node/879580 is
|
149
|
// fixed.
|
150
|
':input[name="field[field_permissions][type]"]' => array('value' => (string) FIELD_PERMISSIONS_CUSTOM),
|
151
|
),
|
152
|
),
|
153
|
// Custom styling for the permissions matrix on the field settings page.
|
154
|
'#attached' => array(
|
155
|
'css' => array(drupal_get_path('module', 'field_permissions') . '/field_permissions.admin.css'),
|
156
|
),
|
157
|
);
|
158
|
|
159
|
// Add the field permissions matrix itself. Wait until the #pre_render stage
|
160
|
// to move it to the above container, to avoid having the permissions data
|
161
|
// saved as part of the field record.
|
162
|
$form['field_permissions']['#tree'] = TRUE;
|
163
|
$form['field_permissions']['#access'] = user_access('administer field permissions');
|
164
|
$form['field_permissions']['permissions'] = field_permissions_permissions_matrix($form['#field'], $form['#instance']);
|
165
|
$form['#pre_render'][] = '_field_permissions_field_settings_form_pre_render';
|
166
|
|
167
|
// Add a submit handler to process the field permissions settings. Note that
|
168
|
// it is important for this to run *after* the main field UI submit handler
|
169
|
// (which saves the field itself), since when a new field is being created,
|
170
|
// our submit handler will try to assign any new custom permissions
|
171
|
// immediately, and our hook_permission() implementation relies on the field
|
172
|
// info being up-to-date in order for that to work correctly.
|
173
|
$form['#submit'][] = '_field_permissions_field_settings_form_submit';
|
174
|
}
|
175
|
|
176
|
/**
|
177
|
* Returns a field permissions matrix that can be inserted into a form.
|
178
|
*
|
179
|
* The matrix's display is based on that of Drupal's default permissions page.
|
180
|
*
|
181
|
* Note that this matrix must be accompanied by an appropriate submit handler
|
182
|
* (attached to the top level of the form) in order for the permissions in it
|
183
|
* to actually be saved. For an example submit handler, see
|
184
|
* _field_permissions_field_settings_form_submit().
|
185
|
*
|
186
|
* @param $field
|
187
|
* The field whose permissions will be displayed in the matrix.
|
188
|
* @param $instance
|
189
|
* The field instance for which the permissions will be displayed. Although
|
190
|
* the permissions are per-field rather than per-instance, the instance label
|
191
|
* will be used to display an appropriate human-readable name for each
|
192
|
* permission.
|
193
|
*
|
194
|
* @return
|
195
|
* A form array defining the permissions matrix.
|
196
|
*
|
197
|
* @see user_admin_permissions()
|
198
|
* @see _field_permissions_field_settings_form_submit()
|
199
|
*/
|
200
|
function field_permissions_permissions_matrix($field, $instance) {
|
201
|
// This function primarily contains a simplified version of the code from
|
202
|
// user_admin_permissions().
|
203
|
$form['#theme'] = 'user_admin_permissions';
|
204
|
$options = array();
|
205
|
$status = array();
|
206
|
|
207
|
// Retrieve all role names for use in the submit handler.
|
208
|
$role_names = user_roles();
|
209
|
$form['role_names'] = array(
|
210
|
'#type' => 'value',
|
211
|
'#value' => $role_names,
|
212
|
);
|
213
|
|
214
|
// Retrieve the permissions for each role, and the field permissions we will
|
215
|
// be assigning here.
|
216
|
$role_permissions = user_role_permissions($role_names);
|
217
|
$field_permissions = field_permissions_list_field_permissions($field, $instance['label']);
|
218
|
|
219
|
// Determine if it is safe to reset the default values for this field's
|
220
|
// permissions. If this is a new field (never saved with field permission
|
221
|
// data before), or if it's an existing field that is not currently using
|
222
|
// custom permissions and doesn't have any previously-saved ones already in
|
223
|
// the database, then it will be safe to reset them.
|
224
|
$reset_permissions_defaults = FALSE;
|
225
|
if (!isset($field['field_permissions']['type'])) {
|
226
|
$reset_permissions_defaults = TRUE;
|
227
|
}
|
228
|
elseif ($field['field_permissions']['type'] != FIELD_PERMISSIONS_CUSTOM) {
|
229
|
$all_assigned_permissions = call_user_func_array('array_merge_recursive', $role_permissions);
|
230
|
$assigned_field_permissions = array_intersect_key($all_assigned_permissions, $field_permissions);
|
231
|
$reset_permissions_defaults = empty($assigned_field_permissions);
|
232
|
}
|
233
|
// Store this information on the form so that other modules can use it (for
|
234
|
// example, if they want to set default permissions for other roles besides
|
235
|
// the admin role which we use it for below).
|
236
|
$form['#field_permissions_are_new'] = $reset_permissions_defaults;
|
237
|
|
238
|
// Go through each field permission we will display.
|
239
|
foreach ($field_permissions as $permission => $info) {
|
240
|
// Display the name of the permission as a form item.
|
241
|
$form['permission'][$permission] = array(
|
242
|
'#type' => 'item',
|
243
|
'#markup' => $info['title'],
|
244
|
);
|
245
|
// Save it to be displayed as one of the role checkboxes.
|
246
|
$options[$permission] = '';
|
247
|
// If we are in a situation where we can reset the field permissions
|
248
|
// defaults, we do so by pre-checking the admin role's checkbox for this
|
249
|
// permission.
|
250
|
if ($reset_permissions_defaults) {
|
251
|
if (($admin_rid = variable_get('user_admin_role', 0)) && isset($role_names[$admin_rid])) {
|
252
|
$status[$admin_rid][] = $permission;
|
253
|
}
|
254
|
// For fields attached to users, we also pre-check the anonymous user's
|
255
|
// checkbox for the permission to create the field, since that is the
|
256
|
// most common way in which new user entities are created.
|
257
|
if ($instance['entity_type'] == 'user' && $permission == 'create ' . $field['field_name']) {
|
258
|
$status[DRUPAL_ANONYMOUS_RID][] = $permission;
|
259
|
}
|
260
|
}
|
261
|
// Otherwise (e.g., for fields with custom permissions already saved),
|
262
|
// determine whether the permission is already assigned and check each
|
263
|
// checkbox accordingly.
|
264
|
else {
|
265
|
foreach ($role_names as $rid => $name) {
|
266
|
if (isset($role_permissions[$rid][$permission])) {
|
267
|
$status[$rid][] = $permission;
|
268
|
}
|
269
|
}
|
270
|
}
|
271
|
}
|
272
|
|
273
|
// Build the checkboxes for each role.
|
274
|
foreach ($role_names as $rid => $name) {
|
275
|
$form['checkboxes'][$rid] = array(
|
276
|
'#type' => 'checkboxes',
|
277
|
'#options' => $options,
|
278
|
'#default_value' => isset($status[$rid]) ? $status[$rid] : array(),
|
279
|
'#attributes' => array('class' => array('rid-' . $rid)),
|
280
|
);
|
281
|
$form['role_names'][$rid] = array('#markup' => check_plain($name), '#tree' => TRUE);
|
282
|
}
|
283
|
|
284
|
// Attach the default permissions page JavaScript.
|
285
|
$form['#attached']['js'][] = drupal_get_path('module', 'user') . '/user.permissions.js';
|
286
|
|
287
|
// Attach our custom JavaScript for the permission matrix.
|
288
|
$form['#attached']['js'][] = drupal_get_path('module', 'field_permissions') . '/field_permissions.admin.js';
|
289
|
|
290
|
return $form;
|
291
|
}
|
292
|
|
293
|
/**
|
294
|
* Pre-render function for the permissions matrix on the field settings form.
|
295
|
*/
|
296
|
function _field_permissions_field_settings_form_pre_render($form) {
|
297
|
// Move the permissions matrix to its final location.
|
298
|
$form['field']['field_permissions']['permissions']['matrix'] = $form['field_permissions']['permissions'];
|
299
|
unset($form['field_permissions']);
|
300
|
return $form;
|
301
|
}
|
302
|
|
303
|
/**
|
304
|
* Form callback; Submit handler for the Field Settings form.
|
305
|
*/
|
306
|
function _field_permissions_field_settings_form_submit($form, &$form_state) {
|
307
|
// Save the field permissions when appropriate to do so.
|
308
|
$new_field_permissions_type = $form_state['values']['field']['field_permissions']['type'];
|
309
|
if ($new_field_permissions_type == FIELD_PERMISSIONS_CUSTOM && isset($form_state['values']['field_permissions']['permissions'])) {
|
310
|
$field_permissions = $form_state['values']['field_permissions']['permissions'];
|
311
|
foreach ($field_permissions['role_names'] as $rid => $name) {
|
312
|
user_role_change_permissions($rid, $field_permissions['checkboxes'][$rid]);
|
313
|
}
|
314
|
}
|
315
|
|
316
|
// We must clear the page and block caches whenever the field permission type
|
317
|
// setting has changed (because users may now be allowed to see a different
|
318
|
// set of fields). For similar reasons, we must clear these caches whenever
|
319
|
// custom field permissions are being used, since those may have changed too;
|
320
|
// see user_admin_permissions_submit().
|
321
|
if (!isset($form['#field']['field_permissions']['type']) || $new_field_permissions_type != $form['#field']['field_permissions']['type'] || $new_field_permissions_type == FIELD_PERMISSIONS_CUSTOM) {
|
322
|
cache_clear_all();
|
323
|
}
|
324
|
}
|
325
|
|
326
|
/**
|
327
|
* Menu callback; Field permissions overview.
|
328
|
*/
|
329
|
function field_permissions_overview() {
|
330
|
drupal_add_css(drupal_get_path('module', 'field_permissions') .'/field_permissions.admin.css');
|
331
|
|
332
|
$headers = array(t('Field name'), t('Field type'), t('Entity type'), t('Used in'));
|
333
|
foreach (field_permissions_list() as $permission_type => $permission_info) {
|
334
|
$headers[] = array('data' => $permission_info['label'], 'class' => 'field-permissions-header');
|
335
|
}
|
336
|
$destination = drupal_get_destination();
|
337
|
|
338
|
// Load list of field instances, types and bundles in the system.
|
339
|
$instances = field_info_instances();
|
340
|
$field_types = field_info_field_types();
|
341
|
$bundles = field_info_bundles();
|
342
|
|
343
|
// Retrieve the permissions for each role.
|
344
|
$role_permissions = user_role_permissions(user_roles());
|
345
|
|
346
|
// Based on field_ui_fields_list() in field_ui.admin.inc.
|
347
|
$rows = array();
|
348
|
foreach ($instances as $obj_type => $type_bundles) {
|
349
|
foreach ($type_bundles as $bundle => $bundle_instances) {
|
350
|
foreach ($bundle_instances as $field_name => $instance) {
|
351
|
// Each field will have a row in the table.
|
352
|
$field = field_info_field($field_name);
|
353
|
$admin_path = _field_ui_bundle_admin_path($obj_type, $bundle);
|
354
|
$rows[$field_name]['data'][0] = $field['locked'] ? t('@field_name (Locked)', array('@field_name' => $field_name)) : $field_name;
|
355
|
$rows[$field_name]['data'][1] = t($field_types[$field['type']]['label']);
|
356
|
$rows[$field_name]['data'][2] = $obj_type;
|
357
|
$rows[$field_name]['data'][3][] = l($bundles[$obj_type][$bundle]['label'], $admin_path . '/fields/'. $field_name, array(
|
358
|
'query' => $destination,
|
359
|
'fragment' => 'edit-field-field-permissions-type',
|
360
|
));
|
361
|
$rows[$field_name]['class'] = $field['locked'] ? array('menu-disabled') : array('');
|
362
|
|
363
|
// Append field permissions information to the report.
|
364
|
$type = isset($field['field_permissions']['type']) ? $field['field_permissions']['type'] : FIELD_PERMISSIONS_PUBLIC;
|
365
|
foreach (array_keys(field_permissions_list_field_permissions($field)) as $index => $permission) {
|
366
|
// Put together the data value for the cell.
|
367
|
$data = '';
|
368
|
$full_colspan = FALSE;
|
369
|
if ($type == FIELD_PERMISSIONS_PUBLIC) {
|
370
|
$data = t('Public field (author and administrators can edit, everyone can view)');
|
371
|
$full_colspan = TRUE;
|
372
|
}
|
373
|
elseif ($type == FIELD_PERMISSIONS_PRIVATE) {
|
374
|
$data = t('Private field (only author and administrators can edit and view)');
|
375
|
$full_colspan = TRUE;
|
376
|
}
|
377
|
else {
|
378
|
// This is a field with custom permissions. Link the field to the
|
379
|
// appropriate row of the permissions page, and theme it based on
|
380
|
// whether all users have access.
|
381
|
$all_users_have_access = isset($role_permissions[DRUPAL_ANONYMOUS_RID][$permission]) && isset($role_permissions[DRUPAL_AUTHENTICATED_RID][$permission]);
|
382
|
$status_class = $all_users_have_access ? 'field-permissions-status-on' : 'field-permissions-status-off';
|
383
|
$title = $all_users_have_access ? t('All users have this permission') : t('Not all users have this permission');
|
384
|
$data = l('', 'admin/people/permissions', array(
|
385
|
'attributes' => array(
|
386
|
'class' => array('field-permissions-status', $status_class),
|
387
|
'title' => $title,
|
388
|
),
|
389
|
'query' => $destination,
|
390
|
'fragment' => drupal_html_class("edit $permission"),
|
391
|
));
|
392
|
}
|
393
|
|
394
|
// Construct the cell.
|
395
|
$rows[$field_name]['data'][4 + $index] = array(
|
396
|
'data' => $data,
|
397
|
'class' => array('field-permissions-cell'),
|
398
|
);
|
399
|
if ($full_colspan) {
|
400
|
$rows[$field_name]['data'][4 + $index]['colspan'] = 5;
|
401
|
break;
|
402
|
}
|
403
|
}
|
404
|
}
|
405
|
}
|
406
|
}
|
407
|
foreach ($rows as $field_name => $cell) {
|
408
|
$rows[$field_name]['data'][3] = implode(', ', $cell['data'][3]);
|
409
|
}
|
410
|
if (empty($rows)) {
|
411
|
$output = t('No fields have been defined for any content type yet.');
|
412
|
}
|
413
|
else {
|
414
|
// Sort rows by field name.
|
415
|
ksort($rows);
|
416
|
|
417
|
// Allow external modules alter the table headers and rows.
|
418
|
foreach (module_implements('field_permissions_overview_alter') as $module) {
|
419
|
$function = $module .'_field_permissions_overview_alter';
|
420
|
$function($headers, $rows);
|
421
|
}
|
422
|
|
423
|
$output = theme('table', array('header' => $headers, 'rows' => $rows));
|
424
|
}
|
425
|
return $output;
|
426
|
}
|