/ - Diff - Club Drupal - Forge Centrale Marseille

     Content Access 7.x-1.2-beta1, 2011-07-24
     --------------------------------------
     #1058526 by BenK, good_man: Rules 2.x integration.
     #572812 by NikLP, good_man: Add content type to permission title.
     #1135466 by Firewolf, videographics, good_man: Renaming a content type results
       in notices.
     #1144510 by good_man: Fix roles selection in test case.
     #1110860 by FiNeX, eosrei, good_man: Content access rules integration -
       missing function.
     #1159402 by FiNeX, dcmouyard, jjs, good_man: Wrong operations on rules
       integration.
     #1057400 by xaverx, dooug, jhayzhon, cnolle, Firewolf, Bitnetix, maciej.zgadzaj,
       karilu_ec, ChoY, BenK, good_man: Taxonomy access.
     #1097248 by ordermind, Itangalo, good_man: PDOException error 1062 when using
       rules on create node.
     #1209004 by Itangalo, good_man: "Reset content permissions" action doesn't go
       all the way.
     #1147526 by tmm360, good_man, Akaoni, danielb, Crusher, mithman, BenK, fago:
       Unpublished nodes displayed to anonymous users.
     #1115794 by rorydflynn, Waldknoblauch, aocoder, good_man, SNaKeMe, cgross,
       commanderflash, bryrock, enrikito, BenK, karilu_ec: Conflict with views
       module.

     # CONTENTS OF THIS FILE
     * Introduction
     * Requirements
     * Recommended modules
     * Installation
     * Configuration
     * Maintainers
     * Notes
     # INTRODUCTION
     The **Content Access** module let you content manage access permission in a flexible and transparant way.
     It provides two new permissions: *view all* (allows anyone to view the
     content) and *view own* (allows only the content creator to see
     his/her own content). It also gives access to the existing core
     permissions *edit* and *delete* on the same settings page.
     It provides the following modalities:
     * Each *content type* can have its own default content access settings by role.
     * Optionally you can enable role based access control settings per *content node*.
     * Access control can be further customized per *user* if you have the **ACL** module enabled.
     For more information and reporting, please visit:
     * For a description of the module, visit the [project page][1].
     * For on-screen documentation, visit the [documentation page][2],
       or enable [**Advanced Help**][6].
     * To submit bug reports and feature suggestions, or to track changes
       visit the project's [issue tracker][3].
     Features:
     * It comes with sensible defaults, so you need not configure anything
       and everything stays working.
     * It is as flexible as you want. It can work with per content type
       settings, per content node settings as well as with flexible Access
       Control Lists with the help of the **ACL** module
       ([see Note 1](#ACL) at the end).
     * It reuses existing functionality instead of reimplementing it. So
       one can install the **ACL** module and set per user access control
       settings per content node.
     * It comes with a submodule named **Content Access Rules
       Interations**. It provides conditions and actions for the **Rules**
       module, which allows one to configure rule-based access permissions.
     * It optimizes the written content node grants, so that only the
       necessary grants are written.  This is important for the
       performance of your site.
     * The module has a comes with automated testing to ensure everything
       stays working correctly.
     * It respects and makes use of Drupal's core permissions. This means
       that the "Access Control" tab provided by this module takes them
       into account and provides you a good overview of *all* applied
       access control settings on a single page (but see [Note 2](#adv) at
       the end).
     The module is designed to be simple to use, but can be configured to
     provide really fine-grained content access permissions.
     # REQUIREMENTS
     None.
     # RECOMMENDED MODULES
     * [**ACL**][4]:
       To use Access Control Lists for per user access control.
     * [**Advanced Help Hint**][7]:
       Links help text provided by `hook_help` to online help and
       **Advanced Help**.
     * [**Advanced Help**][6]:
       When this module is enabled, the project's `README.md` will be
       displayed when you visit `help/content_access/README.md`.
     * [**Markdown**][8]:
       When this module is enabled, display of the project's `README.md`
       will be rendered with the markdown filter.
     * [**Node Export**][N]
       To export content access rules.
     * [**Rules**][5]:
       To configure rule-based access permissions.
     # INSTALLATION
     The module is set up to require PHP ver. 5.6 or later.  I do not want
     to keep supporting legacy PHP (at least not for free). If you need a
     version that runs on something more ancient, you have two options:
 . Keep useing version 7.x-1.2-beta2. It does not restrict PHP
        version. It is very old tho', and is no longer recommended, nor is
        it supported.
 . Ask me to create a separate branch of the project for a backport
        the current supported version to whatever version of PHP you need.
        Then get someone to support this branch.
     If you go for the backport option: If you're a developer, request to
     become a co-maintainer of this project and then create and support the
     backport yourself.  If you're not, sponsor someone to do the backport
     and to support it.
     To install and enable, do the following:
 . Install as you would normally install a contributed drupal
        module. See: [Installing modules][9] for further information.
 . Enable the **Content Access** module on the *Modules* list
        page.
 . If you want to use access control lists, download, install and
        configure the **ACL** module.
     # CONFIGURATION
     Note that users need at least the permission "View published content"
     to be able to access published content. Furthermore note that content
     which is not published is treated in a different way by Drupal: It can
     be viewed only by its author or users with "Bypass content access
     control" permission.  You can *not* use this project to manage
     access to unpublished content.
     To inspect and change those permissions, navigate to *Administration »
     People » Permisions* and scroll down to the "Node" section.
     ## Role based access control
     To set up access control for a content type, navigate to
     *Administration » Structure* and click on "edit" for the content type
     you want to set up.  There will be a new tab named "Access Control"
     that let you control access.
     To set up role based access control, tick the boxes under "Role based
     access control settings".  Note that only the "View" permissions are
     new permissions provided by this module.  The "Edit" and "Delete"
     permissions are provided by the Drupal core, and can also be found if
     you navigate to *Administration » People » Permisions*.  They are
     shown here to provide the full picture of what permission is set for
     the content type and role. It does not matter where you change these.
     ## Per content node access control
     There is a a checkbox to enable per content node access control
     settings.  If enabled, a new tab for the content access settings
     appears when viewing content.
     To configure permission to access these settings, navigate to
     *Administration » People » Permisions* and set the "Grant content
     access" permission for the relevant roles.
     ## Advanced access control
     The "Advanced" settings are only relevant if you are running multiple
     node access modules on a site.
     A Drupal node access module can only grant access to content nodes,
     but not deny it. So if you are using multiple node access modules,
     access will be granted to a node as soon as one of the module grants
     access to it.
     However you can influence the behaviour by changing the priority of
     the content access module as drupal applies *only* the grants with the
     highest priority. So if content access has the highest priority
     *alone*, only its grants will be applied.
     By default node access modules should use priority 0 (zero).
     ## Using access control lists
     To make use of access control lists you'll need to enable per content
     node access control settings for the content type. At the access control
     tab of such a content node you are able to grant view, edit or delete
     permission for specific users..
     # MAINTAINERS
     **Content Access** was created by [fago][10] (Wolfgang Ziegler).
     It contains a lot of contributions from  [good_man][11] (Khaled Al Hourani).
     The current maintainer is [gisle][12] (Gisle Hannemyr).
     Development and maintenance is sponsored by [Hannemyr Nye Medier AS][13].
     Any help with development (patches, reviews, comments) are welcome.
     # NOTES
     **Note 1**<a id="ACL"></a>: ACL integration is not yet working right.
     **Note 2**<a id="adv"></a>: Note that this overview can't take other
     modules into account, which might also alter node access.  If you have
     multiple modules installed that alter node access, read the paragraph
     about "Advanced access control".
     [1]: https://drupal.org/project/content_access
     [2]: https://drupal.org/node/1194974
     [3]: https://drupal.org/project/issues/content_access
     [4]: https://www.drupal.org/project/acl
     [5]: https://www.drupal.org/project/rules
     [6]: https://www.drupal.org/project/advanced_help
     [7]: https://www.drupal.org/project/advanced_help_hint
     [8]: https://www.drupal.org/project/markdown
     [N]: https://www.drupal.org/project/node_export
     [9]: https://www.drupal.org/docs/7/extend/installing-modules
     [10]: https://www.drupal.org/u/fago
     [11]: https://www.drupal.org/u/good_man
     [12]: https://www.drupal.org/u/gisle
     [13]: https://hannemyr.no

     Content Access Module
     -----------------------
     by Wolfgang Ziegler, nuppla@zites.net
     Yet another node access module.
     This module allows you to manage permissions for content types by role. It allows you to specifiy
     custom view, view own, edit, edit own, delete and delete own permissions for each content type.
     Optionally you can enable per content access settings, so you can customize the access for each
     content node.
     In particular
       * it comes with sensible defaults, so you need not configure anything and everything stays working
       * it is as flexible as you want. It can work with per content type settings, per content node settings
         as well as with flexible Access Control Lists (with the help of the ACL module).
       * it trys to reuse existing functionality instead of reimplementing it. So one can install the ACL
         module and set per user access control settings per content node.
         Furthermore the module provides conditions and actions for the rules module, which allows one
         to configure even rule-based access permissions.
       * it optimizes the written content node grants, so that only the really necessary grants are written.
         This is important for the performance of your site.
       * it takes access control as important as it is. E.g. the module has a bunch of simpletests to ensure
         everything is working right.
       * it respects and makes use of drupal's built in permissions as far as possible. Which means the
         access control tab provided by this module takes them into account and provides you a good overview
         about the really applied access control settings. [1]
     So the module is simple to use, but can be configured to provide really fine-grained permissions!
     Installation
     ------------
      * Copy the content access module's directory to your modules directory and activate the module.
      * Optionally download and install the ACL module too.
      * Edit a content type at admin/content/types. There will be a new tab "Access Control".
     ACL Module
     -----------
     You can find the ACL module at http://drupal.org/project/acl. To make use of Access Control Lists
     you'll need to enable per content node access control settings for a content type. At the access
     control tab of such a content node you are able to grant view, edit or delete permission for specific
     users.
     Running multiple node access modules on a site (Advanced!)
     -----------------------------------------------------------
     A drupal node access module can only grant access to content nodes, but not deny it. So if you
     are using multiple node access modules, access will be granted to a node as soon as one of the
     module grants access to it.
     However you can influence the behaviour by changing the priority of the content access module as
     drupal applies *only* the grants with the highest priority. So if content access has the highest
     priority *alone*, only its grants will be applied.
     By default node access modules use priority 0.
     Footnotes
     ----------
     [1] Note that this overview can't take other modules into account, which might also alter node access.
         If you have multiple modules installed that alter node access, read the paragraph about "Running
         multiple node access modules on a site".

     Upgrade from 5.x
     ----------------
     You can easily upgrade from drupal 5 installations. After upgrading your drupal installation
     just install the latest module and run update.php - it will automatically run the upgrade routine
     which is update 6001.
     After that the content access permissions for your site needs to be rebuilt. Just go to your
     site and follow the instructions.
     Notes for workflow-ng users
     ----------------------------
     The workflow-ng integration has been properly upgraded to its 6.x version, the rules module.
     However it has been a bit refactored: The 'Set content permissions' action has been removed in
     favor of the 'Grant content permissions by role' and 'Revoke content permissions by role' as
     this gives us more flexibility.
     So the automatic upgrade of your configured rules converts the 'Set content permissions' action
     to an 'Grant content permissions by role' action. If this doesn't fit, you'll have to edit it
     manually.
     All other conditions and actions have their equivalent in rules and will be automatically converted.

         '#value' => t('Reset to defaults'),
         '#weight' => 10,
         '#submit' => array('content_access_page_reset'),
         '#access' => count(content_access_get_per_node_settings($node)) > 0,
         '#access' => !empty(content_access_get_per_node_settings($node)),
       );
       $form['submit'] = array(
         '#type' => 'submit',
-...
       // Apply new settings.
       node_access_acquire_grants($node);
       module_invoke_all('per_node', $settings);
       drupal_set_message(t('Your changes have been saved.'));
       cache_clear_all();
       module_invoke_all('per_node', $settings, $node);
       drupal_set_message(t('Your changes have been saved. You may have to !rebuild for your changes to take effect.', array('!rebuild' => l(t('rebuild permissions'), 'admin/reports/status/rebuild'))));
+    }
     /**
-...
       content_access_delete_per_node_settings($form_state['node']);
       node_access_acquire_grants($form_state['node']);
       drupal_set_message(t('The permissions have been reseted to the content type defaults.'));
       drupal_set_message(t('The permissions have been reset to the content type defaults.'));
+    }
     /**
-...
+        }
+      }
       drupal_set_message(t('Your changes have been saved.'));
       drupal_set_message(t('Your changes have been saved. You may have to !rebuild for your changes to take effect.', array('!rebuild' => l(t('rebuild permissions'), 'admin/reports/status/rebuild'))));
+    }
     /**
-...
         '#type' => 'fieldset',
         '#title' => t('Role based access control settings'),
         '#collapsible' => TRUE,
         '#description' => t('Note that users need at least the %access_content permission to be able to deal in any way with content.', array('%access_content' => t('access content'))) .
           ' ' . t('Furthermore note that content which is not @published is treated in a different way by drupal: It can be viewed only by its author or users with the %administer_nodes permission.', array('@published' => t('published'), '%administer_nodes' => t('administer nodes'))),
         '#description' => t('Note that users need at least the %view_published_content permission to be able to deal in any way with content.', array('%view_published_content' => t('view published content'))) .
           ' ' . t('Furthermore note that content which is not @published is treated in a different way by drupal: It can be viewed only by its author or users with the %bypass_node_access permission.', array('@published' => t('published'), '%bypass_node_access' => t('bypass content access control'))),
       );
       $operations = _content_access_get_operations($type);
-...
           array('@types' => implode(', ', $types))
         ));
+      }
+    }
+    }

     name = Content Access
     description = Provides flexible content access control.
     core = 7.x
     php = 5.6
     package = Access control
     files[] = content_access.rules.inc
     files[] = tests/content_access.test
     files[] = tests/content_access_acl.test
     ; Information added by drupal.org packaging script on 2013-04-15
     version = "7.x-1.2-beta2"
     ; Information added by Drupal.org packaging script on 2020-06-25
     version = "7.x-1.2-beta3"
     core = "7.x"
     project = "content_access"
     datestamp = "1366014321"
     datestamp = "1593095998"

drupal7/sites/all/modules/content_access/content_access.install
42	42	*/
43	43	function content_access_update_7101() {
44	44	$settings = variable_get('content_access_settings', array());
	45	$settings_new = array();
45	46	foreach ($settings as $setting => $data) {
46	47	foreach ($data as $type_name => $value) {
47	48	$settings_new[$type_name][$setting] = $value;

       switch ($path) {
         case 'admin/help#content_access':
           $output = '<h3>' . t('About') . '</h3>';
           $output .= '<p>' . t('Content Access module provides flexible way to control how and who should read or control your site content. Content Access can define custom access control rules for content types and even for every piece of content.') . '</p>';
           $output .= '<h3>' . t('Uses') . '</h3>';
           $output .= '<dl>';
           $output .= '<dt>' . t('Default and custom settings') . '</dt>';
           $output .= '<dd>' . t("Each <a href='@content-type'>content type</a> can have its own default content access settings configured as: <em>View any content</em> to allow anyone to view content from this content type, <em>View own content</em> to allow only content creators to see their own content, <em>Edit any content</em> to allow anyone to edit content from this content type, <em>Edit own content</em> to allow only content creators to edit their own content, <em>Delete any content</em> to allow anyone to delete content from this content type, <em>Delete own content </em> to allow content creators to delete their own content. This default settings for each content type can be further customized per every piece of content per user if you have <a href='@acl'>ACL</a> module enabled.", array('@content-type' => url('admin/structure/types'), '@acl' => 'http://drupal.org/project/acl/')) . '</dd>';
           $output .= '</dl>';
           $output .= '<p>' . t('The <strong>Content Access</strong> module let you content manage access permission in a flexible and transparant way.') . '</p>';
           $output .= '<h3>' . t('Use') . '</h3>';
           $output .= '<p>' . t('It provides two new permissions: <em>view all</em> (allows anyone to view the content) and <em>view own</em> (allows  only the content creator to see his/her own content). It also gives access to the existing core permissions <em>edit</em> and <em>delete</em> on the same settings page.') . '</p>';
           $output .= '<p>' . t('It provides the following modalities:') . '</p><ul>';
           $output .= '<li>' . t('Each <em>!content-type</em> can have its own default content access settings by role.',  array('!content-type' => l('content type', 'admin/structure/types'))) . '</li>';
           $output .= '<li>' . t('Optionally you can enable  role based access control settings per <em>content node</em>.') . '</li>';
           $output .= '<li>' . t('Access control can be further customized per <em>user</em> if you have the <strong>!acl</strong> module enabled.',
             array('!acl' => l('ACL', 'https://www.drupal.org/project/acl/'))) . '</li></ul>';
           if (function_exists('advanced_help_hint_docs')) {
             $output .= '<p>' . advanced_help_hint_docs('content_access', 'https://drupal.org/node/1194974', TRUE) . '</p>';
+          }
           else {
             $output .= '<p>' .t('If you install and enable the module <strong>!url</strong>, you will get more help for <strong>Content Access</strong>.',
               array('!url' => l('Advanced Help Hint', 'https://www.drupal.org/project/advanced_help_hint'))) . '</p>';
+          }
           return $output;
+      }
+    }
     /**
      * Implements hook_admin_paths().
      */
-...
      * Save content_access settings of a content type.
      */
     function content_access_set_settings($settings, $type_name) {
       // Do not store default values so we do not have to care about synching our
       // Do not store default values so we do not have to care about syncing our
       // settings with the permissions.
       foreach (content_access_get_setting_defaults($type_name) as $setting => $default_value) {
         if (isset($settings[$setting]) && $settings[$setting] == $default_value) {
-...
      * @param $any_roles
      *   The roles with which anybody has access (not optimized!)
      * @param $own_roles
      *   The roles with which only the author has acess (optimized!)
      *   The roles with which only the author has access (optimized!)
      */
     function content_access_own_op($node, $any_roles, $own_roles) {
       static $roles = array();
-...
      * @param $node
      *   The node object.
      * @param $settings
      *    Optional array used to update the settings cache with the given settings.
      *   Optional array used to update the settings cache with the given settings.
      * @return
      *   An array of role ids which have access.
      */
-...
      */
     function content_access_disable_checkboxes($element) {
       $access_roles = content_access_get_permission_access('access content');
       $admin_roles = content_access_get_permission_access('administer nodes');
       $admin_roles = content_access_get_permission_access('bypass node access');
       foreach (element_children($element) as $key) {
         if (!in_array($key, $access_roles) &&
-...
+        }
         elseif (in_array($key, $admin_roles) ||
                 ($key != DRUPAL_ANONYMOUS_RID && in_array(DRUPAL_AUTHENTICATED_RID, $admin_roles))) {
           // Fix the checkbox to be enabled for users with administer node privileges
           // Fix the checkbox to be enabled for users with bypass node access privileges
           $element[$key]['#disabled'] = TRUE;
           $element[$key]['#default_value'] = TRUE;
           $element[$key]['#prefix'] = '<span' . drupal_attributes(array('title' => t("This role has '@perm' permission, so access is granted.", array('@perm' => t('administer nodes'))))) . '>';
           $element[$key]['#prefix'] = '<span' . drupal_attributes(array('title' => t("This role has '@perm' permission, so access is granted.", array('@perm' => t('bypass node access'))))) . '>';
           $element[$key]['#suffix'] = "</span>";
+        }
+      }
-...
       foreach ($result as $node) {
         acl_node_clear_acls($node->nid, 'content_access');
+      }
+    }
+    }
     /**
      * Implements hook_node_export_alter().
      */
     function content_access_node_export_alter(array $nodes) {
       foreach ($nodes as $node) {
         $node->content_access = content_access_get_per_node_settings($node);
+      }
+    }
     /**
      * Implements hook_node_export_after_import_alter().
      */
     function content_access_node_export_after_import_alter(array $nodes) {
       foreach ($nodes as $node) {
         if(empty($node->nid))
           continue;
         content_access_save_per_node_settings($node, $node->content_access);
+      }
       // Rebuild content access permissions
       node_access_rebuild();
+    }

     core = 7.x
     dependencies[] = content_access
     dependencies[] = rules
     files[] = content_access.rules.inc
     ; Information added by drupal.org packaging script on 2013-04-15
     version = "7.x-1.2-beta2"
     ; Information added by Drupal.org packaging script on 2020-06-25
     version = "7.x-1.2-beta3"
     core = "7.x"
     project = "content_access"
     datestamp = "1366014321"
     datestamp = "1593095998"

     /**
      * Implements hook_per_node().
      */
     function content_access_rules_per_node($settings) {
       rules_invoke_event('content_access_per_node');
+    }
     function content_access_rules_per_node($settings, $node) {
       rules_invoke_event('content_access_per_node', $node);
+    }

      */
     function content_access_rules_rules_event_info() {
       $events['content_access_content_type'] = array('label' => t('Content type access control was changed'));
       $events['content_access_per_node'] = array('label' => t('Per node access control was changed'));
       $events['content_access_per_node'] = array(
         'label' => t('Per node access control was changed'),
         'variables' => array(
           'node' => array('type' => 'node', 'label' => 'Content with updated content access'),
         ),
       );
       if (module_exists('acl')) {
         $events['content_access_user_acl'] = array('label' => t('User was added to ACL'));
-...
       $items = array();
       foreach ($events as $name => $event) {
         $items[$name] = array(
           'label' => $event['label'],
         $items[$name] = $event + array(
           'group' => t('Content Access'),
         );
+      }
-...
       // node_save() does implement node_access_acquire_grants() so we don't want
       // to execute it again or we'll get a duplicated key exception
       if (!isset($node->op) ||
           (isset($node->op) && $node->op != 'Save')) {
           (isset($node->op) && $node->op != t('Save'))) {
         node_access_acquire_grants($node);
+      }
+    }
+    }

     [advanced help settings]
     show readme = TRUE
     [rules]
     title = Rules
     weight = -11
     [nodeexport]
     title = Node Export
     weight = -10
     [integration]
     title = Integration with other modules
     weight = -9

     <h2>Introduction</h2>
     <p>This section contains notes about how to integrate <strong>Content
     Access</strong> with other modules.</p>
     <p>I have not tested these myself, so I do not guarantee that the
     suggestion collected below actually work.  They are just to keep the
     links to the workarounds posted somewhere on the web in a single
     file.</p>
     <p>If you spot link rot, or wrong information, on this page, please
     report it using the project's
     <a href="https://drupal.org/project/issues/content_access">issue queue</a>.</p>
     <h2>Varnish, Cachewall</h2>
     <p><em>Varnish</em> and other cache systems such as <em>Cachewall</em>
     by default will delete cookies before they reach Drupal, so everybody
     becomes an anonymous user. This precludes access to private file
     attachments.</p>
     <p>Below are settings for <em>Varnish</em> to prevent this for some
     file types:</p>
     <pre>
     # Always cache the following file types for all users. This list of extensions
     # appears twice, once here and again in vcl_fetch so make sure you edit both
     # and keep them equal.
     if (req.url ~ "(?i)\.(pdf|txt|csv|png|gif|jpg|ico|swf|css|js)(\?.*)?$") {
       unset req.http.Cookie;
+    }
     </pre>
     <ul>
     <li>Drupal.org: <a href="https://www.drupal.org/project/content_access/issues/2682635">Issue #2682635</a></li>
     <li>Drupal.org: <a href="https://www.drupal.org/project/webform/issues/2421429#comment-9667677">Issue #2421429, comment #4</a></li>
     </ul>
     <h2>Views and Workbench</h2>
     <p>If you have problems intgrating <strong>Views</strong> and/or <strong>Workbench</strong>,
     in particular in connection with the  “<em>View own unpublished content</em>” permission,
     one of these links may help:</p>
     <ul>
     <li>Drupal.org: <a href="https://www.drupal.org/project/content_access/issues/2204609">Issue #2205609</a></li>
     <li>Drupal Answers: <a href="https://drupal.stackexchange.com/q/41997/12076">Problem with “Content Access” and permission “View own unpublished content”</a>.</li>
     <li>Drupalprimer: <a href="http://drupalprimer.com/node/2">Drupal 7's Access Control module prevents view of user's own unpublished content</a>.</li>
     </ul>
     <p>Problems using relationships in <strong>Views</strong> may be solved by patching core:</p>
     <ul>
     <li>Drupal.org: <a href="https://www.drupal.org/project/content_access/issues/2020453">Issue #2020453</a></li>
     <li>Drupal.org: <a href="https://www.drupal.org/project/drupal/issues/1349080#comment-10953027">Issue #1349080, comment #332</a></li>
     </ul>

     <h2>Introduction</h2>
     <p>This page is just a placeholder. Until it is populated, please see:</p>
     <ul>
     <li>Drupal.org: <a href="https://www.drupal.org/project/content_access/issues/2661872">Issue #2661872</a></li>
     </ul>

     <h2>Introduction</h2>
     <p>This section contains notes about how to
     integrate with <strong>Rules</strong>.</p>
     <p><strong>Note</strong>: This only work on individual nodes.  The
     rules for access control that you set up will not be
     executed <em>unless</em> you have enabled per content node access
     control settings.</p>
     <h2>Rules integrations example</h2>
     <p>In this example, there will be two user roles: “writer” and
     “editor”. There will also be two users: A writer named “Bob” and an
     editor named “Ben”.  There will also be a third user named “Alice”
     that will not belong to any of there roles. We shall set up a workflow
     where “Bob” creates content, and when that content is saved, only
     users with the “editor” user role (e.g. “Ben”) will be allowed to see
     it.</p>
     <p>Set up:</p>
     <ul>
     <li>Ensure <strong>Content Access</strong> is enabled (if you can read this in the browser, it is).</li>
     <li>Enable both the <strong>Rules</strong> and <strong>Rules UI</strong> modules.</li>
     <li>Enable the <strong>Content Access Rules Integrations</strong> module.</li>
     <li>Create the roles: “writer” and “editor” and the users “Bob”, “Ben” and “Alice”. Assign roles.</li>
     <li>Set up default role based access control settings.  Give the “anonymous user” role and the “authenticated user” role access to “View any article content” and “View own article content”.</li>
     <li>Check “Enable per content node access control settings”. You find this checkbox under the “Access Control” tab located on the settings page for the content type.</li>
     </ul>
     <p>Create the rules:</p>
     <ul>
     <li>Navigate to <span class="nav">Configuration » Workflow » Rules<span>.</li>
     <li>Click “Add new rule”.</li>
     <li>Name the rule “editor oversight”.</li>
     <li>Leave the field “Tags” empty.</li>
     <li>In the pulldown menu for “React on event”, select “After saving new contents”.</li>
     <li>Leave “Restrict by type” set to “- None -”.</li>
     <li>Click “Save”.</li>
     </ul>
     <div class="help-imgpos-center" style="max-width:620px">
     <img class="help-img" alt="ahelp_tab.png" title="New rule: Editor oversight" src="&path&rules01.png" width="620" />
     <div class="help-img-caption" style="max-width:620px">Adding a new rule</div>
     </div>
     <p>This sets up a new rule named “editor oversight” that triggers when
     a new node is saved.</p>
     <ul>
       <li>Under “Conditions”, click “Add condition”,</li>
       <li>From the pulldown menu  “Select <em>condition</em> to add”, select “User has role(s)”.</li>
       <li>After making the selection, you automatically continue to a new page to set up a data selector.</li>
       <li>For the “Data selector” field, choose “node:author”.</li>
       <li>Under “Roles”, for “Value”, select “writer”.</li>
     <li>Click “Save”.</li>
     </ul>
     <p>This sets up a contition for following the rule. The rule is only
     followed when the user with the role “writer” triggers an event that
     matches “After saving new contents”.</p>
     <p>The final step adds an action that happens when the rule is
     triggered and the conditions are met.</p>
     <ul>
       <li>Under “Actions”, click “Add action”,</li>
       <li>From the pulldown menu “Select <em>action</em> to add”, select “Grant Access by role”.</li>
       <li>After making the selection, you automatically continue to a new page to set up role based access settings.</li>
       <li>Look under “Role-based access control settings”. Give the “editor” the right to “View any content” “View own content”. Checking a box grants the access.</li>
       <li>Under “Actions”, again click “Add action”,</li>
       <li>From the pulldown menu “Select <em>action</em> to add”, select “Revoke Access by role”.</li>
       <li>After making the selection, you automatically continue to a new page to set up role based access settings.</li>
       <li>Look under “Role-based access control settings”. Revoke “View any content” “View own content” for the “anonymous user” role and the the “authenticated user” role.  Checking a box revokes the access.</li>
       <li>Click “Save”.</li>
     </ul>
     <p>Verify that it works:</p>
     <ul>
     <li>Create an artcle as “Alice” (no special role). Verify that is viewable by everyone.</li>
     <li>Create an artcle as “Bob” (the writer). Verify that is viewable by “Ben” (the editor), but not by “Alice”.</li>
     </ul>

     /**
      * @file
      * Automatd SimpleTest Case for content access module
      * Automated SimpleTest Case for content access module.
      */
     require_once(drupal_get_path('module', 'content_access') .'/tests/content_access_test_help.php');
     require_once drupal_get_path('module', 'content_access') . '/tests/content_access_test_help.php';
     class ContentAccessModuleTestCase extends ContentAccessTestCase {
       /**
        * Implementation of get_info() for information
        * Implements get_info() for information.
        */
       public static function getInfo() {
         return array(
-...
       function setUp($module = '') {
         parent::setUp();
         // Create test nodes
         // Create test nodes.
         $this->node1 = $this->drupalCreateNode(array('type' => $this->content_type->type));
         $this->node2 = $this->drupalCreateNode(array('type' => $this->content_type->type));
+      }
       /**
        * Test for viewing nodes
        * Test for viewing nodes.
        */
       function testViewAccess() {
         // Restrict access to the content type (access is only allowed for the author)
         // Restrict access to the content type (access is only allowed for the
         // author).
         $access_permissions = array(
           'view[1]' => FALSE,
           'view[2]' => FALSE,
         );
         $this->changeAccessContentType($access_permissions);
         // Logout admin and try to access the node anonymously
         // Logout admin and try to access the node anonymously.
         $this->drupalLogout();
         $this->drupalGet('node/'. $this->node1->nid);
         $this->drupalGet('node/' . $this->node1->nid);
         $this->assertText(t('Access denied'), 'node is not viewable');
         // Login test user, view node, access must be denied
         // Login test user, view node, access must be denied.
         $this->drupalLogin($this->test_user);
         $this->drupalGet('node/'. $this->node1->nid);
         $this->drupalGet('node/' . $this->node1->nid);
         $this->assertText(t('Access denied'), 'node is not viewable');
         // Login admin and grant access for viewing to the test user
         // Login admin and grant access for viewing to the test user.
         $this->drupalLogin($this->admin_user);
         $this->changeAccessContentTypeKeyword('view');
         // Logout admin and try to access the node anonymously
         // access must be denied again
         // Logout admin and try to access the node anonymously.
         // Access must be denied again.
         $this->drupalLogout();
         $this->drupalGet('node/'. $this->node1->nid);
         $this->drupalGet('node/' . $this->node1->nid);
         $this->assertText(t('Access denied'), 'node is not viewable');
         // Login test user, view node, access must be granted
         // Login test user, view node, access must be granted.
         $this->drupalLogin($this->test_user);
         $this->drupalGet('node/'. $this->node1->nid);
         $this->drupalGet('node/' . $this->node1->nid);
         $this->assertNoText(t('Access denied'), 'node is viewable');
         // Login admin and enable per node access
         // Login admin and enable per node access.
         $this->drupalLogin($this->admin_user);
         $this->changeAccessPerNode();
         // Restrict access on node2 for the test user role
         // Restrict access on node2 for the test user role.
         $this->changeAccessNodeKeyword($this->node2, 'view', FALSE);
         // Logout admin and try to access both nodes anonymously
         // Logout admin and try to access both nodes anonymously.
         $this->drupalLogout();
         $this->drupalGet('node/'. $this->node1->nid);
         $this->drupalGet('node/' . $this->node1->nid);
         $this->assertText(t('Access denied'), 'node1 is not viewable');
         $this->drupalGet('node/'. $this->node2->nid);
         $this->drupalGet('node/' . $this->node2->nid);
         $this->assertText(t('Access denied'), 'node2 is not viewable');
         // Login test user, view node1, access must be granted
         // Login test user, view node1, access must be granted.
         $this->drupalLogin($this->test_user);
         $this->drupalGet('node/'. $this->node1->nid);
         $this->drupalGet('node/' . $this->node1->nid);
         $this->assertNoText(t('Access denied'), 'node1 is viewable');
         // View node2, access must be denied
         $this->drupalGet('node/'. $this->node2->nid);
         // View node2, access must be denied.
         $this->drupalGet('node/' . $this->node2->nid);
         $this->assertText(t('Access denied'), 'node2 is not viewable');
         // Login admin, swap permissions between content type and node2
         // Login admin, swap permissions between content type and node2.
         $this->drupalLogin($this->admin_user);
         // Restrict access to content type
         // Restrict access to content type.
         $this->changeAccessContentTypeKeyword('view', FALSE);
         // Grant access to node2
         // Grant access to node2.
         $this->changeAccessNodeKeyword($this->node2, 'view');
         // Logout admin and try to access both nodes anonymously
         // Logout admin and try to access both nodes anonymously.
         $this->drupalLogout();
         $this->drupalGet('node/'. $this->node1->nid);
         $this->drupalGet('node/' . $this->node1->nid);
         $this->assertText(t('Access denied'), 'node1 is not viewable');
         $this->drupalGet('node/'. $this->node2->nid);
         $this->drupalGet('node/' . $this->node2->nid);
         $this->assertText(t('Access denied'), 'node2 is not viewable');
         // Login test user, view node1, access must be denied
         // Login test user, view node1, access must be denied.
         $this->drupalLogin($this->test_user);
         $this->drupalGet('node/'. $this->node1->nid);
         $this->drupalGet('node/' . $this->node1->nid);
         $this->assertText(t('Access denied'), 'node1 is not viewable');
         // View node2, access must be granted
         $this->drupalGet('node/'. $this->node2->nid);
         // View node2, access must be granted.
         $this->drupalGet('node/' . $this->node2->nid);
         $this->assertNoText(t('Access denied'), 'node2 is viewable');
+      }
       /**
        * Test for editing nodes
        * Test for editing nodes.
        */
       function testEditAccess() {
         // Logout admin and try to edit the node anonymously
         // Logout admin and try to edit the node anonymously.
         $this->drupalLogout();
         $this->drupalGet('node/'. $this->node1->nid .'/edit');
         $this->drupalGet('node/' . $this->node1->nid . '/edit');
         $this->assertText(t('Access denied'), 'edit access denied for anonymous');
         // Login test user, edit node, access must be denied
         // Login test user, edit node, access must be denied.
         $this->drupalLogin($this->test_user);
         $this->drupalGet('node/'. $this->node1->nid .'/edit');
         $this->drupalGet('node/' . $this->node1->nid . '/edit');
         $this->assertText(t('Access denied'), 'edit access denied for test user');
         // Login admin and grant access for editing to the test user
         // Login admin and grant access for editing to the test user.
         $this->drupalLogin($this->admin_user);
         $this->changeAccessContentTypeKeyword('update');
         // Logout admin and try to edit the node anonymously
         // access must be denied again
         // Logout admin and try to edit the node anonymously.
         // Access must be denied again.
         $this->drupalLogout();
         $this->drupalGet('node/'. $this->node1->nid .'/edit');
         $this->drupalGet('node/' . $this->node1->nid . '/edit');
         $this->assertText(t('Access denied'), 'edit access denied for anonymous');
         // Login test user, edit node, access must be granted
         // Login test user, edit node, access must be granted.
         $this->drupalLogin($this->test_user);
         $this->drupalGet('node/'. $this->node1->nid .'/edit');
         $this->drupalGet('node/' . $this->node1->nid . '/edit');
         $this->assertNoText(t('Access denied'), 'node1 is editable');
         // Login admin and enable per node access
         // Login admin and enable per node access.
         $this->drupalLogin($this->admin_user);
         $this->changeAccessPerNode();
         // Restrict access for this content type for the test user
         // Restrict access for this content type for the test user.
         $this->changeAccessContentTypeKeyword('update', FALSE);
         // Allow acces for node1 only
         // Allow acces for node1 only.
         $this->changeAccessNodeKeyword($this->node1, 'update');
         // Logout admin and try to edit both nodes anonymously
         // Logout admin and try to edit both nodes anonymously.
         $this->drupalLogout();
         $this->drupalGet('node/'. $this->node1->nid .'/edit');
         $this->drupalGet('node/' . $this->node1->nid . '/edit');
         $this->assertText(t('Access denied'), 'node1 is not editable');
         $this->drupalGet('node/'. $this->node2->nid .'/edit');
         $this->drupalGet('node/' . $this->node2->nid . '/edit');
         $this->assertText(t('Access denied'), 'node2 is not editable');
         // Login test user, edit node1, access must be granted
         // Login test user, edit node1, access must be granted.
         $this->drupalLogin($this->test_user);
         $this->drupalGet('node/'. $this->node1->nid .'/edit');
         $this->drupalGet('node/' . $this->node1->nid . '/edit');
         $this->assertNoText(t('Access denied'), 'node1 is editable');
         // Edit node2, access must be denied
         $this->drupalGet('node/'. $this->node2->nid .'/edit');
         // Edit node2, access must be denied.
         $this->drupalGet('node/' . $this->node2->nid . '/edit');
         $this->assertText(t('Access denied'), 'node2 is not editable');
         // Login admin, swap permissions between node1 and node2
         // Login admin, swap permissions between node1 and node2.
         $this->drupalLogin($this->admin_user);
         // Grant edit access to node2
         // Grant edit access to node2.
         $this->changeAccessNodeKeyword($this->node2, 'update');
         // Restrict edit acces to node1
         // Restrict edit acces to node1.
         $this->changeAccessNodeKeyword($this->node1, 'update', FALSE);
         // Logout admin and try to edit both nodes anonymously
         // Logout admin and try to edit both nodes anonymously.
         $this->drupalLogout();
         $this->drupalGet('node/'. $this->node1->nid .'/edit');
         $this->drupalGet('node/' . $this->node1->nid . '/edit');
         $this->assertText(t('Access denied'), 'node1 is not editable');
         $this->drupalGet('node/'. $this->node2->nid .'/edit');
         $this->drupalGet('node/' . $this->node2->nid . '/edit');
         $this->assertText(t('Access denied'), 'node2 is not editable');
         // Login test user, edit node1, access must be denied
         // Login test user, edit node1, access must be denied.
         $this->drupalLogin($this->test_user);
         $this->drupalGet('node/'. $this->node1->nid .'/edit');
         $this->drupalGet('node/' . $this->node1->nid . '/edit');
         $this->assertText(t('Access denied'), 'node1 is not editable');
         // Edit node2, access must be granted
         $this->drupalGet('node/'. $this->node2->nid .'/edit');
         // Edit node2, access must be granted.
         $this->drupalGet('node/' . $this->node2->nid . '/edit');
         $this->assertNoText(t('Access denied'), 'node2 is editable');
+      }
       /**
        * Test for deleting nodes
        * Test for deleting nodes.
        */
       function testDeleteAccess() {
         // Logout admin and try to delete the node anonymously
         // Logout admin and try to delete the node anonymously.
         $this->drupalLogout();
         $this->drupalGet('node/'. $this->node1->nid .'/delete');
         $this->drupalGet('node/' . $this->node1->nid . '/delete');
         $this->assertText(t('Access denied'), 'delete access denied for anonymous');
         // Login test user, delete node, access must be denied
         // Login test user, delete node, access must be denied.
         $this->drupalLogin($this->test_user);
         $this->drupalGet('node/'. $this->node1->nid .'/delete');
         $this->drupalGet('node/' . $this->node1->nid . '/delete');
         $this->assertText(t('Access denied'), 'delete access denied for test user');
         // Login admin and grant access for deleting to the test user
         // Login admin and grant access for deleting to the test user.
         $this->drupalLogin($this->admin_user);
         $this->changeAccessContentTypeKeyword('delete');
         // Logout admin and try to edit the node anonymously
         // access must be denied again
         // Logout admin and try to edit the node anonymously.
         // Access must be denied again.
         $this->drupalLogout();
         $this->drupalGet('node/'. $this->node1->nid .'/delete');
         $this->drupalGet('node/' . $this->node1->nid . '/delete');
         $this->assertText(t('Access denied'), 'delete access denied for anonymous');
         // Login test user, delete node, access must be granted
         // Login test user, delete node, access must be granted.
         $this->drupalLogin($this->test_user);
         $this->drupalPost('node/'. $this->node1->nid .'/delete', array(), 'Delete');
         $this->drupalPost('node/' . $this->node1->nid . '/delete', array(), 'Delete');
         $this->assertRaw(t('%node has been deleted', array('%node' => $this->node1->title)), 'Test node was deleted successfully by test user');
         // Login admin and recreate test node1
         // Login admin and recreate test node1.
         $this->drupalLogin($this->admin_user);
         $this->node1 = $this->drupalCreateNode(array('type' => $this->content_type->type));
         // Enable per node access
         // Enable per node access.
         $this->changeAccessPerNode();
         // Restrict access for this content type for the test user
         // Restrict access for this content type for the test user.
         $this->changeAccessContentTypeKeyword('delete', FALSE);
         // Allow acces for node1 only
         // Allow acces for node1 only.
         $this->changeAccessNodeKeyword($this->node1, 'delete');
         // Logout admin and try to delete both nodes anonymously
         // Logout admin and try to delete both nodes anonymously.
         $this->drupalLogout();
         $this->drupalGet('node/'. $this->node1->nid .'/delete');
         $this->drupalGet('node/' . $this->node1->nid . '/delete');
         $this->assertText(t('Access denied'), 'node1 is not deletable');
         $this->drupalGet('node/'. $this->node2->nid .'/delete');
         $this->drupalGet('node/' . $this->node2->nid . '/delete');
         $this->assertText(t('Access denied'), 'node2 is not deletable');
         // Login test user, delete node1, access must be granted
         // Login test user, delete node1, access must be granted.
         $this->drupalLogin($this->test_user);
         $this->drupalGet('node/'. $this->node1->nid .'/delete');
         $this->drupalGet('node/' . $this->node1->nid . '/delete');
         $this->assertNoText(t('Access denied'), 'node1 is deletable');
         // Delete node2, access must be denied
         $this->drupalGet('node/'. $this->node2->nid .'/delete');
         // Delete node2, access must be denied.
         $this->drupalGet('node/' . $this->node2->nid . '/delete');
         $this->assertText(t('Access denied'), 'node2 is not deletable');
         // Login admin, swap permissions between node1 and node2
         // Login admin, swap permissions between node1 and node2.
         $this->drupalLogin($this->admin_user);
         // Grant delete access to node2
         // Grant delete access to node2.
         $this->changeAccessNodeKeyword($this->node2, 'delete');
         // Restrict delete acces to node1
         // Restrict delete acces to node1.
         $this->changeAccessNodeKeyword($this->node1, 'delete', FALSE);
         // Logout admin and try to delete both nodes anonymously
         // Logout admin and try to delete both nodes anonymously.
         $this->drupalLogout();
         $this->drupalGet('node/'. $this->node1->nid .'/delete');
         $this->drupalGet('node/' . $this->node1->nid . '/delete');
         $this->assertText(t('Access denied'), 'node1 is not deletable');
         $this->drupalGet('node/'. $this->node2->nid .'/delete');
         $this->drupalGet('node/' . $this->node2->nid . '/delete');
         $this->assertText(t('Access denied'), 'node2 is not deletable');
         // Login test user, delete node1, access must be denied
         // Login test user, delete node1, access must be denied.
         $this->drupalLogin($this->test_user);
         $this->drupalGet('node/'. $this->node1->nid .'/delete');
         $this->drupalGet('node/' . $this->node1->nid . '/delete');
         $this->assertText(t('Access denied'), 'node1 is not deletable');
         // Delete node2, access must be granted
         $this->drupalGet('node/'. $this->node2->nid .'/delete');
         // Delete node2, access must be granted.
         $this->drupalGet('node/' . $this->node2->nid . '/delete');
         $this->assertNoText(t('Access denied'), 'node2 is deletable');
+      }
       /**
        * Test own view access
        * Test own view access.
        */
       function testOwnViewAccess() {
         // Setup 2 test users
         // Setup 2 test users.
         $test_user1 = $this->test_user;
         $test_user2 = $this->drupalCreateUser();
         $test_user2 = $this->drupalCreateUser(array('access content'));
         // Change ownership of test nodes to test users
         // Change ownership of test nodes to test users.
         $this->node1->uid = $test_user1->uid;
         node_save($this->node1);
         $this->node2->uid = $test_user2->uid;
         node_save($this->node2);
         // Remove all view permissions for this content type
         // Remove all view permissions for this content type.
         $access_permissions = array(
           'view[1]' => FALSE,
           'view[2]' => FALSE,
-...
         );
         $this->changeAccessContentType($access_permissions);
         // Allow view own content for test user 1 and 2 roles
         // Allow view own content for test user 1 and 2 roles.
         $this->changeAccessContentTypeKeyword('view_own', TRUE, $test_user1);
         $this->changeAccessContentTypeKeyword('view_own', TRUE, $test_user2);
         // Logout admin and try to access both nodes anonymously
         // Logout admin and try to access both nodes anonymously.
         $this->drupalLogout();
         $this->drupalGet('node/'. $this->node1->nid);
         $this->drupalGet('node/' . $this->node1->nid);
         $this->assertText(t('Access denied'), 'node1 is not viewable');
         $this->drupalGet('node/'. $this->node2->nid);
         $this->drupalGet('node/' . $this->node2->nid);
         $this->assertText(t('Access denied'), 'node2 is not viewable');
         // Login test user 1, view node1, access must be granted
         // Login test user 1, view node1, access must be granted.
         $this->drupalLogin($test_user1);
         $this->drupalGet('node/'. $this->node1->nid);
         $this->drupalGet('node/' . $this->node1->nid);
         $this->assertNoText(t('Access denied'), 'node1 is viewable');
         // View node2, access must be denied
         $this->drupalGet('node/'. $this->node2->nid);
         // View node2, access must be denied.
         $this->drupalGet('node/' . $this->node2->nid);
         $this->assertText(t('Access denied'), 'node2 is not viewable');
         // Login test user 2, view node1, access must be denied
         // Login test user 2, view node1, access must be denied.
         $this->drupalLogin($test_user2);
         $this->drupalGet('node/'. $this->node1->nid);
         $this->drupalGet('node/' . $this->node1->nid);
         $this->assertText(t('Access denied'), 'node1 is not viewable');
         // View node2, access must be granted
         $this->drupalGet('node/'. $this->node2->nid);
         // View node2, access must be granted.
         $this->drupalGet('node/' . $this->node2->nid);
         $this->assertNoText(t('Access denied'), 'node2 is viewable');
+      }
+    }
+    }

+          }
+        }
         // Create test user with seperate role
         $this->test_user = $this->drupalCreateUser();
         // Create test user with separate role.
         $this->test_user = $this->drupalCreateUser(array('access content'));
         // Get the value of the new role
         // Needed in D7 because it's by default create two roles for new users
         // one role is Authenticated and the second is new default one
         // Get the value of the new role.
         // Needed in D7 because drupalCreateUser() creates two roles for new users:
         // one role is Authenticated and the second has the given permissions.
         // @see drupalCreateUser()
         foreach ($this->test_user->roles as $rid => $role) {
           if (!in_array($rid, array(DRUPAL_AUTHENTICATED_RID))) {
             $this->rid = $rid;
             break;
+          }
+        }
         $roles = $this->test_user->roles;
         unset($roles[DRUPAL_AUTHENTICATED_RID]);
         $this->rid = key($roles);
         // Create admin user
         $this->admin_user = $this->drupalCreateUser(array('access content', 'administer content types', 'grant content access', 'grant own content access', 'administer nodes', 'access administration pages'));
         $this->admin_user = $this->drupalCreateUser(array('access content', 'administer content types', 'grant content access', 'grant own content access', 'bypass node access', 'administer nodes', 'access administration pages'));
         $this->drupalLogin($this->admin_user);
         // Rebuild content access permissions
-...
         $this->drupalPost('node/'. $node->nid .'/access', $access_settings, t('Submit'));
         $this->assertText(t('Your changes have been saved.'), 'access rules of node were updated successfully');
+      }
+    }
+    }

Projet

Général

Profil

Club Drupal

Révision ae34fb26

Ajouté par Assos Assos il y a presque 4 ans