Project

General

Profile

Paste
Download (12.8 KB) Statistics
| Branch: | Revision:

root / drupal7 / sites / all / modules / content_access / content_access.admin.inc @ ae34fb26

1
<?php
2

    
3
/**
4
 * @file Content access administration UI.
5
 */
6

    
7
/**
8
 * Specifies the threshold until we try to mass update node grants immediately.
9
 */
10
define('CONTENT_ACCESS_MASS_UPDATE_THRESHOLD', 1000);
11

    
12
/**
13
 * Per node settings page.
14
 */
15
function content_access_page($form, &$form_state, $node) {
16
  drupal_set_title(t('Access control for @title', array('@title' => $node->title)));
17

    
18
  foreach (_content_access_get_operations() as $op => $label) {
19
    $defaults[$op] = content_access_per_node_setting($op, $node);
20
  }
21

    
22
  // Get roles form
23
  content_access_role_based_form($form, $defaults, $node->type);
24

    
25
  // Add an after_build handler that disables checkboxes, which are enforced by permissions.
26
  $form['per_role']['#after_build'] = array('content_access_force_permissions');
27

    
28
  // ACL form
29
  if (module_exists('acl')) {
30
    // This is disabled when there is no node passed.
31
    $form['acl'] = array(
32
      '#type' => 'fieldset',
33
      '#title' => t('User access control lists'),
34
      '#description' => t('These settings allow you to grant access to specific users.'),
35
      '#collapsible' => TRUE,
36
      '#tree' => TRUE,
37
    );
38

    
39
    foreach (array('view', 'update', 'delete') as $op) {
40
      $acl_id = content_access_get_acl_id($node, $op);
41
      acl_node_add_acl($node->nid, $acl_id, (int) ($op == 'view'), (int) ($op == 'update'), (int) ($op == 'delete'), content_access_get_settings('priority', $node->type));
42

    
43
      $form['acl'][$op] = acl_edit_form($form_state, $acl_id, t('Grant !op access', array('!op' => $op)));
44
      $form['acl'][$op]['#collapsed'] = !isset($_POST['acl_' . $acl_id]) && !unserialize($form['acl'][$op]['user_list']['#default_value']);
45
    }
46
  }
47

    
48
  $form_state['node'] = $node;
49

    
50
  $form['reset'] = array(
51
    '#type' => 'submit',
52
    '#value' => t('Reset to defaults'),
53
    '#weight' => 10,
54
    '#submit' => array('content_access_page_reset'),
55
    '#access' => !empty(content_access_get_per_node_settings($node)),
56
  );
57
  $form['submit'] = array(
58
    '#type' => 'submit',
59
    '#value' => t('Submit'),
60
    '#weight' => 10,
61
  );
62

    
63
  // @todo not true anymore?
64
  // http://drupal.org/update/modules/6/7#hook_node_access_records
65
  if (!$node->status) {
66
    drupal_set_message(t("Warning: Your content is not published, so this settings are not taken into account as long as the content remains unpublished."), 'error');
67
  }
68

    
69
  return $form;
70
}
71

    
72
/**
73
 * Submit callback for content_access_page().
74
 */
75
function content_access_page_submit($form, &$form_state) {
76
  $settings = array();
77
  $node = $form_state['node'];
78

    
79
  foreach (_content_access_get_operations() as $op => $label) {
80
    // Set the settings so that further calls will return this settings.
81
    $settings[$op] = array_keys(array_filter($form_state['values'][$op]));
82
  }
83

    
84
  // Save per-node settings.
85
  content_access_save_per_node_settings($node, $settings);
86

    
87
  if (module_exists('acl')) {
88
    foreach (array('view', 'update', 'delete') as $op) {
89
      acl_save_form($form_state['values']['acl'][$op]);
90
      module_invoke_all('user_acl', $settings);
91
    }
92
  }
93

    
94
  // Apply new settings.
95
  node_access_acquire_grants($node);
96
  cache_clear_all();
97
  module_invoke_all('per_node', $settings, $node);
98
  drupal_set_message(t('Your changes have been saved. You may have to !rebuild for your changes to take effect.', array('!rebuild' => l(t('rebuild permissions'), 'admin/reports/status/rebuild'))));
99
}
100

    
101
/**
102
 * Submit callback for reset on content_access_page().
103
 */
104
function content_access_page_reset($form, &$form_state) {
105
  content_access_delete_per_node_settings($form_state['node']);
106
  node_access_acquire_grants($form_state['node']);
107

    
108
  drupal_set_message(t('The permissions have been reset to the content type defaults.'));
109
}
110

    
111
/**
112
 * Per content type settings form.
113
 */
114
function content_access_admin_settings($form, &$form_state, $content_type) {
115
  $type = $content_type->type;
116

    
117
  $form_state['type'] = $type;
118

    
119
  // Add role based per content type settings
120
  $defaults = array();
121
  foreach (_content_access_get_operations() as $op => $label) {
122
    $defaults[$op] = content_access_get_settings($op, $type);
123
  }
124
  content_access_role_based_form($form, $defaults, $type);
125

    
126
  // Per node:
127
  $form['node'] = array(
128
    '#type' => 'fieldset',
129
    '#title' => t('Per content node access control settings'),
130
    '#collapsible' => TRUE,
131
    '#description' => t('Optionally you can enable per content node access control settings. If enabled, a new tab for the content access settings appears when viewing content. You have to configure permission to access these settings at the !permissions page.', array('!permissions' => l(t('permissions'), 'admin/people/permissions'))),
132
  );
133
  $form['node']['per_node'] = array(
134
    '#type' => 'checkbox',
135
    '#title' => t('Enable per content node access control settings'),
136
    '#default_value' => content_access_get_settings('per_node', $type),
137
  );
138

    
139
  $form['advanced'] = array(
140
    '#type' => 'fieldset',
141
    '#title' => t('Advanced'),
142
    '#collapsible' => TRUE,
143
    '#collapsed' => TRUE,
144
  );
145
  $form['advanced']['priority'] = array(
146
    '#type' => 'weight',
147
    '#title' => t('Give content node grants priority'),
148
    '#default_value' => content_access_get_settings('priority', $type),
149
    '#description' => t('If you are only using this access control module, you can safely ignore this. If you are using multiple access control modules you can adjust the priority of this module.'),
150
  );
151
  $form['submit'] = array(
152
    '#type' => 'submit',
153
    '#value' => t('Submit'),
154
    '#weight' => 10,
155
  );
156

    
157
  return $form;
158
}
159

    
160
/**
161
 * Submit handler for per content type settings form.
162
 */
163
function content_access_admin_settings_submit($form, &$form_state) {
164
  $roles_permissions = user_role_permissions(user_roles());
165
  $permissions = user_permission_get_modules();
166
  $type = $form_state['type'];
167

    
168
  // Remove disabled modules permissions, so they can't raise exception
169
  // in content_access_save_permissions()
170
  foreach ($roles_permissions as $rid => $role_permissions) {
171
    foreach ($role_permissions as $permission => $value) {
172
      if (!array_key_exists($permission, $permissions)) {
173
        unset($roles_permissions[$rid][$permission]);
174
      }
175
    }
176
  }
177

    
178
  foreach (array('update', 'update_own', 'delete', 'delete_own') as $op) {
179
    foreach ($form_state['values'][$op] as $rid => $value) {
180
      $permission = content_access_get_permission_by_op($op, $form_state['type']);
181
      if ($value) {
182
        $roles_permissions[$rid][$permission] = TRUE;
183
      }
184
      else {
185
        $roles_permissions[$rid][$permission] = FALSE;
186
      }
187
    }
188
    // Don't save the setting, so its default value (get permission) is applied
189
    // always.
190
    unset($form_state['values'][$op]);
191
  }
192
  content_access_save_permissions($roles_permissions);
193

    
194
  // Update content access settings
195
  $settings = content_access_get_settings('all', $type);
196
  foreach (content_access_available_settings() as $setting) {
197
    if (isset($form_state['values'][$setting])) {
198
      $settings[$setting] = is_array($form_state['values'][$setting]) ? array_keys(array_filter($form_state['values'][$setting])) : $form_state['values'][$setting];
199
    }
200
  }
201
  content_access_set_settings($settings, $type);
202

    
203
  // Mass update the nodes, but only if necessary.
204
  if (content_access_get_settings('per_node', $type) ||
205
      content_access_get_settings('view', $type) != $form['per_role']['view']['#default_value'] ||
206
      content_access_get_settings('view_own', $type) != $form['per_role']['view_own']['#default_value'] ||
207
      content_access_get_settings('priority', $type) != $form['advanced']['priority']['#default_value'] ||
208
      content_access_get_settings('per_node', $type) != $form['node']['per_node']['#default_value']
209
     ) {
210

    
211
    // If per node has been disabled and we use the ACL integration, we have to remove possible ACLs now.
212
    if (!content_access_get_settings('per_node', $type) && $form['node']['per_node']['#default_value'] && module_exists('acl')) {
213
      _content_access_remove_acls($type);
214
    }
215

    
216
    if (content_access_mass_update(array($type))) {
217
      drupal_set_message(t('Permissions have been successfully rebuilt for the content type @types.', array('@types' => node_type_get_name($type))));
218
    }
219
  }
220

    
221
  drupal_set_message(t('Your changes have been saved. You may have to !rebuild for your changes to take effect.', array('!rebuild' => l(t('rebuild permissions'), 'admin/reports/status/rebuild'))));
222
}
223

    
224
/**
225
 * Mass updates node access records for nodes of the given types.
226
 * @param $types
227
 *   An array of content type names.
228
 * @return
229
 *   Whether the operation has been processed successfully (TRUE) or postponed (FALSE).
230
 */
231
function content_access_mass_update($types) {
232
  $q = db_select('node', 'n')
233
    ->fields('n', array('nid'))
234
    ->condition('n.type', $types, 'IN');
235

    
236
  $count = $q->countQuery()->execute()->fetchField();
237

    
238
  node_access_needs_rebuild(TRUE);
239

    
240
  // If there not too much nodes affected, try to do it.
241
  if ($count <= CONTENT_ACCESS_MASS_UPDATE_THRESHOLD) {
242
    $records = $q->execute();
243
    foreach ($records as $node) {
244
      node_access_acquire_grants(node_load($node->nid));
245
    }
246

    
247
    cache_clear_all();
248
    node_access_needs_rebuild(FALSE);
249
    return TRUE;
250
  }
251
  return FALSE;
252
}
253

    
254
/**
255
 * Saves the given permissions by role to the database.
256
 */
257
function content_access_save_permissions($roles_permissions) {
258
  foreach ($roles_permissions as $rid => $permissions) {
259
    user_role_change_permissions($rid, $permissions);
260
  }
261
}
262

    
263
/**
264
 * Builds the role based permission form for the given defaults.
265
 *
266
 * @param $defaults
267
 *   Array of defaults for all operations.
268
 */
269
function content_access_role_based_form(&$form, $defaults = array(), $type = NULL) {
270
  $form['per_role'] = array(
271
    '#type' => 'fieldset',
272
    '#title' => t('Role based access control settings'),
273
    '#collapsible' => TRUE,
274
    '#description' => t('Note that users need at least the %view_published_content permission to be able to deal in any way with content.', array('%view_published_content' => t('view published content'))) .
275
      ' ' . t('Furthermore note that content which is not @published is treated in a different way by drupal: It can be viewed only by its author or users with the %bypass_node_access permission.', array('@published' => t('published'), '%bypass_node_access' => t('bypass content access control'))),
276
  );
277

    
278
  $operations = _content_access_get_operations($type);
279
  $roles = array_map('filter_xss_admin', user_roles());
280
  foreach ($operations as $op => $label) {
281
    // Make sure defaults are set properly
282
    $defaults += array($op => array());
283

    
284
    $form['per_role'][$op] = array('#type' => 'checkboxes',
285
      '#prefix' => '<div class="content_access-div">',
286
      '#suffix' => '</div>',
287
      '#options' => $roles,
288
      '#title' => $label,
289
      '#default_value' => $defaults[$op],
290
      '#process' => array('form_process_checkboxes', 'content_access_disable_checkboxes'),
291
    );
292
  }
293

    
294
  $form['per_role']['clearer'] = array(
295
    '#value' => '<br clear="all" />',
296
  );
297

    
298
  drupal_add_css(drupal_get_path('module', 'content_access') . '/content_access.css');
299

    
300
  return $form;
301
}
302

    
303
/**
304
 * Formapi #after_build callback, that disables checkboxes for roles without access to content.
305
 */
306
function content_access_force_permissions($element, &$form_state) {
307
  foreach (array('update', 'update_own', 'delete', 'delete_own') as $op) {
308
    foreach (content_access_get_settings($op, $form_state['node']->type) as $rid) {
309
      $element[$op][$rid]['#disabled'] = TRUE;
310
      $element[$op][$rid]['#attributes']['disabled'] = 'disabled';
311
      $element[$op][$rid]['#value'] = TRUE;
312
      $element[$op][$rid]['#checked'] = TRUE;
313
      $element[$op][$rid]['#prefix'] = '<span' . drupal_attributes(array('title' => t("Permission is granted due to the content type's access control settings."))) . '>';
314
      $element[$op][$rid]['#suffix'] = "</span>";
315
    }
316
  }
317
  return $element;
318
}
319

    
320
/**
321
 * Submit callback for the user permissions form.
322
 * Trigger changes to node permissions to rebuild our grants.
323
 */
324
function content_access_user_admin_perm_submit($form, $form_state) {
325
  // Check for each content type, which has per node access activated
326
  // whether permissions have been changed.
327
  $types = array();
328
  foreach (array_filter(content_access_get_settings('per_node')) as $type => $value) {
329
    foreach (_content_access_get_node_permissions($type) as $perm) {
330
      foreach (user_roles() as $rid => $role) {
331
        if (isset($form_state['values'][$rid]) && in_array($perm, $form['checkboxes'][$rid]['#default_value']) != in_array($perm, $form_state['values'][$rid])) {
332
          //permission changed!
333
          $types[$type] = node_get_types('name', $type);
334
          continue 2;
335
        }
336
      }
337
    }
338
  }
339
  if ($types && content_access_mass_update(array_keys($types))) {
340
    drupal_set_message(format_plural(count($types),
341
      'Permissions have been successfully rebuilt for the content type @types.',
342
      'Permissions have been successfully rebuilt for the content types @types.',
343
      array('@types' => implode(', ', $types))
344
    ));
345
  }
346
}