1 |
85ad3d82
|
Assos Assos
|
<?php
|
2 |
|
|
|
3 |
|
|
/**
|
4 |
|
|
* @file
|
5 |
|
|
* Install, update and uninstall functions for the Field Permissions module.
|
6 |
|
|
*/
|
7 |
|
|
|
8 |
|
|
/**
|
9 |
|
|
* Implements hook_install().
|
10 |
|
|
*/
|
11 |
|
|
function field_permissions_install() {
|
12 |
|
|
// Set a larger weight for the module.
|
13 |
|
|
db_update('system')
|
14 |
|
|
->fields(array('weight' => 50))
|
15 |
|
|
->condition('name', 'field_permissions')
|
16 |
|
|
->execute();
|
17 |
|
|
}
|
18 |
|
|
|
19 |
|
|
/**
|
20 |
|
|
* Sets a larger weight for the module so that the Field Permissions become available.
|
21 |
|
|
*/
|
22 |
|
|
function field_permissions_update_7000(&$sandbox) {
|
23 |
|
|
db_update('system')
|
24 |
|
|
->fields(array('weight' => 50))
|
25 |
|
|
->condition('name', 'field_permissions')
|
26 |
|
|
->execute();
|
27 |
|
|
}
|
28 |
|
|
|
29 |
|
|
/**
|
30 |
|
|
* Migrate field permission settings to the new system (public/private/custom).
|
31 |
|
|
*/
|
32 |
|
|
function field_permissions_update_7001() {
|
33 |
|
|
foreach (field_info_fields() as $field_name => $field) {
|
34 |
|
|
// If the field has any field permissions enabled, it will be using custom
|
35 |
|
|
// permissions under the new system and needs to be converted. Otherwise,
|
36 |
|
|
// it is a public field (the default) and can be ignored.
|
37 |
|
|
if (!empty($field['settings']['field_permissions']) && array_filter($field['settings']['field_permissions'])) {
|
38 |
|
|
// Set the type to FIELD_PERMISSIONS_CUSTOM. (The module may be disabled
|
39 |
|
|
// when this update function runs, so we need to use the numeric value
|
40 |
|
|
// rather than relying on the constant being defined.)
|
41 |
|
|
$field['field_permissions']['type'] = 2;
|
42 |
|
|
|
43 |
|
|
$field_permissions = $field['settings']['field_permissions'];
|
44 |
|
|
$permissions_by_operation = array(
|
45 |
|
|
// View-related permissions.
|
46 |
|
|
array(
|
47 |
|
|
'view' => "view $field_name",
|
48 |
|
|
'view own' => "view own $field_name",
|
49 |
|
|
),
|
50 |
|
|
// Edit-related permissions.
|
51 |
|
|
array(
|
52 |
|
|
'create' => "create $field_name",
|
53 |
|
|
'edit' => "edit $field_name",
|
54 |
|
|
'edit own' => "edit own $field_name",
|
55 |
|
|
),
|
56 |
|
|
);
|
57 |
|
|
|
58 |
|
|
// Loop through each type of operation (view or edit).
|
59 |
|
|
foreach ($permissions_by_operation as $permissions) {
|
60 |
|
|
$actions = array_keys($permissions);
|
61 |
|
|
// If none of the related permissions were enabled, all users were
|
62 |
|
|
// allowed to perform the relevant actions on this field, so we need to
|
63 |
|
|
// assign permissions here to preserve that behavior.
|
64 |
|
|
$has_enabled_permissions = (bool) array_filter(array_intersect_key($field_permissions, array_flip($actions)));
|
65 |
|
|
if (!$has_enabled_permissions) {
|
66 |
|
|
_update_7000_user_role_grant_permissions(DRUPAL_ANONYMOUS_RID, $permissions, 'field_permissions');
|
67 |
|
|
_update_7000_user_role_grant_permissions(DRUPAL_AUTHENTICATED_RID, $permissions, 'field_permissions');
|
68 |
|
|
}
|
69 |
|
|
// Otherwise, for each permission that was disabled, no users should be
|
70 |
|
|
// allowed to perform that action; therefore, make sure to unassign any
|
71 |
|
|
// (stale) permissions that they may have.
|
72 |
|
|
else {
|
73 |
|
|
foreach ($actions as $action) {
|
74 |
|
|
if (empty($field_permissions[$action])) {
|
75 |
|
|
if ($action != 'create') {
|
76 |
|
|
$permission = $permissions[$action];
|
77 |
|
|
$rids = array_keys(user_roles(FALSE, $permission));
|
78 |
|
|
foreach ($rids as $rid) {
|
79 |
|
|
user_role_revoke_permissions($rid, array($permission));
|
80 |
|
|
}
|
81 |
|
|
}
|
82 |
|
|
// The 'create' action needs special handling, since previously,
|
83 |
|
|
// if create permissions were not enabled the code would have
|
84 |
|
|
// fallen back on checking edit permissions. Now, though, create
|
85 |
|
|
// permissions are always enabled (and always checked when an
|
86 |
|
|
// entity is being created). Therefore, we need to figure out
|
87 |
|
|
// what the fallback would have been and assign new create
|
88 |
|
|
// permissions based on that.
|
89 |
|
|
else {
|
90 |
|
|
$rids_with_create_access = array();
|
91 |
|
|
// The first fallback is edit permissions; if those are
|
92 |
|
|
// enabled, any role with edit permission would have been
|
93 |
|
|
// granted access.
|
94 |
|
|
if (!empty($field_permissions['edit'])) {
|
95 |
|
|
$rids_with_create_access = array_keys(user_roles(FALSE, $permissions['edit']));
|
96 |
|
|
}
|
97 |
|
|
// The final fallback is 'edit own' permissions; if those are
|
98 |
|
|
// enabled, any role with 'edit own' permission would have been
|
99 |
|
|
// granted access. (It is additionally required that the entity
|
100 |
|
|
// being checked is owned by the current user, but in the case
|
101 |
|
|
// of nodes being created that will always be the case anyway,
|
102 |
|
|
// and nodes are the only entities we need to support for the
|
103 |
|
|
// D6-to-D7 upgrade.)
|
104 |
|
|
if (!empty($field_permissions['edit own'])) {
|
105 |
|
|
$rids_with_create_access = array_unique(array_merge($rids_with_create_access, array_keys(user_roles(FALSE, $permissions['edit own']))));
|
106 |
|
|
}
|
107 |
|
|
// Assign create permissions to all the relevant roles.
|
108 |
|
|
foreach ($rids_with_create_access as $rid) {
|
109 |
|
|
_update_7000_user_role_grant_permissions($rid, array($permissions['create']), 'field_permissions');
|
110 |
|
|
}
|
111 |
|
|
}
|
112 |
|
|
}
|
113 |
|
|
}
|
114 |
|
|
}
|
115 |
|
|
}
|
116 |
|
|
}
|
117 |
|
|
|
118 |
|
|
// Remove the old field permissions settings if necessary, and save the
|
119 |
|
|
// field.
|
120 |
|
|
if (isset($field['settings']['field_permissions'])) {
|
121 |
|
|
// We can't unset this or field_update_field() will automatically add it
|
122 |
|
|
// back (using the prior field data), so do the next best thing.
|
123 |
|
|
$field['settings']['field_permissions'] = NULL;
|
124 |
|
|
field_update_field($field);
|
125 |
|
|
}
|
126 |
|
|
}
|
127 |
|
|
} |