1 |
85ad3d82
|
Assos Assos
|
<?php
|
2 |
|
|
|
3 |
|
|
/**
|
4 |
|
|
* @file
|
5 |
|
|
* Provide per node access control
|
6 |
|
|
*/
|
7 |
|
|
|
8 |
c2ac6d1d
|
Assos Assos
|
|
9 |
85ad3d82
|
Assos Assos
|
/**
|
10 |
|
|
* Implements hook_help().
|
11 |
c2ac6d1d
|
Assos Assos
|
*
|
12 |
|
|
* @param string $path
|
13 |
|
|
* @param $arg
|
14 |
|
|
*
|
15 |
|
|
* @return string|NULL
|
16 |
85ad3d82
|
Assos Assos
|
*/
|
17 |
|
|
function nodeaccess_help($path, $arg) {
|
18 |
|
|
switch ($path) {
|
19 |
|
|
case 'node/%/grant':
|
20 |
c2ac6d1d
|
Assos Assos
|
return t("You can set grants for individual users. Enter a name or a
|
21 |
|
|
partial name in the box and click Search or press return. You must check
|
22 |
|
|
the 'Keep?' checkbox if you want to keep the user for granting. Note
|
23 |
|
|
that user grants are in addition to those coming from roles.");
|
24 |
85ad3d82
|
Assos Assos
|
}
|
25 |
|
|
}
|
26 |
|
|
|
27 |
c2ac6d1d
|
Assos Assos
|
|
28 |
85ad3d82
|
Assos Assos
|
/**
|
29 |
|
|
* Implements hook_menu().
|
30 |
c2ac6d1d
|
Assos Assos
|
*
|
31 |
|
|
* @return array
|
32 |
85ad3d82
|
Assos Assos
|
*/
|
33 |
|
|
function nodeaccess_menu() {
|
34 |
c2ac6d1d
|
Assos Assos
|
$items = array();
|
35 |
|
|
|
36 |
85ad3d82
|
Assos Assos
|
$items['admin/config/people/nodeaccess'] = array(
|
37 |
|
|
'title' => 'Nodeaccess',
|
38 |
|
|
'description' => 'Change default settings for the Nodeaccess module.',
|
39 |
|
|
'page callback' => 'nodeaccess_admin',
|
40 |
c2ac6d1d
|
Assos Assos
|
'file' => 'nodeaccess.admin.inc',
|
41 |
85ad3d82
|
Assos Assos
|
'access arguments' => array('administer nodeaccess'),
|
42 |
|
|
);
|
43 |
c2ac6d1d
|
Assos Assos
|
|
44 |
85ad3d82
|
Assos Assos
|
$items['node/%node/grant'] = array(
|
45 |
|
|
'title' => 'Grant',
|
46 |
c2ac6d1d
|
Assos Assos
|
'page callback' => 'nodeaccess_grant_tab',
|
47 |
85ad3d82
|
Assos Assos
|
'page arguments' => array(1),
|
48 |
|
|
'access callback' => 'nodeaccess_access',
|
49 |
|
|
'access arguments' => array('grant', 1),
|
50 |
|
|
'weight' => 5,
|
51 |
|
|
'type' => MENU_LOCAL_TASK,
|
52 |
|
|
);
|
53 |
c2ac6d1d
|
Assos Assos
|
|
54 |
85ad3d82
|
Assos Assos
|
return $items;
|
55 |
|
|
}
|
56 |
|
|
|
57 |
c2ac6d1d
|
Assos Assos
|
|
58 |
85ad3d82
|
Assos Assos
|
/**
|
59 |
|
|
* Implements hook_admin_paths().
|
60 |
c2ac6d1d
|
Assos Assos
|
*
|
61 |
|
|
* @return array
|
62 |
85ad3d82
|
Assos Assos
|
*/
|
63 |
|
|
function nodeaccess_admin_paths() {
|
64 |
|
|
$paths = array(
|
65 |
|
|
'node/*/grant' => TRUE,
|
66 |
|
|
'admin/config/people/nodeaccess' => TRUE,
|
67 |
|
|
);
|
68 |
c2ac6d1d
|
Assos Assos
|
|
69 |
85ad3d82
|
Assos Assos
|
return $paths;
|
70 |
|
|
}
|
71 |
|
|
|
72 |
|
|
/**
|
73 |
|
|
* Implements hook_permission().
|
74 |
c2ac6d1d
|
Assos Assos
|
*
|
75 |
|
|
* @return array
|
76 |
85ad3d82
|
Assos Assos
|
*/
|
77 |
|
|
function nodeaccess_permission() {
|
78 |
|
|
|
79 |
|
|
return array(
|
80 |
|
|
'administer nodeaccess' => array(
|
81 |
|
|
'title' => t('Administer Nodeaccess'),
|
82 |
|
|
),
|
83 |
|
|
'grant node permissions' => array(
|
84 |
|
|
'title' => t('Grant Node Permissions'),
|
85 |
|
|
),
|
86 |
|
|
'grant editable node permissions' => array(
|
87 |
|
|
'title' => t('Grant node edit permissions'),
|
88 |
|
|
),
|
89 |
|
|
'grant deletable node permissions' => array(
|
90 |
|
|
'title' => t('Grant node delete permissions'),
|
91 |
|
|
),
|
92 |
|
|
'grant own node permissions' => array(
|
93 |
|
|
'title' => t('Grant own node permissions'),
|
94 |
|
|
),
|
95 |
|
|
);
|
96 |
|
|
}
|
97 |
|
|
|
98 |
c2ac6d1d
|
Assos Assos
|
|
99 |
85ad3d82
|
Assos Assos
|
/**
|
100 |
|
|
* Implements hook_node_access().
|
101 |
c2ac6d1d
|
Assos Assos
|
*
|
102 |
|
|
* @param $node
|
103 |
|
|
* @param $op
|
104 |
|
|
* @param $account
|
105 |
|
|
*
|
106 |
|
|
* @return string
|
107 |
85ad3d82
|
Assos Assos
|
*/
|
108 |
|
|
function nodeaccess_node_access($node, $op, $account) {
|
109 |
c2ac6d1d
|
Assos Assos
|
|
110 |
85ad3d82
|
Assos Assos
|
switch ($op) {
|
111 |
|
|
case 'update':
|
112 |
|
|
case 'delete':
|
113 |
|
|
if (!isset($account->uid)) {
|
114 |
|
|
global $user;
|
115 |
|
|
$account = $user;
|
116 |
|
|
}
|
117 |
|
|
// If the node belongs to a deleted user.
|
118 |
|
|
if ($account->uid == 0 && $node->uid == 0) {
|
119 |
c2ac6d1d
|
Assos Assos
|
$grants = nodeaccess_get_grants($node);
|
120 |
85ad3d82
|
Assos Assos
|
// We check if the role has particular access to this node.
|
121 |
|
|
// If anonymous has rights to this node, we allow them.
|
122 |
c2ac6d1d
|
Assos Assos
|
if ((!empty($grants['rid'][DRUPAL_ANONYMOUS_RID]['grant_update']) && $op == 'update') ||
|
123 |
|
|
(!empty($grants['rid'][DRUPAL_ANONYMOUS_RID]['grant_delete']) && $op == 'delete')) {
|
124 |
85ad3d82
|
Assos Assos
|
return NODE_ACCESS_ALLOW;
|
125 |
|
|
}
|
126 |
|
|
return NODE_ACCESS_DENY;
|
127 |
|
|
}
|
128 |
|
|
break;
|
129 |
|
|
}
|
130 |
|
|
}
|
131 |
|
|
|
132 |
|
|
/**
|
133 |
|
|
* Determine access to Grant tab.
|
134 |
c2ac6d1d
|
Assos Assos
|
*
|
135 |
|
|
* @param $op
|
136 |
|
|
* @param $node
|
137 |
|
|
* @param $account
|
138 |
|
|
*
|
139 |
|
|
* @return bool
|
140 |
|
|
* Whether the user has access to the grant tab.
|
141 |
85ad3d82
|
Assos Assos
|
*/
|
142 |
|
|
function nodeaccess_access($op, $node, $account = NULL) {
|
143 |
|
|
global $user;
|
144 |
|
|
if (!$node) {
|
145 |
c2ac6d1d
|
Assos Assos
|
|
146 |
85ad3d82
|
Assos Assos
|
return FALSE;
|
147 |
|
|
}
|
148 |
|
|
|
149 |
|
|
// Apparently D7 no longer defaults to admin getting anything?
|
150 |
|
|
if (user_access('administer nodeaccess')) {
|
151 |
c2ac6d1d
|
Assos Assos
|
|
152 |
85ad3d82
|
Assos Assos
|
return TRUE;
|
153 |
|
|
}
|
154 |
|
|
|
155 |
|
|
// If no user object is supplied, the access check is for the current user.
|
156 |
|
|
if (empty($account)) {
|
157 |
|
|
$account = $user;
|
158 |
|
|
}
|
159 |
|
|
$allowed_types = variable_get('nodeaccess-types', array());
|
160 |
|
|
if ($op == 'grant') {
|
161 |
0695d136
|
Assos Assos
|
if ($node->nid && isset($allowed_types[$node->type]) && !empty($allowed_types[$node->type]) &&
|
162 |
c2ac6d1d
|
Assos Assos
|
(user_access('grant node permissions', $account) ||
|
163 |
|
|
(user_access('grant editable node permissions', $account) && node_access('update', $node, $account)) ||
|
164 |
|
|
(user_access('grant deletable node permissions', $account) && node_access('delete', $node, $account)) ||
|
165 |
|
|
(user_access('grant own node permissions', $account) && ($account->uid == $node->uid)))) {
|
166 |
|
|
|
167 |
85ad3d82
|
Assos Assos
|
return TRUE;
|
168 |
|
|
}
|
169 |
|
|
}
|
170 |
c2ac6d1d
|
Assos Assos
|
|
171 |
85ad3d82
|
Assos Assos
|
return FALSE;
|
172 |
|
|
}
|
173 |
|
|
|
174 |
c2ac6d1d
|
Assos Assos
|
|
175 |
85ad3d82
|
Assos Assos
|
/**
|
176 |
|
|
* Implements hook_theme().
|
177 |
c2ac6d1d
|
Assos Assos
|
*
|
178 |
|
|
* @param $existing
|
179 |
|
|
* @param $type
|
180 |
|
|
* @param $theme
|
181 |
|
|
* @param $path
|
182 |
|
|
*
|
183 |
|
|
* @return array
|
184 |
85ad3d82
|
Assos Assos
|
*/
|
185 |
|
|
function nodeaccess_theme($existing, $type, $theme, $path) {
|
186 |
c2ac6d1d
|
Assos Assos
|
|
187 |
85ad3d82
|
Assos Assos
|
return array(
|
188 |
|
|
'nodeaccess_admin_form_roles' => array(
|
189 |
0695d136
|
Assos Assos
|
'render element' => 'form',
|
190 |
85ad3d82
|
Assos Assos
|
),
|
191 |
|
|
'nodeaccess_admin_form_types' => array(
|
192 |
|
|
'render element' => 'form',
|
193 |
|
|
),
|
194 |
|
|
'nodeaccess_grants_form' => array(
|
195 |
|
|
'render element' => 'form',
|
196 |
|
|
),
|
197 |
|
|
);
|
198 |
|
|
}
|
199 |
|
|
|
200 |
|
|
|
201 |
|
|
/**
|
202 |
|
|
* Menu callback. Draws the grant tab.
|
203 |
c2ac6d1d
|
Assos Assos
|
*
|
204 |
|
|
* @param Object $node
|
205 |
|
|
*
|
206 |
|
|
* @return array
|
207 |
|
|
* Form array.
|
208 |
85ad3d82
|
Assos Assos
|
*/
|
209 |
c2ac6d1d
|
Assos Assos
|
function nodeaccess_grant_tab($node) {
|
210 |
85ad3d82
|
Assos Assos
|
return drupal_get_form('nodeaccess_grants_form', $node);
|
211 |
|
|
}
|
212 |
|
|
|
213 |
|
|
/**
|
214 |
|
|
* Menu callback. Draws the grant tab.
|
215 |
c2ac6d1d
|
Assos Assos
|
*
|
216 |
|
|
* @param $form
|
217 |
|
|
* @param $form_state
|
218 |
|
|
* @param $node
|
219 |
|
|
*
|
220 |
|
|
* @return mixed
|
221 |
85ad3d82
|
Assos Assos
|
*/
|
222 |
|
|
function nodeaccess_grants_form($form, &$form_state, $node) {
|
223 |
c2ac6d1d
|
Assos Assos
|
$form_values = $form_state['values'];
|
224 |
|
|
|
225 |
85ad3d82
|
Assos Assos
|
if (!$form_values) {
|
226 |
|
|
$form_values = array();
|
227 |
c2ac6d1d
|
Assos Assos
|
$grants = nodeaccess_get_grants($node);
|
228 |
|
|
$form_values['rid'] = isset($grants['rid']) ? $grants['rid'] : array();
|
229 |
|
|
$form_values['uid'] = isset($grants['uid']) ? $grants['uid'] : array();
|
230 |
|
|
}
|
231 |
|
|
elseif ($form_values['keys']) {
|
232 |
|
|
$name = preg_replace('!\*+!', '%', $form_values['keys']);
|
233 |
|
|
$uid = array_keys($form_values['uid']);
|
234 |
|
|
|
235 |
|
|
$query = db_select('users', 'u')
|
236 |
|
|
->fields('u', array('uid', 'name'))
|
237 |
|
|
->condition('name', $name, "LIKE");
|
238 |
|
|
|
239 |
|
|
if (isset($form_values['uid']) && count($form_values['uid'])) {
|
240 |
|
|
$query->condition('uid', $uid, 'NOT IN');
|
241 |
85ad3d82
|
Assos Assos
|
}
|
242 |
c2ac6d1d
|
Assos Assos
|
|
243 |
|
|
$result = $query->execute();
|
244 |
|
|
while ($account = $result->fetch()) {
|
245 |
85ad3d82
|
Assos Assos
|
$form_values['uid'][$account->uid] = array(
|
246 |
|
|
'name' => $account->name,
|
247 |
|
|
'keep' => 1,
|
248 |
c2ac6d1d
|
Assos Assos
|
'grant_view' => isset($form_values['rid'][DRUPAL_AUTHENTICATED_RID]['grant_view']) ?
|
249 |
|
|
$form_values['rid'][DRUPAL_AUTHENTICATED_RID]['grant_view'] : 0,
|
250 |
|
|
'grant_update' => isset($form_values['rid'][DRUPAL_AUTHENTICATED_RID]['grant_update']) ?
|
251 |
|
|
$form_values['rid'][DRUPAL_AUTHENTICATED_RID]['grant_update'] : 0,
|
252 |
|
|
'grant_delete' => isset($form_values['rid'][DRUPAL_AUTHENTICATED_RID]['grant_delete']) ?
|
253 |
|
|
$form_values['rid'][DRUPAL_AUTHENTICATED_RID]['grant_delete'] : 0,
|
254 |
85ad3d82
|
Assos Assos
|
);
|
255 |
|
|
}
|
256 |
|
|
}
|
257 |
|
|
|
258 |
|
|
if (!isset($form_values['rid'])) {
|
259 |
|
|
$form_values['rid'] = array();
|
260 |
|
|
}
|
261 |
|
|
|
262 |
|
|
if (!isset($form_values['uid'])) {
|
263 |
|
|
$form_values['uid'] = array();
|
264 |
|
|
}
|
265 |
|
|
|
266 |
|
|
$roles = $form_values['rid'];
|
267 |
|
|
$users = $form_values['uid'];
|
268 |
|
|
|
269 |
|
|
$form['nid'] = array(
|
270 |
|
|
'#type' => 'hidden',
|
271 |
|
|
'#value' => $node->nid,
|
272 |
|
|
);
|
273 |
|
|
|
274 |
|
|
$allowed_roles = variable_get('nodeaccess-roles', array());
|
275 |
|
|
$allowed_grants = variable_get('nodeaccess-grants', array());
|
276 |
|
|
// If $preserve is TRUE, the fields the user is not allowed to view or
|
277 |
|
|
// edit are included in the form as hidden fields to preserve them.
|
278 |
|
|
$preserve = variable_get('nodeaccess-preserve', 1);
|
279 |
|
|
// Roles table.
|
280 |
|
|
if (is_array($roles)) {
|
281 |
|
|
$form['rid'] = array('#tree' => TRUE);
|
282 |
|
|
foreach ($roles as $key => $field) {
|
283 |
|
|
if (isset($allowed_roles[$key]) && $allowed_roles[$key]) {
|
284 |
c2ac6d1d
|
Assos Assos
|
$form['rid'][$key]['name'] = array(
|
285 |
|
|
'#type' => 'hidden',
|
286 |
|
|
'#value' => $field['name'],
|
287 |
|
|
);
|
288 |
|
|
if ($allowed_grants['view']) {
|
289 |
|
|
$form['rid'][$key]['grant_view'] = array(
|
290 |
|
|
'#type' => 'checkbox',
|
291 |
|
|
'#default_value' => $field['grant_view'],
|
292 |
|
|
);
|
293 |
|
|
}
|
294 |
|
|
elseif ($preserve) {
|
295 |
|
|
$form['rid'][$key]['grant_view'] = array(
|
296 |
85ad3d82
|
Assos Assos
|
'#type' => 'hidden',
|
297 |
c2ac6d1d
|
Assos Assos
|
'#value' => $field['grant_view'],
|
298 |
85ad3d82
|
Assos Assos
|
);
|
299 |
c2ac6d1d
|
Assos Assos
|
}
|
300 |
|
|
if ($allowed_grants['edit']) {
|
301 |
|
|
$form['rid'][$key]['grant_update'] = array(
|
302 |
|
|
'#type' => 'checkbox',
|
303 |
|
|
'#default_value' => $field['grant_update'],
|
304 |
|
|
);
|
305 |
|
|
}
|
306 |
|
|
elseif ($preserve) {
|
307 |
|
|
$form['rid'][$key]['grant_update'] = array(
|
308 |
|
|
'#type' => 'hidden',
|
309 |
|
|
'#value' => $field['grant_update'],
|
310 |
|
|
);
|
311 |
|
|
}
|
312 |
|
|
if ($allowed_grants['delete']) {
|
313 |
|
|
$form['rid'][$key]['grant_delete'] = array(
|
314 |
|
|
'#type' => 'checkbox',
|
315 |
|
|
'#default_value' => $field['grant_delete'],
|
316 |
|
|
);
|
317 |
|
|
}
|
318 |
|
|
elseif ($preserve) {
|
319 |
|
|
$form['rid'][$key]['grant_delete'] = array(
|
320 |
|
|
'#type' => 'hidden',
|
321 |
|
|
'#value' => $field['grant_delete'],
|
322 |
|
|
);
|
323 |
|
|
}
|
324 |
85ad3d82
|
Assos Assos
|
}
|
325 |
|
|
elseif ($preserve) {
|
326 |
|
|
$form['rid'][$key]['name'] = array(
|
327 |
|
|
'#type' => 'hidden',
|
328 |
|
|
'#value' => $field['name'],
|
329 |
|
|
);
|
330 |
|
|
$form['rid'][$key]['grant_view'] = array(
|
331 |
|
|
'#type' => 'hidden',
|
332 |
|
|
'#value' => $field['grant_view'],
|
333 |
|
|
);
|
334 |
|
|
$form['rid'][$key]['grant_update'] = array(
|
335 |
|
|
'#type' => 'hidden',
|
336 |
|
|
'#value' => $field['grant_update'],
|
337 |
|
|
);
|
338 |
|
|
$form['rid'][$key]['grant_delete'] = array(
|
339 |
|
|
'#type' => 'hidden',
|
340 |
|
|
'#value' => $field['grant_delete'],
|
341 |
|
|
);
|
342 |
|
|
}
|
343 |
|
|
}
|
344 |
|
|
}
|
345 |
|
|
|
346 |
|
|
// Users table.
|
347 |
|
|
if (is_array($users)) {
|
348 |
|
|
$form['uid'] = array('#tree' => TRUE);
|
349 |
|
|
foreach ($users as $key => $field) {
|
350 |
|
|
$form['uid'][$key]['name'] = array(
|
351 |
|
|
'#type' => 'hidden',
|
352 |
|
|
'#value' => $field['name'],
|
353 |
|
|
);
|
354 |
|
|
$form['uid'][$key]['keep'] = array(
|
355 |
|
|
'#type' => 'checkbox',
|
356 |
|
|
'#default_value' => $field['keep'],
|
357 |
|
|
);
|
358 |
|
|
if ($allowed_grants['view']) {
|
359 |
|
|
$form['uid'][$key]['grant_view'] = array(
|
360 |
|
|
'#type' => 'checkbox',
|
361 |
|
|
'#default_value' => $field['grant_view'],
|
362 |
|
|
);
|
363 |
|
|
}
|
364 |
|
|
elseif ($preserve) {
|
365 |
|
|
$form['uid'][$key]['grant_view'] = array(
|
366 |
|
|
'#type' => 'hidden',
|
367 |
|
|
'#value' => $field['grant_view'],
|
368 |
|
|
);
|
369 |
|
|
}
|
370 |
|
|
if ($allowed_grants['edit']) {
|
371 |
|
|
$form['uid'][$key]['grant_update'] = array(
|
372 |
|
|
'#type' => 'checkbox',
|
373 |
|
|
'#default_value' => $field['grant_update'],
|
374 |
|
|
);
|
375 |
|
|
}
|
376 |
|
|
elseif ($preserve) {
|
377 |
|
|
$form['uid'][$key]['grant_update'] = array(
|
378 |
|
|
'#type' => 'hidden',
|
379 |
|
|
'#value' => $field['grant_update'],
|
380 |
|
|
);
|
381 |
|
|
}
|
382 |
|
|
if ($allowed_grants['delete']) {
|
383 |
|
|
$form['uid'][$key]['grant_delete'] = array(
|
384 |
|
|
'#type' => 'checkbox',
|
385 |
|
|
'#default_value' => $field['grant_delete'],
|
386 |
|
|
);
|
387 |
|
|
}
|
388 |
|
|
elseif ($preserve) {
|
389 |
|
|
$form['uid'][$key]['grant_delete'] = array(
|
390 |
|
|
'#type' => 'hidden',
|
391 |
|
|
'#value' => $field['grant_delete'],
|
392 |
|
|
);
|
393 |
|
|
}
|
394 |
|
|
}
|
395 |
|
|
}
|
396 |
|
|
|
397 |
|
|
// Autocomplete returns errors if users don't have access to profiles.
|
398 |
|
|
if (user_access('access user profiles')) {
|
399 |
|
|
$form['keys'] = array(
|
400 |
|
|
'#type' => 'textfield',
|
401 |
|
|
'#default_value' => isset($form_values['keys']) ? $form_values['keys'] : '',
|
402 |
|
|
'#size' => 40,
|
403 |
|
|
'#autocomplete_path' => 'user/autocomplete',
|
404 |
|
|
);
|
405 |
|
|
}
|
406 |
|
|
else {
|
407 |
|
|
$form['keys'] = array(
|
408 |
|
|
'#type' => 'textfield',
|
409 |
|
|
'#default_value' => isset($form_values['keys'])? $form_values['keys'] : '',
|
410 |
|
|
'#size' => 40,
|
411 |
|
|
);
|
412 |
|
|
}
|
413 |
|
|
|
414 |
|
|
$form['search'] = array(
|
415 |
|
|
'#type' => 'submit',
|
416 |
|
|
'#value' => t('Search'),
|
417 |
|
|
);
|
418 |
|
|
|
419 |
|
|
$form['submit'] = array(
|
420 |
|
|
'#type' => 'submit',
|
421 |
|
|
'#value' => t('Save Grants'),
|
422 |
|
|
);
|
423 |
c2ac6d1d
|
Assos Assos
|
|
424 |
85ad3d82
|
Assos Assos
|
return $form;
|
425 |
|
|
}
|
426 |
|
|
|
427 |
c2ac6d1d
|
Assos Assos
|
|
428 |
85ad3d82
|
Assos Assos
|
/**
|
429 |
|
|
* Validate function for nodeaccess_grants_form.
|
430 |
c2ac6d1d
|
Assos Assos
|
*
|
431 |
|
|
* @param array $form
|
432 |
|
|
* @param array &$form_state
|
433 |
85ad3d82
|
Assos Assos
|
*/
|
434 |
c2ac6d1d
|
Assos Assos
|
function nodeaccess_grants_form_validate($form, &$form_state) {
|
435 |
85ad3d82
|
Assos Assos
|
$form_values = &$form_state['values'];
|
436 |
c2ac6d1d
|
Assos Assos
|
|
437 |
85ad3d82
|
Assos Assos
|
// Delete unkept users.
|
438 |
|
|
if (isset($form_values['uid']) && is_array($form_values['uid'])) {
|
439 |
|
|
foreach ($form_values['uid'] as $uid => $row) {
|
440 |
|
|
if (!$row['keep']) {
|
441 |
|
|
unset($form_values['uid'][$uid]);
|
442 |
|
|
}
|
443 |
|
|
}
|
444 |
|
|
}
|
445 |
c2ac6d1d
|
Assos Assos
|
|
446 |
85ad3d82
|
Assos Assos
|
if (!isset($form_values['uid'])) {
|
447 |
|
|
unset($form_values['uid']);
|
448 |
|
|
}
|
449 |
|
|
}
|
450 |
|
|
|
451 |
|
|
/**
|
452 |
|
|
* Submit function for nodeaccess_grants_form.
|
453 |
c2ac6d1d
|
Assos Assos
|
*
|
454 |
|
|
* @param array $form
|
455 |
|
|
* @param array &$form_state
|
456 |
85ad3d82
|
Assos Assos
|
*/
|
457 |
|
|
function nodeaccess_grants_form_submit($form, &$form_state) {
|
458 |
|
|
|
459 |
|
|
if ($form_state['clicked_button']['#id'] == 'edit-search') {
|
460 |
|
|
$form_state['rebuild'] = TRUE;
|
461 |
|
|
$form_state['storage']['values'] = $form_state['values'];
|
462 |
|
|
}
|
463 |
|
|
else {
|
464 |
|
|
unset($form_state['rebuild']);
|
465 |
|
|
_nodeaccess_grants_form_submit($form, $form_state);
|
466 |
|
|
drupal_set_message(t('Grants saved.'));
|
467 |
|
|
}
|
468 |
|
|
}
|
469 |
|
|
|
470 |
c2ac6d1d
|
Assos Assos
|
|
471 |
85ad3d82
|
Assos Assos
|
/**
|
472 |
|
|
* Private function to submit the per-node grants table.
|
473 |
c2ac6d1d
|
Assos Assos
|
*
|
474 |
|
|
* @param array $form
|
475 |
|
|
* @param array &$form_state
|
476 |
85ad3d82
|
Assos Assos
|
*/
|
477 |
c2ac6d1d
|
Assos Assos
|
function _nodeaccess_grants_form_submit($form, &$form_state) {
|
478 |
85ad3d82
|
Assos Assos
|
$form_values = &$form_state['values'];
|
479 |
c2ac6d1d
|
Assos Assos
|
|
480 |
85ad3d82
|
Assos Assos
|
$grants = array();
|
481 |
|
|
$nid = $form_values['nid'];
|
482 |
|
|
$node = node_load($nid);
|
483 |
c2ac6d1d
|
Assos Assos
|
|
484 |
85ad3d82
|
Assos Assos
|
foreach (array('uid', 'rid') as $type) {
|
485 |
|
|
$realm = 'nodeaccess_' . $type;
|
486 |
c2ac6d1d
|
Assos Assos
|
|
487 |
85ad3d82
|
Assos Assos
|
if (isset($form_values[$type]) && is_array($form_values[$type])) {
|
488 |
|
|
foreach ($form_values[$type] as $gid => $line) {
|
489 |
|
|
$grant = array(
|
490 |
|
|
'gid' => $gid,
|
491 |
|
|
'realm' => $realm,
|
492 |
c2ac6d1d
|
Assos Assos
|
'grant_view' => empty($line['grant_view']) ? 0 : 1,
|
493 |
|
|
'grant_update' => empty($line['grant_update']) ? 0 : 1,
|
494 |
|
|
'grant_delete' => empty($line['grant_delete']) ? 0 : 1,
|
495 |
85ad3d82
|
Assos Assos
|
);
|
496 |
c2ac6d1d
|
Assos Assos
|
$grants[] = $grant;
|
497 |
85ad3d82
|
Assos Assos
|
}
|
498 |
|
|
}
|
499 |
|
|
}
|
500 |
c2ac6d1d
|
Assos Assos
|
nodeaccess_set_grants($node, $grants);
|
501 |
85ad3d82
|
Assos Assos
|
}
|
502 |
|
|
|
503 |
|
|
/**
|
504 |
|
|
* Theme function for nodeaccess_grants_form.
|
505 |
c2ac6d1d
|
Assos Assos
|
*
|
506 |
|
|
* @param array $vars
|
507 |
|
|
*
|
508 |
|
|
* @return string
|
509 |
85ad3d82
|
Assos Assos
|
*/
|
510 |
c2ac6d1d
|
Assos Assos
|
function theme_nodeaccess_grants_form($vars) {
|
511 |
85ad3d82
|
Assos Assos
|
$output = '';
|
512 |
c2ac6d1d
|
Assos Assos
|
|
513 |
|
|
$form = $vars['form'];
|
514 |
c12e7e6a
|
Assos Assos
|
$rows = array();
|
515 |
85ad3d82
|
Assos Assos
|
$allowed_roles = variable_get('nodeaccess-roles', array());
|
516 |
|
|
$allowed_grants = variable_get('nodeaccess-grants', array());
|
517 |
4543c6c7
|
Assos Assos
|
// Retrieve role names for columns.
|
518 |
|
|
$role_names = user_roles();
|
519 |
0695d136
|
Assos Assos
|
$role_aliases = nodeaccess_get_role_aliases();
|
520 |
|
|
|
521 |
|
|
// Replace names with aliases.
|
522 |
|
|
foreach ($role_names as $rid => $name) {
|
523 |
|
|
if (isset($role_aliases[$rid]['alias'])) {
|
524 |
|
|
$role_names[$rid] = $role_aliases[$rid]['alias'];
|
525 |
|
|
}
|
526 |
|
|
}
|
527 |
|
|
|
528 |
85ad3d82
|
Assos Assos
|
// Roles table.
|
529 |
|
|
$roles = element_children($form['rid']);
|
530 |
c2ac6d1d
|
Assos Assos
|
|
531 |
85ad3d82
|
Assos Assos
|
if (count($roles) && count($allowed_roles)) {
|
532 |
|
|
$header = array();
|
533 |
|
|
$header[] = t('Role');
|
534 |
c2ac6d1d
|
Assos Assos
|
|
535 |
85ad3d82
|
Assos Assos
|
if ($allowed_grants['view']) {
|
536 |
|
|
$header[] = t('View');
|
537 |
|
|
}
|
538 |
c2ac6d1d
|
Assos Assos
|
|
539 |
85ad3d82
|
Assos Assos
|
if ($allowed_grants['edit']) {
|
540 |
|
|
$header[] = t('Edit');
|
541 |
|
|
}
|
542 |
c2ac6d1d
|
Assos Assos
|
|
543 |
85ad3d82
|
Assos Assos
|
if ($allowed_grants['delete']) {
|
544 |
|
|
$header[] = t('Delete');
|
545 |
|
|
}
|
546 |
c2ac6d1d
|
Assos Assos
|
|
547 |
85ad3d82
|
Assos Assos
|
foreach ($roles as $key) {
|
548 |
c2ac6d1d
|
Assos Assos
|
|
549 |
85ad3d82
|
Assos Assos
|
if (isset($allowed_roles[$key]) && $allowed_roles[$key]) {
|
550 |
|
|
$row = array();
|
551 |
4543c6c7
|
Assos Assos
|
$row[] = $role_names[$key] . drupal_render($form['rid'][$key]['name']);
|
552 |
c2ac6d1d
|
Assos Assos
|
|
553 |
85ad3d82
|
Assos Assos
|
if ($allowed_grants['view']) {
|
554 |
|
|
$row[] = drupal_render($form['rid'][$key]['grant_view']);
|
555 |
|
|
}
|
556 |
c2ac6d1d
|
Assos Assos
|
|
557 |
85ad3d82
|
Assos Assos
|
if ($allowed_grants['edit']) {
|
558 |
|
|
$row[] = drupal_render($form['rid'][$key]['grant_update']);
|
559 |
|
|
}
|
560 |
c2ac6d1d
|
Assos Assos
|
|
561 |
85ad3d82
|
Assos Assos
|
if ($allowed_grants['delete']) {
|
562 |
|
|
$row[] = drupal_render($form['rid'][$key]['grant_delete']);
|
563 |
|
|
}
|
564 |
|
|
$rows[] = $row;
|
565 |
|
|
}
|
566 |
|
|
}
|
567 |
|
|
$output .= theme('table', array('header' => $header, 'rows' => $rows));
|
568 |
|
|
}
|
569 |
|
|
|
570 |
|
|
// Search form.
|
571 |
|
|
$output .= '<p><div class="search-form">';
|
572 |
|
|
$output .= '<strong>' . t('Enter names to search for users:') . '</strong>';
|
573 |
|
|
$output .= '<div class="container-inline">';
|
574 |
|
|
$output .= drupal_render($form['keys']);
|
575 |
|
|
$output .= drupal_render($form['search']);
|
576 |
|
|
$output .= '</div></div></p>';
|
577 |
|
|
|
578 |
|
|
// Users table.
|
579 |
|
|
unset($rows);
|
580 |
|
|
$users = element_children($form['uid']);
|
581 |
c2ac6d1d
|
Assos Assos
|
|
582 |
85ad3d82
|
Assos Assos
|
if (count($users) > 0) {
|
583 |
|
|
$header = array();
|
584 |
|
|
$rows = array();
|
585 |
|
|
$header[] = t('User');
|
586 |
|
|
$header[] = t('Keep?');
|
587 |
|
|
if ($allowed_grants['view']) {
|
588 |
|
|
$header[] = t('View');
|
589 |
|
|
}
|
590 |
|
|
if ($allowed_grants['edit']) {
|
591 |
|
|
$header[] = t('Edit');
|
592 |
|
|
}
|
593 |
|
|
if ($allowed_grants['delete']) {
|
594 |
|
|
$header[] = t('Delete');
|
595 |
|
|
}
|
596 |
|
|
foreach ($users as $key) {
|
597 |
|
|
$row = array();
|
598 |
|
|
$row[] = $form['uid'][$key]['name']['#value'];
|
599 |
|
|
$row[] = drupal_render($form['uid'][$key]['keep']);
|
600 |
|
|
if ($allowed_grants['view']) {
|
601 |
|
|
$row[] = drupal_render($form['uid'][$key]['grant_view']);
|
602 |
|
|
}
|
603 |
|
|
if ($allowed_grants['edit']) {
|
604 |
|
|
$row[] = drupal_render($form['uid'][$key]['grant_update']);
|
605 |
|
|
}
|
606 |
|
|
if ($allowed_grants['delete']) {
|
607 |
|
|
$row[] = drupal_render($form['uid'][$key]['grant_delete']);
|
608 |
|
|
}
|
609 |
|
|
$rows[] = $row;
|
610 |
|
|
}
|
611 |
|
|
$output .= theme('table', array('header' => $header, 'rows' => $rows));
|
612 |
|
|
}
|
613 |
|
|
|
614 |
|
|
$output .= drupal_render_children($form);
|
615 |
|
|
|
616 |
|
|
return $output;
|
617 |
|
|
}
|
618 |
|
|
|
619 |
c2ac6d1d
|
Assos Assos
|
|
620 |
85ad3d82
|
Assos Assos
|
/**
|
621 |
|
|
* Implements hook_node_grants().
|
622 |
c2ac6d1d
|
Assos Assos
|
*
|
623 |
|
|
* @param Object $account
|
624 |
|
|
* @parap string $op
|
625 |
|
|
*
|
626 |
|
|
* @return array
|
627 |
85ad3d82
|
Assos Assos
|
*/
|
628 |
|
|
function nodeaccess_node_grants($account, $op) {
|
629 |
|
|
$roles = is_array($account->roles) ? array_keys($account->roles) : array(-1);
|
630 |
|
|
return array(
|
631 |
|
|
'nodeaccess_rid' => $roles,
|
632 |
|
|
'nodeaccess_uid' => array($account->uid),
|
633 |
|
|
'nodeaccess_author' => array($account->uid),
|
634 |
|
|
);
|
635 |
|
|
}
|
636 |
|
|
|
637 |
|
|
/**
|
638 |
|
|
* Implements hook_node_update().
|
639 |
c2ac6d1d
|
Assos Assos
|
*
|
640 |
|
|
* @param Object $node
|
641 |
85ad3d82
|
Assos Assos
|
*/
|
642 |
|
|
function nodeaccess_node_update($node) {
|
643 |
|
|
if (module_exists('user_reference')) {
|
644 |
|
|
$fields = variable_get('nodeaccess_' . $node->type . '_user_reference', array());
|
645 |
|
|
foreach (array_keys($fields) as $field_name) {
|
646 |
|
|
if (isset($node->$field_name)) {
|
647 |
|
|
$old_node = node_load($node->nid);
|
648 |
|
|
// Delete the old user as it's changed.
|
649 |
|
|
if ($node->$field_name != $old_node->$field_name) {
|
650 |
|
|
nodeaccess_delete_user_reference($old_node);
|
651 |
|
|
nodeaccess_insert_user_reference($node);
|
652 |
|
|
}
|
653 |
|
|
break;
|
654 |
|
|
}
|
655 |
|
|
}
|
656 |
|
|
}
|
657 |
|
|
// Done, author permissions are not written into nodeaccess.
|
658 |
|
|
}
|
659 |
|
|
|
660 |
|
|
/**
|
661 |
|
|
* Implements hook_node_delete().
|
662 |
c2ac6d1d
|
Assos Assos
|
*
|
663 |
|
|
* @param Object $node
|
664 |
85ad3d82
|
Assos Assos
|
*/
|
665 |
|
|
function nodeaccess_node_delete($node) {
|
666 |
|
|
// Deleting node, delete related permissions.
|
667 |
c2ac6d1d
|
Assos Assos
|
nodeaccess_delete_grants($node);
|
668 |
85ad3d82
|
Assos Assos
|
}
|
669 |
0695d136
|
Assos Assos
|
|
670 |
85ad3d82
|
Assos Assos
|
/**
|
671 |
|
|
* Implements hook_node_access_records().
|
672 |
c2ac6d1d
|
Assos Assos
|
*
|
673 |
|
|
* @param Object $node
|
674 |
|
|
*
|
675 |
|
|
* @return array|NULL
|
676 |
85ad3d82
|
Assos Assos
|
*/
|
677 |
|
|
function nodeaccess_node_access_records($node) {
|
678 |
c2ac6d1d
|
Assos Assos
|
if (nodeaccess_disabling() || !$node->status) {
|
679 |
|
|
return NULL;
|
680 |
85ad3d82
|
Assos Assos
|
}
|
681 |
c2ac6d1d
|
Assos Assos
|
|
682 |
85ad3d82
|
Assos Assos
|
// Need to find out if node has own grants or whether to use defaults.
|
683 |
|
|
$default = variable_get('nodeaccess_' . $node->type, array());
|
684 |
0695d136
|
Assos Assos
|
|
685 |
|
|
// Setup default keys that are required by node_access_write_grants().
|
686 |
|
|
$grant_defaults = array(
|
687 |
|
|
'gid' => 0,
|
688 |
|
|
'realm' => 'nodeaccess_rid',
|
689 |
|
|
'grant_view' => 0,
|
690 |
|
|
'grant_update' => 0,
|
691 |
|
|
'grant_delete' => 0,
|
692 |
|
|
'priority' => variable_get('nodeaccess-priority', 0),
|
693 |
|
|
);
|
694 |
|
|
|
695 |
c2ac6d1d
|
Assos Assos
|
$query = db_select('nodeaccess', 'n')
|
696 |
|
|
->fields('n', array('gid', 'realm', 'grant_view', 'grant_update', 'grant_delete'))
|
697 |
|
|
->condition('nid', $node->nid, '=');
|
698 |
|
|
$result = $query->execute();
|
699 |
|
|
if (!$result->rowCount()) {
|
700 |
|
|
// Node has no own grants, use defaults.
|
701 |
|
|
$grants = $default;
|
702 |
85ad3d82
|
Assos Assos
|
}
|
703 |
|
|
else {
|
704 |
|
|
// Node has own grants, use them.
|
705 |
|
|
$grants = array();
|
706 |
c2ac6d1d
|
Assos Assos
|
while ($row = $result->fetchAssoc()) {
|
707 |
|
|
$grants[] = $row;
|
708 |
85ad3d82
|
Assos Assos
|
}
|
709 |
|
|
}
|
710 |
c2ac6d1d
|
Assos Assos
|
|
711 |
85ad3d82
|
Assos Assos
|
// Apply author grants.
|
712 |
|
|
$author_prefs = variable_get('nodeaccess_authors', array());
|
713 |
c2ac6d1d
|
Assos Assos
|
// Array is pre-populated with grant values.
|
714 |
85ad3d82
|
Assos Assos
|
$grant = $author_prefs[$node->type];
|
715 |
|
|
$grant['gid'] = $node->uid;
|
716 |
|
|
$grant['realm'] = 'nodeaccess_author';
|
717 |
|
|
// Include author grant even with all values FALSE, it may be
|
718 |
|
|
// needed to overwrite an older value.
|
719 |
|
|
$grants[] = $grant;
|
720 |
0695d136
|
Assos Assos
|
|
721 |
|
|
foreach ($grants as $id => $grant) {
|
722 |
|
|
// Merge missing default grant keys.
|
723 |
|
|
$grants[$id] = $grants[$id] + $grant_defaults;
|
724 |
|
|
}
|
725 |
c2ac6d1d
|
Assos Assos
|
|
726 |
85ad3d82
|
Assos Assos
|
return $grants;
|
727 |
|
|
}
|
728 |
|
|
|
729 |
c2ac6d1d
|
Assos Assos
|
|
730 |
85ad3d82
|
Assos Assos
|
/**
|
731 |
0695d136
|
Assos Assos
|
* Mark module to be in process of disabling.
|
732 |
|
|
*
|
733 |
|
|
* Prevents entries being saved to node_access while module is being disabled.
|
734 |
|
|
*
|
735 |
|
|
* @param mixed $set
|
736 |
|
|
* A boolean set or NULL to not change status.
|
737 |
c2ac6d1d
|
Assos Assos
|
*
|
738 |
|
|
* @return bool
|
739 |
85ad3d82
|
Assos Assos
|
*/
|
740 |
|
|
function nodeaccess_disabling($set = NULL) {
|
741 |
|
|
static $disabling = FALSE;
|
742 |
c2ac6d1d
|
Assos Assos
|
|
743 |
85ad3d82
|
Assos Assos
|
if ($set !== NULL) {
|
744 |
|
|
$disabling = $set;
|
745 |
|
|
}
|
746 |
c2ac6d1d
|
Assos Assos
|
|
747 |
85ad3d82
|
Assos Assos
|
return $disabling;
|
748 |
|
|
}
|
749 |
|
|
|
750 |
c2ac6d1d
|
Assos Assos
|
|
751 |
85ad3d82
|
Assos Assos
|
/**
|
752 |
|
|
* Implements hook_node_type_delete().
|
753 |
c2ac6d1d
|
Assos Assos
|
*
|
754 |
|
|
* @param Object $info
|
755 |
85ad3d82
|
Assos Assos
|
*/
|
756 |
|
|
function nodeaccess_node_type_delete($info) {
|
757 |
|
|
// Node type is being deleted, delete its preferences.
|
758 |
|
|
variable_del('nodeaccess_' . $info->type);
|
759 |
|
|
$author_prefs = variable_get('nodeaccess_authors', array());
|
760 |
|
|
unset($author_prefs[$info->type]);
|
761 |
|
|
variable_set('nodeaccess_authors', $author_prefs);
|
762 |
|
|
}
|
763 |
|
|
|
764 |
c2ac6d1d
|
Assos Assos
|
|
765 |
85ad3d82
|
Assos Assos
|
/**
|
766 |
|
|
* Implements hook_node_type_update().
|
767 |
c2ac6d1d
|
Assos Assos
|
*
|
768 |
|
|
* @param Object $info
|
769 |
85ad3d82
|
Assos Assos
|
*/
|
770 |
|
|
function nodeaccess_node_type_update($info) {
|
771 |
|
|
// Node type has changed, move preferences to new type.
|
772 |
|
|
if (!empty($info->old_type) && $info->old_type != $info->type) {
|
773 |
|
|
$setting = variable_get('nodeaccess_' . $info->old_type, array());
|
774 |
|
|
variable_del('nodeaccess_' . $info->old_type);
|
775 |
|
|
variable_set('nodeaccess_' . $info->type, $setting);
|
776 |
|
|
$author_prefs = variable_get('nodeaccess_authors', array());
|
777 |
|
|
$author_prefs[$info->type] = array(
|
778 |
|
|
'grant_view' => $author_prefs[$info->old_type]['grant_view'],
|
779 |
|
|
'grant_update' => $author_prefs[$info->old_type]['grant_update'],
|
780 |
|
|
'grant_delete' => $author_prefs[$info->old_type]['grant_delete'],
|
781 |
|
|
);
|
782 |
|
|
unset($author_prefs[$info->old_type]);
|
783 |
|
|
variable_set('nodeaccess_authors', $author_prefs);
|
784 |
|
|
}
|
785 |
|
|
}
|
786 |
|
|
|
787 |
c2ac6d1d
|
Assos Assos
|
|
788 |
85ad3d82
|
Assos Assos
|
/**
|
789 |
|
|
* Implements hook_node_type_insert().
|
790 |
c2ac6d1d
|
Assos Assos
|
*
|
791 |
|
|
* @param Object $info
|
792 |
85ad3d82
|
Assos Assos
|
*/
|
793 |
|
|
function nodeaccess_node_type_insert($info) {
|
794 |
|
|
// New node type, default to whatever is set for access content permission.
|
795 |
|
|
$role_perms = user_role_permissions(array(1 => 1, 2 => 2));
|
796 |
c2ac6d1d
|
Assos Assos
|
$role_perms[DRUPAL_ANONYMOUS_RID]['access content'] = isset($role_perms[1]['access content']) ?
|
797 |
85ad3d82
|
Assos Assos
|
intval($role_perms[1]['access content']) : 0;
|
798 |
c2ac6d1d
|
Assos Assos
|
$role_perms[DRUPAL_AUTHENTICATED_RID]['access content'] = isset($role_perms[2]['access content']) ?
|
799 |
85ad3d82
|
Assos Assos
|
intval($role_perms[2]['access content']) : 0;
|
800 |
|
|
$grants[] = array(
|
801 |
c2ac6d1d
|
Assos Assos
|
'gid' => DRUPAL_ANONYMOUS_RID,
|
802 |
85ad3d82
|
Assos Assos
|
'realm' => 'nodeaccess_rid',
|
803 |
c2ac6d1d
|
Assos Assos
|
'grant_view' => $role_perms[DRUPAL_ANONYMOUS_RID]['access content'],
|
804 |
85ad3d82
|
Assos Assos
|
'grant_update' => 0,
|
805 |
|
|
'grant_delete' => 0,
|
806 |
|
|
);
|
807 |
|
|
$grants[] = array(
|
808 |
c2ac6d1d
|
Assos Assos
|
'gid' => DRUPAL_AUTHENTICATED_RID,
|
809 |
85ad3d82
|
Assos Assos
|
'realm' => 'nodeaccess_rid',
|
810 |
c2ac6d1d
|
Assos Assos
|
'grant_view' => $role_perms[DRUPAL_AUTHENTICATED_RID]['access content'],
|
811 |
85ad3d82
|
Assos Assos
|
'grant_update' => 0,
|
812 |
|
|
'grant_delete' => 0,
|
813 |
|
|
);
|
814 |
|
|
variable_set('nodeaccess_' . $info->type, $grants);
|
815 |
c2ac6d1d
|
Assos Assos
|
|
816 |
|
|
// Add permissions for author.
|
817 |
85ad3d82
|
Assos Assos
|
$author_prefs = variable_get('nodeaccess_authors', array());
|
818 |
|
|
$author_prefs[$info->type] = array(
|
819 |
0695d136
|
Assos Assos
|
'grant_view' => 0,
|
820 |
|
|
'grant_update' => 0,
|
821 |
|
|
'grant_delete' => 0,
|
822 |
85ad3d82
|
Assos Assos
|
);
|
823 |
c2ac6d1d
|
Assos Assos
|
|
824 |
85ad3d82
|
Assos Assos
|
variable_set('nodeaccess_authors', $author_prefs);
|
825 |
|
|
node_access_needs_rebuild(TRUE);
|
826 |
|
|
}
|
827 |
|
|
|
828 |
c2ac6d1d
|
Assos Assos
|
|
829 |
85ad3d82
|
Assos Assos
|
/**
|
830 |
0695d136
|
Assos Assos
|
* Retrieve role aliases.
|
831 |
|
|
*
|
832 |
c2ac6d1d
|
Assos Assos
|
* @return array
|
833 |
|
|
* Role aliases indexed by rid.
|
834 |
85ad3d82
|
Assos Assos
|
*/
|
835 |
|
|
function nodeaccess_get_role_aliases() {
|
836 |
|
|
$aliases = array();
|
837 |
c2ac6d1d
|
Assos Assos
|
$query = db_select('role', 'r');
|
838 |
|
|
$query->join('nodeaccess_role_alias', 'a', 'r.rid = a.rid');
|
839 |
|
|
$query->fields('r', array('rid', 'name'));
|
840 |
|
|
$query->addField('a', 'name', 'alias');
|
841 |
|
|
$query->addField('a', 'weight');
|
842 |
|
|
$query->orderBy('a.weight');
|
843 |
|
|
$query->orderBy('r.weight');
|
844 |
|
|
$query->orderBy('a.name');
|
845 |
|
|
$query->orderBy('r.name');
|
846 |
|
|
$result = $query->execute();
|
847 |
|
|
while($a = $result->fetch()) {
|
848 |
85ad3d82
|
Assos Assos
|
$aliases[$a->rid]['name'] = $a->name;
|
849 |
|
|
$aliases[$a->rid]['alias'] = $a->alias;
|
850 |
|
|
$aliases[$a->rid]['weight'] = $a->weight;
|
851 |
|
|
}
|
852 |
|
|
return $aliases;
|
853 |
|
|
}
|
854 |
|
|
|
855 |
|
|
/**
|
856 |
0695d136
|
Assos Assos
|
* Save a role alias.
|
857 |
|
|
*
|
858 |
|
|
* @param array $edit
|
859 |
|
|
* An array of aliases to save, indexed by rid.
|
860 |
85ad3d82
|
Assos Assos
|
*/
|
861 |
|
|
function nodeaccess_save_role_aliases($edit) {
|
862 |
|
|
db_delete('nodeaccess_role_alias')->execute();
|
863 |
|
|
if (is_array($edit)) {
|
864 |
|
|
foreach ($edit as $key => $value) {
|
865 |
|
|
db_insert('nodeaccess_role_alias')->fields(array(
|
866 |
|
|
'rid' => $key,
|
867 |
|
|
'name' => $value['name'],
|
868 |
|
|
'weight' => $value['weight'],
|
869 |
|
|
))->execute();
|
870 |
|
|
}
|
871 |
|
|
}
|
872 |
|
|
return;
|
873 |
|
|
}
|
874 |
|
|
|
875 |
|
|
/**
|
876 |
|
|
* Insert userreference grants from a node.
|
877 |
c2ac6d1d
|
Assos Assos
|
*
|
878 |
|
|
* @param Object $node
|
879 |
85ad3d82
|
Assos Assos
|
*/
|
880 |
|
|
function nodeaccess_insert_user_reference($node) {
|
881 |
c2ac6d1d
|
Assos Assos
|
$form_values = nodeaccess_get_grants($node);
|
882 |
85ad3d82
|
Assos Assos
|
// Now, append or overwrite the uid with what was specified in the user
|
883 |
|
|
// reference field.
|
884 |
|
|
$fields = variable_get('nodeaccess_' . $node->type . '_user_reference', array());
|
885 |
|
|
foreach ($fields as $field_name => $field) {
|
886 |
|
|
$user_uids = field_get_items('node', $node, $field_name);
|
887 |
|
|
$user_references = user_load_multiple($user_uids);
|
888 |
|
|
// Add each of the referenced users a form value.
|
889 |
|
|
foreach ($user_references as $user) {
|
890 |
|
|
$form_values['uid'][$user->uid] = array(
|
891 |
|
|
'name' => $user->name,
|
892 |
|
|
'keep' => 1,
|
893 |
|
|
'grant_view' => $field['grant_view'],
|
894 |
|
|
'grant_update' => $field['grant_update'],
|
895 |
|
|
'grant_delete' => $field['grant_delete'],
|
896 |
|
|
);
|
897 |
|
|
}
|
898 |
|
|
}
|
899 |
|
|
// Only do the changes if there are users to save.
|
900 |
|
|
if (count($form_values['uid']) > 0) {
|
901 |
|
|
$form_values['nid'] = $node->nid;
|
902 |
|
|
$form_state = array('values' => $form_values);
|
903 |
|
|
_nodeaccess_grants_form_submit(NULL, $form_state);
|
904 |
|
|
}
|
905 |
|
|
}
|
906 |
|
|
|
907 |
|
|
/**
|
908 |
|
|
* Delete all userreference user grants from a node.
|
909 |
c2ac6d1d
|
Assos Assos
|
*
|
910 |
|
|
* @param Object $node
|
911 |
85ad3d82
|
Assos Assos
|
*/
|
912 |
|
|
function nodeaccess_delete_user_reference($node) {
|
913 |
c2ac6d1d
|
Assos Assos
|
$form_values = nodeaccess_get_grants($node);
|
914 |
85ad3d82
|
Assos Assos
|
// Now, append or overwrite the uid with what was specified in the user
|
915 |
|
|
// reference field.
|
916 |
|
|
$fields = variable_get('nodeaccess_' . $node->type . '_user_reference', array());
|
917 |
|
|
foreach ($fields as $field_name => $field) {
|
918 |
|
|
$user_uids = field_get_items('node', $node, $field_name);
|
919 |
|
|
$user_references = user_load_multiple($user_uids);
|
920 |
|
|
foreach ($user_references as $user) {
|
921 |
|
|
unset($form_values['uid'][$user->uid]);
|
922 |
|
|
}
|
923 |
|
|
}
|
924 |
|
|
$form_values['nid'] = $node->nid;
|
925 |
|
|
$form_state = array('values' => $form_values);
|
926 |
c2ac6d1d
|
Assos Assos
|
|
927 |
85ad3d82
|
Assos Assos
|
_nodeaccess_grants_form_submit(NULL, $form_state);
|
928 |
|
|
}
|
929 |
|
|
|
930 |
|
|
/**
|
931 |
|
|
* Return the grants applied to a node object used for Grant form.
|
932 |
|
|
*
|
933 |
c2ac6d1d
|
Assos Assos
|
* @param Object $node
|
934 |
|
|
*
|
935 |
85ad3d82
|
Assos Assos
|
* @return array
|
936 |
|
|
* An array of grants with keys 'rid' for roles and 'uid' for users.
|
937 |
|
|
*/
|
938 |
c2ac6d1d
|
Assos Assos
|
function nodeaccess_get_grants($node) {
|
939 |
85ad3d82
|
Assos Assos
|
$grants = array();
|
940 |
c2ac6d1d
|
Assos Assos
|
|
941 |
|
|
// Load grants by roles.
|
942 |
|
|
$query = db_select('nodeaccess', 'na');
|
943 |
|
|
$query->join('role', 'r', 'r.rid = na.gid');
|
944 |
|
|
$query->join('nodeaccess_role_alias', 'nra', 'nra.rid = r.rid');
|
945 |
|
|
$query->fields('r', array('rid', 'name'));
|
946 |
|
|
$query->fields('na', array('grant_view', 'grant_update', 'grant_delete'));
|
947 |
|
|
$query->condition('na.realm', 'nodeaccess_rid', '=');
|
948 |
|
|
$query->condition('na.nid', $node->nid, '=');
|
949 |
|
|
$query->orderBy('nra.weight');
|
950 |
|
|
$query->orderBy('nra.name');
|
951 |
|
|
$result = $query->execute();
|
952 |
|
|
|
953 |
|
|
while ($grant = $result->fetch()) {
|
954 |
|
|
if ($grant->name) {
|
955 |
|
|
$grants['rid'][$grant->rid] = array(
|
956 |
|
|
'name' => $grant->name,
|
957 |
|
|
'grant_view' => (bool) $grant->grant_view,
|
958 |
|
|
'grant_update' => (bool) $grant->grant_update,
|
959 |
|
|
'grant_delete' => (bool) $grant->grant_delete,
|
960 |
|
|
);
|
961 |
|
|
}
|
962 |
85ad3d82
|
Assos Assos
|
}
|
963 |
c2ac6d1d
|
Assos Assos
|
// Load grants by users
|
964 |
|
|
$query = db_select('node_access', 'na');
|
965 |
|
|
$query->join('users', 'u', 'u.uid = na.gid');
|
966 |
|
|
$query->fields('u', array('uid', 'name'));
|
967 |
|
|
$query->fields('na', array('grant_view', 'grant_update', 'grant_delete'));
|
968 |
|
|
$query->condition('na.nid', $node->nid, '=');
|
969 |
|
|
$query->condition('na.realm', 'nodeaccess_uid', '=');
|
970 |
|
|
$query->orderBy('name');
|
971 |
|
|
$result = $query->execute();
|
972 |
|
|
|
973 |
|
|
while ($account = $result->fetch()) {
|
974 |
85ad3d82
|
Assos Assos
|
$grants['uid'][$account->uid] = array(
|
975 |
|
|
'name' => $account->name,
|
976 |
c2ac6d1d
|
Assos Assos
|
'keep' => TRUE,
|
977 |
|
|
'grant_view' => (bool) $account->grant_view,
|
978 |
|
|
'grant_update' => (bool) $account->grant_update,
|
979 |
|
|
'grant_delete' => (bool) $account->grant_delete,
|
980 |
85ad3d82
|
Assos Assos
|
);
|
981 |
|
|
}
|
982 |
|
|
return $grants;
|
983 |
|
|
}
|
984 |
c2ac6d1d
|
Assos Assos
|
|
985 |
|
|
/**
|
986 |
|
|
* Set all grants for a node to nodeaccess table and acquire them.
|
987 |
|
|
*
|
988 |
|
|
* @param $node
|
989 |
|
|
* node object the grants are being applied to.
|
990 |
|
|
* @param array $grants
|
991 |
|
|
* array of grants as defined (@see nodeaccess_save_grant).
|
992 |
|
|
*/
|
993 |
|
|
function nodeaccess_set_grants($node, $grants = array()) {
|
994 |
|
|
// Allow other modules to edit all grants for array.
|
995 |
|
|
drupal_alter('nodeaccess_grants', $grants, $node);
|
996 |
|
|
|
997 |
|
|
nodeaccess_delete_grants($node);
|
998 |
|
|
|
999 |
|
|
if (count($grants)) {
|
1000 |
|
|
foreach ($grants as $grant) {
|
1001 |
|
|
// Allow other modules to edit single grants.
|
1002 |
|
|
drupal_alter('nodeaccess_grant', $grant, $node);
|
1003 |
|
|
nodeaccess_save_grant($node, $grant);
|
1004 |
|
|
}
|
1005 |
|
|
}
|
1006 |
|
|
|
1007 |
|
|
node_access_acquire_grants($node);
|
1008 |
|
|
}
|
1009 |
|
|
|
1010 |
|
|
|
1011 |
|
|
/**
|
1012 |
|
|
* Delete all grants from nodeaccess table for this node.
|
1013 |
|
|
*
|
1014 |
|
|
* @param $node
|
1015 |
|
|
* node object whose grants are being revoked.
|
1016 |
|
|
*/
|
1017 |
|
|
function nodeaccess_delete_grants($node) {
|
1018 |
|
|
try {
|
1019 |
|
|
db_delete('nodeaccess')
|
1020 |
|
|
->condition('nid', $node->nid)
|
1021 |
|
|
->execute();
|
1022 |
|
|
|
1023 |
|
|
node_access_acquire_grants($node);
|
1024 |
|
|
}
|
1025 |
|
|
catch (Exception $e) {
|
1026 |
|
|
drupal_set_message(t("Database error has occurred while clearing nodeaccess table."), 'error');
|
1027 |
|
|
watchdog('nodeaccess', 'Database error: @message.', array('@message' => $e->getMessage()), WATCHDOG_ERROR);
|
1028 |
|
|
}
|
1029 |
|
|
}
|
1030 |
|
|
|
1031 |
|
|
/**
|
1032 |
|
|
* Revoke all custom grants from nodeaccess table for this node. Essentially
|
1033 |
|
|
* reset the grants to their default state (by node type).
|
1034 |
|
|
*
|
1035 |
|
|
* @param $node
|
1036 |
|
|
* node object whose grants are being revoked.
|
1037 |
|
|
*/
|
1038 |
|
|
function nodeaccess_revoke_grants($node) {
|
1039 |
|
|
nodeaccess_delete_grants($node);
|
1040 |
|
|
node_access_acquire_grants($node);
|
1041 |
|
|
}
|
1042 |
|
|
|
1043 |
|
|
/**
|
1044 |
|
|
* Save the grant settings/options for the node.
|
1045 |
|
|
*
|
1046 |
|
|
* @param $node
|
1047 |
|
|
* node object the grant is being applied to.
|
1048 |
|
|
* @param array $grant
|
1049 |
|
|
* array(
|
1050 |
|
|
* 'gid' => (int) gid for realm,
|
1051 |
|
|
* 'realm' => (string) what realm the access grant belongs to (ex: nodeaccess_rid).
|
1052 |
|
|
* 'grant_view' => (int) view access being granted,
|
1053 |
|
|
* 'grant_update' => (int) update access being granted,
|
1054 |
|
|
* 'grant_delete' => (int) delete access being granted,
|
1055 |
|
|
* )
|
1056 |
|
|
*/
|
1057 |
|
|
function nodeaccess_save_grant($node, $grant) {
|
1058 |
|
|
// Save role and user grants to our own table.
|
1059 |
|
|
try {
|
1060 |
|
|
db_insert('nodeaccess')
|
1061 |
|
|
->fields(array(
|
1062 |
|
|
'nid' => $node->nid,
|
1063 |
|
|
'gid' => $grant['gid'],
|
1064 |
|
|
'realm' => $grant['realm'],
|
1065 |
|
|
'grant_view' => (int) $grant['grant_view'],
|
1066 |
|
|
'grant_update' => (int) $grant['grant_update'],
|
1067 |
|
|
'grant_delete' => (int) $grant['grant_delete'],
|
1068 |
|
|
))
|
1069 |
|
|
->execute();
|
1070 |
|
|
}
|
1071 |
|
|
catch (Exception $e) {
|
1072 |
|
|
drupal_set_message(t("Database error has occurred while saving to nodeaccess table."), 'error');
|
1073 |
|
|
watchdog('nodeaccess', 'Database error: @message.', array('@message' => $e->getMessage()), WATCHDOG_ERROR);
|
1074 |
|
|
}
|
1075 |
|
|
}
|
1076 |
|
|
|
1077 |
|
|
/**
|
1078 |
|
|
* Add the grant tab to the specified node type.
|
1079 |
|
|
*
|
1080 |
|
|
* @param string $type
|
1081 |
|
|
* The node type we are adding the grant tab for.
|
1082 |
|
|
*/
|
1083 |
|
|
function nodeaccess_add_type_grant($type) {
|
1084 |
|
|
$grants = variable_get('nodeaccess-types', array());
|
1085 |
|
|
$grants[$type] = TRUE;
|
1086 |
|
|
|
1087 |
|
|
nodeaccess_set_type_grants($grants);
|
1088 |
|
|
}
|
1089 |
|
|
|
1090 |
|
|
/**
|
1091 |
|
|
* Delete the grant tab for specified node type.
|
1092 |
|
|
*
|
1093 |
|
|
* @param string $type
|
1094 |
|
|
* The node type we are removing the grant tab from.
|
1095 |
|
|
*/
|
1096 |
|
|
function nodeaccess_delete_type_grant($type) {
|
1097 |
|
|
$grants = variable_get('nodeaccess-types', array());
|
1098 |
|
|
|
1099 |
|
|
if (isset($grants[$type])) {
|
1100 |
|
|
unset($grants[$type]);
|
1101 |
|
|
}
|
1102 |
|
|
|
1103 |
|
|
nodeaccess_set_type_grants($grants);
|
1104 |
|
|
}
|
1105 |
|
|
|
1106 |
|
|
/**
|
1107 |
|
|
* Set the grant tab settings for all node types.
|
1108 |
|
|
*
|
1109 |
|
|
* @param array $types
|
1110 |
|
|
* The types that will have the grant tab appear.
|
1111 |
|
|
*
|
1112 |
|
|
*/
|
1113 |
|
|
function nodeaccess_set_type_grants($types = array()) {
|
1114 |
|
|
if (!is_array($types)) {
|
1115 |
|
|
return;
|
1116 |
|
|
}
|
1117 |
|
|
|
1118 |
|
|
variable_set('nodeaccess-types', $types);
|
1119 |
|
|
node_access_needs_rebuild(TRUE);
|
1120 |
|
|
} |