Révision c2ac6d1d
Ajouté par Assos Assos il y a environ 5 ans
| drupal7/sites/all/modules/nodeaccess/nodeaccess.module | ||
|---|---|---|
| 5 | 5 |
* Provide per node access control |
| 6 | 6 |
*/ |
| 7 | 7 |
|
| 8 |
|
|
| 8 | 9 |
/** |
| 9 | 10 |
* Implements hook_help(). |
| 11 |
* |
|
| 12 |
* @param string $path |
|
| 13 |
* @param $arg |
|
| 14 |
* |
|
| 15 |
* @return string|NULL |
|
| 10 | 16 |
*/ |
| 11 | 17 |
function nodeaccess_help($path, $arg) {
|
| 12 | 18 |
switch ($path) {
|
| 13 | 19 |
case 'node/%/grant': |
| 14 |
return t("You can set grants for individual users. Enter a name or a partial name in the box and click Search or press return. You must check the 'Keep?' checkbox if you want to keep the user for granting. Note that user grants are in addition to those coming from roles.");
|
|
| 20 |
return t("You can set grants for individual users. Enter a name or a
|
|
| 21 |
partial name in the box and click Search or press return. You must check |
|
| 22 |
the 'Keep?' checkbox if you want to keep the user for granting. Note |
|
| 23 |
that user grants are in addition to those coming from roles."); |
|
| 15 | 24 |
} |
| 16 | 25 |
} |
| 17 | 26 |
|
| 27 |
|
|
| 18 | 28 |
/** |
| 19 | 29 |
* Implements hook_menu(). |
| 30 |
* |
|
| 31 |
* @return array |
|
| 20 | 32 |
*/ |
| 21 | 33 |
function nodeaccess_menu() {
|
| 34 |
$items = array(); |
|
| 35 |
|
|
| 22 | 36 |
$items['admin/config/people/nodeaccess'] = array( |
| 23 | 37 |
'title' => 'Nodeaccess', |
| 24 | 38 |
'description' => 'Change default settings for the Nodeaccess module.', |
| 25 | 39 |
'page callback' => 'nodeaccess_admin', |
| 40 |
'file' => 'nodeaccess.admin.inc', |
|
| 26 | 41 |
'access arguments' => array('administer nodeaccess'),
|
| 27 | 42 |
); |
| 43 |
|
|
| 28 | 44 |
$items['node/%node/grant'] = array( |
| 29 | 45 |
'title' => 'Grant', |
| 30 |
'page callback' => 'nodeaccess_grants',
|
|
| 46 |
'page callback' => 'nodeaccess_grant_tab',
|
|
| 31 | 47 |
'page arguments' => array(1), |
| 32 | 48 |
'access callback' => 'nodeaccess_access', |
| 33 | 49 |
'access arguments' => array('grant', 1),
|
| 34 | 50 |
'weight' => 5, |
| 35 | 51 |
'type' => MENU_LOCAL_TASK, |
| 36 | 52 |
); |
| 53 |
|
|
| 37 | 54 |
return $items; |
| 38 | 55 |
} |
| 39 | 56 |
|
| 57 |
|
|
| 40 | 58 |
/** |
| 41 | 59 |
* Implements hook_admin_paths(). |
| 60 |
* |
|
| 61 |
* @return array |
|
| 42 | 62 |
*/ |
| 43 | 63 |
function nodeaccess_admin_paths() {
|
| 44 | 64 |
$paths = array( |
| 45 | 65 |
'node/*/grant' => TRUE, |
| 46 | 66 |
'admin/config/people/nodeaccess' => TRUE, |
| 47 | 67 |
); |
| 68 |
|
|
| 48 | 69 |
return $paths; |
| 49 | 70 |
} |
| 50 | 71 |
|
| 51 | 72 |
/** |
| 52 | 73 |
* Implements hook_permission(). |
| 74 |
* |
|
| 75 |
* @return array |
|
| 53 | 76 |
*/ |
| 54 | 77 |
function nodeaccess_permission() {
|
| 55 | 78 |
|
| ... | ... | |
| 72 | 95 |
); |
| 73 | 96 |
} |
| 74 | 97 |
|
| 98 |
|
|
| 75 | 99 |
/** |
| 76 | 100 |
* Implements hook_node_access(). |
| 101 |
* |
|
| 102 |
* @param $node |
|
| 103 |
* @param $op |
|
| 104 |
* @param $account |
|
| 105 |
* |
|
| 106 |
* @return string |
|
| 77 | 107 |
*/ |
| 78 | 108 |
function nodeaccess_node_access($node, $op, $account) {
|
| 109 |
|
|
| 79 | 110 |
switch ($op) {
|
| 80 | 111 |
case 'update': |
| 81 | 112 |
case 'delete': |
| ... | ... | |
| 85 | 116 |
} |
| 86 | 117 |
// If the node belongs to a deleted user. |
| 87 | 118 |
if ($account->uid == 0 && $node->uid == 0) {
|
| 119 |
$grants = nodeaccess_get_grants($node); |
|
| 88 | 120 |
// We check if the role has particular access to this node. |
| 89 |
$grants = _nodeaccess_get_grants($node); |
|
| 90 | 121 |
// If anonymous has rights to this node, we allow them. |
| 91 |
if (($grants['rid'][1]['grant_update'] && $op == 'update') ||
|
|
| 92 |
($grants['rid'][1]['grant_delete'] && $op == 'delete')) {
|
|
| 122 |
if ((!empty($grants['rid'][DRUPAL_ANONYMOUS_RID]['grant_update']) && $op == 'update') ||
|
|
| 123 |
(!empty($grants['rid'][DRUPAL_ANONYMOUS_RID]['grant_delete']) && $op == 'delete')) {
|
|
| 93 | 124 |
return NODE_ACCESS_ALLOW; |
| 94 | 125 |
} |
| 95 | 126 |
return NODE_ACCESS_DENY; |
| 96 | 127 |
} |
| 97 | 128 |
break; |
| 98 |
|
|
| 99 |
case 'view': |
|
| 100 |
if (!isset($account->uid)) {
|
|
| 101 |
global $user; |
|
| 102 |
$account = $user; |
|
| 103 |
} |
|
| 104 |
// If the node is not published. We check other permissions. |
|
| 105 |
if (!$node->status) {
|
|
| 106 |
// If the current user is the author and not anonymous. |
|
| 107 |
if ($node->uid == $account->uid && $account->uid > 0) {
|
|
| 108 |
// We check to see if they have access to view own unpublished. |
|
| 109 |
if (user_access('view own unpublished content') || user_access('bypass node access')) {
|
|
| 110 |
return NODE_ACCESS_ALLOW; |
|
| 111 |
} |
|
| 112 |
} |
|
| 113 |
elseif (user_access('bypass node access')) {
|
|
| 114 |
return NODE_ACCESS_ALLOW; |
|
| 115 |
} |
|
| 116 |
return NODE_ACCESS_IGNORE; |
|
| 117 |
} |
|
| 118 |
break; |
|
| 119 |
|
|
| 120 | 129 |
} |
| 121 | 130 |
} |
| 122 | 131 |
|
| 123 | 132 |
/** |
| 124 | 133 |
* Determine access to Grant tab. |
| 134 |
* |
|
| 135 |
* @param $op |
|
| 136 |
* @param $node |
|
| 137 |
* @param $account |
|
| 138 |
* |
|
| 139 |
* @return bool |
|
| 140 |
* Whether the user has access to the grant tab. |
|
| 125 | 141 |
*/ |
| 126 | 142 |
function nodeaccess_access($op, $node, $account = NULL) {
|
| 127 | 143 |
global $user; |
| 128 | 144 |
if (!$node) {
|
| 145 |
|
|
| 129 | 146 |
return FALSE; |
| 130 | 147 |
} |
| 131 | 148 |
|
| 132 | 149 |
// Apparently D7 no longer defaults to admin getting anything? |
| 133 | 150 |
if (user_access('administer nodeaccess')) {
|
| 151 |
|
|
| 134 | 152 |
return TRUE; |
| 135 | 153 |
} |
| 136 | 154 |
|
| ... | ... | |
| 141 | 159 |
$allowed_types = variable_get('nodeaccess-types', array());
|
| 142 | 160 |
if ($op == 'grant') {
|
| 143 | 161 |
if ($node->nid && isset($allowed_types[$node->type]) && !empty($allowed_types[$node->type]) && |
| 144 |
(user_access('grant node permissions', $account) ||
|
|
| 145 |
(user_access('grant editable node permissions', $account) && node_access('update', $node, $account)) ||
|
|
| 146 |
(user_access('grant deletable node permissions', $account) && node_access('delete', $node, $account)) ||
|
|
| 147 |
(user_access('grant own node permissions', $account) && ($account->uid == $node->uid)))) {
|
|
| 162 |
(user_access('grant node permissions', $account) ||
|
|
| 163 |
(user_access('grant editable node permissions', $account) && node_access('update', $node, $account)) ||
|
|
| 164 |
(user_access('grant deletable node permissions', $account) && node_access('delete', $node, $account)) ||
|
|
| 165 |
(user_access('grant own node permissions', $account) && ($account->uid == $node->uid)))) {
|
|
| 166 |
|
|
| 148 | 167 |
return TRUE; |
| 149 | 168 |
} |
| 150 | 169 |
} |
| 170 |
|
|
| 151 | 171 |
return FALSE; |
| 152 | 172 |
} |
| 153 | 173 |
|
| 174 |
|
|
| 154 | 175 |
/** |
| 155 | 176 |
* Implements hook_theme(). |
| 177 |
* |
|
| 178 |
* @param $existing |
|
| 179 |
* @param $type |
|
| 180 |
* @param $theme |
|
| 181 |
* @param $path |
|
| 182 |
* |
|
| 183 |
* @return array |
|
| 156 | 184 |
*/ |
| 157 | 185 |
function nodeaccess_theme($existing, $type, $theme, $path) {
|
| 186 |
|
|
| 158 | 187 |
return array( |
| 159 | 188 |
'nodeaccess_admin_form_roles' => array( |
| 160 | 189 |
'render element' => 'form', |
| ... | ... | |
| 168 | 197 |
); |
| 169 | 198 |
} |
| 170 | 199 |
|
| 171 |
/** |
|
| 172 |
* Menu callback. Draws the admin page. |
|
| 173 |
*/ |
|
| 174 |
function nodeaccess_admin() {
|
|
| 175 |
return drupal_get_form('nodeaccess_admin_form');
|
|
| 176 |
} |
|
| 177 |
|
|
| 178 |
|
|
| 179 |
/** |
|
| 180 |
* Menu callback. Draws the admin page. |
|
| 181 |
*/ |
|
| 182 |
function nodeaccess_admin_form($form, $form_state) {
|
|
| 183 |
// Set defaults from variable_get. |
|
| 184 |
$show = variable_get('nodeaccess-types', array());
|
|
| 185 |
$roles = nodeaccess_get_role_aliases(); |
|
| 186 |
$allowed_roles = variable_get('nodeaccess-roles', array());
|
|
| 187 |
$allowed_grants = variable_get('nodeaccess-grants', array());
|
|
| 188 |
|
|
| 189 |
$form['priority'] = array( |
|
| 190 |
'#type' => 'checkbox', |
|
| 191 |
'#title' => t('Give node grants priority'),
|
|
| 192 |
'#default_value' => variable_get('nodeaccess-priority', 0),
|
|
| 193 |
'#description' => t('If you are only using this access control module, you can safely ignore this. If you are using multiple access control modules, and you want the grants given on individual nodes to override any grants given by other modules, you should check this box.'),
|
|
| 194 |
); |
|
| 195 |
|
|
| 196 |
// Select whether to preserve hidden grants. |
|
| 197 |
$form['preserve'] = array( |
|
| 198 |
'#type' => 'checkbox', |
|
| 199 |
'#title' => t('Preserve hidden grants'),
|
|
| 200 |
'#default_value' => variable_get('nodeaccess-preserve', 1),
|
|
| 201 |
'#description' => '<small>' . t('If you check this box, any hidden grants are preserved when you save grants. Otherwise all grants users are not allowed to view or edit are revoked on save.') . '</small>',
|
|
| 202 |
); |
|
| 203 |
|
|
| 204 |
// Select permissions you want to allow users to view and edit. |
|
| 205 |
$form['grant'] = array( |
|
| 206 |
'#type' => 'fieldset', |
|
| 207 |
'#collapsible' => TRUE, |
|
| 208 |
'#collapsed' => TRUE, |
|
| 209 |
'#title' => t('Allowed Grants'),
|
|
| 210 |
'#tree' => TRUE, |
|
| 211 |
'#description' => '<small>' . t('The selected grants will be listed on individual node grants. If you wish for certain grants to be hidden from users on the node grants tab, make sure they are not selected here.') . '</small>',
|
|
| 212 |
); |
|
| 213 |
$form['grant']['view'] = array( |
|
| 214 |
'#type' => 'checkbox', |
|
| 215 |
'#title' => t('View'),
|
|
| 216 |
'#default_value' => $allowed_grants['view'], |
|
| 217 |
); |
|
| 218 |
$form['grant']['edit'] = array( |
|
| 219 |
'#type' => 'checkbox', |
|
| 220 |
'#title' => t('Edit'),
|
|
| 221 |
'#default_value' => $allowed_grants['edit'], |
|
| 222 |
); |
|
| 223 |
$form['grant']['delete'] = array( |
|
| 224 |
'#type' => 'checkbox', |
|
| 225 |
'#title' => t('Delete'),
|
|
| 226 |
'#default_value' => $allowed_grants['delete'], |
|
| 227 |
); |
|
| 228 |
|
|
| 229 |
// Select roles the permissions of which you want to allow users to |
|
| 230 |
// view and edit, and the aliases and weights of those roles. |
|
| 231 |
$form['role'] = array( |
|
| 232 |
'#type' => 'fieldset', |
|
| 233 |
'#collapsible' => TRUE, |
|
| 234 |
'#collapsed' => TRUE, |
|
| 235 |
'#title' => t('Allowed Roles'),
|
|
| 236 |
'#tree' => TRUE, |
|
| 237 |
'#theme' => 'nodeaccess_admin_form_roles', |
|
| 238 |
'#description' => t('The selected roles will be listed on individual node grants. If you wish for certain roles to be hidden from users on the node grants tab, make sure they are not selected here. You may also provide an alias for each role to be displayed to the user and a weight to order them by. This is useful if your roles have machine-readable names not intended for human users.'),
|
|
| 239 |
); |
|
| 240 |
|
|
| 241 |
foreach ($roles as $id => $role) {
|
|
| 242 |
// Catch NULL values. |
|
| 243 |
if (!$role['alias']) {
|
|
| 244 |
$role['alias'] = ''; |
|
| 245 |
} |
|
| 246 |
if (!$role['weight']) {
|
|
| 247 |
$role['weight'] = 0; |
|
| 248 |
} |
|
| 249 |
$form['role'][$id]['name'] = array( |
|
| 250 |
'#type' => 'hidden', |
|
| 251 |
'#value' => $role['name'], |
|
| 252 |
); |
|
| 253 |
$form['role'][$id]['allow'] = array( |
|
| 254 |
'#type' => 'checkbox', |
|
| 255 |
'#title' => check_plain($role['name']), |
|
| 256 |
'#default_value' => isset($allowed_roles[$id]) ? $allowed_roles[$id] : 0, |
|
| 257 |
); |
|
| 258 |
$form['role'][$id]['alias'] = array( |
|
| 259 |
'#type' => 'textfield', |
|
| 260 |
'#default_value' => $role['alias'], |
|
| 261 |
'#size' => 50, |
|
| 262 |
'#maxlength' => 50, |
|
| 263 |
); |
|
| 264 |
$form['role'][$id]['weight'] = array( |
|
| 265 |
'#type' => 'weight', |
|
| 266 |
'#default_value' => $role['weight'], |
|
| 267 |
'#delta' => 10, |
|
| 268 |
); |
|
| 269 |
} |
|
| 270 |
|
|
| 271 |
// Generate fieldsets for each node type. |
|
| 272 |
foreach (node_type_get_types() as $type => $bundle) {
|
|
| 273 |
$form['nodeaccess'][$type] = array( |
|
| 274 |
'#type' => 'fieldset', |
|
| 275 |
'#collapsible' => TRUE, |
|
| 276 |
'#collapsed' => TRUE, |
|
| 277 |
'#title' => check_plain($bundle->name), |
|
| 278 |
'#tree' => TRUE, |
|
| 279 |
'#theme' => 'nodeaccess_admin_form_types', |
|
| 280 |
); |
|
| 281 |
|
|
| 282 |
$form['nodeaccess'][$type]['show'] = array( |
|
| 283 |
'#type' => 'checkbox', |
|
| 284 |
'#title' => t('Show grant tab for this node type'),
|
|
| 285 |
'#default_value' => isset($show[$type]) ? $show[$type] : 0, |
|
| 286 |
); |
|
| 287 |
|
|
| 288 |
// Set default author permissions for node type. |
|
| 289 |
$author_prefs = variable_get('nodeaccess_authors', array());
|
|
| 290 |
$form['nodeaccess'][$type]['author']['grant_view'] = array( |
|
| 291 |
'#type' => 'checkbox', |
|
| 292 |
'#default_value' => $author_prefs[$type]['grant_view'], |
|
| 293 |
); |
|
| 294 |
$form['nodeaccess'][$type]['author']['grant_update'] = array( |
|
| 295 |
'#type' => 'checkbox', |
|
| 296 |
'#default_value' => $author_prefs[$type]['grant_update'], |
|
| 297 |
); |
|
| 298 |
$form['nodeaccess'][$type]['author']['grant_delete'] = array( |
|
| 299 |
'#type' => 'checkbox', |
|
| 300 |
'#default_value' => $author_prefs[$type]['grant_delete'], |
|
| 301 |
); |
|
| 302 |
|
|
| 303 |
$perms = variable_get('nodeaccess_' . $type, array());
|
|
| 304 |
foreach ($perms as $perm) {
|
|
| 305 |
$opts[$perm['gid']] = $perm; |
|
| 306 |
} |
|
| 307 |
|
|
| 308 |
// Set default role permissions for node type. |
|
| 309 |
foreach (user_roles() as $id => $role) {
|
|
| 310 |
$form['nodeaccess'][$type]['roles'][$id]['name'] = array('#markup' => $role);
|
|
| 311 |
$form['nodeaccess'][$type]['roles'][$id]['grant_view'] = array( |
|
| 312 |
'#type' => 'checkbox', |
|
| 313 |
'#default_value' => isset($opts[$id]['grant_view']) ? $opts[$id]['grant_view'] : 0, |
|
| 314 |
); |
|
| 315 |
$form['nodeaccess'][$type]['roles'][$id]['grant_update'] = array( |
|
| 316 |
'#type' => 'checkbox', |
|
| 317 |
'#default_value' => isset($opts[$id]['grant_update']) ? $opts[$id]['grant_update'] : 0, |
|
| 318 |
); |
|
| 319 |
$form['nodeaccess'][$type]['roles'][$id]['grant_delete'] = array( |
|
| 320 |
'#type' => 'checkbox', |
|
| 321 |
'#default_value' => isset($opts[$id]['grant_delete']) ? $opts[$id]['grant_delete'] : 0, |
|
| 322 |
); |
|
| 323 |
} |
|
| 324 |
|
|
| 325 |
// Set the default permissions if userreference exists and is enabled on |
|
| 326 |
// the content type. |
|
| 327 |
if (module_exists('user_reference')) {
|
|
| 328 |
$bundle = field_extract_bundle('node', $bundle);
|
|
| 329 |
$fields = field_info_instances('node', $bundle);
|
|
| 330 |
$user_reference_perms = variable_get('nodeaccess_' . $type . '_user_reference', array());
|
|
| 331 |
|
|
| 332 |
$field_types = field_info_field_types(); |
|
| 333 |
|
|
| 334 |
foreach ($fields as $field) {
|
|
| 335 |
$field = field_info_field($field['field_name']); |
|
| 336 |
if ($field['type'] == 'user_reference') {
|
|
| 337 |
$enabled = isset($user_reference_perms[$field['field_name']]['enabled']) ? $user_reference_perms[$field['field_name']]['enabled'] : 0; |
|
| 338 |
$view = isset($user_reference_perms[$field['field_name']]['grant_view']) ? $user_reference_perms[$field['field_name']]['grant_view'] : 0; |
|
| 339 |
$update = isset($user_reference_perms[$field['field_name']]['grant_update']) ? $user_reference_perms[$field['field_name']]['grant_update'] : 0; |
|
| 340 |
$delete = isset($user_reference_perms[$field['field_name']]['grant_delete']) ? $user_reference_perms[$field['field_name']]['grant_delete'] : 0; |
|
| 341 |
|
|
| 342 |
$form['nodeaccess'][$type]['user_reference'][$field['field_name']]['name'] = array('#value' => t($field_types[$field['type']]['label']));
|
|
| 343 |
$form['nodeaccess'][$type]['user_reference'][$field['field_name']]['enabled'] = array( |
|
| 344 |
'#type' => 'checkbox', |
|
| 345 |
'#default_value' => $enabled, |
|
| 346 |
); |
|
| 347 |
$form['nodeaccess'][$type]['user_reference'][$field['field_name']]['grant_view'] = array( |
|
| 348 |
'#type' => 'checkbox', |
|
| 349 |
'#default_value' => $view, |
|
| 350 |
); |
|
| 351 |
$form['nodeaccess'][$type]['user_reference'][$field['field_name']]['grant_update'] = array( |
|
| 352 |
'#type' => 'checkbox', |
|
| 353 |
'#default_value' => $update, |
|
| 354 |
); |
|
| 355 |
$form['nodeaccess'][$type]['user_reference'][$field['field_name']]['grant_delete'] = array( |
|
| 356 |
'#type' => 'checkbox', |
|
| 357 |
'#default_value' => $delete, |
|
| 358 |
); |
|
| 359 |
} |
|
| 360 |
} |
|
| 361 |
} |
|
| 362 |
} |
|
| 363 |
$form['submit'] = array( |
|
| 364 |
'#type' => 'submit', |
|
| 365 |
'#value' => t('Save Grants'),
|
|
| 366 |
); |
|
| 367 |
return $form; |
|
| 368 |
} |
|
| 369 |
|
|
| 370 |
/** |
|
| 371 |
* Submit function for nodeaccess_admin_form. |
|
| 372 |
*/ |
|
| 373 |
function nodeaccess_admin_form_submit($form, $form_state) {
|
|
| 374 |
$form_values = $form_state['values']; |
|
| 375 |
// Save priority. |
|
| 376 |
variable_set('nodeaccess-priority', $form_values['priority']);
|
|
| 377 |
// Save preserve. |
|
| 378 |
variable_set('nodeaccess-preserve', $form_values['preserve']);
|
|
| 379 |
// Save allowed grants. |
|
| 380 |
foreach ($form_values['grant'] as $id => $val) {
|
|
| 381 |
$allowed_grants[$id] = $val; |
|
| 382 |
} |
|
| 383 |
variable_set('nodeaccess-grants', $allowed_grants);
|
|
| 384 |
// Save allowed roles, role aliases and weights. |
|
| 385 |
$alias_prefs = array(); |
|
| 386 |
$allowed_roles = array(); |
|
| 387 |
foreach ($form_values['role'] as $id => $val) {
|
|
| 388 |
$allowed_roles[$id] = $val['allow']; |
|
| 389 |
// Save alias and weight only for allowed roles. |
|
| 390 |
if ($val['allow']) {
|
|
| 391 |
// If alias is empty, default to role name. |
|
| 392 |
if ($val['alias']) {
|
|
| 393 |
$alias_prefs[$id]['name'] = $val['alias']; |
|
| 394 |
} |
|
| 395 |
else {
|
|
| 396 |
$alias_prefs[$id]['name'] = $val['name']; |
|
| 397 |
} |
|
| 398 |
$alias_prefs[$id]['weight'] = $val['weight']; |
|
| 399 |
} |
|
| 400 |
else {
|
|
| 401 |
// Otherwise, we only save alias if one was specified. |
|
| 402 |
if ($val['alias']) {
|
|
| 403 |
$alias_prefs[$id]['name'] = $val['alias']; |
|
| 404 |
$alias_prefs[$id]['weight'] = $val['weight']; |
|
| 405 |
} |
|
| 406 |
} |
|
| 407 |
} |
|
| 408 |
variable_set('nodeaccess-roles', $allowed_roles);
|
|
| 409 |
nodeaccess_save_role_aliases($alias_prefs); |
|
| 410 |
// Save author and role permissions for each node type. |
|
| 411 |
$author_prefs = array(); |
|
| 412 |
foreach (node_type_get_types() as $type => $name) {
|
|
| 413 |
$grants = array(); |
|
| 414 |
foreach ($form_values[$type]['roles'] as $role => $val) {
|
|
| 415 |
$grants[] = array( |
|
| 416 |
'gid' => $role, |
|
| 417 |
'realm' => 'nodeaccess_rid', |
|
| 418 |
'grant_view' => $val['grant_view'], |
|
| 419 |
'grant_update' => $val['grant_update'], |
|
| 420 |
'grant_delete' => $val['grant_delete'], |
|
| 421 |
); |
|
| 422 |
} |
|
| 423 |
variable_set('nodeaccess_' . $type, $grants);
|
|
| 424 |
if ($form_values[$type]['show']) {
|
|
| 425 |
$allowed_types[$type] = 1; |
|
| 426 |
} |
|
| 427 |
else {
|
|
| 428 |
$allowed_types[$type] = 0; |
|
| 429 |
} |
|
| 430 |
$author_prefs[$type] = $form_values[$type]['author']; |
|
| 431 |
// Also save userreference default permissions if enabled. |
|
| 432 |
if (module_exists('user_reference') && isset($form_values[$type]['user_reference'])) {
|
|
| 433 |
$user_reference_grants = array(); |
|
| 434 |
foreach ($form_values[$type]['user_reference'] as $user_reference_field => $val) {
|
|
| 435 |
$user_reference_grants[$user_reference_field] = array( |
|
| 436 |
'gid' => 'nodeaccess_uid', |
|
| 437 |
'enabled' => $val['enabled'], |
|
| 438 |
'grant_view' => $val['grant_view'], |
|
| 439 |
'grant_update' => $val['grant_update'], |
|
| 440 |
'grant_delete' => $val['grant_delete'], |
|
| 441 |
); |
|
| 442 |
} |
|
| 443 |
variable_set('nodeaccess_' . $type . '_user_reference', $user_reference_grants);
|
|
| 444 |
} |
|
| 445 |
} |
|
| 446 |
variable_set('nodeaccess_authors', $author_prefs);
|
|
| 447 |
// Save allowed node types. |
|
| 448 |
variable_set('nodeaccess-types', $allowed_types);
|
|
| 449 |
node_access_needs_rebuild(TRUE); |
|
| 450 |
drupal_set_message(t('Grants saved.'));
|
|
| 451 |
} |
|
| 452 |
|
|
| 453 |
/** |
|
| 454 |
* Theme function for nodeaccess_admin_form. |
|
| 455 |
*/ |
|
| 456 |
function theme_nodeaccess_admin_form_roles($variables) {
|
|
| 457 |
$output = ''; |
|
| 458 |
$form = $variables['form']; |
|
| 459 |
$rows = array(); |
|
| 460 |
foreach (element_children($form) as $rid) {
|
|
| 461 |
// Classify the weight element for TableDrag. |
|
| 462 |
$form[$rid]['weight']['#attributes']['class'] = array('roles-order-weight');
|
|
| 463 |
|
|
| 464 |
// Mark the table row as draggable for TableDrag. |
|
| 465 |
$row = array( |
|
| 466 |
'data' => array(), |
|
| 467 |
'class' => array('draggable'),
|
|
| 468 |
); |
|
| 469 |
// Render the table columns. |
|
| 470 |
$row['data'][] = drupal_render($form[$rid]['allow']); |
|
| 471 |
$row['data'][] = drupal_render($form[$rid]['alias']); |
|
| 472 |
$row['data'][] = drupal_render($form[$rid]['weight']); |
|
| 473 |
$rows[] = $row; |
|
| 474 |
} |
|
| 475 |
|
|
| 476 |
$header = array(t('Allow Role'), t('Alias'), t('Weight'));
|
|
| 477 |
$output .= theme('table', array(
|
|
| 478 |
'header' => $header, |
|
| 479 |
'rows' => $rows, |
|
| 480 |
'attributes' => array('id' => 'roles-order'),
|
|
| 481 |
)); |
|
| 482 |
$output .= drupal_render_children($form); |
|
| 483 |
|
|
| 484 |
// Attach TableDrag to the table ID and contained weight elements. |
|
| 485 |
drupal_add_tabledrag('roles-order', 'order', 'sibling', 'roles-order-weight');
|
|
| 486 |
|
|
| 487 |
return $output; |
|
| 488 |
} |
|
| 489 |
|
|
| 490 |
/** |
|
| 491 |
* Output the grant table. |
|
| 492 |
* @todo Please document this function. |
|
| 493 |
* @see http://drupal.org/node/1354 |
|
| 494 |
*/ |
|
| 495 |
function theme_nodeaccess_admin_form_types($variables) {
|
|
| 496 |
// @todo Number of parameters does not match hook_theme. |
|
| 497 |
$form = $variables['form']; |
|
| 498 |
$output = drupal_render($form['show']); |
|
| 499 |
$roles = element_children($form['roles']); |
|
| 500 |
$header = array(t('Role'), t('View'), t('Edit'), t('Delete'));
|
|
| 501 |
foreach ($roles as $role) {
|
|
| 502 |
$row = array(); |
|
| 503 |
$row[] = drupal_render($form['roles'][$role]['name']); |
|
| 504 |
$row[] = drupal_render($form['roles'][$role]['grant_view']); |
|
| 505 |
$row[] = drupal_render($form['roles'][$role]['grant_update']); |
|
| 506 |
$row[] = drupal_render($form['roles'][$role]['grant_delete']); |
|
| 507 |
$rows[] = $row; |
|
| 508 |
} |
|
| 509 |
$output .= theme('table', array('header' => $header, 'rows' => $rows));
|
|
| 510 |
$header = array(t('Author Settings'), t('View'), t('Edit'), t('Delete'));
|
|
| 511 |
$row = array(); |
|
| 512 |
$row[] = t('Node author');
|
|
| 513 |
$row[] = drupal_render($form['author']['grant_view']); |
|
| 514 |
$row[] = drupal_render($form['author']['grant_update']); |
|
| 515 |
$row[] = drupal_render($form['author']['grant_delete']); |
|
| 516 |
|
|
| 517 |
$output .= theme('table', array('header' => $header, 'rows' => array($row)));
|
|
| 518 |
|
|
| 519 |
$output .= '<small>' . t('The settings selected for the node author will define what permissions the node author has. This cannot be changed on individual node grants.') . '</small>';
|
|
| 520 |
|
|
| 521 |
if (module_exists('user_reference') && isset($form['user_reference'])) {
|
|
| 522 |
$user_reference_fields = element_children($form['user_reference']); |
|
| 523 |
$header = array(t('User Reference Field'),
|
|
| 524 |
t('Enable this field'),
|
|
| 525 |
t('View'),
|
|
| 526 |
t('Edit'),
|
|
| 527 |
t('Delete'),
|
|
| 528 |
); |
|
| 529 |
$rows = array(); |
|
| 530 |
foreach ($user_reference_fields as $user_reference_field) {
|
|
| 531 |
$row = array(); |
|
| 532 |
|
|
| 533 |
$row[] = $form['user_reference'][$user_reference_field]['name']['#value']; |
|
| 534 |
$row[] = drupal_render($form['user_reference'][$user_reference_field]['enabled']); |
|
| 535 |
$row[] = drupal_render($form['user_reference'][$user_reference_field]['grant_view']); |
|
| 536 |
$row[] = drupal_render($form['user_reference'][$user_reference_field]['grant_update']); |
|
| 537 |
$row[] = drupal_render_children($form['user_reference'][$user_reference_field]['grant_delete']); |
|
| 538 |
$rows[] = $row; |
|
| 539 |
} |
|
| 540 |
$output .= theme('table', array(
|
|
| 541 |
'header' => $header, |
|
| 542 |
'rows' => $rows, |
|
| 543 |
)); |
|
| 544 |
$output .= '<small>' . t('If enabled, the value of the user reference field will be granted the associated permissions. If a user changes the value of the user reference field on a node, the associated user will be modified in the node-specific access table.') . '</small>';
|
|
| 545 |
} |
|
| 546 |
return $output; |
|
| 547 |
} |
|
| 548 | 200 |
|
| 549 | 201 |
/** |
| 550 | 202 |
* Menu callback. Draws the grant tab. |
| 203 |
* |
|
| 204 |
* @param Object $node |
|
| 205 |
* |
|
| 206 |
* @return array |
|
| 207 |
* Form array. |
|
| 551 | 208 |
*/ |
| 552 |
function nodeaccess_grants($node) {
|
|
| 209 |
function nodeaccess_grant_tab($node) {
|
|
| 553 | 210 |
return drupal_get_form('nodeaccess_grants_form', $node);
|
| 554 | 211 |
} |
| 555 | 212 |
|
| 556 | 213 |
/** |
| 557 | 214 |
* Menu callback. Draws the grant tab. |
| 215 |
* |
|
| 216 |
* @param $form |
|
| 217 |
* @param $form_state |
|
| 218 |
* @param $node |
|
| 219 |
* |
|
| 220 |
* @return mixed |
|
| 558 | 221 |
*/ |
| 559 | 222 |
function nodeaccess_grants_form($form, &$form_state, $node) {
|
| 560 |
$form_values = &$form_state['values']; |
|
| 223 |
$form_values = $form_state['values']; |
|
| 224 |
|
|
| 561 | 225 |
if (!$form_values) {
|
| 562 | 226 |
$form_values = array(); |
| 563 |
// Load all roles. |
|
| 564 |
$result = db_query("SELECT r.rid, nra.name, na.grant_view, na.grant_update, na.grant_delete
|
|
| 565 |
FROM {role} r
|
|
| 566 |
LEFT JOIN {nodeaccess_role_alias} nra ON r.rid = nra.rid
|
|
| 567 |
LEFT JOIN {node_access} na ON r.rid = na.gid AND na.realm = :realm AND na.nid = :nid
|
|
| 568 |
ORDER BY nra.weight, nra.name", array(':realm' => 'nodeaccess_rid', ':nid' => $node->nid));
|
|
| 569 |
foreach ($result as $grant) {
|
|
| 570 |
$form_values['rid'][$grant->rid] = array( |
|
| 571 |
'name' => $grant->name, |
|
| 572 |
'grant_view' => (boolean) $grant->grant_view, |
|
| 573 |
'grant_update' => (boolean) $grant->grant_update, |
|
| 574 |
'grant_delete' => (boolean) $grant->grant_delete, |
|
| 575 |
); |
|
| 227 |
$grants = nodeaccess_get_grants($node); |
|
| 228 |
$form_values['rid'] = isset($grants['rid']) ? $grants['rid'] : array(); |
|
| 229 |
$form_values['uid'] = isset($grants['uid']) ? $grants['uid'] : array(); |
|
| 230 |
} |
|
| 231 |
elseif ($form_values['keys']) {
|
|
| 232 |
$name = preg_replace('!\*+!', '%', $form_values['keys']);
|
|
| 233 |
$uid = array_keys($form_values['uid']); |
|
| 234 |
|
|
| 235 |
$query = db_select('users', 'u')
|
|
| 236 |
->fields('u', array('uid', 'name'))
|
|
| 237 |
->condition('name', $name, "LIKE");
|
|
| 238 |
|
|
| 239 |
if (isset($form_values['uid']) && count($form_values['uid'])) {
|
|
| 240 |
$query->condition('uid', $uid, 'NOT IN');
|
|
| 576 | 241 |
} |
| 577 |
// Load users from node_access. |
|
| 578 |
$results = db_query("SELECT uid, name, grant_view, grant_update, grant_delete
|
|
| 579 |
FROM {node_access}
|
|
| 580 |
LEFT JOIN {users} ON uid = gid
|
|
| 581 |
WHERE nid = :nid AND realm = :realm |
|
| 582 |
ORDER BY name", array( |
|
| 583 |
':nid' => $node->nid, |
|
| 584 |
':realm' => 'nodeaccess_uid', |
|
| 585 |
)); |
|
| 586 |
foreach ($results as $account) {
|
|
| 242 |
|
|
| 243 |
$result = $query->execute(); |
|
| 244 |
while ($account = $result->fetch()) {
|
|
| 587 | 245 |
$form_values['uid'][$account->uid] = array( |
| 588 | 246 |
'name' => $account->name, |
| 589 | 247 |
'keep' => 1, |
| 590 |
'grant_view' => $account->grant_view, |
|
| 591 |
'grant_update' => $account->grant_update, |
|
| 592 |
'grant_delete' => $account->grant_delete, |
|
| 248 |
'grant_view' => isset($form_values['rid'][DRUPAL_AUTHENTICATED_RID]['grant_view']) ? |
|
| 249 |
$form_values['rid'][DRUPAL_AUTHENTICATED_RID]['grant_view'] : 0, |
|
| 250 |
'grant_update' => isset($form_values['rid'][DRUPAL_AUTHENTICATED_RID]['grant_update']) ? |
|
| 251 |
$form_values['rid'][DRUPAL_AUTHENTICATED_RID]['grant_update'] : 0, |
|
| 252 |
'grant_delete' => isset($form_values['rid'][DRUPAL_AUTHENTICATED_RID]['grant_delete']) ? |
|
| 253 |
$form_values['rid'][DRUPAL_AUTHENTICATED_RID]['grant_delete'] : 0, |
|
| 593 | 254 |
); |
| 594 | 255 |
} |
| 595 | 256 |
} |
| 596 |
else {
|
|
| 597 |
// Perform search. |
|
| 598 |
if ($form_values['keys']) {
|
|
| 599 |
// @todo rewrite |
|
| 600 |
$params = array(); |
|
| 601 |
$sql = "SELECT uid, name FROM {users} WHERE name LIKE :name";
|
|
| 602 |
$name = preg_replace('!\*+!', '%', $form_values['keys']);
|
|
| 603 |
$params[':name'] = $name; |
|
| 604 |
$users = ''; |
|
| 605 |
if (isset($form_values['uid']) && is_array($form_values['uid'])) {
|
|
| 606 |
$sql .= ' AND uid NOT IN (:uid)'; |
|
| 607 |
$users = implode(',', array_keys($form_values['uid']));
|
|
| 608 |
$params[':uid'] = $users; |
|
| 609 |
} |
|
| 610 |
|
|
| 611 |
$result = db_query($sql, $params); |
|
| 612 |
foreach ($result as $account) {
|
|
| 613 | 257 |
|
| 614 |
$form_values['uid'][$account->uid] = array( |
|
| 615 |
'name' => $account->name, |
|
| 616 |
'keep' => 0, |
|
| 617 |
); |
|
| 618 |
} |
|
| 619 |
} |
|
| 620 |
// Calculate default grants for found users. |
|
| 621 |
// rewrite |
|
| 622 |
if (isset($form_values['uid']) && is_array($form_values['uid'])) {
|
|
| 623 |
foreach (array_keys($form_values['uid']) as $uid) {
|
|
| 624 |
if (!$form_values['uid'][$uid]['keep']) {
|
|
| 625 |
foreach (array('grant_view', 'grant_update', 'grant_delete') as $grant_type) {
|
|
| 626 |
$form_values['uid'][$uid][$grant_type] = db_query_range("SELECT count(*) FROM {node_access} na LEFT JOIN {users_roles} r ON na.gid = r.rid WHERE nid = :nid AND realm = :realm AND uid = :uid AND $grant_type = 1",
|
|
| 627 |
0, 1, |
|
| 628 |
array( |
|
| 629 |
':nid' => $node->nid, |
|
| 630 |
':realm' => 'nodeaccess_rid', |
|
| 631 |
':uid' => $uid, |
|
| 632 |
))->fetchField() || |
|
| 633 |
db_query_range("SELECT count(*) FROM {node_access} na WHERE nid = :nid AND realm = :realm AND gid = :gid AND $grant_type = 1",
|
|
| 634 |
0, 1, |
|
| 635 |
array( |
|
| 636 |
':nid' => $node->nid, |
|
| 637 |
':realm' => 'nodeaccess_uid', |
|
| 638 |
':gid' => $uid, |
|
| 639 |
) |
|
| 640 |
)->fetchField(); |
|
| 641 |
} |
|
| 642 |
$form_values['uid'][$uid]['keep'] = TRUE; |
|
| 643 |
} |
|
| 644 |
} |
|
| 645 |
} |
|
| 646 |
} |
|
| 647 | 258 |
if (!isset($form_values['rid'])) {
|
| 648 | 259 |
$form_values['rid'] = array(); |
| 649 | 260 |
} |
| ... | ... | |
| 665 | 276 |
// If $preserve is TRUE, the fields the user is not allowed to view or |
| 666 | 277 |
// edit are included in the form as hidden fields to preserve them. |
| 667 | 278 |
$preserve = variable_get('nodeaccess-preserve', 1);
|
| 668 |
|
|
| 669 | 279 |
// Roles table. |
| 670 | 280 |
if (is_array($roles)) {
|
| 671 | 281 |
$form['rid'] = array('#tree' => TRUE);
|
| 672 | 282 |
foreach ($roles as $key => $field) {
|
| 673 | 283 |
if (isset($allowed_roles[$key]) && $allowed_roles[$key]) {
|
| 674 |
$form['rid'][$key]['name'] = array( |
|
| 284 |
$form['rid'][$key]['name'] = array( |
|
| 285 |
'#type' => 'hidden', |
|
| 286 |
'#value' => $field['name'], |
|
| 287 |
); |
|
| 288 |
if ($allowed_grants['view']) {
|
|
| 289 |
$form['rid'][$key]['grant_view'] = array( |
|
| 290 |
'#type' => 'checkbox', |
|
| 291 |
'#default_value' => $field['grant_view'], |
|
| 292 |
); |
|
| 293 |
} |
|
| 294 |
elseif ($preserve) {
|
|
| 295 |
$form['rid'][$key]['grant_view'] = array( |
|
| 675 | 296 |
'#type' => 'hidden', |
| 676 |
'#value' => $field['name'],
|
|
| 297 |
'#value' => $field['grant_view'],
|
|
| 677 | 298 |
); |
| 678 |
if ($allowed_grants['view']) {
|
|
| 679 |
$form['rid'][$key]['grant_view'] = array( |
|
| 680 |
'#type' => 'checkbox', |
|
| 681 |
'#default_value' => $field['grant_view'], |
|
| 682 |
); |
|
| 683 |
} |
|
| 684 |
elseif ($preserve) {
|
|
| 685 |
$form['rid'][$key]['grant_view'] = array( |
|
| 686 |
'#type' => 'hidden', |
|
| 687 |
'#value' => $field['grant_view'], |
|
| 688 |
); |
|
| 689 |
} |
|
| 690 |
if ($allowed_grants['edit']) {
|
|
| 691 |
$form['rid'][$key]['grant_update'] = array( |
|
| 692 |
'#type' => 'checkbox', |
|
| 693 |
'#default_value' => $field['grant_update'], |
|
| 694 |
); |
|
| 695 |
} |
|
| 696 |
elseif ($preserve) {
|
|
| 697 |
$form['rid'][$key]['grant_update'] = array( |
|
| 698 |
'#type' => 'hidden', |
|
| 699 |
'#value' => $field['grant_update'], |
|
| 700 |
); |
|
| 701 |
} |
|
| 702 |
if ($allowed_grants['delete']) {
|
|
| 703 |
$form['rid'][$key]['grant_delete'] = array( |
|
| 704 |
'#type' => 'checkbox', |
|
| 705 |
'#default_value' => $field['grant_delete'], |
|
| 706 |
); |
|
| 707 |
} |
|
| 708 |
elseif ($preserve) {
|
|
| 709 |
$form['rid'][$key]['grant_delete'] = array( |
|
| 710 |
'#type' => 'hidden', |
|
| 711 |
'#value' => $field['grant_delete'], |
|
| 712 |
); |
|
| 713 |
} |
|
| 299 |
} |
|
| 300 |
if ($allowed_grants['edit']) {
|
|
| 301 |
$form['rid'][$key]['grant_update'] = array( |
|
| 302 |
'#type' => 'checkbox', |
|
| 303 |
'#default_value' => $field['grant_update'], |
|
| 304 |
); |
|
| 305 |
} |
|
| 306 |
elseif ($preserve) {
|
|
| 307 |
$form['rid'][$key]['grant_update'] = array( |
|
| 308 |
'#type' => 'hidden', |
|
| 309 |
'#value' => $field['grant_update'], |
|
| 310 |
); |
|
| 311 |
} |
|
| 312 |
if ($allowed_grants['delete']) {
|
|
| 313 |
$form['rid'][$key]['grant_delete'] = array( |
|
| 314 |
'#type' => 'checkbox', |
|
| 315 |
'#default_value' => $field['grant_delete'], |
|
| 316 |
); |
|
| 317 |
} |
|
| 318 |
elseif ($preserve) {
|
|
| 319 |
$form['rid'][$key]['grant_delete'] = array( |
|
| 320 |
'#type' => 'hidden', |
|
| 321 |
'#value' => $field['grant_delete'], |
|
| 322 |
); |
|
| 323 |
} |
|
| 714 | 324 |
} |
| 715 | 325 |
elseif ($preserve) {
|
| 716 | 326 |
$form['rid'][$key]['name'] = array( |
| ... | ... | |
| 810 | 420 |
'#type' => 'submit', |
| 811 | 421 |
'#value' => t('Save Grants'),
|
| 812 | 422 |
); |
| 423 |
|
|
| 813 | 424 |
return $form; |
| 814 | 425 |
} |
| 815 | 426 |
|
| 427 |
|
|
| 816 | 428 |
/** |
| 817 | 429 |
* Validate function for nodeaccess_grants_form. |
| 430 |
* |
|
| 431 |
* @param array $form |
|
| 432 |
* @param array &$form_state |
|
| 818 | 433 |
*/ |
| 819 |
function nodeaccess_grants_form_validate($form, $form_state) {
|
|
| 434 |
function nodeaccess_grants_form_validate($form, &$form_state) {
|
|
| 820 | 435 |
$form_values = &$form_state['values']; |
| 436 |
|
|
| 821 | 437 |
// Delete unkept users. |
| 822 | 438 |
if (isset($form_values['uid']) && is_array($form_values['uid'])) {
|
| 823 | 439 |
foreach ($form_values['uid'] as $uid => $row) {
|
| ... | ... | |
| 826 | 442 |
} |
| 827 | 443 |
} |
| 828 | 444 |
} |
| 445 |
|
|
| 829 | 446 |
if (!isset($form_values['uid'])) {
|
| 830 | 447 |
unset($form_values['uid']); |
| 831 | 448 |
} |
| 832 |
|
|
| 833 | 449 |
} |
| 834 | 450 |
|
| 835 | 451 |
/** |
| 836 | 452 |
* Submit function for nodeaccess_grants_form. |
| 453 |
* |
|
| 454 |
* @param array $form |
|
| 455 |
* @param array &$form_state |
|
| 837 | 456 |
*/ |
| 838 | 457 |
function nodeaccess_grants_form_submit($form, &$form_state) {
|
| 839 | 458 |
|
| ... | ... | |
| 848 | 467 |
} |
| 849 | 468 |
} |
| 850 | 469 |
|
| 470 |
|
|
| 851 | 471 |
/** |
| 852 | 472 |
* Private function to submit the per-node grants table. |
| 473 |
* |
|
| 474 |
* @param array $form |
|
| 475 |
* @param array &$form_state |
|
| 853 | 476 |
*/ |
| 854 |
function _nodeaccess_grants_form_submit($form, $form_state) {
|
|
| 477 |
function _nodeaccess_grants_form_submit($form, &$form_state) {
|
|
| 855 | 478 |
$form_values = &$form_state['values']; |
| 856 |
global $user; |
|
| 479 |
|
|
| 857 | 480 |
$grants = array(); |
| 858 | 481 |
$nid = $form_values['nid']; |
| 859 | 482 |
$node = node_load($nid); |
| 483 |
|
|
| 860 | 484 |
foreach (array('uid', 'rid') as $type) {
|
| 861 | 485 |
$realm = 'nodeaccess_' . $type; |
| 486 |
|
|
| 862 | 487 |
if (isset($form_values[$type]) && is_array($form_values[$type])) {
|
| 863 | 488 |
foreach ($form_values[$type] as $gid => $line) {
|
| 864 | 489 |
$grant = array( |
| 865 | 490 |
'gid' => $gid, |
| 866 | 491 |
'realm' => $realm, |
| 867 |
'grant_view' => empty($line['grant_view']) ? 0 : $line['grant_view'],
|
|
| 868 |
'grant_update' => empty($line['grant_update']) ? 0 : $line['grant_update'],
|
|
| 869 |
'grant_delete' => empty($line['grant_delete']) ? 0 : $line['grant_delete'],
|
|
| 492 |
'grant_view' => empty($line['grant_view']) ? 0 : 1,
|
|
| 493 |
'grant_update' => empty($line['grant_update']) ? 0 : 1,
|
|
| 494 |
'grant_delete' => empty($line['grant_delete']) ? 0 : 1,
|
|
| 870 | 495 |
); |
| 871 |
if ($grant['grant_view'] || $grant['grant_update'] || $grant['grant_delete']) {
|
|
| 872 |
$grants[] = $grant; |
|
| 873 |
} |
|
| 496 |
$grants[] = $grant; |
|
| 874 | 497 |
} |
| 875 | 498 |
} |
| 876 |
node_access_write_grants($node, $grants, $realm); |
|
| 877 |
} |
|
| 878 |
|
|
| 879 |
// Save role and user grants to our own table. |
|
| 880 |
db_delete('nodeaccess')
|
|
| 881 |
->condition('nid', $nid)
|
|
| 882 |
->execute(); |
|
| 883 |
foreach ($grants as $grant) {
|
|
| 884 |
$id = db_insert('nodeaccess')
|
|
| 885 |
->fields(array( |
|
| 886 |
'nid' => $nid, |
|
| 887 |
'gid' => $grant['gid'], |
|
| 888 |
'realm' => $grant['realm'], |
|
| 889 |
'grant_view' => $grant['grant_view'], |
|
| 890 |
'grant_update' => $grant['grant_update'], |
|
| 891 |
'grant_delete' => $grant['grant_delete'], |
|
| 892 |
)) |
|
| 893 |
->execute(); |
|
| 894 | 499 |
} |
| 500 |
nodeaccess_set_grants($node, $grants); |
|
| 895 | 501 |
} |
| 896 | 502 |
|
| 897 | 503 |
/** |
| 898 | 504 |
* Theme function for nodeaccess_grants_form. |
| 505 |
* |
|
| 506 |
* @param array $vars |
|
| 507 |
* |
|
| 508 |
* @return string |
|
| 899 | 509 |
*/ |
| 900 |
function theme_nodeaccess_grants_form($variables) {
|
|
| 510 |
function theme_nodeaccess_grants_form($vars) {
|
|
| 901 | 511 |
$output = ''; |
| 902 |
// @todo: Number of parameters in this theme function does not match number |
|
| 903 |
// of parameters found in hook_theme. |
|
| 904 |
$form = $variables['form']; |
|
| 512 |
|
|
| 513 |
$form = $vars['form']; |
|
| 905 | 514 |
$rows = array(); |
| 906 | 515 |
$allowed_roles = variable_get('nodeaccess-roles', array());
|
| 907 | 516 |
$allowed_grants = variable_get('nodeaccess-grants', array());
|
| ... | ... | |
| 918 | 527 |
|
| 919 | 528 |
// Roles table. |
| 920 | 529 |
$roles = element_children($form['rid']); |
| 530 |
|
|
| 921 | 531 |
if (count($roles) && count($allowed_roles)) {
|
| 922 | 532 |
$header = array(); |
| 923 | 533 |
$header[] = t('Role');
|
| 534 |
|
|
| 924 | 535 |
if ($allowed_grants['view']) {
|
| 925 | 536 |
$header[] = t('View');
|
| 926 | 537 |
} |
| 538 |
|
|
| 927 | 539 |
if ($allowed_grants['edit']) {
|
| 928 | 540 |
$header[] = t('Edit');
|
| 929 | 541 |
} |
| 542 |
|
|
| 930 | 543 |
if ($allowed_grants['delete']) {
|
| 931 | 544 |
$header[] = t('Delete');
|
| 932 | 545 |
} |
| 546 |
|
|
| 933 | 547 |
foreach ($roles as $key) {
|
| 548 |
|
|
| 934 | 549 |
if (isset($allowed_roles[$key]) && $allowed_roles[$key]) {
|
| 935 | 550 |
$row = array(); |
| 936 | 551 |
$row[] = $role_names[$key] . drupal_render($form['rid'][$key]['name']); |
| 552 |
|
|
| 937 | 553 |
if ($allowed_grants['view']) {
|
| 938 | 554 |
$row[] = drupal_render($form['rid'][$key]['grant_view']); |
| 939 | 555 |
} |
| 556 |
|
|
| 940 | 557 |
if ($allowed_grants['edit']) {
|
| 941 | 558 |
$row[] = drupal_render($form['rid'][$key]['grant_update']); |
| 942 | 559 |
} |
| 560 |
|
|
| 943 | 561 |
if ($allowed_grants['delete']) {
|
| 944 | 562 |
$row[] = drupal_render($form['rid'][$key]['grant_delete']); |
| 945 | 563 |
} |
| ... | ... | |
| 960 | 578 |
// Users table. |
| 961 | 579 |
unset($rows); |
| 962 | 580 |
$users = element_children($form['uid']); |
| 581 |
|
|
| 963 | 582 |
if (count($users) > 0) {
|
| 964 | 583 |
$header = array(); |
| 965 | 584 |
$rows = array(); |
| ... | ... | |
| 997 | 616 |
return $output; |
| 998 | 617 |
} |
| 999 | 618 |
|
| 619 |
|
|
| 1000 | 620 |
/** |
| 1001 | 621 |
* Implements hook_node_grants(). |
| 622 |
* |
|
| 623 |
* @param Object $account |
|
| 624 |
* @parap string $op |
|
| 625 |
* |
|
| 626 |
* @return array |
|
| 1002 | 627 |
*/ |
| 1003 | 628 |
function nodeaccess_node_grants($account, $op) {
|
| 1004 | 629 |
$roles = is_array($account->roles) ? array_keys($account->roles) : array(-1); |
| ... | ... | |
| 1011 | 636 |
|
| 1012 | 637 |
/** |
| 1013 | 638 |
* Implements hook_node_update(). |
| 639 |
* |
|
| 640 |
* @param Object $node |
|
| 1014 | 641 |
*/ |
| 1015 | 642 |
function nodeaccess_node_update($node) {
|
| 1016 |
// Node author may have changed, overwrite old record. |
|
| 1017 |
$author_prefs = variable_get('nodeaccess_authors', array());
|
|
| 1018 |
// Array is prepopulated with grant values. |
|
| 1019 |
$grant = $author_prefs[$node->type]; |
|
| 1020 |
$grant['gid'] = $node->uid; |
|
| 1021 |
$grant['realm'] = 'nodeaccess_author'; |
|
| 1022 |
$grants = array(); |
|
| 1023 |
$grants[] = $grant; |
|
| 1024 |
node_access_write_grants($node, $grants, 'nodeaccess_author'); |
|
| 1025 | 643 |
if (module_exists('user_reference')) {
|
| 1026 | 644 |
$fields = variable_get('nodeaccess_' . $node->type . '_user_reference', array());
|
| 1027 | 645 |
foreach (array_keys($fields) as $field_name) {
|
| ... | ... | |
| 1041 | 659 |
|
| 1042 | 660 |
/** |
| 1043 | 661 |
* Implements hook_node_delete(). |
| 662 |
* |
|
| 663 |
* @param Object $node |
|
| 1044 | 664 |
*/ |
| 1045 | 665 |
function nodeaccess_node_delete($node) {
|
| 1046 | 666 |
// Deleting node, delete related permissions. |
| 1047 |
db_delete('nodeaccess')
|
|
| 1048 |
->condition('nid', $node->nid)
|
|
| 1049 |
->execute(); |
|
| 1050 |
foreach (array('uid', 'rid', 'author') as $type) {
|
|
| 1051 |
$realm = 'nodeaccess_' . $type; |
|
| 1052 |
node_access_write_grants($node, array(), $realm); |
|
| 1053 |
} |
|
| 667 |
nodeaccess_delete_grants($node); |
|
| 1054 | 668 |
} |
| 1055 | 669 |
|
| 1056 | 670 |
/** |
| 1057 | 671 |
* Implements hook_node_access_records(). |
| 672 |
* |
|
| 673 |
* @param Object $node |
|
| 674 |
* |
|
| 675 |
* @return array|NULL |
|
| 1058 | 676 |
*/ |
| 1059 | 677 |
function nodeaccess_node_access_records($node) {
|
| 1060 |
if (nodeaccess_disabling()) {
|
|
| 1061 |
return; |
|
| 678 |
if (nodeaccess_disabling() || !$node->status) {
|
|
| 679 |
return NULL;
|
|
| 1062 | 680 |
} |
| 681 |
|
|
| 1063 | 682 |
// Need to find out if node has own grants or whether to use defaults. |
| 1064 | 683 |
$default = variable_get('nodeaccess_' . $node->type, array());
|
| 1065 | 684 |
|
| ... | ... | |
| 1073 | 692 |
'priority' => variable_get('nodeaccess-priority', 0),
|
| 1074 | 693 |
); |
| 1075 | 694 |
|
| 1076 |
$result = db_query("SELECT count(*) FROM {nodeaccess} WHERE nid = :nid", array(':nid' => $node->nid))->fetchField();
|
|
| 1077 |
if ($result < 1) {
|
|
| 1078 |
// Node has no own grants, use defaults if published. |
|
| 1079 |
if ($node->status) {
|
|
| 1080 |
$grants = $default; |
|
| 1081 |
} |
|
| 1082 |
else {
|
|
| 1083 |
// Otherwise, check access to unpublished content for authenticated and |
|
| 1084 |
// anonymous users. |
|
| 1085 |
$role_perms = user_role_permissions(array( |
|
| 1086 |
DRUPAL_ANONYMOUS_RID => DRUPAL_ANONYMOUS_RID, |
|
| 1087 |
DRUPAL_AUTHENTICATED_RID => DRUPAL_AUTHENTICATED_RID, |
|
| 1088 |
)); |
|
| 1089 |
// Anonymous user setting. |
|
| 1090 |
$grants = array(); |
|
| 1091 |
$grants[] = array( |
|
| 1092 |
'gid' => DRUPAL_ANONYMOUS_RID, |
|
| 1093 |
'grant_view' => isset($role_perms[DRUPAL_ANONYMOUS_RID]['bypass node access']) ? |
|
| 1094 |
intval($role_perms[DRUPAL_ANONYMOUS_RID]['bypass node access']) : 0, |
|
| 1095 |
); |
|
| 1096 |
// Authenticated user setting. |
|
| 1097 |
$grants[] = array( |
|
| 1098 |
'gid' => DRUPAL_AUTHENTICATED_RID, |
|
| 1099 |
'grant_view' => isset($role_perms[DRUPAL_AUTHENTICATED_RID]['bypass node access']) ? |
|
| 1100 |
intval($role_perms[DRUPAL_AUTHENTICATED_RID]['bypass node access']) : 0, |
|
| 1101 |
); |
|
| 1102 |
} |
|
| 695 |
$query = db_select('nodeaccess', 'n')
|
|
| 696 |
->fields('n', array('gid', 'realm', 'grant_view', 'grant_update', 'grant_delete'))
|
|
| 697 |
->condition('nid', $node->nid, '=');
|
|
| 698 |
$result = $query->execute(); |
|
| 699 |
if (!$result->rowCount()) {
|
|
| 700 |
// Node has no own grants, use defaults. |
|
| 701 |
$grants = $default; |
|
| 1103 | 702 |
} |
| 1104 | 703 |
else {
|
| 1105 | 704 |
// Node has own grants, use them. |
| 1106 |
$result = db_query("SELECT nid, gid, realm, grant_view, grant_update, grant_delete FROM {nodeaccess} WHERE nid = :nid", array(':nid' => $node->nid));
|
|
| 1107 | 705 |
$grants = array(); |
| 1108 |
foreach ($result as $row) {
|
|
| 1109 |
$grants[] = array( |
|
| 1110 |
'gid' => $row->gid, |
|
| 1111 |
'realm' => $row->realm, |
|
| 1112 |
'grant_view' => $row->grant_view, |
|
| 1113 |
'grant_update' => $row->grant_update, |
|
| 1114 |
'grant_delete' => $row->grant_delete, |
|
| 1115 |
); |
|
| 706 |
while ($row = $result->fetchAssoc()) {
|
|
| 707 |
$grants[] = $row; |
|
| 1116 | 708 |
} |
| 1117 | 709 |
} |
| 710 |
|
|
| 1118 | 711 |
// Apply author grants. |
| 1119 | 712 |
$author_prefs = variable_get('nodeaccess_authors', array());
|
| 1120 |
// Array is prepopulated with grant values. |
|
| 713 |
// Array is pre-populated with grant values.
|
|
| 1121 | 714 |
$grant = $author_prefs[$node->type]; |
| 1122 | 715 |
$grant['gid'] = $node->uid; |
| 1123 | 716 |
$grant['realm'] = 'nodeaccess_author'; |
| ... | ... | |
| 1129 | 722 |
// Merge missing default grant keys. |
| 1130 | 723 |
$grants[$id] = $grants[$id] + $grant_defaults; |
| 1131 | 724 |
} |
| 725 |
|
|
| 1132 | 726 |
return $grants; |
| 1133 | 727 |
} |
| 1134 | 728 |
|
| 729 |
|
|
| 1135 | 730 |
/** |
| 1136 | 731 |
* Mark module to be in process of disabling. |
| 1137 | 732 |
* |
| ... | ... | |
| 1139 | 734 |
* |
| 1140 | 735 |
* @param mixed $set |
| 1141 | 736 |
* A boolean set or NULL to not change status. |
| 737 |
* |
|
| 738 |
* @return bool |
|
| 1142 | 739 |
*/ |
| 1143 | 740 |
function nodeaccess_disabling($set = NULL) {
|
| 1144 | 741 |
static $disabling = FALSE; |
| 742 |
|
|
| 1145 | 743 |
if ($set !== NULL) {
|
| 1146 | 744 |
$disabling = $set; |
| 1147 | 745 |
} |
| 746 |
|
|
| 1148 | 747 |
return $disabling; |
| 1149 | 748 |
} |
| 1150 | 749 |
|
| 750 |
|
|
| 1151 | 751 |
/** |
| 1152 | 752 |
* Implements hook_node_type_delete(). |
| 753 |
* |
|
| 754 |
* @param Object $info |
|
| 1153 | 755 |
*/ |
| 1154 | 756 |
function nodeaccess_node_type_delete($info) {
|
| 1155 | 757 |
// Node type is being deleted, delete its preferences. |
| ... | ... | |
| 1159 | 761 |
variable_set('nodeaccess_authors', $author_prefs);
|
| 1160 | 762 |
} |
| 1161 | 763 |
|
| 764 |
|
|
| 1162 | 765 |
/** |
| 1163 | 766 |
* Implements hook_node_type_update(). |
| 767 |
* |
|
| 768 |
* @param Object $info |
|
| 1164 | 769 |
*/ |
| 1165 | 770 |
function nodeaccess_node_type_update($info) {
|
| 1166 | 771 |
// Node type has changed, move preferences to new type. |
| ... | ... | |
| 1179 | 784 |
} |
| 1180 | 785 |
} |
| 1181 | 786 |
|
| 787 |
|
|
| 1182 | 788 |
/** |
| 1183 | 789 |
* Implements hook_node_type_insert(). |
| 790 |
* |
|
| 791 |
* @param Object $info |
|
| 1184 | 792 |
*/ |
| 1185 | 793 |
function nodeaccess_node_type_insert($info) {
|
| 1186 | 794 |
// New node type, default to whatever is set for access content permission. |
| 1187 | 795 |
$role_perms = user_role_permissions(array(1 => 1, 2 => 2)); |
| 1188 |
$role_perms[1]['access content'] = isset($role_perms[1]['access content'])?
|
|
| 796 |
$role_perms[DRUPAL_ANONYMOUS_RID]['access content'] = isset($role_perms[1]['access content']) ?
|
|
| 1189 | 797 |
intval($role_perms[1]['access content']) : 0; |
| 1190 |
$role_perms[2]['access content'] = isset($role_perms[2]['access content'])?
|
|
| 798 |
$role_perms[DRUPAL_AUTHENTICATED_RID]['access content'] = isset($role_perms[2]['access content']) ?
|
|
| 1191 | 799 |
intval($role_perms[2]['access content']) : 0; |
| 1192 | 800 |
$grants[] = array( |
| 1193 |
'gid' => 1,
|
|
| 801 |
'gid' => DRUPAL_ANONYMOUS_RID,
|
|
| 1194 | 802 |
'realm' => 'nodeaccess_rid', |
| 1195 |
'grant_view' => $role_perms[1]['access content'],
|
|
| 803 |
'grant_view' => $role_perms[DRUPAL_ANONYMOUS_RID]['access content'],
|
|
| 1196 | 804 |
'grant_update' => 0, |
| 1197 | 805 |
'grant_delete' => 0, |
| 1198 | 806 |
); |
| 1199 | 807 |
$grants[] = array( |
| 1200 |
'gid' => 2,
|
|
| 808 |
'gid' => DRUPAL_AUTHENTICATED_RID,
|
|
| 1201 | 809 |
'realm' => 'nodeaccess_rid', |
| 1202 |
'grant_view' => $role_perms[1]['access content'],
|
|
| 810 |
'grant_view' => $role_perms[DRUPAL_AUTHENTICATED_RID]['access content'],
|
|
| 1203 | 811 |
'grant_update' => 0, |
| 1204 | 812 |
'grant_delete' => 0, |
| 1205 | 813 |
); |
| 1206 | 814 |
variable_set('nodeaccess_' . $info->type, $grants);
|
| 1207 |
// Add all permissions for author. |
|
| 815 |
|
|
| 816 |
// Add permissions for author. |
|
| 1208 | 817 |
$author_prefs = variable_get('nodeaccess_authors', array());
|
| 1209 | 818 |
$author_prefs[$info->type] = array( |
| 1210 | 819 |
'grant_view' => 0, |
| 1211 | 820 |
'grant_update' => 0, |
| 1212 | 821 |
'grant_delete' => 0, |
| 1213 | 822 |
); |
| 823 |
|
|
| 1214 | 824 |
variable_set('nodeaccess_authors', $author_prefs);
|
| 1215 | 825 |
node_access_needs_rebuild(TRUE); |
| 1216 | 826 |
} |
| 1217 | 827 |
|
| 828 |
|
|
| 1218 | 829 |
/** |
| 1219 | 830 |
* Retrieve role aliases. |
| 1220 | 831 |
* |
| 1221 |
* @return array or role aliases indexed by rid. |
|
| 832 |
* @return array |
|
| 833 |
* Role aliases indexed by rid. |
|
| 1222 | 834 |
*/ |
| 1223 | 835 |
function nodeaccess_get_role_aliases() {
|
| 1224 | 836 |
$aliases = array(); |
| 1225 |
$sql = 'SELECT r.rid, r.name, a.name AS alias, a.weight |
|
| 1226 |
FROM {role} r
|
|
| 1227 |
LEFT JOIN {nodeaccess_role_alias} a ON r.rid = a.rid
|
|
| 1228 |
ORDER BY a.weight, r.weight, a.name, r.name'; |
|
| 1229 |
$results = db_query($sql); |
|
| 1230 |
foreach ($results as $a) {
|
|
| 837 |
$query = db_select('role', 'r');
|
|
| 838 |
$query->join('nodeaccess_role_alias', 'a', 'r.rid = a.rid');
|
|
| 839 |
$query->fields('r', array('rid', 'name'));
|
|
| 840 |
$query->addField('a', 'name', 'alias');
|
|
| 841 |
$query->addField('a', 'weight');
|
|
| 842 |
$query->orderBy('a.weight');
|
|
| 843 |
$query->orderBy('r.weight');
|
|
| 844 |
$query->orderBy('a.name');
|
|
| 845 |
$query->orderBy('r.name');
|
|
| 846 |
$result = $query->execute(); |
|
| 847 |
while($a = $result->fetch()) {
|
|
| 1231 | 848 |
$aliases[$a->rid]['name'] = $a->name; |
| 1232 | 849 |
$aliases[$a->rid]['alias'] = $a->alias; |
| 1233 | 850 |
$aliases[$a->rid]['weight'] = $a->weight; |
| ... | ... | |
| 1235 | 852 |
return $aliases; |
| 1236 | 853 |
} |
| 1237 | 854 |
|
| 1238 |
|
|
| 1239 | 855 |
/** |
| 1240 | 856 |
* Save a role alias. |
| 1241 | 857 |
* |
| ... | ... | |
| 1253 | 869 |
))->execute(); |
| 1254 | 870 |
} |
| 1255 | 871 |
} |
| 1256 |
|
|
| 1257 | 872 |
return; |
| 1258 | 873 |
} |
| 1259 | 874 |
|
| 1260 | 875 |
/** |
| 1261 | 876 |
* Insert userreference grants from a node. |
| 877 |
* |
|
| 878 |
* @param Object $node |
|
| 1262 | 879 |
*/ |
| 1263 | 880 |
function nodeaccess_insert_user_reference($node) {
|
| 1264 |
$form_values = _nodeaccess_get_grants($node);
|
|
| 881 |
$form_values = nodeaccess_get_grants($node); |
|
| 1265 | 882 |
// Now, append or overwrite the uid with what was specified in the user |
| 1266 | 883 |
// reference field. |
| 1267 | 884 |
$fields = variable_get('nodeaccess_' . $node->type . '_user_reference', array());
|
| ... | ... | |
| 1289 | 906 |
|
| 1290 | 907 |
/** |
| 1291 | 908 |
* Delete all userreference user grants from a node. |
| 909 |
* |
|
| 910 |
* @param Object $node |
|
| 1292 | 911 |
*/ |
| 1293 | 912 |
function nodeaccess_delete_user_reference($node) {
|
| 1294 |
$form_values = _nodeaccess_get_grants($node);
|
|
| 913 |
$form_values = nodeaccess_get_grants($node); |
|
| 1295 | 914 |
// Now, append or overwrite the uid with what was specified in the user |
| 1296 | 915 |
// reference field. |
| 1297 | 916 |
$fields = variable_get('nodeaccess_' . $node->type . '_user_reference', array());
|
| ... | ... | |
| 1304 | 923 |
} |
| 1305 | 924 |
$form_values['nid'] = $node->nid; |
| 1306 | 925 |
$form_state = array('values' => $form_values);
|
| 926 |
|
|
| 1307 | 927 |
_nodeaccess_grants_form_submit(NULL, $form_state); |
| 1308 | 928 |
} |
| 1309 | 929 |
|
| 1310 | 930 |
/** |
| 1311 | 931 |
* Return the grants applied to a node object used for Grant form. |
| 1312 | 932 |
* |
| 933 |
* @param Object $node |
|
| 934 |
* |
|
| 1313 | 935 |
* @return array |
| 1314 | 936 |
* An array of grants with keys 'rid' for roles and 'uid' for users. |
| 1315 | 937 |
*/ |
| 1316 |
function _nodeaccess_get_grants($node) {
|
|
| 938 |
function nodeaccess_get_grants($node) {
|
|
| 1317 | 939 |
$grants = array(); |
| 1318 |
// Load all roles. |
|
| 1319 |
$result = db_query("SELECT r.rid, nra.name, na.grant_view, na.grant_update, na.grant_delete FROM {role} r LEFT JOIN {nodeaccess_role_alias} nra ON r.rid = nra.rid LEFT JOIN {node_access} na ON r.rid = na.gid AND na.realm = :realm AND na.nid = :nid ORDER BY nra.weight, nra.name",
|
|
| 1320 |
array( |
|
| 1321 |
':realm' => 'nodeaccess_rid', |
|
| 1322 |
':nid' => $node->nid, |
|
| 1323 |
)); |
|
| 1324 |
foreach ($result as $grant) {
|
|
| 1325 |
$grants['rid'][$grant->rid] = array( |
|
| 1326 |
'name' => $grant->name, |
|
| 1327 |
'grant_view' => (boolean) $grant->grant_view, |
|
| 1328 |
'grant_update' => (boolean) $grant->grant_update, |
|
| 1329 |
'grant_delete' => (boolean) $grant->grant_delete, |
|
| 1330 |
); |
|
| 940 |
|
|
| 941 |
// Load grants by roles. |
|
| 942 |
$query = db_select('nodeaccess', 'na');
|
|
| 943 |
$query->join('role', 'r', 'r.rid = na.gid');
|
|
| 944 |
$query->join('nodeaccess_role_alias', 'nra', 'nra.rid = r.rid');
|
|
| 945 |
$query->fields('r', array('rid', 'name'));
|
|
| 946 |
$query->fields('na', array('grant_view', 'grant_update', 'grant_delete'));
|
|
| 947 |
$query->condition('na.realm', 'nodeaccess_rid', '=');
|
|
| 948 |
$query->condition('na.nid', $node->nid, '=');
|
|
| 949 |
$query->orderBy('nra.weight');
|
|
| 950 |
$query->orderBy('nra.name');
|
|
| 951 |
$result = $query->execute(); |
|
| 952 |
|
|
| 953 |
while ($grant = $result->fetch()) {
|
|
| 954 |
if ($grant->name) {
|
|
| 955 |
$grants['rid'][$grant->rid] = array( |
|
| 956 |
'name' => $grant->name, |
|
| 957 |
'grant_view' => (bool) $grant->grant_view, |
|
| 958 |
'grant_update' => (bool) $grant->grant_update, |
|
| 959 |
'grant_delete' => (bool) $grant->grant_delete, |
|
| 960 |
); |
|
| 961 |
} |
|
| 1331 | 962 |
} |
| 1332 |
// Load users from node_access. |
|
| 1333 |
$result = db_query("SELECT uid, name, grant_view, grant_update, grant_delete FROM {node_access} LEFT JOIN {users} ON uid = gid WHERE nid = :nid AND realm = :realm ORDER BY name",
|
|
| 1334 |
array( |
|
| 1335 |
':nid' => $node->nid, |
|
| 1336 |
':realm' => 'nodeaccess_uid', |
|
| 1337 |
)); |
|
| 1338 |
foreach ($result as $account) {
|
|
| 963 |
// Load grants by users |
|
| 964 |
$query = db_select('node_access', 'na');
|
|
| 965 |
$query->join('users', 'u', 'u.uid = na.gid');
|
|
| 966 |
$query->fields('u', array('uid', 'name'));
|
|
| 967 |
$query->fields('na', array('grant_view', 'grant_update', 'grant_delete'));
|
|
| 968 |
$query->condition('na.nid', $node->nid, '=');
|
|
| 969 |
$query->condition('na.realm', 'nodeaccess_uid', '=');
|
|
| 970 |
$query->orderBy('name');
|
|
| 971 |
$result = $query->execute(); |
|
| 972 |
|
|
| 973 |
while ($account = $result->fetch()) {
|
|
| 1339 | 974 |
$grants['uid'][$account->uid] = array( |
| 1340 | 975 |
'name' => $account->name, |
| 1341 |
'keep' => 1,
|
|
| 1342 |
'grant_view' => $account->grant_view, |
|
| 1343 |
'grant_update' => $account->grant_update, |
|
| 1344 |
'grant_delete' => $account->grant_delete, |
|
| 976 |
'keep' => TRUE,
|
|
| 977 |
'grant_view' => (bool) $account->grant_view,
|
|
| 978 |
'grant_update' => (bool) $account->grant_update,
|
|
| 979 |
'grant_delete' => (bool) $account->grant_delete,
|
|
| 1345 | 980 |
); |
| 1346 | 981 |
} |
| 1347 | 982 |
return $grants; |
| 1348 | 983 |
} |
| 984 |
|
|
| 985 |
/** |
|
| 986 |
* Set all grants for a node to nodeaccess table and acquire them. |
|
| 987 |
* |
|
| 988 |
* @param $node |
|
| 989 |
* node object the grants are being applied to. |
|
| 990 |
* @param array $grants |
|
| 991 |
* array of grants as defined (@see nodeaccess_save_grant). |
|
| 992 |
*/ |
|
| 993 |
function nodeaccess_set_grants($node, $grants = array()) {
|
|
| 994 |
// Allow other modules to edit all grants for array. |
|
| 995 |
drupal_alter('nodeaccess_grants', $grants, $node);
|
|
| 996 |
|
|
| 997 |
nodeaccess_delete_grants($node); |
|
| 998 |
|
|
| 999 |
if (count($grants)) {
|
|
| 1000 |
foreach ($grants as $grant) {
|
|
| 1001 |
// Allow other modules to edit single grants. |
|
| 1002 |
drupal_alter('nodeaccess_grant', $grant, $node);
|
|
| 1003 |
nodeaccess_save_grant($node, $grant); |
|
| 1004 |
} |
|
| 1005 |
} |
|
| 1006 |
|
|
| 1007 |
node_access_acquire_grants($node); |
|
| 1008 |
} |
|
| 1009 |
|
|
| 1010 |
|
|
| 1011 |
/** |
|
| 1012 |
* Delete all grants from nodeaccess table for this node. |
|
| 1013 |
* |
|
| 1014 |
* @param $node |
|
| 1015 |
* node object whose grants are being revoked. |
|
| 1016 |
*/ |
|
| 1017 |
function nodeaccess_delete_grants($node) {
|
|
| 1018 |
try {
|
|
| 1019 |
db_delete('nodeaccess')
|
|
| 1020 |
->condition('nid', $node->nid)
|
|
| 1021 |
->execute(); |
|
| 1022 |
|
|
| 1023 |
node_access_acquire_grants($node); |
|
| 1024 |
} |
|
| 1025 |
catch (Exception $e) {
|
|
| 1026 |
drupal_set_message(t("Database error has occurred while clearing nodeaccess table."), 'error');
|
|
| 1027 |
watchdog('nodeaccess', 'Database error: @message.', array('@message' => $e->getMessage()), WATCHDOG_ERROR);
|
|
| 1028 |
} |
|
| 1029 |
} |
|
| 1030 |
|
|
| 1031 |
/** |
|
| 1032 |
* Revoke all custom grants from nodeaccess table for this node. Essentially |
|
| 1033 |
* reset the grants to their default state (by node type). |
|
| 1034 |
* |
|
| 1035 |
* @param $node |
|
| 1036 |
* node object whose grants are being revoked. |
|
| 1037 |
*/ |
|
| 1038 |
function nodeaccess_revoke_grants($node) {
|
|
| 1039 |
nodeaccess_delete_grants($node); |
|
| 1040 |
node_access_acquire_grants($node); |
|
| 1041 |
} |
|
| 1042 |
|
|
| 1043 |
/** |
|
| 1044 |
* Save the grant settings/options for the node. |
|
| 1045 |
* |
|
| 1046 |
* @param $node |
|
| 1047 |
* node object the grant is being applied to. |
|
| 1048 |
* @param array $grant |
|
| 1049 |
* array( |
|
| 1050 |
* 'gid' => (int) gid for realm, |
|
| 1051 |
* 'realm' => (string) what realm the access grant belongs to (ex: nodeaccess_rid). |
|
| 1052 |
* 'grant_view' => (int) view access being granted, |
|
| 1053 |
* 'grant_update' => (int) update access being granted, |
|
| 1054 |
* 'grant_delete' => (int) delete access being granted, |
|
| 1055 |
* ) |
|
| 1056 |
*/ |
|
| 1057 |
function nodeaccess_save_grant($node, $grant) {
|
|
| 1058 |
// Save role and user grants to our own table. |
|
| 1059 |
try {
|
|
| 1060 |
db_insert('nodeaccess')
|
|
| 1061 |
->fields(array( |
|
| 1062 |
'nid' => $node->nid, |
|
| 1063 |
'gid' => $grant['gid'], |
|
| 1064 |
'realm' => $grant['realm'], |
|
| 1065 |
'grant_view' => (int) $grant['grant_view'], |
|
| 1066 |
'grant_update' => (int) $grant['grant_update'], |
|
| 1067 |
'grant_delete' => (int) $grant['grant_delete'], |
|
| 1068 |
)) |
|
| 1069 |
->execute(); |
|
| 1070 |
} |
|
| 1071 |
catch (Exception $e) {
|
|
| 1072 |
drupal_set_message(t("Database error has occurred while saving to nodeaccess table."), 'error');
|
|
| 1073 |
watchdog('nodeaccess', 'Database error: @message.', array('@message' => $e->getMessage()), WATCHDOG_ERROR);
|
|
| 1074 |
} |
|
| 1075 |
} |
|
| 1076 |
|
|
| 1077 |
/** |
|
| 1078 |
* Add the grant tab to the specified node type. |
|
| 1079 |
* |
|
| 1080 |
* @param string $type |
|
| 1081 |
* The node type we are adding the grant tab for. |
|
| 1082 |
*/ |
|
| 1083 |
function nodeaccess_add_type_grant($type) {
|
|
| 1084 |
$grants = variable_get('nodeaccess-types', array());
|
|
| 1085 |
$grants[$type] = TRUE; |
|
| 1086 |
|
|
| 1087 |
nodeaccess_set_type_grants($grants); |
|
| 1088 |
} |
|
| 1089 |
|
|
| 1090 |
/** |
|
| 1091 |
* Delete the grant tab for specified node type. |
|
| 1092 |
* |
|
| 1093 |
* @param string $type |
|
| 1094 |
* The node type we are removing the grant tab from. |
|
| 1095 |
*/ |
|
| 1096 |
function nodeaccess_delete_type_grant($type) {
|
|
| 1097 |
$grants = variable_get('nodeaccess-types', array());
|
|
| 1098 |
|
|
| 1099 |
if (isset($grants[$type])) {
|
|
| 1100 |
unset($grants[$type]); |
|
| 1101 |
} |
|
| 1102 |
|
|
| 1103 |
nodeaccess_set_type_grants($grants); |
|
| 1104 |
} |
|
| 1105 |
|
|
| 1106 |
/** |
|
Formats disponibles : Unified diff
Weekly update of contrib modules