1
|
<?php
|
2
|
|
3
|
/**
|
4
|
* @file
|
5
|
* forum_access.node.inc
|
6
|
*
|
7
|
* Include file for forum_access.module, containing (sub-)page handling
|
8
|
* (form_alter) code for the node and comment forms as well as code
|
9
|
* for temporarily assigning the 'forum moderator' role and managing
|
10
|
* the resulting rights.
|
11
|
*/
|
12
|
|
13
|
/**
|
14
|
* Really implements hook_node_view_alter().
|
15
|
*
|
16
|
* Removes the "Add new comment" link and form from a node page if the user
|
17
|
* is not allowed to add comments to that node.
|
18
|
*/
|
19
|
function _forum_access_node_view_alter(&$build, $tid) {
|
20
|
global $user;
|
21
|
|
22
|
//dpm($build, '_forum_access_node_view_alter() BEFORE:');
|
23
|
$node = $build['#node'];
|
24
|
if (forum_access_node_access($node, 'create', $user) == NODE_ACCESS_DENY) {
|
25
|
unset($build['links']['comment']['#links']['comment-add']);
|
26
|
unset($build['comments']['comment_form']);
|
27
|
}
|
28
|
//dpm($build, '_forum_access_node_view_alter() AFTER:');
|
29
|
}
|
30
|
|
31
|
/**
|
32
|
* Really implements hook_comment_view_alter().
|
33
|
*
|
34
|
* Adds and removes action links from/to one comment.
|
35
|
*/
|
36
|
function _forum_access_comment_view_alter(&$build, $tid) {
|
37
|
global $user;
|
38
|
|
39
|
$node = $build['#node'];
|
40
|
$comment = $build['#comment'];
|
41
|
//dpm($build, "_forum_access_comment_view_alter() tid=[$tid] cid=[$comment->cid] BEFORE:");
|
42
|
$links =& $build['links']['comment']['#links'];
|
43
|
|
44
|
if ($user->uid != 1 && !user_access('bypass node access') && !forum_access_access('create', $tid)) {
|
45
|
unset($links['comment-reply']);
|
46
|
}
|
47
|
|
48
|
if (!user_access('administer comments') || !empty($user->_forum_access_moderator)) {
|
49
|
$default_link_keys = array(
|
50
|
'create' => array('comment-reply'),
|
51
|
'update' => array('comment-edit', 'comment-approve'),
|
52
|
'delete' => array('comment-delete'),
|
53
|
);
|
54
|
forum_access_enable_moderator();
|
55
|
$admin_links = comment_links($comment, $node);
|
56
|
forum_access_enable_moderator(FALSE);
|
57
|
//dpm($admin_links, "_forum_access_comment_view_alter() ADMINISTRATOR_LINKS for comment/$comment->cid:");
|
58
|
foreach (array_keys($default_link_keys) as $op) {
|
59
|
$access = (bool) forum_access_access($op, $tid);
|
60
|
if ($op != 'create') {
|
61
|
$perm = ($op == 'update' ? 'edit' : $op);
|
62
|
$access |= ($user->uid == $comment->uid && user_access("$perm own forum content"));
|
63
|
}
|
64
|
$available_keys = variable_get("forum_access_allowed_comment_links_for_$op", $default_link_keys[$op]);
|
65
|
$old_links = $links;
|
66
|
$links = array();
|
67
|
foreach ($default_link_keys[$op] as $key) {
|
68
|
if ($access && array_search($key, $available_keys) !== FALSE && isset($admin_links[$key])) {
|
69
|
//dpm($key, '_forum_access_comment_view_alter() ADDED:');
|
70
|
$links[$key] = $admin_links[$key];
|
71
|
}
|
72
|
if (!$access && !empty($old_links[$key])) {
|
73
|
//dpm($key, '_forum_access_comment_view_alter() REMOVED:');
|
74
|
unset($old_links[$key]);
|
75
|
}
|
76
|
}
|
77
|
if (is_array($old_links)) {
|
78
|
/** @noinspection SlowArrayOperationsInLoopInspection */
|
79
|
$links = array_merge($links, $old_links);
|
80
|
}
|
81
|
}
|
82
|
//dpm($build, "_forum_access_comment_view_alter() tid=[$tid] cid=[$comment->cid] AFTER:");
|
83
|
}
|
84
|
}
|
85
|
|
86
|
/**
|
87
|
* Rewrites the taxonomy item on the node form.
|
88
|
*/
|
89
|
function _forum_access_node_form(&$form, &$form_state) {
|
90
|
global $user;
|
91
|
$vid = _forum_access_get_vid();
|
92
|
|
93
|
if (!isset($form['taxonomy_forums'])) {
|
94
|
return;
|
95
|
}
|
96
|
|
97
|
// True node administrators are all powerful and do NOT get their forms rewritten here.
|
98
|
if (user_access('bypass node access') && empty($user->_forum_access_moderator)) {
|
99
|
return;
|
100
|
}
|
101
|
|
102
|
$roles = array_keys($user->roles);
|
103
|
$tids = array();
|
104
|
$result = db_query("SELECT tid FROM {forum_access} WHERE rid IN (:roles) AND grant_create = 1", array(
|
105
|
':roles' => $roles,
|
106
|
));
|
107
|
foreach ($result as $obj) {
|
108
|
$tids[$obj->tid] = $obj->tid;
|
109
|
}
|
110
|
|
111
|
// Also get all forums they happen to be able to moderate.
|
112
|
$result = db_query("SELECT a.number AS tid FROM {acl} a INNER JOIN {acl_user} u ON a.acl_id = u.acl_id WHERE a.module = 'forum_access' AND u.uid = :uid", array(
|
113
|
':uid' => $user->uid,
|
114
|
));
|
115
|
foreach ($result as $obj) {
|
116
|
$tids[$obj->tid] = $obj->tid;
|
117
|
}
|
118
|
|
119
|
$nid = $form['nid']['#value'];
|
120
|
if (!empty($nid)) {
|
121
|
// Edit an existing node.
|
122
|
if (!forum_access_access('update', $form['forum_tid']['#value']) && !user_access('edit any forum content') && !(user_access('edit own forum content') && $form['uid']['#value'] == $user->uid)) {
|
123
|
drupal_access_denied();
|
124
|
drupal_exit();
|
125
|
}
|
126
|
$forum_tid = $form['forum_tid']['#value'];
|
127
|
$tids[$forum_tid] = $forum_tid;
|
128
|
}
|
129
|
else {
|
130
|
// Create a new node -- ensure the forum they're trying to post to directly
|
131
|
// is allowed, otherwise there will be much confusion.
|
132
|
$forum_tid = arg(3);
|
133
|
if (!empty($forum_tid) && is_numeric($forum_tid) && !isset($tids[$forum_tid])) {
|
134
|
drupal_access_denied();
|
135
|
drupal_exit();
|
136
|
}
|
137
|
}
|
138
|
|
139
|
$form_options = &$form['taxonomy_forums'][$form['taxonomy_forums']['#language']]['#options'];
|
140
|
$options = array();
|
141
|
foreach ($form_options as $tid => $name) {
|
142
|
if (!is_numeric($tid)) {
|
143
|
$options[$tid] = $name;
|
144
|
}
|
145
|
elseif (is_object($name)) {
|
146
|
foreach ($name->option as $sub_tid => $sub_name) {
|
147
|
if (!empty($tids[$sub_tid])) {
|
148
|
$options[$tid]->option[$sub_tid] = $sub_name;
|
149
|
}
|
150
|
}
|
151
|
}
|
152
|
elseif (isset($tids[$tid])) {
|
153
|
$options[$tid] = $name;
|
154
|
}
|
155
|
}
|
156
|
$form_options = $options;
|
157
|
|
158
|
// Apply modifications for Moderators (by role or uid).
|
159
|
if (!user_access('administer nodes') && forum_access_is_moderator($user, $forum_tid)) {
|
160
|
$allowed_options = variable_get('forum_access_allowed_node_edit_options', array('status', 'sticky', 'subscriptions_notify'));
|
161
|
foreach (element_children($form) as $key) {
|
162
|
switch ($key) {
|
163
|
case 'buttons':
|
164
|
$tid = $form['taxonomy'][$vid]['#default_value'][0];
|
165
|
if (!forum_access_access('update', $tid)) {
|
166
|
$form['buttons']['submit']['#access'] = FALSE;
|
167
|
$form['buttons']['preview']['#access'] = FALSE;
|
168
|
}
|
169
|
if (!forum_access_access('delete', $tid)) {
|
170
|
$form['buttons']['delete']['#access'] = FALSE;
|
171
|
}
|
172
|
break;
|
173
|
case 'author':
|
174
|
$form['author']['#disabled'] = TRUE;
|
175
|
break;
|
176
|
case 'options':
|
177
|
foreach (element_children($form['options']) as $key2) {
|
178
|
if (array_search($key2, $allowed_options) === FALSE) {
|
179
|
$form['options'][$key2]['#access'] = FALSE;
|
180
|
}
|
181
|
}
|
182
|
$form['options']['#access'] = 1;
|
183
|
break;
|
184
|
case 'revision_information':
|
185
|
$form['revision_information']['#access'] = 1;
|
186
|
break;
|
187
|
case 'comment_settings':
|
188
|
$form['comment_settings']['#access'] = 1;
|
189
|
break;
|
190
|
case 'shadow':
|
191
|
$form['shadow']['#description'] .= '<br />' . t('Note: Access to this topic and its shadows is controlled by the forum that contains the topic.');
|
192
|
break;
|
193
|
case 'taxonomy_forums':
|
194
|
$desc =& $form['taxonomy_forums'][$form['taxonomy_forums']['#language']]['#description'];
|
195
|
if (!empty($desc)) {
|
196
|
$desc .= '<br />';
|
197
|
}
|
198
|
$desc .= t('Note: Moving a topic to a different forum may change its accessibility.');
|
199
|
}
|
200
|
}
|
201
|
}
|
202
|
}
|
203
|
|
204
|
/**
|
205
|
* Sanitizes the comment Administration options for users with Edit grants.
|
206
|
*/
|
207
|
function _forum_access_comment_form(&$form, &$form_state) {
|
208
|
global $user;
|
209
|
|
210
|
$comment = $form_state['comment'];
|
211
|
if ($form['cid']['#value'] && isset($form['author']) && !empty($user->_forum_access_moderator)) {
|
212
|
$editable_administration_elements = variable_get('forum_access_allowed_comment_edit_administration_elements', array('homepage', 'status', 'subscriptions_notify'));
|
213
|
foreach (element_children($form['author']) as $key) {
|
214
|
if (array_search($key, $editable_administration_elements) === FALSE) {
|
215
|
$form['author'][$key]['#disabled'] = TRUE;
|
216
|
}
|
217
|
}
|
218
|
}
|
219
|
}
|
220
|
|