| 1 |
<?php
|
| 2 |
// $Id: acl.module,v 1.19 2009/02/20 21:46:00 salvis Exp $
|
| 3 |
|
| 4 |
/**
|
| 5 |
* @file
|
| 6 |
* An API module providing by-user access control lists.
|
| 7 |
*
|
| 8 |
* This module handles ACLs on behalf of other modules. The two main reasons
|
| 9 |
* to do this are so that modules using ACLs can share them with each
|
| 10 |
* other without having to actually know much about them, and so that
|
| 11 |
* ACLs can easily co-exist with the existing node_access system.
|
| 12 |
*/
|
| 13 |
|
| 14 |
/**
|
| 15 |
* Create a new ACL.
|
| 16 |
*/
|
| 17 |
function acl_create_new_acl($module, $name) {
|
| 18 |
$acl = array('module' => $module, 'name' => $name);
|
| 19 |
drupal_write_record('acl', $acl);
|
| 20 |
return $acl['acl_id'];
|
| 21 |
}
|
| 22 |
|
| 23 |
/**
|
| 24 |
* Delete an existing ACL.
|
| 25 |
*/
|
| 26 |
function acl_delete_acl($acl_id) {
|
| 27 |
db_query("DELETE FROM {acl} WHERE acl_id = %d", $acl_id);
|
| 28 |
db_query("DELETE FROM {acl_user} WHERE acl_id = %d", $acl_id);
|
| 29 |
db_query("DELETE FROM {acl_node} WHERE acl_id = %d", $acl_id);
|
| 30 |
}
|
| 31 |
|
| 32 |
/**
|
| 33 |
* Add the specified UID to an ACL.
|
| 34 |
*/
|
| 35 |
function acl_add_user($acl_id, $uid) {
|
| 36 |
$test_uid = db_result(db_query("SELECT uid FROM {acl_user} WHERE acl_id = %d AND uid = %d ", $acl_id, $uid));
|
| 37 |
if (!$test_uid) {
|
| 38 |
db_query("INSERT INTO {acl_user} (acl_id, uid) VALUES (%d, %d)", $acl_id, $uid);
|
| 39 |
}
|
| 40 |
}
|
| 41 |
|
| 42 |
/**
|
| 43 |
* Remove the specified UID from an ACL.
|
| 44 |
*/
|
| 45 |
function acl_remove_user($acl_id, $uid) {
|
| 46 |
db_query("DELETE FROM {acl_user} WHERE acl_id = %d AND uid = %d ", $acl_id, $uid);
|
| 47 |
}
|
| 48 |
|
| 49 |
/**
|
| 50 |
* Provide a form to edit the ACL that can be embedded in other forms.
|
| 51 |
* Pass $new_acl=TRUE if you have no ACL yet, but do supply a string
|
| 52 |
* like 'my_module_new_acl' as $acl_id anyway.
|
| 53 |
*/
|
| 54 |
function acl_edit_form($acl_id, $label = NULL, $new_acl = FALSE) {
|
| 55 |
module_load_include('admin.inc', 'acl');
|
| 56 |
return _acl_edit_form($acl_id, $label, $new_acl);
|
| 57 |
}
|
| 58 |
|
| 59 |
/**
|
| 60 |
* Provide access control to a node based upon an ACL id.
|
| 61 |
*/
|
| 62 |
function acl_node_add_acl($nid, $acl_id, $view, $update, $delete, $priority = 0) {
|
| 63 |
db_query("DELETE FROM {acl_node} WHERE acl_id = %d AND nid = %d", $acl_id, $nid);
|
| 64 |
db_query("INSERT INTO {acl_node} (acl_id, nid, grant_view, grant_update, grant_delete, priority) VALUES (%d, %d, %d, %d, %d, %d)", $acl_id, $nid, $view, $update, $delete, $priority);
|
| 65 |
}
|
| 66 |
|
| 67 |
/**
|
| 68 |
* Remove an ACL completely from a node.
|
| 69 |
*/
|
| 70 |
function acl_node_remove_acl($nid, $acl_id) {
|
| 71 |
db_query("DELETE FROM {acl_node} WHERE acl_id = %d AND nid = %d", $acl_id, $nid);
|
| 72 |
}
|
| 73 |
|
| 74 |
/**
|
| 75 |
* Clear all of a module's ACL's from a node.
|
| 76 |
*/
|
| 77 |
function acl_node_clear_acls($nid, $module) {
|
| 78 |
$result = db_query("SELECT acl_id FROM {acl} WHERE module = '%s'", $module);
|
| 79 |
while ($o = db_fetch_object($result)) {
|
| 80 |
$acls[] = $o->acl_id;
|
| 81 |
}
|
| 82 |
if ($acls) {
|
| 83 |
db_query("DELETE FROM {acl_node} WHERE nid = %d AND acl_id IN (". db_placeholders($acls) .")", array_merge(array($nid), $acls));
|
| 84 |
}
|
| 85 |
}
|
| 86 |
|
| 87 |
/**
|
| 88 |
* Gets the id of an acl
|
| 89 |
*/
|
| 90 |
function acl_get_id_by_name($module, $name) {
|
| 91 |
return db_result(db_query("SELECT acl_id FROM {acl} WHERE module = '%s' AND name = '%s'", $module, $name));
|
| 92 |
}
|
| 93 |
|
| 94 |
/**
|
| 95 |
* Determines if an acl has some assigned users
|
| 96 |
*/
|
| 97 |
function acl_has_users($acl_id) {
|
| 98 |
return db_result(db_query("SELECT COUNT(aclu.uid) FROM {acl_user} aclu WHERE acl_id = %d", $acl_id));
|
| 99 |
}
|
| 100 |
|
| 101 |
/**
|
| 102 |
* Gets the uids of an acl
|
| 103 |
*/
|
| 104 |
function acl_get_uids($acl_id) {
|
| 105 |
$result = db_query("SELECT uid FROM {acl_user} WHERE acl_id = '%d'", $acl_id);
|
| 106 |
$return = array();
|
| 107 |
while ($row = db_fetch_object($result)) {
|
| 108 |
$return[$row->uid] = $row->uid;
|
| 109 |
}
|
| 110 |
return (empty($return) ? NULL : $return);
|
| 111 |
}
|
| 112 |
|
| 113 |
/**
|
| 114 |
* Implementation of hook_node_access_records().
|
| 115 |
*/
|
| 116 |
function acl_node_access_records($node) {
|
| 117 |
if (!$node->nid) {
|
| 118 |
return;
|
| 119 |
}
|
| 120 |
$result = db_query("SELECT n.*, 'acl' AS realm, n.acl_id AS gid, a.module FROM {acl_node} n INNER JOIN {acl} a ON n.acl_id = a.acl_id WHERE nid = %d", $node->nid);
|
| 121 |
$grants = array();
|
| 122 |
while ($grant = db_fetch_array($result)) {
|
| 123 |
if (module_exists($grant['module']) && module_invoke($grant['module'], 'enabled')) {
|
| 124 |
if (acl_has_users($grant['gid'])) {
|
| 125 |
$grants[] = $grant;
|
| 126 |
}
|
| 127 |
else {
|
| 128 |
//just deny access
|
| 129 |
$grants[] = array(
|
| 130 |
'realm' => 'acl',
|
| 131 |
'gid' => 0,
|
| 132 |
'grant_view' => 0,
|
| 133 |
'grant_update' => 0,
|
| 134 |
'grant_delete' => 0,
|
| 135 |
'priority' => $grant['priority'],
|
| 136 |
);
|
| 137 |
}
|
| 138 |
}
|
| 139 |
}
|
| 140 |
return $grants;
|
| 141 |
}
|
| 142 |
|
| 143 |
/**
|
| 144 |
* Implementation of hook_node_grants().
|
| 145 |
*/
|
| 146 |
function acl_node_grants($account, $op) {
|
| 147 |
$array = array('acl' => array());
|
| 148 |
$result = db_query("SELECT acl_id FROM {acl_user} WHERE uid = %d", $account->uid);
|
| 149 |
while ($row = db_fetch_object($result)) {
|
| 150 |
$array['acl'][] = $row->acl_id;
|
| 151 |
}
|
| 152 |
return !empty($array['acl']) ? $array : NULL;
|
| 153 |
}
|
| 154 |
|
| 155 |
/**
|
| 156 |
* Implementation of hook_nodeapi().
|
| 157 |
*/
|
| 158 |
function acl_nodeapi(&$node, $op, $teaser = NULL, $page = NULL) {
|
| 159 |
switch ($op) {
|
| 160 |
case 'delete':
|
| 161 |
db_query("DELETE FROM {acl_node} WHERE nid = %d", $node->nid);
|
| 162 |
break;
|
| 163 |
}
|
| 164 |
}
|
| 165 |
|
| 166 |
/**
|
| 167 |
* Implementation of hook_user().
|
| 168 |
*/
|
| 169 |
function acl_user($op, &$edit, &$account, $category = NULL) {
|
| 170 |
switch ($op) {
|
| 171 |
case 'delete':
|
| 172 |
db_query("DELETE FROM {acl_user} WHERE uid = %d", $account->uid);
|
| 173 |
break;
|
| 174 |
}
|
| 175 |
}
|
| 176 |
|
| 177 |
/**
|
| 178 |
* Implementation of hook_node_access_explain().
|
| 179 |
*/
|
| 180 |
function acl_node_access_explain($row) {
|
| 181 |
static $interpretations = array();
|
| 182 |
if ($row->realm == 'acl') {
|
| 183 |
if (!isset($interpretations[$row->gid])) {
|
| 184 |
$acl = db_fetch_object(db_query("SELECT * FROM {acl} WHERE acl_id = %d", $row->gid));
|
| 185 |
$result = db_query("SELECT u.name FROM {acl_user} au, {users} u WHERE au.acl_id = %d AND au.uid = u.uid", $row->gid);
|
| 186 |
while ($user = db_fetch_object($result)) {
|
| 187 |
$users[] = $user->name;
|
| 188 |
}
|
| 189 |
if (isset($users)) {
|
| 190 |
$interpretations[$row->gid] = $acl->module .'/'. $acl->name .': '. implode(', ', $users);
|
| 191 |
}
|
| 192 |
elseif ($row->gid == 0) {
|
| 193 |
$result = db_query("SELECT an.acl_id, a.module, a.name FROM {acl_node} an JOIN {acl} a ON an.acl_id = a.acl_id LEFT JOIN {acl_user} au ON a.acl_id = au.acl_id WHERE an.nid = %d AND au.uid IS NULL", $row->nid);
|
| 194 |
while ($acl = db_fetch_object($result)) {
|
| 195 |
$rows[] = $acl->acl_id .': '. $acl->module .'/'. $acl->name;
|
| 196 |
}
|
| 197 |
if (!empty($rows)) {
|
| 198 |
return implode('<br />', $rows);
|
| 199 |
}
|
| 200 |
return 'No access via ACL.';
|
| 201 |
}
|
| 202 |
else {
|
| 203 |
$interpretations[$row->gid] .= ': no users!';
|
| 204 |
}
|
| 205 |
}
|
| 206 |
return $interpretations[$row->gid];
|
| 207 |
}
|
| 208 |
}
|
| 209 |
|
Parent Directory
| 
Revision Log
| 
Revision Graph