modules/image_gallery_access/image_gallery_access.module

<?php
// $Id: image_gallery_access.module,v 1.20 2009/07/21 00:01:41 salvis Exp $

/**
 * @file image_gallery_access.module
 *
 * This module uses form_alter to add permissions to image galleries.
 */

/**
 * Implementation of hook_node_grants().
 *
 * This function supplies the image gallery access grants. image_gallery_access
 * simply uses roles as ACLs, so rids translate directly to gids.
 */
function image_gallery_access_node_grants($user, $op) {
  $grants['image_gallery_access'] = array_keys($user->roles);
  return $grants;
}

/**
 * Implementation of hook_node_access_records().
 *
 * Returns a list of grant records for the passed in node object.
 * Checks to see if maybe we're being disabled.
 */
function image_gallery_access_node_access_records($node) {
  if (!image_gallery_access_enabled()) {
    return;
  }

  static $grants = array();
  if ($node->type == 'image' && isset($node->taxonomy) && is_array($node->taxonomy)) {
    $return = array();
    foreach ($node->taxonomy as $key => $value) {
      $tids = array();
      if (is_object($value)) {       // tid -> taxa                (rebuild permissions)
        $tid = $key;
        $vid = $value->vid;
      }
      elseif (is_array($value)) {    // vid -> array(tid => tid)   (Multiple select, node create)
        $vid = $key;
        $tids = $value;
      }
      else {                         // vid -> tid
        $vid = $key;
        $tid = $value;
      }
      if ($vid == _image_gallery_get_vid()) {
        if (empty($tids)) {
          $tids = array($tid);
        }
        foreach ($tids as $tid) {
          if (!isset($grants[$tid])) {
            $grants[$tid] = array();
            $result = db_query('SELECT * FROM {image_gallery_access} WHERE tid = %d', $tid);
            while ($grant = db_fetch_object($result)) {
              $grants[$tid][$grant->rid] = array(
                'realm' => 'image_gallery_access',
                'gid' => $grant->rid,
                'grant_view' => $grant->grant_view,
                'grant_update' => $grant->grant_update,
                'grant_delete' => $grant->grant_delete,
                'priority' => $grant->priority,
              );
            }
            //drupal_set_message("image_gallery_access_node_access_records($node->nid) (tid=$tid) returns ". var_export($grants[$tid], TRUE), 'status');
          }
          foreach ($grants[$tid] as $grant) {
            $gid = $grant['gid'];
            if (!isset($return[$gid])) {
              $return[$gid] = $grant;
            }
            else {
              // OR the grants for each $tid
              foreach (array('grant_view', 'grant_update', 'grant_delete') as $key) {
                $return[$gid][$key] = $return[$gid][$key] | $grant[$key];
              }
            }
          }
        }
      }
    }
    //drupal_set_message("image_gallery_access_node_access_records($node->nid) returns ". var_export(array_values($return), TRUE), 'status');
    if (!empty($return)) {
      return array_values($return);
    }
  }
}

/**
 * Implementation of hook_init().
 * 
 * Deny access to gallery if the user does not have access to it.
 */
function image_gallery_access_init() {
  if (!function_exists('user_access')) {
    // page is cached; bail.
    return;
  }

  if (arg(0) == 'image' && arg(1) == 'tid' && is_numeric(arg(2))) {
    if (!image_gallery_access_access(arg(2), 'view')) {
      drupal_access_denied();
      module_invoke_all('exit');
      exit;
    }
  }
}

/**
 * Implementation of hook_form_alter().
 *
 * Alter the node create/edit form and various admin forms.
 */
function image_gallery_access_form_alter(&$form, &$form_state, $form_id) {
  if (isset($form['type']) && $form['type']['#value'] .'_node_form' == $form_id) {
    module_load_include('node.inc', 'image_gallery_access');
    _image_gallery_access_node_form($form, $form_state);
  }
  //else if ($form_id == 'image_gallery_overview') {   // is not a form!
  //  module_load_include('admin.inc', 'image_gallery_access');
  //  _image_gallery_access_image_gallery_overview($form, $form_state);
  //}
  else if ($form_id == 'image_gallery_admin_form') {
    module_load_include('admin.inc', 'image_gallery_access');
    _image_gallery_access_admin_form($form, $form_state);
  }
  else if ($form_id == 'user_admin_role') {
    module_load_include('admin.inc', 'image_gallery_access');
    _image_gallery_access_user_admin_role_form($form, $form_state);
  }
  else if ($form_id == 'content_access_admin_settings' && empty($_POST) && arg(3) == 'image') {
    module_load_include('admin.inc', 'image_gallery_access');
    _image_gallery_access_content_access_admin_form();
  }
}

/**
 * Implementation of hook_db_rewrite_sql().
 * 
 * Because in order to restrict the visible image galleries, we have to rewrite
 * the sql. This is because there isn't a node_access equivalent for
 * taxonomy. There should be.
 */
function image_gallery_access_db_rewrite_sql($query, $primary_table, $primary_field, $args) {
  global $user;
  if ($primary_field == 'tid' && $user->uid != 1 && !($_GET['q'] == 'admin/content/image' && user_access('administer image galleries'))) {
    $roles = _image_gallery_access_get_roles($user);
    $sql['join'] = "LEFT JOIN {image_gallery_access} iga ON $primary_table.tid = iga.tid 
                    LEFT JOIN {acl} acl_iga ON acl_iga.name = ". ($GLOBALS['db_type'] == 'pgsql' ? 'CAST(' : '')
                                                            ."$primary_table.tid". ($GLOBALS['db_type'] == 'pgsql' ? ' AS VARCHAR)' : '')
                                                                                ." AND acl_iga.module = 'image_gallery_access' 
                    LEFT JOIN {acl_user} aclu_iga ON aclu_iga.acl_id = acl_iga.acl_id AND aclu_iga.uid = $user->uid";
    $sql['where'] = "(iga.grant_view >= 1 AND iga.rid IN ($roles)) OR iga.tid IS NULL OR aclu_iga.uid = $user->uid";
    $sql['distinct'] = 1;
    return $sql;
  }
}

/**
 * Implementation of hook_nodeapi().
 * 
 * Add ACL data to fresh image posts.
 */
function image_gallery_access_nodeapi(&$node, $op, $teaser = NULL, $page = NULL) {
  static $old_tid = NULL;

  if ($node && $node->type == 'image' && isset($node->taxonomy)) {
    $taxas = $node->taxonomy;
    if (!isset($taxas[_image_gallery_get_vid()])) {
      return;
    }
    $tid = $taxas[_image_gallery_get_vid()];
    switch ($op) {
      case 'presave':
        $old_tid = $tid;
        break;

      case 'update':
        if (!empty($old_tid)) {
          if (!empty($tid) && $tid == $old_tid) {
            return;
          }
          $acl_id = db_result(db_query("SELECT acl_id from {acl} WHERE module = 'image_gallery_access' AND name = '%d'", $old_tid));
          acl_node_remove_acl($node->nid, $acl_id);
        }
        // Deliberate no break -- for changed and for previously unassigned terms we need an insert.

      case 'insert':
        if (!empty($node->tid)) {
          $acl_id = db_result(db_query("SELECT acl_id from {acl} WHERE module = 'image_gallery_access' AND name = '%d'", $tid));
          acl_node_add_acl($node->nid, $acl_id, 1, 1, 1);
        }
        $old_tid = NULL;
        break;
    }
  }
}

/**
 * Get an array of moderator UIDs or NULL.
 */
function image_gallery_access_get_moderator_uids($tid) {
  if ($acl_id = acl_get_id_by_name('image_gallery_access', $tid)) {
    if ($uids = acl_get_uids($acl_id)) {
      return $uids;
    }
  }
}

/**
 * This is also required by ACL module.
 */
function image_gallery_access_enabled($set = NULL) {
  static $enabled = TRUE;
  if ($set !== NULL) {
    $enabled = $set;
  }
  return $enabled;
}

/**
 * Implementation of hook_enable().
 */
function image_gallery_access_enable() {
  node_access_needs_rebuild();
}

/**
 * Implementation of hook_disable().
 */
function image_gallery_access_disable() {
  image_gallery_access_enabled(FALSE);
  node_access_needs_rebuild();
}

/**
 * See if a given user has access to an image gallery.
 *
 * $tid -- the tid of the image gallery
 * $type -- view, update, delete or create
 * $account -- the account to test for. If NULL use current user.
 */
function image_gallery_access_access($tid, $type, $account = NULL) {
  static $cache = array();

  if (!$account) {
    global $user;
    $account = $user;
  }

  if ($account->uid == 1) {
    return TRUE;
  }

  if (!isset($cache[$account->uid][$tid][$type])) {
    $roles = _image_gallery_access_get_roles($account);
    $result = db_result(db_query("SELECT tid FROM {image_gallery_access} WHERE rid IN (%s) AND grant_%s = 1 AND tid = %d", $roles, $type, $tid));

    if ($result) {
      $cache[$account->uid][$tid][$type] = TRUE;
    }
    else {
      // check our moderators too
      $acl_id = db_result(db_query("SELECT acl_id from {acl} WHERE module = 'image_gallery_access' AND name = '%d'", $tid));
      $result = db_result(db_query("SELECT uid FROM {acl_user} WHERE acl_id = %d AND uid = %d", $acl_id, $account->uid));
      if ($result) {
        $cache[$account->uid][$tid][$type] = TRUE;
      }
      else {
        $cache[$account->uid][$tid][$type] = FALSE;
      }
    }
  }
  return $cache[$account->uid][$tid][$type];
}

/**
 * Get the roles of a user.
 */
function _image_gallery_access_get_roles($account) {
  return implode(', ', array_keys($account->roles));
}

/**
 * Implementation of hook_node_access_explain().
 */
function image_gallery_access_node_access_explain($row) {
  static $roles = NULL;
  if ($row->realm == 'image_gallery_access') {
    if (!isset($roles)) {
      $roles = user_roles();
    }
    if (isset($roles[$row->gid])) {
      return array($roles[$row->gid]);
    }
    return array('(unknown gid)');
  }
}
1	<?php
2	// $Id: image_gallery_access.module,v 1.20 2009/07/21 00:01:41 salvis Exp $
3
4	/**
5	* @file image_gallery_access.module
6	*
7	* This module uses form_alter to add permissions to image galleries.
8	*/
9
10	/**
11	* Implementation of hook_node_grants().
12	*
13	* This function supplies the image gallery access grants. image_gallery_access
14	* simply uses roles as ACLs, so rids translate directly to gids.
15	*/
16	function image_gallery_access_node_grants($user, $op) {
17	$grants['image_gallery_access'] = array_keys($user->roles);
18	return $grants;
19	}
20
21	/**
22	* Implementation of hook_node_access_records().
23	*
24	* Returns a list of grant records for the passed in node object.
25	* Checks to see if maybe we're being disabled.
26	*/
27	function image_gallery_access_node_access_records($node) {
28	if (!image_gallery_access_enabled()) {
29	return;
30	}
31
32	static $grants = array();
33	if ($node->type == 'image' && isset($node->taxonomy) && is_array($node->taxonomy)) {
34	$return = array();
35	foreach ($node->taxonomy as $key => $value) {
36	$tids = array();
37	if (is_object($value)) { // tid -> taxa (rebuild permissions)
38	$tid = $key;
39	$vid = $value->vid;
40	}
41	elseif (is_array($value)) { // vid -> array(tid => tid) (Multiple select, node create)
42	$vid = $key;
43	$tids = $value;
44	}
45	else { // vid -> tid
46	$vid = $key;
47	$tid = $value;
48	}
49	if ($vid == _image_gallery_get_vid()) {
50	if (empty($tids)) {
51	$tids = array($tid);
52	}
53	foreach ($tids as $tid) {
54	if (!isset($grants[$tid])) {
55	$grants[$tid] = array();
56	$result = db_query('SELECT * FROM {image_gallery_access} WHERE tid = %d', $tid);
57	while ($grant = db_fetch_object($result)) {
58	$grants[$tid][$grant->rid] = array(
59	'realm' => 'image_gallery_access',
60	'gid' => $grant->rid,
61	'grant_view' => $grant->grant_view,
62	'grant_update' => $grant->grant_update,
63	'grant_delete' => $grant->grant_delete,
64	'priority' => $grant->priority,
65	);
66	}
67	//drupal_set_message("image_gallery_access_node_access_records($node->nid) (tid=$tid) returns ". var_export($grants[$tid], TRUE), 'status');
68	}
69	foreach ($grants[$tid] as $grant) {
70	$gid = $grant['gid'];
71	if (!isset($return[$gid])) {
72	$return[$gid] = $grant;
73	}
74	else {
75	// OR the grants for each $tid
76	foreach (array('grant_view', 'grant_update', 'grant_delete') as $key) {
77	$return[$gid][$key] = $return[$gid][$key] \| $grant[$key];
78	}
79	}
80	}
81	}
82	}
83	}
84	//drupal_set_message("image_gallery_access_node_access_records($node->nid) returns ". var_export(array_values($return), TRUE), 'status');
85	if (!empty($return)) {
86	return array_values($return);
87	}
88	}
89	}
90
91	/**
92	* Implementation of hook_init().
93	*
94	* Deny access to gallery if the user does not have access to it.
95	*/
96	function image_gallery_access_init() {
97	if (!function_exists('user_access')) {
98	// page is cached; bail.
99	return;
100	}
101
102	if (arg(0) == 'image' && arg(1) == 'tid' && is_numeric(arg(2))) {
103	if (!image_gallery_access_access(arg(2), 'view')) {
104	drupal_access_denied();
105	module_invoke_all('exit');
106	exit;
107	}
108	}
109	}
110
111	/**
112	* Implementation of hook_form_alter().
113	*
114	* Alter the node create/edit form and various admin forms.
115	*/
116	function image_gallery_access_form_alter(&$form, &$form_state, $form_id) {
117	if (isset($form['type']) && $form['type']['#value'] .'_node_form' == $form_id) {
118	module_load_include('node.inc', 'image_gallery_access');
119	_image_gallery_access_node_form($form, $form_state);
120	}
121	//else if ($form_id == 'image_gallery_overview') { // is not a form!
122	// module_load_include('admin.inc', 'image_gallery_access');
123	// _image_gallery_access_image_gallery_overview($form, $form_state);
124	//}
125	else if ($form_id == 'image_gallery_admin_form') {
126	module_load_include('admin.inc', 'image_gallery_access');
127	_image_gallery_access_admin_form($form, $form_state);
128	}
129	else if ($form_id == 'user_admin_role') {
130	module_load_include('admin.inc', 'image_gallery_access');
131	_image_gallery_access_user_admin_role_form($form, $form_state);
132	}
133	else if ($form_id == 'content_access_admin_settings' && empty($_POST) && arg(3) == 'image') {
134	module_load_include('admin.inc', 'image_gallery_access');
135	_image_gallery_access_content_access_admin_form();
136	}
137	}
138
139	/**
140	* Implementation of hook_db_rewrite_sql().
141	*
142	* Because in order to restrict the visible image galleries, we have to rewrite
143	* the sql. This is because there isn't a node_access equivalent for
144	* taxonomy. There should be.
145	*/
146	function image_gallery_access_db_rewrite_sql($query, $primary_table, $primary_field, $args) {
147	global $user;
148	if ($primary_field == 'tid' && $user->uid != 1 && !($_GET['q'] == 'admin/content/image' && user_access('administer image galleries'))) {
149	$roles = _image_gallery_access_get_roles($user);
150	$sql['join'] = "LEFT JOIN {image_gallery_access} iga ON $primary_table.tid = iga.tid
151	LEFT JOIN {acl} acl_iga ON acl_iga.name = ". ($GLOBALS['db_type'] == 'pgsql' ? 'CAST(' : '')
152	."$primary_table.tid". ($GLOBALS['db_type'] == 'pgsql' ? ' AS VARCHAR)' : '')
153	." AND acl_iga.module = 'image_gallery_access'
154	LEFT JOIN {acl_user} aclu_iga ON aclu_iga.acl_id = acl_iga.acl_id AND aclu_iga.uid = $user->uid";
155	$sql['where'] = "(iga.grant_view >= 1 AND iga.rid IN ($roles)) OR iga.tid IS NULL OR aclu_iga.uid = $user->uid";
156	$sql['distinct'] = 1;
157	return $sql;
158	}
159	}
160
161	/**
162	* Implementation of hook_nodeapi().
163	*
164	* Add ACL data to fresh image posts.
165	*/
166	function image_gallery_access_nodeapi(&$node, $op, $teaser = NULL, $page = NULL) {
167	static $old_tid = NULL;
168
169	if ($node && $node->type == 'image' && isset($node->taxonomy)) {
170	$taxas = $node->taxonomy;
171	if (!isset($taxas[_image_gallery_get_vid()])) {
172	return;
173	}
174	$tid = $taxas[_image_gallery_get_vid()];
175	switch ($op) {
176	case 'presave':
177	$old_tid = $tid;
178	break;
179
180	case 'update':
181	if (!empty($old_tid)) {
182	if (!empty($tid) && $tid == $old_tid) {
183	return;
184	}
185	$acl_id = db_result(db_query("SELECT acl_id from {acl} WHERE module = 'image_gallery_access' AND name = '%d'", $old_tid));
186	acl_node_remove_acl($node->nid, $acl_id);
187	}
188	// Deliberate no break -- for changed and for previously unassigned terms we need an insert.
189
190	case 'insert':
191	if (!empty($node->tid)) {
192	$acl_id = db_result(db_query("SELECT acl_id from {acl} WHERE module = 'image_gallery_access' AND name = '%d'", $tid));
193	acl_node_add_acl($node->nid, $acl_id, 1, 1, 1);
194	}
195	$old_tid = NULL;
196	break;
197	}
198	}
199	}
200
201	/**
202	* Get an array of moderator UIDs or NULL.
203	*/
204	function image_gallery_access_get_moderator_uids($tid) {
205	if ($acl_id = acl_get_id_by_name('image_gallery_access', $tid)) {
206	if ($uids = acl_get_uids($acl_id)) {
207	return $uids;
208	}
209	}
210	}
211
212	/**
213	* This is also required by ACL module.
214	*/
215	function image_gallery_access_enabled($set = NULL) {
216	static $enabled = TRUE;
217	if ($set !== NULL) {
218	$enabled = $set;
219	}
220	return $enabled;
221	}
222
223	/**
224	* Implementation of hook_enable().
225	*/
226	function image_gallery_access_enable() {
227	node_access_needs_rebuild();
228	}
229
230	/**
231	* Implementation of hook_disable().
232	*/
233	function image_gallery_access_disable() {
234	image_gallery_access_enabled(FALSE);
235	node_access_needs_rebuild();
236	}
237
238	/**
239	* See if a given user has access to an image gallery.
240	*
241	* $tid -- the tid of the image gallery
242	* $type -- view, update, delete or create
243	* $account -- the account to test for. If NULL use current user.
244	*/
245	function image_gallery_access_access($tid, $type, $account = NULL) {
246	static $cache = array();
247
248	if (!$account) {
249	global $user;
250	$account = $user;
251	}
252
253	if ($account->uid == 1) {
254	return TRUE;
255	}
256
257	if (!isset($cache[$account->uid][$tid][$type])) {
258	$roles = _image_gallery_access_get_roles($account);
259	$result = db_result(db_query("SELECT tid FROM {image_gallery_access} WHERE rid IN (%s) AND grant_%s = 1 AND tid = %d", $roles, $type, $tid));
260
261	if ($result) {
262	$cache[$account->uid][$tid][$type] = TRUE;
263	}
264	else {
265	// check our moderators too
266	$acl_id = db_result(db_query("SELECT acl_id from {acl} WHERE module = 'image_gallery_access' AND name = '%d'", $tid));
267	$result = db_result(db_query("SELECT uid FROM {acl_user} WHERE acl_id = %d AND uid = %d", $acl_id, $account->uid));
268	if ($result) {
269	$cache[$account->uid][$tid][$type] = TRUE;
270	}
271	else {
272	$cache[$account->uid][$tid][$type] = FALSE;
273	}
274	}
275	}
276	return $cache[$account->uid][$tid][$type];
277	}
278
279	/**
280	* Get the roles of a user.
281	*/
282	function _image_gallery_access_get_roles($account) {
283	return implode(', ', array_keys($account->roles));
284	}
285
286	/**
287	* Implementation of hook_node_access_explain().
288	*/
289	function image_gallery_access_node_access_explain($row) {
290	static $roles = NULL;
291	if ($row->realm == 'image_gallery_access') {
292	if (!isset($roles)) {
293	$roles = user_roles();
294	}
295	if (isset($roles[$row->gid])) {
296	return array($roles[$row->gid]);
297	}
298	return array('(unknown gid)');
299	}
300	}