modules/level1/level1.module

<?php
function level1_menu($may_cache) {
  $items = array();

  if ($may_cache) {
    $items[] = array(
      'path' => 'admin/settings/level1',
      'title' => t('Level1'),
      'description' => t('Level1 Access Settings'),
      'callback' => 'drupal_get_form',
      'callback arguments' => 'level1_admin_settings',
      'access' => user_access('administer site configuration'),
    );
  }
  
  return $items;
}

function level1_admin_settings() {
  $options     = array();
  $options[0] = '<none>';
  $vocabs = taxonomy_get_vocabularies();
  foreach ($vocabs as $vid => $vocab) {
    $options[$vid] = $vocab->name;
  }
  $form['level1_category'] = array(
    '#title' => t('Level1 Category'),    
    '#type' => 'select',
    '#options' => $options,
    '#default_value' => variable_get('level1_category', ''),  
    '#description' => 'Vocabulary for defining Level1 node access grants.',
    '#suffix' => '<p>NOTE: You must ' . l('rebuild', 'admin/content/node-settings/rebuild', array(), drupal_get_destination()) . ' your node permissions for any changes to take effect.</p>'
  );
  
  return system_settings_form($form); 
}


function level1_node_grants($account, $op) {
  $terms = array();
  if ($account->level1_access > 0) {
    $vid = variable_get('level1_category', '0');
    $tree = taxonomy_get_tree($vid);
    foreach ($tree as $terminfo) {
      $terms[] = $terminfo->tid;
      if ($terminfo->tid == $account->level1_access)
        break;
    }
  }

  $grants = array('level1_access' => $terms);
  return $grants;
}

function level1_node_access_records($node) {
  $vid = variable_get('level1_category', '0');
  $node_terms = taxonomy_node_get_terms_by_vocabulary($node->nid, $vid);  
  $grants = array();
  foreach ($node_terms as $term) {
    $grant = db_fetch_object(db_query("SELECT grant_view, grant_update, grant_delete FROM {level1_access} WHERE nid = %d AND gid = %d", $node->nid, $term->tid));
    if ($grant) {
      $grants[] = array(
        'realm' => 'level1_access',
        'gid' => $term->tid,
        'grant_view' => $grant->grant_view,
        'grant_update' => $grant->grant_update,
        'grant_delete' => $grant->grant_delete,
        'priority' => 0,
      ); 
    }
  }

  return $grants;
}

function level1_user_operations() {
  global $form_values;

  $vid = variable_get('level1_category', '0');
  $tree = taxonomy_get_tree($vid);
  foreach ($tree as $term) {
    $grants['level1_access_set_level-'.$term->tid] = t('!term', array('!term' => $term->name));
  }

  $operations = array();
  if (count($grants) > 0)
    $operations["Set Level1 Access"] = array('label' => $grants);

  if ($form_values) {
    $operation_args = explode('-', $form_values['operation']);
    if ($operation_args[0] == 'level1_access_set_level') {
      if (user_access('administer access control')) {
        $operations[$form_values['operation']] = array(
          'callback' => 'level1_user_operations_set_level',
          'callback arguments' => array($operation_args[1]),
        );
      }
      else {
        watchdog('security', t('Level1: Detected malicious attempt to alter user access permissions.'), WATCHDOG_WARNING);
        return;
      }
    }
  }
  
  return $operations;
}

function level1_user_operations_set_level($accounts, $tid) {
  foreach ($accounts as $uid) {
    $account = user_load(array('uid' => (int)$uid));
    user_save($account, array('level1_access' => $tid));
  }
}

function level1_user($op, &$edit, &$account, $category = NULL) {
  $function = "level1_user_op_$op";
  if (function_exists($function))
    return $function($edit, &$account, $category);
}

function level1_user_op_form(&$edit, &$account, $category) {
  if (user_access('administer users')) {
    $vid = variable_get('level1_category', '0');
    $level_select = taxonomy_form($vid, $account->level1_access);
    $level_select['#title'] = t('Level1 Access Level');
    $level_select['#description'] = t('This user will be able to access all content that is categorized at or below this level');
    $form['account']['level1_access'] = $level_select;
    return $form;
  }
}

function level1_user_op_view(&$edit, &$account, $category) {
  if (user_access('administer users')) {
    $vid = variable_get('level1_category', '0');
    $tree = taxonomy_get_tree($vid);
    $items['level1'] = array('title' => t('Current Level'),
      'value' => "None",
      'class' => 'member',
    );
    while (count($tree) > 0) {
      $value = array_pop($tree);
      if ($value->tid == $account->level1_access) {
        $items['level1'] = array('title' => t('Current Level'),
          'value' => $value->name,
          'class' => 'member',
        );
      }
    }
    return array(t('Level1 Access') => $items);       
  }
}

function level1_nodeapi(&$node, $op, $a3 = NULL, $a4 = NULL) {
  $vid = variable_get('level1_category', '0');
  $vocab = taxonomy_get_vocabulary($vid);
  if (in_array($node->type, $vocab->nodes)) {    
    $function = "level1_nodeapi_op_$op";
    //drupal_set_message($function);
    if (function_exists($function))
      return $function($node, $a3, $a4);
  }
}

function level1_nodeapi_op_load(&$node, $a3, $a4) {
  $result = db_fetch_array(db_query('SELECT grant_view, grant_update, grant_delete FROM {level1_access} WHERE nid = %d', $node->nid));
  if (!$result) {
    // TODO add defaults per node type
    return array('level1_grants' => array('grant_view' => 0, 'grant_update' => 0, 'grant_delete' => 0));
  }
  $add = array('level1_grants' => $result);
  return $add;
}

function level1_nodeapi_op_prepare(&$node, $a3, $a4) {
  if ($node->level1_grants == NULL) {
    // TODO add defaults per node type
    $node->level1_grants = array('grant_view' => 0, 'grant_update' => 0, 'grant_delete' => 0);
  }
}

function level1_nodeapi_op_insert(&$node, $a3, $a4) {
  level1_update_level1_access($node);
}

function level1_nodeapi_op_update(&$node, $a3, $a4) {
  level1_update_level1_access($node);
}

function level1_nodeapi_op_delete(&$node, $a3, $a4) {
  db_query("DELETE FROM {level1_access} WHERE nid = %d", $node->nid);
}

function level1_update_level1_access(&$node) {
  db_query("DELETE FROM {level1_access} WHERE nid = %d", $node->nid);

  $vid = variable_get('level1_category', '0');
  foreach ($node->taxonomy[$vid] as $tid) {
    if ($tid != 0) {
      db_query("INSERT INTO {level1_access} (nid, gid, realm, grant_view, grant_update, grant_delete) VALUES (%d, %d, '%s', %d, %d, %d)", array($node->nid, $tid, "level1_access") + $node->level1_grants);
    }
  }
}

function level1_form_alter($form_id, &$form) {
  if (strpos($form_id, 'node_form')) {
    level1_form_alter_node_form($form);
  }
}

function level1_form_alter_node_form(&$form) {
  $vid = variable_get('level1_category', '0');
  $vocab = taxonomy_get_vocabulary($vid);
  if (in_array($form['type']['#value'], $vocab->nodes)) {    
    $node = $form['#node'];

    $temp = $form['taxonomy'][$vid];
    
    $form['taxonomy'][$vid] = array(
      '#type' => 'fieldset',
      '#tree' => TRUE,
      '#title' => t('Level1 Access Grants'),
      '#collapsible' => TRUE,
      '#collapsed' => FALSE,
      '#weight' => $form['taxonomy'][$vid]['#weight']
    ); 
    
    $form['taxonomy'][$vid][$vid] = $temp;

    if ($node->level1_grants) {   
      // The grant information must not be part of the $form['taxonomy'] tree otherwise it will break the taxonomy_node_save method
      // T o handle this add in a wrapper for the grant information with #tree = false then add the grant checkboxes to it      
      $form['taxonomy'][$vid]['grants'] = array('#tree' => FALSE);
      $form['taxonomy'][$vid]['grants']['level1_grants'] = array('#tree' => TRUE);
      foreach ($node->level1_grants as $key => $value) {
        $form['taxonomy'][$vid]['grants']['level1_grants'][$key] = array(
          '#type' => 'checkbox',
          '#title' => t(str_replace('_',' ', $key)),
          '#default_value' => $value
        );
      }
    }
  }
}
1	<?php
2	function level1_menu($may_cache) {
3	$items = array();
4
5	if ($may_cache) {
6	$items[] = array(
7	'path' => 'admin/settings/level1',
8	'title' => t('Level1'),
9	'description' => t('Level1 Access Settings'),
10	'callback' => 'drupal_get_form',
11	'callback arguments' => 'level1_admin_settings',
12	'access' => user_access('administer site configuration'),
13	);
14	}
15
16	return $items;
17	}
18
19	function level1_admin_settings() {
20	$options = array();
21	$options[0] = '<none>';
22	$vocabs = taxonomy_get_vocabularies();
23	foreach ($vocabs as $vid => $vocab) {
24	$options[$vid] = $vocab->name;
25	}
26	$form['level1_category'] = array(
27	'#title' => t('Level1 Category'),
28	'#type' => 'select',
29	'#options' => $options,
30	'#default_value' => variable_get('level1_category', ''),
31	'#description' => 'Vocabulary for defining Level1 node access grants.',
32	'#suffix' => '<p>NOTE: You must ' . l('rebuild', 'admin/content/node-settings/rebuild', array(), drupal_get_destination()) . ' your node permissions for any changes to take effect.</p>'
33	);
34
35	return system_settings_form($form);
36	}
37
38
39	function level1_node_grants($account, $op) {
40	$terms = array();
41	if ($account->level1_access > 0) {
42	$vid = variable_get('level1_category', '0');
43	$tree = taxonomy_get_tree($vid);
44	foreach ($tree as $terminfo) {
45	$terms[] = $terminfo->tid;
46	if ($terminfo->tid == $account->level1_access)
47	break;
48	}
49	}
50
51	$grants = array('level1_access' => $terms);
52	return $grants;
53	}
54
55	function level1_node_access_records($node) {
56	$vid = variable_get('level1_category', '0');
57	$node_terms = taxonomy_node_get_terms_by_vocabulary($node->nid, $vid);
58	$grants = array();
59	foreach ($node_terms as $term) {
60	$grant = db_fetch_object(db_query("SELECT grant_view, grant_update, grant_delete FROM {level1_access} WHERE nid = %d AND gid = %d", $node->nid, $term->tid));
61	if ($grant) {
62	$grants[] = array(
63	'realm' => 'level1_access',
64	'gid' => $term->tid,
65	'grant_view' => $grant->grant_view,
66	'grant_update' => $grant->grant_update,
67	'grant_delete' => $grant->grant_delete,
68	'priority' => 0,
69	);
70	}
71	}
72
73	return $grants;
74	}
75
76	function level1_user_operations() {
77	global $form_values;
78
79	$vid = variable_get('level1_category', '0');
80	$tree = taxonomy_get_tree($vid);
81	foreach ($tree as $term) {
82	$grants['level1_access_set_level-'.$term->tid] = t('!term', array('!term' => $term->name));
83	}
84
85	$operations = array();
86	if (count($grants) > 0)
87	$operations["Set Level1 Access"] = array('label' => $grants);
88
89	if ($form_values) {
90	$operation_args = explode('-', $form_values['operation']);
91	if ($operation_args[0] == 'level1_access_set_level') {
92	if (user_access('administer access control')) {
93	$operations[$form_values['operation']] = array(
94	'callback' => 'level1_user_operations_set_level',
95	'callback arguments' => array($operation_args[1]),
96	);
97	}
98	else {
99	watchdog('security', t('Level1: Detected malicious attempt to alter user access permissions.'), WATCHDOG_WARNING);
100	return;
101	}
102	}
103	}
104
105	return $operations;
106	}
107
108	function level1_user_operations_set_level($accounts, $tid) {
109	foreach ($accounts as $uid) {
110	$account = user_load(array('uid' => (int)$uid));
111	user_save($account, array('level1_access' => $tid));
112	}
113	}
114
115	function level1_user($op, &$edit, &$account, $category = NULL) {
116	$function = "level1_user_op_$op";
117	if (function_exists($function))
118	return $function($edit, &$account, $category);
119	}
120
121	function level1_user_op_form(&$edit, &$account, $category) {
122	if (user_access('administer users')) {
123	$vid = variable_get('level1_category', '0');
124	$level_select = taxonomy_form($vid, $account->level1_access);
125	$level_select['#title'] = t('Level1 Access Level');
126	$level_select['#description'] = t('This user will be able to access all content that is categorized at or below this level');
127	$form['account']['level1_access'] = $level_select;
128	return $form;
129	}
130	}
131
132	function level1_user_op_view(&$edit, &$account, $category) {
133	if (user_access('administer users')) {
134	$vid = variable_get('level1_category', '0');
135	$tree = taxonomy_get_tree($vid);
136	$items['level1'] = array('title' => t('Current Level'),
137	'value' => "None",
138	'class' => 'member',
139	);
140	while (count($tree) > 0) {
141	$value = array_pop($tree);
142	if ($value->tid == $account->level1_access) {
143	$items['level1'] = array('title' => t('Current Level'),
144	'value' => $value->name,
145	'class' => 'member',
146	);
147	}
148	}
149	return array(t('Level1 Access') => $items);
150	}
151	}
152
153	function level1_nodeapi(&$node, $op, $a3 = NULL, $a4 = NULL) {
154	$vid = variable_get('level1_category', '0');
155	$vocab = taxonomy_get_vocabulary($vid);
156	if (in_array($node->type, $vocab->nodes)) {
157	$function = "level1_nodeapi_op_$op";
158	//drupal_set_message($function);
159	if (function_exists($function))
160	return $function($node, $a3, $a4);
161	}
162	}
163
164	function level1_nodeapi_op_load(&$node, $a3, $a4) {
165	$result = db_fetch_array(db_query('SELECT grant_view, grant_update, grant_delete FROM {level1_access} WHERE nid = %d', $node->nid));
166	if (!$result) {
167	// TODO add defaults per node type
168	return array('level1_grants' => array('grant_view' => 0, 'grant_update' => 0, 'grant_delete' => 0));
169	}
170	$add = array('level1_grants' => $result);
171	return $add;
172	}
173
174	function level1_nodeapi_op_prepare(&$node, $a3, $a4) {
175	if ($node->level1_grants == NULL) {
176	// TODO add defaults per node type
177	$node->level1_grants = array('grant_view' => 0, 'grant_update' => 0, 'grant_delete' => 0);
178	}
179	}
180
181	function level1_nodeapi_op_insert(&$node, $a3, $a4) {
182	level1_update_level1_access($node);
183	}
184
185	function level1_nodeapi_op_update(&$node, $a3, $a4) {
186	level1_update_level1_access($node);
187	}
188
189	function level1_nodeapi_op_delete(&$node, $a3, $a4) {
190	db_query("DELETE FROM {level1_access} WHERE nid = %d", $node->nid);
191	}
192
193	function level1_update_level1_access(&$node) {
194	db_query("DELETE FROM {level1_access} WHERE nid = %d", $node->nid);
195
196	$vid = variable_get('level1_category', '0');
197	foreach ($node->taxonomy[$vid] as $tid) {
198	if ($tid != 0) {
199	db_query("INSERT INTO {level1_access} (nid, gid, realm, grant_view, grant_update, grant_delete) VALUES (%d, %d, '%s', %d, %d, %d)", array($node->nid, $tid, "level1_access") + $node->level1_grants);
200	}
201	}
202	}
203
204	function level1_form_alter($form_id, &$form) {
205	if (strpos($form_id, 'node_form')) {
206	level1_form_alter_node_form($form);
207	}
208	}
209
210	function level1_form_alter_node_form(&$form) {
211	$vid = variable_get('level1_category', '0');
212	$vocab = taxonomy_get_vocabulary($vid);
213	if (in_array($form['type']['#value'], $vocab->nodes)) {
214	$node = $form['#node'];
215
216	$temp = $form['taxonomy'][$vid];
217
218	$form['taxonomy'][$vid] = array(
219	'#type' => 'fieldset',
220	'#tree' => TRUE,
221	'#title' => t('Level1 Access Grants'),
222	'#collapsible' => TRUE,
223	'#collapsed' => FALSE,
224	'#weight' => $form['taxonomy'][$vid]['#weight']
225	);
226
227	$form['taxonomy'][$vid][$vid] = $temp;
228
229	if ($node->level1_grants) {
230	// The grant information must not be part of the $form['taxonomy'] tree otherwise it will break the taxonomy_node_save method
231	// T o handle this add in a wrapper for the grant information with #tree = false then add the grant checkboxes to it
232	$form['taxonomy'][$vid]['grants'] = array('#tree' => FALSE);
233	$form['taxonomy'][$vid]['grants']['level1_grants'] = array('#tree' => TRUE);
234	foreach ($node->level1_grants as $key => $value) {
235	$form['taxonomy'][$vid]['grants']['level1_grants'][$key] = array(
236	'#type' => 'checkbox',
237	'#title' => t(str_replace('_',' ', $key)),
238	'#default_value' => $value
239	);
240	}
241	}
242	}
243	}