modules/na_arbitrator/forum_access.module

<?php
// $Id: forum_access.module,v 1.7 2006/04/09 06:08:32 merlinofchaos Exp $

/**
 * @file forum_access.module
 *
 * This module is a demo of the na_arbitrator module, to create access permissions
 * that exist only for forums. It is not as thorough a solution as taxonomy
 * access, but that's more than I want to write as a demo.
 *
 */

/**
 * Implementation of hook_help
 */
function forum_access_help($section) {
  switch($section) {
    case 'admin/modules#description':
      return t('forum access allows role-based access permissions to forums.');
  }
}

/**
 * This function supplies the forum access grants. forum_access simply uses
 * roles as ACLs, so rids translate directly to gids.
 */
function forum_access_node_grants($user, $op) {
  $grants['forum_access'] = array_keys($user->roles);
  return $grants;
}

/**
 * Implementation of hook_node_access_grants
 *
 * Returns a list of grant records for the passed in node object.
 */
function forum_access_node_access_grants($node) {
  if ($node->type == 'forum') {
    $result = db_query('SELECT * FROM {forum_access} WHERE tid = %d', $node->tid);
    while ($grant = db_fetch_object($result)) {
      $grants[] = array('realm' => 'forum_access', 'gid' => $grant->rid, 'grant_view' => $grant->grant_view, 'grant_update' => $grant->grant_update, 'grant_delete' => $grant->grant_delete); 
    }
    return $grants;
  }
}

/**
 * Implementation of hook_form_alter()
 *
 * Remove inaccessible forums from the node form.
 */
function forum_access_form_alter($form_id, &$form) {
  if (isset($form['type']) && $form['type']['#value'] .'_node_form' == $form_id) {
    forum_access_node_form($form_id, $form);
  }
  else if ($form_id == 'forum_form_container') {
    forum_access_forum_form($form_id, $form, TRUE);
  }
  else if ($form_id == 'forum_form_forum') {
    forum_access_forum_form($form_id, $form, FALSE);
  }
  // hunmonk's module dependency check: see http://drupal.org/node/54463
  if ($form_id == 'system_modules' && !$_POST) {
    forum_access_system_module_validate($form);
  }
}

/**
 * hunmonk's module dependency check: see http://drupal.org/node/54463
 */
function forum_access_system_module_validate(&$form) {
  $module = 'forum_access';
  $dependencies = array('na_arbitrator', 'forum', 'acl');
  foreach ($dependencies as $dependency) {
      if (!in_array($dependency, $form['status']['#default_value'])) {
        $missing_dependency = TRUE;
        $missing_dependency_list[] = $dependency;
      }
  }
  if (in_array($module, $form['status']['#default_value']) && isset($missing_dependency)) {
    db_query("UPDATE {system} SET status = 0 WHERE type = 'module' AND name = '%s'", $module);
    $key = array_search($module, $form['status']['#default_value']);
    unset($form['status']['#default_value'][$key]);
    drupal_set_message(t('The module %module was deactivated--it requires the following disabled/non-existent modules to function properly: %dependencies', array('%module' => $module, '%dependencies' => implode(', ', $missing_dependency_list))), 'error');
  }
}

/**
 * Rewrite the taxonomy item on the node form
 */
function forum_access_node_form($form_id, &$form) {
  if (!is_array($form['taxonomy'][_forum_get_vid()]['#options'])) {
    return;
  }
  global $user;
  $roles = implode(', ', array_keys($user->roles));
  $result = db_query("SELECT tid FROM {forum_access} WHERE rid IN (%s) AND grant_create = 1", $roles);
  while ($obj = db_fetch_object($result)) {
    $tids[$obj->tid] = $obj->tid;
  }
  foreach ($form['taxonomy'][_forum_get_vid()]['#options'] as $tid => $name) {
    if ($tids[$tid]) {
      $options[$tid] = $name;
    }
  }

  if ($options) {
    $form['taxonomy'][_forum_get_vid()]['#options'] = $options;
  }
  else {
    unset($form['taxonomy'][_forum_get_vid()]);
  }
}

/**
 * Rewrite the taxonomy item on the node form
 */
function forum_access_forum_form($form_id, &$form, $container) {
  $rids = array();
  $result = db_query("SELECT r.rid, r.name FROM {role} r ORDER BY r.name");
  while ($obj = db_fetch_object($result)) {
    $rids[$obj->rid] = $obj->name;
  }

  if ($form['tid']['#value']) {
    $result = db_query("SELECT * FROM {forum_access} where tid=%d", $form['tid']['#value']);
    if (db_num_rows($result) == 0) {
      $view = $update = $delete = $create = array(1, 2);
    }

    while ($fa = db_fetch_object($result)) {
      if ($fa->grant_view) {
        $view[] = $fa->rid;
      }
      if ($fa->grant_update) {
        $update[] = $fa->rid;
      }
      if ($fa->grant_delete) {
        $delete[] = $fa->rid;
      }
      if ($fa->grant_create) {
        $create[] = $fa->rid;
      }
    }
  }
  else {
    // Default to all users can read; all logged in users can post.
    $view = $update = $delete = array(1, 2);
    $create = array(2);
  }
  
  $form['forum_access'] = array('#type' => 'fieldset', 
    '#title' => t('Access control'),
    '#collapsible' => TRUE,
    '#tree' => TRUE,
  );

  $form['forum_access']['view'] = array('#type' => 'checkboxes',
    '#options' => $rids,
    '#title' => t('Roles who can view this forum'),
    '#default_value' => $view
  );

  // Containers can only be viewed; they can't be posted to
  // so these fields become meaningless for them.
  if (!$container) {
    $form['forum_access']['create'] = array('#type' => 'checkboxes',
      '#options' => $rids,
      '#title' => t('Roles who can post in this forum'),
      '#default_value' => $create
    );
    $form['forum_access']['update'] = array('#type' => 'checkboxes',
      '#options' => $rids,
      '#title' => t('Roles who can edit posts in this forum'),
      '#default_value' => $update
    );
    $form['forum_access']['delete'] = array('#type' => 'checkboxes',
      '#options' => $rids,
      '#title' => t('Roles who can delete posts in this forum'),
      '#default_value' => $delete
    );
  }
  // Find our moderator ACL:

  if ($form['tid']['#value']) {
    $acl_id = db_result(db_query("SELECT acl_id from {acl} WHERE module = 'forum_access' && name = %d", $form['tid']['#value']));
    if (!$acl_id) { // create one
      $acl_id = acl_create_new_acl('forum_access', $form['tid']['#value']);
      // update every existing node in this forum to use this acl.
      $result = db_query("SELECT nid FROM {term_node} WHERE tid = %d", $form['tid']['#value']);
      while ($node = db_fetch_object($result)) {
        // all privs to this ACL.
        acl_node_add_acl($node->nid, $acl_id, 1, 1, 1);
      }
    }
    $form['forum_access']['acl'] = acl_edit_form($acl_id, 'Moderators');
    // Move some stuff down so our block goes in a nice place.
  }
  $form['submit']['#weight'] = 10;
  $form['delete']['#weight'] = 10;

  $form['#submit']['forum_access_form_submit'] = current($form['#submit']);
}

function forum_access_form_submit($form_id, $form_values) {
  db_query("DELETE FROM {forum_access} WHERE tid = %d", $form_values['tid']);
  $access = $form_values['forum_access']; // shortcut
  if (array_key_exists('acl', $access)) {
    acl_save_form($access['acl']);
  }
  foreach($access['view'] as $rid => $checked) {
    $grants[] = array(
      'realm' => 'forum_access',
      'gid' => $rid,
      'grant_view' => (bool) $checked,
      'grant_update' => (bool) $access['update'][$rid],
      'grant_delete' => (bool) $access['delete'][$rid],
    );
    db_query("INSERT INTO {forum_access} (tid, rid, grant_view, grant_update, grant_delete, grant_create) VALUES (%d, %d, %d, %d, %d, %d)", $form_values['tid'], $rid, (bool) $checked, (bool) $access['update'][$rid], (bool) $access['delete'][$rid], (bool) $access['create'][$rid]);
  }

  // mass update
  $result = db_query("SELECT n.nid FROM {node} n LEFT JOIN {term_node} tn ON tn.nid = n.nid WHERE tn.tid = %d", $form_values['tid']);
  while ($node = db_fetch_object($result)) {
    na_arbitrator_write_grants($node, $grants, 'forum_access');
  }
}

/**
 * Because in order to restrict the visible forums, we have to rewrite
 * the sql. This is because there isn't a node_access equivalent for
 * taxonomy. There should be.
 */
function forum_access_db_rewrite_sql($query, $primary_table, $primary_field, $args) {
  if ($primary_field == 'tid') {
    if (user_access('administer forums')) {
      return;
    }
    global $user;
    $roles = implode(',', array_keys($user->roles));
    $sql['join'] = "LEFT JOIN {forum_access} fa ON $primary_table.tid = fa.tid";
    $sql['where'] = "(fa.grant_view >= 1 AND fa.rid IN ($roles)) OR fa.tid IS NULL";
    $sql['distinct'] = 1;
    return $sql;
  }
}

/**
 * nodeapi hook to add ACL data to fresh forum posts.
 */
function forum_access_nodeapi(&$node, $op, $teaser = NULL, $page = NULL) {
  if ($node && $node->type == 'forum' && $op == 'insert') {
    $acl_id = db_result(db_query("SELECT acl_id from {acl} WHERE module = 'forum_access' && name = %d", $node->tid));
    acl_node_add_acl($node->nid, $acl_id, 1, 1, 1);
 }
}
1	<?php
2	// $Id: forum_access.module,v 1.7 2006/04/09 06:08:32 merlinofchaos Exp $
3
4	/**
5	* @file forum_access.module
6	*
7	* This module is a demo of the na_arbitrator module, to create access permissions
8	* that exist only for forums. It is not as thorough a solution as taxonomy
9	* access, but that's more than I want to write as a demo.
10	*
11	*/
12
13	/**
14	* Implementation of hook_help
15	*/
16	function forum_access_help($section) {
17	switch($section) {
18	case 'admin/modules#description':
19	return t('forum access allows role-based access permissions to forums.');
20	}
21	}
22
23	/**
24	* This function supplies the forum access grants. forum_access simply uses
25	* roles as ACLs, so rids translate directly to gids.
26	*/
27	function forum_access_node_grants($user, $op) {
28	$grants['forum_access'] = array_keys($user->roles);
29	return $grants;
30	}
31
32	/**
33	* Implementation of hook_node_access_grants
34	*
35	* Returns a list of grant records for the passed in node object.
36	*/
37	function forum_access_node_access_grants($node) {
38	if ($node->type == 'forum') {
39	$result = db_query('SELECT * FROM {forum_access} WHERE tid = %d', $node->tid);
40	while ($grant = db_fetch_object($result)) {
41	$grants[] = array('realm' => 'forum_access', 'gid' => $grant->rid, 'grant_view' => $grant->grant_view, 'grant_update' => $grant->grant_update, 'grant_delete' => $grant->grant_delete);
42	}
43	return $grants;
44	}
45	}
46
47	/**
48	* Implementation of hook_form_alter()
49	*
50	* Remove inaccessible forums from the node form.
51	*/
52	function forum_access_form_alter($form_id, &$form) {
53	if (isset($form['type']) && $form['type']['#value'] .'_node_form' == $form_id) {
54	forum_access_node_form($form_id, $form);
55	}
56	else if ($form_id == 'forum_form_container') {
57	forum_access_forum_form($form_id, $form, TRUE);
58	}
59	else if ($form_id == 'forum_form_forum') {
60	forum_access_forum_form($form_id, $form, FALSE);
61	}
62	// hunmonk's module dependency check: see http://drupal.org/node/54463
63	if ($form_id == 'system_modules' && !$_POST) {
64	forum_access_system_module_validate($form);
65	}
66	}
67
68	/**
69	* hunmonk's module dependency check: see http://drupal.org/node/54463
70	*/
71	function forum_access_system_module_validate(&$form) {
72	$module = 'forum_access';
73	$dependencies = array('na_arbitrator', 'forum', 'acl');
74	foreach ($dependencies as $dependency) {
75	if (!in_array($dependency, $form['status']['#default_value'])) {
76	$missing_dependency = TRUE;
77	$missing_dependency_list[] = $dependency;
78	}
79	}
80	if (in_array($module, $form['status']['#default_value']) && isset($missing_dependency)) {
81	db_query("UPDATE {system} SET status = 0 WHERE type = 'module' AND name = '%s'", $module);
82	$key = array_search($module, $form['status']['#default_value']);
83	unset($form['status']['#default_value'][$key]);
84	drupal_set_message(t('The module %module was deactivated--it requires the following disabled/non-existent modules to function properly: %dependencies', array('%module' => $module, '%dependencies' => implode(', ', $missing_dependency_list))), 'error');
85	}
86	}
87
88	/**
89	* Rewrite the taxonomy item on the node form
90	*/
91	function forum_access_node_form($form_id, &$form) {
92	if (!is_array($form['taxonomy'][_forum_get_vid()]['#options'])) {
93	return;
94	}
95	global $user;
96	$roles = implode(', ', array_keys($user->roles));
97	$result = db_query("SELECT tid FROM {forum_access} WHERE rid IN (%s) AND grant_create = 1", $roles);
98	while ($obj = db_fetch_object($result)) {
99	$tids[$obj->tid] = $obj->tid;
100	}
101	foreach ($form['taxonomy'][_forum_get_vid()]['#options'] as $tid => $name) {
102	if ($tids[$tid]) {
103	$options[$tid] = $name;
104	}
105	}
106
107	if ($options) {
108	$form['taxonomy'][_forum_get_vid()]['#options'] = $options;
109	}
110	else {
111	unset($form['taxonomy'][_forum_get_vid()]);
112	}
113	}
114
115	/**
116	* Rewrite the taxonomy item on the node form
117	*/
118	function forum_access_forum_form($form_id, &$form, $container) {
119	$rids = array();
120	$result = db_query("SELECT r.rid, r.name FROM {role} r ORDER BY r.name");
121	while ($obj = db_fetch_object($result)) {
122	$rids[$obj->rid] = $obj->name;
123	}
124
125	if ($form['tid']['#value']) {
126	$result = db_query("SELECT * FROM {forum_access} where tid=%d", $form['tid']['#value']);
127	if (db_num_rows($result) == 0) {
128	$view = $update = $delete = $create = array(1, 2);
129	}
130
131	while ($fa = db_fetch_object($result)) {
132	if ($fa->grant_view) {
133	$view[] = $fa->rid;
134	}
135	if ($fa->grant_update) {
136	$update[] = $fa->rid;
137	}
138	if ($fa->grant_delete) {
139	$delete[] = $fa->rid;
140	}
141	if ($fa->grant_create) {
142	$create[] = $fa->rid;
143	}
144	}
145	}
146	else {
147	// Default to all users can read; all logged in users can post.
148	$view = $update = $delete = array(1, 2);
149	$create = array(2);
150	}
151
152	$form['forum_access'] = array('#type' => 'fieldset',
153	'#title' => t('Access control'),
154	'#collapsible' => TRUE,
155	'#tree' => TRUE,
156	);
157
158	$form['forum_access']['view'] = array('#type' => 'checkboxes',
159	'#options' => $rids,
160	'#title' => t('Roles who can view this forum'),
161	'#default_value' => $view
162	);
163
164	// Containers can only be viewed; they can't be posted to
165	// so these fields become meaningless for them.
166	if (!$container) {
167	$form['forum_access']['create'] = array('#type' => 'checkboxes',
168	'#options' => $rids,
169	'#title' => t('Roles who can post in this forum'),
170	'#default_value' => $create
171	);
172	$form['forum_access']['update'] = array('#type' => 'checkboxes',
173	'#options' => $rids,
174	'#title' => t('Roles who can edit posts in this forum'),
175	'#default_value' => $update
176	);
177	$form['forum_access']['delete'] = array('#type' => 'checkboxes',
178	'#options' => $rids,
179	'#title' => t('Roles who can delete posts in this forum'),
180	'#default_value' => $delete
181	);
182	}
183	// Find our moderator ACL:
184
185	if ($form['tid']['#value']) {
186	$acl_id = db_result(db_query("SELECT acl_id from {acl} WHERE module = 'forum_access' && name = %d", $form['tid']['#value']));
187	if (!$acl_id) { // create one
188	$acl_id = acl_create_new_acl('forum_access', $form['tid']['#value']);
189	// update every existing node in this forum to use this acl.
190	$result = db_query("SELECT nid FROM {term_node} WHERE tid = %d", $form['tid']['#value']);
191	while ($node = db_fetch_object($result)) {
192	// all privs to this ACL.
193	acl_node_add_acl($node->nid, $acl_id, 1, 1, 1);
194	}
195	}
196	$form['forum_access']['acl'] = acl_edit_form($acl_id, 'Moderators');
197	// Move some stuff down so our block goes in a nice place.
198	}
199	$form['submit']['#weight'] = 10;
200	$form['delete']['#weight'] = 10;
201
202	$form['#submit']['forum_access_form_submit'] = current($form['#submit']);
203	}
204
205	function forum_access_form_submit($form_id, $form_values) {
206	db_query("DELETE FROM {forum_access} WHERE tid = %d", $form_values['tid']);
207	$access = $form_values['forum_access']; // shortcut
208	if (array_key_exists('acl', $access)) {
209	acl_save_form($access['acl']);
210	}
211	foreach($access['view'] as $rid => $checked) {
212	$grants[] = array(
213	'realm' => 'forum_access',
214	'gid' => $rid,
215	'grant_view' => (bool) $checked,
216	'grant_update' => (bool) $access['update'][$rid],
217	'grant_delete' => (bool) $access['delete'][$rid],
218	);
219	db_query("INSERT INTO {forum_access} (tid, rid, grant_view, grant_update, grant_delete, grant_create) VALUES (%d, %d, %d, %d, %d, %d)", $form_values['tid'], $rid, (bool) $checked, (bool) $access['update'][$rid], (bool) $access['delete'][$rid], (bool) $access['create'][$rid]);
220	}
221
222	// mass update
223	$result = db_query("SELECT n.nid FROM {node} n LEFT JOIN {term_node} tn ON tn.nid = n.nid WHERE tn.tid = %d", $form_values['tid']);
224	while ($node = db_fetch_object($result)) {
225	na_arbitrator_write_grants($node, $grants, 'forum_access');
226	}
227	}
228
229	/**
230	* Because in order to restrict the visible forums, we have to rewrite
231	* the sql. This is because there isn't a node_access equivalent for
232	* taxonomy. There should be.
233	*/
234	function forum_access_db_rewrite_sql($query, $primary_table, $primary_field, $args) {
235	if ($primary_field == 'tid') {
236	if (user_access('administer forums')) {
237	return;
238	}
239	global $user;
240	$roles = implode(',', array_keys($user->roles));
241	$sql['join'] = "LEFT JOIN {forum_access} fa ON $primary_table.tid = fa.tid";
242	$sql['where'] = "(fa.grant_view >= 1 AND fa.rid IN ($roles)) OR fa.tid IS NULL";
243	$sql['distinct'] = 1;
244	return $sql;
245	}
246	}
247
248	/**
249	* nodeapi hook to add ACL data to fresh forum posts.
250	*/
251	function forum_access_nodeapi(&$node, $op, $teaser = NULL, $page = NULL) {
252	if ($node && $node->type == 'forum' && $op == 'insert') {
253	$acl_id = db_result(db_query("SELECT acl_id from {acl} WHERE module = 'forum_access' && name = %d", $node->tid));
254	acl_node_add_acl($node->nid, $acl_id, 1, 1, 1);
255	}
256	}