modules/na_arbitrator/workflow_access.module

<?php
// $Id: workflow_access.module,v 1.6 2006/09/09 17:30:12 merlinofchaos Exp $

/**
 * @file workflow_access.module
 *
 * This module is a demo of the na_arbitrator module, to create access permissions
 * that exist only for workflows. 
 *
 */

/**
 * Implementation of hook_help
 */
function workflow_access_help($section) {
  switch($section) {
    case 'admin/modules#description':
      return t('workflow access allows role-based access permissions to workflows.');
  }
}

/**
 * This function supplies the workflow access grants. workflow_access simply uses
 * roles as ACLs, so rids translate directly to gids.
 */
function workflow_access_node_grants($user, $op) {
  $grants['workflow_access'] = array_keys($user->roles);
  $grants['workflow_access_owner'] = array($user->uid);
  return $grants;
}

/**
 * Implementation of hook_node_access_grants
 *
 * Returns a list of grant records for the passed in node object.
 */
function workflow_access_node_access_grants($node) {
  $sid = db_result(db_query("SELECT sid FROM {workflow_node} WHERE nid = %d", $node->nid));
  if (is_numeric($sid)) {
    $result = db_query('SELECT * FROM {workflow_access} WHERE sid = %d', $sid);
    while ($grant = db_fetch_object($result)) {
      if ($grant->rid == -1) {
        $realm = 'workflow_access_owner';
        $gid = $node->uid;
      }
      else {
        $realm = 'workflow_access';
        $gid = $grant->rid;
      }
      $realm = $grant->rid != -1 ? 'workflow_access' : 'workflow_access_owner';
      $gid = 
      $grants[] = array('realm' => $realm, 'gid' => $gid, 'grant_view' => $grant->grant_view, 'grant_update' => $grant->grant_update, 'grant_delete' => $grant->grant_delete); 
    }
  }
  return $grants;
}

/**
 * Implementation of hook_form_alter()
 *
 * Remove inaccessible workflows from the node form.
 */
function workflow_access_form_alter($form_id, &$form) {
  if ($form_id == 'workflow_edit') {
    workflow_access_workflow_form($form_id, $form);
  }

  // hunmonk's module dependency check: see http://drupal.org/node/54463
  if ($form_id == 'system_modules' && !$_POST) {
    workflow_access_system_module_validate($form);
  }
}

/**
 * hunmonk's module dependency check: see http://drupal.org/node/54463
 */
function workflow_access_system_module_validate(&$form) {
  $module = 'workflow_access';
  $dependencies = array('na_arbitrator', 'workflow');
  foreach ($dependencies as $dependency) {
      if (!in_array($dependency, $form['status']['#default_value'])) {
        $missing_dependency = TRUE;
        $missing_dependency_list[] = $dependency;
      }
  }
  if (in_array($module, $form['status']['#default_value']) && isset($missing_dependency)) {
    db_query("UPDATE {system} SET status = 0 WHERE type = 'module' AND name = '%s'", $module);
    $key = array_search($module, $form['status']['#default_value']);
    unset($form['status']['#default_value'][$key]);
    drupal_set_message(t('The module %module was deactivated--it requires the following disabled/non-existent modules to function properly: %dependencies', array('%module' => $module, '%dependencies' => implode(', ', $missing_dependency_list))), 'error');
  }
}

/**
 * Add our items to the workflow edit form.
 */
function workflow_access_workflow_form($form_id, &$form) {
  $wid = $form['wid']['#value'];
  $rids = array('-1' => t('author'));
  $result = db_query("SELECT r.rid, r.name FROM {role} r ORDER BY r.name");
  while ($obj = db_fetch_object($result)) {
    $rids[$obj->rid] = $obj->name;
  }

  $states = workflow_get_states($wid);

  $form['workflow_access'] = array('#type' => 'fieldset', 
    '#title' => t('Access control'),
    '#collapsible' => TRUE,
    '#tree' => TRUE,
  );

  foreach ($states as $sid => $state) {
    $view = $update = $delete = array();

    $result = db_query("SELECT * from {workflow_access} where sid=%d", $sid);
    if (db_num_rows($result) == 0) {
      $view = array(1, 2);
    }

    while ($fa = db_fetch_object($result)) {
      if ($fa->grant_view) {
        $view[] = $fa->rid;
      }
      if ($fa->grant_update) {
        $update[] = $fa->rid;
      }
      if ($fa->grant_delete) {
        $delete[] = $fa->rid;
      }
    }
  
    $form['workflow_access'][$sid] = array('#type' => 'fieldset', 
      '#title' => $state,
      '#collapsible' => TRUE,
      '#tree' => TRUE,
    );

    $form['workflow_access'][$sid]['view'] = array('#type' => 'checkboxes',
      '#options' => $rids,
      '#default_value' => $view,
      '#title' => t('Roles who can view posts in this state'),
      '#prefix' => "<table width=100% border=0><tr><td>",
    );

    $form['workflow_access'][$sid]['update'] = array('#type' => 'checkboxes',
      '#options' => $rids,
      '#default_value' => $update,
      '#title' => t('Roles who can edit posts in this state'),
      '#prefix' => "</td><td>",
    );

    $form['workflow_access'][$sid]['delete'] = array('#type' => 'checkboxes',
      '#options' => $rids,
      '#default_value' => $delete,
      '#title' => t('Roles who can delete posts in this state'),
      '#prefix' => "</td><td>",
      '#suffix' => "</td></tr></table>",
    );
  }
  // Move some stuff down so our block goes in a nice place.
  $form['submit']['#weight'] = 10;

  $form['#submit']['workflow_access_form_submit'] = current($form['#submit']);
  $form['#submit']['workflow_access_form_submit'][0] = 'workflow_access_form_submit';
}

function workflow_access_form_submit($form_id, $form_values) {
  foreach($form_values['workflow_access'] as $sid => $access) {
    if (!is_numeric($sid)) {
      continue; // ignore keys that ain't us.
    }
    $grants = array();

    db_query("DELETE FROM {workflow_access} WHERE sid = %d", $sid);
    foreach($access['view'] as $rid => $checked) {
      if ($rid == -1) {
        $realm = 'workflow_access_owner';
        $gid = $node->uid;
      }
      else {
        $realm = 'workflow_access';
        $gid = $rid;
      }
      $grants[] = array(
        'realm' => $realm,
        'gid' => $gid,
        'grant_view' => (bool) $checked,
        'grant_update' => (bool) $access['update'][$rid],
        'grant_delete' => (bool) $access['delete'][$rid],
      );

      db_query("INSERT INTO {workflow_access} (sid, rid, grant_view, grant_update, grant_delete) VALUES (%d, %d, %d, %d, %d)", $sid, $rid, (bool) $checked, (bool) $access['update'][$rid], (bool) $access['delete'][$rid]);
    }

    // mass update
    $result = db_query("SELECT n.nid FROM {node} n LEFT JOIN {workflow_node} wn ON wn.nid = n.nid WHERE wn.sid = %d", $sid);
    while ($node = db_fetch_object($result)) {
      na_arbitrator_acquire_grants(node_load($node->nid), $grants, 'workflow_access');
    }
  }
}

/**
 * be sure to update grants when a node changes workflow; we had at one
 * point set that to call node_save, but that turned out to be the
 * wrong behavior.
 */
function workflow_access_workflow($op, $old_sid, $sid, $node) {
  if ($op == 'transition post' && $old_sid != $sid) {
    na_arbitrator_acquire_grants($node);
  }
}
1	<?php
2	// $Id: workflow_access.module,v 1.6 2006/09/09 17:30:12 merlinofchaos Exp $
3
4	/**
5	* @file workflow_access.module
6	*
7	* This module is a demo of the na_arbitrator module, to create access permissions
8	* that exist only for workflows.
9	*
10	*/
11
12	/**
13	* Implementation of hook_help
14	*/
15	function workflow_access_help($section) {
16	switch($section) {
17	case 'admin/modules#description':
18	return t('workflow access allows role-based access permissions to workflows.');
19	}
20	}
21
22	/**
23	* This function supplies the workflow access grants. workflow_access simply uses
24	* roles as ACLs, so rids translate directly to gids.
25	*/
26	function workflow_access_node_grants($user, $op) {
27	$grants['workflow_access'] = array_keys($user->roles);
28	$grants['workflow_access_owner'] = array($user->uid);
29	return $grants;
30	}
31
32	/**
33	* Implementation of hook_node_access_grants
34	*
35	* Returns a list of grant records for the passed in node object.
36	*/
37	function workflow_access_node_access_grants($node) {
38	$sid = db_result(db_query("SELECT sid FROM {workflow_node} WHERE nid = %d", $node->nid));
39	if (is_numeric($sid)) {
40	$result = db_query('SELECT * FROM {workflow_access} WHERE sid = %d', $sid);
41	while ($grant = db_fetch_object($result)) {
42	if ($grant->rid == -1) {
43	$realm = 'workflow_access_owner';
44	$gid = $node->uid;
45	}
46	else {
47	$realm = 'workflow_access';
48	$gid = $grant->rid;
49	}
50	$realm = $grant->rid != -1 ? 'workflow_access' : 'workflow_access_owner';
51	$gid =
52	$grants[] = array('realm' => $realm, 'gid' => $gid, 'grant_view' => $grant->grant_view, 'grant_update' => $grant->grant_update, 'grant_delete' => $grant->grant_delete);
53	}
54	}
55	return $grants;
56	}
57
58	/**
59	* Implementation of hook_form_alter()
60	*
61	* Remove inaccessible workflows from the node form.
62	*/
63	function workflow_access_form_alter($form_id, &$form) {
64	if ($form_id == 'workflow_edit') {
65	workflow_access_workflow_form($form_id, $form);
66	}
67
68	// hunmonk's module dependency check: see http://drupal.org/node/54463
69	if ($form_id == 'system_modules' && !$_POST) {
70	workflow_access_system_module_validate($form);
71	}
72	}
73
74	/**
75	* hunmonk's module dependency check: see http://drupal.org/node/54463
76	*/
77	function workflow_access_system_module_validate(&$form) {
78	$module = 'workflow_access';
79	$dependencies = array('na_arbitrator', 'workflow');
80	foreach ($dependencies as $dependency) {
81	if (!in_array($dependency, $form['status']['#default_value'])) {
82	$missing_dependency = TRUE;
83	$missing_dependency_list[] = $dependency;
84	}
85	}
86	if (in_array($module, $form['status']['#default_value']) && isset($missing_dependency)) {
87	db_query("UPDATE {system} SET status = 0 WHERE type = 'module' AND name = '%s'", $module);
88	$key = array_search($module, $form['status']['#default_value']);
89	unset($form['status']['#default_value'][$key]);
90	drupal_set_message(t('The module %module was deactivated--it requires the following disabled/non-existent modules to function properly: %dependencies', array('%module' => $module, '%dependencies' => implode(', ', $missing_dependency_list))), 'error');
91	}
92	}
93
94	/**
95	* Add our items to the workflow edit form.
96	*/
97	function workflow_access_workflow_form($form_id, &$form) {
98	$wid = $form['wid']['#value'];
99	$rids = array('-1' => t('author'));
100	$result = db_query("SELECT r.rid, r.name FROM {role} r ORDER BY r.name");
101	while ($obj = db_fetch_object($result)) {
102	$rids[$obj->rid] = $obj->name;
103	}
104
105	$states = workflow_get_states($wid);
106
107	$form['workflow_access'] = array('#type' => 'fieldset',
108	'#title' => t('Access control'),
109	'#collapsible' => TRUE,
110	'#tree' => TRUE,
111	);
112
113	foreach ($states as $sid => $state) {
114	$view = $update = $delete = array();
115
116	$result = db_query("SELECT * from {workflow_access} where sid=%d", $sid);
117	if (db_num_rows($result) == 0) {
118	$view = array(1, 2);
119	}
120
121	while ($fa = db_fetch_object($result)) {
122	if ($fa->grant_view) {
123	$view[] = $fa->rid;
124	}
125	if ($fa->grant_update) {
126	$update[] = $fa->rid;
127	}
128	if ($fa->grant_delete) {
129	$delete[] = $fa->rid;
130	}
131	}
132
133	$form['workflow_access'][$sid] = array('#type' => 'fieldset',
134	'#title' => $state,
135	'#collapsible' => TRUE,
136	'#tree' => TRUE,
137	);
138
139	$form['workflow_access'][$sid]['view'] = array('#type' => 'checkboxes',
140	'#options' => $rids,
141	'#default_value' => $view,
142	'#title' => t('Roles who can view posts in this state'),
143	'#prefix' => "<table width=100% border=0><tr><td>",
144	);
145
146	$form['workflow_access'][$sid]['update'] = array('#type' => 'checkboxes',
147	'#options' => $rids,
148	'#default_value' => $update,
149	'#title' => t('Roles who can edit posts in this state'),
150	'#prefix' => "</td><td>",
151	);
152
153	$form['workflow_access'][$sid]['delete'] = array('#type' => 'checkboxes',
154	'#options' => $rids,
155	'#default_value' => $delete,
156	'#title' => t('Roles who can delete posts in this state'),
157	'#prefix' => "</td><td>",
158	'#suffix' => "</td></tr></table>",
159	);
160	}
161	// Move some stuff down so our block goes in a nice place.
162	$form['submit']['#weight'] = 10;
163
164	$form['#submit']['workflow_access_form_submit'] = current($form['#submit']);
165	$form['#submit']['workflow_access_form_submit'][0] = 'workflow_access_form_submit';
166	}
167
168	function workflow_access_form_submit($form_id, $form_values) {
169	foreach($form_values['workflow_access'] as $sid => $access) {
170	if (!is_numeric($sid)) {
171	continue; // ignore keys that ain't us.
172	}
173	$grants = array();
174
175	db_query("DELETE FROM {workflow_access} WHERE sid = %d", $sid);
176	foreach($access['view'] as $rid => $checked) {
177	if ($rid == -1) {
178	$realm = 'workflow_access_owner';
179	$gid = $node->uid;
180	}
181	else {
182	$realm = 'workflow_access';
183	$gid = $rid;
184	}
185	$grants[] = array(
186	'realm' => $realm,
187	'gid' => $gid,
188	'grant_view' => (bool) $checked,
189	'grant_update' => (bool) $access['update'][$rid],
190	'grant_delete' => (bool) $access['delete'][$rid],
191	);
192
193	db_query("INSERT INTO {workflow_access} (sid, rid, grant_view, grant_update, grant_delete) VALUES (%d, %d, %d, %d, %d)", $sid, $rid, (bool) $checked, (bool) $access['update'][$rid], (bool) $access['delete'][$rid]);
194	}
195
196	// mass update
197	$result = db_query("SELECT n.nid FROM {node} n LEFT JOIN {workflow_node} wn ON wn.nid = n.nid WHERE wn.sid = %d", $sid);
198	while ($node = db_fetch_object($result)) {
199	na_arbitrator_acquire_grants(node_load($node->nid), $grants, 'workflow_access');
200	}
201	}
202	}
203
204	/**
205	* be sure to update grants when a node changes workflow; we had at one
206	* point set that to call node_save, but that turned out to be the
207	* wrong behavior.
208	*/
209	function workflow_access_workflow($op, $old_sid, $sid, $node) {
210	if ($op == 'transition post' && $old_sid != $sid) {
211	na_arbitrator_acquire_grants($node);
212	}
213	}