| 1 |
<?php
|
| 2 |
// $Id: node_access_control.module,v 1.1 2008/06/06 11:14:49 rmuilwijk Exp $
|
| 3 |
|
| 4 |
/**
|
| 5 |
* @file
|
| 6 |
* Enables the node based access control
|
| 7 |
*
|
| 8 |
* This module was developed by Madcap, open.madcap.nl
|
| 9 |
*
|
| 10 |
* @author Raymond Muilwijk <r.muilwijk@madcap.nl>
|
| 11 |
*/
|
| 12 |
|
| 13 |
require_once('node_access_control_interface.inc');
|
| 14 |
require_once('node_access_control_helpers.inc');
|
| 15 |
|
| 16 |
/**
|
| 17 |
* Implementation of hook_enable().
|
| 18 |
* @see hook_enable()
|
| 19 |
*/
|
| 20 |
function node_access_control_enable() {
|
| 21 |
node_access_rebuild();
|
| 22 |
}
|
| 23 |
|
| 24 |
/**
|
| 25 |
* Implementation of hook_disable().
|
| 26 |
* @see hook_disable()
|
| 27 |
*/
|
| 28 |
function node_access_control_disable() {
|
| 29 |
node_access_rebuild();
|
| 30 |
}
|
| 31 |
|
| 32 |
/**
|
| 33 |
* Implementation of hook_perm().
|
| 34 |
* @see hook_perm()
|
| 35 |
*
|
| 36 |
* @return array
|
| 37 |
*/
|
| 38 |
function node_access_control_perm() {
|
| 39 |
return array_merge(array('administer node access'), node_access_control_get_permissions());
|
| 40 |
}
|
| 41 |
|
| 42 |
/**
|
| 43 |
* Implementation of hook_node_grants().
|
| 44 |
* @see hook_node_grants()
|
| 45 |
*
|
| 46 |
* @param object $account
|
| 47 |
* @param string $op
|
| 48 |
*/
|
| 49 |
function node_access_control_node_grants($account, $op) {
|
| 50 |
$grants = array();
|
| 51 |
|
| 52 |
$grants['node_access_control'] = array_keys($account->roles);
|
| 53 |
|
| 54 |
return $grants;
|
| 55 |
}
|
| 56 |
|
| 57 |
/**
|
| 58 |
* Implementation of hook_node_access_records().
|
| 59 |
* @see hook_node_access_records()
|
| 60 |
*
|
| 61 |
* @param object $node
|
| 62 |
*/
|
| 63 |
function node_access_control_node_access_records($node) {
|
| 64 |
$grants = array();
|
| 65 |
if (node_access_control_valid_type($node->type)) {
|
| 66 |
node_access_control_load_node($node);
|
| 67 |
|
| 68 |
if (node_access_control_isset($node)) {
|
| 69 |
foreach (node_access_control_get_all_roles() as $rid => $total_permissions) {
|
| 70 |
$grants[] = array(
|
| 71 |
'realm' => 'node_access_control',
|
| 72 |
'gid' => $rid,
|
| 73 |
'grant_view' => node_access_control_has_perm($total_permissions, 'view', $node),
|
| 74 |
'grant_update' => node_access_control_has_perm($total_permissions, 'update', $node),
|
| 75 |
'grant_delete' => node_access_control_has_perm($total_permissions, 'delete', $node),
|
| 76 |
'priority' => 0,
|
| 77 |
);
|
| 78 |
}
|
| 79 |
}
|
| 80 |
}
|
| 81 |
|
| 82 |
return $grants;
|
| 83 |
}
|
| 84 |
|
| 85 |
/**
|
| 86 |
* Implementation of hook_nodeapi().
|
| 87 |
* @see hook_nodeapi()
|
| 88 |
*
|
| 89 |
* @param object $node
|
| 90 |
* @param string $op
|
| 91 |
* @param mixed $a3
|
| 92 |
* @param mixed $a4
|
| 93 |
*/
|
| 94 |
function node_access_control_nodeapi(&$node, $op, $a3 = NULL, $a4 = NULL) {
|
| 95 |
switch ($op) {
|
| 96 |
case 'update':
|
| 97 |
if (is_array($node->node_access_control)) {
|
| 98 |
db_query("DELETE FROM {node_access_control} WHERE nid=%d AND vid=%d", $node->nid, $node->vid);
|
| 99 |
}
|
| 100 |
case 'insert':
|
| 101 |
if (node_access_control_isset($node)) {
|
| 102 |
$nac_view = node_access_control_get_perm($node, 'view');
|
| 103 |
$nac_update = node_access_control_get_perm($node, 'update');
|
| 104 |
$nac_delete = node_access_control_get_perm($node, 'delete');
|
| 105 |
|
| 106 |
db_query(
|
| 107 |
"INSERT INTO {node_access_control}
|
| 108 |
(nid, vid, perm_view, perm_update, perm_delete)
|
| 109 |
VALUES(%d, %d, '%s', '%s', '%s')",
|
| 110 |
$node->nid, $node->vid, $nac_view, $nac_update, $nac_delete
|
| 111 |
);
|
| 112 |
}
|
| 113 |
break;
|
| 114 |
case 'delete':
|
| 115 |
db_query("DELETE FROM {node_access_control} WHERE nid=%d", $node->nid);
|
| 116 |
break;
|
| 117 |
case 'delete revision':
|
| 118 |
db_query("DELETE FROM {node_access_control} WHERE nid=%d AND vid=%d", $node->nid, $node->vid);
|
| 119 |
break;
|
| 120 |
}
|
| 121 |
}
|
| 122 |
|
| 123 |
/**
|
| 124 |
* Submit function before submitting the permissions in admin/user/access
|
| 125 |
*
|
| 126 |
* @param string $form_id
|
| 127 |
* @param array $form
|
| 128 |
*/
|
| 129 |
function node_access_control_permission_set_role_cache_submit($form_id, &$form) {
|
| 130 |
// We need the cached roles before drupal adds the new permissions so we can check the differences.
|
| 131 |
node_access_control_get_all_roles();
|
| 132 |
}
|
| 133 |
|
| 134 |
/**
|
| 135 |
* Submit function for after submitting the permissions in admin/user/access
|
| 136 |
*
|
| 137 |
* @param string $form_id
|
| 138 |
* @param array $form
|
| 139 |
*/
|
| 140 |
function node_access_control_permission_rebuild_access_submit($form_id, &$form) {
|
| 141 |
//$changed_perms = node_access_control_permission_submit_save();
|
| 142 |
$changed_perms = array();
|
| 143 |
$nac_perms = node_access_control_get_permissions();
|
| 144 |
|
| 145 |
// Get the permissions that have been changed
|
| 146 |
foreach ($form as $form_key => $form_data) {
|
| 147 |
// When the form key is numeric it is the same id as the role_id.
|
| 148 |
// The options are already validated by FAPI so I can use the $form_key as role id
|
| 149 |
if (is_numeric($form_key)) {
|
| 150 |
$saved = explode(', ', $roles[$form_key]);
|
| 151 |
|
| 152 |
foreach ($nac_perms as $perm) {
|
| 153 |
if (in_array($perm, $saved) && $form_data[$perm] == '0') {
|
| 154 |
$changed_perms[] = $perm;
|
| 155 |
}
|
| 156 |
else if (!in_array($perm, $saved) && $form_data[$perm] != '0') {
|
| 157 |
$changed_perms[] = $perm;
|
| 158 |
}
|
| 159 |
}
|
| 160 |
}
|
| 161 |
}
|
| 162 |
|
| 163 |
if (count($changed_perms) > 0) {
|
| 164 |
$placeholders = array_fill(0, count($changed_perms), "'%s'");
|
| 165 |
$args = array_merge($changed_perms, $changed_perms, $changed_perms);
|
| 166 |
|
| 167 |
$rs = db_query(
|
| 168 |
"SELECT DISTINCT nid
|
| 169 |
FROM {node_access_control}
|
| 170 |
WHERE perm_view IN(" . implode(',', $placeholders) . ")
|
| 171 |
OR perm_update IN(" . implode(',', $placeholders) . ")
|
| 172 |
OR perm_delete IN(" . implode(',', $placeholders) . ")",
|
| 173 |
$args
|
| 174 |
);
|
| 175 |
|
| 176 |
// We reset our roles cache so the roles now actualy have the new permissions
|
| 177 |
node_access_control_get_all_roles(TRUE);
|
| 178 |
|
| 179 |
while ($row = db_fetch_array($rs)) {
|
| 180 |
$node = node_load($row['nid']);
|
| 181 |
|
| 182 |
// Update the node access table for this node.
|
| 183 |
if ($node) {
|
| 184 |
node_access_acquire_grants($node);
|
| 185 |
}
|
| 186 |
}
|
| 187 |
}
|
| 188 |
}
|
Parent Directory
| 
Revision Log
| 
Revision Graph