| 1 |
<?php
|
| 2 |
/* $Id$
|
| 3 |
*
|
| 4 |
* Drupal Module: Path Access
|
| 5 |
* Restrict access to any drupal path on a per user role basis
|
| 6 |
*
|
| 7 |
* @author: Mike Carter <mike@ixis.co.uk>
|
| 8 |
* @author: CSÉCSY László <boobaa.no@spam.kybest.hu>
|
| 9 |
* @usage: ?q=admin/user/pathaccess to configure path restrictions per role.
|
| 10 |
*/
|
| 11 |
|
| 12 |
/**
|
| 13 |
* Implementation of hook_help().
|
| 14 |
*/
|
| 15 |
function path_access_help($path, $arg) {
|
| 16 |
switch ($path) {
|
| 17 |
case 'admin/user/pathaccess':
|
| 18 |
return t('Each user role can be granted or denied access to any url paths. This is a crude but straight forward way to restrict groups of nodes/pages to certain users using only the paths associated with the pages. Page access is not limited to node pages only, anything can be controlled using paths.');
|
| 19 |
}
|
| 20 |
}
|
| 21 |
|
| 22 |
/**
|
| 23 |
* Implementation of hook_init().
|
| 24 |
*/
|
| 25 |
function path_access_init() {
|
| 26 |
global $user;
|
| 27 |
|
| 28 |
drupal_bootstrap(DRUPAL_BOOTSTRAP_PATH);
|
| 29 |
|
| 30 |
// User #1 has all privileges:
|
| 31 |
if ($user->uid == 1) {
|
| 32 |
return 1;
|
| 33 |
}
|
| 34 |
// This one does not work in D6 without the role_weights module, so the user's last role_id will be taken into account.
|
| 35 |
// $role = module_exists('role_weights') ? module_invoke('role_weights', 'get_highest', $user->roles) : array('name' => $user->roles);
|
| 36 |
foreach($user->roles as $k => $v) {
|
| 37 |
$role = $k;
|
| 38 |
}
|
| 39 |
|
| 40 |
$result = db_query('SELECT pages, visibility FROM {path_access} WHERE rid = %d', $role);
|
| 41 |
|
| 42 |
$visibility = 1;
|
| 43 |
$pages = '';
|
| 44 |
while($role = db_fetch_object($result)) {
|
| 45 |
$pages .= $role->pages . "\n";
|
| 46 |
$visibility = $role->visibility AND $visibility;
|
| 47 |
}
|
| 48 |
$visibility = $visibility > 0 ? true : false;
|
| 49 |
|
| 50 |
// Match path if necessary.
|
| 51 |
if ($pages) {
|
| 52 |
// The current page.
|
| 53 |
$path = drupal_get_path_alias(check_plain($_GET['q']));
|
| 54 |
|
| 55 |
$regexp = '/^('. preg_replace(array('/(\r\n?|\n)/', '/\\\\\*/', '/(^|\|)\\\\<front\\\\>($|\|)/'), array('|', '.*', '\1'. variable_get('site_frontpage', 'node') .'\2'), preg_quote($pages, '/')) .')$/';
|
| 56 |
$page_match = ($visibility xor preg_match($regexp, $path));
|
| 57 |
}
|
| 58 |
else {
|
| 59 |
$page_match = FALSE;
|
| 60 |
}
|
| 61 |
|
| 62 |
// Check that the current page is not a protected page before blocking user.
|
| 63 |
if($page_match && !path_access_protected_pages($path)) {
|
| 64 |
drupal_access_denied();
|
| 65 |
exit;
|
| 66 |
}
|
| 67 |
}
|
| 68 |
|
| 69 |
/**
|
| 70 |
* Implementation of hook_menu().
|
| 71 |
*/
|
| 72 |
function path_access_menu() {
|
| 73 |
$items = array();
|
| 74 |
$items['admin/user/pathaccess/edit'] = array(
|
| 75 |
'title' => t('configure role paths'),
|
| 76 |
'page callback' => 'path_access_admin_role_configure',
|
| 77 |
'access arguments' => array('administer url aliases'),
|
| 78 |
'type' => MENU_CALLBACK,
|
| 79 |
);
|
| 80 |
$items['admin/user/pathaccess'] = array(
|
| 81 |
'title' => t('Path Access'),
|
| 82 |
'description' => t('Define what paths a user role can access.'),
|
| 83 |
'page callback' => 'path_access_admin_roles',
|
| 84 |
'access arguments' => array('administer url aliases'),
|
| 85 |
'type' => MENU_NORMAL_ITEM,
|
| 86 |
);
|
| 87 |
return $items;
|
| 88 |
}
|
| 89 |
|
| 90 |
/**
|
| 91 |
* Menu callback; displays the block configuration form.
|
| 92 |
*/
|
| 93 |
function path_access_admin_roles() {
|
| 94 |
// Render the role overview.
|
| 95 |
$result = db_query('SELECT * FROM {role} ORDER BY name');
|
| 96 |
|
| 97 |
$header = array(t('User Role'), t('Operations'));
|
| 98 |
while ($role = db_fetch_object($result)) {
|
| 99 |
$rows[] = array($role->name, l(t('edit'), 'admin/user/pathaccess/edit/'. $role->rid));
|
| 100 |
}
|
| 101 |
$output = theme('table', $header, $rows);
|
| 102 |
return $output;
|
| 103 |
}
|
| 104 |
|
| 105 |
/**
|
| 106 |
* Menu callback; displays the configuration form.
|
| 107 |
*/
|
| 108 |
function path_access_admin_role_configure() {
|
| 109 |
$roleid = (integer)arg(4);
|
| 110 |
|
| 111 |
$settings = db_fetch_array(db_query('SELECT * FROM {path_access} pa INNER JOIN {role} r ON pa.rid = r.rid WHERE pa.rid = %d', $roleid));
|
| 112 |
|
| 113 |
// Obtain role name for the page if there is no existing path settings for this role id.
|
| 114 |
if(!$settings) {
|
| 115 |
$rolename = db_result(db_query('SELECT name FROM {role} WHERE rid = %d', $roleid));
|
| 116 |
db_query("INSERT INTO {path_access} (rid, pages, visibility) VALUES (%d, '', '')", $roleid);
|
| 117 |
} else {
|
| 118 |
$rolename = $settings['name'];
|
| 119 |
}
|
| 120 |
|
| 121 |
drupal_set_title(t("Path access for '%role' role", array('%role' => $rolename)));
|
| 122 |
|
| 123 |
return drupal_get_form('path_access_admin_configure_form', $settings);
|
| 124 |
}
|
| 125 |
|
| 126 |
/**
|
| 127 |
* Define role access form.
|
| 128 |
*/
|
| 129 |
function path_access_admin_configure_form(&$form_state, $edit) {
|
| 130 |
$form['page_vis_settings'] = array(
|
| 131 |
'#type' => 'fieldset',
|
| 132 |
'#title' => t('Page specific visibility settings'),
|
| 133 |
'#collapsible' => FALSE,
|
| 134 |
);
|
| 135 |
$form['page_vis_settings']['visibility'] = array(
|
| 136 |
'#type' => 'radios',
|
| 137 |
'#title' => t('Allow users to view specific pages'),
|
| 138 |
'#options' => array(t('Access every page except the listed pages.'), t('Access only the listed pages.')),
|
| 139 |
'#default_value' => $edit['visibility'],
|
| 140 |
);
|
| 141 |
$form['page_vis_settings']['pages'] = array(
|
| 142 |
'#type' => 'textarea',
|
| 143 |
'#title' => t('Pages'),
|
| 144 |
'#default_value' => $edit['pages'],
|
| 145 |
'#description' => t("Enter one page per line as a path. The '*' character is a wildcard. Example paths are '<em>blog</em>' for the blog page and '<em>blog/*</em>' for every personal blog. '<em><front></em>' is the front page."),
|
| 146 |
);
|
| 147 |
$form['submit'] = array(
|
| 148 |
'#type' => 'submit',
|
| 149 |
'#value' => t('Save path access'),
|
| 150 |
);
|
| 151 |
$form['rid'] = array('#type' => 'value', '#value' => $edit['rid']);
|
| 152 |
|
| 153 |
return $form;
|
| 154 |
}
|
| 155 |
|
| 156 |
function path_access_admin_configure_form_validate($form_id, &$form_state) {
|
| 157 |
// Prevent the logout page from being listed.
|
| 158 |
$pages = explode("\n", $form_state['values']['pages']);
|
| 159 |
|
| 160 |
if(in_array('logout', $pages)) {
|
| 161 |
form_set_error('pages', t('You cannot block access to the %logout page.', array('%logout' => 'logout')));
|
| 162 |
}
|
| 163 |
}
|
| 164 |
|
| 165 |
/**
|
| 166 |
* Process role access form submission
|
| 167 |
*/
|
| 168 |
function path_access_admin_configure_form_submit($form_id, &$form_state) {
|
| 169 |
db_query("UPDATE {path_access} SET visibility = %d, pages = '%s' WHERE rid = %d", $form_state['values']['visibility'], $form_state['values']['pages'], $form_state['values']['rid']);
|
| 170 |
|
| 171 |
drupal_set_message(t('The path access configuration has been saved.'));
|
| 172 |
$form_state['redirect'] = 'admin/user/pathaccess';
|
| 173 |
}
|
| 174 |
|
| 175 |
/*
|
| 176 |
* Protected Pages can never be restricted using path_access.
|
| 177 |
*/
|
| 178 |
function path_access_protected_pages($page) {
|
| 179 |
$pages = array('logout');
|
| 180 |
return in_array($page, $pages);
|
| 181 |
}
|
| 182 |
|
| 183 |
// vim: set ft=php syntax=php expandtab ts=2 sw=2 autoindent smartindent:
|
Parent Directory
| 
Revision Log
| 
Revision Graph