/[drupal]/contributions/modules/tablemanager/tablemanager.module

Diff of /contributions/modules/tablemanager/tablemanager.module

Parent Directory | Revision Log | View Revision Graph Revision Graph | View Patch Patch

-revision 1.88.2.8,
Tue Apr 15 21:01:02 2008 UTC
+revision 1.88.2.9,
Sat Aug 22 19:13:08 2009 UTC
 Line 1
  <?php
- // $Id$
+ // $Id: tablemanager.module,v 1.88.2.8 2008/04/15 21:01:02 pobster Exp $
  /**
   * @file
 Line 87 
 function tablemanager_filter_tips($delta
  } // tablemanager_filter_tips
  /**
+  * Implementation of hook_form().
+  */
+ function tablemanager_form(&$node, &$param) {
+   // Stupid hack as Drupal doesn't really allow much overriding of the "node/add" form
+   // Panels_node does this too but it won't be present (hopefully) on future versions
+   switch ($node->type) {
+     case 'table':
+       drupal_goto('node/add/table/new');
+       break;
+     case 'tablemanager':
+       drupal_goto('node/add/tablemanager/types');
+       break;
+   }
+ } // tablemanager_form
+ /**
   * Implementation of hook_help().
   */
  function tablemanager_help($path, $arg) {
    switch ($path) {
-     case 'node/add/tablemanager': // Shown when you click through 'table entry' on the create content screen
+     case 'node/add/tablemanager/types': // Shown when you click through 'table entry' on the create content screen
        return t('Choose from the following available tables:');
      case 'node/add/tablemanager/%': // Shown when you add a new row
        return t("<p>!desc</p>Add a new entry to table %table. Fill in your data and click submit.",
-Line 107 
 function tablemanager_help($path, $arg)
+Line 123 
 function tablemanager_help($path, $arg)
   * Implementation of hook_menu().
   */
  function tablemanager_menu() {
-   $items = array();
    // main configuration page of the basic tablemanager module
    $items['admin/settings/tablemanager'] = array(
      'title' => 'Tablemanager Settings',
-Line 161 
 function tablemanager_menu() {
+Line 176 
 function tablemanager_menu() {
      'type' => MENU_CALLBACK,
    );
    // Row delete + edit links
-   $items['tablemanager/edit/%tablemanager_row'] = array(
-     'file' => 'includes/rows.inc',
-     'page callback' => 'drupal_get_form',
-     'page arguments' => array('tablemanager_manage_row', 'edit', 2),
-     'access callback' => '_tablemanager_manage_row_access',
-     'access arguments' => array(2),
-     'type' => MENU_CALLBACK,
-   );
    $items['tablemanager/%tablemanager_function'] = array(
      'file' => 'includes/rows.inc',
-     'page callback' => 'drupal_get_form',
+     'page callback' => 'tablemanager_row_function',
-     'page arguments' => array('tablemanager_row_delete', 1),
+     'page arguments' => array(1),
      'load arguments' => array('%map', '%index'),
      'access callback' => '_tablemanager_manage_row_access',
      'access arguments' => array(1),
      'type' => MENU_CALLBACK,
    );
-   return $items;
+   // Node pickups
- } // tablemanager_menu
+   $items['node/add/table/new'] = array(
+     'file' => 'includes/tables.inc',
- /**
-  * Implementation of hook_menu_alter().
-  */
- function tablemanager_menu_alter(&$callbacks) {
-   // Overwrite the default callbacks for node/add page
-   $callbacks['node/add/table'] = array(
      'title' => 'Table',
      'description' => 'Create a new table.',
-     'title callback' => 'check_plain',
      'page callback' => 'drupal_get_form',
      'page arguments' => array('tablemanager_table_add'),
      'access callback' => '_tablemanager_table_add_access',
-     'module' => 'tablemanager',
+     'type' => MENU_CALLBACK,
-     'file' => 'includes/tables.inc',
+   );
+   $items['node/add/tablemanager/types'] = array(
+     'title' => 'Table entry',
+     'page callback' => 'tablemanager_nodeadd',
+     'access callback' => '_tablemanager_table_add_content_access',
+     'type' => MENU_CALLBACK,
+   );
+   $items['node/add/tablemanager/%tablemanager_table'] = array(
+     'file' => 'includes/rows.inc',
+     'page callback' => 'drupal_get_form',
+     'page arguments' => array('tablemanager_manage_row', 'add', 3),
+     'access callback' => '_tablemanager_table_add_content_access',
+     'access arguments' => array(3),
+     'type' => MENU_CALLBACK,
    );
-   $callbacks['node/add/tablemanager']['page callback'] = 'drupal_get_form';
-   $callbacks['node/add/tablemanager']['page arguments'] = array('tablemanager_nodeadd_form');
+   return $items;
-   $callbacks['node/add/tablemanager']['access callback'] = '_tablemanager_table_add_access';
+ } // tablemanager_menu
-   $callbacks['node/add/tablemanager']['module'] = 'tablemanager';
-   unset($callbacks['node/add/tablemanager']['file']);
+ /**
-   $callbacks['node/add/tablemanager/%tablemanager_table']['page callback'] = 'drupal_get_form';
+  * Menu Loader functions:
-   $callbacks['node/add/tablemanager/%tablemanager_table']['page arguments'] = array('tablemanager_manage_row', 'add', 3);
+  */
-   $callbacks['node/add/tablemanager/%tablemanager_table']['access callback'] = '_tablemanager_table_add_access';
-   $callbacks['node/add/tablemanager/%tablemanager_table']['module'] = 'tablemanager';
+ /**
-   $callbacks['node/add/tablemanager/%tablemanager_table']['file'] = 'includes/rows.inc';
+  * Ensures the table-xxx parameter passed through node/add/tablemanager + admin/content/tablemanager/table_delete/xxx is valid.
- } // tablemanager_menu_alter
+  */
+ function tablemanager_table_load($string) {
+   if (!(preg_match('/^table-(\d+)$/i', $string, $match))) {
+     return FALSE;
+   }
+   if (tablemanager_table_exists($match[1])) {
+     return $match[1];
+   }
+   return FALSE;
+ } // tablemanager_table_load
+ /**
+  * Row functions.
+  */
+ function tablemanager_function_load($op, $rows, $index) {
+   // 'rows' can never be empty
+   if (empty($rows)) {
+     return FALSE;
+   }
+   // remove 'tablemanager/(delete|edit)'
+   $rows = array_slice($rows, $index + 1);
+   $tid = NULL;
+   switch ($op) {
+     case 'delete':
+     case 'edit':
+       foreach ($rows as $row) {
+         // check all rows are numeric
+         if (!is_numeric($row)) {
+           return FALSE;
+         }
+         // check all rows exist and have same parent table
+         $fetch = db_result(db_query('SELECT tid FROM {tablemanager_data} WHERE id = %d', $row));
+         if (!$fetch) {
+           return FALSE;
+         }
+         // this sets the parent table in $tid on the first pass-through
+         if (!$tid) {
+           $tid = $fetch;
+           continue;
+         }
+         // this is the test to ensure all row ids come from the same parent table
+         if ($tid != $fetch) {
+           return FALSE;
+         }
+       }
+       // if tests pass, return something useful
+       return array('op' => $op, 'tid' => $tid, 'tableuid' => db_result(db_query("SELECT uid FROM {tablemanager} WHERE tid = %d", $tid)), 'rows' => $rows);
+   }
+   return FALSE;
+ } // tablemanager_function_load
  /**
   * Implementation of hook_node_info().
   */
  function tablemanager_node_info() {
-   $tables = tablemanager_nodeadd();
+   if (($tables = tablemanager_nodeadd())) {
-   if ($tables) $description .= t('<dd>Choose from the following available tables: !tables', array('!tables' => tablemanager_nodeadd()));
+     $description = t('<dd>Choose from the following available tables: !tables', array('!tables' => $tables));
-   return array('table' => array('name' => t('table'), 'module' => 'tablemanager', 'description' => t('Create a new table.')),
+   }
-     'tablemanager' => array('name' => t('table entry'), 'module' => 'tablemanager', 'description' => $description)
+   return array(
+     'table' => array(
+       'name' => t('table'),
+       'module' => 'tablemanager',
+       'description' => t('Create a new table.'),
+     ),
+     'tablemanager' => array(
+       'name' => t('table entry'),
+       'module' => 'tablemanager',
+       'description' => $description,
+     ),
    );
  } // tablemanager_node_info
-Line 225 
 function tablemanager_node_info() {
+Line 297 
 function tablemanager_node_info() {
  function tablemanager_perm() {
    $perms = array('administer tables', 'list tables', 'administer/ create own tables');
    foreach (tablemanager_tables() as $table) {
-     $perms[] = t('create @table content', array('@table' => $table['name']));
+     $perms[] = sprintf('create %s content', check_plain($table['name']));
-     $perms[] = t('edit any @table content', array('@table' => $table['name']));
+     $perms[] = sprintf('edit any %s content', check_plain($table['name']));
-     $perms[] = t('edit own @table content', array('@table' => $table['name']));
+     $perms[] = sprintf('edit own %s content', check_plain($table['name']));
    }
    return $perms;
  } // tablemanager_perm
-Line 252 
 function tablemanager_theme() {
+Line 324 
 function tablemanager_theme() {
   * Row add/ delete/ edit form access.
   */
  function _tablemanager_manage_row_access($info) {
- // broken, but broken with a reason...  I need to alter this to cope with multiple selections with both delete AND edit
    global $user;
-   unset($flag);
+   $name = tablemanager_fetch_name($info['tid']);
-   $flag = $user->uid == $info->uid && user_access("edit own $info->name content") ? TRUE : $flag;
+   // Test for table/ admin access
-   $flag = user_access('administer tables') || user_access("edit any $info->name content") ? TRUE : $flag;
+   if (user_access('administer tables') || ($user->uid == $info['tableuid'] && user_access('administer/ create own tables')) || user_access("edit any $name content")) {
-   $flag = $user->uid == $info->tableuid && user_access('administer/ create own tables') ? TRUE : $flag;
+     return TRUE;
-   return $flag ? TRUE : FALSE;
+   }
+   // Start with testing access for each specified row
+   foreach ($info['rows'] as $row) {
+     if (db_result(db_query("SELECT tid FROM {tablemanager_data} WHERE id = %d && uid = %d", $row, $user->uid)) && user_access("edit own $name content")) {
+       $flag = TRUE;
+     }
+     // else is provided here in case of multiple rows being given and each needs to be checked for access
+     else {
+       $flag = FALSE;
+     }
+   }
+   return $flag;
  } // _tablemanager_manage_row_access
  /**
   * Table add form access.
   */
  function _tablemanager_table_add_access() {
-   return user_access('administer tables') || user_access('administer/ create own tables') ? TRUE : FALSE;
+   if (user_access('administer tables') || user_access('administer/ create own tables')) {
- } // _tablemanager_table_add_access
+     return TRUE;
- /**
-  * Table add form access.
-  */
- function _tablemanager_table_manage_access() {
-   return user_access("create ". $table['name'] ." content") || user_access('administer tables') || user_access('administer/ create own tables') && $user->uid == $table['uid'] ? TRUE : FALSE;
- } // _tablemanager_table_manage_access
- /**
-  * Menu load arguments:
-  */
- /**
-  * Row functions.
-  */
- function tablemanager_function_load($op, $rows, $index) {
-   // remove 'tablemanager/(delete|edit)'
-   $rows = array_slice($rows, $index + 1);
-   unset($tid);
-   switch ($op) {
-     case 'delete':
-     case 'edit':
-       // 'rows' can't be empty
-       if (empty($rows)) return FALSE;
-       foreach ($rows as $row) {
-         // check all rows are numeric
-         if (!is_numeric($row)) {
-           return FALSE;
-         }
-         // check all rows exist and have same parent table
-         $fetch = db_result(db_query('SELECT tid FROM {tablemanager_data} WHERE id = %d', $row));
-         if (!$fetch) {
-           return FALSE;
-         }
-         if (!$tid) {
-           $tid = $fetch;
-           continue;
-         }
-         if ($tid != $fetch) {
-           return FALSE;
-         }
-       }
-       // if tests pass, return something useful
-       return array('tid' => $tid, 'rows' => $rows);
-       break;
    }
    return FALSE;
- } // tablemanager_function_load
+ } // _tablemanager_table_add_access
  /**
-  * Ensures the table-xxx parameter passed through node/add/tablemanager + admin/content/tablemanager/table_delete/xxx is valid.
+  * Table add content access.
   */
- function tablemanager_table_load($string) {
+ function _tablemanager_table_add_content_access($tid = NULL) {
-   $check = preg_match('/^table-(\d+)/i', $string, $match);
+   if (user_access('administer tables') || user_access('administer/ create own tables')) {
-   if (!$check) {
+     return TRUE;
-     return FALSE;
    }
-   if (tablemanager_table_exists($match[1])) {
+   if ($tid) {
-     return $match[1];
+     if (user_access(sprintf('create %s content', tablemanager_fetch_name($tid)))) {
+       return TRUE;
+     }
    }
+   else {
+     // we're here to test to see if the user has *any* access for any table entries
+     foreach (tablemanager_tables() as $table) {
+       if (user_access(sprintf('create %s content', check_plain($table['name'])))) {
+         return TRUE;
+       }
+     }
+   }
    return FALSE;
- } // tablemanager_table_load
+ } // _tablemanager_table_add_content_access
  /**
   * Tablemanager functions:
-Line 354 
 function tablemanager_css() {
+Line 404 
 function tablemanager_css() {
  } // tablemanager_css
  /**
-  * Returns description field from specified table.
+  * Returns (unescaped) description field from specified table.
   */
  function tablemanager_desc($tid) {
    $fetch = db_fetch_object(db_query('SELECT description FROM {tablemanager} WHERE tid = %d', $tid));
-Line 390 
 function tablemanager_display_new($tid,
+Line 440 
 function tablemanager_display_new($tid,
    // to-do...
- } //tablemanager_display
+ } // tablemanager_display_new
  /**
   * The main user hook to display a table.
   */
  function tablemanager_display($tid, $list_length = NULL, $links = FALSE, $date = array(), $attrib = array()) {
-   global $user, $pager_page_array, $pager_total_items, $pager_total;
    if (!$tid || !is_numeric($tid)) {
-     return 'Invalid Table ID';
+     return t('Invalid Table ID');
    }
+   global $user, $pager_page_array, $pager_total_items, $pager_total;
    if ($date) {
      $date['end'] = $date['end'] ? $date['end'] : $date['start'];
    }
-Line 417 
 function tablemanager_display($tid, $lis
+Line 467 
 function tablemanager_display($tid, $lis
        $list_length = 1;
      }
    }
-   $fetch = db_query('SELECT tmd.id, tm.uid AS tableuid, tmd.uid, tm.name, tm.description, tm.header, tmd.data FROM {tablemanager} tm LEFT JOIN {tablemanager_data} tmd ON tm.tid = tmd.tid WHERE tm.tid = %d ORDER BY tmd.id', $tid);
+   $fetch = db_query('SELECT tmd.id, tm.uid AS tableuid, tmd.uid, tm.name, tm.description, tm.header, tmd.data
+     FROM {tablemanager} tm
+       LEFT JOIN {tablemanager_data} tmd ON tm.tid = tmd.tid
+     WHERE tm.tid = %d ORDER BY tmd.id',
+     $tid
+   );
    $path = base_path() . drupal_get_path('module', 'tablemanager');
    unset($flag);
    $rows = array();
-Line 436 
 function tablemanager_display($tid, $lis
+Line 491 
 function tablemanager_display($tid, $lis
        if (variable_get('tablemanager_css', 0)) {
          tablemanager_css();
        }
-       $description = variable_get('tablemanager_descriptions', 0) ? $result->description : NULL;
+       $description = variable_get('tablemanager_descriptions', 0) ? check_plain($result->description) : NULL;
        switch (variable_get('tablemanager_names', NULL)) {
          case "table number":
            $name = "Table ". $tid;
            break;
          case "names":
-           $name = $result->name == $tid ? "Table ". $tid : $result->name;
+           $name = $result->name == $tid ? "Table ". $tid : check_plain($result->name);
            break;
          default:
            $name = NULL;
-Line 595 
 function tablemanager_display_rows($para
+Line 650 
 function tablemanager_display_rows($para
  } // tablemanager_display_rows
  /**
-  * Returns the user entered name for a table.
+  * Returns the (escaped) user entered name for a table.
   */
  function tablemanager_fetch_name($tid) {
    $result = db_fetch_object(db_query('SELECT name FROM {tablemanager} WHERE tid = %d', $tid));
-   return $result->name;
+   return check_plain($result->name);
  } // tablemanager_fetch_name
  /**
-Line 744 
 function _tablemanager_process_text($tex
+Line 799 
 function _tablemanager_process_text($tex
  } // _tablemanager_process_text
  /**
-  * Ensures the row parameter passed through tablemanager/xxx is valid.
-  */
- function tablemanager_row_load($id) {
-   if (!is_numeric($id)) {
-     return FALSE;
-   }
-   $fetch = db_fetch_object(db_query('SELECT tm.tid, tm.uid AS tableuid, tm.name, tmd.uid, tm.header, tmd.data, tmd.format
-                                      FROM {tablemanager} tm
-                                        INNER JOIN {tablemanager_data} tmd ON tm.tid = tmd.tid
-                                      WHERE tmd.id = %d', $id));
-   if ($fetch) {
-     return $fetch;
-   }
-   else {
-     return FALSE;
-   }
- } // tablemanager_row_load
- /**
   * Sets to a valid table if current table is deleted.
   */
  function tablemanager_set_tid($dir = 'DESC') {
-Line 804 
 function tablemanager_tables() {
+Line 840 
 function tablemanager_tables() {
    $tables = array();
    $sql = db_query('SELECT * FROM {tablemanager}');
    while ($result = db_fetch_object($sql)) {
-     $tables[$result->tid] = array('tid' => $result->tid, 'uid' => $result->uid, 'name' => $result->name, 'description' => $result->description, 'header' => $result->header);
+     $tables[$result->tid] = array('tid' => $result->tid, 'uid' => $result->uid, 'name' => check_plain($result->name), 'description' => check_plain($result->description), 'header' => $result->header);
    }
    return $tables;
  } // tablemanager_tables

 Legend:



Removed from v.1.88.2.8
 


changed lines


 
Added in v.1.88.2.9
 Legend:



Removed from v.1.88.2.8
 


changed lines


 
Added in v.1.88.2.9
-Removed from v.1.88.2.8
+Added in v.1.88.2.9

	ViewVC Help
Powered by ViewVC 1.1.2