| 1 |
<?php |
<?php |
| 2 |
// $Id: tac_lite.module,v 1.9.2.4 2008/12/09 20:00:28 yogadex Exp $ |
// $Id: tac_lite.module,v 1.9.2.5 2008/12/09 21:39:10 yogadex Exp $ |
| 3 |
/** |
/** |
| 4 |
* @file |
* @file |
| 5 |
* Control access to site content based on taxonomy, roles and users. |
* Control access to site content based on taxonomy, roles and users. |
| 13 |
function tac_lite_help($section) { |
function tac_lite_help($section) { |
| 14 |
switch ($section) { |
switch ($section) { |
| 15 |
case 'admin/help#tac_lite': |
case 'admin/help#tac_lite': |
| 16 |
$output .= '<p>'.t('This module allows you to restrict access to site content. It uses a simple scheme based on Taxonomy, Users and Roles. It uses the node_access table and other features built into Drupal to hide content from unauthorized users.')."</p>\n"; |
$output .= '<p>'.t('This module allows you to restrict access to site content. It uses a simple scheme based on Taxonomy, Users and Roles. It uses the node_access table and other features built into Drupal to hide content from unauthorized users.')."</p>\n"; |
| 17 |
$output .= '<p>'.t('While this module has been designed to be as simple as possible to use, there are several steps required to set it up.')."</p>\n"; |
$output .= '<p>'.t('While this module has been designed to be as simple as possible to use, there are several steps required to set it up.')."</p>\n"; |
| 18 |
$output .= "<ol>\n"; |
$output .= "<ol>\n"; |
| 19 |
$output.= '<li>'.t('Define one or more vocabularies whose terms will control which users have access. For example, you could define a vocabulary called \'Privacy\' with terms \'Public\' and \'Private\'.')."</li>\n"; |
$output.= '<li>'.t('Define one or more vocabularies whose terms will control which users have access. For example, you could define a vocabulary called \'Privacy\' with terms \'Public\' and \'Private\'.')."</li>\n"; |
| 20 |
$output .= '<li>'.t('Tell this module which vocabulary or vocabularies control privacy. (!link)', array('!link' => l(t('administer -> access control -> tac_lite'), 'admin/user/access/tac_lite')))."</li>\n"; |
$output .= '<li>'.t('Tell this module which vocabulary or vocabularies control privacy. (!link)', array('!link' => l(t('administer -> access control -> tac_lite'), 'admin/user/access/tac_lite')))."</li>\n"; |
| 21 |
$output .= '<li>'.t('Grant access to users based on their roles (!link), and/or...', array('!link' => l(t('administer -> access control -> tac_lite -> by role'), 'admin/user/access/tac_lite/roles')))."</li>\n"; |
$output .= '<li>'.t('Grant access to users based on their roles (!link), and/or...', array('!link' => l(t('administer -> access control -> tac_lite -> by role'), 'admin/user/access/tac_lite/roles')))."</li>\n"; |
| 22 |
$output .= '<li>'.t('Grant access to individual users. (See the tac_lite tab under user -> edit.)')."</li>\n"; |
$output .= '<li>'.t('Grant access to individual users. (See the tac_lite tab under user -> edit.)')."</li>\n"; |
| 23 |
$output .= '<li>'.t('Finally, if your site contains content, you will need to re-save all nodes. This ensures that Drupal\'s node_access table is up-to-date. Otherwise, content submitted before this module was configured will be hidden.')."</li>\n"; |
$output .= '<li>'.t('Finally, if your site contains content, you will need to re-save all nodes. This ensures that Drupal\'s node_access table is up-to-date. Otherwise, content submitted before this module was configured will be hidden.')."</li>\n"; |
| 24 |
$output .= "</ol>\n"; |
$output .= "</ol>\n"; |
| 25 |
$output .= '<p>'.t('Currently, this module works with view grants only (no update or delete grants).')."</p>\n"; |
$output .= '<p>'.t('Currently, this module works with view grants only (no update or delete grants).')."</p>\n"; |
| 26 |
return $output; |
return $output; |
| 27 |
break; |
break; |
| 28 |
|
|
| 29 |
} |
} |
| 30 |
} |
} |
| 31 |
|
|
| 42 |
function tac_lite_menu() { |
function tac_lite_menu() { |
| 43 |
global $user; |
global $user; |
| 44 |
$items = array(); |
$items = array(); |
| 45 |
|
|
| 46 |
$items['admin/user/access/tac_lite'] = |
$items['admin/user/access/tac_lite'] = array( |
| 47 |
array('title' => 'Access control by taxonomy', |
'title' => 'Access control by taxonomy', |
| 48 |
'description' => "taxonomy-based permissions by tac_lite", |
'description' => "taxonomy-based permissions by tac_lite", |
| 49 |
'page callback' => 'drupal_get_form', |
'page callback' => 'drupal_get_form', |
| 50 |
'page arguments' => array('tac_lite_admin_settings'), |
'page arguments' => array('tac_lite_admin_settings'), |
| 51 |
'type' => MENU_NORMAL_ITEM, |
'type' => MENU_NORMAL_ITEM, |
| 52 |
'weight' => 1, // after 'roles' tab |
'weight' => 1, // after 'roles' tab |
| 53 |
'access arguments' => array('administer tac_lite'), |
'access arguments' => array('administer tac_lite'), |
| 54 |
); |
); |
| 55 |
|
|
| 56 |
$items['admin/user/access/tac_lite/settings'] = |
$items['admin/user/access/tac_lite/settings'] = array( |
| 57 |
array('title' => 'Settings', |
'title' => 'Settings', |
| 58 |
'type' => MENU_DEFAULT_LOCAL_TASK, |
'type' => MENU_DEFAULT_LOCAL_TASK, |
| 59 |
'weight' => -1, |
'weight' => -1, |
| 60 |
'access arguments' => array('administer tac_lite'), |
'access arguments' => array('administer tac_lite'), |
| 61 |
); |
); |
| 62 |
|
|
| 63 |
$schemes = variable_get('tac_lite_schemes', 1); |
$schemes = variable_get('tac_lite_schemes', 1); |
| 64 |
for ($i = 1; $i <= $schemes; $i++) { |
for ($i = 1; $i <= $schemes; $i++) { |
| 65 |
$items['admin/user/access/tac_lite/scheme_' . $i] = |
$items['admin/user/access/tac_lite/scheme_' . $i] = array( |
| 66 |
array('title' => "Scheme $i", |
'title' => "Scheme $i", |
| 67 |
'page callback' => 'tac_lite_admin_settings_scheme', |
'page callback' => 'tac_lite_admin_settings_scheme', |
| 68 |
'page arguments' => array((string)$i), |
'page arguments' => array((string)$i), |
| 69 |
'type' => MENU_LOCAL_TASK, |
'type' => MENU_LOCAL_TASK, |
| 70 |
'access arguments' => array('administer tac_lite'), |
'access arguments' => array('administer tac_lite'), |
| 71 |
); |
); |
| 72 |
} |
} |
| 73 |
|
|
| 74 |
return $items; |
return $items; |
| 75 |
} |
} |
| 76 |
|
|
| 81 |
$vocabularies = taxonomy_get_vocabularies(); |
$vocabularies = taxonomy_get_vocabularies(); |
| 82 |
|
|
| 83 |
if (!count($vocabularies)) { |
if (!count($vocabularies)) { |
| 84 |
$form['body'] = array('#type' => 'markup', |
$form['body'] = array( |
| 85 |
'#value' => t('You must <a href="!url">create a vocabulary</a> before you can use tac_lite.', |
'#type' => 'markup', |
| 86 |
array('!url' => url('admin/content/taxonomy/add/vocabulary'))), |
'#value' => t('You must <a href="!url">create a vocabulary</a> before you can use tac_lite.', |
| 87 |
|
array('!url' => url('admin/content/taxonomy/add/vocabulary'))), |
| 88 |
); |
); |
| 89 |
return $form; |
return $form; |
| 90 |
} |
} |
| 94 |
$options[$vid] = $vocab->name; |
$options[$vid] = $vocab->name; |
| 95 |
} |
} |
| 96 |
|
|
| 97 |
$form['tac_lite_categories'] = |
$form['tac_lite_categories'] = array( |
| 98 |
array('#type' => 'select', |
'#type' => 'select', |
| 99 |
'#title' => t('Vocabularies'), |
'#title' => t('Vocabularies'), |
| 100 |
'#default_value' => variable_get('tac_lite_categories', null), |
'#default_value' => variable_get('tac_lite_categories', null), |
| 101 |
'#options' => $options, |
'#options' => $options, |
| 102 |
'#description' => t('Select one or more vocabularies to control privacy. Do not select free tagging vocabularies, they are not supported.'), |
'#description' => t('Select one or more vocabularies to control privacy. Do not select free tagging vocabularies, they are not supported.'), |
| 103 |
'#multiple' => TRUE, |
'#multiple' => TRUE, |
| 104 |
'#required' => TRUE, |
'#required' => TRUE, |
| 105 |
); |
); |
| 106 |
$scheme_options = array(); |
$scheme_options = array(); |
| 107 |
// Currently only view, edit, delete permissions possible, so 7 |
// Currently only view, edit, delete permissions possible, so 7 |
| 108 |
// permutations will be more than enough. |
// permutations will be more than enough. |
| 109 |
for ($i = 1; $i < 8; $i++) |
for ($i = 1; $i < 8; $i++) |
| 110 |
$scheme_options[$i] = $i; |
$scheme_options[$i] = $i; |
| 111 |
$form['tac_lite_schemes'] = |
$form['tac_lite_schemes'] = array( |
| 112 |
array('#type' => 'select', |
'#type' => 'select', |
| 113 |
'#title' => t('Schemes'), |
'#title' => t('Schemes'), |
| 114 |
'#description' => t('Each scheme allows for a different set of permissions. For example, use scheme 1 for read-only permission; scheme 2 for read and update; scheme 3 for delete; etc. Additional schemes increase the size of your node_access table, so use no more than you need. Also note that ff you use tac_lite to assign update permission, it is recommended that you give those users read permission on all terms of that vocabulary.'), |
'#description' => t('Each scheme allows for a different set of permissions. For example, use scheme 1 for read-only permission; scheme 2 for read and update; scheme 3 for delete; etc. Additional schemes increase the size of your node_access table, so use no more than you need. Also note that ff you use tac_lite to assign update permission, it is recommended that you give those users read permission on all terms of that vocabulary.'), |
| 115 |
'#default_value' => variable_get('tac_lite_schemes', 1), |
'#default_value' => variable_get('tac_lite_schemes', 1), |
| 116 |
'#options' => $scheme_options, |
'#options' => $scheme_options, |
| 117 |
'#required' => TRUE, |
'#required' => TRUE, |
| 118 |
); |
); |
| 119 |
|
|
| 120 |
$ret = system_settings_form($form); |
$ret = system_settings_form($form); |
| 121 |
// Special handling is required when this form is submitted. |
// Special handling is required when this form is submitted. |
| 162 |
$config['realm'] = 'tac_lite'; |
$config['realm'] = 'tac_lite'; |
| 163 |
else |
else |
| 164 |
$config['realm'] = 'tac_lite_scheme_' . $scheme; |
$config['realm'] = 'tac_lite_scheme_' . $scheme; |
| 165 |
|
|
| 166 |
return $config; |
return $config; |
| 167 |
} |
} |
| 168 |
|
|
| 176 |
if (count($vids)) { |
if (count($vids)) { |
| 177 |
$config = _tac_lite_config($i); |
$config = _tac_lite_config($i); |
| 178 |
|
|
| 179 |
$form['tac_lite_config_scheme_' . $i] = |
$form['tac_lite_config_scheme_' . $i] = array('#tree' => TRUE); |
| 180 |
array('#tree' => TRUE); |
$form['tac_lite_config_scheme_' . $i]['name'] = array( |
| 181 |
$form['tac_lite_config_scheme_' . $i]['name'] = |
'#type' => 'textfield', |
| 182 |
array('#type' => 'textfield', |
'#title' => t('Scheme name'), |
| 183 |
'#title' => t('Scheme name'), |
'#description' => t('A human-readable name for administrators to see. For example, \'read\' or \'read and write\'.'), |
| 184 |
'#description' => t('A human-readable name for administrators to see. For example, \'read\' or \'read and write\'.'), |
'#default_value' => $config['name'], |
| 185 |
'#default_value' => $config['name'], |
'#required' => TRUE, |
| 186 |
'#required' => TRUE, |
); |
|
); |
|
| 187 |
// Currently, only view, update and delete are supported by node_access |
// Currently, only view, update and delete are supported by node_access |
| 188 |
$options = array('grant_view' => 'view', |
$options = array( |
| 189 |
'grant_update' => 'update', |
'grant_view' => 'view', |
| 190 |
'grant_delete' => 'delete'); |
'grant_update' => 'update', |
| 191 |
$form['tac_lite_config_scheme_' . $i]['perms'] = |
'grant_delete' => 'delete', |
| 192 |
array('#type' => 'select', |
); |
| 193 |
'#title' => t('Permissions'), |
$form['tac_lite_config_scheme_' . $i]['perms'] = array( |
| 194 |
'#multiple' => TRUE, |
'#type' => 'select', |
| 195 |
'#options' => $options, |
'#title' => t('Permissions'), |
| 196 |
'#default_value' => $config['perms'], |
'#multiple' => TRUE, |
| 197 |
'#description' => t('Select which permissions are granted by this scheme.'), |
'#options' => $options, |
| 198 |
'#required' => FALSE, /* disable scheme by selecting none */ |
'#default_value' => $config['perms'], |
| 199 |
); |
'#description' => t('Select which permissions are granted by this scheme.'), |
| 200 |
|
'#required' => FALSE, /* disable scheme by selecting none */ |
| 201 |
$form['helptext'] = array('#type' => 'markup', |
); |
| 202 |
'#value' => t('You may grant these permissions by role, below. To grant permission to an individual user, visit the tac_lite tab on the user edit page.')); |
|
| 203 |
|
$form['helptext'] = array( |
| 204 |
|
'#type' => 'markup', |
| 205 |
|
'#value' => t('You may grant these permissions by role, below. To grant permission to an individual user, visit the tac_lite tab on the user edit page.'), |
| 206 |
|
); |
| 207 |
|
|
| 208 |
$vocabularies = taxonomy_get_vocabularies(); |
$vocabularies = taxonomy_get_vocabularies(); |
| 209 |
$all_defaults = variable_get('tac_lite_grants_scheme_' . $i, array()); |
$all_defaults = variable_get('tac_lite_grants_scheme_' . $i, array()); |
| 210 |
$form['tac_lite_grants_scheme_' . $i] = |
$form['tac_lite_grants_scheme_' . $i] = array('#tree' => true); |
|
array('#tree' => true); |
|
| 211 |
foreach ($roles as $rid => $role_name) { |
foreach ($roles as $rid => $role_name) { |
| 212 |
$form['tac_lite_grants_scheme_' . $i][$rid] = |
$form['tac_lite_grants_scheme_' . $i][$rid] = array( |
| 213 |
array('#type' => 'fieldset', |
'#type' => 'fieldset', |
| 214 |
'#tree' => true, |
'#tree' => true, |
| 215 |
'#title' => t('Access for %role', array('%role' => $role_name)), |
'#title' => t('Access for %role', array('%role' => $role_name)), |
| 216 |
'#description' => t(''), |
'#description' => t(''), |
| 217 |
); |
); |
| 218 |
$defaults = count($all_defaults) ? $all_defaults[$rid] : NULL; |
$defaults = count($all_defaults) ? $all_defaults[$rid] : NULL; |
| 219 |
foreach ($vids as $vid) { |
foreach ($vids as $vid) { |
| 220 |
$v = $vocabularies[$vid]; |
$v = $vocabularies[$vid]; |
| 241 |
* Implementation of hook_user(). |
* Implementation of hook_user(). |
| 242 |
*/ |
*/ |
| 243 |
function tac_lite_user($op, $edit, $account, $category = null) { |
function tac_lite_user($op, $edit, $account, $category = null) { |
| 244 |
|
|
| 245 |
if (!user_access('administer tac_lite')) { |
if (!user_access('administer tac_lite')) { |
| 246 |
// Only for tac_lite administrators. |
// Only for tac_lite administrators. |
| 247 |
return; |
return; |
| 248 |
} |
} |
| 249 |
|
|
| 250 |
switch ($op) { |
switch ($op) { |
| 251 |
case 'categories': |
case 'categories': |
| 252 |
return array(array('name' => 'tac_lite', |
return array(array('name' => 'tac_lite', |
| 265 |
$config = _tac_lite_config($i); |
$config = _tac_lite_config($i); |
| 266 |
$terms = isset($account->$config['realm']) ? $account->$config['realm'] : array(); |
$terms = isset($account->$config['realm']) ? $account->$config['realm'] : array(); |
| 267 |
if ($config['name']) { |
if ($config['name']) { |
| 268 |
$form['tac_lite'][$config['realm']] = |
$form['tac_lite'][$config['realm']] = array( |
| 269 |
array('#type' => 'fieldset', |
'#type' => 'fieldset', |
| 270 |
'#title'=> $config['name'], |
'#title'=> $config['name'], |
| 271 |
'#description' => t('This scheme includes permissions %perms', |
'#description' => t('This scheme includes permissions %perms', |
| 272 |
array('%perms' => implode(' and ', $config['perms']))), |
array('%perms' => implode(' and ', $config['perms']))), |
| 273 |
'#tree' => TRUE, |
'#tree' => TRUE, |
| 274 |
); |
); |
| 275 |
foreach ($vids as $vid) { |
foreach ($vids as $vid) { |
| 276 |
$v = $vocabularies[$vid]; |
$v = $vocabularies[$vid]; |
| 277 |
$form['tac_lite'][$config['realm']][$vid] = |
$form['tac_lite'][$config['realm']][$vid] = |
| 285 |
} |
} |
| 286 |
} |
} |
| 287 |
} |
} |
| 288 |
$form['tac_lite'][0] = |
$form['tac_lite'][0] = array( |
| 289 |
array('#type' => 'markup', |
'#type' => 'markup', |
| 290 |
'#value' => '<p>' . t('You may grant this user access based on the schemes and terms below. These permissions are in addition to <a href="!url">role based grants on scheme settings pages</a>.', |
'#value' => '<p>' . t('You may grant this user access based on the schemes and terms below. These permissions are in addition to <a href="!url">role based grants on scheme settings pages</a>.', |
| 291 |
array('!url' => url('admin/user/access/tac_lite/scheme_1'))) . "</p>\n", |
array('!url' => url('admin/user/access/tac_lite/scheme_1'))) . "</p>\n", |
| 292 |
'#weight' => -1); |
'#weight' => -1, |
| 293 |
|
); |
| 294 |
|
|
| 295 |
return $form; |
return $form; |
| 296 |
} |
} |
| 297 |
} |
} |
| 298 |
break; |
break; |
|
case 'validate': |
|
|
//print_r($edit); |
|
|
//print_r($account); |
|
|
break; |
|
| 299 |
} |
} |
| 300 |
} |
} |
| 301 |
|
|
| 314 |
// now find just the terms we're interested in. |
// now find just the terms we're interested in. |
| 315 |
$tids = array(); |
$tids = array(); |
| 316 |
if (count($all_tids) && count($vids)) { |
if (count($all_tids) && count($vids)) { |
| 317 |
$result = db_query("SELECT DISTINCT td.tid FROM {term_data} td WHERE td.vid IN (%s) AND td.tid IN (%s)", |
$result = db_query("SELECT DISTINCT td.tid FROM {term_data} td WHERE td.vid IN (%s) AND td.tid IN (%s)", |
| 318 |
implode(',', $vids), |
implode(',', $vids), |
| 319 |
implode(',', $all_tids)); |
implode(',', $all_tids)); |
| 320 |
while ($term = db_fetch_object($result)) { |
while ($term = db_fetch_object($result)) { |
| 321 |
$tids[] = $term->tid; |
$tids[] = $term->tid; |
| 322 |
} |
} |
| 323 |
} |
} |
| 324 |
|
|
| 325 |
if (!count($tids)) { |
if (!count($tids)) { |
| 326 |
// no relevant terms found. |
// no relevant terms found. |
| 327 |
|
|
| 328 |
// in drupal 4-7 we had to write a row into the database. In drupal 5, it should be safe to do nothing. |
// in drupal 4-7 we had to write a row into the database. In drupal 5, it should be safe to do nothing. |
| 329 |
} |
} |
| 330 |
else { |
else { |
| 331 |
// if we're here, the node has terms associated with it which restrict |
// if we're here, the node has terms associated with it which restrict |
| 332 |
// access to the node. |
// access to the node. |
| 333 |
$grants = array(); |
$grants = array(); |
| 334 |
for ($i = 1; $i <= variable_get('tac_lite_schemes', 1); $i++) { |
for ($i = 1; $i <= variable_get('tac_lite_schemes', 1); $i++) { |
| 335 |
$config = _tac_lite_config($i); |
$config = _tac_lite_config($i); |
| 336 |
foreach ($tids as $tid) { |
foreach ($tids as $tid) { |
| 337 |
$grant = array('realm' => $config['realm'], |
$grant = array( |
| 338 |
'gid' => $tid, // use term id as grant id |
'realm' => $config['realm'], |
| 339 |
|
'gid' => $tid, // use term id as grant id |
| 340 |
); |
); |
| 341 |
foreach($config['perms'] as $perm) |
foreach($config['perms'] as $perm) { |
| 342 |
$grant[$perm] = TRUE; |
$grant[$perm] = TRUE; |
| 343 |
|
} |
| 344 |
$grants[] = $grant; |
$grants[] = $grant; |
| 345 |
} |
} |
| 346 |
} |
} |
| 349 |
} |
} |
| 350 |
|
|
| 351 |
|
|
| 352 |
/* |
/** |
| 353 |
Get terms from a newly udpated node. |
* Get terms from a newly udpated node. |
| 354 |
Terms are placed in $node->taxonomy by the form. |
* Terms are placed in $node->taxonomy by the form. |
| 355 |
*/ |
*/ |
| 356 |
function _tac_lite_get_terms(&$node) { |
function _tac_lite_get_terms(&$node) { |
| 357 |
$tids = array(); |
$tids = array(); |
| 358 |
|
|
| 359 |
// emulating code from taxonomy_node_save here. |
// emulating code from taxonomy_node_save here. |
| 360 |
// note that free tagging vocabs not currently supported |
// note that free tagging vocabs not currently supported |
| 361 |
if (count($node->taxonomy)) { |
if (count($node->taxonomy)) { |
| 362 |
foreach ($node->taxonomy as $term) { |
foreach ($node->taxonomy as $term) { |
| 363 |
if (is_array($term)) { |
if (is_array($term)) { |
| 364 |
foreach ($term as $tid) { |
foreach ($term as $tid) { |
| 365 |
if (is_numeric($tid)) { |
if (is_numeric($tid)) { |
| 366 |
$tids[$tid] = $tid; |
$tids[$tid] = $tid; |
| 367 |
} |
} |
| 368 |
else { |
else { |
| 369 |
// non-numeric means free-tagging vocabulary. |
// non-numeric means free-tagging vocabulary. |
| 370 |
// we do not support. Do nothing. |
// we do not support. Do nothing. |
| 371 |
} |
} |
| 372 |
} |
} |
| 373 |
} |
} |
| 374 |
else if (is_object($term)) { |
else if (is_object($term)) { |
| 375 |
// in drupal 5 term is an object. Is this right? |
// in drupal 5 term is an object. Is this right? |
| 376 |
$tids[$term->tid] = $term->tid; |
$tids[$term->tid] = $term->tid; |
| 377 |
} |
} |
| 378 |
else if (is_numeric($term)) { |
else if (is_numeric($term)) { |
| 379 |
// $term is a tid. |
// $term is a tid. |
| 380 |
$tids[$term] = $term; |
$tids[$term] = $term; |
| 381 |
} |
} |
| 382 |
else if ($term) { |
else if ($term) { |
| 383 |
drupal_set_message(t('Unexpected term value "%term" in tac_lite.', |
drupal_set_message(t('Unexpected term value "%term" in tac_lite.', |
| 384 |
array('%term' => $term)), |
array('%term' => $term)), |
| 385 |
'error'); |
'error'); |
| 386 |
} |
} |
| 387 |
} |
} |
| 388 |
} |
} |
| 389 |
|
|
| 390 |
return $tids; |
return $tids; |
| 391 |
} |
} |
| 392 |
|
|
| 393 |
function _tac_lite_get_terms_by_nid($nid) { |
function _tac_lite_get_terms_by_nid($nid) { |
| 394 |
$tids = array(); |
$tids = array(); |
| 395 |
$terms = taxonomy_node_get_terms($nid); |
$terms = taxonomy_node_get_terms($nid); |
| 396 |
|
|
| 397 |
// terms is now an array of objects. We convert to a simple array of tids |
// terms is now an array of objects. We convert to a simple array of tids |
| 398 |
foreach ($terms as $term) { |
foreach ($terms as $term) { |
| 399 |
$tids[$term->tid] = $term->tid; |
$tids[$term->tid] = $term->tid; |
| 400 |
} |
} |
| 401 |
return $tids; |
return $tids; |
| 402 |
} |
} |
| 429 |
if (count($tids)) { |
if (count($tids)) { |
| 430 |
$grants = array_merge($grants, $tids); |
$grants = array_merge($grants, $tids); |
| 431 |
} |
} |
| 432 |
} |
} |
| 433 |
} |
} |
| 434 |
} |
} |
| 435 |
|
|
| 436 |
// Because of some flakyness in the form API and the form we insert under |
// Because of some flakyness in the form API and the form we insert under |
| 437 |
// user settings, we may have a bogus entry with vid set |
// user settings, we may have a bogus entry with vid set |
| 438 |
// to ''. Here we make sure not to return that. |
// to ''. Here we make sure not to return that. |
| 461 |
|
|
| 462 |
function tac_lite_db_rewrite_sql($query, $primary_table, $primary_field, $args) { |
function tac_lite_db_rewrite_sql($query, $primary_table, $primary_field, $args) { |
| 463 |
global $user; |
global $user; |
| 464 |
|
|
| 465 |
if (user_access('administer tac_lite')) { |
if (user_access('administer tac_lite')) { |
| 466 |
// Only for tac_lite administrators. |
// Only for tac_lite administrators. |
| 467 |
return; |
return; |
| 468 |
} |
} |
| 469 |
|
|
| 470 |
// the vocabularies containing protected info. |
// the vocabularies containing protected info. |
| 471 |
$vids = variable_get('tac_lite_categories', array(0)); |
$vids = variable_get('tac_lite_categories', array(0)); |
| 472 |
|
|
| 473 |
// the terms this user is allowed to see |
// the terms this user is allowed to see |
| 474 |
$tids = array(); |
$tids = array(); |
| 475 |
for ($i = 1; $i <= variable_get('tac_lite_schemes', 1); $i++) { |
for ($i = 1; $i <= variable_get('tac_lite_schemes', 1); $i++) { |
| 478 |
$tids = array_merge($tids, _tac_lite_user_tids($user, $i)); |
$tids = array_merge($tids, _tac_lite_user_tids($user, $i)); |
| 479 |
} |
} |
| 480 |
} |
} |
| 481 |
|
|
| 482 |
// Note that if tac_lite is configured, but no schemes support grant_view, |
// Note that if tac_lite is configured, but no schemes support grant_view, |
| 483 |
// we assume everyone can view all terms. |
// we assume everyone can view all terms. |
| 484 |
|
|
| 485 |
if (count($tids) && is_array($vids) && count($vids)) { |
if (count($tids) && is_array($vids) && count($vids)) { |
| 486 |
switch ($primary_field) { |
switch ($primary_field) { |
| 487 |
case 'tid': |
case 'tid': |
| 488 |
// prevent users from seeing terms they do not have permission to read. |
// prevent users from seeing terms they do not have permission to read. |
| 489 |
$join = "LEFT JOIN {term_data} tac_td ON $primary_table.tid = tac_td.tid"; |
$join = "LEFT JOIN {term_data} tac_td ON $primary_table.tid = tac_td.tid"; |
| 490 |
$where = "$primary_table.tid IN (". implode(', ', $tids) .") OR tac_td.vid NOT IN (". implode(',', $vids) .")"; |
$where = "$primary_table.tid IN (". implode(', ', $tids) .") OR tac_td.vid NOT IN (". implode(',', $vids) .")"; |
| 491 |
|
|
| 492 |
return array('join' => $join, 'where' => $where); |
return array('join' => $join, 'where' => $where); |
| 493 |
break; |
break; |
| 494 |
case 'vid': |
case 'vid': |
| 495 |
|
|
| 496 |
break; |
break; |
| 497 |
} |
} |
| 498 |
} |
} |
| 499 |
} |
} |
Parent Directory
| 
Revision Log
| 
Revision Graph
| 
Patch