modules/taxonomy_access/taxonomy_access_admin.inc

<?php
// $Id: taxonomy_access_admin.inc,v 1.14 2008/02/23 20:45:19 keve Exp $

/**
 * @file
 * Administrative interface for taxonomy access control.
 */

/**
 * Cache roles
 */
function _user_roles() {
  static $roles;
  if (!is_array($roles)) {
    $roles = user_roles();
  }
  return $roles;
}

/**
 * Menu callback; presents the category permissions page of TAC (admin/user/taxonomy_access).
 */
function taxonomy_access_admin($op = NULL, $rid=NULL, $arg=NULL) {
  $roles = _user_roles();
  if (is_numeric($rid) AND isset($roles[$rid])) {
    switch ($op) {
    case 'edit':
      return drupal_get_form('taxonomy_access_admin_form', $rid);
    case 'delete':
      return drupal_get_form('taxonomy_access_admin_delete_role', $rid);
    }
  }
  else if (!isset($op) AND !isset($rid)) {
    return theme_taxonomy_access_admin();
  }
  //TODO something odd happens here
  else return drupal_not_found();
}

/**
 * Renders the main page of category permissions
 */
function theme_taxonomy_access_admin() {
  $roles = _user_roles();

  // Render role/permission overview:
  $header = array(t('Role'), array('data' => '&nbsp;'));
  $rows = array();
  
  $result = db_query('SELECT rid FROM {term_access_defaults} WHERE vid=0 ');
  $active = array();
  while ($role = db_fetch_array($result)) {
    $active[$role['rid']] = TRUE;
  }
  foreach ($roles as $rid => $name) {
    $ops = array();
    if ($active[$rid]) {
      //only allow delete for "extra" roles
      if ($rid > 2) {
        $ops[] = l(t("disable"), "admin/user/taxonomy_access/delete/$rid");
      }
      $ops[] = l(t("edit"), "admin/user/taxonomy_access/edit/$rid");
    }
    else {
      $ops = array(l(t("enable"), "admin/user/taxonomy_access/edit/$rid"));
    }
    $rows[] = array($name, array('data' => implode(' | ', $ops), 'align' => 'right'));
  }

  return theme('table', $header, $rows);
}

function taxonomy_access_admin_delete_role($form_state, $rid) {
  if (is_numeric($rid) AND $rid > 2 AND db_fetch_array(db_query('SELECT rid FROM {term_access_defaults} WHERE vid=0 AND rid=%d', $rid))) {
    if ($_POST['confirm']) {
      // issue #167977 - klance
      $affected_nodes = _taxonomy_access_get_nodes_for_role($rid);
      db_query('DELETE FROM {term_access} WHERE rid=%d', $rid);
      db_query('DELETE FROM {term_access_defaults} WHERE rid=%d', $rid);
      // issue #167977 - klance
      //node_access_rebuild();
      _taxonomy_access_node_access_update($affected_nodes);            
      drupal_set_message("All term access rules deleted for role $rid.");
      drupal_goto('admin/user/taxonomy_access');
    }
    else {
      return confirm_form($form,
                          t('Are you sure you want to delete all grant rules for role %rid?', array('%rid' => $rid)),
                          'admin/user/taxonomy_access', t('This action cannot be undone.'),
                          t('Delete all'), t('Cancel'));
    }
  }
  else return drupal_not_found();
}

// TODO: clarify list VS create grants
function taxonomy_access_admin_build_row($grants = NULL) {
  $form['#title'] = $title;
  $form['#tree'] = TRUE;
  foreach (array('view', 'update', 'delete') as $grant) {
    $form[$grant] = array(
      '#type' => 'radios', 
      '#options' => array('1' => '', '0' => '', '2' => ''), //1: Allow, 0: Ignore, 2: Deny
      '#default_value' => is_string($grants['grant_'. $grant]) ? $grants['grant_'. $grant] : '0',
      '#required' => TRUE,
     );
  }
  foreach (array('create', 'list') as $grant) {
    $form[$grant] = array(
      '#type' => 'checkbox', 
      '#default_value' => is_string($grants['grant_'. $grant]) ? $grants['grant_'. $grant] : '0',
     );
  }
  return $form;
}

/**
 * Form for managing grants by role.
 */
function taxonomy_access_admin_form($form_state, $rid = NULL) {
  // Fetch all default grants
  $result = db_query('SELECT * FROM {term_access_defaults} WHERE rid = %d', $rid);
  while ($row = db_fetch_array($result)) {
    $default_grants[$row['vid']] = $row;
  }

  // Fetch all grants
  $result = db_query('SELECT * FROM {term_access} WHERE rid = %d', $rid);
  while ($row = db_fetch_array($result)) {
    $grants[$row['tid']] = $row;
  }

  $form['rid'] = array('#type' => 'value', '#value' => $rid);
  $form['grants'] = $form['selected_terms'] = $form['selected_defaults'] = array('#tree' => TRUE);
  
  //Global default
  $form['vocabs'][0]['#title'] = 'Global';
  $form['grants'][0][0] = taxonomy_access_admin_build_row($default_grants[0]);
  $form['selected_defaults'][0] = array(
     '#type' => 'checkbox',
     '#disabled' => TRUE,
     '#title' => '<em>default<em>',
     '#description' => 'can\'t be disabled without disabling TAC for this role'
  );

  foreach (taxonomy_get_vocabularies() as $vid => $vocabulary) {
    $form['vocabs'][$vid]['#title'] = check_plain($vocabulary->name);
    if (isset($default_grants[$vid])) {
      $form['grants'][$vid][0] = taxonomy_access_admin_build_row($default_grants[$vid]);
      $form['selected_defaults'][$vid] = array(
         '#type' => 'checkbox',
         '#title' => '<em>default<em>',
      );
    }
    else {
      $add_items[$vocabulary->name]["default $vid"] = '*default*';
    }

    if ($tree = taxonomy_get_tree($vid)) {
      foreach ($tree as $term) {
        if (isset($grants[$term->tid])) {
          $form['grants'][$vid][$term->tid] = taxonomy_access_admin_build_row($grants[$term->tid]);
          $form['selected_terms'][$term->tid] = array(
             '#type' => 'checkbox',
             '#title' => str_repeat('&nbsp;&nbsp;', $term->depth) . check_plain($term->name),
          );
        }
        else {
          $add_items[$vocabulary->name]["term $term->tid"] = str_repeat('-', $term->depth) . check_plain($term->name);
        }
      }
    }
  }
  //New grant row
  if (isset($add_items)) {
    $form['new']['grants'] = taxonomy_access_admin_build_row();
    $form['new']['#tree'] = TRUE;
    $form['new']['item'] = array(
      '#type' => 'select',
      '#options' => $add_items,
    );
    $form['new']['add'] = array(
      '#type' => 'submit',
      '#value' => t('Add'),
    );
  }
  
  $form['delete'] = array(
    '#type' => 'submit',
    '#value' => t('Delete selected'),
  );

  $form['submit'] = array(
    '#type' => 'submit',
    '#value' => t('Save all'),
  );

  return $form;
}

/**
 * Renders the permission matrix user form for choosen user role.
 */
function theme_taxonomy_access_admin_form($form) {
  $roles = _user_roles();
  $header = array(
    array( 'data' => t('Category'), 'colspan' => 3),
    array( 'data' => t('View'), 'colspan' => 4),
    array( 'data' => t('Update'), 'colspan' => 4),
    array( 'data' => t('Delete'), 'colspan' => 4),
    array( 'data' => t('Create')),
    array( 'data' => t('List')),
  );
  $sub_header = array(
    '&nbsp;<strong>'. t('A') .'</strong>',
    '&nbsp;<strong>'. t('I') .'</strong>',
    '&nbsp;<strong>'. t('D') .'</strong>',
    '&nbsp;',
  );
  $sub_header = array_merge(array('&nbsp;'), $sub_header, $sub_header, $sub_header);
  $sub_header = array_pad($sub_header, 15, '&nbsp;');
  $node_grant_types = array('view', 'update', 'delete');

  $radios = array('1' => t('Allow'), '0' => t('Ignore'), '2' => t('Deny'));

  drupal_set_title(t('Grants for %role', array('%role' => $roles[$form['rid']['#value']])));

  $rows = array();

  foreach (array_keys($form['vocabs']) as $vid) {
    if (is_numeric($vid) AND isset($form['grants'][$vid])) {
      $row = $sub_header;
      $row[0] = array('data' => '<h3>'. check_plain($form['vocabs'][$vid]['#title']) .'</h3>', 'colspan' => 3);
      $rows[] = $row;
      foreach (array_keys($form['grants'][$vid]) as $tid) {
        if (is_numeric($tid)) {
          $select_key = $tid? 'selected_terms' : 'selected_defaults';
          $select_id = $tid? $tid : $vid;
          $row = array(
            array('data' => drupal_render($form[$select_key][$select_id]), 'colspan' => 3),
          );
          foreach ($node_grant_types as $grant) {
            foreach (array_keys($radios) as $key) {
              // I need this hack to display radio buttons horizontally (instead of standard form 'radios')
              $row[] = array('data' => drupal_render($form['grants'][$vid][$tid][$grant][$key]));
            }
            $row[] = '&nbsp;';
          }
          foreach (array('create', 'list') as $grant) {
            $row[] = array('data' => drupal_render($form['grants'][$vid][$tid][$grant]));
          }
          $rows[] = $row; 
        }
      }
    }
  }
  if (isset($form['new'])) {
    $row = array(
             array('data' => drupal_render($form['new']['item']), 'colspan' => 2), 
             drupal_render($form['new']['add'])
           );
    foreach ($node_grant_types as $grant) {
      foreach (array_keys($radios) as $key) {
        // I need this hack to display radio buttons horizontally (instead of standard form 'radios')
        $row[] = array('data' => drupal_render($form['new']['grants'][$grant][$key]));
      }
      $row[] = '&nbsp;';
    }
    foreach (array('create', 'list') as $grant) {
      $row[] = array('data' => drupal_render($form['new']['grants'][$grant]));
    }
    $rows[] = $row; 
    $row = array();
  }

  $output .= theme('table', $header, $rows);
  $output .= drupal_render($form);

  return $output;
}

function taxonomy_access_admin_form_submit($form, &$form_state) {
  $values = $form_state['values'];

  switch ($values['op']) {
  case t('Delete selected'):
    if (is_array($form_values['selected_terms'])) {
      foreach($form_values['selected_terms'] as $tid => $enabled) {
        if ($enabled) {
          // issue #167977 - klance
          $affected_nodes = _taxonomy_access_get_nodes_for_term($tid);
          db_query('DELETE FROM {term_access} WHERE rid = %d AND tid = %d', $form_values['rid'], $tid);
          // issue #167977 - klance
          _taxonomy_access_node_access_update($affected_nodes);
        }
      }
    }
    if (is_array($form_values['selected_defaults'])) {
      foreach($form_values['selected_defaults'] as $vid => $enabled) {
        if ($enabled) {
          // issue #167977 - klance
          $affected_nodes = _taxonomy_access_get_nodes_for_vocabulary($vid, $form_values['rid']);
          db_query('DELETE FROM {term_access_defaults} WHERE rid = %d AND vid = %d', $form_values['rid'], $vid);
          // issue #167977 - klance
          _taxonomy_access_node_access_update($affected_nodes);
        }
      }
    }
    // issue #167977 - klance
    //node_access_rebuild();
    break;
  case t('Add'):
    $new = $values['new'];
    list($type, $id) = explode(' ', $new['item']);
    if ($type == 'term') {
      taxonomy_access_grant_update($id, $values['rid'], $new['grants']);
    }
    elseif ($type == 'default') {
      taxonomy_access_defaults_update($id, $values['rid'], $new['grants']);
    }
    // issue #167977 - klance
    //node_access_rebuild();
    break;
  case t('Save all'):
    foreach ($values['grants'] as $vid => $rows) {
      foreach ($rows as $tid => $grants) {
        if ($tid == 0) {
          taxonomy_access_defaults_update($vid, $values['rid'], $grants);
        }
        else {
          taxonomy_access_grant_update($tid, $values['rid'], $grants);
        }
      }
    }
    // issue #167977 - klance
    //node_access_rebuild();
    drupal_goto('admin/user/taxonomy_access');
  }
}

/**
 * Updates permissions for a role for a term
 * @param $tid
 *   The term to add the permission for.
 * @param $rid
 *   The role id to add the permission for.
 * @param $grants
 *   A hash of the grants in the form of $grants['perm'] = boolean
 *   A value of 1 will grant the permission for this user and term.
**/
function taxonomy_access_grant_update($tid, $rid = null, $grants = null) {
  if (!isset($tid) OR !is_numeric($rid)) {
    return FALSE;
  }
  
  $ta_sql = "INSERT INTO {term_access} (tid";
  $ta_sql_values = " VALUES ($tid";
  if (isset($rid)) {
    $ta_sql .= ",rid";
    $ta_sql_values .= ",$rid";
  }
  $sql = "";
  if (isset($grants)) {
    foreach ($grants as $perm => $value) {
      $sql .= ",grant_$perm";
      $ta_sql_values .= is_array($value) ? ",". $value[0] : ",$value";
    }
    $sql .= ")";
    $ta_sql_values .= ")";
  }
  else {
    $sql .= ")";
    $ta_sql_values .= ")";
  }
  $ta_sql .= $sql . $ta_sql_values;
  
  // issue #167977 - klance
  $affected_nodes = _taxonomy_access_get_nodes_for_term($tid);
  db_query("DELETE FROM {term_access} WHERE tid=%d AND rid=%d", $tid, ($rid));
  db_query($ta_sql);  // insert into term_access
  // issue #167977 - klance
  _taxonomy_access_node_access_update($affected_nodes);
}

/**
 * Updates default permissions for a role for a vocabulary
 * @param $vid
 *   The vocab to add the permission for.
 * @param $rid
 *   The role id to add the permission to.
 * @param $grants
 *   A hash of the grants in the form of $grants['perm'] = boolean
 *   A value of 1 will grant the permission for this user and term.
**/
function taxonomy_access_defaults_update($vid, $rid = null, $grants = null) {
  if (!isset($vid) OR !is_numeric($rid)) {
    return FALSE;
  }
  
  $ta_sql = "INSERT INTO {term_access_defaults} (vid";
  $ta_sql_values = " VALUES ($vid";
  if (isset($rid)) {
    $ta_sql .= ",rid";
    $ta_sql_values .= ",$rid";
  }
  $sql = "";
  if (isset($grants)) {
    foreach ($grants as $perm => $value) {
      $sql .= ",grant_$perm";
      $ta_sql_values .= ",$value";
    }
    $sql .= ")";
    $ta_sql_values .= ")";
  }
  else {
    $sql .= ")";
    $ta_sql_values .= ")";
  }
  $ta_sql .= $sql . $ta_sql_values;

  // issue #167977 - klance
  $affected_nodes = _taxonomy_access_get_nodes_for_vocabulary($vid, $rid);
  db_query("DELETE FROM {term_access_defaults} WHERE vid=%d AND rid=%d", $vid, $rid);
  db_query($ta_sql);  // insert into term_access_defaults
  // issue #167977 - klance
  _taxonomy_access_node_access_update($affected_nodes);
}

/**
 * Gets permissions for a given role
 * @param $rid
 *   The role id to retrieve the permissions for.
 * @return
 *   A two dimensional hash of the form $grants[tid][grant] where
 *   tid is the term id and
 *   grant is the permission (i.e. 'view','delete',ect.)
 *   this entry in the hash is true if permission is granted, false otherwise
**/
function taxonomy_access_get_grants($rid) {
  if (!isset($rid)) {
    return false;
  }
  if (isset($rid) && !is_numeric($rid)) {
    $rid = db_result(db_query("SELECT rid FROM {role} WHERE name='%s'", $rid));
  }
  $result = db_query("SELECT * FROM {term_access} WHERE rid=%d", $rid);
  $grants = array();
  while ($grant = db_fetch_array($result)) {
    $tid = $grant['tid'];
    foreach ($grant as $key => $grant_val) {
      if (strpos($key, 'grant_') !== FALSE) {
        $grant_name = '';
        $grant_name = str_replace('grant_', '', $key);
        if (!isset($grants[$tid][$grant_name]) || !($grants[$tid][$grant_name])) {
          // If there's conflicting DB rules, take the most lenient
          $grants[$tid][$grant_name] = $grant_val;
        }
      }
    }
  }
  return $grants;
}
/**
 * Gets default permissions for a given role
 * @param $rid
 *   The role id to retrieve the permissions for.
 * @return
 *   A two dimensional hash of the form $grants[vid][grant] where
 *   vid is the vocab id and
 *   grant is the permission (i.e. 'view','delete',ect.)
 *   this entry in the hash is true if permission is granted, false otherwise
**/
function taxonomy_access_get_default_grants($rid) {
  if (!is_numeric($rid)) {
    return false;
  }
  $result = db_query("SELECT * FROM {term_access_defaults} WHERE rid=%d", $rid);
  $grants = array();
  while ($grant = db_fetch_array($result)) {
    $vid = $grant['vid'];
    foreach ($grant as $key => $grant_val) {
      if (strpos($key, 'grant_') !== FALSE) {
        $grant_name = '';
        $grant_name = str_replace('grant_', '', $key);
        if (!isset($grants[$vid][$grant_name]) || !($grants[$vid][$grant_name])) {
          // If there's conflicting DB rules, take the most lenient
          $grants[$vid][$grant_name] = $grant_val;
        }
      }
    }
  }
  return $grants;
}

/*
 * Issue #167977 - klance
 * Gets node ids associated with a given term
 * @param $tid
 *    The term id for which to retrieve associated nodes
 * @return $nid
 *    An array of node ids associated with the given term
 */
function _taxonomy_access_get_nodes_for_term($tid) {
  $nid = array();
  $result = db_query("SELECT nid FROM {term_node} WHERE tid = '$tid'");
  
  while($node = db_fetch_object($result)) {
    $nid[] = $node->nid;
  }
  return $nid;
}

/*
 * Issue #167977 - klance
 * Gets node ids associated with a given vocabulary
 * @param $vid
 *    The vocabulary id for which to retrieve associated term ids
 * @params $rid
 *    The role id for which to retrieve associated term ids
 * @return $nid
 *    An array of node ids associated with the given term
 */
function _taxonomy_access_get_nodes_for_vocabulary($vid, $rid = NULL) {
  $nid = array();
  $query = "SELECT n.nid FROM {term_node} n
    LEFT JOIN {term_data} d ON n.tid = d.tid
    LEFT JOIN {term_access} a ON n.tid = a.tid
    WHERE d.vid = '$vid'";
  if(!is_null($rid)) {
    $query .= " AND a.rid = '$rid'";
  }
  $result = db_query($query);
  
  while($node = db_fetch_object($result)) {
    $nid[] = $node->nid;
  }
  return $nid;
}

/*
 * Issue #167977 - klance
 * Gets node ids associated with the given role
 * @param $rid
 *    The role id for which to retrieve term ids that are
 *    access-controlled for this role
 * @return $nid
 *    An array of node ids associated with the given term
 */
function _taxonomy_access_get_nodes_for_role($rid) {
  $nid = array();
  $result = db_query("
    SELECT n.nid FROM {term_node} n LEFT JOIN {term_access} a ON n.tid = a.tid WHERE a.rid = '$rid'
  ");
  
  while($node = db_fetch_object($result)) {
    $nid[] = $node->nid;
  }
  return $nid;
}

/*
 * Issue #167977
 * Gets node ids associated with the given term
 * @return $nid
 *    An array of node ids for which to acquire access permissions
 */
function _taxonomy_access_node_access_update($nid) {
  foreach($nid as $node) {
    $loaded_node = node_load($node, NULL, TRUE);
    if (!empty($loaded_node)) {
      node_access_acquire_grants($loaded_node);
    }
  }
  return TRUE;
}
1	<?php
2	// $Id: taxonomy_access_admin.inc,v 1.14 2008/02/23 20:45:19 keve Exp $
3
4	/**
5	* @file
6	* Administrative interface for taxonomy access control.
7	*/
8
9	/**
10	* Cache roles
11	*/
12	function _user_roles() {
13	static $roles;
14	if (!is_array($roles)) {
15	$roles = user_roles();
16	}
17	return $roles;
18	}
19
20	/**
21	* Menu callback; presents the category permissions page of TAC (admin/user/taxonomy_access).
22	*/
23	function taxonomy_access_admin($op = NULL, $rid=NULL, $arg=NULL) {
24	$roles = _user_roles();
25	if (is_numeric($rid) AND isset($roles[$rid])) {
26	switch ($op) {
27	case 'edit':
28	return drupal_get_form('taxonomy_access_admin_form', $rid);
29	case 'delete':
30	return drupal_get_form('taxonomy_access_admin_delete_role', $rid);
31	}
32	}
33	else if (!isset($op) AND !isset($rid)) {
34	return theme_taxonomy_access_admin();
35	}
36	//TODO something odd happens here
37	else return drupal_not_found();
38	}
39
40	/**
41	* Renders the main page of category permissions
42	*/
43	function theme_taxonomy_access_admin() {
44	$roles = _user_roles();
45
46	// Render role/permission overview:
47	$header = array(t('Role'), array('data' => ' '));
48	$rows = array();
49
50	$result = db_query('SELECT rid FROM {term_access_defaults} WHERE vid=0 ');
51	$active = array();
52	while ($role = db_fetch_array($result)) {
53	$active[$role['rid']] = TRUE;
54	}
55	foreach ($roles as $rid => $name) {
56	$ops = array();
57	if ($active[$rid]) {
58	//only allow delete for "extra" roles
59	if ($rid > 2) {
60	$ops[] = l(t("disable"), "admin/user/taxonomy_access/delete/$rid");
61	}
62	$ops[] = l(t("edit"), "admin/user/taxonomy_access/edit/$rid");
63	}
64	else {
65	$ops = array(l(t("enable"), "admin/user/taxonomy_access/edit/$rid"));
66	}
67	$rows[] = array($name, array('data' => implode(' \| ', $ops), 'align' => 'right'));
68	}
69
70	return theme('table', $header, $rows);
71	}
72
73	function taxonomy_access_admin_delete_role($form_state, $rid) {
74	if (is_numeric($rid) AND $rid > 2 AND db_fetch_array(db_query('SELECT rid FROM {term_access_defaults} WHERE vid=0 AND rid=%d', $rid))) {
75	if ($_POST['confirm']) {
76	// issue #167977 - klance
77	$affected_nodes = _taxonomy_access_get_nodes_for_role($rid);
78	db_query('DELETE FROM {term_access} WHERE rid=%d', $rid);
79	db_query('DELETE FROM {term_access_defaults} WHERE rid=%d', $rid);
80	// issue #167977 - klance
81	//node_access_rebuild();
82	_taxonomy_access_node_access_update($affected_nodes);
83	drupal_set_message("All term access rules deleted for role $rid.");
84	drupal_goto('admin/user/taxonomy_access');
85	}
86	else {
87	return confirm_form($form,
88	t('Are you sure you want to delete all grant rules for role %rid?', array('%rid' => $rid)),
89	'admin/user/taxonomy_access', t('This action cannot be undone.'),
90	t('Delete all'), t('Cancel'));
91	}
92	}
93	else return drupal_not_found();
94	}
95
96	// TODO: clarify list VS create grants
97	function taxonomy_access_admin_build_row($grants = NULL) {
98	$form['#title'] = $title;
99	$form['#tree'] = TRUE;
100	foreach (array('view', 'update', 'delete') as $grant) {
101	$form[$grant] = array(
102	'#type' => 'radios',
103	'#options' => array('1' => '', '0' => '', '2' => ''), //1: Allow, 0: Ignore, 2: Deny
104	'#default_value' => is_string($grants['grant_'. $grant]) ? $grants['grant_'. $grant] : '0',
105	'#required' => TRUE,
106	);
107	}
108	foreach (array('create', 'list') as $grant) {
109	$form[$grant] = array(
110	'#type' => 'checkbox',
111	'#default_value' => is_string($grants['grant_'. $grant]) ? $grants['grant_'. $grant] : '0',
112	);
113	}
114	return $form;
115	}
116
117	/**
118	* Form for managing grants by role.
119	*/
120	function taxonomy_access_admin_form($form_state, $rid = NULL) {
121	// Fetch all default grants
122	$result = db_query('SELECT * FROM {term_access_defaults} WHERE rid = %d', $rid);
123	while ($row = db_fetch_array($result)) {
124	$default_grants[$row['vid']] = $row;
125	}
126
127	// Fetch all grants
128	$result = db_query('SELECT * FROM {term_access} WHERE rid = %d', $rid);
129	while ($row = db_fetch_array($result)) {
130	$grants[$row['tid']] = $row;
131	}
132
133	$form['rid'] = array('#type' => 'value', '#value' => $rid);
134	$form['grants'] = $form['selected_terms'] = $form['selected_defaults'] = array('#tree' => TRUE);
135
136	//Global default
137	$form['vocabs'][0]['#title'] = 'Global';
138	$form['grants'][0][0] = taxonomy_access_admin_build_row($default_grants[0]);
139	$form['selected_defaults'][0] = array(
140	'#type' => 'checkbox',
141	'#disabled' => TRUE,
142	'#title' => '<em>default<em>',
143	'#description' => 'can\'t be disabled without disabling TAC for this role'
144	);
145
146	foreach (taxonomy_get_vocabularies() as $vid => $vocabulary) {
147	$form['vocabs'][$vid]['#title'] = check_plain($vocabulary->name);
148	if (isset($default_grants[$vid])) {
149	$form['grants'][$vid][0] = taxonomy_access_admin_build_row($default_grants[$vid]);
150	$form['selected_defaults'][$vid] = array(
151	'#type' => 'checkbox',
152	'#title' => '<em>default<em>',
153	);
154	}
155	else {
156	$add_items[$vocabulary->name]["default $vid"] = 'default';
157	}
158
159	if ($tree = taxonomy_get_tree($vid)) {
160	foreach ($tree as $term) {
161	if (isset($grants[$term->tid])) {
162	$form['grants'][$vid][$term->tid] = taxonomy_access_admin_build_row($grants[$term->tid]);
163	$form['selected_terms'][$term->tid] = array(
164	'#type' => 'checkbox',
165	'#title' => str_repeat('  ', $term->depth) . check_plain($term->name),
166	);
167	}
168	else {
169	$add_items[$vocabulary->name]["term $term->tid"] = str_repeat('-', $term->depth) . check_plain($term->name);
170	}
171	}
172	}
173	}
174	//New grant row
175	if (isset($add_items)) {
176	$form['new']['grants'] = taxonomy_access_admin_build_row();
177	$form['new']['#tree'] = TRUE;
178	$form['new']['item'] = array(
179	'#type' => 'select',
180	'#options' => $add_items,
181	);
182	$form['new']['add'] = array(
183	'#type' => 'submit',
184	'#value' => t('Add'),
185	);
186	}
187
188	$form['delete'] = array(
189	'#type' => 'submit',
190	'#value' => t('Delete selected'),
191	);
192
193	$form['submit'] = array(
194	'#type' => 'submit',
195	'#value' => t('Save all'),
196	);
197
198	return $form;
199	}
200
201	/**
202	* Renders the permission matrix user form for choosen user role.
203	*/
204	function theme_taxonomy_access_admin_form($form) {
205	$roles = _user_roles();
206	$header = array(
207	array( 'data' => t('Category'), 'colspan' => 3),
208	array( 'data' => t('View'), 'colspan' => 4),
209	array( 'data' => t('Update'), 'colspan' => 4),
210	array( 'data' => t('Delete'), 'colspan' => 4),
211	array( 'data' => t('Create')),
212	array( 'data' => t('List')),
213	);
214	$sub_header = array(
215	' <strong>'. t('A') .'</strong>',
216	' <strong>'. t('I') .'</strong>',
217	' <strong>'. t('D') .'</strong>',
218	' ',
219	);
220	$sub_header = array_merge(array(' '), $sub_header, $sub_header, $sub_header);
221	$sub_header = array_pad($sub_header, 15, ' ');
222	$node_grant_types = array('view', 'update', 'delete');
223
224	$radios = array('1' => t('Allow'), '0' => t('Ignore'), '2' => t('Deny'));
225
226	drupal_set_title(t('Grants for %role', array('%role' => $roles[$form['rid']['#value']])));
227
228	$rows = array();
229
230	foreach (array_keys($form['vocabs']) as $vid) {
231	if (is_numeric($vid) AND isset($form['grants'][$vid])) {
232	$row = $sub_header;
233	$row[0] = array('data' => '<h3>'. check_plain($form['vocabs'][$vid]['#title']) .'</h3>', 'colspan' => 3);
234	$rows[] = $row;
235	foreach (array_keys($form['grants'][$vid]) as $tid) {
236	if (is_numeric($tid)) {
237	$select_key = $tid? 'selected_terms' : 'selected_defaults';
238	$select_id = $tid? $tid : $vid;
239	$row = array(
240	array('data' => drupal_render($form[$select_key][$select_id]), 'colspan' => 3),
241	);
242	foreach ($node_grant_types as $grant) {
243	foreach (array_keys($radios) as $key) {
244	// I need this hack to display radio buttons horizontally (instead of standard form 'radios')
245	$row[] = array('data' => drupal_render($form['grants'][$vid][$tid][$grant][$key]));
246	}
247	$row[] = ' ';
248	}
249	foreach (array('create', 'list') as $grant) {
250	$row[] = array('data' => drupal_render($form['grants'][$vid][$tid][$grant]));
251	}
252	$rows[] = $row;
253	}
254	}
255	}
256	}
257	if (isset($form['new'])) {
258	$row = array(
259	array('data' => drupal_render($form['new']['item']), 'colspan' => 2),
260	drupal_render($form['new']['add'])
261	);
262	foreach ($node_grant_types as $grant) {
263	foreach (array_keys($radios) as $key) {
264	// I need this hack to display radio buttons horizontally (instead of standard form 'radios')
265	$row[] = array('data' => drupal_render($form['new']['grants'][$grant][$key]));
266	}
267	$row[] = ' ';
268	}
269	foreach (array('create', 'list') as $grant) {
270	$row[] = array('data' => drupal_render($form['new']['grants'][$grant]));
271	}
272	$rows[] = $row;
273	$row = array();
274	}
275
276	$output .= theme('table', $header, $rows);
277	$output .= drupal_render($form);
278
279	return $output;
280	}
281
282	function taxonomy_access_admin_form_submit($form, &$form_state) {
283	$values = $form_state['values'];
284
285	switch ($values['op']) {
286	case t('Delete selected'):
287	if (is_array($form_values['selected_terms'])) {
288	foreach($form_values['selected_terms'] as $tid => $enabled) {
289	if ($enabled) {
290	// issue #167977 - klance
291	$affected_nodes = _taxonomy_access_get_nodes_for_term($tid);
292	db_query('DELETE FROM {term_access} WHERE rid = %d AND tid = %d', $form_values['rid'], $tid);
293	// issue #167977 - klance
294	_taxonomy_access_node_access_update($affected_nodes);
295	}
296	}
297	}
298	if (is_array($form_values['selected_defaults'])) {
299	foreach($form_values['selected_defaults'] as $vid => $enabled) {
300	if ($enabled) {
301	// issue #167977 - klance
302	$affected_nodes = _taxonomy_access_get_nodes_for_vocabulary($vid, $form_values['rid']);
303	db_query('DELETE FROM {term_access_defaults} WHERE rid = %d AND vid = %d', $form_values['rid'], $vid);
304	// issue #167977 - klance
305	_taxonomy_access_node_access_update($affected_nodes);
306	}
307	}
308	}
309	// issue #167977 - klance
310	//node_access_rebuild();
311	break;
312	case t('Add'):
313	$new = $values['new'];
314	list($type, $id) = explode(' ', $new['item']);
315	if ($type == 'term') {
316	taxonomy_access_grant_update($id, $values['rid'], $new['grants']);
317	}
318	elseif ($type == 'default') {
319	taxonomy_access_defaults_update($id, $values['rid'], $new['grants']);
320	}
321	// issue #167977 - klance
322	//node_access_rebuild();
323	break;
324	case t('Save all'):
325	foreach ($values['grants'] as $vid => $rows) {
326	foreach ($rows as $tid => $grants) {
327	if ($tid == 0) {
328	taxonomy_access_defaults_update($vid, $values['rid'], $grants);
329	}
330	else {
331	taxonomy_access_grant_update($tid, $values['rid'], $grants);
332	}
333	}
334	}
335	// issue #167977 - klance
336	//node_access_rebuild();
337	drupal_goto('admin/user/taxonomy_access');
338	}
339	}
340
341	/**
342	* Updates permissions for a role for a term
343	* @param $tid
344	* The term to add the permission for.
345	* @param $rid
346	* The role id to add the permission for.
347	* @param $grants
348	* A hash of the grants in the form of $grants['perm'] = boolean
349	* A value of 1 will grant the permission for this user and term.
350	**/
351	function taxonomy_access_grant_update($tid, $rid = null, $grants = null) {
352	if (!isset($tid) OR !is_numeric($rid)) {
353	return FALSE;
354	}
355
356	$ta_sql = "INSERT INTO {term_access} (tid";
357	$ta_sql_values = " VALUES ($tid";
358	if (isset($rid)) {
359	$ta_sql .= ",rid";
360	$ta_sql_values .= ",$rid";
361	}
362	$sql = "";
363	if (isset($grants)) {
364	foreach ($grants as $perm => $value) {
365	$sql .= ",grant_$perm";
366	$ta_sql_values .= is_array($value) ? ",". $value[0] : ",$value";
367	}
368	$sql .= ")";
369	$ta_sql_values .= ")";
370	}
371	else {
372	$sql .= ")";
373	$ta_sql_values .= ")";
374	}
375	$ta_sql .= $sql . $ta_sql_values;
376
377	// issue #167977 - klance
378	$affected_nodes = _taxonomy_access_get_nodes_for_term($tid);
379	db_query("DELETE FROM {term_access} WHERE tid=%d AND rid=%d", $tid, ($rid));
380	db_query($ta_sql); // insert into term_access
381	// issue #167977 - klance
382	_taxonomy_access_node_access_update($affected_nodes);
383	}
384
385	/**
386	* Updates default permissions for a role for a vocabulary
387	* @param $vid
388	* The vocab to add the permission for.
389	* @param $rid
390	* The role id to add the permission to.
391	* @param $grants
392	* A hash of the grants in the form of $grants['perm'] = boolean
393	* A value of 1 will grant the permission for this user and term.
394	**/
395	function taxonomy_access_defaults_update($vid, $rid = null, $grants = null) {
396	if (!isset($vid) OR !is_numeric($rid)) {
397	return FALSE;
398	}
399
400	$ta_sql = "INSERT INTO {term_access_defaults} (vid";
401	$ta_sql_values = " VALUES ($vid";
402	if (isset($rid)) {
403	$ta_sql .= ",rid";
404	$ta_sql_values .= ",$rid";
405	}
406	$sql = "";
407	if (isset($grants)) {
408	foreach ($grants as $perm => $value) {
409	$sql .= ",grant_$perm";
410	$ta_sql_values .= ",$value";
411	}
412	$sql .= ")";
413	$ta_sql_values .= ")";
414	}
415	else {
416	$sql .= ")";
417	$ta_sql_values .= ")";
418	}
419	$ta_sql .= $sql . $ta_sql_values;
420
421	// issue #167977 - klance
422	$affected_nodes = _taxonomy_access_get_nodes_for_vocabulary($vid, $rid);
423	db_query("DELETE FROM {term_access_defaults} WHERE vid=%d AND rid=%d", $vid, $rid);
424	db_query($ta_sql); // insert into term_access_defaults
425	// issue #167977 - klance
426	_taxonomy_access_node_access_update($affected_nodes);
427	}
428
429	/**
430	* Gets permissions for a given role
431	* @param $rid
432	* The role id to retrieve the permissions for.
433	* @return
434	* A two dimensional hash of the form $grants[tid][grant] where
435	* tid is the term id and
436	* grant is the permission (i.e. 'view','delete',ect.)
437	* this entry in the hash is true if permission is granted, false otherwise
438	**/
439	function taxonomy_access_get_grants($rid) {
440	if (!isset($rid)) {
441	return false;
442	}
443	if (isset($rid) && !is_numeric($rid)) {
444	$rid = db_result(db_query("SELECT rid FROM {role} WHERE name='%s'", $rid));
445	}
446	$result = db_query("SELECT * FROM {term_access} WHERE rid=%d", $rid);
447	$grants = array();
448	while ($grant = db_fetch_array($result)) {
449	$tid = $grant['tid'];
450	foreach ($grant as $key => $grant_val) {
451	if (strpos($key, 'grant_') !== FALSE) {
452	$grant_name = '';
453	$grant_name = str_replace('grant_', '', $key);
454	if (!isset($grants[$tid][$grant_name]) \|\| !($grants[$tid][$grant_name])) {
455	// If there's conflicting DB rules, take the most lenient
456	$grants[$tid][$grant_name] = $grant_val;
457	}
458	}
459	}
460	}
461	return $grants;
462	}
463	/**
464	* Gets default permissions for a given role
465	* @param $rid
466	* The role id to retrieve the permissions for.
467	* @return
468	* A two dimensional hash of the form $grants[vid][grant] where
469	* vid is the vocab id and
470	* grant is the permission (i.e. 'view','delete',ect.)
471	* this entry in the hash is true if permission is granted, false otherwise
472	**/
473	function taxonomy_access_get_default_grants($rid) {
474	if (!is_numeric($rid)) {
475	return false;
476	}
477	$result = db_query("SELECT * FROM {term_access_defaults} WHERE rid=%d", $rid);
478	$grants = array();
479	while ($grant = db_fetch_array($result)) {
480	$vid = $grant['vid'];
481	foreach ($grant as $key => $grant_val) {
482	if (strpos($key, 'grant_') !== FALSE) {
483	$grant_name = '';
484	$grant_name = str_replace('grant_', '', $key);
485	if (!isset($grants[$vid][$grant_name]) \|\| !($grants[$vid][$grant_name])) {
486	// If there's conflicting DB rules, take the most lenient
487	$grants[$vid][$grant_name] = $grant_val;
488	}
489	}
490	}
491	}
492	return $grants;
493	}
494
495	/*
496	* Issue #167977 - klance
497	* Gets node ids associated with a given term
498	* @param $tid
499	* The term id for which to retrieve associated nodes
500	* @return $nid
501	* An array of node ids associated with the given term
502	*/
503	function _taxonomy_access_get_nodes_for_term($tid) {
504	$nid = array();
505	$result = db_query("SELECT nid FROM {term_node} WHERE tid = '$tid'");
506
507	while($node = db_fetch_object($result)) {
508	$nid[] = $node->nid;
509	}
510	return $nid;
511	}
512
513	/*
514	* Issue #167977 - klance
515	* Gets node ids associated with a given vocabulary
516	* @param $vid
517	* The vocabulary id for which to retrieve associated term ids
518	* @params $rid
519	* The role id for which to retrieve associated term ids
520	* @return $nid
521	* An array of node ids associated with the given term
522	*/
523	function _taxonomy_access_get_nodes_for_vocabulary($vid, $rid = NULL) {
524	$nid = array();
525	$query = "SELECT n.nid FROM {term_node} n
526	LEFT JOIN {term_data} d ON n.tid = d.tid
527	LEFT JOIN {term_access} a ON n.tid = a.tid
528	WHERE d.vid = '$vid'";
529	if(!is_null($rid)) {
530	$query .= " AND a.rid = '$rid'";
531	}
532	$result = db_query($query);
533
534	while($node = db_fetch_object($result)) {
535	$nid[] = $node->nid;
536	}
537	return $nid;
538	}
539
540	/*
541	* Issue #167977 - klance
542	* Gets node ids associated with the given role
543	* @param $rid
544	* The role id for which to retrieve term ids that are
545	* access-controlled for this role
546	* @return $nid
547	* An array of node ids associated with the given term
548	*/
549	function _taxonomy_access_get_nodes_for_role($rid) {
550	$nid = array();
551	$result = db_query("
552	SELECT n.nid FROM {term_node} n LEFT JOIN {term_access} a ON n.tid = a.tid WHERE a.rid = '$rid'
553	");
554
555	while($node = db_fetch_object($result)) {
556	$nid[] = $node->nid;
557	}
558	return $nid;
559	}
560
561	/*
562	* Issue #167977
563	* Gets node ids associated with the given term
564	* @return $nid
565	* An array of node ids for which to acquire access permissions
566	*/
567	function _taxonomy_access_node_access_update($nid) {
568	foreach($nid as $node) {
569	$loaded_node = node_load($node, NULL, TRUE);
570	if (!empty($loaded_node)) {
571	node_access_acquire_grants($loaded_node);
572	}
573	}
574	return TRUE;
575	}