field_permissions.admin.inc 18 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457
  1. <?php
  2. /**
  3. * @file
  4. * Administrative interface for the Field Permissions module.
  5. */
  6. /**
  7. * Obtain the list of field permissions.
  8. *
  9. * @param string $field_label
  10. * The human readable name of the field to use when constructing permission
  11. * names. Usually this will be derived from one or more of the field instance
  12. * labels.
  13. */
  14. function field_permissions_list($field_label = '') {
  15. $permissions = array(
  16. 'create' => array(
  17. 'label' => t('Create field'),
  18. 'title' => t('Create own value for field %field', array('%field' => $field_label)),
  19. ),
  20. 'edit own' => array(
  21. 'label' => t('Edit own field'),
  22. 'title' => t('Edit own value for field %field', array('%field' => $field_label)),
  23. ),
  24. 'edit' => array(
  25. 'label' => t('Edit field'),
  26. 'title' => t("Edit anyone's value for field %field", array('%field' => $field_label)),
  27. ),
  28. 'view own' => array(
  29. 'label' => t('View own field'),
  30. 'title' => t('View own value for field %field', array('%field' => $field_label)),
  31. ),
  32. 'view' => array(
  33. 'label' => t('View field'),
  34. 'title' => t("View anyone's value for field %field", array('%field' => $field_label)),
  35. ),
  36. );
  37. drupal_alter('field_permissions_list', $permissions, $field_label);
  38. return $permissions;
  39. }
  40. /**
  41. * Returns field permissions in a format suitable for use in hook_permission().
  42. *
  43. * @param array $field
  44. * The field to return permissions for.
  45. * @param mixed $label
  46. * (optional) The human readable name of the field to use when constructing
  47. * permission names; for example, this might be the label of one of the
  48. * corresponding field instances. If not provided, an appropriate label will
  49. * be automatically derived from all the field's instances.
  50. *
  51. * @return array
  52. * An array of permission information, suitable for use in hook_permission().
  53. */
  54. function field_permissions_list_field_permissions($field, $label = NULL) {
  55. if (!isset($label)) {
  56. $label = $field['field_name'];
  57. }
  58. $instances = array();
  59. $description = '';
  60. foreach ($field['bundles'] as $entity_type => $bundles) {
  61. foreach ($bundles as $bundle_name) {
  62. $instance = field_info_instance($entity_type, $field['field_name'], $bundle_name);
  63. $entity = entity_get_info($entity_type);
  64. if (!isset($entity['bundles'][$bundle_name])) {
  65. continue;
  66. }
  67. $instance_desc_tokens = array(
  68. $entity['label'],
  69. $entity['bundles'][$bundle_name]['label'],
  70. $instance['label'],
  71. );
  72. $instances[] = '"' . implode(':', $instance_desc_tokens) . '"';
  73. }
  74. $description = t('This field appears as: %instances.', array('%instances' => implode(', ', $instances)));
  75. }
  76. $permissions = array();
  77. foreach (field_permissions_list($label) as $permission_type => $permission_info) {
  78. $permission = $permission_type . ' ' . $field['field_name'];
  79. $permissions[$permission] = array(
  80. 'title' => $permission_info['title'],
  81. 'description' => $description,
  82. );
  83. }
  84. return $permissions;
  85. }
  86. /**
  87. * Implements hook_permission().
  88. */
  89. function _field_permissions_permission() {
  90. $perms = array(
  91. 'administer field permissions' => array(
  92. 'title' => t('Administer field permissions'),
  93. 'description' => t('Manage field permissions and field permissions settings.'),
  94. 'restrict access' => TRUE,
  95. ),
  96. 'access private fields' => array(
  97. 'title' => t("Access other users' private fields"),
  98. 'description' => t('View and edit the stored values of all private fields.'),
  99. 'restrict access' => TRUE,
  100. ),
  101. );
  102. foreach (field_info_fields() as $field) {
  103. if (isset($field['field_permissions']['type']) && $field['field_permissions']['type'] == FIELD_PERMISSIONS_CUSTOM) {
  104. $perms += field_permissions_list_field_permissions($field);
  105. }
  106. }
  107. return $perms;
  108. }
  109. /**
  110. * Alter the field settings form.
  111. */
  112. function _field_permissions_field_settings_form_alter(&$form, $form_state, $form_id) {
  113. // Put the field permissions extensions at the top of the field settings
  114. // fieldset.
  115. $form['field']['field_permissions'] = array(
  116. '#weight' => -10,
  117. '#access' => user_access('administer field permissions'),
  118. );
  119. $form['field']['field_permissions']['type'] = array(
  120. '#title' => t('Field visibility and permissions'),
  121. '#type' => 'radios',
  122. '#options' => array(
  123. FIELD_PERMISSIONS_PUBLIC => t('Public (author and administrators can edit, everyone can view)'),
  124. FIELD_PERMISSIONS_PRIVATE => t('Private (only author and administrators can edit and view)'),
  125. FIELD_PERMISSIONS_CUSTOM => t('Custom permissions'),
  126. ),
  127. '#default_value' => isset($form['#field']['field_permissions']['type']) ? $form['#field']['field_permissions']['type'] : FIELD_PERMISSIONS_PUBLIC,
  128. );
  129. // Add the container in which the field permissions matrix will be displayed.
  130. // (and make it so that it is only visible when custom permissions are being
  131. // used).
  132. $form['field']['field_permissions']['permissions'] = array(
  133. '#type' => 'container',
  134. '#states' => array(
  135. 'visible' => array(
  136. ':input[name="field[field_permissions][type]"]' => array('value' => FIELD_PERMISSIONS_CUSTOM),
  137. ),
  138. ),
  139. // Custom styling for the permissions matrix on the field settings page.
  140. '#attached' => array(
  141. 'css' => array(drupal_get_path('module', 'field_permissions') . '/field_permissions.admin.css'),
  142. ),
  143. );
  144. $form['field']['field_permissions']['permission_warning'] = array(
  145. '#type' => 'item',
  146. '#markup' => '<div class="messages error"><b>'
  147. . t('Field permissions error')
  148. . '</b><br />'
  149. . t('If you are seeing this message and are not seeing a table of permissions, something is wrong! See !link for more information.', array(
  150. '!link' => l(t('the Field Permission documentation'), 'https://www.drupal.org/node/2802067#known-issues', array(
  151. 'attributes' => array('target' => '_blank'),
  152. )),
  153. )) . '</div>',
  154. '#states' => array(
  155. 'visible' => array(
  156. ':input[name="field[field_permissions][type]"]' => array('value' => FIELD_PERMISSIONS_CUSTOM),
  157. ),
  158. ),
  159. );
  160. // Add the field permissions matrix itself. Wait until the #pre_render stage
  161. // to move it to the above container, to avoid having the permissions data
  162. // saved as part of the field record.
  163. $form['field_permissions']['#tree'] = TRUE;
  164. $form['field_permissions']['#access'] = user_access('administer field permissions');
  165. $form['field_permissions']['permissions'] = field_permissions_permissions_matrix($form['#field'], $form['#instance']);
  166. $form['#pre_render'][] = '_field_permissions_field_settings_form_pre_render';
  167. // Add a submit handler to process the field permissions settings. Note that
  168. // it is important for this to run *after* the main field UI submit handler
  169. // (which saves the field itself), since when a new field is being created,
  170. // our submit handler will try to assign any new custom permissions
  171. // immediately, and our hook_permission() implementation relies on the field
  172. // info being up-to-date in order for that to work correctly.
  173. $form['#submit'][] = '_field_permissions_field_settings_form_submit';
  174. }
  175. /**
  176. * Returns a field permissions matrix that can be inserted into a form.
  177. *
  178. * The matrix's display is based on that of Drupal's default permissions page.
  179. *
  180. * Note that this matrix must be accompanied by an appropriate submit handler
  181. * (attached to the top level of the form) in order for the permissions in it
  182. * to actually be saved. For an example submit handler, see
  183. * _field_permissions_field_settings_form_submit().
  184. *
  185. * @param array $field
  186. * The field whose permissions will be displayed in the matrix.
  187. * @param array $instance
  188. * The field instance for which the permissions will be displayed. Although
  189. * the permissions are per-field rather than per-instance, the instance label
  190. * will be used to display an appropriate human-readable name for each
  191. * permission.
  192. *
  193. * @return array
  194. * A form array defining the permissions matrix.
  195. *
  196. * @see user_admin_permissions()
  197. * @see _field_permissions_field_settings_form_submit()
  198. */
  199. function field_permissions_permissions_matrix($field, $instance) {
  200. // This function primarily contains a simplified version of the code from
  201. // user_admin_permissions().
  202. $form['#theme'] = 'user_admin_permissions';
  203. $options = array();
  204. $status = array();
  205. // Retrieve all role names for use in the submit handler.
  206. $role_names = user_roles();
  207. $form['role_names'] = array(
  208. '#type' => 'value',
  209. '#value' => $role_names,
  210. );
  211. // Retrieve the permissions for each role, and the field permissions we will
  212. // be assigning here.
  213. $role_permissions = user_role_permissions($role_names);
  214. $field_permissions = field_permissions_list_field_permissions($field, $instance['label']);
  215. // Determine if it is safe to reset the default values for this field's
  216. // permissions. If this is a new field (never saved with field permission
  217. // data before), or if it's an existing field that is not currently using
  218. // custom permissions and doesn't have any previously-saved ones already in
  219. // the database, then it will be safe to reset them.
  220. $reset_permissions_defaults = FALSE;
  221. if (!isset($field['field_permissions']['type'])) {
  222. $reset_permissions_defaults = TRUE;
  223. }
  224. elseif ($field['field_permissions']['type'] != FIELD_PERMISSIONS_CUSTOM) {
  225. $all_assigned_permissions = call_user_func_array('array_merge_recursive', $role_permissions);
  226. $assigned_field_permissions = array_intersect_key($all_assigned_permissions, $field_permissions);
  227. $reset_permissions_defaults = empty($assigned_field_permissions);
  228. }
  229. // Store this information on the form so that other modules can use it (for
  230. // example, if they want to set default permissions for other roles besides
  231. // the admin role which we use it for below).
  232. $form['#field_permissions_are_new'] = $reset_permissions_defaults;
  233. // Go through each field permission we will display.
  234. foreach ($field_permissions as $permission => $info) {
  235. // Display the name of the permission as a form item.
  236. $form['permission'][$permission] = array(
  237. '#type' => 'item',
  238. '#markup' => $info['title'],
  239. );
  240. // Save it to be displayed as one of the role checkboxes.
  241. $options[$permission] = '';
  242. // If we are in a situation where we can reset the field permissions
  243. // defaults, we do so by pre-checking the admin role's checkbox for this
  244. // permission.
  245. if ($reset_permissions_defaults) {
  246. if (($admin_rid = variable_get('user_admin_role', 0)) && isset($role_names[$admin_rid])) {
  247. $status[$admin_rid][] = $permission;
  248. }
  249. // For fields attached to users, we also pre-check the anonymous user's
  250. // checkbox for the permission to create the field, since that is the
  251. // most common way in which new user entities are created.
  252. if ($instance['entity_type'] == 'user' && $permission == 'create ' . $field['field_name']) {
  253. $status[DRUPAL_ANONYMOUS_RID][] = $permission;
  254. }
  255. }
  256. // Otherwise (e.g., for fields with custom permissions already saved),
  257. // determine whether the permission is already assigned and check each
  258. // checkbox accordingly.
  259. else {
  260. foreach ($role_names as $rid => $name) {
  261. if (isset($role_permissions[$rid][$permission])) {
  262. $status[$rid][] = $permission;
  263. }
  264. }
  265. }
  266. }
  267. // Build the checkboxes for each role.
  268. foreach ($role_names as $rid => $name) {
  269. $form['checkboxes'][$rid] = array(
  270. '#type' => 'checkboxes',
  271. '#options' => $options,
  272. '#default_value' => isset($status[$rid]) ? $status[$rid] : array(),
  273. '#attributes' => array('class' => array('rid-' . $rid)),
  274. );
  275. $form['role_names'][$rid] = array('#markup' => check_plain($name), '#tree' => TRUE);
  276. }
  277. // Attach the default permissions page JavaScript.
  278. $form['#attached']['js'][] = drupal_get_path('module', 'user') . '/user.permissions.js';
  279. // Attach our custom JavaScript for the permission matrix.
  280. $form['#attached']['js'][] = drupal_get_path('module', 'field_permissions') . '/field_permissions.admin.js';
  281. return $form;
  282. }
  283. /**
  284. * Pre-render function for the permissions matrix on the field settings form.
  285. */
  286. function _field_permissions_field_settings_form_pre_render($form) {
  287. // Move the permissions matrix to its final location.
  288. $form['field']['field_permissions']['permissions']['matrix'] = $form['field_permissions']['permissions'];
  289. unset($form['field_permissions']);
  290. return $form;
  291. }
  292. /**
  293. * Form callback; Submit handler for the Field Settings form.
  294. */
  295. function _field_permissions_field_settings_form_submit($form, &$form_state) {
  296. // Save the field permissions when appropriate to do so.
  297. $new_field_permissions_type = $form_state['values']['field']['field_permissions']['type'];
  298. if ($new_field_permissions_type == FIELD_PERMISSIONS_CUSTOM && isset($form_state['values']['field_permissions']['permissions'])) {
  299. $field_permissions = $form_state['values']['field_permissions']['permissions'];
  300. foreach ($field_permissions['role_names'] as $rid => $name) {
  301. user_role_change_permissions($rid, $field_permissions['checkboxes'][$rid]);
  302. }
  303. }
  304. // We must clear the page and block caches whenever the field permission type
  305. // setting has changed (because users may now be allowed to see a different
  306. // set of fields). For similar reasons, we must clear these caches whenever
  307. // custom field permissions are being used, since those may have changed too;
  308. // see user_admin_permissions_submit().
  309. if (!isset($form['#field']['field_permissions']['type']) || $new_field_permissions_type != $form['#field']['field_permissions']['type'] || $new_field_permissions_type == FIELD_PERMISSIONS_CUSTOM) {
  310. cache_clear_all();
  311. }
  312. }
  313. /**
  314. * Menu callback; Field permissions overview.
  315. */
  316. function field_permissions_overview() {
  317. drupal_add_css(drupal_get_path('module', 'field_permissions') . '/field_permissions.admin.css');
  318. $headers = array(
  319. t('Field name'),
  320. t('Field type'),
  321. t('Entity type'),
  322. t('Used in'),
  323. );
  324. foreach (field_permissions_list() as $permission_type => $permission_info) {
  325. $headers[] = array('data' => $permission_info['label'], 'class' => 'field-permissions-header');
  326. }
  327. $destination = drupal_get_destination();
  328. // Load list of fields, field types and bundles in the system.
  329. $field_types = field_info_field_types();
  330. $bundles_info = field_info_bundles();
  331. // Retrieve the permissions for each role.
  332. $role_permissions = user_role_permissions(user_roles());
  333. // Based on field_ui_fields_list() in field_ui.admin.inc.
  334. $rows = array();
  335. foreach (field_info_fields() as $field_name => $field) {
  336. foreach ($field['bundles'] as $entity_type => $bundles) {
  337. foreach ($bundles as $bundle) {
  338. // Some fields might belong to bundles that are disabled (which are not
  339. // returned by field_info_bundles()).
  340. // @see https://www.drupal.org/node/1351506
  341. if (!isset($bundles_info[$entity_type][$bundle])) {
  342. continue;
  343. }
  344. // Each field will have a row in the table.
  345. if (module_exists('field_ui')) {
  346. $admin_path = _field_ui_bundle_admin_path($entity_type, $bundle);
  347. $field_admin_path = l($bundles_info[$entity_type][$bundle]['label'], $admin_path . '/fields/' . $field_name, array(
  348. 'query' => $destination,
  349. 'fragment' => 'edit-field-field-permissions-type',
  350. ));
  351. }
  352. else {
  353. $field_admin_path = $bundles_info[$entity_type][$bundle]['label'];
  354. }
  355. $rows[$field_name]['data'][0] = $field['locked'] ? t('@field_name (Locked)', array('@field_name' => $field_name)) : $field_name;
  356. $rows[$field_name]['data'][1] = $field_types[$field['type']]['label'];
  357. $rows[$field_name]['data'][2] = $entity_type;
  358. $rows[$field_name]['data'][3][] = $field_admin_path;
  359. $rows[$field_name]['class'] = $field['locked'] ? array('menu-disabled') : array('');
  360. // Append field permissions information to the report.
  361. $type = isset($field['field_permissions']['type']) ? $field['field_permissions']['type'] : FIELD_PERMISSIONS_PUBLIC;
  362. foreach (array_keys(field_permissions_list_field_permissions($field)) as $index => $permission) {
  363. // Put together the data value for the cell.
  364. $data = '';
  365. $full_colspan = FALSE;
  366. if ($type == FIELD_PERMISSIONS_PUBLIC) {
  367. $data = t('Public field (author and administrators can edit, everyone can view)');
  368. $full_colspan = TRUE;
  369. }
  370. elseif ($type == FIELD_PERMISSIONS_PRIVATE) {
  371. $data = t('Private field (only author and administrators can edit and view)');
  372. $full_colspan = TRUE;
  373. }
  374. else {
  375. // This is a field with custom permissions. Link the field to the
  376. // appropriate row of the permissions page, and theme it based on
  377. // whether all users have access.
  378. $all_users_have_access = isset($role_permissions[DRUPAL_ANONYMOUS_RID][$permission]) && isset($role_permissions[DRUPAL_AUTHENTICATED_RID][$permission]);
  379. $status_class = $all_users_have_access ? 'field-permissions-status-on' : 'field-permissions-status-off';
  380. $title = $all_users_have_access ? t('All users have this permission') : t('Not all users have this permission');
  381. $data = l(NULL, 'admin/people/permissions', array(
  382. 'attributes' => array(
  383. 'class' => array('field-permissions-status', $status_class),
  384. 'title' => $title,
  385. ),
  386. 'query' => $destination,
  387. 'fragment' => drupal_html_class("edit $permission"),
  388. ));
  389. }
  390. // Construct the cell.
  391. $rows[$field_name]['data'][4 + $index] = array(
  392. 'data' => $data,
  393. 'class' => array('field-permissions-cell'),
  394. );
  395. if ($full_colspan) {
  396. $rows[$field_name]['data'][4 + $index]['colspan'] = 5;
  397. break;
  398. }
  399. }
  400. }
  401. }
  402. }
  403. foreach ($rows as $field_name => $cell) {
  404. $rows[$field_name]['data'][3] = implode(', ', $cell['data'][3]);
  405. }
  406. if (empty($rows)) {
  407. $output = t('No fields have been defined for any content type yet.');
  408. }
  409. else {
  410. // Sort rows by field name.
  411. ksort($rows);
  412. // Allow external modules alter the table headers and rows.
  413. foreach (module_implements('field_permissions_overview_alter') as $module) {
  414. $function = $module . '_field_permissions_overview_alter';
  415. $function($headers, $rows);
  416. }
  417. $output = theme('table', array('header' => $headers, 'rows' => $rows));
  418. }
  419. return $output;
  420. }