field_permissions.install 6.1 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149
  1. <?php
  2. /**
  3. * @file
  4. * Install, update and uninstall functions for the Field Permissions module.
  5. */
  6. /**
  7. * Implements hook_install().
  8. */
  9. function field_permissions_install() {
  10. // Set a larger weight for the module.
  11. db_update('system')
  12. ->fields(array('weight' => 50))
  13. ->condition('name', 'field_permissions')
  14. ->execute();
  15. }
  16. /**
  17. * Implements hook_uninstall().
  18. */
  19. function field_permissions_uninstall() {
  20. // Collect all the field data that reference "field_permissions", within
  21. // the field_config table.
  22. //
  23. $records = db_query("SELECT * FROM field_config WHERE data LIKE '%field_permissions%'");
  24. foreach ($records as $record) {
  25. $data = $record->data;
  26. $data = unserialize($data);
  27. unset($data['field_permissions']);
  28. $data = serialize($data);
  29. // Update the record.
  30. db_query("UPDATE field_config SET data = :data WHERE id = :id",
  31. array(':data' => $data, ':id' => $record->id));
  32. }
  33. }
  34. /**
  35. * Sets a larger weight for the module so that the Field Permissions become available.
  36. */
  37. function field_permissions_update_7000(&$sandbox) {
  38. db_update('system')
  39. ->fields(array('weight' => 50))
  40. ->condition('name', 'field_permissions')
  41. ->execute();
  42. }
  43. /**
  44. * Migrate field permission settings to the new system (public/private/custom).
  45. */
  46. function field_permissions_update_7001() {
  47. foreach (field_info_fields() as $field_name => $field) {
  48. // If the field has any field permissions enabled, it will be using custom
  49. // permissions under the new system and needs to be converted. Otherwise,
  50. // it is a public field (the default) and can be ignored.
  51. if (!empty($field['settings']['field_permissions']) && array_filter($field['settings']['field_permissions'])) {
  52. // Set the type to FIELD_PERMISSIONS_CUSTOM. (The module may be disabled
  53. // when this update function runs, so we need to use the numeric value
  54. // rather than relying on the constant being defined.)
  55. $field['field_permissions']['type'] = 2;
  56. $field_permissions = $field['settings']['field_permissions'];
  57. $permissions_by_operation = array(
  58. // View-related permissions.
  59. array(
  60. 'view' => "view $field_name",
  61. 'view own' => "view own $field_name",
  62. ),
  63. // Edit-related permissions.
  64. array(
  65. 'create' => "create $field_name",
  66. 'edit' => "edit $field_name",
  67. 'edit own' => "edit own $field_name",
  68. ),
  69. );
  70. // Loop through each type of operation (view or edit).
  71. foreach ($permissions_by_operation as $permissions) {
  72. $actions = array_keys($permissions);
  73. // If none of the related permissions were enabled, all users were
  74. // allowed to perform the relevant actions on this field, so we need to
  75. // assign permissions here to preserve that behavior.
  76. $has_enabled_permissions = (bool) array_filter(array_intersect_key($field_permissions, array_flip($actions)));
  77. if (!$has_enabled_permissions) {
  78. _update_7000_user_role_grant_permissions(DRUPAL_ANONYMOUS_RID, $permissions, 'field_permissions');
  79. _update_7000_user_role_grant_permissions(DRUPAL_AUTHENTICATED_RID, $permissions, 'field_permissions');
  80. }
  81. // Otherwise, for each permission that was disabled, no users should be
  82. // allowed to perform that action; therefore, make sure to unassign any
  83. // (stale) permissions that they may have.
  84. else {
  85. foreach ($actions as $action) {
  86. if (empty($field_permissions[$action])) {
  87. if ($action != 'create') {
  88. $permission = $permissions[$action];
  89. $rids = array_keys(user_roles(FALSE, $permission));
  90. foreach ($rids as $rid) {
  91. user_role_revoke_permissions($rid, array($permission));
  92. }
  93. }
  94. // The 'create' action needs special handling, since previously,
  95. // if create permissions were not enabled the code would have
  96. // fallen back on checking edit permissions. Now, though, create
  97. // permissions are always enabled (and always checked when an
  98. // entity is being created). Therefore, we need to figure out
  99. // what the fallback would have been and assign new create
  100. // permissions based on that.
  101. else {
  102. $rids_with_create_access = array();
  103. // The first fallback is edit permissions; if those are
  104. // enabled, any role with edit permission would have been
  105. // granted access.
  106. if (!empty($field_permissions['edit'])) {
  107. $rids_with_create_access = array_keys(user_roles(FALSE, $permissions['edit']));
  108. }
  109. // The final fallback is 'edit own' permissions; if those are
  110. // enabled, any role with 'edit own' permission would have been
  111. // granted access. (It is additionally required that the entity
  112. // being checked is owned by the current user, but in the case
  113. // of nodes being created that will always be the case anyway,
  114. // and nodes are the only entities we need to support for the
  115. // D6-to-D7 upgrade.)
  116. if (!empty($field_permissions['edit own'])) {
  117. $rids_with_create_access = array_unique(array_merge($rids_with_create_access, array_keys(user_roles(FALSE, $permissions['edit own']))));
  118. }
  119. // Assign create permissions to all the relevant roles.
  120. foreach ($rids_with_create_access as $rid) {
  121. _update_7000_user_role_grant_permissions($rid, array($permissions['create']), 'field_permissions');
  122. }
  123. }
  124. }
  125. }
  126. }
  127. }
  128. }
  129. // Remove the old field permissions settings if necessary, and save the
  130. // field.
  131. if (isset($field['settings']['field_permissions'])) {
  132. // We can't unset this or field_update_field() will automatically add it
  133. // back (using the prior field data), so do the next best thing.
  134. $field['settings']['field_permissions'] = NULL;
  135. field_update_field($field);
  136. }
  137. }
  138. }