123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149 |
- <?php
- /**
- * @file
- * Install, update and uninstall functions for the Field Permissions module.
- */
- /**
- * Implements hook_install().
- */
- function field_permissions_install() {
- // Set a larger weight for the module.
- db_update('system')
- ->fields(array('weight' => 50))
- ->condition('name', 'field_permissions')
- ->execute();
- }
- /**
- * Implements hook_uninstall().
- */
- function field_permissions_uninstall() {
- // Collect all the field data that reference "field_permissions", within
- // the field_config table.
- //
- $records = db_query("SELECT * FROM field_config WHERE data LIKE '%field_permissions%'");
- foreach ($records as $record) {
- $data = $record->data;
- $data = unserialize($data);
- unset($data['field_permissions']);
- $data = serialize($data);
- // Update the record.
- db_query("UPDATE field_config SET data = :data WHERE id = :id",
- array(':data' => $data, ':id' => $record->id));
- }
- }
- /**
- * Sets a larger weight for the module so that the Field Permissions become available.
- */
- function field_permissions_update_7000(&$sandbox) {
- db_update('system')
- ->fields(array('weight' => 50))
- ->condition('name', 'field_permissions')
- ->execute();
- }
- /**
- * Migrate field permission settings to the new system (public/private/custom).
- */
- function field_permissions_update_7001() {
- foreach (field_info_fields() as $field_name => $field) {
- // If the field has any field permissions enabled, it will be using custom
- // permissions under the new system and needs to be converted. Otherwise,
- // it is a public field (the default) and can be ignored.
- if (!empty($field['settings']['field_permissions']) && array_filter($field['settings']['field_permissions'])) {
- // Set the type to FIELD_PERMISSIONS_CUSTOM. (The module may be disabled
- // when this update function runs, so we need to use the numeric value
- // rather than relying on the constant being defined.)
- $field['field_permissions']['type'] = 2;
- $field_permissions = $field['settings']['field_permissions'];
- $permissions_by_operation = array(
- // View-related permissions.
- array(
- 'view' => "view $field_name",
- 'view own' => "view own $field_name",
- ),
- // Edit-related permissions.
- array(
- 'create' => "create $field_name",
- 'edit' => "edit $field_name",
- 'edit own' => "edit own $field_name",
- ),
- );
- // Loop through each type of operation (view or edit).
- foreach ($permissions_by_operation as $permissions) {
- $actions = array_keys($permissions);
- // If none of the related permissions were enabled, all users were
- // allowed to perform the relevant actions on this field, so we need to
- // assign permissions here to preserve that behavior.
- $has_enabled_permissions = (bool) array_filter(array_intersect_key($field_permissions, array_flip($actions)));
- if (!$has_enabled_permissions) {
- _update_7000_user_role_grant_permissions(DRUPAL_ANONYMOUS_RID, $permissions, 'field_permissions');
- _update_7000_user_role_grant_permissions(DRUPAL_AUTHENTICATED_RID, $permissions, 'field_permissions');
- }
- // Otherwise, for each permission that was disabled, no users should be
- // allowed to perform that action; therefore, make sure to unassign any
- // (stale) permissions that they may have.
- else {
- foreach ($actions as $action) {
- if (empty($field_permissions[$action])) {
- if ($action != 'create') {
- $permission = $permissions[$action];
- $rids = array_keys(user_roles(FALSE, $permission));
- foreach ($rids as $rid) {
- user_role_revoke_permissions($rid, array($permission));
- }
- }
- // The 'create' action needs special handling, since previously,
- // if create permissions were not enabled the code would have
- // fallen back on checking edit permissions. Now, though, create
- // permissions are always enabled (and always checked when an
- // entity is being created). Therefore, we need to figure out
- // what the fallback would have been and assign new create
- // permissions based on that.
- else {
- $rids_with_create_access = array();
- // The first fallback is edit permissions; if those are
- // enabled, any role with edit permission would have been
- // granted access.
- if (!empty($field_permissions['edit'])) {
- $rids_with_create_access = array_keys(user_roles(FALSE, $permissions['edit']));
- }
- // The final fallback is 'edit own' permissions; if those are
- // enabled, any role with 'edit own' permission would have been
- // granted access. (It is additionally required that the entity
- // being checked is owned by the current user, but in the case
- // of nodes being created that will always be the case anyway,
- // and nodes are the only entities we need to support for the
- // D6-to-D7 upgrade.)
- if (!empty($field_permissions['edit own'])) {
- $rids_with_create_access = array_unique(array_merge($rids_with_create_access, array_keys(user_roles(FALSE, $permissions['edit own']))));
- }
- // Assign create permissions to all the relevant roles.
- foreach ($rids_with_create_access as $rid) {
- _update_7000_user_role_grant_permissions($rid, array($permissions['create']), 'field_permissions');
- }
- }
- }
- }
- }
- }
- }
- // Remove the old field permissions settings if necessary, and save the
- // field.
- if (isset($field['settings']['field_permissions'])) {
- // We can't unset this or field_update_field() will automatically add it
- // back (using the prior field data), so do the next best thing.
- $field['settings']['field_permissions'] = NULL;
- field_update_field($field);
- }
- }
- }
|