' . t( 'Access control for the %name role is disabled. Enable @name.', array( '%name' => $roles[$rid], '@name' => $roles[$rid], '@url' => taxonomy_access_enable_role_url($rid))) . '
' ); return $form; } // Otherwise, add a link to disable and build the rest of the form. else { $disable_url = url( TAXONOMY_ACCESS_CONFIG . "/role/$rid/delete", array('query' => drupal_get_destination()) ); $form['status'] = array( '#markup' => '' . t( 'Access control for the %name role is enabled. Disable @name.', array('@name' => $roles[$rid], '%name' => $roles[$rid], '@url' => $disable_url)) . '
' ); } } // Retrieve role grants and display an administration form. // Disable list filtering while preparing this form. taxonomy_access_disable_list(); // Fetch all grants for the role. $defaults = db_query( 'SELECT vid, grant_view, grant_update, grant_delete, grant_create, grant_list FROM {taxonomy_access_default} WHERE rid = :rid', array(':rid' => $rid)) ->fetchAllAssoc('vid', PDO::FETCH_ASSOC); $records = db_query( 'SELECT ta.tid, td.vid, ta.grant_view, ta.grant_update, ta.grant_delete, ta.grant_create, ta.grant_list FROM {taxonomy_access_term} ta INNER JOIN {taxonomy_term_data} td ON ta.tid = td.tid WHERE rid = :rid', array(':rid' => $rid)) ->fetchAllAssoc('tid', PDO::FETCH_ASSOC); $term_grants = array(); foreach ($records as $record) { $term_grants[$record['vid']][$record['tid']] = $record; } // Add a fieldset for the global default. $form['global_default'] = array( '#type' => 'fieldset', '#title' => t('Global default'), '#description' => t('The global default controls access to untagged nodes. It is also used as the default for disabled vocabularies.'), '#collapsible' => TRUE, // Collapse if there are vocabularies configured. '#collapsed' => (sizeof($defaults) > 1), ); // Print term grant table. $form['global_default']['grants'] = taxonomy_access_grant_add_table($defaults[TAXONOMY_ACCESS_GLOBAL_DEFAULT], TAXONOMY_ACCESS_VOCABULARY_DEFAULT); // Fetch all vocabularies and determine which are enabled for the role. $vocabs = array(); $disabled = array(); foreach (taxonomy_get_vocabularies() as $vocab) { $vocabs[$vocab->vid] = $vocab; if (!isset($defaults[$vocab->vid])) { $disabled[$vocab->vid] = $vocab->name; } } // Add a fieldset to enable vocabularies. if (!empty($disabled)) { $form['enable_vocabs'] = array( '#type' => 'fieldset', '#collapsible' => TRUE, '#collapsed' => TRUE, '#title' => t('Add vocabulary'), '#attributes' => array('class' => array('container-inline', 'taxonomy-access-add')), ); $form['enable_vocabs']['enable_vocab'] = array( '#type' => 'select', '#title' => t('Vocabulary'), '#options' => $disabled, ); $form['enable_vocabs']['add'] = array( '#type' => 'submit', '#submit' => array('taxonomy_access_enable_vocab_submit'), '#value' => t('Add'), ); } // Add a fieldset for each enabled vocabulary. foreach ($defaults as $vid => $vocab_default) { if (!empty($vocabs[$vid])) { $vocab = $vocabs[$vid]; $name = $vocab->machine_name; // Fetch unconfigured terms and reorder term records by hierarchy. $sort = array(); $add_options = array(); if ($tree = taxonomy_get_tree($vid)) { foreach ($tree as $term) { if (empty($term_grants[$vid][$term->tid])) { $add_options["term $term->tid"] = str_repeat('-', $term->depth) . ' ' .check_plain($term->name); } else { $sort[$term->tid] = $term_grants[$vid][$term->tid]; $sort[$term->tid]['name'] = str_repeat('-', $term->depth) . ' ' . check_plain($term->name); } } $term_grants[$vid] = $sort; } $grants = array(TAXONOMY_ACCESS_VOCABULARY_DEFAULT => $vocab_default); $grants[TAXONOMY_ACCESS_VOCABULARY_DEFAULT]['name'] = t('Default'); if (!empty($term_grants[$vid])) { $grants += $term_grants[$vid]; } $form[$name] = array( '#type' => 'fieldset', '#title' => $vocab->name, '#attributes' => array('class' => array('taxonomy-access-vocab')), '#description' => t('The default settings apply to all terms in %vocab that do not have their own below.', array('%vocab' => $vocab->name)), '#collapsible' => TRUE, '#collapsed' => FALSE, ); // Term grant table. $form[$name]['grants'] = taxonomy_access_grant_table($grants, $vocab->vid, t('Term'), !empty($term_grants[$vid])); // Fieldset to add a new term if there are any. if (!empty($add_options)) { $form[$name]['new'] = array( '#type' => 'fieldset', '#collapsible' => TRUE, '#collapsed' => TRUE, '#title' => t('Add term'), '#tree' => TRUE, '#attributes' => array('class' => array('container-inline', 'taxonomy-access-add')), ); $form[$name]['new'][$vid]['item'] = array( '#type' => 'select', '#title' => t('Term'), '#options' => $add_options, ); $form[$name]['new'][$vid]['recursive'] = array( '#type' => 'checkbox', '#title' => t('with descendants'), ); $form[$name]['new'][$vid]['grants'] = taxonomy_access_grant_add_table($vocab_default, $vid); $form[$name]['new'][$vid]['add'] = array( '#type' => 'submit', '#name' => $vid, '#submit' => array('taxonomy_access_add_term_submit'), '#value' => t('Add'), ); } $disable_url = url( TAXONOMY_ACCESS_CONFIG . "/role/$rid/disable/$vid", array('query' => drupal_get_destination()) ); $form[$name]['disable'] = array( '#markup' => '' . t( 'To disable the %vocab vocabulary, delete all @vocab access rules.', array('%vocab' => $vocab->name, '@vocab' => $vocab->name, '@url' => $disable_url)) . '
' ); } } $form['actions'] = array('#type' => 'actions'); $form['actions']['submit'] = array( '#type' => 'submit', '#value' => t('Save all'), '#submit' => array('taxonomy_access_save_all_submit'), ); if (!empty($term_grants)) { $form['actions']['delete'] = array( '#type' => 'submit', '#value' => t('Delete selected'), '#submit' => array('taxonomy_access_delete_selected_submit'), ); } return $form; } /** * Generates a grant table for multiple access rules. * * @param array $rows * An array of grant row data, keyed by an ID (term, vocab, role, etc.). Each * row should include the following keys: * - name: (optional) The label for the row (e.g., a term, vocabulary, or * role name). * - view: The View grant value select box for the element. * - update: The Update grant value select box for the element. * - delete: The Delete grant value select box for the element. * - create: The Add tag grant value select box for the element. * - list: The View tag grant value select box for the element. * @param int $parent_vid * The parent ID for the table in the form tree structure (typically a * vocabulary id). * @param string $first_col * The header for the first column (in the 'name' key for each row). * @param bool $delete * (optional) Whether to add a deletion checkbox to each row along with a * "Check all" box in the table header. The checbox is automatically disabled * for TAXONOMY_ACCESS_VOCABULARY_DEFAULT. Defaults to TRUE. * * @return * Renderable array containing the table. * * @see taxonomy_access_grant_table() */ function taxonomy_access_grant_table(array $rows, $parent_vid, $first_col, $delete = TRUE) { $header = taxonomy_access_grant_table_header(); if ($first_col) { array_unshift( $header, array('data' => $first_col, 'class' => array('taxonomy-access-label')) ); } if ($delete) { drupal_add_js('misc/tableselect.js'); array_unshift($header, array('class' => array('select-all'))); } $table = array( '#type' => 'taxonomy_access_grant_table', '#tree' => TRUE, '#header' => $header, ); foreach ($rows as $id => $row) { $table[$parent_vid][$id] = taxonomy_access_admin_build_row($row, 'name', $delete); } // Disable the delete checkbox for the default. if ($delete && isset($table[$parent_vid][TAXONOMY_ACCESS_VOCABULARY_DEFAULT])) { $table[$parent_vid][TAXONOMY_ACCESS_VOCABULARY_DEFAULT]['remove']['#disabled'] = TRUE; } return $table; } /** * Generates a grant table for adding access rules with one set of values. * * @param array $rows * An associative array of access rule data, with the following keys: * - view: The View grant value select box for the element. * - update: The Update grant value select box for the element. * - delete: The Delete grant value select box for the element. * - create: The Add tag grant value select box for the element. * - list: The View tag grant value select box for the element. * @param int $id * The ID for this set (e.g., a vocabulary ID). * * @return * Renderable array containing the table. * * @see taxonomy_access_grant_table() */ function taxonomy_access_grant_add_table($row, $id) { $header = taxonomy_access_grant_table_header(); $table = array( '#type' => 'taxonomy_access_grant_table', '#tree' => TRUE, '#header' => $header, ); $table[$id][TAXONOMY_ACCESS_VOCABULARY_DEFAULT] = taxonomy_access_admin_build_row($row); return $table; } /** * Returns a header array for grant form tables. * * @return array * An array of header cell data for a grant table. */ function taxonomy_access_grant_table_header() { $header = array( array('data' => t('View')), array('data' => t('Update')), array('data' => t('Delete')), array('data' => t('Add Tag')), array('data' => t('View Tag')), ); foreach ($header as &$cell) { $cell['class'] = array('taxonomy-access-grant'); } return $header; } /** * Theme our grant table. * * @todo * Use a separate theme function for taxonomy_access_grant_add_table() to get * out of nesting hell? * @todo * I clearly have no idea what I'm doing here. */ function theme_taxonomy_access_grant_table($element_data) { $table = array(); $table['header'] = $element_data['elements']['#header']; $table['attributes']['class'] = array('taxonomy-access-grant-table'); $rows = array(); foreach (element_children($element_data['elements']) as $element_key) { $child = $element_data['elements'][$element_key]; foreach (element_children($child) as $child_key) { $record = $child[$child_key]; $row = array(); foreach (element_children($record) as $record_key) { $data = array('data' => $record[$record_key]); // If it's the default, add styling. if ($record_key == 'name') { $data['class'] = array('taxonomy-access-label'); if ($child_key == TAXONOMY_ACCESS_VOCABULARY_DEFAULT) { $data['class'][] = 'taxonomy-access-default'; } } // Add grant classes to grant cells. elseif (in_array($record_key, array('view', 'update', 'delete', 'create', 'list'))) { $grant_class = $record_key . '-' . $data['data']['#default_value']; $data['class'] = array('taxonomy-access-grant', $grant_class); } $row[] = $data; } $rows[] = $row; } } $table['rows'] = $rows; return theme('table', $table); } /** * Assembles a row of grant options for a term or default on the admin form. * * @param array $grants * An array of grants to use as form defaults. * @param $label_key * (optional) Key of the column to use as a label in each grant row. Defaults * to NULL. */ function taxonomy_access_admin_build_row(array $grants, $label_key = NULL, $delete = FALSE) { $form['#tree'] = TRUE; if ($delete) { $form['remove'] = array( '#type' => 'checkbox', '#title' => t('Delete access rule for @name', array('@name' => $grants[$label_key])), '#title_display' => 'invisible', ); } if ($label_key) { $form[$label_key] = array( '#type' => 'markup', '#markup' => check_plain($grants[$label_key]), ); } foreach (array('view', 'update', 'delete', 'create', 'list') as $grant) { $for = $label_key ? $grants[$label_key] : NULL; $form[$grant] = array( '#type' => 'select', '#title' => _taxonomy_access_grant_field_label($grant, $for), '#title_display' => 'invisible', '#default_value' => is_string($grants['grant_' . $grant]) ? $grants['grant_' . $grant] : TAXONOMY_ACCESS_NODE_IGNORE, '#required' => TRUE, ); } foreach (array('view', 'update', 'delete') as $grant) { $form[$grant]['#options'] = array( TAXONOMY_ACCESS_NODE_ALLOW => t('Allow'), TAXONOMY_ACCESS_NODE_IGNORE => t('Ignore'), TAXONOMY_ACCESS_NODE_DENY => t('Deny'), ); } foreach (array('create', 'list') as $grant) { $form[$grant]['#options'] = array( TAXONOMY_ACCESS_TERM_ALLOW => t('Allow'), TAXONOMY_ACCESS_TERM_DENY => t('Deny'), ); } return $form; } /** * Returns the proper invisible field label for each grant table element. */ function _taxonomy_access_grant_field_label($grant, $for = NULL) { if ($for) { $label = array('@label', $for); $titles = array( 'view' => t('View grant for @label', $label), 'update' => t('Update grant for @label', $label), 'delete' => t('Delete grant for @label', $label), 'create' => t('Add tag grant for @label', $label), 'list' => t('View tag grant for @label', $label), ); } else { $titles = array( 'view' => t('View grant'), 'update' => t('Update grant'), 'delete' => t('Delete grant'), 'create' => t('Add tag grant'), 'list' => t('View tag grant'), ); } return $titles[$grant]; } /** * Form submission handler for taxonomy_access_admin_role(). * * Processes submissions for the vocabulary 'Add' button. */ function taxonomy_access_enable_vocab_submit($form, &$form_state) { $rid = $form_state['values']['rid']; $vid = $form_state['values']['enable_vocab']; $roles = _taxonomy_access_user_roles(); $vocab = taxonomy_vocabulary_load($vid); if (taxonomy_access_enable_vocab($vid, $rid)) { drupal_set_message(t( 'Vocabulary %vocab enabled successfully for the %role role.', array( '%vocab' => $vocab->name, '%role' => $roles[$rid]))); } else { drupal_set_message(t('The vocabulary could not be enabled.'), 'error'); } } /** * Form submission handler for taxonomy_access_admin_role(). * * Processes submissions for the term 'Add' button. */ function taxonomy_access_add_term_submit($form, &$form_state) { $vid = $form_state['clicked_button']['#name']; $new = $form_state['values']['new'][$vid]; $rid = $form_state['values']['rid']; list($type, $id) = explode(' ', $new['item']); $rows = array(); $rows[$id] = _taxonomy_access_format_grant_record($id, $rid, $new['grants'][$vid][TAXONOMY_ACCESS_VOCABULARY_DEFAULT]); // If we are adding children recursively, add those as well. if ($new['recursive'] == 1) { $children = _taxonomy_access_get_descendants($id); foreach ($children as $tid) { $rows[$tid] = _taxonomy_access_format_grant_record($tid, $rid, $new['grants'][$vid][TAXONOMY_ACCESS_VOCABULARY_DEFAULT]); } } // Set the grants for the row or rows. taxonomy_access_set_term_grants($rows); } /** * Page callback: Returns a confirmation form to disable a vocabulary. * * @param int $rid * The role ID. * @param object $vocab * The vocabulary object. * * @todo * Check if vocab is enabled and return a 404 otherwise? * * @see taxonomy_access_menu() * @see taxonomy_access_admin_role(). * @see taxonomy_access_disable_vocab_confirm_page() */ function taxonomy_access_disable_vocab_confirm_page($rid, $vocab) { $rid = intval($rid); // Return a 404 on invalid vid or rid. if (!$vocab->vid || !$rid) { return MENU_NOT_FOUND; } return drupal_get_form('taxonomy_access_disable_vocab_confirm', $rid, $vocab); } /** * Returns a confirmation form for disabling a vocabulary for a role. * * @param int $rid * The role ID. * @param object $vocab * The vocabulary object. * * @see taxonomy_access_disable_vocab_confirm_page() * @see taxonomy_access_disable_vocab_confirm_submit() * @ingroup forms */ function taxonomy_access_disable_vocab_confirm($form, &$form_state, $rid, $vocab) { $roles = _taxonomy_access_user_roles(); if (taxonomy_access_role_enabled($rid)) { $form['rid'] = array( '#type' => 'value', '#value' => $rid, ); $form['vid'] = array( '#type' => 'value', '#value' => $vocab->vid, ); $form['vocab_name'] = array( '#type' => 'value', '#value' => $vocab->name, ); return confirm_form($form, t("Are you sure you want to delete all Taxonomy access rules for %vocab in the %role role?", array('%role' => $roles[$rid], '%vocab' => $vocab->name)), TAXONOMY_ACCESS_CONFIG . '/role/%/edit', t('This action cannot be undone.'), t('Delete all'), t('Cancel')); } } /** * Form submission handler for taxonomy_access_disable_vocab_confirm(). * * @param int $rid * The role ID to disable. * * @todo * Set a message on invalid $rid or $vid? */ function taxonomy_access_disable_vocab_confirm_submit($form, &$form_state) { $roles = _taxonomy_access_user_roles(); $rid = intval($form_state['values']['rid']); $vid = intval($form_state['values']['vid']); // Do not proceed for invalid role IDs, and do not allow the global default // to be deleted. if (!$vid || !$rid || empty($roles[$rid])) { return FALSE; } if ($form_state['values']['confirm']) { $form_state['redirect'] = TAXONOMY_ACCESS_CONFIG; if (taxonomy_access_disable_vocab($vid, $rid)) { drupal_set_message( t('All Taxonomy access rules deleted for %vocab in role %role.', array( '%vocab' => $form_state['values']['vocab_name'], '%role' => $roles[$rid]) )); return TRUE; } } } /** * Form submission handler for taxonomy_access_admin_role(). * * Processes submissions for the "Delete selected" button. * * @todo * The parent form could probably be refactored to make this more efficient * (by putting these elements in a flat list) but that would require changing * taxonomy_access_grant_table() and taxonomy_access_build_row(). */ function taxonomy_access_delete_selected_submit($form, &$form_state) { $rid = intval($form_state['values']['rid']); $delete_tids = array(); foreach ($form_state['values']['grants'] as $vid => $tids) { foreach ($tids as $tid => $record) { if (!empty($record['remove'])) { $delete_tids[] = $tid; } } } if ($rid) { if (taxonomy_access_delete_term_grants($delete_tids, $rid)) { drupal_set_message(format_plural( sizeof($delete_tids), '1 term access rule was deleted.', '@count term access rules were deleted.')); } else { drupal_set_message(t('The records could not be deleted.'), 'warning'); } } } /** * Form submission handler for taxonomy_access_admin_form(). * * Processes submissions for the 'Save all' button. */ function taxonomy_access_save_all_submit($form, &$form_state) { $values = $form_state['values']; $rid = $values['rid']; $vocabs = taxonomy_get_vocabularies(); // Create four lists of records to update. $update_terms = array(); $skip_terms = array(); $update_defaults = array(); $skip_defaults = array(); foreach ($values['grants'] as $vid => $rows) { if ($vid == TAXONOMY_ACCESS_GLOBAL_DEFAULT) { $element = $form['global_default']; } else { $vocab = $vocabs[$vid]; $element = $form[$vocab->machine_name]; } foreach ($rows as $tid => $row) { // Check the default values for this row. $defaults = array(); $grants = array(); foreach (array('view', 'update', 'delete', 'create', 'list') as $grant_name) { $grants[$grant_name] = $row[$grant_name]; $defaults[$grant_name] = $element['grants'][$vid][$tid][$grant_name]['#default_value']; } // Proceed if the user changed the row (values differ from defaults). if ($defaults != $grants) { // If the grants for node access match the defaults, then we // can skip updating node access records for this row. $update_nodes = FALSE; foreach (array('view', 'update', 'delete') as $op) { if ($defaults[$op] != $grants[$op]) { $update_nodes = TRUE; } } // Add the row to one of the four arrays. switch (TRUE) { // Term record with node grant changes. case ($tid && $update_nodes): $update_terms[$tid] = _taxonomy_access_format_grant_record($tid, $rid, $grants); break; // Term record and no node grant changes. case ($tid && !$update_nodes): $skip_terms[$tid] = _taxonomy_access_format_grant_record($tid, $rid, $grants); break; // Vocab record with node grant changes. case (!$tid && $update_nodes): $update_defaults[$vid] = _taxonomy_access_format_grant_record($vid, $rid, $grants, TRUE); break; // Vocab record and no node grant changes. case (!$tid && !$update_nodes): $skip_defaults[$vid] = _taxonomy_access_format_grant_record($vid, $rid, $grants, TRUE); break; } } } } // Process each set. if (!empty($update_terms)) { taxonomy_access_set_term_grants($update_terms); } if (!empty($skip_terms)) { taxonomy_access_set_term_grants($skip_terms, FALSE); } if (!empty($update_defaults)) { taxonomy_access_set_default_grants($update_defaults); } if (!empty($skip_defaults)) { taxonomy_access_set_default_grants($skip_defaults, FALSE); } } /** * Generates HTML markup with form instructions for the admin form. * * @return * Instructions HTML string. */ function _taxonomy_access_admin_instructions_html() { $instructions = ''; $instructions .= '' . "" . t('Options for View, Update, and Delete are Allow (A), Ignore (I), and Deny (D).') . "
\n\n" . "" . t('Remember: This role will inherit permissions from the authenticated user role. Be sure to configure the authenticated user properly.', array("@url" => url( TAXONOMY_ACCESS_CONFIG . "/role/" . DRUPAL_AUTHENTICATED_RID . '/edit'))) . "
\n\n" ; } $instructions .= '' . ""
. t('For more information and for troubleshooting guidelines, see the help page and the !readme.',
array(
'@help' => url('admin/help/taxonomy_access'),
'!readme' => "README.txt"
))
. "