"Last access denied errors backtrace",
    'description' => "View 'access denied' errors backtrace (403s).",
    'page callback' => 'adb_last',
    'access arguments' => array('access site reports'),
  );
  $items['admin/reports/event/backtrace/%'] = array(
    'title' => 'Details',
    'page callback' => 'adb_event',
    'page arguments' => array(4),
    'access arguments' => array('access site reports'),
  );
  $items['admin/config/development/access-denied-backtrace/configure'] = array(
    'title' => 'Access denied backtrace settings',
    'page callback' => 'drupal_get_form',
    'page arguments' => array('adb_settings'),
    'access arguments' => array('administer access denied backtrace'),
  );
  return $items;
}
/**
 * Implements hook_permission().
 */
function adb_permission() {
  return array(
    'administer access denied backtrace' => array(
      'title' => t('administer access denied backtrace'),
      'description' => t('Change which roles are enabled to record access denied backtrace using the admin interface.'),
    ),
  );
} // fontyourface_perm
/**
 * Generate a adb settings form.
 *
 * @ingroup forms
 * @see filter_admin_format_form_validate()
 * @see filter_admin_format_form_submit()
 */
function adb_settings($form, &$form_state) {
  // Add user role access selection.
  $form['adb_roles'] = array(
    '#type' => 'checkboxes',
    '#title' => t('Roles'),
    '#options' => array_map('check_plain', user_roles()),
    '#default_value' => variable_get('adb_roles',array()),
    '#description' => t('Configure what roles will be able to record access denied backtrace'),
  );
  return system_settings_form($form);
}
/**
 * Menu callback; displays details about access denied backtrace log message.
 */
function adb_event($id) {
  $severity = watchdog_severity_levels();
  $result = db_query('SELECT adb.*, u.name, u.uid FROM {adb} adb INNER JOIN {users} u ON adb.uid = u.uid WHERE adb.adbid = :id', array(':id' => $id))->fetchObject();
  if ($dblog = $result) {
    $rows = array(
      array(
        array('data' => t('Date'), 'header' => TRUE),
        format_date($dblog->timestamp, 'long'),
      ),
      array(
        array('data' => t('User'), 'header' => TRUE),
        theme('username', array('account' => $dblog)),
      ),
      array(
        array('data' => t('Location'), 'header' => TRUE),
        l($dblog->location, $dblog->location),
      ),
      array(
        array('data' => t('User permissions'), 'header' => TRUE),
        $dblog->permissions,
      ),
      array(
        array('data' => t('User role permissions'), 'header' => TRUE),
        $dblog->role_permissions,
      ),
      array(
        array('data' => t('Node access denied'), 'header' => TRUE),
        $dblog->node_access_denied,
      ),
      array(
        array('data' => t('Backtrace'), 'header' => TRUE),
        theme('adb_message', array('event' => $dblog)),
      ),
    );
    $build['dblog_table'] = array(
      '#theme' => 'table',
      '#rows' => $rows,
      '#attributes' => array('class' => array('dblog-event')),
    );
    return $build;
  }
  else {
    return '';
  }
}
/**
 * Implements hook_theme().
 */
function adb_theme() {
  return array(
    'adb_message' => array(
      'variables' => array('event' => NULL),
    ),
  );
}
/**
 * Returns HTML for a log message.
 *
 * @param $variables
 *   An associative array containing:
 *   - event: An object with at least the message and variables properties.
 *   - link: (optional) Format message as link, event->wid is required.
 *
 * @ingroup themeable
 */
function theme_adb_message($variables) {
  $event = $variables['event'];
  $link = (isset($variables['link']))?$variables['link']:FALSE;
  $output = $event->backtrace;
  // Truncate message to 56 chars.
  if($link) {
    $output = truncate_utf8(filter_xss($output, array()), 56, TRUE, TRUE);
    $output = l($output, 'admin/reports/event/backtrace/' . $event->adbid, array('html' => TRUE));
  }
  return $output;
}
/**
 * Menu callback; generic function to display a page of the last access denied
 * backtrace.
 *
 * Messages are not truncated because events from this page have no detail view.
 *
 */
function adb_last() {
  $rows = array();
  $build['dblog_clear_log_form'] = drupal_get_form('adb_clear_log_form');
  $header = array(
    array('data' => t('Date'), 'field' => 'adb.adbid', 'sort' => 'desc'),
    t('Backtrace'),
    array('data' => t('User'), 'field' => 'u.name'),
  );
  $query = db_select('adb', 'adb')->extend('PagerDefault')->extend('TableSort');
  $query->leftJoin('users', 'u', 'adb.uid = u.uid');
  $query
    ->fields('adb', array('adbid', 'uid', 'timestamp', 'backtrace'))
    ->addField('u', 'name');
  $result = $query
    ->limit(50)
    ->orderByHeader($header)
    ->execute();
  foreach ($result as $dblog) {
    $rows[] = array('data' =>
      array(
        // Cells
        format_date($dblog->timestamp, 'short'),
        theme('adb_message', array('event' => $dblog, 'link' => TRUE)),
        theme('username', array('account' => $dblog)),
      ),
      // Attributes for tr
      'class' => array(drupal_html_class('adb')),
    );
  }
  $build['dblog_table'] = array(
    '#theme' => 'table',
    '#header' => $header,
    '#rows' => $rows,
    '#attributes' => array('id' => 'admin-dblog'),
    '#empty' => t('No access denied bractrace log available.'),
  );
  $build['dblog_pager'] = array('#theme' => 'pager');
  return $build;
}
/**
 * Invokes a hook in all enabled modules that implement it.
 *
 * @param $hook
 *   The name of the hook to invoke.
 * @param ...
 *   Arguments to pass to the hook.
 *
 * @return
 *   An array of return values of the hook implementations. If modules return
 *   arrays from their implementations, those are merged into one array.
 */
function adb_validate_module_access($node, $op, $account) {
  $args = array($node, $op, $account);
  $hook = 'node_access';
  $return = array();
  foreach (module_implements($hook) as $module) {
    $function = $module . '_' . $hook;
    if (function_exists($function)) {
      $result = call_user_func_array($function, $args);
      if (isset($result) && is_array($result)) {
        foreach ($result as $subaccess) {
          if ($subaccess == NODE_ACCESS_DENY) {
            $return[] = $module;
            break;
          }
        }
        $return = array_merge_recursive($return, $result);
      } elseif (isset($result) && $result == NODE_ACCESS_DENY) {
        $return[] = $module;
      }
    }
  }
  return t('Modules denying') . " " . implode(',', $return);
}
/**
 * Implements hook_watchdog().
 *
 * If an 'access denied' error is logged and user role is enabled for debug, the
 * execution trace is stored to try to fix what is wrong.
 */
function adb_watchdog($log_entry) {
  $account = user_load($log_entry['uid']);
  $adb_roles = array_filter(variable_get('adb_roles',array()));
  $valid_role = array_intersect_key($adb_roles,$log_entry['user']->roles);
  $account_rights = '';
  $rights = drupal_static('node_access', array());
  $permissions_denied = '';
  if (isset($rights[$log_entry['uid']])) {
    $account_rights = $rights[$log_entry['uid']];
    foreach ($account_rights as $node => $rights) {
      foreach ($rights as $action => $access) {
        if (!$access) {
          $permissions_denied .= $action . ' ' . $node . ". ";
          $permissions_denied .= adb_validate_module_access($node, $action, $log_entry['user']) . ".
";
        }
      }
    }
  }
  else {
    // Common message for annonymous users.
    $permissions_denied = t('There are not explicit access denied for this user');
  }
  $user_access = drupal_static('user_access', array());
  $role_permissions = user_role_permissions($account->roles);
  //Validate if entry is access denied and current user belog to enabled role to
  //record backtrace
  if (!empty($valid_role) && $log_entry['type'] == 'access denied' ) {
    $backtrace = _ddebug_backtrace(TRUE);
    // Pop the stack up to the drupal_access_denied() call.
    for ($i = 0; $i < 5; ++$i) {
      array_shift($backtrace);
    }
    $user_role_permissions = (isset($role_permissions[$log_entry['uid']])?$role_permissions[$log_entry['uid']]:array());
    $user_access_permissions = (isset($user_access[$log_entry['uid']]))?$user_access[$log_entry['uid']]:array();
   /* print_r($user_access[$log_entry['uid']]);
    print_r($user_role_permissions);*/
    Database::getConnection('default', 'default')->insert('adb')
        ->fields(array(
          'uid' => $log_entry['uid'],
          'node_access_denied' => $permissions_denied,
          'permissions' => _dprint_r($user_access_permissions, TRUE),
          'role_permissions' => _dprint_r($user_role_permissions, TRUE),
          'backtrace' => _dprint_r($backtrace, TRUE),
          'location' => $log_entry['request_uri'],
          'timestamp' => $log_entry['timestamp'],
        ))
        ->execute();
  }
}
/**
 * Return form for dblog clear button.
 *
 * @ingroup forms
 * @see dblog_clear_log_submit()
 */
function adb_clear_log_form($form) {
  $form['adb_clear'] = array(
    '#type' => 'fieldset',
    '#title' => t('Clear access denied backtraces'),
    '#description' => t('This will permanently remove the access denied backtraces from the database.'),
    '#collapsible' => TRUE,
    '#collapsed' => TRUE,
  );
  $form['adb_clear']['clear'] = array(
    '#type' => 'submit',
    '#value' => t('Clear access denied backtraces'),
    '#submit' => array('adb_clear_log_submit'),
  );
  return $form;
}
/**
 * Submit callback: clear database with log messages.
 */
function adb_clear_log_submit() {
  db_delete('adb')->execute();
  drupal_set_message(t('Database access denied backtrace cleared.'));
}
/**
 * Pretty-print a variable to the browser (no krumo).
 * Displays only for users with proper permissions. If
 * you want a string returned instead of a print, use the 2nd param.
 * based in devel function dprint_r
 */
function _dprint_r($input, $return = FALSE, $name = NULL, $function = 'print_r', $check = TRUE) {
  if ($name) {
    $name .= ' => ';
  }
  if ($function == 'drupal_var_export') {
    include_once DRUPAL_ROOT . '/includes/utility.inc';
    $output = drupal_var_export($input);
  } else {
    ob_start();
    $function($input);
    $output = ob_get_clean();
  }
  if ($check) {
    $output = check_plain($output);
  }
  if (count($input, COUNT_RECURSIVE) > ADB_DEVEL_MIN_TEXTAREA) {
    // don't use fapi here because sometimes fapi will not be loaded
    $printed_value = "';
  } else {
    $printed_value = '
' . $name . $output . ''; } if ($return) { return $printed_value; } else { print $printed_value; } } /** * Print the function call stack. * copied from devel module but with access for all roles */ function _ddebug_backtrace($return = FALSE, $pop = 0) { $backtrace = debug_backtrace(); while ($pop-- > 0) { array_shift($backtrace); } $counter = count($backtrace); $path = $backtrace[$counter - 1]['file']; $path = substr($path, 0, strlen($path) - 10); $paths[$path] = strlen($path) + 1; $paths[DRUPAL_ROOT] = strlen(DRUPAL_ROOT) + 1; $nbsp = "\xC2\xA0"; // Show message if error_level is ERROR_REPORTING_DISPLAY_SOME or higher. // (This is Drupal's error_level, which is different from $error_level, // and we purposely ignore the difference between _SOME and _ALL, // see #970688!) if (variable_get('error_level', 1) >= 1) { while (!empty($backtrace)) { $call = array(); if (isset($backtrace[0]['file'])) { $call['file'] = $backtrace[0]['file']; foreach ($paths as $path => $len) { if (strpos($backtrace[0]['file'], $path) === 0) { $call['file'] = substr($backtrace[0]['file'], $len); } } $call['file'] .= ':' . $backtrace[0]['line']; } if (isset($backtrace[1])) { if (isset($backtrace[1]['class'])) { $function = $backtrace[1]['class'] . $backtrace[1]['type'] . $backtrace[1]['function'] . '()'; } else { $function = $backtrace[1]['function'] . '()'; } $call['args'] = $backtrace[1]['args']; } else { $function = 'main()'; $call['args'] = $_GET; } $nicetrace[($counter <= 10 ? $nbsp : '') . --$counter . ': ' . $function] = $call; array_shift($backtrace); } if ($return) { return $nicetrace; } kprint_r($nicetrace); } }