Home Explore Help
Sign In
bachir
/
materio-base-d7
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 16d8adc672
Branches Tags
materio-base...
/
sites
/
all
/
modules
/
contrib
/
admin
/
content_access
/
content_access.admin.inc

content_access.admin.inc 12 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347 
  1. <?php
    2. 

  2. 

  3. /**
    4. 

  4.  * @file Content access administration UI.
    5. 

  5.  */
    6. 

  6. 

  7. /**
    8. 

  8.  * Specifies the threshold until we try to mass update node grants immediately.
    9. 

  9.  */
    10. 

  10. define('CONTENT_ACCESS_MASS_UPDATE_THRESHOLD', 1000);
    11. 

  11. 

  12. /**
    13. 

  13.  * Per node settings page.
    14. 

  14.  */
    15. 

  15. function content_access_page($form, &$form_state, $node) {
    16. 

  16.   drupal_set_title(t('Access control for @title', array('@title' => $node->title)));
    17. 

  17. 

  18.   foreach (_content_access_get_operations() as $op => $label) {
    19. 

  19.     $defaults[$op] = content_access_per_node_setting($op, $node);
    20. 

  20.   }
    21. 

  21. 

  22.   // Get roles form
    23. 

  23.   content_access_role_based_form($form, $defaults, $node->type);
    24. 

  24. 

  25.   // Add an after_build handler that disables checkboxes, which are enforced by permissions.
    26. 

  26.   $form['per_role']['#after_build'] = array('content_access_force_permissions');
    27. 

  27. 

  28.   // ACL form
    29. 

  29.   if (module_exists('acl')) {
    30. 

  30.     // This is disabled when there is no node passed.
    31. 

  31.     $form['acl'] = array(
    32. 

  32.       '#type' => 'fieldset',
    33. 

  33.       '#title' => t('User access control lists'),
    34. 

  34.       '#description' => t('These settings allow you to grant access to specific users.'),
    35. 

  35.       '#collapsible' => TRUE,
    36. 

  36.       '#tree' => TRUE,
    37. 

  37.     );
    38. 

  38. 

  39.     foreach (array('view', 'update', 'delete') as $op) {
    40. 

  40.       $acl_id = content_access_get_acl_id($node, $op);
    41. 

  41.       acl_node_add_acl($node->nid, $acl_id, (int) ($op == 'view'), (int) ($op == 'update'), (int) ($op == 'delete'), content_access_get_settings('priority', $node->type));
    42. 

  42. 

  43.       $form['acl'][$op] = acl_edit_form($form_state, $acl_id, t('Grant !op access', array('!op' => $op)));
    44. 

  44.       $form['acl'][$op]['#collapsed'] = !isset($_POST['acl_' . $acl_id]) && !unserialize($form['acl'][$op]['user_list']['#default_value']);
    45. 

  45.     }
    46. 

  46.   }
    47. 

  47. 

  48.   $form_state['node'] = $node;
    49. 

  49. 

  50.   $form['reset'] = array(
    51. 

  51.     '#type' => 'submit',
    52. 

  52.     '#value' => t('Reset to defaults'),
    53. 

  53.     '#weight' => 10,
    54. 

  54.     '#submit' => array('content_access_page_reset'),
    55. 

  55.     '#access' => count(content_access_get_per_node_settings($node)) > 0,
    56. 

  56.   );
    57. 

  57.   $form['submit'] = array(
    58. 

  58.     '#type' => 'submit',
    59. 

  59.     '#value' => t('Submit'),
    60. 

  60.     '#weight' => 10,
    61. 

  61.   );
    62. 

  62. 

  63.   // @todo not true anymore?
    64. 

  64.   // http://drupal.org/update/modules/6/7#hook_node_access_records
    65. 

  65.   if (!$node->status) {
    66. 

  66.     drupal_set_message(t("Warning: Your content is not published, so this settings are not taken into account as long as the content remains unpublished."), 'error');
    67. 

  67.   }
    68. 

  68. 

  69.   return $form;
    70. 

  70. }
    71. 

  71. 

  72. /**
    73. 

  73.  * Submit callback for content_access_page().
    74. 

  74.  */
    75. 

  75. function content_access_page_submit($form, &$form_state) {
    76. 

  76.   $settings = array();
    77. 

  77.   $node = $form_state['node'];
    78. 

  78. 

  79.   foreach (_content_access_get_operations() as $op => $label) {
    80. 

  80.     // Set the settings so that further calls will return this settings.
    81. 

  81.     $settings[$op] = array_keys(array_filter($form_state['values'][$op]));
    82. 

  82.   }
    83. 

  83. 

  84.   // Save per-node settings.
    85. 

  85.   content_access_save_per_node_settings($node, $settings);
    86. 

  86. 

  87.   if (module_exists('acl')) {
    88. 

  88.     foreach (array('view', 'update', 'delete') as $op) {
    89. 

  89.       acl_save_form($form_state['values']['acl'][$op]);
    90. 

  90.       module_invoke_all('user_acl', $settings);
    91. 

  91.     }
    92. 

  92.   }
    93. 

  93. 

  94.   // Apply new settings.
    95. 

  95.   node_access_acquire_grants($node);
    96. 

  96. 

  97.   module_invoke_all('per_node', $settings);
    98. 

  98. 

  99.   drupal_set_message(t('Your changes have been saved.'));
    100. 

  100. }
    101. 

  101. 

  102. /**
    103. 

  103.  * Submit callback for reset on content_access_page().
    104. 

  104.  */
    105. 

  105. function content_access_page_reset($form, &$form_state) {
    106. 

  106.   content_access_delete_per_node_settings($form_state['node']);
    107. 

  107.   node_access_acquire_grants($form_state['node']);
    108. 

  108. 

  109.   drupal_set_message(t('The permissions have been reseted to the content type defaults.'));
    110. 

  110. }
    111. 

  111. 

  112. /**
    113. 

  113.  * Per content type settings form.
    114. 

  114.  */
    115. 

  115. function content_access_admin_settings($form, &$form_state, $content_type) {
    116. 

  116.   $type = $content_type->type;
    117. 

  117. 

  118.   $form_state['type'] = $type;
    119. 

  119. 

  120.   // Add role based per content type settings
    121. 

  121.   $defaults = array();
    122. 

  122.   foreach (_content_access_get_operations() as $op => $label) {
    123. 

  123.     $defaults[$op] = content_access_get_settings($op, $type);
    124. 

  124.   }
    125. 

  125.   content_access_role_based_form($form, $defaults, $type);
    126. 

  126. 

  127.   // Per node:
    128. 

  128.   $form['node'] = array(
    129. 

  129.     '#type' => 'fieldset',
    130. 

  130.     '#title' => t('Per content node access control settings'),
    131. 

  131.     '#collapsible' => TRUE,
    132. 

  132.     '#description' => t('Optionally you can enable per content node access control settings. If enabled, a new tab for the content access settings appears when viewing content. You have to configure permission to access these settings at the !permissions page.', array('!permissions' => l(t('permissions'), 'admin/people/permissions'))),
    133. 

  133.   );
    134. 

  134.   $form['node']['per_node'] = array(
    135. 

  135.     '#type' => 'checkbox',
    136. 

  136.     '#title' => t('Enable per content node access control settings'),
    137. 

  137.     '#default_value' => content_access_get_settings('per_node', $type),
    138. 

  138.   );
    139. 

  139. 

  140.   $form['advanced'] = array(
    141. 

  141.     '#type' => 'fieldset',
    142. 

  142.     '#title' => t('Advanced'),
    143. 

  143.     '#collapsible' => TRUE,
    144. 

  144.     '#collapsed' => TRUE,
    145. 

  145.   );
    146. 

  146.   $form['advanced']['priority'] = array(
    147. 

  147.     '#type' => 'weight',
    148. 

  148.     '#title' => t('Give content node grants priority'),
    149. 

  149.     '#default_value' => content_access_get_settings('priority', $type),
    150. 

  150.     '#description' => t('If you are only using this access control module, you can safely ignore this. If you are using multiple access control modules you can adjust the priority of this module.'),
    151. 

  151.   );
    152. 

  152.   $form['submit'] = array(
    153. 

  153.     '#type' => 'submit',
    154. 

  154.     '#value' => t('Submit'),
    155. 

  155.     '#weight' => 10,
    156. 

  156.   );
    157. 

  157. 

  158.   return $form;
    159. 

  159. }
    160. 

  160. 

  161. /**
    162. 

  162.  * Submit handler for per content type settings form.
    163. 

  163.  */
    164. 

  164. function content_access_admin_settings_submit($form, &$form_state) {
    165. 

  165.   $roles_permissions = user_role_permissions(user_roles());
    166. 

  166.   $permissions = user_permission_get_modules();
    167. 

  167.   $type = $form_state['type'];
    168. 

  168. 

  169.   // Remove disabled modules permissions, so they can't raise exception
    170. 

  170.   // in content_access_save_permissions()
    171. 

  171.   foreach ($roles_permissions as $rid => $role_permissions) {
    172. 

  172.     foreach ($role_permissions as $permission => $value) {
    173. 

  173.       if (!array_key_exists($permission, $permissions)) {
    174. 

  174.         unset($roles_permissions[$rid][$permission]);
    175. 

  175.       }
    176. 

  176.     }
    177. 

  177.   }
    178. 

  178. 

  179.   foreach (array('update', 'update_own', 'delete', 'delete_own') as $op) {
    180. 

  180.     foreach ($form_state['values'][$op] as $rid => $value) {
    181. 

  181.       $permission = content_access_get_permission_by_op($op, $form_state['type']);
    182. 

  182.       if ($value) {
    183. 

  183.         $roles_permissions[$rid][$permission] = TRUE;
    184. 

  184.       }
    185. 

  185.       else {
    186. 

  186.         $roles_permissions[$rid][$permission] = FALSE;
    187. 

  187.       }
    188. 

  188.     }
    189. 

  189.     // Don't save the setting, so its default value (get permission) is applied
    190. 

  190.     // always.
    191. 

  191.     unset($form_state['values'][$op]);
    192. 

  192.   }
    193. 

  193.   content_access_save_permissions($roles_permissions);
    194. 

  194. 

  195.   // Update content access settings
    196. 

  196.   $settings = content_access_get_settings('all', $type);
    197. 

  197.   foreach (content_access_available_settings() as $setting) {
    198. 

  198.     if (isset($form_state['values'][$setting])) {
    199. 

  199.       $settings[$setting] = is_array($form_state['values'][$setting]) ? array_keys(array_filter($form_state['values'][$setting])) : $form_state['values'][$setting];
    200. 

  200.     }
    201. 

  201.   }
    202. 

  202.   content_access_set_settings($settings, $type);
    203. 

  203. 

  204.   // Mass update the nodes, but only if necessary.
    205. 

  205.   if (content_access_get_settings('per_node', $type) ||
    206. 

  206.       content_access_get_settings('view', $type) != $form['per_role']['view']['#default_value'] ||
    207. 

  207.       content_access_get_settings('view_own', $type) != $form['per_role']['view_own']['#default_value'] ||
    208. 

  208.       content_access_get_settings('priority', $type) != $form['advanced']['priority']['#default_value'] ||
    209. 

  209.       content_access_get_settings('per_node', $type) != $form['node']['per_node']['#default_value']
    210. 

  210.      ) {
    211. 

  211. 

  212.     // If per node has been disabled and we use the ACL integration, we have to remove possible ACLs now.
    213. 

  213.     if (!content_access_get_settings('per_node', $type) && $form['node']['per_node']['#default_value'] && module_exists('acl')) {
    214. 

  214.       _content_access_remove_acls($type);
    215. 

  215.     }
    216. 

  216. 

  217.     if (content_access_mass_update(array($type))) {
    218. 

  218.       drupal_set_message(t('Permissions have been successfully rebuilt for the content type @types.', array('@types' => node_type_get_name($type))));
    219. 

  219.     }
    220. 

  220.   }
    221. 

  221. 

  222.   drupal_set_message(t('Your changes have been saved.'));
    223. 

  223. }
    224. 

  224. 

  225. /**
    226. 

  226.  * Mass updates node access records for nodes of the given types.
    227. 

  227.  * @param $types
    228. 

  228.  *   An array of content type names.
    229. 

  229.  * @return
    230. 

  230.  *   Whether the operation has been processed successfully (TRUE) or postponed (FALSE).
    231. 

  231.  */
    232. 

  232. function content_access_mass_update($types) {
    233. 

  233.   $q = db_select('node', 'n')
    234. 

  234.     ->fields('n', array('nid'))
    235. 

  235.     ->condition('n.type', $types, 'IN');
    236. 

  236. 

  237.   $count = $q->countQuery()->execute()->fetchField();
    238. 

  238. 

  239.   node_access_needs_rebuild(TRUE);
    240. 

  240. 

  241.   // If there not too much nodes affected, try to do it.
    242. 

  242.   if ($count <= CONTENT_ACCESS_MASS_UPDATE_THRESHOLD) {
    243. 

  243.     $records = $q->execute();
    244. 

  244.     foreach ($records as $node) {
    245. 

  245.       node_access_acquire_grants(node_load($node->nid));
    246. 

  246.     }
    247. 

  247. 

  248.     cache_clear_all();
    249. 

  249.     node_access_needs_rebuild(FALSE);
    250. 

  250.     return TRUE;
    251. 

  251.   }
    252. 

  252.   return FALSE;
    253. 

  253. }
    254. 

  254. 

  255. /**
    256. 

  256.  * Saves the given permissions by role to the database.
    257. 

  257.  */
    258. 

  258. function content_access_save_permissions($roles_permissions) {
    259. 

  259.   foreach ($roles_permissions as $rid => $permissions) {
    260. 

  260.     user_role_change_permissions($rid, $permissions);
    261. 

  261.   }
    262. 

  262. }
    263. 

  263. 

  264. /**
    265. 

  265.  * Builds the role based permission form for the given defaults.
    266. 

  266.  *
    267. 

  267.  * @param $defaults
    268. 

  268.  *   Array of defaults for all operations.
    269. 

  269.  */
    270. 

  270. function content_access_role_based_form(&$form, $defaults = array(), $type = NULL) {
    271. 

  271.   $form['per_role'] = array(
    272. 

  272.     '#type' => 'fieldset',
    273. 

  273.     '#title' => t('Role based access control settings'),
    274. 

  274.     '#collapsible' => TRUE,
    275. 

  275.     '#description' => t('Note that users need at least the %access_content permission to be able to deal in any way with content.', array('%access_content' => t('access content'))) .
    276. 

  276.       ' ' . t('Furthermore note that content which is not @published is treated in a different way by drupal: It can be viewed only by its author or users with the %administer_nodes permission.', array('@published' => t('published'), '%administer_nodes' => t('administer nodes'))),
    277. 

  277.   );
    278. 

  278. 

  279.   $operations = _content_access_get_operations($type);
    280. 

  280.   $roles = array_map('filter_xss_admin', user_roles());
    281. 

  281.   foreach ($operations as $op => $label) {
    282. 

  282.     // Make sure defaults are set properly
    283. 

  283.     $defaults += array($op => array());
    284. 

  284. 

  285.     $form['per_role'][$op] = array('#type' => 'checkboxes',
    286. 

  286.       '#prefix' => '<div class="content_access-div">',
    287. 

  287.       '#suffix' => '</div>',
    288. 

  288.       '#options' => $roles,
    289. 

  289.       '#title' => $label,
    290. 

  290.       '#default_value' => $defaults[$op],
    291. 

  291.       '#process' => array('form_process_checkboxes', 'content_access_disable_checkboxes'),
    292. 

  292.     );
    293. 

  293.   }
    294. 

  294. 

  295.   $form['per_role']['clearer'] = array(
    296. 

  296.     '#value' => '<br clear="all" />',
    297. 

  297.   );
    298. 

  298. 

  299.   drupal_add_css(drupal_get_path('module', 'content_access') . '/content_access.css');
    300. 

  300. 

  301.   return $form;
    302. 

  302. }
    303. 

  303. 

  304. /**
    305. 

  305.  * Formapi #after_build callback, that disables checkboxes for roles without access to content.
    306. 

  306.  */
    307. 

  307. function content_access_force_permissions($element, &$form_state) {
    308. 

  308.   foreach (array('update', 'update_own', 'delete', 'delete_own') as $op) {
    309. 

  309.     foreach (content_access_get_settings($op, $form_state['node']->type) as $rid) {
    310. 

  310.       $element[$op][$rid]['#disabled'] = TRUE;
    311. 

  311.       $element[$op][$rid]['#attributes']['disabled'] = 'disabled';
    312. 

  312.       $element[$op][$rid]['#value'] = TRUE;
    313. 

  313.       $element[$op][$rid]['#checked'] = TRUE;
    314. 

  314.       $element[$op][$rid]['#prefix'] = '<span' . drupal_attributes(array('title' => t("Permission is granted due to the content type's access control settings."))) . '>';
    315. 

  315.       $element[$op][$rid]['#suffix'] = "</span>";
    316. 

  316.     }
    317. 

  317.   }
    318. 

  318.   return $element;
    319. 

  319. }
    320. 

  320. 

  321. /**
    322. 

  322.  * Submit callback for the user permissions form.
    323. 

  323.  * Trigger changes to node permissions to rebuild our grants.
    324. 

  324.  */
    325. 

  325. function content_access_user_admin_perm_submit($form, $form_state) {
    326. 

  326.   // Check for each content type, which has per node access activated
    327. 

  327.   // whether permissions have been changed.
    328. 

  328.   $types = array();
    329. 

  329.   foreach (array_filter(content_access_get_settings('per_node')) as $type => $value) {
    330. 

  330.     foreach (_content_access_get_node_permissions($type) as $perm) {
    331. 

  331.       foreach (user_roles() as $rid => $role) {
    332. 

  332.         if (isset($form_state['values'][$rid]) && in_array($perm, $form['checkboxes'][$rid]['#default_value']) != in_array($perm, $form_state['values'][$rid])) {
    333. 

  333.           //permission changed!
    334. 

  334.           $types[$type] = node_get_types('name', $type);
    335. 

  335.           continue 2;
    336. 

  336.         }
    337. 

  337.       }
    338. 

  338.     }
    339. 

  339.   }
    340. 

  340.   if ($types && content_access_mass_update(array_keys($types))) {
    341. 

  341.     drupal_set_message(format_plural(count($types),
    342. 

  342.       'Permissions have been successfully rebuilt for the content type @types.',
    343. 

  343.       'Permissions have been successfully rebuilt for the content types @types.',
    344. 

  344.       array('@types' => implode(', ', $types))
    345. 

  345.     ));
    346. 

  346.   }
    347. 

  347. }
    348.