Home Explore Help
Sign In
bachir
/
materio-base-d7
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 2ffad14939
Branches Tags
materio-base...
/
sites
/
all
/
modules
/
contrib
/
dev
/
ctools
/
includes
/
entity-access.inc

entity-access.inc 4.6 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154 
  1. <?php
    2. 

  2. 

  3. /**
    4. 

  4.  * @file
    5. 

  5.  * Provides various callbacks for the whole core module integration.
    6. 

  6.  * This is a copy of Entity API's functionality for use when Entity API isn't
    7. 

  7.  * Enabled, and only works on view functions.
    8. 

  8.  */
    9. 

  9. 

  10. /**
    11. 

  11.  * Core hack to include entity api-esque 'access callback' functions to core
    12. 

  12.  * entities without needing to rely on entity api.
    13. 

  13.  * Exception: We don't touch file entity. You must have entity API enabled to
    14. 

  14.  * view files.
    15. 

  15.  */
    16. 

  16. function _ctools_entity_access(&$entity_info, $entity_type) {
    17. 

  17.   // If the access callback is already set, don't change anything.
    18. 

  18.   if (isset($entity_info['access callback'])) {
    19. 

  19.     return;
    20. 

  20.   }
    21. 

  21. 

  22.   switch ($entity_type) {
    23. 

  23.     case 'node':
    24. 

  24.       // Sad panda, we don't use Entity API, lets manually add access callbacks.
    25. 

  25.       $entity_info['access callback'] = 'ctools_metadata_no_hook_node_access';
    26. 

  26.       break;
    27. 

  27. 

  28.     case 'user':
    29. 

  29.       $entity_info['access callback'] = 'ctools_metadata_user_access';
    30. 

  30.       break;
    31. 

  31. 

  32.     case 'comment':
    33. 

  33.       if (module_exists('comment')) {
    34. 

  34.         $entity_info['access callback'] = 'ctools_metadata_comment_access';
    35. 

  35.       }
    36. 

  36.       break;
    37. 

  37. 

  38.     case 'taxonomy_term':
    39. 

  39.       if (module_exists('taxonomy')) {
    40. 

  40.         $entity_info['access callback'] = 'ctools_metadata_taxonomy_access';
    41. 

  41.       }
    42. 

  42.       break;
    43. 

  43. 

  44.     case 'taxonomy_vocabulary':
    45. 

  45.       if (module_exists('taxonomy')) {
    46. 

  46.         $entity_info['access callback'] = 'ctools_metadata_taxonomy_access';
    47. 

  47.       }
    48. 

  48.       break;
    49. 

  49.   }
    50. 

  50. }
    51. 

  51. 

  52. /**
    53. 

  53.  * Access callback for the node entity.
    54. 

  54.  *
    55. 

  55.  * This function does not implement hook_node_access(), thus it may not be
    56. 

  56.  * called ctools_metadata_node_access().
    57. 

  57.  *
    58. 

  58.  * @see entity_access()
    59. 

  59.  *
    60. 

  60.  * @param $op
    61. 

  61.  *   The operation being performed. One of 'view', 'update', 'create' or
    62. 

  62.  *   'delete'.
    63. 

  63.  * @param $node
    64. 

  64.  *   A node to check access for. Must be a node object. Must have nid,
    65. 

  65.  *   except in the case of 'create' operations.
    66. 

  66.  * @param $account
    67. 

  67.  *   The user to check for. Leave it to NULL to check for the global user.
    68. 

  68.  *
    69. 

  69.  * @throws EntityMalformedException
    70. 

  70.  *
    71. 

  71.  * @return bool
    72. 

  72.  *   TRUE if access is allowed, FALSE otherwise.
    73. 

  73.  */
    74. 

  74. function ctools_metadata_no_hook_node_access($op, $node = NULL, $account = NULL) {
    75. 

  75.   // First deal with the case where a $node is provided.
    76. 

  76.   if (isset($node)) {
    77. 

  77.     // If a non-default revision is given, incorporate revision access.
    78. 

  78.     $default_revision = node_load($node->nid);
    79. 

  79.     if ($node->vid !== $default_revision->vid) {
    80. 

  80.       return _node_revision_access($node, $op, $account);
    81. 

  81.     }
    82. 

  82.     else {
    83. 

  83.       return node_access($op, $node, $account);
    84. 

  84.     }
    85. 

  85.   }
    86. 

  86.   // No node is provided. Check for access to all nodes.
    87. 

  87.   if (user_access('bypass node access', $account)) {
    88. 

  88.     return TRUE;
    89. 

  89.   }
    90. 

  90.   if (!user_access('access content', $account)) {
    91. 

  91.     return FALSE;
    92. 

  92.   }
    93. 

  93.   if ($op == 'view' && node_access_view_all_nodes($account)) {
    94. 

  94.     return TRUE;
    95. 

  95.   }
    96. 

  96.   return FALSE;
    97. 

  97. }
    98. 

  98. 

  99. /**
    100. 

  100.  * Access callback for the user entity.
    101. 

  101.  */
    102. 

  102. function ctools_metadata_user_access($op, $entity = NULL, $account = NULL, $entity_type) {
    103. 

  103.   $account = isset($account) ? $account : $GLOBALS['user'];
    104. 

  104.   // Grant access to the users own user account and to the anonymous one.
    105. 

  105.   if (isset($entity) && $op != 'delete' && (($entity->uid == $account->uid && $entity->uid) || (!$entity->uid && $op == 'view'))) {
    106. 

  106.     return TRUE;
    107. 

  107.   }
    108. 

  108.   if (user_access('administer users', $account) || user_access('access user profiles', $account) && $op == 'view' && $entity->status) {
    109. 

  109.     return TRUE;
    110. 

  110.   }
    111. 

  111.   return FALSE;
    112. 

  112. }
    113. 

  113. 

  114. /**
    115. 

  115.  * Access callback for the comment entity.
    116. 

  116.  */
    117. 

  117. function ctools_metadata_comment_access($op, $entity = NULL, $account = NULL) {
    118. 

  118.   // When determining access to a comment, if comment has an associated node,
    119. 

  119.   // the user must be able to view the node in order to access the comment.
    120. 

  120.   if (isset($entity->nid)) {
    121. 

  121.     if (!node_access('view', node_load($entity->nid), $account)) {
    122. 

  122.       return FALSE;
    123. 

  123.     }
    124. 

  124.   }
    125. 

  125. 

  126.   // Comment administrators are allowed to perform all operations on all
    127. 

  127.   // comments.
    128. 

  128.   if (user_access('administer comments', $account)) {
    129. 

  129.     return TRUE;
    130. 

  130.   }
    131. 

  131. 

  132.   // Unpublished comments can never be accessed by non-admins.
    133. 

  133.   if (isset($entity->status) && $entity->status == COMMENT_NOT_PUBLISHED) {
    134. 

  134.     return FALSE;
    135. 

  135.   }
    136. 

  136. 

  137.   if (user_access('access comments', $account) && $op == 'view') {
    138. 

  138.     return TRUE;
    139. 

  139.   }
    140. 

  140.   return FALSE;
    141. 

  141. }
    142. 

  142. 

  143. /**
    144. 

  144.  * Access callback for the taxonomy entities.
    145. 

  145.  */
    146. 

  146. function ctools_metadata_taxonomy_access($op, $entity = NULL, $account = NULL, $entity_type) {
    147. 

  147.   if ($entity_type == 'taxonomy_vocabulary') {
    148. 

  148.     return user_access('administer taxonomy', $account);
    149. 

  149.   }
    150. 

  150.   if (user_access('administer taxonomy', $account) || user_access('access content', $account) && $op == 'view') {
    151. 

  151.     return TRUE;
    152. 

  152.   }
    153. 

  153.   return FALSE;
    154. 

  154. }
    155.