Home Explore Help
Sign In
bachir
/
materio-base-d7
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 3af02617b4
Branches Tags
materio-base...
/
sites
/
all
/
modules
/
contrib
/
dev
/
ctools
/
includes
/
entity-access.inc

entity-access.inc 4.6 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150 
  1. <?php
    2. 

  2. 

  3. /**
    4. 

  4.  * @file
    5. 

  5.  * Provides various callbacks for the whole core module integration.
    6. 

  6.  * This is a copy of Entity API's functionality for use when Entity API isn't
    7. 

  7.  * Enabled, and only works on view functions.
    8. 

  8.  */
    9. 

  9. 

  10. /**
    11. 

  11.  * Core hack to include entity api-esque 'access callback' functions to core
    12. 

  12.  * entities without needing to rely on entity api.
    13. 

  13.  * Exception: We don't touch file entity. You must have entity API enabled to
    14. 

  14.  * view files.
    15. 

  15.  */
    16. 

  16. function _ctools_entity_access(&$entity_info, $entity_type) {
    17. 

  17.   // If the access callback is already set, don't change anything.
    18. 

  18.   if (isset($entity_info['access callback'])) {
    19. 

  19.     return;
    20. 

  20.   }
    21. 

  21. 

  22.   switch ($entity_type) {
    23. 

  23.     case 'node':
    24. 

  24.       // Sad panda, we don't use Entity API, lets manually add access callbacks.
    25. 

  25.       $entity_info['access callback'] = 'ctools_metadata_no_hook_node_access';
    26. 

  26.       break;
    27. 

  27.     case 'user':
    28. 

  28.       $entity_info['access callback'] = 'ctools_metadata_user_access';
    29. 

  29.       break;
    30. 

  30.     case 'comment':
    31. 

  31.       if (module_exists('comment')) {
    32. 

  32.         $entity_info['access callback'] = 'ctools_metadata_comment_access';
    33. 

  33.       }
    34. 

  34.       break;
    35. 

  35.     case 'taxonomy_term':
    36. 

  36.       if (module_exists('taxonomy')) {
    37. 

  37.         $entity_info['access callback'] = 'ctools_metadata_taxonomy_access';
    38. 

  38.       }
    39. 

  39.       break;
    40. 

  40.     case 'taxonomy_vocabulary':
    41. 

  41.       if (module_exists('taxonomy')) {
    42. 

  42.         $entity_info['access callback'] = 'ctools_metadata_taxonomy_access';
    43. 

  43.       }
    44. 

  44.       break;
    45. 

  45.   }
    46. 

  46. }
    47. 

  47. 

  48. /**
    49. 

  49.  * Access callback for the node entity.
    50. 

  50.  *
    51. 

  51.  * This function does not implement hook_node_access(), thus it may not be
    52. 

  52.  * called ctools_metadata_node_access().
    53. 

  53.  *
    54. 

  54.  * @see entity_access()
    55. 

  55.  *
    56. 

  56.  * @param $op
    57. 

  57.  *   The operation being performed. One of 'view', 'update', 'create' or
    58. 

  58.  *   'delete'.
    59. 

  59.  * @param $node
    60. 

  60.  *   A node to check access for. Must be a node object. Must have nid,
    61. 

  61.  *   except in the case of 'create' operations.
    62. 

  62.  * @param $account
    63. 

  63.  *   The user to check for. Leave it to NULL to check for the global user.
    64. 

  64.  *
    65. 

  65.  * @throws EntityMalformedException
    66. 

  66.  *
    67. 

  67.  * @return boolean
    68. 

  68.  *   TRUE if access is allowed, FALSE otherwise.
    69. 

  69.  */
    70. 

  70. function ctools_metadata_no_hook_node_access($op, $node = NULL, $account = NULL) {
    71. 

  71.   // First deal with the case where a $node is provided.
    72. 

  72.   if (isset($node)) {
    73. 

  73.     // If a non-default revision is given, incorporate revision access.
    74. 

  74.     $default_revision = node_load($node->nid);
    75. 

  75.     if ($node->vid !== $default_revision->vid) {
    76. 

  76.       return _node_revision_access($node, $op, $account);
    77. 

  77.     }
    78. 

  78.     else {
    79. 

  79.       return node_access($op, $node, $account);
    80. 

  80.     }
    81. 

  81.   }
    82. 

  82.   // No node is provided. Check for access to all nodes.
    83. 

  83.   if (user_access('bypass node access', $account)) {
    84. 

  84.     return TRUE;
    85. 

  85.   }
    86. 

  86.   if (!user_access('access content', $account)) {
    87. 

  87.     return FALSE;
    88. 

  88.   }
    89. 

  89.   if ($op == 'view' && node_access_view_all_nodes($account)) {
    90. 

  90.     return TRUE;
    91. 

  91.   }
    92. 

  92.   return FALSE;
    93. 

  93. }
    94. 

  94. 

  95. /**
    96. 

  96.  * Access callback for the user entity.
    97. 

  97.  */
    98. 

  98. function ctools_metadata_user_access($op, $entity = NULL, $account = NULL, $entity_type) {
    99. 

  99.   $account = isset($account) ? $account : $GLOBALS['user'];
    100. 

  100.   // Grant access to the users own user account and to the anonymous one.
    101. 

  101.   if (isset($entity) && $op != 'delete' && (($entity->uid == $account->uid && $entity->uid) || (!$entity->uid && $op == 'view'))) {
    102. 

  102.     return TRUE;
    103. 

  103.   }
    104. 

  104.   if (user_access('administer users', $account) || user_access('access user profiles', $account) && $op == 'view' && $entity->status) {
    105. 

  105.     return TRUE;
    106. 

  106.   }
    107. 

  107.   return FALSE;
    108. 

  108. }
    109. 

  109. 

  110. /**
    111. 

  111.  * Access callback for the comment entity.
    112. 

  112.  */
    113. 

  113. function ctools_metadata_comment_access($op, $entity = NULL, $account = NULL) {
    114. 

  114.   // When determining access to a comment, if comment has an associated node,
    115. 

  115.   // the user must be able to view the node in order to access the comment.
    116. 

  116.   if (isset($entity->nid)) {
    117. 

  117.     if (!node_access('view', node_load($entity->nid), $account)) {
    118. 

  118.       return FALSE;
    119. 

  119.     }
    120. 

  120.   }
    121. 

  121. 

  122.   // Comment administrators are allowed to perform all operations on all
    123. 

  123.   // comments.
    124. 

  124.   if (user_access('administer comments', $account)) {
    125. 

  125.     return TRUE;
    126. 

  126.   }
    127. 

  127. 

  128.   // Unpublished comments can never be accessed by non-admins.
    129. 

  129.   if (isset($entity->status) && $entity->status == COMMENT_NOT_PUBLISHED) {
    130. 

  130.     return FALSE;
    131. 

  131.   }
    132. 

  132. 

  133.   if (user_access('access comments', $account) && $op == 'view') {
    134. 

  134.     return TRUE;
    135. 

  135.   }
    136. 

  136.   return FALSE;
    137. 

  137. }
    138. 

  138. 

  139. /**
    140. 

  140.  * Access callback for the taxonomy entities.
    141. 

  141.  */
    142. 

  142. function ctools_metadata_taxonomy_access($op, $entity = NULL, $account = NULL, $entity_type) {
    143. 

  143.   if ($entity_type == 'taxonomy_vocabulary') {
    144. 

  144.     return user_access('administer taxonomy', $account);
    145. 

  145.   }
    146. 

  146.   if (user_access('administer taxonomy', $account) || user_access('access content', $account) && $op == 'view') {
    147. 

  147.     return TRUE;
    148. 

  148.   }
    149. 

  149.   return FALSE;
    150. 

  150. }
    151.