taxonomy_access.install 9.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302
  1. <?php
  2. /**
  3. * @file
  4. * Install, update, and uninstall functions for Taxonomy Access Control.
  5. */
  6. /**
  7. * Implements hook_update_last_removed().
  8. */
  9. function taxonomy_access_last_removed() {
  10. return 5;
  11. }
  12. /**
  13. * Implements hook_install().
  14. *
  15. * Adds tables to database: 'taxonomy_access_term', 'taxonomy_access_default'
  16. */
  17. function taxonomy_access_install() {
  18. // Default global perms for roles 1 (anonymous) and 2 (authenticated).
  19. db_query(
  20. 'INSERT INTO {taxonomy_access_default}
  21. (vid, rid, grant_view, grant_update, grant_delete, grant_create, grant_list)
  22. VALUES
  23. (:vid, :rid, :node_allow, :ignore, :ignore, :term_allow, :term_allow)',
  24. array(
  25. ':vid' => TAXONOMY_ACCESS_GLOBAL_DEFAULT,
  26. ':rid' => DRUPAL_ANONYMOUS_RID,
  27. ':node_allow' => TAXONOMY_ACCESS_NODE_ALLOW,
  28. ':ignore' => TAXONOMY_ACCESS_NODE_IGNORE,
  29. ':term_allow' => TAXONOMY_ACCESS_TERM_ALLOW)
  30. );
  31. db_query(
  32. 'INSERT INTO {taxonomy_access_default}
  33. (vid, rid, grant_view, grant_update, grant_delete, grant_create, grant_list)
  34. VALUES
  35. (:vid, :rid, :node_allow, :ignore, :ignore, :term_allow, :term_allow)',
  36. array(
  37. ':vid' => TAXONOMY_ACCESS_GLOBAL_DEFAULT,
  38. ':rid' => DRUPAL_AUTHENTICATED_RID,
  39. ':node_allow' => TAXONOMY_ACCESS_NODE_ALLOW,
  40. ':ignore' => TAXONOMY_ACCESS_NODE_IGNORE,
  41. ':term_allow' => TAXONOMY_ACCESS_TERM_ALLOW)
  42. );
  43. }
  44. /**
  45. * Implements hook_schema().
  46. */
  47. function taxonomy_access_schema() {
  48. $schema = array();
  49. $schema['taxonomy_access_term'] = array(
  50. 'description' => 'Identifies which roles may view, update, delete, create, and list nodes with a given term.',
  51. 'fields' => array(
  52. 'tid' => array(
  53. 'description' => 'The term_data.tid this record affects. Overrides vocabulary default in taxonomy_access_default.',
  54. 'type' => 'int',
  55. 'unsigned' => TRUE,
  56. 'not null' => TRUE,
  57. 'default' => TAXONOMY_ACCESS_VOCABULARY_DEFAULT,
  58. ),
  59. 'rid' => array(
  60. 'description' => "The role.rid a user must possess to gain this row's privileges on nodes for this term.",
  61. 'type' => 'int',
  62. 'unsigned' => TRUE,
  63. 'not null' => TRUE,
  64. 'default' => 0,
  65. ),
  66. 'grant_view' => array(
  67. 'description' => 'Whether this role can view nodes with this term. 0=>Ignore, 1=>Allow, 2=>Deny.',
  68. 'type' => 'int',
  69. 'unsigned' => TRUE,
  70. 'size' => 'tiny',
  71. 'not null' => TRUE,
  72. 'default' => TAXONOMY_ACCESS_NODE_IGNORE,
  73. ),
  74. 'grant_update' => array(
  75. 'description' => 'Whether this role can edit nodes with this term. 0=>Ignore, 1=>Allow, 2=>Deny.',
  76. 'type' => 'int',
  77. 'unsigned' => TRUE,
  78. 'size' => 'tiny',
  79. 'not null' => TRUE,
  80. 'default' => TAXONOMY_ACCESS_NODE_IGNORE,
  81. ),
  82. 'grant_delete' => array(
  83. 'description' => 'Whether this role can delete nodes with this term. 0=>Ignore, 1=>Allow, 2=>Deny.',
  84. 'type' => 'int',
  85. 'unsigned' => TRUE,
  86. 'size' => 'tiny',
  87. 'not null' => TRUE,
  88. 'default' => TAXONOMY_ACCESS_NODE_IGNORE,
  89. ),
  90. 'grant_create' => array(
  91. 'description' => 'Whether this role can set this term when adding or editing a node. 0=>No, 1=>Yes.',
  92. 'type' => 'int',
  93. 'unsigned' => TRUE,
  94. 'size' => 'tiny',
  95. 'not null' => TRUE,
  96. 'default' => TAXONOMY_ACCESS_TERM_DENY,
  97. ),
  98. 'grant_list' => array(
  99. 'description' => 'Whether this role can view the name of this term on a node or in category lists. 0=>No, 1=>Yes.',
  100. 'type' => 'int',
  101. 'unsigned' => TRUE,
  102. 'size' => 'tiny',
  103. 'not null' => TRUE,
  104. 'default' => TAXONOMY_ACCESS_TERM_ALLOW,
  105. ),
  106. ),
  107. 'primary key' => array('tid', 'rid'),
  108. );
  109. $schema['taxonomy_access_default'] = array(
  110. 'description' => 'Sets vocabulary defaults for which roles may view, update, delete, create, and list nodes with a given term. Overridden by {taxonomy_access_term}.',
  111. 'fields' => array(
  112. 'vid' => array(
  113. 'description' => 'The vocabulary.vid for which this row sets defaults.',
  114. 'type' => 'int',
  115. 'unsigned' => TRUE,
  116. 'not null' => TRUE,
  117. 'default' => TAXONOMY_ACCESS_VOCABULARY_DEFAULT,
  118. ),
  119. 'rid' => array(
  120. 'description' => "The role.rid a user must possess to gain this row's privileges on nodes for terms in this vocabulary.",
  121. 'type' => 'int',
  122. 'unsigned' => TRUE,
  123. 'not null' => TRUE,
  124. 'default' => 0,
  125. ),
  126. 'grant_view' => array(
  127. 'description' => 'Whether this role can view nodes with terms in this vocabulary. 0=>Ignore, 1=>Allow, 2=>Deny.',
  128. 'type' => 'int',
  129. 'unsigned' => TRUE,
  130. 'size' => 'tiny',
  131. 'not null' => TRUE,
  132. 'default' => TAXONOMY_ACCESS_NODE_IGNORE,
  133. ),
  134. 'grant_update' => array(
  135. 'description' => 'Whether this role can edit nodes with terms in this vocabulary. 0=>Ignore, 1=>Allow, 2=>Deny.',
  136. 'type' => 'int',
  137. 'unsigned' => TRUE,
  138. 'size' => 'tiny',
  139. 'not null' => TRUE,
  140. 'default' => TAXONOMY_ACCESS_NODE_IGNORE,
  141. ),
  142. 'grant_delete' => array(
  143. 'description' => 'Whether this role can delete nodes with terms in this vocabulary. 0=>Ignore, 1=>Allow, 2=>Deny.',
  144. 'type' => 'int',
  145. 'unsigned' => TRUE,
  146. 'size' => 'tiny',
  147. 'not null' => TRUE,
  148. 'default' => TAXONOMY_ACCESS_NODE_IGNORE,
  149. ),
  150. 'grant_create' => array(
  151. 'description' => 'Whether this role can set terms in this vocabulary when adding or editing a node. 0=>No, 1=>Yes.',
  152. 'type' => 'int',
  153. 'unsigned' => TRUE,
  154. 'size' => 'tiny',
  155. 'not null' => TRUE,
  156. 'default' => TAXONOMY_ACCESS_TERM_DENY,
  157. ),
  158. 'grant_list' => array(
  159. 'description' => 'Whether this role can view the name of terms in this vocabulary on a node or in category lists. 0=>No, 1=>Yes.',
  160. 'type' => 'int',
  161. 'unsigned' => TRUE,
  162. 'size' => 'tiny',
  163. 'not null' => TRUE,
  164. 'default' => TAXONOMY_ACCESS_TERM_DENY,
  165. ),
  166. ),
  167. 'primary key' => array('vid', 'rid'),
  168. );
  169. return $schema;
  170. }
  171. /**
  172. * Add vocabulary defaults for all configured vocabularies.
  173. */
  174. function taxonomy_access_update_7002() {
  175. // Get a list of all vocabularies with any term configurations for each role.
  176. $ta_configs = db_query(
  177. "SELECT td.vid, ta.rid
  178. FROM {taxonomy_access_term} ta
  179. INNER JOIN {taxonomy_term_data} td ON ta.tid = td.tid
  180. GROUP BY td.vid, ta.rid"
  181. )->fetchAll();
  182. // Get a list of all configured vocabularies.
  183. $td_configs = db_query(
  184. "SELECT vid, rid
  185. FROM {taxonomy_access_default}"
  186. )->fetchAll();
  187. $records = array();
  188. $global_defaults = taxonomy_access_global_defaults();
  189. foreach ($ta_configs as $config) {
  190. if (!in_array($config, $td_configs)) {
  191. $record = (array) $global_defaults[$config->rid];
  192. $records[] = _taxonomy_access_format_grant_record($config->vid, $config->rid, $record, TRUE);
  193. }
  194. }
  195. if (taxonomy_access_set_default_grants($records)) {
  196. return t('Update completed successfully.');
  197. }
  198. else {
  199. return t('Update failed.');
  200. }
  201. }
  202. /**
  203. * Rename grant realm.
  204. */
  205. function taxonomy_access_update_7001() {
  206. db_query(
  207. "UPDATE {node_access} SET realm = 'taxonomy_access_role'
  208. WHERE realm = 'term_access'"
  209. );
  210. }
  211. /**
  212. * Rename database tables to follow Drupal 7 standards.
  213. */
  214. function taxonomy_access_update_7000() {
  215. db_rename_table('term_access', 'taxonomy_access_term');
  216. db_rename_table('term_access_defaults', 'taxonomy_access_default');
  217. }
  218. /**
  219. * Implements hook_enable().
  220. *
  221. * Housekeeping: while we were away, did you delete any terms/vocabs/roles?
  222. * 1: Weight this module below the Taxonomy module.
  223. * 2: Delete ta, tad rows for missing roles.
  224. * 3: Delete ta rows for missing terms.
  225. * 4: Delete tad rows for missing vocabs.
  226. */
  227. function taxonomy_access_enable() {
  228. // Weight this module below the Taxonomy module.
  229. $tax_weight =
  230. db_query(
  231. "SELECT weight FROM {system}
  232. WHERE name = 'taxonomy'"
  233. )
  234. ->fetchField()
  235. ;
  236. db_update('system')
  237. ->fields(array('weight' => ($tax_weight + 1)))
  238. ->condition('name', 'taxonomy_access')
  239. ->execute();
  240. // Delete any records for roles not in {roles}.
  241. $roles = _taxonomy_access_user_roles();
  242. $config_roles =
  243. db_query("SELECT DISTINCT rid FROM {taxonomy_access_default}")
  244. ->fetchCol();
  245. $missing_roles = array_diff($config_roles, array_keys($roles));
  246. // Core flags node access for rebuild on enable, so skip node updates.
  247. foreach ($missing_roles as $rid) {
  248. taxonomy_access_delete_role_grants($rid, FALSE);
  249. }
  250. // Delete any term configurations not in {taxonomy_term_data}.
  251. $term_ids =
  252. db_query(
  253. "SELECT ta.tid
  254. FROM {taxonomy_access_term} ta
  255. LEFT JOIN {taxonomy_term_data} td ON ta.tid = td.tid
  256. WHERE ta.tid <> :tid AND td.tid IS NULL",
  257. array(':tid' => TAXONOMY_ACCESS_VOCABULARY_DEFAULT))
  258. ->fetchCol()
  259. ;
  260. // Core flags node access for rebuild on enable, so skip node updates.
  261. taxonomy_access_delete_term_grants($term_ids, NULL, FALSE);
  262. unset($term_ids);
  263. // Delete any defaults for vocabularies not in {taxonomy_vocabulary}.
  264. $vocab_ids =
  265. db_query(
  266. "SELECT tad.vid
  267. FROM {taxonomy_access_default} tad
  268. LEFT JOIN {taxonomy_vocabulary} tv ON tad.vid = tv.vid
  269. WHERE tad.vid <> :vid AND tv.vid IS NULL",
  270. array(':vid' => TAXONOMY_ACCESS_GLOBAL_DEFAULT))
  271. ->fetchCol()
  272. ;
  273. // Core flags node access for rebuild on enable, so skip node updates.
  274. taxonomy_access_delete_default_grants($vocab_ids, FALSE);
  275. unset($vocab_ids);
  276. }