entity-access.inc 4.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154
  1. <?php
  2. /**
  3. * @file
  4. * Provides various callbacks for the whole core module integration.
  5. * This is a copy of Entity API's functionality for use when Entity API isn't
  6. * Enabled, and only works on view functions.
  7. */
  8. /**
  9. * Core hack to include entity api-esque 'access callback' functions to core
  10. * entities without needing to rely on entity api.
  11. * Exception: We don't touch file entity. You must have entity API enabled to
  12. * view files.
  13. */
  14. function _ctools_entity_access(&$entity_info, $entity_type) {
  15. // If the access callback is already set, don't change anything.
  16. if (isset($entity_info['access callback'])) {
  17. return;
  18. }
  19. switch ($entity_type) {
  20. case 'node':
  21. // Sad panda, we don't use Entity API, lets manually add access callbacks.
  22. $entity_info['access callback'] = 'ctools_metadata_no_hook_node_access';
  23. break;
  24. case 'user':
  25. $entity_info['access callback'] = 'ctools_metadata_user_access';
  26. break;
  27. case 'comment':
  28. if (module_exists('comment')) {
  29. $entity_info['access callback'] = 'ctools_metadata_comment_access';
  30. }
  31. break;
  32. case 'taxonomy_term':
  33. if (module_exists('taxonomy')) {
  34. $entity_info['access callback'] = 'ctools_metadata_taxonomy_access';
  35. }
  36. break;
  37. case 'taxonomy_vocabulary':
  38. if (module_exists('taxonomy')) {
  39. $entity_info['access callback'] = 'ctools_metadata_taxonomy_access';
  40. }
  41. break;
  42. }
  43. }
  44. /**
  45. * Access callback for the node entity.
  46. *
  47. * This function does not implement hook_node_access(), thus it may not be
  48. * called ctools_metadata_node_access().
  49. *
  50. * @see entity_access()
  51. *
  52. * @param $op
  53. * The operation being performed. One of 'view', 'update', 'create' or
  54. * 'delete'.
  55. * @param $node
  56. * A node to check access for. Must be a node object. Must have nid,
  57. * except in the case of 'create' operations.
  58. * @param $account
  59. * The user to check for. Leave it to NULL to check for the global user.
  60. *
  61. * @throws EntityMalformedException
  62. *
  63. * @return bool
  64. * TRUE if access is allowed, FALSE otherwise.
  65. */
  66. function ctools_metadata_no_hook_node_access($op, $node = NULL, $account = NULL) {
  67. // First deal with the case where a $node is provided.
  68. if (isset($node)) {
  69. // If a non-default revision is given, incorporate revision access.
  70. $default_revision = node_load($node->nid);
  71. if ($node->vid !== $default_revision->vid) {
  72. return _node_revision_access($node, $op, $account);
  73. }
  74. else {
  75. return node_access($op, $node, $account);
  76. }
  77. }
  78. // No node is provided. Check for access to all nodes.
  79. if (user_access('bypass node access', $account)) {
  80. return TRUE;
  81. }
  82. if (!user_access('access content', $account)) {
  83. return FALSE;
  84. }
  85. if ($op == 'view' && node_access_view_all_nodes($account)) {
  86. return TRUE;
  87. }
  88. return FALSE;
  89. }
  90. /**
  91. * Access callback for the user entity.
  92. */
  93. function ctools_metadata_user_access($op, $entity = NULL, $account = NULL, $entity_type) {
  94. $account = isset($account) ? $account : $GLOBALS['user'];
  95. // Grant access to the users own user account and to the anonymous one.
  96. if (isset($entity) && $op != 'delete' && (($entity->uid == $account->uid && $entity->uid) || (!$entity->uid && $op == 'view'))) {
  97. return TRUE;
  98. }
  99. if (user_access('administer users', $account) || user_access('access user profiles', $account) && $op == 'view' && $entity->status) {
  100. return TRUE;
  101. }
  102. return FALSE;
  103. }
  104. /**
  105. * Access callback for the comment entity.
  106. */
  107. function ctools_metadata_comment_access($op, $entity = NULL, $account = NULL) {
  108. // When determining access to a comment, if comment has an associated node,
  109. // the user must be able to view the node in order to access the comment.
  110. if (isset($entity->nid)) {
  111. if (!node_access('view', node_load($entity->nid), $account)) {
  112. return FALSE;
  113. }
  114. }
  115. // Comment administrators are allowed to perform all operations on all
  116. // comments.
  117. if (user_access('administer comments', $account)) {
  118. return TRUE;
  119. }
  120. // Unpublished comments can never be accessed by non-admins.
  121. if (isset($entity->status) && $entity->status == COMMENT_NOT_PUBLISHED) {
  122. return FALSE;
  123. }
  124. if (user_access('access comments', $account) && $op == 'view') {
  125. return TRUE;
  126. }
  127. return FALSE;
  128. }
  129. /**
  130. * Access callback for the taxonomy entities.
  131. */
  132. function ctools_metadata_taxonomy_access($op, $entity = NULL, $account = NULL, $entity_type) {
  133. if ($entity_type == 'taxonomy_vocabulary') {
  134. return user_access('administer taxonomy', $account);
  135. }
  136. if (user_access('administer taxonomy', $account) || user_access('access content', $account) && $op == 'view') {
  137. return TRUE;
  138. }
  139. return FALSE;
  140. }