publishcontent.module 8.5 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255
  1. <?php
  2. /**
  3. * @file
  4. * Add link to publish or unpublish a node, with access control based on the
  5. * node type
  6. */
  7. /**
  8. * Implements hook_menu().
  9. */
  10. function publishcontent_menu() {
  11. $items = array();
  12. $items['admin/config/content/publishcontent'] = array(
  13. 'title' => 'Publish content settings',
  14. 'page callback' => 'drupal_get_form',
  15. 'page arguments' => array('publishcontent_config_form'),
  16. 'access callback' => 'user_access',
  17. 'access arguments' => array('administer site configuration'),
  18. 'description' => 'Configure settings.',
  19. 'file' => 'publishcontent.admin.inc',
  20. 'type' => MENU_NORMAL_ITEM,
  21. );
  22. $items['node/%publishcontent_tab/publish/%publishcontent_security_token'] = array(
  23. 'title' => 'Publish',
  24. 'page callback' => 'publishcontent_toggle_status',
  25. 'page arguments' => array(1),
  26. 'access callback' => '_publishcontent_publish_access',
  27. 'access arguments' => array(1, 3),
  28. 'weight' => 5,
  29. 'type' => MENU_LOCAL_TASK,
  30. 'options' => array('attributes' => array('class' => array('publishcontent-link', 'publishcontent-publish'))),
  31. 'context' => MENU_CONTEXT_PAGE | MENU_CONTEXT_INLINE,
  32. );
  33. $items['node/%publishcontent_tab/unpublish/%publishcontent_security_token'] = array(
  34. 'title' => 'Unpublish',
  35. 'page callback' => 'publishcontent_toggle_status',
  36. 'page arguments' => array(1),
  37. 'access callback' => '_publishcontent_unpublish_access',
  38. 'access arguments' => array(1, 3),
  39. 'weight' => 5,
  40. 'type' => MENU_LOCAL_TASK,
  41. 'options' => array('attributes' => array('class' => array('publishcontent-link', 'publishcontent-unpublish'))),
  42. 'context' => MENU_CONTEXT_PAGE | MENU_CONTEXT_INLINE,
  43. );
  44. return $items;
  45. }
  46. /**
  47. * Decide to show the (un)publish tab or not.
  48. */
  49. function publishcontent_tab_load($nid) {
  50. if (is_numeric($nid)) {
  51. $node = node_load($nid);
  52. if (variable_get('publishcontent_tabs', TRUE)) {
  53. return $node;
  54. }
  55. }
  56. return FALSE;
  57. }
  58. /**
  59. * Used to append a security token to prevent XSS.
  60. *
  61. * @see Dynamic argument replacement (wildcard) for hook_menu at
  62. * http://drupal.org/node/109153
  63. */
  64. function publishcontent_security_token_to_arg($arg, $map, $index) {
  65. return drupal_get_token();
  66. }
  67. /**
  68. * Access callback for publish action. Only allow access based on permissions
  69. * and current node status = unpublished
  70. */
  71. function _publishcontent_publish_access($node, $token = FALSE) {
  72. if (empty($node->nid) || !is_object($node)) {
  73. return FALSE;
  74. }
  75. if ($token && !drupal_valid_token($token)) {
  76. return FALSE;
  77. }
  78. if (!variable_get('publishcontent_' . $node->type, TRUE)) {
  79. return FALSE;
  80. }
  81. if (!is_object($node)) {
  82. return FALSE;
  83. }
  84. global $user;
  85. return !$node->status &&
  86. (user_access('publish any content')
  87. || (user_access('publish own content') && $user->uid == $node->uid)
  88. || (user_access('publish editable content') && node_access('update', $node))
  89. || (user_access('publish own '. check_plain($node->type) .' content', $user) && $user->uid == $node->uid)
  90. || user_access('publish any '. check_plain($node->type) .' content')
  91. || (user_access('publish editable '. check_plain($node->type) .' content') && node_access('update', $node))
  92. );
  93. }
  94. /**
  95. * Access callback for unpublish action. Only allow access based on permissions
  96. * and current node status = published
  97. */
  98. function _publishcontent_unpublish_access($node, $token = FALSE) {
  99. if (empty($node->nid) || !is_object($node)) {
  100. return FALSE;
  101. }
  102. if ($token && !drupal_valid_token($token)) {
  103. return FALSE;
  104. }
  105. if (!variable_get('publishcontent_' . $node->type, TRUE)) {
  106. return FALSE;
  107. }
  108. if (!is_object($node)) {
  109. return FALSE;
  110. }
  111. global $user;
  112. return $node->status &&
  113. (user_access('unpublish any content')
  114. || (user_access('unpublish own content') && $user->uid == $node->uid)
  115. || (user_access('unpublish editable content') && node_access('update', $node))
  116. || (user_access('unpublish own '. check_plain($node->type) .' content', $user) && $user->uid == $node->uid)
  117. || user_access('unpublish any '. check_plain($node->type) .' content')
  118. || (user_access('unpublish editable '. check_plain($node->type) .' content') && node_access('update', $node))
  119. );
  120. }
  121. /**
  122. * Implementation of hook_permission().
  123. */
  124. function publishcontent_permission() {
  125. $perms = array(
  126. 'publish any content' => array(
  127. 'title' => t('Publish any content'),
  128. ),
  129. 'unpublish any content' => array(
  130. 'title' => t('Unpublish any content'),
  131. ),
  132. 'publish editable content' => array(
  133. 'title' => t('Publish editable content'),
  134. ),
  135. 'unpublish editable content' => array(
  136. 'title' => t('Unpublish editable content'),
  137. ),
  138. );
  139. foreach (node_type_get_types() as $type) {
  140. if (!variable_get('publishcontent_' . $type->type, TRUE)) {
  141. continue;
  142. }
  143. if (isset($type->type)) {
  144. $perms['publish any ' . $type->type . ' content'] = array(
  145. 'title' => t('Publish any @type content', array('@type' => $type->name)));
  146. $perms['publish own ' . $type->type . ' content'] = array(
  147. 'title' => t('Publish own @type content', array('@type' => $type->name)));
  148. $perms['publish editable ' . $type->type . ' content'] = array(
  149. 'title' => t('Publish editable @type content', array('@type' => $type->name)));
  150. $perms['unpublish any ' . $type->type . ' content'] = array(
  151. 'title' => t('Unpublish any @type content', array('@type' => $type->name)));
  152. $perms['unpublish own ' . $type->type . ' content'] = array(
  153. 'title' => t('Unpublish own @type content', array('@type' => $type->name)));
  154. $perms['unpublish editable ' . $type->type . ' content'] = array(
  155. 'title' => t('Unpublish editable @type content', array('@type' => $type->name)));
  156. }
  157. }
  158. return $perms;
  159. }
  160. /**
  161. * Helper function to generate change of status message.
  162. */
  163. function _publishcontent_get_message($nid, $title, $status) {
  164. return t($status ? '"@title" [@nid] has been published'
  165. : '"@title" [@nid] has been unpublished',
  166. array('@title' => $title, '@nid' => $nid));
  167. }
  168. /**
  169. * Menu callback for publish / unpublish content actions.
  170. * @param $node a node object
  171. */
  172. function publishcontent_toggle_status($node) {
  173. // XOR the current status with 1 to get the opposite value.
  174. $node->status = $node->status ^ 1;
  175. // If this content type specifies that a new revision should be created on
  176. // editing, then make sure to respect this option.
  177. $node_options = variable_get('node_options_' . $node->type, array());
  178. if (in_array('revision', $node_options)) {
  179. $node->revision = 1;
  180. }
  181. node_save($node);
  182. drupal_set_message(_publishcontent_get_message($node->nid, $node->title, $node->status));
  183. drupal_goto($_SERVER['HTTP_REFERER']);
  184. }
  185. /**
  186. * Implementation of hook_form_alter()
  187. *
  188. * allow to use the 'Publishing options' on the edit/add page
  189. */
  190. function publishcontent_form_alter(&$form, &$form_state, $form_id) {
  191. if ($form_id == 'node_type_form') {
  192. $form['workflow']['publishcontent'] = array(
  193. '#type' => 'checkbox',
  194. '#title' => t('Enable publishcontent'),
  195. '#default_value' => variable_get('publishcontent_' . $form['#node_type']->type, TRUE),
  196. '#description' => t('Display publish or unpublish link for nodes of this type.'),
  197. );
  198. }
  199. elseif (user_access('administer nodes')
  200. || empty($form['#node']) || empty($form['#node']->type)
  201. || $form['#node']->type . '_node_form' != $form_id
  202. || (!_publishcontent_unpublish_access($form['#node'])
  203. && !_publishcontent_publish_access($form['#node']))) {
  204. return;
  205. }
  206. $form['options']['status']['#access'] = TRUE;
  207. if (!empty($form['options']['#access'])) {
  208. return;
  209. }
  210. else {
  211. $form['options']['#access'] = TRUE;
  212. }
  213. foreach (element_children($form['options']) as $key) {
  214. // If another form has afforded access to a particular option, do not
  215. // override that access. Otherwise, disable it.
  216. $form['options'][$key]['#access'] =
  217. isset($form['options'][$key]['#access'])
  218. ? $form['options'][$key]['#access'] : FALSE;
  219. }
  220. }
  221. /**
  222. * Implements hook_views_api()
  223. */
  224. function publishcontent_views_api() {
  225. return array('api' => 3);
  226. }
  227. /**
  228. * Implements hook_views_data_alter() to add items to the node table that are
  229. * relevant to publishcontent.
  230. */
  231. function publishcontent_views_data_alter(&$data) {
  232. // new comments
  233. $data['node']['publishcontent'] = array(
  234. 'title' => t('Publish link'),
  235. 'help' => t('Display a link to publish the node.'),
  236. 'field' => array(
  237. 'handler' => 'publishcontent_views_handler_field_node_link',
  238. ),
  239. );
  240. }