Step two of implementing the List/Create permissions in Taxonomy Access...

Step two of implementing the List/Create permissions in Taxonomy Access Controls: when listing the terms on a node, or the nodes for a term, hide terms the for which the current user doesn't have the "List" grant. git-svn-id: file:///tmp/wdn_thm_drupal/trunk@359 20a16fea-79d4-4915-8869-1ea9d5ebf173

Step two of implementing the List/Create permissions in Taxonomy Access...
3f46fc7f · Tim Steiner · d05edabf · 3f46fc7f
Commit 3f46fc7f authored 14 years ago by Tim Steiner
--- a/sites/all/modules/taxonomy_access_control/tac.module
+++ b/sites/all/modules/taxonomy_access_control/tac.module
@@ -40,14 +40,7 @@ function tac_node_access_records($node) {
  $tac_vid = variable_get('tac_vocabulary', -1);
  $fields_to_check = array();
-  $fields = field_info_instances('node', $node->type);
+  $fields_to_check = _tac_get_taxonomy_fields_for_node($node);
-  foreach ($fields as $field) {
-    $fieldInfo = field_info_field($field['field_name']);
-    if ($fieldInfo['type'] != 'taxonomy_term_reference') {
-      continue;
-    }
-    $fields_to_check[] = $field['field_name'];
-  }
  $selected_tids = array();
  foreach ($fields_to_check as $field) {
@@ -112,17 +105,7 @@ function tac_form_alter(&$form, &$form_state, $form_id) {
      return;
    }
-    $tac_vid = variable_get('tac_vocabulary', -1);
+    $taxonomy_fields = _tac_get_taxonomy_fields_for_node($form['#node']);
-    $taxonomy_fields = array();
-    $fields = field_info_instances('node', $form['#node']->type);
-    foreach ($fields as $field) {
-      $fieldInfo = field_info_field($field['field_name']);
-      if ($fieldInfo['type'] != 'taxonomy_term_reference') {
-        continue;
-      }
-      $taxonomy_fields[] = $field['field_name'];
-    }
    $query = db_select('tac_map', 'm');
    $query->fields('m');
@@ -180,3 +163,68 @@ function tac_node_form_validate($form, &$form_state) {
  }
 }
+function tac_query_alter(QueryAlterableInterface $query) {
+  if (!$query->hasTag('term_access')) {
+    return;
+  }
+  // We need slightly more advanced filtering on the edit page.  Handle it there.
+  if (arg(2) == 'edit') {
+    return;
+  }
+  // If the current user can bypass node access controls, we don't need to filter anything
+  if (user_access('bypass node access')) {
+    return;
+  }
+  $alias = '';
+  foreach ($query->getTables() as $table) {
+    if ($table['table'] == 'taxonomy_term_data') {
+      $alias = $table['alias'];
+    }
+  }
+  $query->distinct();
+  $query->addJoin(
+  	'LEFT',
+  	'{tac_map}',
+  	'tm',
+  	"$alias.tid = tm.tid AND tm.rid IN (:rids)",
+    array(':rids' => array_keys($GLOBALS['user']->roles))
+  );
+  $query->where('tm.grant_list = 1 OR tm.grant_list IS NULL');
+}
+function _tac_get_taxonomy_fields_for_node($node) {
+  $tac_vid = variable_get('tac_vocabulary', -1);
+  $vocabularies = taxonomy_get_vocabularies();
+  if (!isset($vocabularies[$tac_vid])) {
+    return array();
+  }
+  $vocabulary = $vocabularies[$tac_vid];
+  $taxonomy_fields = array();
+  $fields = field_info_instances('node', $node->type);
+  foreach ($fields as $field) {
+    $fieldInfo = field_info_field($field['field_name']);
+    if ($fieldInfo['type'] != 'taxonomy_term_reference') {
+      continue;
+    }
+    $is_correct_vocabulary = FALSE;
+    foreach ($fieldInfo['settings']['allowed_values'] as $allowed_value) {
+      if ($allowed_value['vocabulary'] == $vocabulary->machine_name) {
+        $is_correct_vocabulary = TRUE;
+      }
+    }
+    if (!$is_correct_vocabulary) {
+      continue;
+    }
+    $taxonomy_fields[] = $field['field_name'];
+  }
+  return $taxonomy_fields;
+}