Step one of implementing the List/Create permissions in Taxonomy Access...

Step one of implementing the List/Create permissions in Taxonomy Access Controls: when editing a node, only list/enable the correct taxonomy terms (only works with checkboxes right now) git-svn-id: file:///tmp/wdn_thm_drupal/trunk@358 20a16fea-79d4-4915-8869-1ea9d5ebf173

Step one of implementing the List/Create permissions in Taxonomy Access...
d05edabf · Tim Steiner · 80b7f7d2 · d05edabf · d05edabf · d05edabf
Commit d05edabf authored 14 years ago by Tim Steiner
--- a/sites/all/modules/taxonomy_access_control/tac.admin.php
+++ b/sites/all/modules/taxonomy_access_control/tac.admin.php
@@ -47,10 +47,15 @@ function tac_admin($form, $form_state, $rid = NULL) {
      foreach (taxonomy_get_tree($vocabulary) as $term) {
        $subform['term_' . $term->tid] = array(
          '#title' => $term->name,
-          'view' => array(
-            '#parents'       => array('edit', $rid, $term->tid, 'view'),
+          'list' => array(
+            '#parents'       => array('edit', $rid, $term->tid, 'list'),
            '#type'          => 'checkbox',
-            '#default_value' => (isset($currentValues[$rid][$term->tid]->grant_view) ? $currentValues[$rid][$term->tid]->grant_view : 0),
+            '#default_value' => (isset($currentValues[$rid][$term->tid]->grant_list) ? $currentValues[$rid][$term->tid]->grant_list : 0),
+          ),
+          'create' => array(
+            '#parents'       => array('edit', $rid, $term->tid, 'create'),
+            '#type'          => 'checkbox',
+            '#default_value' => (isset($currentValues[$rid][$term->tid]->grant_create) ? $currentValues[$rid][$term->tid]->grant_create : 0),
          ),
          'update' => array(
            '#parents'       => array('edit', $rid, $term->tid, 'update'),
@@ -79,13 +84,14 @@ function tac_admin($form, $form_state, $rid = NULL) {
 function theme_tac_term_list($variables) {
  $form = $variables['form'];
  
-  $headers = array('Term', 'View', 'Update', 'Delete');
+  $headers = array('Term', 'List', 'Create', 'Update', 'Delete');
  $rows = array();
  foreach (element_children($form) as $key) {
    $rows[] = array(
      'data' => array(
        $form[$key]['#title'],
-        drupal_render($form[$key]['view']),
+        drupal_render($form[$key]['list']),
+        drupal_render($form[$key]['create']),
        drupal_render($form[$key]['update']),
        drupal_render($form[$key]['delete']),
      )
@@ -115,12 +121,12 @@ function tac_admin_submit($form, &$form_state) {
  }
  

-  $insert = db_insert('tac_map')->fields(array('rid', 'tid', 'grant_view', 'grant_update', 'grant_delete'));
+  $insert = db_insert('tac_map')->fields(array('rid', 'tid', 'grant_list', 'grant_create', 'grant_update', 'grant_delete'));
  
  foreach ($form_state['values']['edit'] as $rid => $terms) {
    foreach ($terms as $tid => $grants) {
      $insert->values(array(
-        $rid, $tid, $grants['view'], $grants['update'], $grants['delete'],
+        $rid, $tid, $grants['list'], $grants['create'], $grants['update'], $grants['delete'],
      ));
    }
  }

--- a/sites/all/modules/taxonomy_access_control/tac.install
+++ b/sites/all/modules/taxonomy_access_control/tac.install
@@ -45,6 +45,22 @@ function tac_schema()
        'default' => 0,
        'size' => 'tiny',
      ),
+      'grant_create' => array(
+        'description' => 'Boolean indicating whether a user with the realm/grant pair can create this term on a node.',
+        'type' => 'int',
+        'unsigned' => TRUE,
+        'not null' => TRUE,
+        'default' => 0,
+        'size' => 'tiny',
+      ),
+      'grant_list' => array(
+        'description' => 'Boolean indicating whether a user with the realm/grant pair can list this term.',
+        'type' => 'int',
+        'unsigned' => TRUE,
+        'not null' => TRUE,
+        'default' => 0,
+        'size' => 'tiny',
+      ),
    ),
    'primary key' => array('rid', 'tid'),
    'foreign keys' => array(
@@ -122,6 +138,25 @@ function tac_update_7100()
  db_create_table('tac_map', $table);
 }

+function tac_update_7101() {
+  db_add_field('tac_map', 'grant_create', array(
+    'description' => 'Boolean indicating whether a user with the realm/grant pair can create this term on a node.',
+    'type' => 'int',
+    'unsigned' => TRUE,
+    'not null' => TRUE,
+    'default' => 0,
+    'size' => 'tiny',
+  ));
+  
+  db_add_field('tac_map', 'grant_list', array(
+    'description' => 'Boolean indicating whether a user with the realm/grant pair can list this term.',
+    'type' => 'int',
+    'unsigned' => TRUE,
+    'not null' => TRUE,
+    'default' => 0,
+    'size' => 'tiny',
+  ));
+}




--- a/sites/all/modules/taxonomy_access_control/tac.module
+++ b/sites/all/modules/taxonomy_access_control/tac.module
@@ -103,3 +103,80 @@ function tac_node_grants($account, $op) {
  
  return $grants;
 }
+
+function tac_form_alter(&$form, &$form_state, $form_id) {
+  if (substr($form_id, -10) == '_node_form') {
+    
+    // If the current user can bypass node access controls, we don't need to filter anything
+    if (user_access('bypass node access')) {
+      return;
+    }
+    
+    $tac_vid = variable_get('tac_vocabulary', -1);
+    $taxonomy_fields = array();
+    
+    $fields = field_info_instances('node', $form['#node']->type);
+    foreach ($fields as $field) {
+      $fieldInfo = field_info_field($field['field_name']);
+      if ($fieldInfo['type'] != 'taxonomy_term_reference') {
+        continue;
+      }
+      $taxonomy_fields[] = $field['field_name'];
+    }
+    
+    $query = db_select('tac_map', 'm');
+    $query->fields('m');
+    $query->condition('m.rid', array_keys($GLOBALS['user']->roles), 'IN');
+    $data = $query->execute()->fetchAll();
+    
+    $grants = array();
+    foreach ($data as $row) {
+      if ($row->grant_create) {
+        $grants[$row->tid]['create'] = TRUE;
+      }
+      if ($row->grant_list) {
+        $grants[$row->tid]['list'] = TRUE;
+      }
+    }
+    
+    $form['#validate'][] = 'tac_node_form_validate';
+    foreach ($taxonomy_fields as $field) {
+      if ($form[$field]['und']['#type'] == 'checkboxes') {
+        foreach ($form[$field]['und']['#options'] as $tid => $term) {
+          if (!isset($grants[$tid]['list']) || !$grants[$tid]['list']) {
+            $form[$field]['und'][$tid]['#type'] = 'hidden';
+            $form_state['storage']['tac'][$field][$tid] = $tid;
+          }
+          if (!isset($grants[$tid]['create']) || !$grants[$tid]['create']) {
+            $form[$field]['und'][$tid]['#disabled'] = 'TRUE';
+            $form_state['storage']['tac'][$field][$tid] = $tid;
+          }
+        }
+      }
+    }
+  }
+}
+
+function tac_node_form_validate($form, &$form_state) {
+  foreach ($form_state['storage']['tac'] as $field => $locked_terms) {
+    $default_terms = $form[$field]['und']['#default_value'];
+    
+    $set_terms = array();
+    foreach ($form_state['values'][$field]['und'] as $key => $term_value) {
+      $set_terms[$key] = $term_value['tid'];
+    }
+    
+    foreach ($locked_terms as $locked_term) {
+      if (in_array($locked_term, $default_terms) && !in_array($locked_term, $set_terms)) {
+        $form_state['values'][$field]['und'][] = array(
+          'tid' => $locked_term,
+        );
+      }
+      if (!in_array($locked_term, $default_terms) && in_array($locked_term, $set_terms)) {
+        form_set_error('tac', 'Attempt to add a denied term detected.');
+        return FALSE;
+      }
+    }
+  }
+}
+