diff --git a/sites/all/modules/taxonomy_access_control/tac.admin.php b/sites/all/modules/taxonomy_access_control/tac.admin.php index a2c7c2fc0e8b18db8aab362a298e7a32b1961d4b..e997ca99b6e22fcc2d858b75edb66369d46b153a 100644 --- a/sites/all/modules/taxonomy_access_control/tac.admin.php +++ b/sites/all/modules/taxonomy_access_control/tac.admin.php @@ -47,10 +47,15 @@ function tac_admin($form, $form_state, $rid = NULL) { foreach (taxonomy_get_tree($vocabulary) as $term) { $subform['term_' . $term->tid] = array( '#title' => $term->name, - 'view' => array( - '#parents' => array('edit', $rid, $term->tid, 'view'), + 'list' => array( + '#parents' => array('edit', $rid, $term->tid, 'list'), '#type' => 'checkbox', - '#default_value' => (isset($currentValues[$rid][$term->tid]->grant_view) ? $currentValues[$rid][$term->tid]->grant_view : 0), + '#default_value' => (isset($currentValues[$rid][$term->tid]->grant_list) ? $currentValues[$rid][$term->tid]->grant_list : 0), + ), + 'create' => array( + '#parents' => array('edit', $rid, $term->tid, 'create'), + '#type' => 'checkbox', + '#default_value' => (isset($currentValues[$rid][$term->tid]->grant_create) ? $currentValues[$rid][$term->tid]->grant_create : 0), ), 'update' => array( '#parents' => array('edit', $rid, $term->tid, 'update'), @@ -79,13 +84,14 @@ function tac_admin($form, $form_state, $rid = NULL) { function theme_tac_term_list($variables) { $form = $variables['form']; - $headers = array('Term', 'View', 'Update', 'Delete'); + $headers = array('Term', 'List', 'Create', 'Update', 'Delete'); $rows = array(); foreach (element_children($form) as $key) { $rows[] = array( 'data' => array( $form[$key]['#title'], - drupal_render($form[$key]['view']), + drupal_render($form[$key]['list']), + drupal_render($form[$key]['create']), drupal_render($form[$key]['update']), drupal_render($form[$key]['delete']), ) @@ -115,12 +121,12 @@ function tac_admin_submit($form, &$form_state) { } - $insert = db_insert('tac_map')->fields(array('rid', 'tid', 'grant_view', 'grant_update', 'grant_delete')); + $insert = db_insert('tac_map')->fields(array('rid', 'tid', 'grant_list', 'grant_create', 'grant_update', 'grant_delete')); foreach ($form_state['values']['edit'] as $rid => $terms) { foreach ($terms as $tid => $grants) { $insert->values(array( - $rid, $tid, $grants['view'], $grants['update'], $grants['delete'], + $rid, $tid, $grants['list'], $grants['create'], $grants['update'], $grants['delete'], )); } } diff --git a/sites/all/modules/taxonomy_access_control/tac.install b/sites/all/modules/taxonomy_access_control/tac.install index 3aa690423cb24ee38f2e5bcda5916db89dcbb452..e9a503dbdb13bbad538da4448a7a443475228a92 100644 --- a/sites/all/modules/taxonomy_access_control/tac.install +++ b/sites/all/modules/taxonomy_access_control/tac.install @@ -45,6 +45,22 @@ function tac_schema() 'default' => 0, 'size' => 'tiny', ), + 'grant_create' => array( + 'description' => 'Boolean indicating whether a user with the realm/grant pair can create this term on a node.', + 'type' => 'int', + 'unsigned' => TRUE, + 'not null' => TRUE, + 'default' => 0, + 'size' => 'tiny', + ), + 'grant_list' => array( + 'description' => 'Boolean indicating whether a user with the realm/grant pair can list this term.', + 'type' => 'int', + 'unsigned' => TRUE, + 'not null' => TRUE, + 'default' => 0, + 'size' => 'tiny', + ), ), 'primary key' => array('rid', 'tid'), 'foreign keys' => array( @@ -122,6 +138,25 @@ function tac_update_7100() db_create_table('tac_map', $table); } +function tac_update_7101() { + db_add_field('tac_map', 'grant_create', array( + 'description' => 'Boolean indicating whether a user with the realm/grant pair can create this term on a node.', + 'type' => 'int', + 'unsigned' => TRUE, + 'not null' => TRUE, + 'default' => 0, + 'size' => 'tiny', + )); + + db_add_field('tac_map', 'grant_list', array( + 'description' => 'Boolean indicating whether a user with the realm/grant pair can list this term.', + 'type' => 'int', + 'unsigned' => TRUE, + 'not null' => TRUE, + 'default' => 0, + 'size' => 'tiny', + )); +} diff --git a/sites/all/modules/taxonomy_access_control/tac.module b/sites/all/modules/taxonomy_access_control/tac.module index a8f7405032342aba0a92e7d92fcfbb410c065170..dc7c39cef0ca73d659e6c61f85d009d4877c44b8 100644 --- a/sites/all/modules/taxonomy_access_control/tac.module +++ b/sites/all/modules/taxonomy_access_control/tac.module @@ -103,3 +103,80 @@ function tac_node_grants($account, $op) { return $grants; } + +function tac_form_alter(&$form, &$form_state, $form_id) { + if (substr($form_id, -10) == '_node_form') { + + // If the current user can bypass node access controls, we don't need to filter anything + if (user_access('bypass node access')) { + return; + } + + $tac_vid = variable_get('tac_vocabulary', -1); + $taxonomy_fields = array(); + + $fields = field_info_instances('node', $form['#node']->type); + foreach ($fields as $field) { + $fieldInfo = field_info_field($field['field_name']); + if ($fieldInfo['type'] != 'taxonomy_term_reference') { + continue; + } + $taxonomy_fields[] = $field['field_name']; + } + + $query = db_select('tac_map', 'm'); + $query->fields('m'); + $query->condition('m.rid', array_keys($GLOBALS['user']->roles), 'IN'); + $data = $query->execute()->fetchAll(); + + $grants = array(); + foreach ($data as $row) { + if ($row->grant_create) { + $grants[$row->tid]['create'] = TRUE; + } + if ($row->grant_list) { + $grants[$row->tid]['list'] = TRUE; + } + } + + $form['#validate'][] = 'tac_node_form_validate'; + foreach ($taxonomy_fields as $field) { + if ($form[$field]['und']['#type'] == 'checkboxes') { + foreach ($form[$field]['und']['#options'] as $tid => $term) { + if (!isset($grants[$tid]['list']) || !$grants[$tid]['list']) { + $form[$field]['und'][$tid]['#type'] = 'hidden'; + $form_state['storage']['tac'][$field][$tid] = $tid; + } + if (!isset($grants[$tid]['create']) || !$grants[$tid]['create']) { + $form[$field]['und'][$tid]['#disabled'] = 'TRUE'; + $form_state['storage']['tac'][$field][$tid] = $tid; + } + } + } + } + } +} + +function tac_node_form_validate($form, &$form_state) { + foreach ($form_state['storage']['tac'] as $field => $locked_terms) { + $default_terms = $form[$field]['und']['#default_value']; + + $set_terms = array(); + foreach ($form_state['values'][$field]['und'] as $key => $term_value) { + $set_terms[$key] = $term_value['tid']; + } + + foreach ($locked_terms as $locked_term) { + if (in_array($locked_term, $default_terms) && !in_array($locked_term, $set_terms)) { + $form_state['values'][$field]['und'][] = array( + 'tid' => $locked_term, + ); + } + if (!in_array($locked_term, $default_terms) && in_array($locked_term, $set_terms)) { + form_set_error('tac', 'Attempt to add a denied term detected.'); + return FALSE; + } + } + } +} +