From d05edabff1c95bf6a6412ecb67b81a936e43f715 Mon Sep 17 00:00:00 2001
From: Tim Steiner <tsteiner2@unl.edu>
Date: Mon, 6 Dec 2010 20:30:23 +0000
Subject: [PATCH] Step one of implementing the List/Create permissions in
Taxonomy Access Controls: when editing a node, only list/enable the correct
taxonomy terms (only works with checkboxes right now)
git-svn-id: file:///tmp/wdn_thm_drupal/trunk@358 20a16fea-79d4-4915-8869-1ea9d5ebf173
---
.../taxonomy_access_control/tac.admin.php | 20 +++--
.../taxonomy_access_control/tac.install | 35 +++++++++
.../taxonomy_access_control/tac.module | 77 +++++++++++++++++++
3 files changed, 125 insertions(+), 7 deletions(-)
diff --git a/sites/all/modules/taxonomy_access_control/tac.admin.php b/sites/all/modules/taxonomy_access_control/tac.admin.php
index a2c7c2fc0..e997ca99b 100644
--- a/sites/all/modules/taxonomy_access_control/tac.admin.php
+++ b/sites/all/modules/taxonomy_access_control/tac.admin.php
@@ -47,10 +47,15 @@ function tac_admin($form, $form_state, $rid = NULL) {
foreach (taxonomy_get_tree($vocabulary) as $term) {
$subform['term_' . $term->tid] = array(
'#title' => $term->name,
- 'view' => array(
- '#parents' => array('edit', $rid, $term->tid, 'view'),
+ 'list' => array(
+ '#parents' => array('edit', $rid, $term->tid, 'list'),
'#type' => 'checkbox',
- '#default_value' => (isset($currentValues[$rid][$term->tid]->grant_view) ? $currentValues[$rid][$term->tid]->grant_view : 0),
+ '#default_value' => (isset($currentValues[$rid][$term->tid]->grant_list) ? $currentValues[$rid][$term->tid]->grant_list : 0),
+ ),
+ 'create' => array(
+ '#parents' => array('edit', $rid, $term->tid, 'create'),
+ '#type' => 'checkbox',
+ '#default_value' => (isset($currentValues[$rid][$term->tid]->grant_create) ? $currentValues[$rid][$term->tid]->grant_create : 0),
),
'update' => array(
'#parents' => array('edit', $rid, $term->tid, 'update'),
@@ -79,13 +84,14 @@ function tac_admin($form, $form_state, $rid = NULL) {
function theme_tac_term_list($variables) {
$form = $variables['form'];
- $headers = array('Term', 'View', 'Update', 'Delete');
+ $headers = array('Term', 'List', 'Create', 'Update', 'Delete');
$rows = array();
foreach (element_children($form) as $key) {
$rows[] = array(
'data' => array(
$form[$key]['#title'],
- drupal_render($form[$key]['view']),
+ drupal_render($form[$key]['list']),
+ drupal_render($form[$key]['create']),
drupal_render($form[$key]['update']),
drupal_render($form[$key]['delete']),
)
@@ -115,12 +121,12 @@ function tac_admin_submit($form, &$form_state) {
}
- $insert = db_insert('tac_map')->fields(array('rid', 'tid', 'grant_view', 'grant_update', 'grant_delete'));
+ $insert = db_insert('tac_map')->fields(array('rid', 'tid', 'grant_list', 'grant_create', 'grant_update', 'grant_delete'));
foreach ($form_state['values']['edit'] as $rid => $terms) {
foreach ($terms as $tid => $grants) {
$insert->values(array(
- $rid, $tid, $grants['view'], $grants['update'], $grants['delete'],
+ $rid, $tid, $grants['list'], $grants['create'], $grants['update'], $grants['delete'],
));
}
}
diff --git a/sites/all/modules/taxonomy_access_control/tac.install b/sites/all/modules/taxonomy_access_control/tac.install
index 3aa690423..e9a503dbd 100644
--- a/sites/all/modules/taxonomy_access_control/tac.install
+++ b/sites/all/modules/taxonomy_access_control/tac.install
@@ -45,6 +45,22 @@ function tac_schema()
'default' => 0,
'size' => 'tiny',
),
+ 'grant_create' => array(
+ 'description' => 'Boolean indicating whether a user with the realm/grant pair can create this term on a node.',
+ 'type' => 'int',
+ 'unsigned' => TRUE,
+ 'not null' => TRUE,
+ 'default' => 0,
+ 'size' => 'tiny',
+ ),
+ 'grant_list' => array(
+ 'description' => 'Boolean indicating whether a user with the realm/grant pair can list this term.',
+ 'type' => 'int',
+ 'unsigned' => TRUE,
+ 'not null' => TRUE,
+ 'default' => 0,
+ 'size' => 'tiny',
+ ),
),
'primary key' => array('rid', 'tid'),
'foreign keys' => array(
@@ -122,6 +138,25 @@ function tac_update_7100()
db_create_table('tac_map', $table);
}
+function tac_update_7101() {
+ db_add_field('tac_map', 'grant_create', array(
+ 'description' => 'Boolean indicating whether a user with the realm/grant pair can create this term on a node.',
+ 'type' => 'int',
+ 'unsigned' => TRUE,
+ 'not null' => TRUE,
+ 'default' => 0,
+ 'size' => 'tiny',
+ ));
+
+ db_add_field('tac_map', 'grant_list', array(
+ 'description' => 'Boolean indicating whether a user with the realm/grant pair can list this term.',
+ 'type' => 'int',
+ 'unsigned' => TRUE,
+ 'not null' => TRUE,
+ 'default' => 0,
+ 'size' => 'tiny',
+ ));
+}
diff --git a/sites/all/modules/taxonomy_access_control/tac.module b/sites/all/modules/taxonomy_access_control/tac.module
index a8f740503..dc7c39cef 100644
--- a/sites/all/modules/taxonomy_access_control/tac.module
+++ b/sites/all/modules/taxonomy_access_control/tac.module
@@ -103,3 +103,80 @@ function tac_node_grants($account, $op) {
return $grants;
}
+
+function tac_form_alter(&$form, &$form_state, $form_id) {
+ if (substr($form_id, -10) == '_node_form') {
+
+ // If the current user can bypass node access controls, we don't need to filter anything
+ if (user_access('bypass node access')) {
+ return;
+ }
+
+ $tac_vid = variable_get('tac_vocabulary', -1);
+ $taxonomy_fields = array();
+
+ $fields = field_info_instances('node', $form['#node']->type);
+ foreach ($fields as $field) {
+ $fieldInfo = field_info_field($field['field_name']);
+ if ($fieldInfo['type'] != 'taxonomy_term_reference') {
+ continue;
+ }
+ $taxonomy_fields[] = $field['field_name'];
+ }
+
+ $query = db_select('tac_map', 'm');
+ $query->fields('m');
+ $query->condition('m.rid', array_keys($GLOBALS['user']->roles), 'IN');
+ $data = $query->execute()->fetchAll();
+
+ $grants = array();
+ foreach ($data as $row) {
+ if ($row->grant_create) {
+ $grants[$row->tid]['create'] = TRUE;
+ }
+ if ($row->grant_list) {
+ $grants[$row->tid]['list'] = TRUE;
+ }
+ }
+
+ $form['#validate'][] = 'tac_node_form_validate';
+ foreach ($taxonomy_fields as $field) {
+ if ($form[$field]['und']['#type'] == 'checkboxes') {
+ foreach ($form[$field]['und']['#options'] as $tid => $term) {
+ if (!isset($grants[$tid]['list']) || !$grants[$tid]['list']) {
+ $form[$field]['und'][$tid]['#type'] = 'hidden';
+ $form_state['storage']['tac'][$field][$tid] = $tid;
+ }
+ if (!isset($grants[$tid]['create']) || !$grants[$tid]['create']) {
+ $form[$field]['und'][$tid]['#disabled'] = 'TRUE';
+ $form_state['storage']['tac'][$field][$tid] = $tid;
+ }
+ }
+ }
+ }
+ }
+}
+
+function tac_node_form_validate($form, &$form_state) {
+ foreach ($form_state['storage']['tac'] as $field => $locked_terms) {
+ $default_terms = $form[$field]['und']['#default_value'];
+
+ $set_terms = array();
+ foreach ($form_state['values'][$field]['und'] as $key => $term_value) {
+ $set_terms[$key] = $term_value['tid'];
+ }
+
+ foreach ($locked_terms as $locked_term) {
+ if (in_array($locked_term, $default_terms) && !in_array($locked_term, $set_terms)) {
+ $form_state['values'][$field]['und'][] = array(
+ 'tid' => $locked_term,
+ );
+ }
+ if (!in_array($locked_term, $default_terms) && in_array($locked_term, $set_terms)) {
+ form_set_error('tac', 'Attempt to add a denied term detected.');
+ return FALSE;
+ }
+ }
+ }
+}
+
--
GitLab