source: sipes/modules_contrib/field_permissions/includes/field_access.inc

stableversion-3.0
Last change on this file was 663b989, checked in by José Gregorio Puentes <jpuentes@…>, 8 años ago

se actualizo el modulo
  • Propiedad mode establecida a 100644
File size: 3.1 KB
Línea 
1<?php
2// $Id: field_access.inc,v 1.1.2.2 2009/11/09 23:20:17 markuspetrux Exp $
3
4/**
5 * @file
6 * Implementation of helper functions related to hook_field_access().
7 */
8
9/**
10 * Implementation of hook_field_access('view').
11 */
12function _field_permissions_field_view_access($field_name, $field_permissions, $account, $node) {
13  // Check if user has access to view this field in any node.
14  if (!empty($field_permissions['view']) && user_access('view '. $field_name, $account)) {
15    return TRUE;
16  }
17
18  // If 'view own' permission has been enabled for this field, then we can
19  // check if the user has the right permission, and ownership of the node.
20  if (!empty($field_permissions['view own']) && user_access('view own '. $field_name, $account)) {
21
22    // When content_access('view') is invoked, it may or may not provide a
23    // node object. It will, almost always, except when this function is
24    // invoked as a field access callback from Views, where it is used to
25    // evaluate if the field can be included in the query itself. In this
26    // case we should grant access. Views will invoke content_access('view')
27    // again, indirectly, when rendering the fields using content_format(),
28    // and this time it will provide a pseudo node object that includes the
29    // uid of the node author, so here is where we have the chance to
30    // evaluate ownership to check for 'view own <field>' permission.
31    if (!isset($node)) {
32      return TRUE;
33    }
34
35    // Try to get the uid of the node author from the node object itself.
36    // When invoked by Views to render a field, we may not have the uid of the
37    // node, so we need to retrieve it from the node or node revisions table.
38    if (isset($node->uid)) {
39      $node_uid = $node->uid;
40    }
41    elseif (!empty($node->vid)) {
42      $node_uid = db_result(db_query('SELECT uid FROM {node_revisions} WHERE vid = %d', $node->vid));
43    }
44    elseif (!empty($node->nid)) {
45      $node_uid = db_result(db_query('SELECT uid FROM {node} WHERE nid = %d', $node->nid));
46    }
47    else {
48      // Deny access to view the field if we have not been able to get the uid
49      // of the node author.
50      return FALSE;
51    }
52
53    // Finally, we can now check if ownership of the node matches.
54    return (is_numeric($node_uid) && $node_uid == $account->uid);
55  }
56
57  return FALSE;
58}
59
60/**
61 * Implementation of hook_field_access('edit').
62 */
63function _field_permissions_field_edit_access($field_name, $field_permissions, $account, $node) {
64  // Check if user has access to edit this field on node creation.
65  if (empty($node->nid) && !empty($field_permissions['create'])) {
66    return user_access('create '. $field_name, $account);
67  }
68
69  // Check if user has access to edit this field in any node.
70  if (!empty($field_permissions['edit']) && user_access('edit '. $field_name, $account)) {
71    return TRUE;
72  }
73
74  // If 'edit own' permission has been enabled for this field, then we can
75  // check if the user has the right permission, and ownership of the node.
76  if (!empty($field_permissions['edit own']) && user_access('edit own '. $field_name, $account) && $node->uid == $account->uid) {
77    return TRUE;
78  }
79
80  return FALSE;
81}
Nota: Vea TracBrowser para ayuda de uso del navegador del repositorio.