1 | <?php |
---|
2 | // $Id: field_access.inc,v 1.1.2.2 2009/11/09 23:20:17 markuspetrux Exp $ |
---|
3 | |
---|
4 | /** |
---|
5 | * @file |
---|
6 | * Implementation of helper functions related to hook_field_access(). |
---|
7 | */ |
---|
8 | |
---|
9 | /** |
---|
10 | * Implementation of hook_field_access('view'). |
---|
11 | */ |
---|
12 | function _field_permissions_field_view_access($field_name, $field_permissions, $account, $node) { |
---|
13 | // Check if user has access to view this field in any node. |
---|
14 | if (!empty($field_permissions['view']) && user_access('view '. $field_name, $account)) { |
---|
15 | return TRUE; |
---|
16 | } |
---|
17 | |
---|
18 | // If 'view own' permission has been enabled for this field, then we can |
---|
19 | // check if the user has the right permission, and ownership of the node. |
---|
20 | if (!empty($field_permissions['view own']) && user_access('view own '. $field_name, $account)) { |
---|
21 | |
---|
22 | // When content_access('view') is invoked, it may or may not provide a |
---|
23 | // node object. It will, almost always, except when this function is |
---|
24 | // invoked as a field access callback from Views, where it is used to |
---|
25 | // evaluate if the field can be included in the query itself. In this |
---|
26 | // case we should grant access. Views will invoke content_access('view') |
---|
27 | // again, indirectly, when rendering the fields using content_format(), |
---|
28 | // and this time it will provide a pseudo node object that includes the |
---|
29 | // uid of the node author, so here is where we have the chance to |
---|
30 | // evaluate ownership to check for 'view own <field>' permission. |
---|
31 | if (!isset($node)) { |
---|
32 | return TRUE; |
---|
33 | } |
---|
34 | |
---|
35 | // Try to get the uid of the node author from the node object itself. |
---|
36 | // When invoked by Views to render a field, we may not have the uid of the |
---|
37 | // node, so we need to retrieve it from the node or node revisions table. |
---|
38 | if (isset($node->uid)) { |
---|
39 | $node_uid = $node->uid; |
---|
40 | } |
---|
41 | elseif (!empty($node->vid)) { |
---|
42 | $node_uid = db_result(db_query('SELECT uid FROM {node_revisions} WHERE vid = %d', $node->vid)); |
---|
43 | } |
---|
44 | elseif (!empty($node->nid)) { |
---|
45 | $node_uid = db_result(db_query('SELECT uid FROM {node} WHERE nid = %d', $node->nid)); |
---|
46 | } |
---|
47 | else { |
---|
48 | // Deny access to view the field if we have not been able to get the uid |
---|
49 | // of the node author. |
---|
50 | return FALSE; |
---|
51 | } |
---|
52 | |
---|
53 | // Finally, we can now check if ownership of the node matches. |
---|
54 | return (is_numeric($node_uid) && $node_uid == $account->uid); |
---|
55 | } |
---|
56 | |
---|
57 | return FALSE; |
---|
58 | } |
---|
59 | |
---|
60 | /** |
---|
61 | * Implementation of hook_field_access('edit'). |
---|
62 | */ |
---|
63 | function _field_permissions_field_edit_access($field_name, $field_permissions, $account, $node) { |
---|
64 | // Check if user has access to edit this field on node creation. |
---|
65 | if (empty($node->nid) && !empty($field_permissions['create'])) { |
---|
66 | return user_access('create '. $field_name, $account); |
---|
67 | } |
---|
68 | |
---|
69 | // Check if user has access to edit this field in any node. |
---|
70 | if (!empty($field_permissions['edit']) && user_access('edit '. $field_name, $account)) { |
---|
71 | return TRUE; |
---|
72 | } |
---|
73 | |
---|
74 | // If 'edit own' permission has been enabled for this field, then we can |
---|
75 | // check if the user has the right permission, and ownership of the node. |
---|
76 | if (!empty($field_permissions['edit own']) && user_access('edit own '. $field_name, $account) && $node->uid == $account->uid) { |
---|
77 | return TRUE; |
---|
78 | } |
---|
79 | |
---|
80 | return FALSE; |
---|
81 | } |
---|