[177a560] | 1 | <?php |
---|
| 2 | |
---|
| 3 | /** |
---|
| 4 | * @file |
---|
| 5 | * Implementation of helper functions related to hook_field_access(). |
---|
| 6 | */ |
---|
| 7 | |
---|
| 8 | /** |
---|
| 9 | * Implementation of hook_field_access('view'). |
---|
| 10 | */ |
---|
| 11 | function _field_permissions_field_view_access($field_name, $field_permissions, $account, $node) { |
---|
| 12 | // Check if user has access to view this field in any node. |
---|
| 13 | if (!empty($field_permissions['view']) && user_access('view '. $field_name, $account)) { |
---|
| 14 | return TRUE; |
---|
| 15 | } |
---|
| 16 | |
---|
| 17 | // If 'view own' permission has been enabled for this field, then we can |
---|
| 18 | // check if the user has the right permission, and ownership of the node. |
---|
| 19 | if (!empty($field_permissions['view own']) && user_access('view own '. $field_name, $account)) { |
---|
| 20 | |
---|
| 21 | // When content_access('view') is invoked, it may or may not provide a |
---|
| 22 | // node object. It will, almost always, except when this function is |
---|
| 23 | // invoked as a field access callback from Views, where it is used to |
---|
| 24 | // evaluate if the field can be included in the query itself. In this |
---|
| 25 | // case we should grant access. Views will invoke content_access('view') |
---|
| 26 | // again, indirectly, when rendering the fields using content_format(), |
---|
| 27 | // and this time it will provide a pseudo node object that includes the |
---|
| 28 | // uid of the node author, so here is where we have the chance to |
---|
| 29 | // evaluate ownership to check for 'view own <field>' permission. |
---|
| 30 | if (!isset($node)) { |
---|
| 31 | return TRUE; |
---|
| 32 | } |
---|
| 33 | |
---|
| 34 | // Try to get the uid of the node author from the node object itself. |
---|
| 35 | // When invoked by Views to render a field, we may not have the uid of the |
---|
| 36 | // node, so we need to retrieve it from the node or node revisions table. |
---|
| 37 | if (isset($node->uid)) { |
---|
| 38 | $node_uid = $node->uid; |
---|
| 39 | } |
---|
| 40 | elseif (!empty($node->vid)) { |
---|
| 41 | $node_uid = db_result(db_query('SELECT uid FROM {node_revisions} WHERE vid = %d', $node->vid)); |
---|
| 42 | } |
---|
| 43 | elseif (!empty($node->nid)) { |
---|
| 44 | $node_uid = db_result(db_query('SELECT uid FROM {node} WHERE nid = %d', $node->nid)); |
---|
| 45 | } |
---|
| 46 | else { |
---|
| 47 | // Deny access to view the field if we have not been able to get the uid |
---|
| 48 | // of the node author. |
---|
| 49 | return FALSE; |
---|
| 50 | } |
---|
| 51 | |
---|
| 52 | // Finally, we can now check if ownership of the node matches. |
---|
| 53 | return (is_numeric($node_uid) && $node_uid == $account->uid); |
---|
| 54 | } |
---|
| 55 | |
---|
| 56 | return FALSE; |
---|
| 57 | } |
---|
| 58 | |
---|
| 59 | /** |
---|
| 60 | * Implementation of hook_field_access('edit'). |
---|
| 61 | */ |
---|
| 62 | function _field_permissions_field_edit_access($field_name, $field_permissions, $account, $node) { |
---|
| 63 | // Check if user has access to edit this field on node creation. |
---|
| 64 | if (empty($node->nid) && !empty($field_permissions['create'])) { |
---|
| 65 | return user_access('create '. $field_name, $account); |
---|
| 66 | } |
---|
| 67 | |
---|
| 68 | // Check if user has access to edit this field in any node. |
---|
| 69 | if (!empty($field_permissions['edit']) && user_access('edit '. $field_name, $account)) { |
---|
| 70 | return TRUE; |
---|
| 71 | } |
---|
| 72 | |
---|
| 73 | // If 'edit own' permission has been enabled for this field, then we can |
---|
| 74 | // check if the user has the right permission, and ownership of the node. |
---|
| 75 | if (!empty($field_permissions['edit own']) && user_access('edit own '. $field_name, $account) && $node->uid == $account->uid) { |
---|
| 76 | return TRUE; |
---|
| 77 | } |
---|
| 78 | |
---|
| 79 | return FALSE; |
---|
| 80 | } |
---|