source: sipes/modules_contrib/field_permissions/includes/field_access.inc @ 177a560

stableversion-3.0
Last change on this file since 177a560 was 177a560, checked in by José Gregorio Puentes <jpuentes@…>, 8 años ago

se agrego el directorio de modulos contribuidos de drupal
  • Propiedad mode establecida a 100644
File size: 3.0 KB
Línea 
1<?php
2
3/**
4 * @file
5 * Implementation of helper functions related to hook_field_access().
6 */
7
8/**
9 * Implementation of hook_field_access('view').
10 */
11function _field_permissions_field_view_access($field_name, $field_permissions, $account, $node) {
12  // Check if user has access to view this field in any node.
13  if (!empty($field_permissions['view']) && user_access('view '. $field_name, $account)) {
14    return TRUE;
15  }
16
17  // If 'view own' permission has been enabled for this field, then we can
18  // check if the user has the right permission, and ownership of the node.
19  if (!empty($field_permissions['view own']) && user_access('view own '. $field_name, $account)) {
20
21    // When content_access('view') is invoked, it may or may not provide a
22    // node object. It will, almost always, except when this function is
23    // invoked as a field access callback from Views, where it is used to
24    // evaluate if the field can be included in the query itself. In this
25    // case we should grant access. Views will invoke content_access('view')
26    // again, indirectly, when rendering the fields using content_format(),
27    // and this time it will provide a pseudo node object that includes the
28    // uid of the node author, so here is where we have the chance to
29    // evaluate ownership to check for 'view own <field>' permission.
30    if (!isset($node)) {
31      return TRUE;
32    }
33
34    // Try to get the uid of the node author from the node object itself.
35    // When invoked by Views to render a field, we may not have the uid of the
36    // node, so we need to retrieve it from the node or node revisions table.
37    if (isset($node->uid)) {
38      $node_uid = $node->uid;
39    }
40    elseif (!empty($node->vid)) {
41      $node_uid = db_result(db_query('SELECT uid FROM {node_revisions} WHERE vid = %d', $node->vid));
42    }
43    elseif (!empty($node->nid)) {
44      $node_uid = db_result(db_query('SELECT uid FROM {node} WHERE nid = %d', $node->nid));
45    }
46    else {
47      // Deny access to view the field if we have not been able to get the uid
48      // of the node author.
49      return FALSE;
50    }
51
52    // Finally, we can now check if ownership of the node matches.
53    return (is_numeric($node_uid) && $node_uid == $account->uid);
54  }
55
56  return FALSE;
57}
58
59/**
60 * Implementation of hook_field_access('edit').
61 */
62function _field_permissions_field_edit_access($field_name, $field_permissions, $account, $node) {
63  // Check if user has access to edit this field on node creation.
64  if (empty($node->nid) && !empty($field_permissions['create'])) {
65    return user_access('create '. $field_name, $account);
66  }
67
68  // Check if user has access to edit this field in any node.
69  if (!empty($field_permissions['edit']) && user_access('edit '. $field_name, $account)) {
70    return TRUE;
71  }
72
73  // If 'edit own' permission has been enabled for this field, then we can
74  // check if the user has the right permission, and ownership of the node.
75  if (!empty($field_permissions['edit own']) && user_access('edit own '. $field_name, $account) && $node->uid == $account->uid) {
76    return TRUE;
77  }
78
79  return FALSE;
80}
Nota: Vea TracBrowser para ayuda de uso del navegador del repositorio.