1 | <?php |
---|
2 | |
---|
3 | /** |
---|
4 | * @file |
---|
5 | * Implementation of helper functions related to hook_field_access(). |
---|
6 | */ |
---|
7 | |
---|
8 | /** |
---|
9 | * Implementation of hook_field_access('view'). |
---|
10 | */ |
---|
11 | function _field_permissions_field_view_access($field_name, $field_permissions, $account, $node) { |
---|
12 | // Check if user has access to view this field in any node. |
---|
13 | if (!empty($field_permissions['view']) && user_access('view '. $field_name, $account)) { |
---|
14 | return TRUE; |
---|
15 | } |
---|
16 | |
---|
17 | // If 'view own' permission has been enabled for this field, then we can |
---|
18 | // check if the user has the right permission, and ownership of the node. |
---|
19 | if (!empty($field_permissions['view own']) && user_access('view own '. $field_name, $account)) { |
---|
20 | |
---|
21 | // When content_access('view') is invoked, it may or may not provide a |
---|
22 | // node object. It will, almost always, except when this function is |
---|
23 | // invoked as a field access callback from Views, where it is used to |
---|
24 | // evaluate if the field can be included in the query itself. In this |
---|
25 | // case we should grant access. Views will invoke content_access('view') |
---|
26 | // again, indirectly, when rendering the fields using content_format(), |
---|
27 | // and this time it will provide a pseudo node object that includes the |
---|
28 | // uid of the node author, so here is where we have the chance to |
---|
29 | // evaluate ownership to check for 'view own <field>' permission. |
---|
30 | if (!isset($node)) { |
---|
31 | return TRUE; |
---|
32 | } |
---|
33 | |
---|
34 | // Try to get the uid of the node author from the node object itself. |
---|
35 | // When invoked by Views to render a field, we may not have the uid of the |
---|
36 | // node, so we need to retrieve it from the node or node revisions table. |
---|
37 | if (isset($node->uid)) { |
---|
38 | $node_uid = $node->uid; |
---|
39 | } |
---|
40 | elseif (!empty($node->vid)) { |
---|
41 | $node_uid = db_result(db_query('SELECT uid FROM {node_revisions} WHERE vid = %d', $node->vid)); |
---|
42 | } |
---|
43 | elseif (!empty($node->nid)) { |
---|
44 | $node_uid = db_result(db_query('SELECT uid FROM {node} WHERE nid = %d', $node->nid)); |
---|
45 | } |
---|
46 | else { |
---|
47 | // Deny access to view the field if we have not been able to get the uid |
---|
48 | // of the node author. |
---|
49 | return FALSE; |
---|
50 | } |
---|
51 | |
---|
52 | // Finally, we can now check if ownership of the node matches. |
---|
53 | return (is_numeric($node_uid) && $node_uid == $account->uid); |
---|
54 | } |
---|
55 | |
---|
56 | return FALSE; |
---|
57 | } |
---|
58 | |
---|
59 | /** |
---|
60 | * Implementation of hook_field_access('edit'). |
---|
61 | */ |
---|
62 | function _field_permissions_field_edit_access($field_name, $field_permissions, $account, $node) { |
---|
63 | // Check if user has access to edit this field on node creation. |
---|
64 | if (empty($node->nid) && !empty($field_permissions['create'])) { |
---|
65 | return user_access('create '. $field_name, $account); |
---|
66 | } |
---|
67 | |
---|
68 | // Check if user has access to edit this field in any node. |
---|
69 | if (!empty($field_permissions['edit']) && user_access('edit '. $field_name, $account)) { |
---|
70 | return TRUE; |
---|
71 | } |
---|
72 | |
---|
73 | // If 'edit own' permission has been enabled for this field, then we can |
---|
74 | // check if the user has the right permission, and ownership of the node. |
---|
75 | if (!empty($field_permissions['edit own']) && user_access('edit own '. $field_name, $account) && $node->uid == $account->uid) { |
---|
76 | return TRUE; |
---|
77 | } |
---|
78 | |
---|
79 | return FALSE; |
---|
80 | } |
---|