1 | <?php |
---|
2 | // $Id: workflow_access.module,v 1.6.2.2 2010/10/27 20:35:31 jvandyk Exp $ |
---|
3 | |
---|
4 | /** |
---|
5 | * @file |
---|
6 | * Provides node access permissions based on workflow states. |
---|
7 | */ |
---|
8 | |
---|
9 | /** |
---|
10 | * Implementation of hook_node_grants(). |
---|
11 | * |
---|
12 | * Supply the workflow access grants. We are simply using |
---|
13 | * roles as access lists, so rids translate directly to gids. |
---|
14 | */ |
---|
15 | function workflow_access_node_grants($account, $op) { |
---|
16 | return array( |
---|
17 | 'workflow_access' => array_keys($account->roles), |
---|
18 | 'workflow_access_owner' => array($account->uid), |
---|
19 | ); |
---|
20 | } |
---|
21 | |
---|
22 | /** |
---|
23 | * Implementation of hook_node_access_records(). |
---|
24 | * |
---|
25 | * Returns a list of grant records for the passed in node object. |
---|
26 | */ |
---|
27 | function workflow_access_node_access_records($node) { |
---|
28 | $grants = array(); |
---|
29 | $sid = db_result(db_query("SELECT sid FROM {workflow_node} WHERE nid = %d", $node->nid)); |
---|
30 | |
---|
31 | // We have state information about this node, so get permissions for this state. |
---|
32 | if (is_numeric($sid)) { |
---|
33 | $result = db_query('SELECT * FROM {workflow_access} WHERE sid = %d', $sid); |
---|
34 | while ($grant = db_fetch_object($result)) { |
---|
35 | $grants[] = array( |
---|
36 | 'realm' => ($grant->rid == -1) ? 'workflow_access_owner' : 'workflow_access', |
---|
37 | 'gid' => ($grant->rid == -1) ? $node->uid : $grant->rid, |
---|
38 | 'grant_view' => $grant->grant_view, |
---|
39 | 'grant_update' => $grant->grant_update, |
---|
40 | 'grant_delete' => $grant->grant_delete, |
---|
41 | 'priority' => 0, |
---|
42 | ); |
---|
43 | } |
---|
44 | } |
---|
45 | |
---|
46 | return $grants; |
---|
47 | } |
---|
48 | |
---|
49 | /** |
---|
50 | * Implementation of hook_node_access_explain(). |
---|
51 | */ |
---|
52 | function workflow_access_node_access_explain($row) { |
---|
53 | static $interpretations = array(); |
---|
54 | switch ($row->realm) { |
---|
55 | case 'workflow_access_owner': |
---|
56 | $interpretations[$row->gid] = t('Workflow access: author of the content may access'); |
---|
57 | break; |
---|
58 | case 'workflow_access': |
---|
59 | $roles = user_roles(); |
---|
60 | $interpretations[$row->gid] = t('Workflow access: %role may access', array('%role' => $roles[$row->gid])); |
---|
61 | break; |
---|
62 | } |
---|
63 | return (!empty($interpretations[$row->gid]) ? $interpretations[$row->gid] : NULL); |
---|
64 | } |
---|
65 | |
---|
66 | /** |
---|
67 | * Implementation of hook_form_alter(). |
---|
68 | * |
---|
69 | * Add a "three dimensional" (state, role, permission type) configuration |
---|
70 | * interface to the workflow edit form. |
---|
71 | */ |
---|
72 | function workflow_access_form_workflow_edit_form_alter(&$form, $form_state) { |
---|
73 | // A list of roles available on the site and our |
---|
74 | // special -1 role used to represent the node author. |
---|
75 | $rids = user_roles(); |
---|
76 | $rids['-1'] = t('author'); |
---|
77 | |
---|
78 | $form['workflow_access'] = array( |
---|
79 | '#type' => 'fieldset', |
---|
80 | '#title' => t('Access control'), |
---|
81 | '#collapsible' => TRUE, |
---|
82 | '#tree' => TRUE, |
---|
83 | ); |
---|
84 | |
---|
85 | // Add a table for every workflow state. |
---|
86 | $states = workflow_get_states($form['wid']['#value']); |
---|
87 | foreach ($states as $sid => $state) { |
---|
88 | |
---|
89 | if (workflow_is_system_state($state)) { |
---|
90 | // No need to set perms on creation. |
---|
91 | continue; |
---|
92 | } |
---|
93 | |
---|
94 | $view = $update = $delete = array(); |
---|
95 | |
---|
96 | $result = db_query("SELECT * from {workflow_access} where sid = %d", $sid); |
---|
97 | $count = 0; |
---|
98 | while ($access = db_fetch_object($result)) { |
---|
99 | $count++; |
---|
100 | if ($access->grant_view) { |
---|
101 | $view[] = $access->rid; |
---|
102 | } |
---|
103 | if ($access->grant_update) { |
---|
104 | $update[] = $access->rid; |
---|
105 | } |
---|
106 | if ($access->grant_delete) { |
---|
107 | $delete[] = $access->rid; |
---|
108 | } |
---|
109 | } |
---|
110 | |
---|
111 | // Allow view grants by default for anonymous and authenticated users, |
---|
112 | // if no grants were set up earlier. |
---|
113 | if (!$count) { |
---|
114 | $view = array(DRUPAL_ANONYMOUS_RID, DRUPAL_AUTHENTICATED_RID); |
---|
115 | } |
---|
116 | |
---|
117 | // TODO better tables using a #theme function instead of direct #prefixing |
---|
118 | $form['workflow_access'][$sid] = array( |
---|
119 | '#type' => 'fieldset', |
---|
120 | '#title' => $state, |
---|
121 | '#collapsible' => TRUE, |
---|
122 | '#tree' => TRUE, |
---|
123 | ); |
---|
124 | $form['workflow_access'][$sid]['view'] = array( |
---|
125 | '#type' => 'checkboxes', |
---|
126 | '#options' => $rids, |
---|
127 | '#default_value' => $view, |
---|
128 | '#title' => t('Roles who can view posts in this state'), |
---|
129 | '#prefix' => '<table width="100%" style="border: 0;"><tbody style="border: 0;"><tr><td>', |
---|
130 | ); |
---|
131 | $form['workflow_access'][$sid]['update'] = array( |
---|
132 | '#type' => 'checkboxes', |
---|
133 | '#options' => $rids, |
---|
134 | '#default_value' => $update, |
---|
135 | '#title' => t('Roles who can edit posts in this state'), |
---|
136 | '#prefix' => "</td><td>", |
---|
137 | ); |
---|
138 | $form['workflow_access'][$sid]['delete'] = array( |
---|
139 | '#type' => 'checkboxes', |
---|
140 | '#options' => $rids, |
---|
141 | '#default_value' => $delete, |
---|
142 | '#title' => t('Roles who can delete posts in this state'), |
---|
143 | '#prefix' => "</td><td>", |
---|
144 | '#suffix' => "</td></tr></tbody></table>", |
---|
145 | ); |
---|
146 | } |
---|
147 | // Place our block comfortably down the page. |
---|
148 | $form['submit']['#weight'] = 10; |
---|
149 | $form['#submit'][] = 'workflow_access_form_submit'; |
---|
150 | } |
---|
151 | |
---|
152 | /** |
---|
153 | * Store permission settings for workflow states. |
---|
154 | */ |
---|
155 | function workflow_access_form_submit($form, $form_state) { |
---|
156 | foreach ($form_state['values']['workflow_access'] as $sid => $access) { |
---|
157 | // Ignore irrelevant keys. |
---|
158 | if (!is_numeric($sid)) { |
---|
159 | continue; |
---|
160 | } |
---|
161 | |
---|
162 | $grants = array(); |
---|
163 | db_query("DELETE FROM {workflow_access} WHERE sid = %d", $sid); |
---|
164 | foreach ($access['view'] as $rid => $checked) { |
---|
165 | $grants[] = array( |
---|
166 | 'realm' => ($rid == -1) ? 'workflow_access_owner' : 'workflow_access', |
---|
167 | 'gid' => ($rid == -1) ? $node->uid : $rid, |
---|
168 | 'grant_view' => (bool)$checked, |
---|
169 | 'grant_update' => (bool)$access['update'][$rid], |
---|
170 | 'grant_delete' => (bool)$access['delete'][$rid], |
---|
171 | ); |
---|
172 | |
---|
173 | db_query("INSERT INTO {workflow_access} (sid, rid, grant_view, grant_update, grant_delete) VALUES (%d, %d, %d, %d, %d)", $sid, $rid, (bool)$checked, (bool)$access['update'][$rid], (bool)$access['delete'][$rid]); |
---|
174 | } |
---|
175 | |
---|
176 | // Update all nodes having same workflow state to reflect new settings. |
---|
177 | $result = db_query("SELECT n.nid FROM {node} n LEFT JOIN {workflow_node} wn ON wn.nid = n.nid WHERE wn.sid = %d", $sid); |
---|
178 | while ($node = db_fetch_object($result)) { |
---|
179 | // TODO: this only works with workflow_access realm, not the workflow_access_owner realm?! |
---|
180 | node_access_write_grants($node, $grants, 'workflow_access'); |
---|
181 | } |
---|
182 | } |
---|
183 | drupal_set_message(t('Workflow access permissions updated.')); |
---|
184 | } |
---|
185 | |
---|
186 | /** |
---|
187 | * Implementation of hook_workflow(). |
---|
188 | * |
---|
189 | * Update grants when a node changes workflow state. |
---|
190 | */ |
---|
191 | function workflow_access_workflow($op, $old_sid, $sid, $node) { |
---|
192 | if ($op == 'transition post' && $old_sid != $sid) { |
---|
193 | node_access_acquire_grants($node); |
---|
194 | } |
---|
195 | } |
---|