array_keys($account->roles), 'workflow_access_owner' => array($account->uid), ); } /** * Implementation of hook_node_access_records(). * * Returns a list of grant records for the passed in node object. */ function workflow_access_node_access_records($node) { $grants = array(); $sid = db_result(db_query("SELECT sid FROM {workflow_node} WHERE nid = %d", $node->nid)); // We have state information about this node, so get permissions for this state. if (is_numeric($sid)) { $result = db_query('SELECT * FROM {workflow_access} WHERE sid = %d', $sid); while ($grant = db_fetch_object($result)) { $grants[] = array( 'realm' => ($grant->rid == -1) ? 'workflow_access_owner' : 'workflow_access', 'gid' => ($grant->rid == -1) ? $node->uid : $grant->rid, 'grant_view' => $grant->grant_view, 'grant_update' => $grant->grant_update, 'grant_delete' => $grant->grant_delete, 'priority' => 0, ); } } return $grants; } /** * Implementation of hook_node_access_explain(). */ function workflow_access_node_access_explain($row) { static $interpretations = array(); switch ($row->realm) { case 'workflow_access_owner': $interpretations[$row->gid] = t('Workflow access: author of the content may access'); break; case 'workflow_access': $roles = user_roles(); $interpretations[$row->gid] = t('Workflow access: %role may access', array('%role' => $roles[$row->gid])); break; } return (!empty($interpretations[$row->gid]) ? $interpretations[$row->gid] : NULL); } /** * Implementation of hook_form_alter(). * * Add a "three dimensional" (state, role, permission type) configuration * interface to the workflow edit form. */ function workflow_access_form_workflow_edit_form_alter(&$form, $form_state) { // A list of roles available on the site and our // special -1 role used to represent the node author. $rids = user_roles(); $rids['-1'] = t('author'); $form['workflow_access'] = array( '#type' => 'fieldset', '#title' => t('Access control'), '#collapsible' => TRUE, '#tree' => TRUE, ); // Add a table for every workflow state. $states = workflow_get_states($form['wid']['#value']); foreach ($states as $sid => $state) { if (workflow_is_system_state($state)) { // No need to set perms on creation. continue; } $view = $update = $delete = array(); $result = db_query("SELECT * from {workflow_access} where sid = %d", $sid); $count = 0; while ($access = db_fetch_object($result)) { $count++; if ($access->grant_view) { $view[] = $access->rid; } if ($access->grant_update) { $update[] = $access->rid; } if ($access->grant_delete) { $delete[] = $access->rid; } } // Allow view grants by default for anonymous and authenticated users, // if no grants were set up earlier. if (!$count) { $view = array(DRUPAL_ANONYMOUS_RID, DRUPAL_AUTHENTICATED_RID); } // TODO better tables using a #theme function instead of direct #prefixing $form['workflow_access'][$sid] = array( '#type' => 'fieldset', '#title' => $state, '#collapsible' => TRUE, '#tree' => TRUE, ); $form['workflow_access'][$sid]['view'] = array( '#type' => 'checkboxes', '#options' => $rids, '#default_value' => $view, '#title' => t('Roles who can view posts in this state'), '#prefix' => '
', ); $form['workflow_access'][$sid]['update'] = array( '#type' => 'checkboxes', '#options' => $rids, '#default_value' => $update, '#title' => t('Roles who can edit posts in this state'), '#prefix' => " | ", ); $form['workflow_access'][$sid]['delete'] = array( '#type' => 'checkboxes', '#options' => $rids, '#default_value' => $delete, '#title' => t('Roles who can delete posts in this state'), '#prefix' => " | ", '#suffix' => " |