Index: content_access.admin.inc
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/content_access/Attic/content_access.admin.inc,v
retrieving revision 1.1.2.24
diff -u -p -r1.1.2.24 content_access.admin.inc
--- content_access.admin.inc 19 Jul 2010 11:40:11 -0000 1.1.2.24
+++ content_access.admin.inc 5 Feb 2011 06:59:41 -0000
@@ -13,17 +13,20 @@ define('CONTENT_ACCESS_MASS_UPDATE_THRES
/**
* Per node settings page.
*/
-function content_access_page(&$form_state, $node) {
- drupal_set_title(t('Access control for %title', array('%title' => $node->title)));
+function content_access_page($form, &$form_state, $node) {
+ drupal_set_title(t('Access control for @title', array('@title' => $node->title)));
- foreach (_content_access_get_operations() as $op) {
+ foreach (_content_access_get_operations() as $op => $label) {
$defaults[$op] = content_access_per_node_setting($op, $node);
}
- $form = content_access_role_based_form($defaults);
- // Add a after_build handler that disables checkboxes, which are enforced by permissions.
+ // Get roles form
+ content_access_role_based_form($form, $defaults);
+
+ // Add an after_build handler that disables checkboxes, which are enforced by permissions.
$form['per_role']['#after_build'] = array('content_access_force_permissions');
+ // ACL form
if (module_exists('acl')) {
// This is disabled when there is no node passed.
$form['acl'] = array(
@@ -33,20 +36,18 @@ function content_access_page(&$form_stat
'#collapsible' => TRUE,
'#tree' => TRUE,
);
+
foreach (array('view', 'update', 'delete') as $op) {
$acl_id = content_access_get_acl_id($node, $op);
- acl_node_add_acl($node->nid, $acl_id, $op == 'view', $op == 'update', $op == 'delete', content_access_get_settings('priority', $node->type));
- $form['acl'][$op] = acl_edit_form($acl_id, t('Grant !op access', array('!op' => $op)));
- $form['acl'][$op]['#collapsed'] = !isset($_POST['acl_'. $acl_id]) && !unserialize($form['acl'][$op]['user_list']['#default_value']);
+ acl_node_add_acl($node->nid, $acl_id, (int) ($op == 'view'), (int) ($op == 'update'), (int) ($op == 'delete'), content_access_get_settings('priority', $node->type));
+
+ $form['acl'][$op] = acl_edit_form($form_state, $acl_id, t('Grant !op access', array('!op' => $op)));
+ $form['acl'][$op]['#collapsed'] = !isset($_POST['acl_' . $acl_id]) && !unserialize($form['acl'][$op]['user_list']['#default_value']);
}
}
$form_state['node'] = $node;
- $form['submit'] = array(
- '#type' => 'submit',
- '#value' => t('Submit'),
- '#weight' => 10,
- );
+
$form['reset'] = array(
'#type' => 'submit',
'#value' => t('Reset to defaults'),
@@ -54,7 +55,14 @@ function content_access_page(&$form_stat
'#submit' => array('content_access_page_reset'),
'#access' => count(content_access_get_per_node_settings($node)) > 0,
);
+ $form['submit'] = array(
+ '#type' => 'submit',
+ '#value' => t('Submit'),
+ '#weight' => 10,
+ );
+ // @todo not true anymore?
+ // http://drupal.org/update/modules/6/7#hook_node_access_records
if (!$node->status) {
drupal_set_message(t("Warning: Your content is not published, so this settings are not taken into account as long as the content remains unpublished."), 'error');
}
@@ -62,14 +70,18 @@ function content_access_page(&$form_stat
return $form;
}
-
+/**
+ * Submit callback for content_access_page().
+ */
function content_access_page_submit($form, &$form_state) {
$settings = array();
$node = $form_state['node'];
- foreach (_content_access_get_operations() as $op) {
+
+ foreach (_content_access_get_operations() as $op => $label) {
// Set the settings so that further calls will return this settings.
$settings[$op] = array_keys(array_filter($form_state['values'][$op]));
}
+
// Save per-node settings.
content_access_save_per_node_settings($node, $settings);
@@ -81,37 +93,45 @@ function content_access_page_submit($for
// Apply new settings.
node_access_acquire_grants($node);
+
+ // @todo is this required?
cache_clear_all();
drupal_set_message(t('Your changes have been saved.'));
}
+/**
+ * Submit callback for reset on content_access_page().
+ */
function content_access_page_reset($form, &$form_state) {
content_access_delete_per_node_settings($form_state['node']);
node_access_acquire_grants($form_state['node']);
cache_clear_all();
+
drupal_set_message(t('The permissions have been reseted to the content type defaults.'));
}
/**
- * Per content type administration page form.
+ * Per content type settings form.
*/
-function content_access_admin_settings(&$form_state, $type) {
+function content_access_admin_settings($form, $form_state, $content_type) {
+ $type = $content_type->type;
+
$form_state['type'] = $type;
// Add role based per content type settings
$defaults = array();
- foreach (_content_access_get_operations() as $op) {
+ foreach (_content_access_get_operations() as $op => $label) {
$defaults[$op] = content_access_get_settings($op, $type);
}
- $form = content_access_role_based_form($defaults);
+ content_access_role_based_form($form, $defaults);
// Per node:
$form['node'] = array(
'#type' => 'fieldset',
'#title' => t('Per content node access control settings'),
'#collapsible' => TRUE,
- '#description' => t('Optionally you can enable per content node access control settings. If enabled, a new tab for the content access settings appears when viewing content. You have to configure permission to access these settings at the !permissions page.', array('!permissions' => l(t('permissions'), 'admin/user/permissions'))),
+ '#description' => t('Optionally you can enable per content node access control settings. If enabled, a new tab for the content access settings appears when viewing content. You have to configure permission to access these settings at the !permissions page.', array('!permissions' => l(t('permissions'), 'admin/people/permissions'))),
);
$form['node']['per_node'] = array(
'#type' => 'checkbox',
@@ -136,20 +156,41 @@ function content_access_admin_settings(&
'#value' => t('Submit'),
'#weight' => 10,
);
+
return $form;
}
+/**
+ * Submit handler for per content type settings form.
+ */
function content_access_admin_settings_submit($form, &$form_state) {
- // Where possible let the drupal permissions system handle access control.
- $permissions = content_access_get_permissions_by_role();
+ $roles_permissions = user_role_permissions(user_roles());
+ $permissions = user_permission_get_modules();
+
+ // Remove disabled modules permissions, so they can't raise exception
+ // in content_access_save_permissions()
+ foreach ($roles_permissions as $rid => $role_permissions) {
+ foreach ($role_permissions as $permission => $value) {
+ if (!array_key_exists($permission, $permissions)) {
+ unset($roles_permissions[$rid][$permission]);
+ }
+ }
+ }
+
foreach (array('update', 'update_own', 'delete', 'delete_own') as $op) {
foreach ($form_state['values'][$op] as $rid => $value) {
- $permissions[$rid][ content_access_get_permission_by_op($op, $form_state['type']) ] = $value;
+ $permission = content_access_get_permission_by_op($op, $form_state['type']);
+ if ($value) {
+ $roles_permissions[$rid][$permission] = TRUE;
+ }
+ else {
+ $roles_permissions[$rid][$permission] = FALSE;
+ }
}
// Don't save the setting, so its default value (get permission) is applied always.
unset($form_state['values'][$op]);
}
- content_access_save_permissions($permissions);
+ content_access_save_permissions($roles_permissions);
// Update content access settings
$settings = content_access_get_settings();
@@ -176,7 +217,7 @@ function content_access_admin_settings_s
}
if (content_access_mass_update(array($type))) {
- drupal_set_message(t('Permissions have been successfully rebuilt for the content type @types.', array('@types' => node_get_types('name', $type))));
+ drupal_set_message(t('Permissions have been successfully rebuilt for the content type @types.', array('@types' => node_type_get_name($type))));
}
}
@@ -191,13 +232,18 @@ function content_access_admin_settings_s
* Whether the operation has been processed successfully (TRUE) or postponed (FALSE).
*/
function content_access_mass_update($types) {
- $count = db_result(db_query("SELECT COUNT(DISTINCT nid) FROM {node} WHERE type IN (". db_placeholders($types, 'text') .")", $types));
+ $q = db_select('node', 'n')
+ ->fields('n', array('nid'))
+ ->condition('n.type', $types, 'IN');
+
+ $count = $q->countQuery()->execute()->fetchField();
+
node_access_needs_rebuild(TRUE);
// If there not too much nodes affected, try to do it.
if ($count <= CONTENT_ACCESS_MASS_UPDATE_THRESHOLD) {
- $result = db_query("SELECT nid FROM {node} WHERE type IN (". db_placeholders($types, 'text') .")", $types);
- while ($node = db_fetch_object($result)) {
+ $records = $q->execute();
+ foreach ($records as $node) {
node_access_acquire_grants(node_load($node->nid));
}
@@ -209,30 +255,12 @@ function content_access_mass_update($typ
}
/**
- * Gets the permissions for the role of the given id.
- */
-function content_access_get_permissions_by_role() {
- $result = db_query('SELECT r.rid, p.perm FROM {role} r LEFT JOIN {permission} p ON r.rid = p.rid');
- $permissions = array();
- while ($role = db_fetch_object($result)) {
- $permissions[$role->rid] = array_filter(drupal_map_assoc(explode(', ', $role->perm)));
- }
- return $permissions;
-}
-
-/**
* Saves the given permissions by role to the database.
*/
-function content_access_save_permissions($permissions) {
- foreach ($permissions as $rid => $perms) {
- $perms = array_filter($perms);
- db_query('DELETE FROM {permission} WHERE rid = %d', $rid);
- if (count($perms)) {
- db_query("INSERT INTO {permission} (rid, perm) VALUES (%d, '%s')", $rid, implode(', ', array_keys($perms)));
- }
+function content_access_save_permissions($roles_permissions) {
+ foreach ($roles_permissions as $rid => $permissions) {
+ user_role_change_permissions($rid, $permissions);
}
- // Make sure new permissions are applied immediately.
- content_access_get_permission_access(FALSE, TRUE);
}
/**
@@ -241,78 +269,37 @@ function content_access_save_permissions
* @param $defaults
* Array of defaults for all operations.
*/
-function content_access_role_based_form($defaults = array()) {
-
- // Make sure defaults are set properly
- foreach (_content_access_get_operations() as $op) {
- $defaults += array($op => array());
- }
-
- $roles = array_map('filter_xss_admin', user_roles());
- // Per type:
+function content_access_role_based_form(&$form, $defaults = array()) {
$form['per_role'] = array(
'#type' => 'fieldset',
'#title' => t('Role based access control settings'),
'#collapsible' => TRUE,
- '#description' => t('Note that users need at least the %access_content permission to be able to deal in any way with content.', array('%access_content' => t('access content'))).
- ' '. t('Furthermore note that content which is not @published is treated in a different way by drupal: It can be viewed only by its author or users with the %administer_nodes permission.', array('@published' => t('published'), '%administer_nodes' => t('administer nodes'))),
- );
- drupal_add_css(drupal_get_path('module', 'content_access') . '/content_access.css');
- $form['per_role']['view'] = array('#type' => 'checkboxes',
- '#prefix' => '
',
- '#suffix' => '
',
- '#options' => $roles,
- '#title' => t('View any content'),
- '#default_value' => $defaults['view'],
- '#process' => array('expand_checkboxes', 'content_access_disable_checkboxes'),
- );
- $form['per_role']['update'] = array('#type' => 'checkboxes',
- '#prefix' => '',
- '#suffix' => '
',
- '#options' => $roles,
- '#title' => t('Edit any content'),
- '#default_value' => $defaults['update'],
- '#process' => array('expand_checkboxes', 'content_access_disable_checkboxes'),
- );
- $form['per_role']['delete'] = array('#type' => 'checkboxes',
- '#prefix' => '',
- '#suffix' => '
',
- '#options' => $roles,
- '#title' => t('Delete any content'),
- '#default_value' => $defaults['delete'],
- '#process' => array('expand_checkboxes', 'content_access_disable_checkboxes'),
- );
- $form['per_role']['clearer'] = array(
- '#value' => '
',
- );
- $form['per_role']['view_own'] = array('#type' => 'checkboxes',
- '#prefix' => '',
- '#suffix' => '
',
- '#options' => $roles,
- '#title' => t('View own content'),
- '#default_value' => $defaults['view_own'],
- '#process' => array('expand_checkboxes', 'content_access_disable_checkboxes'),
- );
- $form['per_role']['update_own'] = array('#type' => 'checkboxes',
- '#prefix' => '',
- '#suffix' => '
',
- '#options' => $roles,
- '#title' => t('Edit own content'),
- '#default_value' => $defaults['update_own'],
- '#process' => array('expand_checkboxes', 'content_access_disable_checkboxes'),
- );
- $form['per_role']['delete_own'] = array('#type' => 'checkboxes',
- '#prefix' => '',
- '#suffix' => '
',
- '#options' => $roles,
- '#title' => t('Delete own content'),
- '#default_value' => $defaults['delete_own'],
- '#process' => array('expand_checkboxes', 'content_access_disable_checkboxes'),
+ '#description' => t('Note that users need at least the %access_content permission to be able to deal in any way with content.', array('%access_content' => t('access content'))) .
+ ' ' . t('Furthermore note that content which is not @published is treated in a different way by drupal: It can be viewed only by its author or users with the %administer_nodes permission.', array('@published' => t('published'), '%administer_nodes' => t('administer nodes'))),
);
+
+ $operations = _content_access_get_operations();
+ $roles = array_map('filter_xss_admin', user_roles());
+ foreach ($operations as $op => $label) {
+ // Make sure defaults are set properly
+ $defaults += array($op => array());
+
+ $form['per_role'][$op] = array('#type' => 'checkboxes',
+ '#prefix' => '',
+ '#suffix' => '
',
+ '#options' => $roles,
+ '#title' => $label,
+ '#default_value' => $defaults[$op],
+ '#process' => array('form_process_checkboxes', 'content_access_disable_checkboxes'),
+ );
+ }
+
$form['per_role']['clearer'] = array(
'#value' => '
',
);
+ drupal_add_css(drupal_get_path('module', 'content_access') . '/content_access.css');
+
return $form;
}
@@ -322,25 +309,29 @@ function content_access_role_based_form(
function content_access_disable_checkboxes($element) {
$access_roles = content_access_get_permission_access('access content');
$admin_roles = content_access_get_permission_access('administer nodes');
+
foreach (element_children($element) as $key) {
- if (!in_array($key, $access_roles) && !($key != DRUPAL_ANONYMOUS_RID && in_array(DRUPAL_AUTHENTICATED_RID, $access_roles))) {
+ if (!in_array($key, $access_roles) &&
+ !($key != DRUPAL_ANONYMOUS_RID &&
+ in_array(DRUPAL_AUTHENTICATED_RID, $access_roles))) {
$element[$key]['#disabled'] = TRUE;
$element[$key]['#default_value'] = FALSE;
- $element[$key]['#prefix'] = ' t('access content'))) .'">';
+ $element[$key]['#prefix'] = ' t('access content'))) . '">';
$element[$key]['#suffix'] = "";
}
- else if (in_array($key, $admin_roles) || ($key != DRUPAL_ANONYMOUS_RID && in_array(DRUPAL_AUTHENTICATED_RID, $admin_roles))) {
+ elseif (in_array($key, $admin_roles) ||
+ ($key != DRUPAL_ANONYMOUS_RID && in_array(DRUPAL_AUTHENTICATED_RID, $admin_roles))) {
// Fix the checkbox to be enabled for users with administer node privileges
$element[$key]['#disabled'] = TRUE;
$element[$key]['#default_value'] = TRUE;
- $element[$key]['#prefix'] = ' t('administer nodes'))) .'">';
+ $element[$key]['#prefix'] = ' t('administer nodes'))) . '">';
$element[$key]['#suffix'] = "";
}
}
+
return $element;
}
-
/**
* Formapi #after_build callback, that disables checkboxes for roles without access to content.
*/
@@ -350,15 +341,14 @@ function content_access_force_permission
$element[$op][$rid]['#disabled'] = TRUE;
$element[$op][$rid]['#attributes']['disabled'] = 'disabled';
$element[$op][$rid]['#value'] = TRUE;
- $element[$op][$rid]['#prefix'] = '';
+ $element[$op][$rid]['#checked'] = TRUE;
+ $element[$op][$rid]['#prefix'] = '';
$element[$op][$rid]['#suffix'] = "";
}
}
return $element;
}
-
-
/**
* Submit callback for the user permissions form.
* Trigger changes to node permissions to rebuild our grants.
@@ -388,15 +378,26 @@ function content_access_user_admin_perm_
}
function _content_access_get_node_permissions($type) {
- return array_filter(array_map('content_access_get_permission_by_op', _content_access_get_operations(), array_fill(0, 6, $type)));
+ return array_filter(array_map('content_access_get_permission_by_op', array_flip(_content_access_get_operations()), array_fill(0, 6, $type)));
+}
+
+/**
+ * Gets the content access acl id of the node.
+ */
+function content_access_get_acl_id($node, $op) {
+ $acl_id = acl_get_id_by_name('content_access', $op . '_' . $node->nid);
+ if (!$acl_id) {
+ $acl_id = acl_create_new_acl('content_access', $op . '_' . $node->nid);
+ }
+ return $acl_id;
}
/**
* Detaches all our ACLs for the nodes of the given type.
*/
function _content_access_remove_acls($type) {
- $result = db_query("SELECT n.nid FROM {node} n WHERE type = '%s'", $type);
- while ($node = db_fetch_object($result)) {
+ $result = db_query("SELECT n.nid FROM {node} n WHERE type = :type", array('type' => $type));
+ foreach ($result as $node) {
acl_node_clear_acls($node->nid, 'content_access');
}
-}
+}
\ No newline at end of file
Index: content_access.info
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/content_access/Attic/content_access.info,v
retrieving revision 1.1.4.1
diff -u -p -r1.1.4.1 content_access.info
--- content_access.info 30 Jun 2008 08:56:27 -0000 1.1.4.1
+++ content_access.info 5 Feb 2011 06:59:41 -0000
@@ -1,5 +1,8 @@
; $Id: content_access.info,v 1.1.4.1 2008/06/30 08:56:27 fago Exp $
name = Content Access
-description = Provides flexible content access control
+description = Provides flexible content access control.
+core = 7.x
package = Access control
-core = "6.x"
\ No newline at end of file
+files[] = content_access.rules.inc
+files[] = tests/content_access.test
+files[] = tests/content_access_acl.test
\ No newline at end of file
Index: content_access.install
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/content_access/Attic/content_access.install,v
retrieving revision 1.1.4.3
diff -u -p -r1.1.4.3 content_access.install
--- content_access.install 28 Oct 2008 13:36:17 -0000 1.1.4.3
+++ content_access.install 5 Feb 2011 06:59:41 -0000
@@ -2,20 +2,16 @@
// $Id: content_access.install,v 1.1.4.3 2008/10/28 13:36:17 fago Exp $
/**
- * Implementation of hook_install().
+ * @file
+ * Install Content Access DB schema.
+ *
*/
-function content_access_install() {
- // Create tables.
- drupal_install_schema('content_access');
-}
/**
* Implementation of hook_uninstall().
*/
function content_access_uninstall() {
variable_del('content_access_settings');
- // Remove tables.
- drupal_uninstall_schema('content_access');
}
/**
@@ -29,52 +25,16 @@ function content_access_schema() {
'unsigned' => TRUE,
'not null' => TRUE,
'default' => 0
- ),
+ ),
'settings' => array(
'type' => 'text',
'not null' => FALSE,
'size' => 'medium'
- ),
+ ),
),
'primary key' => array('nid')
);
return $schema;
}
-
-/**
- * Upgrade from d5 to d6
- */
-function content_access_update_6001() {
- drupal_load('module', 'content_access');
- module_load_include('inc', 'content_access', 'content_access.admin');
-
- // Migrate old ca settings to new available d6 permissions
- $permissions = content_access_get_permissions_by_role();
- $settings = content_access_get_settings();
-
- foreach (node_get_types('names') as $type => $type_name) {
- foreach (array('update', 'delete') as $op) {
- // Set permission for roles that are allowed to access
- foreach (content_access_get_settings($op, $type) as $rid => $value) {
- if (is_numeric($rid)) {
- $permissions[$rid][ content_access_get_permission_by_op($op, $type) ] = TRUE;
- }
- else if ($rid == 'author') {
- // CA 5.x let authors access, but only if they were authenticated. So we set the d6 permissions like this.
- $permissions[DRUPAL_AUTHENTICATED_RID][ content_access_get_permission_by_op($op . '_own', $type) ] = TRUE;
- }
- }
- // Make sure to delete the old setting, so that the defaults (permissions) will be used.
- unset($settings[$op][$type]);
- }
- }
- content_access_save_permissions($permissions);
- content_access_set_settings($settings);
-
- // Rebuild node access for all nodes
- node_access_needs_rebuild(TRUE);
-
- return array();
-}
-
+//@todo: do we need an upgrade function from D6 to D7?
\ No newline at end of file
Index: content_access.module
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/content_access/Attic/content_access.module,v
retrieving revision 1.1.2.9.2.22
diff -u -p -r1.1.2.9.2.22 content_access.module
--- content_access.module 2 Sep 2010 13:13:33 -0000 1.1.2.9.2.22
+++ content_access.module 5 Feb 2011 06:59:42 -0000
@@ -5,6 +5,15 @@
* @file Content access module file.
*/
+/**
+ * Implements hook_admin_paths().
+ */
+function content_access_admin_paths() {
+ $paths = array(
+ 'node/*/access' => TRUE,
+ );
+ return $paths;
+}
/**
* Implementation of hook_menu().
@@ -13,54 +22,45 @@ function content_access_menu() {
$items = array();
$items['node/%node/access'] = array(
- 'title' => 'Access control',
+ 'title' => 'Access Control',
'page callback' => 'drupal_get_form',
'page arguments' => array('content_access_page', 1),
'access callback' => 'content_access_node_page_access',
'access arguments' => array(1),
'file' => 'content_access.admin.inc',
+ 'theme callback' => '_node_custom_theme',
+ 'type' => MENU_LOCAL_TASK,
'weight' => 3,
- 'type' => MENU_LOCAL_TASK
);
- foreach (node_get_types('types', NULL, TRUE) as $type) {
- $type_url_str = str_replace('_', '-', $type->type);
- $items['admin/content/node-type/'. $type_url_str .'/access'] = array(
- 'title' => 'Access control',
- 'description' => 'Configure content access control.',
- 'page callback' => 'drupal_get_form',
- 'page arguments' => array('content_access_admin_settings', $type->type),
- 'access callback' => 'content_access_admin_settings_access',
- 'access arguments' => array(),
- 'type' => MENU_LOCAL_TASK,
- 'file' => 'content_access.admin.inc',
- 'weight' => 1,
- );
- }
+ $items['admin/structure/types/manage/%node_type/access'] = array(
+ 'title' => 'Access Control',
+ 'description' => 'Configure content access control.',
+ 'page callback' => 'drupal_get_form',
+ 'page arguments' => array('content_access_admin_settings', 4),
+ 'access callback' => 'content_access_admin_settings_access',
+ 'access arguments' => array(),
+ 'type' => MENU_LOCAL_TASK,
+ 'file' => 'content_access.admin.inc',
+ 'theme callback' => '_node_custom_theme',
+ 'weight' => 1,
+ );
+
return $items;
}
/**
- * Implementation of hook_init().
- *
- * Make node access settings page use admin theme if appropriate.
- *
- * @see system_init()
+ * Get access tab page for the viewed node.
*/
-function content_access_init() {
- // Use the administrative theme if the user is looking at a page at node/%/access
- if (variable_get('node_admin_theme', '0') && arg(0) == 'node' && arg(2) == 'access') {
- global $custom_theme;
- $custom_theme = variable_get('admin_theme', '0');
- drupal_add_css(drupal_get_path('module', 'system') .'/admin.css', 'module');
- }
-}
-
function content_access_node_page_access($node) {
global $user;
- return content_access_get_settings('per_node', $node->type) && user_access('grant content access') || content_access_get_settings('per_node', $node->type) && (user_access('grant own content access') && ($user->uid == $node->uid));
+ return content_access_get_settings('per_node', $node->type) && user_access('grant content access') ||
+ content_access_get_settings('per_node', $node->type) && (user_access('grant own content access') && ($user->uid == $node->uid));
}
+/**
+ * Content access settings for content type.
+ */
function content_access_admin_settings_access() {
return user_access('administer nodes') && user_access('administer content types');
}
@@ -68,8 +68,17 @@ function content_access_admin_settings_a
/**
* Implementation of hook_perm().
*/
-function content_access_perm() {
- return array('grant content access', 'grant own content access');
+function content_access_permission() {
+ return array(
+ 'grant content access' => array(
+ 'title' => t('Grant Content Access'),
+ 'description' => t('View and modify content access for any nodes'),
+ ),
+ 'grant own content access' => array(
+ 'title' => t('Grant Own Content Access'),
+ 'description' => t('View and modify content access for own nodes'),
+ ),
+ );
}
/**
@@ -83,7 +92,7 @@ function content_access_node_grants($acc
}
/**
- * Implementation of hook_node_access_records()
+ * Implementation of hook_node_access_records().
*/
function content_access_node_access_records($node) {
if (content_access_disabling()) {
@@ -95,19 +104,21 @@ function content_access_node_access_reco
$grants = array();
foreach (array('view', 'update', 'delete') as $op) {
foreach (content_access_get_rids_per_node_op($op, $node) as $rid) {
- $grants[$rid]['grant_'. $op] = 1;
+ $grants[$rid]['grant_' . $op] = 1;
}
}
foreach ($grants as $rid => $grant) {
$grants[$rid] = content_access_proccess_grant($grant, $rid, $node);
}
+
// Care for the author grant.
$grant = array();
foreach (array('view', 'update', 'delete') as $op) {
// Get all roles that have access to use $op on this node.
$any_roles = drupal_map_assoc(content_access_per_node_setting($op, $node));
+ $any_roles = $any_roles ? $any_roles : array();
$any_roles += ($op != 'view') ? content_access_get_settings($op, $node->type) : array();
- $grant['grant_'. $op] = content_access_own_op($node, $any_roles, content_access_get_rids_per_node_op($op .'_own', $node));
+ $grant['grant_' . $op] = content_access_own_op($node, $any_roles, content_access_get_rids_per_node_op($op . '_own', $node));
}
if (array_filter($grant)) {
@@ -127,16 +138,17 @@ function content_access_node_access_reco
else {
content_access_optimize_grants($grants, $node);
}
+
return $grants;
}
/**
- * Implementation of hook_nodeapi().
+ * Implementation of hook_node_delete().
*/
-function content_access_nodeapi($node, $op, $teaser, $page) {
- if ($op == 'delete') {
- db_query("DELETE FROM {content_access} WHERE nid = %d", $node->nid);
- }
+function content_access_node_delete($node) {
+ db_delete('content_access')
+ ->condition('nid', $node->nid)
+ ->execute();
}
/**
@@ -229,6 +241,8 @@ function content_access_get_setting_defa
return content_access_get_permission_access(content_access_get_permission_by_op($setting, $type));
case 'priority':
return 0;
+ case 'per_node' :
+ return array();
}
}
@@ -255,13 +269,13 @@ function content_access_get_permission_b
default:
return FALSE;
case 'update':
- return 'edit any '. $type .' content';
+ return 'edit any ' . $type . ' content';
case 'update_own':
- return 'edit own '. $type .' content';
+ return 'edit own ' . $type . ' content';
case 'delete':
- return 'delete any '. $type .' content';
+ return 'delete any ' . $type . ' content';
case 'delete_own':
- return 'delete own '. $type .' content';
+ return 'delete own ' . $type . ' content';
}
}
@@ -317,8 +331,9 @@ function content_access_own_op($node, $a
if (!isset($roles[$node->uid])) {
$roles[$node->uid] = $node->uid ? array(DRUPAL_AUTHENTICATED_RID) : array(DRUPAL_ANONYMOUS_RID);
- $result = db_query('SELECT rid FROM {users_roles} WHERE uid = %d', $node->uid);
- while ($role = db_fetch_object($result)) {
+ $result = db_query('SELECT rid FROM {users_roles} WHERE uid = :uid', array(':uid' => $node->uid));
+
+ foreach ($result as $role) {
$roles[$node->uid][] = $role->rid;
}
}
@@ -343,9 +358,11 @@ function content_access_own_op($node, $a
*/
function content_access_get_rids_per_node_op($op, $node) {
$rids = content_access_per_node_setting($op, $node);
+
if ($permission = content_access_get_permission_by_op($op, $node->type)) {
$perm_roles = content_access_get_permission_access($permission);
$rids = array_diff($rids, $perm_roles);
+
if (in_array(DRUPAL_AUTHENTICATED_RID, $perm_roles)) {
return in_array(DRUPAL_ANONYMOUS_RID, $rids) ? array(DRUPAL_ANONYMOUS_RID, DRUPAL_AUTHENTICATED_RID) : array(DRUPAL_AUTHENTICATED_RID);
}
@@ -386,9 +403,19 @@ function content_access_per_node_setting
* Saves custom per node settings in the own content_access table.
*/
function content_access_save_per_node_settings($node, $settings) {
- db_query("UPDATE {content_access} SET settings = '%s' WHERE nid = %d", serialize($settings), $node->nid);
- if (!db_affected_rows()) {
- db_query("INSERT INTO {content_access} (nid, settings) VALUES(%d, '%s')", $node->nid, serialize($settings));
+ db_update('content_access')
+ ->condition('nid', $node->nid)
+ ->fields(array('settings' => serialize($settings)))
+ ->execute();
+
+ $count = db_query('SELECT COUNT(nid) FROM {content_access} WHERE nid = :nid', array(
+ ':nid' => $node->nid,
+ ))->fetchField();
+
+ if (!$count) {
+ db_insert('content_access')
+ ->fields(array('nid' => $node->nid, 'settings' => serialize($settings)))
+ ->execute();
}
// Make content_access_per_node_setting() use the new settings
content_access_per_node_setting(NULL, $node, $settings);
@@ -398,11 +425,17 @@ function content_access_save_per_node_se
* Deletes all custom per node settings, so that content type defaults are used again.
*/
function content_access_delete_per_node_settings($node) {
- db_query("DELETE FROM {content_access} WHERE nid = %d", $node->nid);
+ db_delete('content_access')
+ ->condition('nid', $node->nid)
+ ->execute();
+
// Clear the cache.
content_access_per_node_setting(NULL, $node, FALSE);
+
// Delete possible acl settings
if (module_exists('acl')) {
+ // @todo why content_access.admin.inc is not loaded before?
+ module_load_include('inc', 'content_access', 'content_access.admin');
foreach (array('view', 'update', 'delete') as $op) {
$acl_id = content_access_get_acl_id($node, $op);
acl_delete_acl($acl_id);
@@ -411,18 +444,6 @@ function content_access_delete_per_node_
}
/**
- * Gets the content access acl id of the node.
- */
-function content_access_get_acl_id($node, $op) {
- $acl_id = acl_get_id_by_name('content_access', $op .'_'. $node->nid);
- if (!$acl_id) {
- // Create one:
- $acl_id = acl_create_new_acl('content_access', $op .'_'. $node->nid);
- }
- return $acl_id;
-}
-
-/**
* Gets the per node settings of a node.
*
* @note
@@ -430,11 +451,13 @@ function content_access_get_acl_id($node
* it will return an empty array.
*/
function content_access_get_per_node_settings($node) {
- $settings = db_result(db_query("SELECT settings FROM {content_access} WHERE nid = %d", $node->nid));
- if (!$settings) {
- return array();
+ foreach (db_query("SELECT settings FROM {content_access} WHERE nid = :nid", array(':nid' => $node->nid)) as $record) {
+ $settings = $record->settings;
+ if (!$settings) {
+ return array();
+ }
+ return unserialize($settings);
}
- return unserialize($settings);
}
/**
@@ -445,13 +468,15 @@ function content_access_get_per_node_set
*/
function content_access_optimize_grants(&$grants, $node) {
$rids = array('view' => array(), 'update' => array(), 'delete' => array());
+
foreach ($grants as $key => $grant) {
foreach (array('view', 'update', 'delete') as $op) {
- if (is_numeric($key) && !empty($grant['grant_'. $op])) {
+ if (is_numeric($key) && !empty($grant['grant_' . $op])) {
$rids[$op][] = $key;
}
}
}
+
// Detect if all are allowed to view
$all = array(DRUPAL_ANONYMOUS_RID, DRUPAL_AUTHENTICATED_RID);
if (count(array_diff($all, $rids['view'])) == 0) {
@@ -459,6 +484,7 @@ function content_access_optimize_grants(
$rids['view'] = array('all');
$grants['all'] = array('realm' => 'all', 'gid' => 0, 'grant_view' => 1, 'grant_update' => 0, 'grant_delete' => 0, 'priority' => content_access_get_settings('priority', $node->type));
}
+
// If authenticated users are involved, remove unnecessary other roles.
foreach (array('view', 'update', 'delete') as $op) {
if (in_array(DRUPAL_AUTHENTICATED_RID, $rids[$op])) {
@@ -472,7 +498,7 @@ function content_access_optimize_grants(
continue;
}
foreach (array('view', 'update', 'delete') as $op) {
- if ($grant['grant_'. $op] && in_array($key, $rids[$op])) {
+ if ($grant['grant_' . $op] && in_array($key, $rids[$op])) {
//it's still here, so we can't remove this grant
continue 2;
}
@@ -483,8 +509,25 @@ function content_access_optimize_grants(
}
/**
- * Implementation of hook_node_type():
- * Update settings on node type name change.
+ * Implementation of hook_node_type().
+ *
+ * Updates settings on node type name delete.
+ */
+function content_access_node_type_delete($info) {
+ content_access_node_type('delete', $info);
+}
+
+/**
+ * Implementation of hook_node_type().
+ *
+ * Updates settings on node type name change.
+ */
+function content_access_node_type_update($info) {
+ content_access_node_type('update', $info);
+}
+
+/**
+ * Implementation of hook_node_type().
*/
function content_access_node_type($op, $info) {
switch ($op) {
@@ -539,8 +582,16 @@ function content_access_form_alter(&$for
}
/**
- * Returns an array of operations used by the module.
+ * Returns an array of possible operations on content and their labels.
*/
function _content_access_get_operations() {
- return array('view', 'view_own', 'update', 'update_own', 'delete', 'delete_own');
+ $operations = array(
+ 'view' => t('View any content'),
+ 'view_own' => t('View own content'),
+ 'update' => t('Edit any content'),
+ 'update_own' => t('Edit own content'),
+ 'delete' => t('Delete any content'),
+ 'delete_own' => t('Delete own content'),
+ );
+ return $operations;
}
\ No newline at end of file
Index: content_access.rules.inc
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/content_access/Attic/content_access.rules.inc,v
retrieving revision 1.1.2.6
diff -u -p -r1.1.2.6 content_access.rules.inc
--- content_access.rules.inc 31 Jul 2009 09:09:46 -0000 1.1.2.6
+++ content_access.rules.inc 5 Feb 2011 06:59:42 -0000
@@ -5,268 +5,242 @@
* Rules specific functions that expose content_access' API.
*/
-
-/**
- * Adds the role based settings to the form.
- */
-function content_access_rules_role_based_form($settings, &$form) {
- module_load_include('inc', 'content_access', 'content_access.admin');
- $form['#includes'][] = './'. drupal_get_path('module', 'content_access') .'/content_access.admin.inc';
- $form += content_access_role_based_form($settings);
-}
-
-/**
- * Parse submitted settings for per-node form into internal format.
- */
-function content_access_parse_settings(&$settings, $form, $form_state) {
- foreach (_content_access_get_operations() as $op) {
- $settings[$op] = array_keys(array_filter($form_state['values'][$op]));
- }
-}
-
-/**
- * Verifies that per content settings are activated for the given node.
- */
-function _content_access_rules_check_setting($node) {
- if (!content_access_get_settings('per_node', $node->type)) {
- rules_log(t("Can't set per content permissions for content type @type. Make sure to have per content settings activated for content types you want to alter access control for.", array('@type' => node_get_types('name', $node->type))), TRUE);
- return FALSE;
- }
- return TRUE;
-}
-
-
/**
* Implementation of hook_action_info().
*/
function content_access_rules_action_info() {
- $items = array(
+ $actions = array(
'content_access_action_grant_node_permissions' => array(
'label' => t('Grant content permissions by role'),
- 'arguments' => array(
- 'node' => array('type' => 'node', 'label' => t('Content')),
- ),
- 'module' => 'Content access',
),
'content_access_action_revoke_node_permissions' => array(
'label' => t('Revoke content permissions by role'),
- 'arguments' => array(
- 'node' => array('type' => 'node', 'label' => t('Content')),
- ),
- 'module' => 'Content access',
),
'content_access_action_reset_node_permissions' => array(
'label' => t('Reset content permissions'),
- 'arguments' => array(
- 'node' => array('type' => 'node', 'label' => t('Content')),
- ),
- 'module' => 'Content access',
),
);
- if (module_exists('acl')) {
- $items += array(
- 'content_access_action_acl_grant_access' => array(
- 'label' => t('Grant access for a user'),
- 'arguments' => array(
- 'node' => array('type' => 'node', 'label' => t('Content')),
- 'user' => array('type' => 'user', 'label' => t('User')),
+
+ $items = array();
+ foreach ($actions as $name => $action) {
+ $items[$name] = array(
+ 'label' => $action['label'],
+ 'named parameter' => TRUE,
+ 'parameter' => array(
+ 'node' => array(
+ 'type' => 'node',
+ 'label' => t('Content'),
+ 'description' => t('Add Desc.'),
),
- 'module' => 'Content access',
- ),
- 'content_access_action_acl_revoke_access' => array(
- 'label' => t('Revoke access for a user'),
- 'arguments' => array(
- 'node' => array('type' => 'node', 'label' => t('Content')),
- 'user' => array('type' => 'user', 'label' => t('User')),
+ 'content_access' => array(
+ 'type' => 'list',
+ 'label' => t('Role Based Access Control Settings'),
+ 'optional' => TRUE,
+ 'options list' => 'content_access_action_roles_permissions_list',
+ 'restriction' => 'input',
),
- 'module' => 'Content access',
+ ),
+ 'group' => t('Content Access'),
+ 'callbacks' => array(
+ #'access' => 'rules_action_entity_createfetch_access',
+ 'form_alter' => 'content_access_action_form_alter',
),
);
}
+
return $items;
}
/**
- * Action implementation: Grant permissions for a node.
+ * Desc.
*/
-function content_access_action_grant_node_permissions($node, $settings) {
- if (_content_access_rules_check_setting($node)) {
- $ca_settings = array();
- foreach (_content_access_get_operations() as $op) {
- $settings += array($op => array());
- $ca_settings[$op] = array_keys(array_flip(content_access_per_node_setting($op, $node)) + array_flip($settings[$op]));
- }
- content_access_save_per_node_settings($node, $ca_settings);
- // A following node_save() updates the grants for us.
- return array('node' => $node);
- }
-}
-
-function content_access_action_grant_node_permissions_form($settings, &$form) {
- content_access_rules_role_based_form($settings, $form);
-}
-function content_access_action_grant_node_permissions_submit(&$settings, $form, $form_state) {
- content_access_parse_settings($settings, $form, $form_state);
+function content_access_action_roles_permissions_list() {
+ return _content_access_roles_list();
}
/**
- * Action implementation: Revoke permissions for a node.
+ * Returns an array of operations used by the module.
*/
-function content_access_action_revoke_node_permissions($node, $settings) {
- if (_content_access_rules_check_setting($node)) {
- $ca_settings = array();
- foreach (_content_access_get_operations() as $op) {
- $settings += array($op => array());
- $ca_settings[$op] = array_diff(content_access_per_node_setting($op, $node), $settings[$op]);
+function _content_access_roles_list() {
+ $defaults = array();
+ $roles = array_map('filter_xss_admin', user_roles());
+
+ // Make sure defaults are set properly
+ foreach (_content_access_get_operations() as $op) {
+ foreach ($roles as $role) {
+ $defaults[$op][$op . ':' . $role] = $role;
}
- content_access_save_per_node_settings($node, $ca_settings);
- // A following node_save() updates the grants for us.
- return array('node' => $node);
}
-}
-function content_access_action_revoke_node_permissions_form($settings, &$form) {
- content_access_rules_role_based_form($settings, $form);
-}
-function content_access_action_revoke_node_permissions_submit(&$settings, $form, $form_state) {
- content_access_parse_settings($settings, $form, $form_state);
+ return $defaults;
}
-
/**
- * Action implementation: Grant access for a user.
+ * Desc.
*/
-function content_access_action_acl_grant_access($node, $user, $settings) {
- if (_content_access_rules_check_setting($node)) {
- module_load_include('inc', 'content_access', 'content_access.admin');
- foreach ($settings['ops'] as $op) {
- $acl_id = content_access_get_acl_id($node, $op);
- acl_add_user($acl_id, $user->uid);
- acl_node_add_acl($node->nid, $acl_id, $op == 'view', $op == 'update', $op == 'delete', content_access_get_settings('priority', $node->type));
+function content_access_list_to_checkboxes($element) {
+ $checkboxes = array();
+ $operations = _content_access_get_operations();
+ $labels = _content_access_get_operations_lables($operations);
+
+ foreach ($operations as $op) {
+ $checkboxes[$op] = $element;
+ $checkboxes[$op]['#title'] = t($labels[$op]);
+ $checkboxes[$op]['#type'] = 'checkboxes';
+ $checkboxes[$op]['#options'] = $element['#options'][$op];
+ unset($checkboxes[$op]['#default_value']);
+
+ // Set defaults values of checkboxes
+ foreach ($checkboxes[$op]['#options'] as $op_role => $permission) {
+ if (isset($element['#default_value'][$op_role])) {
+ $checkboxes[$op]['#default_value'][] = $op_role;
+ }
}
- // A following node_save() updates the grants for us.
- return array('node' => $node);
+
+ #$checkboxes[$op]['#process'] = array('form_process_checkboxes', 'content_access_checkboxes');
}
-}
-function content_access_action_acl_grant_access_form($settings, &$form) {
- $settings += array('ops' => array('view', 'update', 'delete'));
- $form['settings']['ops'] = array(
- '#type' => 'checkboxes',
- '#options' => drupal_map_assoc(array('view', 'update', 'delete')),
- '#title' => t('Operations to grant access for'),
- '#default_value' => $settings['ops'],
- );
-}
-function content_access_action_acl_grant_access_submit(&$settings, $form, $form_state) {
- $settings['ops'] = array_filter($settings['ops']);
-}
-function content_access_action_acl_grant_access_help() {
- return t("Note that this action is not going to revoke access for not chosen operations.");
-}
-function content_access_action_acl_grant_access_label($settings, $argument_labels) {
- return t('Grant access for @user.', $argument_labels);
+ return $checkboxes;
}
+/**
+ * Desc.
+ */
+function content_access_checkboxes_to_list($element) {
+ $list = $element[key($element)];
+ $list['#title'] = 'Value';
+ $list['#type'] = 'select';
+ unset($list['#options']);
+
+ foreach ($element as $op => $value) {
+ $list['#options'][$op] = $value['#options'];
+ }
+ return $list;
+}
/**
- * Action implementation: Revoke access for a user.
+ * Desc.
*/
-function content_access_action_acl_revoke_access($node, $user, $settings) {
- if (_content_access_rules_check_setting($node)) {
- module_load_include('inc', 'content_access', 'content_access.admin');
- foreach ($settings['ops'] as $op) {
- $acl_id = content_access_get_acl_id($node, $op);
- acl_remove_user($acl_id, $user->uid);
+function content_access_checkboxes_to_list_submit($element) {
+ $list = array();
+ foreach (_content_access_roles_list() as $op => $op_roles) {
+ foreach ($op_roles as $op_role => $permission) {
+ if (isset($element[$op][$op_role]) && $element[$op][$op_role]) {
+ $list[$op_role] = $permission;
+ }
}
- // A following node_save() updates the grants for us.
- return array('node' => $node);
}
+ return $list;
}
-function content_access_action_acl_revoke_access_form($settings, &$form) {
- $settings += array('ops' => array('view', 'update', 'delete'));
- $form['settings']['ops'] = array(
- '#type' => 'checkboxes',
- '#options' => drupal_map_assoc(array('view', 'update', 'delete')),
- '#title' => t('Operations to revoke access for'),
- '#default_value' => $settings['ops'],
- );
-}
-function content_access_action_acl_revoke_access_submit(&$settings, $form, $form_state) {
- $settings['ops'] = array_filter($settings['ops']);
-}
-function content_access_action_acl_revoke_access_help() {
- return t("Note that this action is only able to revoke access that has been previously granted with the help of the content access module.");
-}
-function content_access_action_acl_revoke_access_label($settings, $argument_labels) {
- return t('Revoke access for @user.', $argument_labels);
+/**
+ * Desc.
+ */
+function content_access_action_form_alter(&$form, &$form_state) {
+ // Include content_access.admin.inc in order to use it's functions
+ // e.g. content_access_disable_checkboxes() in
+ // content_access_rules_role_based_form()
+ #$include_file = drupal_get_path('module', 'content_access') . '/content_access.admin.inc';
+ #$form_state['build_info']['files']['content_access'] = $include_file;
+ #module_load_include('inc', 'content_access', 'content_access.admin');
+
+ // Desc.
+ $ca_element =& $form['parameter']['content_access']['settings']['content_access'];
+ $ca_element = content_access_list_to_checkboxes($ca_element);
+
+ // Add submit callback to process content_access_rules_role_based_form() vals
+ // @todo I think this should go into Rules just like the default form
+ // behaviour
+ // rules_ui_edit_element_submit is the default submit callback so we add it
+ // again
+ $form['submit']['#submit'] = array('content_access_action_settings_form_submit', 'rules_ui_edit_element_submit');
}
+/**
+ * Desc.
+ */
+function content_access_action_settings_form_submit($form, &$form_state) {
+ // Desc.
+ $ca_element =& $form_state['input']['parameter']['content_access']['settings']['content_access'];
+ $ca_element = content_access_checkboxes_to_list_submit($ca_element);
+
+ $form_state['rules_element']->settings['content_access'] = $ca_element;
+}
/**
- * Action implementation: Reset permissions for a node.
+ * Verifies that per content settings are activated for the given node.
*/
-function content_access_action_reset_node_permissions($node) {
- if (_content_access_rules_check_setting($node)) {
- content_access_delete_per_node_settings($node);
- // A following node_save() updates the grants for us.
- return array('node' => $node);
+function _content_access_rules_check_setting($node) {
+ // @todo node_get_types is D6 only
+ if (!content_access_get_settings('per_node', $node->type)) {
+ rules_log(t("Can't set per content permissions for content type @type. Make sure to have per content settings activated for content types you want to alter access control for.", array('@type' => node_get_types('name', $node->type))), TRUE);
+ return FALSE;
}
+ return TRUE;
}
/**
- * Implementation of hook_condition_info().
+ * Desc.
*/
-function content_access_rules_condition_info() {
- return array(
- 'content_access_condition_check_permissions' => array(
- 'label' => t('Check role based settings'),
- 'arguments' => array(
- 'node' => array('type' => 'node', 'label' => t('Content')),
- ),
- 'help' => t('Evaluates to TRUE, if content access allows all selected operations for the given roles.'),
- 'module' => 'Content access',
- ),
- );
+function content_access_action_settings($param) {
+ $roles_ids = array_flip(user_roles());
+
+ foreach (_content_access_get_operations() as $op) {
+ $settings[$op] = array();
+ }
+ foreach ($param as $op_role => $role) {
+ $op = substr($op_role, 0, strpos($op_role, ':'));
+ $role_id = $roles_ids[$role];
+ $settings[$op][] = $role_id;
+ }
+
+ return $settings;
}
/**
- * Condition implementation: Check if node has permissions.
- *
- * @note
- * This will only check for the existence of permissions, not the
- * absence of. I.e. a rule that checks just for authenticated write
- * will return TRUE for a node that allows authenticated and anonymous
- * write.
- */
-function content_access_condition_check_permissions($node, $settings) {
- if (_content_access_rules_check_setting($node)) {
- // Compare our settings with node's settings.
+ * Action implementation: Grant permissions for a node.
+ */
+function content_access_action_grant_node_permissions($params) {
+ if (_content_access_rules_check_setting($params['node'])) {
+ $settings = content_access_action_settings($params['content_access']);
+ $ca_settings = array();
+
foreach (_content_access_get_operations() as $op) {
$settings += array($op => array());
- $expect_roles = $settings[$op];
- $current_roles = content_access_per_node_setting($op, $node);
- if (count(array_diff($expect_roles, $current_roles)) != 0) {
- return FALSE;
- }
+ $ca_settings[$op] = array_keys(array_flip(content_access_per_node_setting($op, $params['node'])) + array_flip($settings[$op]));
}
- return TRUE;
+ content_access_save_per_node_settings($params['node'], $ca_settings);
+ // A following node_save() updates the grants for us.
+ return array('node' => $params['node']);
}
- return FALSE;
}
-function content_access_condition_check_permissions_form($settings, &$form) {
- content_access_rules_role_based_form($settings, $form);
-}
-function content_access_condition_check_permissions_submit(&$settings, $form, $form_state) {
- content_access_parse_settings($settings, $form, $form_state);
+/**
+ * Action implementation: Revoke permissions for a node.
+ */
+function content_access_action_revoke_node_permissions($params) {
+ if (_content_access_rules_check_setting($params['node'])) {
+ $settings = content_access_action_settings($params['content_access']);
+ $ca_settings = array();
+
+ foreach (_content_access_get_operations() as $op) {
+ $settings += array($op => array());
+ $ca_settings[$op] = array_diff(content_access_per_node_setting($op, $params['node']), $settings[$op]);
+ }
+
+ content_access_save_per_node_settings($params['node'], $ca_settings);
+ // A following node_save() updates the grants for us.
+ return array('node' => $params['node']);
+ }
}
/**
- * Automatically upgrade the old 'content_access_action_set_node_permissions' to an
- * 'content_access_action_grant_node_permissions' action.
+ * Action implementation: Reset permissions for a node.
*/
-function content_access_action_set_node_permissions_upgrade(&$element) {
- $element['#name'] = 'content_access_action_grant_node_permissions';
-}
+function content_access_action_reset_node_permissions($params) {
+ if (_content_access_rules_check_setting($params['node'])) {
+ content_access_delete_per_node_settings($params['node']);
+ // A following node_save() updates the grants for us.
+ return array('node' => $params['node']);
+ }
+}
\ No newline at end of file
Index: tests/content_access.test
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/content_access/tests/Attic/content_access.test,v
retrieving revision 1.1.4.2
diff -u -p -r1.1.4.2 content_access.test
--- tests/content_access.test 2 Jan 2009 15:01:01 -0000 1.1.4.2
+++ tests/content_access.test 5 Feb 2011 06:59:42 -0000
@@ -20,282 +20,278 @@ class ContentAccessModuleTestCase extend
'group' => t('Content Access'),
);
}
-
+
function setUp() {
parent::setUp();
-
+
// Create test nodes
- $this->node1 = $this->drupalCreateNode(array('type' => $this->content_type_name));
- $this->node2 = $this->drupalCreateNode(array('type' => $this->content_type_name));
+ $this->node1 = $this->drupalCreateNode(array('type' => $this->content_type->type));
+ $this->node2 = $this->drupalCreateNode(array('type' => $this->content_type->type));
}
-
+
/**
* Test for viewing nodes
*/
function testViewAccess() {
-
// Restrict access to the content type (access is only allowed for the author)
$access_permissions = array(
'view[1]' => FALSE,
'view[2]' => FALSE,
);
$this->changeAccessContentType($access_permissions);
-
+
// Logout admin and try to access the node anonymously
$this->drupalLogout();
$this->drupalGet('node/'. $this->node1->nid);
$this->assertText(t('Access denied'), 'node is not viewable');
-
+
// Login test user, view node, access must be denied
$this->drupalLogin($this->test_user);
$this->drupalGet('node/'. $this->node1->nid);
$this->assertText(t('Access denied'), 'node is not viewable');
-
+
// Login admin and grant access for viewing to the test user
$this->drupalLogin($this->admin_user);
$this->changeAccessContentTypeKeyword('view');
-
+
// Logout admin and try to access the node anonymously
// access must be denied again
$this->drupalLogout();
$this->drupalGet('node/'. $this->node1->nid);
$this->assertText(t('Access denied'), 'node is not viewable');
-
+
// Login test user, view node, access must be granted
$this->drupalLogin($this->test_user);
$this->drupalGet('node/'. $this->node1->nid);
$this->assertNoText(t('Access denied'), 'node is viewable');
-
+
// Login admin and enable per node access
$this->drupalLogin($this->admin_user);
$this->changeAccessPerNode();
-
+
// Restrict access on node2 for the test user role
$this->changeAccessNodeKeyword($this->node2, 'view', FALSE);
-
+
// Logout admin and try to access both nodes anonymously
$this->drupalLogout();
$this->drupalGet('node/'. $this->node1->nid);
$this->assertText(t('Access denied'), 'node1 is not viewable');
$this->drupalGet('node/'. $this->node2->nid);
$this->assertText(t('Access denied'), 'node2 is not viewable');
-
+
// Login test user, view node1, access must be granted
$this->drupalLogin($this->test_user);
$this->drupalGet('node/'. $this->node1->nid);
$this->assertNoText(t('Access denied'), 'node1 is viewable');
-
+
// View node2, access must be denied
$this->drupalGet('node/'. $this->node2->nid);
$this->assertText(t('Access denied'), 'node2 is not viewable');
-
+
// Login admin, swap permissions between content type and node2
$this->drupalLogin($this->admin_user);
-
+
// Restrict access to content type
$this->changeAccessContentTypeKeyword('view', FALSE);
-
+
// Grant access to node2
$this->changeAccessNodeKeyword($this->node2, 'view');
-
+
// Logout admin and try to access both nodes anonymously
$this->drupalLogout();
$this->drupalGet('node/'. $this->node1->nid);
$this->assertText(t('Access denied'), 'node1 is not viewable');
$this->drupalGet('node/'. $this->node2->nid);
$this->assertText(t('Access denied'), 'node2 is not viewable');
-
+
// Login test user, view node1, access must be denied
$this->drupalLogin($this->test_user);
$this->drupalGet('node/'. $this->node1->nid);
$this->assertText(t('Access denied'), 'node1 is not viewable');
-
+
// View node2, access must be granted
$this->drupalGet('node/'. $this->node2->nid);
$this->assertNoText(t('Access denied'), 'node2 is viewable');
}
-
+
/**
* Test for editing nodes
*/
function testEditAccess() {
-
// Logout admin and try to edit the node anonymously
$this->drupalLogout();
$this->drupalGet('node/'. $this->node1->nid .'/edit');
$this->assertText(t('Access denied'), 'edit access denied for anonymous');
-
+
// Login test user, edit node, access must be denied
$this->drupalLogin($this->test_user);
$this->drupalGet('node/'. $this->node1->nid .'/edit');
$this->assertText(t('Access denied'), 'edit access denied for test user');
-
+
// Login admin and grant access for editing to the test user
$this->drupalLogin($this->admin_user);
$this->changeAccessContentTypeKeyword('update');
-
+
// Logout admin and try to edit the node anonymously
// access must be denied again
$this->drupalLogout();
$this->drupalGet('node/'. $this->node1->nid .'/edit');
$this->assertText(t('Access denied'), 'edit access denied for anonymous');
-
+
// Login test user, edit node, access must be granted
$this->drupalLogin($this->test_user);
$this->drupalGet('node/'. $this->node1->nid .'/edit');
$this->assertNoText(t('Access denied'), 'node1 is editable');
-
+
// Login admin and enable per node access
$this->drupalLogin($this->admin_user);
$this->changeAccessPerNode();
-
+
// Restrict access for this content type for the test user
$this->changeAccessContentTypeKeyword('update', FALSE);
-
+
// Allow acces for node1 only
$this->changeAccessNodeKeyword($this->node1, 'update');
-
+
// Logout admin and try to edit both nodes anonymously
$this->drupalLogout();
$this->drupalGet('node/'. $this->node1->nid .'/edit');
$this->assertText(t('Access denied'), 'node1 is not editable');
$this->drupalGet('node/'. $this->node2->nid .'/edit');
$this->assertText(t('Access denied'), 'node2 is not editable');
-
+
// Login test user, edit node1, access must be granted
$this->drupalLogin($this->test_user);
$this->drupalGet('node/'. $this->node1->nid .'/edit');
$this->assertNoText(t('Access denied'), 'node1 is editable');
-
+
// Edit node2, access must be denied
$this->drupalGet('node/'. $this->node2->nid .'/edit');
$this->assertText(t('Access denied'), 'node2 is not editable');
-
+
// Login admin, swap permissions between node1 and node2
$this->drupalLogin($this->admin_user);
-
+
// Grant edit access to node2
$this->changeAccessNodeKeyword($this->node2, 'update');
// Restrict edit acces to node1
$this->changeAccessNodeKeyword($this->node1, 'update', FALSE);
-
+
// Logout admin and try to edit both nodes anonymously
$this->drupalLogout();
$this->drupalGet('node/'. $this->node1->nid .'/edit');
$this->assertText(t('Access denied'), 'node1 is not editable');
$this->drupalGet('node/'. $this->node2->nid .'/edit');
$this->assertText(t('Access denied'), 'node2 is not editable');
-
+
// Login test user, edit node1, access must be denied
$this->drupalLogin($this->test_user);
$this->drupalGet('node/'. $this->node1->nid .'/edit');
$this->assertText(t('Access denied'), 'node1 is not editable');
-
+
// Edit node2, access must be granted
$this->drupalGet('node/'. $this->node2->nid .'/edit');
$this->assertNoText(t('Access denied'), 'node2 is editable');
}
-
+
/**
* Test for deleting nodes
*/
function testDeleteAccess() {
-
// Logout admin and try to delete the node anonymously
$this->drupalLogout();
$this->drupalGet('node/'. $this->node1->nid .'/delete');
$this->assertText(t('Access denied'), 'delete access denied for anonymous');
-
+
// Login test user, delete node, access must be denied
$this->drupalLogin($this->test_user);
$this->drupalGet('node/'. $this->node1->nid .'/delete');
$this->assertText(t('Access denied'), 'delete access denied for test user');
-
+
// Login admin and grant access for deleting to the test user
$this->drupalLogin($this->admin_user);
-
+
$this->changeAccessContentTypeKeyword('delete');
-
+
// Logout admin and try to edit the node anonymously
// access must be denied again
$this->drupalLogout();
$this->drupalGet('node/'. $this->node1->nid .'/delete');
$this->assertText(t('Access denied'), 'delete access denied for anonymous');
-
+
// Login test user, delete node, access must be granted
$this->drupalLogin($this->test_user);
$this->drupalPost('node/'. $this->node1->nid .'/delete', array(), 'Delete');
$this->assertRaw(t('%node has been deleted', array('%node' => $this->node1->title)), 'Test node was deleted successfully by test user');
-
+
// Login admin and recreate test node1
$this->drupalLogin($this->admin_user);
- $this->node1 = $this->drupalCreateNode(array('type' => $this->content_type_name));
-
+ $this->node1 = $this->drupalCreateNode(array('type' => $this->content_type->type));
+
// Enable per node access
$this->changeAccessPerNode();
-
+
// Restrict access for this content type for the test user
$this->changeAccessContentTypeKeyword('delete', FALSE);
-
+
// Allow acces for node1 only
$this->changeAccessNodeKeyword($this->node1, 'delete');
-
+
// Logout admin and try to delete both nodes anonymously
$this->drupalLogout();
$this->drupalGet('node/'. $this->node1->nid .'/delete');
$this->assertText(t('Access denied'), 'node1 is not deletable');
$this->drupalGet('node/'. $this->node2->nid .'/delete');
$this->assertText(t('Access denied'), 'node2 is not deletable');
-
+
// Login test user, delete node1, access must be granted
$this->drupalLogin($this->test_user);
$this->drupalGet('node/'. $this->node1->nid .'/delete');
$this->assertNoText(t('Access denied'), 'node1 is deletable');
-
+
// Delete node2, access must be denied
$this->drupalGet('node/'. $this->node2->nid .'/delete');
$this->assertText(t('Access denied'), 'node2 is not deletable');
-
+
// Login admin, swap permissions between node1 and node2
$this->drupalLogin($this->admin_user);
-
+
// Grant delete access to node2
$this->changeAccessNodeKeyword($this->node2, 'delete');
// Restrict delete acces to node1
$this->changeAccessNodeKeyword($this->node1, 'delete', FALSE);
-
+
// Logout admin and try to delete both nodes anonymously
$this->drupalLogout();
$this->drupalGet('node/'. $this->node1->nid .'/delete');
$this->assertText(t('Access denied'), 'node1 is not deletable');
$this->drupalGet('node/'. $this->node2->nid .'/delete');
$this->assertText(t('Access denied'), 'node2 is not deletable');
-
+
// Login test user, delete node1, access must be denied
$this->drupalLogin($this->test_user);
$this->drupalGet('node/'. $this->node1->nid .'/delete');
$this->assertText(t('Access denied'), 'node1 is not deletable');
-
+
// Delete node2, access must be granted
$this->drupalGet('node/'. $this->node2->nid .'/delete');
$this->assertNoText(t('Access denied'), 'node2 is deletable');
}
-
+
/**
* Test own view access
*/
function testOwnViewAccess() {
-
// Setup 2 test users
$test_user1 = $this->test_user;
$test_user2 = $this->drupalCreateUser();
-
+
// Change ownership of test nodes to test users
$this->node1->uid = $test_user1->uid;
node_save($this->node1);
$this->node2->uid = $test_user2->uid;
node_save($this->node2);
-
+
// Remove all view permissions for this content type
$access_permissions = array(
'view[1]' => FALSE,
@@ -304,35 +300,34 @@ class ContentAccessModuleTestCase extend
'view_own[2]' => FALSE,
);
$this->changeAccessContentType($access_permissions);
-
+
// Allow view own content for test user 1 and 2 roles
$this->changeAccessContentTypeKeyword('view_own', TRUE, $test_user1);
$this->changeAccessContentTypeKeyword('view_own', TRUE, $test_user2);
-
+
// Logout admin and try to access both nodes anonymously
$this->drupalLogout();
$this->drupalGet('node/'. $this->node1->nid);
$this->assertText(t('Access denied'), 'node1 is not viewable');
$this->drupalGet('node/'. $this->node2->nid);
$this->assertText(t('Access denied'), 'node2 is not viewable');
-
+
// Login test user 1, view node1, access must be granted
$this->drupalLogin($test_user1);
$this->drupalGet('node/'. $this->node1->nid);
$this->assertNoText(t('Access denied'), 'node1 is viewable');
-
+
// View node2, access must be denied
$this->drupalGet('node/'. $this->node2->nid);
$this->assertText(t('Access denied'), 'node2 is not viewable');
-
+
// Login test user 2, view node1, access must be denied
$this->drupalLogin($test_user2);
$this->drupalGet('node/'. $this->node1->nid);
$this->assertText(t('Access denied'), 'node1 is not viewable');
-
+
// View node2, access must be granted
$this->drupalGet('node/'. $this->node2->nid);
$this->assertNoText(t('Access denied'), 'node2 is viewable');
}
-
-}
+}
\ No newline at end of file
Index: tests/content_access_acl.test
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/content_access/tests/Attic/content_access_acl.test,v
retrieving revision 1.1.4.2
diff -u -p -r1.1.4.2 content_access_acl.test
--- tests/content_access_acl.test 2 Jan 2009 15:01:01 -0000 1.1.4.2
+++ tests/content_access_acl.test 5 Feb 2011 06:59:43 -0000
@@ -5,13 +5,13 @@
* @file
* Automatd SimpleTest Case for using content access module with acl module
*/
-
+
require_once(drupal_get_path('module', 'content_access') .'/tests/content_access_test_help.php');
class ContentAccessACLTestCase extends ContentAccessTestCase {
-
+
var $node;
-
+
/**
* Implementation of get_info() for information
*/
@@ -22,29 +22,27 @@ class ContentAccessACLTestCase extends C
'group' => 'Content Access',
);
}
-
+
/**
* Setup configuration before each test
*/
function setUp() {
-
parent::setUp('acl');
-
+
// Create test nodes
- $this->node = $this->drupalCreateNode(array('type' => $this->content_type_name));
+ $this->node = $this->drupalCreateNode(array('type' => $this->content_type->type));
}
-
+
/**
* Test Viewing accessibility with permissions for single users
*/
function testViewAccess() {
-
// Exit test if ACL module could not be enabled
if (!module_exists('acl')) {
$this->pass('No ACL module present, skipping test');
return;
}
-
+
// Restrict access to this content type (access is only allowed for the author)
// Enable per node access control
$access_permissions = array(
@@ -53,111 +51,109 @@ class ContentAccessACLTestCase extends C
'per_node' => TRUE,
);
$this->changeAccessContentType($access_permissions);
-
+
// Allow access for test user
$edit = array(
'acl[view][add]' => $this->test_user->name,
);
$this->drupalPost('node/'. $this->node->nid .'/access', $edit, t('Add User'));
$this->drupalPost(NULL, array(), t('Submit'));
-
+
// Logout admin, try to access the node anonymously
$this->drupalLogout();
$this->drupalGet('node/'. $this->node->nid);
$this->assertText(t('Access denied'), 'node is not viewable');
-
+
// Login test user, view access should be allowed now
$this->drupalLogin($this->test_user);
$this->drupalGet('node/'. $this->node->nid);
$this->assertNoText(t('Access denied'), 'node is viewable');
-
+
// Login admin and disable per node access
$this->drupalLogin($this->admin_user);
$this->changeAccessPerNode(FALSE);
-
+
// Logout admin, try to access the node anonymously
$this->drupalLogout();
$this->drupalGet('node/'. $this->node->nid);
$this->assertText(t('Access denied'), 'node is not viewable');
-
+
// Login test user, view access should be denied now
$this->drupalLogin($this->test_user);
$this->drupalGet('node/'. $this->node->nid);
$this->assertText(t('Access denied'), 'node is not viewable');
}
-
+
/**
* Test Editing accessibility with permissions for single users
*/
function testEditAccess() {
-
// Exit test if ACL module could not be enabled
if (!module_exists('acl')) {
$this->pass('No ACL module present, skipping test');
return;
}
-
+
// Enable per node access control
$this->changeAccessPerNode();
-
+
// Allow edit access for test user
$edit = array(
'acl[update][add]' => $this->test_user->name,
);
$this->drupalPost('node/'. $this->node->nid .'/access', $edit, t('Add User'));
$this->drupalPost(NULL, array(), t('Submit'));
-
+
// Logout admin, try to edit the node anonymously
$this->drupalLogout();
$this->drupalGet('node/'. $this->node->nid .'/edit');
$this->assertText(t('Access denied'), 'node is not editable');
-
+
// Login test user, edit access should be allowed now
$this->drupalLogin($this->test_user);
$this->drupalGet('node/'. $this->node->nid .'/edit');
$this->assertNoText(t('Access denied'), 'node is editable');
-
+
// Login admin and disable per node access
$this->drupalLogin($this->admin_user);
$this->changeAccessPerNode(FALSE);
-
+
// Logout admin, try to edit the node anonymously
$this->drupalLogout();
$this->drupalGet('node/'. $this->node->nid .'/edit');
$this->assertText(t('Access denied'), 'node is not editable');
-
+
// Login test user, edit access should be denied now
$this->drupalLogin($this->test_user);
$this->drupalGet('node/'. $this->node->nid .'/edit');
$this->assertText(t('Access denied'), 'node is not editable');
}
-
+
/**
* Test Deleting accessibility with permissions for single users
*/
function testDeleteAccess() {
-
// Exit test if ACL module could not be enabled
if (!module_exists('acl')) {
$this->pass('No ACL module present, skipping test');
return;
}
-
+
// Enable per node access control
$this->changeAccessPerNode();
-
+
// Allow delete access for test user
$edit = array(
'acl[delete][add]' => $this->test_user->name,
);
$this->drupalPost('node/'. $this->node->nid .'/access', $edit, t('Add User'));
$this->drupalPost(NULL, array(), t('Submit'));
-
+
// Logout admin, try to delete the node anonymously
$this->drupalLogout();
$this->drupalGet('node/'. $this->node->nid .'/delete');
$this->assertText(t('Access denied'), 'node is not deletable');
-
+
// Login test user, delete access should be allowed now
$this->drupalLogin($this->test_user);
$this->drupalGet('node/'. $this->node->nid .'/delete');
@@ -166,16 +162,15 @@ class ContentAccessACLTestCase extends C
// Login admin and disable per node access
$this->drupalLogin($this->admin_user);
$this->changeAccessPerNode(FALSE);
-
+
// Logout admin, try to delete the node anonymously
$this->drupalLogout();
$this->drupalGet('node/'. $this->node->nid .'/delete');
$this->assertText(t('Access denied'), 'node is not deletable');
-
+
// Login test user, delete access should be denied now
$this->drupalLogin($this->test_user);
$this->drupalGet('node/'. $this->node->nid .'/delete');
$this->assertText(t('Access denied'), 'node is not deletable');
}
-
-}
+}
\ No newline at end of file
Index: tests/content_access_test_help.php
===================================================================
RCS file: /cvs/drupal-contrib/contributions/modules/content_access/tests/Attic/content_access_test_help.php,v
retrieving revision 1.1.4.2
diff -u -p -r1.1.4.2 content_access_test_help.php
--- tests/content_access_test_help.php 2 Jan 2009 15:01:01 -0000 1.1.4.2
+++ tests/content_access_test_help.php 5 Feb 2011 06:59:43 -0000
@@ -10,17 +10,16 @@ class ContentAccessTestCase extends Drup
var $test_user;
var $admin_user;
- var $content_type_name;
+ var $content_type;
var $url_content_type_name;
var $node1;
var $node2;
-
+
/**
* Preparation work that is done before each test.
* Test users, content types, nodes etc. are created.
*/
function setUp($module = '') {
-
if (empty($module)) {
// Enable content access module
parent::setUp('content_access');
@@ -33,42 +32,30 @@ class ContentAccessTestCase extends Drup
return;
}
}
-
+
// Create test user with seperate role
$this->test_user = $this->drupalCreateUser();
-
+
// Create admin user
$this->admin_user = $this->drupalCreateUser(array('access content', 'administer content types', 'grant content access', 'grant own content access', 'administer nodes', 'access administration pages'));
$this->drupalLogin($this->admin_user);
-
+
// Rebuild content access permissions
- $this->drupalPost('admin/content/node-settings/rebuild', array(), t('Rebuild permissions'));
-
- // This would be nice to have - but it does not work in the current simpletest version
+ node_access_rebuild();
+ #$this->drupalPost('admin/reports/status/rebuild', array(), t('Rebuild permissions'));
+
// Create test content type
- //$content_type = $this->drupalCreateContentType();
- //$this->url_content_type_name = $content_type->type;
- //$this->url_content_type_name = str_replace('_', '-', $content_type->type);
-
- // Create test content type (the old way)
- $this->content_type_name = strtolower($this->randomName(5));
- $edit = array(
- 'name' => $this->content_type_name,
- 'type' => $this->content_type_name,
- );
- $this->drupalPost('admin/content/types/add', $edit, t('Save content type'));
- $this->assertRaw(t('The content type %type has been added.', array('%type' => $this->content_type_name)), 'Test content type was added successfully: '. $this->content_type_name);
- $this->url_content_type_name = str_replace('_', '-', $this->content_type_name);
+ $this->content_type = $this->drupalCreateContentType();
}
-
+
/**
* Change access permissions for a content type
*/
function changeAccessContentType($access_settings) {
- $this->drupalPost('admin/content/node-type/'. $this->url_content_type_name .'/access', $access_settings, t('Submit'));
+ $this->drupalPost('admin/structure/types/manage/'. $this->content_type->type .'/access', $access_settings, t('Submit'));
$this->assertText(t('Your changes have been saved.'), 'access rules of content type were updated successfully');
}
-
+
/**
* Change access permissions for a content type by a given keyword (view, update or delete)
* for the role of the user
@@ -78,13 +65,13 @@ class ContentAccessTestCase extends Drup
$user = $this->test_user;
}
$roles = $user->roles;
- end($roles);
+ #end($roles);
$access_settings = array(
$keyword .'['. key($roles) .']' => $access,
);
$this->changeAccessContentType($access_settings);
}
-
+
/**
* Change the per node access setting for a content type
*/
@@ -94,26 +81,25 @@ class ContentAccessTestCase extends Drup
);
$this->changeAccessContentType($access_permissions);
}
-
+
/**
* Change access permissions for a node by a given keyword (view, update or delete)
*/
function changeAccessNodeKeyword($node, $keyword, $access = TRUE) {
$user = $this->test_user;
$roles = $user->roles;
- end($roles);
+ #end($roles);
$access_settings = array(
$keyword .'['. key($roles) .']' => $access,
);
$this->changeAccessNode($node, $access_settings);
}
-
- /**
+
+ /**
* Change access permission for a node
*/
function changeAccessNode($node, $access_settings) {
$this->drupalPost('node/'. $node->nid .'/access', $access_settings, t('Submit'));
$this->assertText(t('Your changes have been saved.'), 'access rules of node were updated successfully');
}
-
-}
+}
\ No newline at end of file