Index: cck_field_privacy.module =================================================================== RCS file: /cvs/drupal-contrib/contributions/modules/cck_field_privacy/cck_field_privacy.module,v retrieving revision 1.3.2.2.2.10 diff -u -r1.3.2.2.2.10 cck_field_privacy.module --- cck_field_privacy.module 21 Mar 2009 20:46:15 -0000 1.3.2.2.2.10 +++ cck_field_privacy.module 10 May 2009 03:30:28 -0000 @@ -102,36 +102,44 @@ $deny = FALSE; if ($user->uid != $node->uid) { - $node_user = user_load(array('uid' => $node->uid)); + $node_user = user_load(array('uid' => $node->uid)); if ($op == 'view') { //Check to see if the database table is in 'trouble' status if (variable_get('cckfp_trouble', FALSE)) { return; } //Assume we are 'all clear' first, and see if anything changes that status - $access_clear = TRUE; + $access_clear = TRUE; $type = $node->type; $result = db_query("SELECT field_name, permission FROM {cckfp} WHERE uid = %d AND type_name = '%s' ORDER BY field_name DESC", $node->uid, $node->type); if ($result) { - while ($permissions = db_fetch_object($result)) { - if ($permissions->permission == 'b') { - foreach (module_invoke_all('cck_field_privacy_access', $node_user, $user) as $access_result ) { - if (!$access_result) { - $access_clear=FALSE; - } - continue; - } - } - if ($permissions->permission == 'e') { - continue; - } - if ($permissions->permission == 'n') { - $access_clear = FALSE; - } + //Put all of the permissions entries into an array so we can process them all at once. + while ($row = db_fetch_object($result)) { + $permissions[$row->field_name] = $row; + } + + foreach ($permissions as $field_name => $fieldpriv) { + //A permission setting exists, so let's handle the permissions + $access_clear = _cck_field_privacy_access_check($fieldpriv, $node, $user, $node_user); if ($access_clear == FALSE) { - $field = $permissions->field_name; - $node->$field['#access'] = FALSE; - $node->content[$permissions->field_name]['#access'] = FALSE; + $node->$field_name['#access'] = FALSE; + $node->content[$field_name]['#access'] = FALSE; + } + else { + //A fieldgroup may be clear for access, but its child fields may not. Check to see if the field is a group, then process its children. + if (is_array($node->content[$field_name]['group'])) { + $node_groups = fieldgroup_groups($node->type); + $group_fields = $node_groups[$field_name]['fields']; + foreach ($group_fields as $child) { + if (array_key_exists($child['field_name'], $permissions)) { + $child_access = _cck_field_privacy_access_check($permissions[$child['field_name']], $node, $user, $node_user); + if ($child_access == FALSE) { + //$node->$field_name[$child['field_name']]['#access'] = FALSE; + $node->content[$field_name]['group'][$child['field_name']]['field']['#access'] = FALSE; + } + } + } + } } } } @@ -140,6 +148,37 @@ } /** + * Return a specific field's permission setting. + * @param $permission + * An object containing the field data from the cckfp database table + * @param $node + * A node object + * @param $user + * The current user object + * @param $node_user + * The user object corresponding to the node's author + * @return $access_clear + * A boolean stating whether or not the field has clear/open access + */ +function _cck_field_privacy_access_check($permission, $node, $user, $node_user) { + $access_clear = TRUE; + if ($permission->permission == 'b') { + foreach (module_invoke_all('cck_field_privacy_access', $node_user, $user) as $access_result ) { + if (!$access_result) { + $access_clear=FALSE; + } + continue; + } + } + if ($permission->permission == 'e') { + } + if ($permission->permission == 'n') { + $access_clear = FALSE; + } + return $access_clear; +} + +/** * Implementation of hook_form_alter(). */ function cck_field_privacy_form_alter(&$form, &$form_state, $form_id) {