Add ACL support for create operations on content types
Create support has not been added for individual nodes as this does not make any sense
diff -Nurp ../content_access.orig/content_access.admin.inc ./content_access.admin.inc
--- ../content_access.orig/content_access.admin.inc 2010-06-22 15:12:22.000000000 -0500
+++ ./content_access.admin.inc 2010-06-22 15:12:38.000000000 -0500
@@ -17,10 +17,12 @@ function content_access_page(&$form_stat
drupal_set_title(t('Access control for %title', array('%title' => $node->title)));
foreach (_content_access_get_operations() as $op) {
+ if ($op == 'create') continue;
+
$defaults[$op] = content_access_per_node_setting($op, $node);
}
- $form = content_access_role_based_form($defaults);
+ $form = content_access_role_based_form($defaults, FALSE);
// Add a after_build handler that disables checkboxes, which are enforced by permissions.
$form['per_role']['#after_build'] = array('content_access_force_permissions');
@@ -67,6 +69,8 @@ function content_access_page_submit($for
$settings = array();
$node = $form_state['node'];
foreach (_content_access_get_operations() as $op) {
+ if ($op == 'create') continue;
+
// Set the settings so that further calls will return this settings.
$settings[$op] = array_keys(array_filter($form_state['values'][$op]));
}
@@ -142,7 +146,7 @@ function content_access_admin_settings(&
function content_access_admin_settings_submit($form, &$form_state) {
// Where possible let the drupal permissions system handle access control.
$permissions = content_access_get_permissions_by_role();
- foreach (array('update', 'update_own', 'delete', 'delete_own') as $op) {
+ foreach (array('create', 'update', 'update_own', 'delete', 'delete_own') as $op) {
foreach ($form_state['values'][$op] as $rid => $value) {
$permissions[$rid][ content_access_get_permission_by_op($op, $form_state['type']) ] = $value;
}
@@ -241,10 +245,12 @@ function content_access_save_permissions
* @param $defaults
* Array of defaults for all operations.
*/
-function content_access_role_based_form($defaults = array()) {
+function content_access_role_based_form($defaults = array(), $admin = TRUE) {
// Make sure defaults are set properly
foreach (_content_access_get_operations() as $op) {
+ if (!$admin && $op == 'create') continue;
+
$defaults += array($op => array());
}
@@ -282,6 +288,16 @@ function content_access_role_based_form(
'#default_value' => $defaults['delete'],
'#process' => array('expand_checkboxes', 'content_access_disable_checkboxes'),
);
+ if ($admin){
+ $form['per_role']['create'] = array('#type' => 'checkboxes',
+ '#prefix' => '
',
+ '#suffix' => '
',
+ '#options' => $roles,
+ '#title' => t('Create content'),
+ '#default_value' => $defaults['create'],
+ '#process' => array('expand_checkboxes', 'content_access_disable_checkboxes'),
+ );
+ }
$form['per_role']['clearer'] = array(
'#value' => '
',
);
diff -Nurp ../content_access.orig/content_access.install ./content_access.install
--- ../content_access.orig/content_access.install 2010-06-22 15:12:22.000000000 -0500
+++ ./content_access.install 2010-06-22 15:12:38.000000000 -0500
@@ -52,7 +52,7 @@ function content_access_update_6001() {
// Migrate old ca settings to new available d6 permissions
$permissions = content_access_get_permissions_by_role();
$settings = content_access_get_settings();
-
+
foreach (node_get_types('names') as $type => $type_name) {
foreach (array('update', 'delete') as $op) {
// Set permission for roles that are allowed to access
diff -Nurp ../content_access.orig/content_access.module ./content_access.module
--- ../content_access.orig/content_access.module 2010-06-22 15:12:22.000000000 -0500
+++ ./content_access.module 2010-06-22 15:12:38.000000000 -0500
@@ -77,7 +77,7 @@ function content_access_node_access_reco
// Apply per node settings if necessary.
if (content_access_get_settings('per_node', $node->type)) {
$grants = array();
- foreach (array('view', 'update', 'delete') as $op) {
+ foreach (array('view', 'create', 'update', 'delete') as $op) {
foreach (content_access_get_rids_per_node_op($op, $node) as $rid) {
$grants[$rid]['grant_'. $op] = 1;
}
@@ -87,7 +87,7 @@ function content_access_node_access_reco
}
// Care for the author grant.
$grant = array();
- foreach (array('view', 'update', 'delete') as $op) {
+ foreach (array('view', 'create', 'update', 'delete') as $op) {
// Get all roles that have access to use $op on this node.
$any_roles = drupal_map_assoc(content_access_per_node_setting($op, $node));
$any_roles += ($op != 'view') ? content_access_get_settings($op, $node->type) : array();
@@ -193,7 +193,7 @@ function content_access_set_settings($se
* Return an array containing all available content_access settings.
*/
function content_access_available_settings() {
- return array('view', 'update', 'delete', 'view_own', 'update_own', 'delete_own', 'per_node', 'priority');
+ return array('view', 'create', 'update', 'delete', 'view_own', 'update_own', 'delete_own', 'per_node', 'priority');
}
/**
@@ -206,6 +206,7 @@ function content_access_get_setting_defa
case 'view':
case 'view_own':
return array(DRUPAL_ANONYMOUS_RID, DRUPAL_AUTHENTICATED_RID);
+ case 'create':
case 'update':
case 'update_own':
case 'delete':
@@ -238,6 +239,8 @@ function content_access_get_permission_b
switch ($op) {
default:
return FALSE;
+ case 'create':
+ return 'create '. $type .' content';
case 'update':
return 'edit any '. $type .' content';
case 'update_own':
@@ -387,7 +390,7 @@ function content_access_delete_per_node_
content_access_per_node_setting(NULL, $node, FALSE);
// Delete possible acl settings
if (module_exists('acl')) {
- foreach (array('view', 'update', 'delete') as $op) {
+ foreach (array('view', 'create', 'update', 'delete') as $op) {
$acl_id = content_access_get_acl_id($node, $op);
acl_delete_acl($acl_id);
}
@@ -416,9 +419,9 @@ function content_access_get_per_node_set
* The grants are compared with the normal access control settings.
*/
function content_access_optimize_grants(&$grants, $node) {
- $rids = array('view' => array(), 'update' => array(), 'delete' => array());
+ $rids = array('view' => array(), 'create' => array(), 'update' => array(), 'delete' => array());
foreach ($grants as $key => $grant) {
- foreach (array('view', 'update', 'delete') as $op) {
+ foreach (array('view', 'create', 'update', 'delete') as $op) {
if (is_numeric($key) && !empty($grant['grant_'. $op])) {
$rids[$op][] = $key;
}
@@ -429,10 +432,10 @@ function content_access_optimize_grants(
if (count(array_diff($all, $rids['view'])) == 0) {
//grant view access to all instead of single roles
$rids['view'] = array('all');
- $grants['all'] = array('realm' => 'all', 'gid' => 0, 'grant_view' => 1, 'grant_update' => 0, 'grant_delete' => 0, 'priority' => content_access_get_settings('priority', $node->type));
+ $grants['all'] = array('realm' => 'all', 'gid' => 0, 'grant_view' => 1, 'grand_create' => 0, 'grant_update' => 0, 'grant_delete' => 0, 'priority' => content_access_get_settings('priority', $node->type));
}
// If authenticated users are involved, remove unnecessary other roles.
- foreach (array('view', 'update', 'delete') as $op) {
+ foreach (array('view', 'create', 'update', 'delete') as $op) {
if (in_array(DRUPAL_AUTHENTICATED_RID, $rids[$op])) {
$rids[$op] = in_array(DRUPAL_ANONYMOUS_RID, $rids[$op]) ? array(DRUPAL_ANONYMOUS_RID, DRUPAL_AUTHENTICATED_RID) : array(DRUPAL_AUTHENTICATED_RID);
}
@@ -443,7 +446,7 @@ function content_access_optimize_grants(
if (!is_numeric($key)) {
continue;
}
- foreach (array('view', 'update', 'delete') as $op) {
+ foreach (array('view', 'create', 'update', 'delete') as $op) {
if ($grant['grant_'. $op] && in_array($key, $rids[$op])) {
//it's still here, so we can't remove this grant
continue 2;
@@ -460,6 +463,7 @@ function content_access_optimize_grants(
*/
function content_access_node_type($op, $info) {
switch ($op) {
+ // FIXME: does 'create' support need to be added here?
case 'delete':
$settings = content_access_get_settings();
foreach (content_access_available_settings() as $setting) {
@@ -514,5 +518,5 @@ function content_access_form_alter(&$for
* Returns an array of operations used by the module.
*/
function _content_access_get_operations() {
- return array('view', 'view_own', 'update', 'update_own', 'delete', 'delete_own');
-}
\ No newline at end of file
+ return array('view', 'view_own', 'create', 'update', 'update_own', 'delete', 'delete_own');
+}