Add ACL support for create operations on content types
Create support has not been added for individual nodes as this does not make any sense


diff -Nurp ../content_access.orig/content_access.admin.inc ./content_access.admin.inc
--- ../content_access.orig/content_access.admin.inc	2010-06-22 15:12:22.000000000 -0500
+++ ./content_access.admin.inc	2010-06-22 15:12:38.000000000 -0500
@@ -17,10 +17,12 @@ function content_access_page(&$form_stat
   drupal_set_title(t('Access control for %title', array('%title' => $node->title)));
 
   foreach (_content_access_get_operations() as $op) {
+    if ($op == 'create') continue;
+
     $defaults[$op] = content_access_per_node_setting($op, $node);
   }
 
-  $form = content_access_role_based_form($defaults);
+  $form = content_access_role_based_form($defaults, FALSE);
   // Add a after_build handler that disables checkboxes, which are enforced by permissions.
   $form['per_role']['#after_build'] = array('content_access_force_permissions');
 
@@ -67,6 +69,8 @@ function content_access_page_submit($for
   $settings = array();
   $node = $form_state['node'];
   foreach (_content_access_get_operations() as $op) {
+    if ($op == 'create') continue;
+
     // Set the settings so that further calls will return this settings.
     $settings[$op] = array_keys(array_filter($form_state['values'][$op]));
   }
@@ -142,7 +146,7 @@ function content_access_admin_settings(&
 function content_access_admin_settings_submit($form, &$form_state) {
   // Where possible let the drupal permissions system handle access control.
   $permissions = content_access_get_permissions_by_role();
-  foreach (array('update', 'update_own', 'delete', 'delete_own') as $op) {
+  foreach (array('create', 'update', 'update_own', 'delete', 'delete_own') as $op) {
     foreach ($form_state['values'][$op] as $rid => $value) {
       $permissions[$rid][ content_access_get_permission_by_op($op, $form_state['type']) ] = $value;
     }
@@ -241,10 +245,12 @@ function content_access_save_permissions
  * @param $defaults
  *   Array of defaults for all operations.
  */
-function content_access_role_based_form($defaults = array()) {
+function content_access_role_based_form($defaults = array(), $admin = TRUE) {
 
   // Make sure defaults are set properly
   foreach (_content_access_get_operations() as $op) {
+    if (!$admin && $op == 'create') continue;
+
     $defaults += array($op => array());
   }
 
@@ -282,6 +288,16 @@ function content_access_role_based_form(
     '#default_value' => $defaults['delete'],
     '#process' => array('expand_checkboxes', 'content_access_disable_checkboxes'),
   );
+  if ($admin){
+    $form['per_role']['create'] = array('#type' => 'checkboxes',
+      '#prefix' => '<div class="content_access-div">',
+      '#suffix' => '</div>',
+      '#options' => $roles,
+      '#title' => t('Create content'),
+      '#default_value' => $defaults['create'],
+      '#process' => array('expand_checkboxes', 'content_access_disable_checkboxes'),
+    );
+  }
   $form['per_role']['clearer'] = array(
     '#value' => '<br clear="all" />',
   );
diff -Nurp ../content_access.orig/content_access.install ./content_access.install
--- ../content_access.orig/content_access.install	2010-06-22 15:12:22.000000000 -0500
+++ ./content_access.install	2010-06-22 15:12:38.000000000 -0500
@@ -52,7 +52,7 @@ function content_access_update_6001() {
   // Migrate old ca settings to new available d6 permissions
   $permissions = content_access_get_permissions_by_role();
   $settings = content_access_get_settings();
-  
+
   foreach (node_get_types('names') as $type => $type_name) {
     foreach (array('update', 'delete') as $op) {
       // Set permission for roles that are allowed to access
diff -Nurp ../content_access.orig/content_access.module ./content_access.module
--- ../content_access.orig/content_access.module	2010-06-22 15:12:22.000000000 -0500
+++ ./content_access.module	2010-06-22 15:12:38.000000000 -0500
@@ -77,7 +77,7 @@ function content_access_node_access_reco
   // Apply per node settings if necessary.
   if (content_access_get_settings('per_node', $node->type)) {
     $grants = array();
-    foreach (array('view', 'update', 'delete') as $op) {
+    foreach (array('view', 'create', 'update', 'delete') as $op) {
       foreach (content_access_get_rids_per_node_op($op, $node) as $rid) {
         $grants[$rid]['grant_'. $op] = 1;
       }
@@ -87,7 +87,7 @@ function content_access_node_access_reco
     }
     // Care for the author grant.
     $grant = array();
-    foreach (array('view', 'update', 'delete') as $op) {
+    foreach (array('view', 'create', 'update', 'delete') as $op) {
       // Get all roles that have access to use $op on this node.
       $any_roles = drupal_map_assoc(content_access_per_node_setting($op, $node));
       $any_roles += ($op != 'view') ? content_access_get_settings($op, $node->type) : array();
@@ -193,7 +193,7 @@ function content_access_set_settings($se
  * Return an array containing all available content_access settings.
  */
 function content_access_available_settings() {
-  return array('view', 'update', 'delete', 'view_own', 'update_own', 'delete_own', 'per_node', 'priority');
+  return array('view', 'create', 'update', 'delete', 'view_own', 'update_own', 'delete_own', 'per_node', 'priority');
 }
 
 /**
@@ -206,6 +206,7 @@ function content_access_get_setting_defa
     case 'view':
     case 'view_own':
       return array(DRUPAL_ANONYMOUS_RID, DRUPAL_AUTHENTICATED_RID);
+    case 'create':
     case 'update':
     case 'update_own':
     case 'delete':
@@ -238,6 +239,8 @@ function content_access_get_permission_b
   switch ($op) {
     default:
       return FALSE;
+    case 'create':
+      return 'create '. $type .' content';
     case 'update':
       return 'edit any '. $type .' content';
     case 'update_own':
@@ -387,7 +390,7 @@ function content_access_delete_per_node_
   content_access_per_node_setting(NULL, $node, FALSE);
   // Delete possible acl settings
   if (module_exists('acl')) {
-    foreach (array('view', 'update', 'delete') as $op) {
+    foreach (array('view', 'create', 'update', 'delete') as $op) {
       $acl_id = content_access_get_acl_id($node, $op);
       acl_delete_acl($acl_id);
     }
@@ -416,9 +419,9 @@ function content_access_get_per_node_set
  *   The grants are compared with the normal access control settings.
  */
 function content_access_optimize_grants(&$grants, $node) {
-  $rids = array('view' => array(), 'update' => array(), 'delete' => array());
+  $rids = array('view' => array(), 'create' => array(), 'update' => array(), 'delete' => array());
   foreach ($grants as $key => $grant) {
-    foreach (array('view', 'update', 'delete') as $op) {
+    foreach (array('view', 'create', 'update', 'delete') as $op) {
       if (is_numeric($key) && !empty($grant['grant_'. $op])) {
         $rids[$op][] = $key;
       }
@@ -429,10 +432,10 @@ function content_access_optimize_grants(
   if (count(array_diff($all, $rids['view'])) == 0) {
     //grant view access to all instead of single roles
     $rids['view'] = array('all');
-    $grants['all'] = array('realm' => 'all', 'gid' => 0, 'grant_view' => 1, 'grant_update' => 0, 'grant_delete' => 0, 'priority' => content_access_get_settings('priority', $node->type));
+    $grants['all'] = array('realm' => 'all', 'gid' => 0, 'grant_view' => 1, 'grand_create' => 0, 'grant_update' => 0, 'grant_delete' => 0, 'priority' => content_access_get_settings('priority', $node->type));
   }
   // If authenticated users are involved, remove unnecessary other roles.
-  foreach (array('view', 'update', 'delete') as $op) {
+  foreach (array('view', 'create', 'update', 'delete') as $op) {
     if (in_array(DRUPAL_AUTHENTICATED_RID, $rids[$op])) {
       $rids[$op] = in_array(DRUPAL_ANONYMOUS_RID, $rids[$op]) ? array(DRUPAL_ANONYMOUS_RID, DRUPAL_AUTHENTICATED_RID) : array(DRUPAL_AUTHENTICATED_RID);
     }
@@ -443,7 +446,7 @@ function content_access_optimize_grants(
     if (!is_numeric($key)) {
       continue;
     }
-    foreach (array('view', 'update', 'delete') as $op) {
+    foreach (array('view', 'create', 'update', 'delete') as $op) {
       if ($grant['grant_'. $op] && in_array($key, $rids[$op])) {
         //it's still here, so we can't remove this grant
         continue 2;
@@ -460,6 +463,7 @@ function content_access_optimize_grants(
  */
 function content_access_node_type($op, $info) {
   switch ($op) {
+    // FIXME: does 'create' support need to be added here?
     case 'delete':
       $settings = content_access_get_settings();
       foreach (content_access_available_settings() as $setting) {
@@ -514,5 +518,5 @@ function content_access_form_alter(&$for
  * Returns an array of operations used by the module.
  */
 function _content_access_get_operations() {
-  return array('view', 'view_own', 'update', 'update_own', 'delete', 'delete_own');
-}
\ No newline at end of file
+  return array('view', 'view_own', 'create', 'update', 'update_own', 'delete', 'delete_own');
+}