diff --git a/subuser.install b/subuser.install index f9191a5..1860403 100644 --- a/subuser.install +++ b/subuser.install @@ -11,7 +11,7 @@ */ function subuser_install() { $record = array( - 'predicate' => 'subuser', + 'relation_type' => 'subuser', 'label' => t('Subuser'), 'directional' => TRUE, 'source_bundles' => array('user:user'), diff --git a/subuser.module b/subuser.module index d96f174..2d34ade 100644 --- a/subuser.module +++ b/subuser.module @@ -53,6 +53,39 @@ function subuser_menu() { */ function subuser_menu_alter(&$items) { $items['admin/people/create']['access callback'] = 'subuser_access_create_callback'; + $items['user/%user']['access callback'] = 'subuser_access_view_callback'; + $items['user/%user/cancel']['access callback'] = 'subuser_access_delete_callback'; + $items['user/%user/cancel/confirm/%/%']['access callback'] = 'subuser_access_delete_callback'; + $items['user/%user/edit']['access callback'] = 'subuser_access_edit_callback'; +} + +/** + * Implements hook_profile2_access(). + */ +function subuser_profile2_access($op, $profile = NULL, $account = NULL) { + global $suer; + // Fall through if we're not checking access for the current user account + if ((!isset($account) || $account->uid == $user->uid) && isset($profile->uid)) { + switch ($op) { + case 'view': + if (subuser_access_view_callback($profile->uid)) { + return TRUE; + } + break; + + case 'edit': + if (subuser_access_edit_callback($profile->uid)) { + return TRUE; + } + break; + + case 'delete': + if (subuser_access_delete_callback($profile->uid)) { + return TRUE; + } + } + // Do not explicitly deny access so others may still grant access. + } } /** @@ -78,6 +111,70 @@ function subuser_access_create($account = NULL) { } /** + * Our access callback for user editing - only permits users with + * 'Administering subuser profiles' to edit user or parent-user to edit subusers + * + * @param $account + * the account being edited (user object or uid) + */ +function subuser_access_edit_callback($account){ + global $user; + $children = subuser_load_all($user); + $acct_uid = is_object($account) ? $account->uid : $account; + + return (($user->uid == $acct_uid) || user_access('administer users') || + (user_access('administer subusers') && in_array($acct_uid, $children)) + ) && $acct_uid > 0; +} + +/** + * Our access callback for user deleting - only permits users with + * 'Administering subuser profiles' to delete user or parent-user to delete subusers + * + * @param $account + * the account being deleted (user object or uid) + */ +function subuser_access_delete_callback($account) { + global $user; + $children = subuser_load_all($user); + $acct_uid = is_object($account) ? $account->uid : $account; + + return ((($user->uid == $acct_uid) && user_access('cancel account') || + (user_access('administer subusers') && in_array($acct_uid, $children)) + ) || user_access('administer users')) && $acct_uid > 0; +} + +/** + * Our access callback for user viewing - only permits users with + * 'Administering subuser profiles' to view user or parent-user to view subusers + * + * @param $account + * the account being viewed (user object or uid) + */ +function subuser_access_view_callback($account) { + global $user; + $children = subuser_load_all($user); + $acct_uid = is_object($account) ? $account->uid : $account; + + // Never allow access to view the anonymous user account. + if ($acct_uid) { + // Admins can view all, users can view own profiles at all times. + if ($user->uid == $acct_uid || user_access('administer users') || + (user_access('administer subusers') && in_array($acct_uid, $children))) { + return TRUE; + } + elseif (user_access('access user profiles')) { + // At this point, load the complete account object. + if (!is_object($account)) { + $account = user_load((int) $acct_uid); + } + return (is_object($account) && $account->access && $account->status); + } + } + return FALSE; +} + +/** * Determine whether the user has a given privilege. * * If not subuser_access_create() is checked to determin if the permission @@ -151,7 +248,8 @@ function subuser_user_register_form_submit($form, &$form_state) { array('entity_type' => 'user', 'entity_id' => $form_state['user']->uid), array('entity_type' => 'user', 'entity_id' => $user->uid), ); - relation_create('subuser', $endpoints); + $relation = relation_create('subuser', $endpoints); + relation_save($relation); } } @@ -167,12 +265,22 @@ function subuser_user_register_form_submit($form, &$form_state) { * An associative array of related accounts were key and value is user ID. */ function subuser_load_all($account, $children = TRUE) { - $users = array(); - foreach (relation_query('user', $account->uid, (int) $children)->execute() as $result) { - $relation = relation_load($result->rid, $result->vid); - $users[$uid = (int) $relation->endpoints[LANGUAGE_NONE][0]['entity_id']] = $uid; + + $subusers = &drupal_static(__FUNCTION__); + // Our 'subuser' relation has the child entity at index 0, parent at 1. + $cp = empty($children) ? 1 : 0; + if (!isset($subusers[$account->uid][$cp])) { + + $users = array(); + foreach (relation_query('user', $account->uid, (int) $children)->execute() as $result) { + $relation = relation_load($result->rid, $result->vid); + if ($relation->relation_type == 'subuser') { + $users[$uid = (int) $relation->endpoints[LANGUAGE_NONE][$cp]['entity_id']] = $uid; + } + } + $subusers[$account->uid][$cp] = $users; } - return $users; + return $subusers[$account->uid][$cp]; } /** diff --git a/subuser.views_default.inc b/subuser.views_default.inc index f64d3b0..f1cfb65 100644 --- a/subuser.views_default.inc +++ b/subuser.views_default.inc @@ -32,7 +32,7 @@ function subuser_views_default_views() { $handler->display->display_options['exposed_form']['type'] = 'basic'; $handler->display->display_options['pager']['type'] = 'full'; $handler->display->display_options['pager']['options']['items_per_page'] = '10'; - $handler->display->display_options['style_plugin'] = 'bulk'; + $handler->display->display_options['style_plugin'] = 'table'; $handler->display->display_options['style_options']['columns'] = array( 'name' => 'name', 'rid' => 'rid',