While converting to a Drupal 7 version I need to re-implement an access schedule.

As the code is now entity aware the annotations can be cast on not only nodes but user, taxonomy terms etc.

As we have 4 different annotate scopes (private, editorial, contributers and others) this could lead to an access explosion.

We need to fix this somehow.

Comments

clemens.tolboom’s picture

clemens.tolboom
Primary language Dutch
Location Groningen, 🇳🇱/🇪🇺
CreditAttribution: clemens.tolboom commented

The access control is changed from a state of an annotation to a bundle settings.

The code

   $access = user_access( ANNOTATE_READ_ANNOTATION) ? '1' : '0';
    // Add where clause to query.
    $where = '((annotate.visibility = 3 AND annotate.nid IN (SELECT nid FROM annotate WHERE uid = ***CURRENT_USER***))
                OR (annotate.visibility = 1 AND note_node.uid= ***CURRENT_USER***)
                OR (annotate.visibility = 2)
                OR (annotate.uid = ***CURRENT_USER***)
                OR  ***CURRENT_USER*** = 1)
                AND '. $access;

should change to a bundle type test.

The two bundles available are private and editor but these are just names.

We need a setting on a bundle base to indicate 'private', 'editor', 'public'.