ad_permission.module in Advertisement 5.2
Provide granular permissions for advertisements.
Copyright (c) 2008. Jeremy Andrews <jeremy@tag1consulting.com>.
File
permission/ad_permission.moduleView source
<?php
/**
* @file
* Provide granular permissions for advertisements.
*
* Copyright (c) 2008.
* Jeremy Andrews <jeremy@tag1consulting.com>.
*/
function ad_permission_menu($may_cache) {
if (!$may_cache) {
if (arg(0) == 'node' && is_numeric(arg(1)) && ad_permission(arg(1), 'manage owners')) {
$node = node_load(arg(1));
if ($node->adtype) {
$items[] = array(
'path' => "node/{$node->nid}/adowners",
'access' => ad_permission($node->nid, 'manage owners'),
'title' => t('Ad owners'),
'callback' => 'ad_permission_owners_overview',
'callback arguments' => array(
$node,
),
'type' => MENU_LOCAL_TASK,
'weight' => 5,
);
$items[] = array(
'path' => "node/{$node->nid}/adowners/list",
'access' => ad_permission($node->nid, 'manage owners'),
'title' => t('List'),
'type' => MENU_DEFAULT_LOCAL_TASK,
'weight' => 0,
);
if (is_numeric(arg(3))) {
$uid = arg(3);
$ad_user = user_load(array(
'uid' => $uid,
));
$items[] = array(
'path' => "node/{$node->nid}/adowners/{$uid}/permissions",
'title' => t('!owner\'s permissions', array(
'!owner' => $ad_user->name,
)),
'access' => ad_permission($node->nid, 'manage owners'),
'callback' => 'drupal_get_form',
'callback arguments' => array(
'ad_permission_owner',
$node->nid,
$uid,
),
'type' => MENU_LOCAL_TASK,
'weight' => 2,
);
$items[] = array(
'path' => "node/{$node->nid}/adowners/{$uid}/remove",
'callback' => 'drupal_get_form',
'callback arguments' => array(
'ad_permission_owner_remove',
$node->nid,
$uid,
),
'type' => MENU_CALLBACK,
'weight' => 6,
);
}
else {
$items[] = array(
'path' => "node/{$node->nid}/adowners/add",
'access' => ad_permission($node->nid, 'manage owners'),
'title' => t('Add'),
'callback' => 'drupal_get_form',
'callback arguments' => array(
'ad_permission_owner_add_form',
$node,
),
'type' => MENU_LOCAL_TASK,
'weight' => 4,
);
}
}
}
}
return $items;
}
/**
* Drupal _nodeapi hook.
*/
function ad_permission_nodeapi(&$node, $op, $teaser, $page) {
global $user;
switch ($op) {
case 'insert':
case 'update':
ad_permission_owners_add($node->nid, $node->uid);
ad_permission_create_hostid($node->uid);
break;
case 'delete':
// Clean up ad_permissions and any other per-ad tables.
$result = db_query('SELECT oid, uid FROM {ad_owners} WHERE aid = %d', $node->nid);
while ($id = db_fetch_object($result)) {
db_query('DELETE FROM {ad_permissions} WHERE oid = %d', $id->oid);
$owner = user_load(array(
'uid' => $id->uid,
));
// Tell plug-in modules to clean up.
module_invoke_all('adowners', 'remove', $id->oid, $owner);
}
db_query('DELETE FROM {ad_owners} WHERE aid = %d', $node->nid);
break;
}
}
/**
* Drupal _form_alter() hook.
*/
function ad_permission_form_alter($form_id, &$form) {
if ($form_id == 'ad_' . arg(4) . '_global_settings' || $form_id == 'ad_no_global_settings') {
if (!isset($form['adtype'])) {
$form['adtype'] = array(
'#type' => 'value',
'#value' => arg(4),
);
}
$permissions = module_invoke_all('adapi', 'permissions', NULL);
$all = array();
$perms = array();
foreach ($permissions as $permission => $default) {
if ($default) {
$perms[] = $permission;
}
$all[] = $permission;
}
$node = $form['node'];
$defaults = variable_get('ad_' . $form['adtype']['#value'] . '_default_permissions', $perms);
$form['permissions'] = array(
'#type' => 'fieldset',
'#title' => t('Permissions'),
'#collapsible' => TRUE,
'#description' => t('Select which permissions will be automatically granted to new owners of !type ads.', array(
'!type' => arg(4),
)),
);
$form['permissions']['default_permissions'] = array(
'#type' => 'checkboxes',
'#title' => t('Default permissions for !type ad owners', array(
'!type' => arg(4),
)),
'#options' => drupal_map_assoc($all),
'#default_value' => $defaults,
);
if (isset($form['save'])) {
$form['save']['#weight'] = 10;
}
$form['#submit'] = array(
'ad_permission_defaults_submit' => array(),
) + (array) $form['#submit'];
}
}
/**
* Submit handler for global settings of all ad types.
*
* @see ad_form_alter()
*/
function ad_permission_defaults_submit($form_id, &$form_values) {
variable_set('ad_' . $form_values['adtype'] . '_default_permissions', $form_values['default_permissions']);
unset($form_values['adtype'], $form_values['default_permissions']);
}
/**
* TODO: Make this themeable.
* TODO: Group permissions by module.
* TODO: Allow modules to define default value for permission.
*/
function ad_permission_owners_overview($node) {
// Be sure the node owner is listed as an ad owner
if (!db_result(db_query('SELECT oid FROM {ad_owners} WHERE uid = %d AND aid = %d', $node->uid, $node->nid))) {
ad_permission_owners_add($node->nid, $node->uid);
}
$header = array(
array(
'data' => t('Username'),
'field' => 'uid',
),
array(
'data' => t('Options'),
),
);
drupal_set_title($node->title);
$sql = "SELECT uid FROM {ad_owners} WHERE aid = {$node->nid}";
$sql .= tablesort_sql($header);
$result = pager_query($sql, 25);
$rows = array();
while ($ad = db_fetch_object($result)) {
$row = array();
$user = user_load(array(
'uid' => $ad->uid,
));
$row[] = $user->name;
$options = array();
// first option is 'permissions', plug-ins come afterwards
$options[] = l(t('permissions'), "node/{$node->nid}/adowners/{$user->uid}/permissions");
$options = array_merge($options, module_invoke_all('adowners', 'overview', $node->nid, $user->uid));
// node owner has to remain an ad owner
if ($ad->uid != $node->uid) {
$options[] = l(t('remove'), "node/{$node->nid}/adowners/{$user->uid}/remove");
}
$options = implode(' | ', $options);
$row[] = $options;
$rows[] = $row;
}
$output = theme('table', $header, $rows);
$output .= theme('pager', NULL, 25, 0);
return $output;
}
/**
* A simple form for adding new users as owners of ads.
*/
function ad_permission_owner_add_form($node) {
$form = array();
drupal_set_title($node->title);
$form['aid'] = array(
'#type' => 'value',
'#value' => $node->nid,
);
$form['username'] = array(
'#autocomplete_path' => 'user/autocomplete',
'#description' => t('Enter the username of the user who should have ownership permissions on this advertisement.'),
'#required' => TRUE,
'#type' => 'textfield',
'#title' => t('Username'),
);
$form['save'] = array(
'#type' => 'submit',
'#value' => t('Add owner'),
);
return $form;
}
function ad_permission_owner_add_form_validate($form_id, $form_values) {
$owner = user_load(array(
'name' => $form_values['username'],
));
if (!is_object($owner)) {
form_set_error('username', t('The specified username %username does not exist.', array(
'%username' => $form_values['username'],
)));
}
else {
if (db_result(db_query('SELECT oid FROM {ad_owners} WHERE uid = %d AND aid = %d', $owner->uid, $form_values['aid']))) {
form_set_error('username', t('The specified user %username is already an owner of this ad.', array(
'%username' => $form_values['username'],
)));
}
else {
if (!user_access('edit own advertisements', $owner) && !user_access('administer advertisements', $owner)) {
form_set_error('username', t('The specified user %username does not have <em>edit own advertisements</em> nor <em>administer advertisements</em> permissions. The user must be !assigned to a !role with these privileges before you can add them as an ad owner.', array(
'%username' => $form_values['username'],
'!assigned' => l(t('assigned'), "user/{$owner->uid}/edit"),
'!role' => l(t('role'), 'admin/user/access'),
)));
}
}
}
module_invoke_all('adowners', 'validate', $owner, $form_values['aid']);
}
function ad_permission_owner_add_form_submit($form_id, $form_values) {
$owner = user_load(array(
'name' => $form_values['username'],
));
if (!ad_permission_owners_add($form_values['aid'], $owner->uid)) {
form_set_error('username', t('The user is already an owner of the ad.'));
}
else {
drupal_set_message(t('The user %username has been added as an owner of this advertisement.', array(
'%username' => $form_values['username'],
)));
drupal_goto('node/' . $form_values['aid'] . "/adowners/{$owner->uid}/permissions");
}
}
function ad_permission_is_owner($aid, $account = NULL) {
global $user;
if (is_null($account)) {
$account = $user;
}
if (db_result(db_query('SELECT oid FROM {ad_owners} WHERE uid = %d AND aid = %d', $user->uid, $aid))) {
return 1;
}
else {
return 0;
}
}
/**
* Add an owner to an ad.
*/
function ad_permission_owners_add($aid, $uid, $permissions = array()) {
$node = node_load($aid);
if ($GLOBALS['db_type'] == 'pgsql') {
db_query('START TRANSACTION;');
}
else {
// MySQL, MySQLi
db_query('LOCK TABLES {ad_owners} WRITE');
}
if (!db_result(db_query('SELECT oid FROM {ad_owners} WHERE uid = %d AND aid = %d', $uid, $aid))) {
db_query('INSERT INTO {ad_owners} (aid, uid) VALUES(%d, %d)', $aid, $uid);
$rc = db_affected_rows() ? 1 : 0;
if (!$permissions) {
// use default permissions
$perms = array();
$permissions = module_invoke_all('adapi', 'permissions', $node);
foreach ($permissions as $permission => $default) {
if ($default) {
$perms[] = $permission;
}
}
$permissions = variable_get('ad_' . $node->adtype . '_default_permissions', $perms);
}
$oid = db_result(db_query("SELECT oid FROM {ad_owners} WHERE aid = %d and uid = %d", $aid, $uid));
if ($GLOBALS['db_type'] == 'pgsql') {
db_query('START TRANSACTION;');
}
else {
// MySQL, MySQLi
db_query('LOCK TABLES {ad_permissions} WRITE');
}
db_query('DELETE FROM {ad_permissions} WHERE oid = %d', $oid);
db_query("INSERT INTO {ad_permissions} VALUES(%d, '%s')", $oid, implode('|,|', $permissions));
module_invoke_all('adowners', 'add', $node, array(
'oid' => $oid,
'uid' => $uid,
'aid' => $aid,
));
}
if ($GLOBALS['db_type'] == 'pgsql') {
db_query('COMMIT;');
}
else {
// MySQL, MySQLi
db_query('UNLOCK TABLES');
}
return $rc;
}
/**
* Display a form with all available permissions and their status for the
* selected ad and ad owner.
*/
function ad_permission_owner($aid, $uid) {
$node = node_load($aid);
drupal_set_title($node->title);
$oid = db_result(db_query("SELECT oid FROM {ad_owners} WHERE aid = %d and uid = %d", $aid, $uid));
$granted = explode('|,|', db_result(db_query("SELECT permissions FROM {ad_permissions} WHERE oid = %d", $oid)));
$form['header'] = array(
'#type' => 'value',
'#value' => array(
t('permission'),
t('granted'),
),
);
$rows = array();
$node = node_load($aid);
$permissions = module_invoke_all('adapi', 'permissions', $node);
foreach ($permissions as $permission => $default) {
$form['permission']["{$permission}"] = array(
'#value' => t("{$permission}"),
);
$form['grant'][str_replace(' ', '_', "{$permission}")] = array(
'#type' => 'checkbox',
'#default_value' => in_array("{$permission}", $granted) ? 1 : 0,
);
}
$form['oid'] = array(
'#type' => 'hidden',
'#value' => $oid,
);
$form['aid'] = array(
'#type' => 'hidden',
'#value' => $aid,
);
$form['uid'] = array(
'#type' => 'hidden',
'#value' => $uid,
);
$form['submit'] = array(
'#type' => 'submit',
'#value' => t('Save'),
);
return $form;
}
/**
* Display ad owner permissions in a simple table.
*/
function theme_ad_permission_owner($form) {
$output = drupal_render($form['options']);
foreach (element_children($form['permission']) as $key) {
$row = array();
$row[] = drupal_render($form['permission']["{$key}"]);
$row[] = drupal_render($form['grant'][str_replace(' ', '_', "{$key}")]);
$rows[] = $row;
}
$output = theme('table', $form['header']['#value'], $rows);
$output .= drupal_render($form);
return $output;
}
/**
* Store the ad owner's updated permissions in the ad_permissions table.
*/
function ad_permission_owner_submit($form_id, $form_values) {
$permissions = module_invoke_all('adapi', 'permissions', array());
$perms = array();
foreach ($permissions as $permission => $default) {
if ($form_values[str_replace(' ', '_', "{$permission}")]) {
$perms[] = $permission;
}
}
if ($GLOBALS['db_type'] == 'pgsql') {
db_query('START TRANSACTION;');
}
else {
// MySQL, MySQLi
db_query('LOCK TABLES {ad_permissions} WRITE');
}
db_query('DELETE FROM {ad_permissions} WHERE oid = %d', $form_values['oid']);
db_query("INSERT INTO {ad_permissions} VALUES(%d, '%s')", $form_values['oid'], implode('|,|', $perms));
if ($GLOBALS['db_type'] == 'pgsql') {
db_query('COMMIT;');
}
else {
// MySQL, MySQLi
db_query('UNLOCK TABLES');
}
drupal_set_message(t('The permissions have been saved.'));
return "node/{$form_values['aid']}/adowners";
}
/**
* Determine whether the user has a given privilege.
*/
function ad_permission_check($aid, $string, $account) {
static $permissions = array();
if (!isset($permissions[$aid][$account->uid])) {
$oid = db_result(db_query("SELECT oid FROM {ad_owners} WHERE aid = %d and uid = %d", $aid, $account->uid));
$permissions[$aid][$account->uid] = explode('|,|', db_result(db_query("SELECT permissions FROM {ad_permissions} WHERE oid = %d", $oid)));
}
return in_array("{$string}", $permissions[$aid][$account->uid]);
}
/**
* Create a unique host id for each ad owner, used when displaying ads remotely.
*/
function ad_permission_create_hostid($uid) {
$hostid = db_result(db_query('SELECT hostid FROM {ad_hosts} WHERE uid = %d', $uid));
if (!$hostid) {
$hostid = md5($uid . time());
db_query("INSERT INTO {ad_hosts} (uid, hostid) VALUES (%d, '%s')", $uid, md5($uid . time()));
}
return $hostid;
}
function ad_permission_owner_remove($aid, $uid) {
$form['aid'] = array(
'#type' => 'value',
'#value' => $aid,
);
$form['uid'] = array(
'#type' => 'value',
'#value' => $uid,
);
$owner = user_load(array(
'uid' => $uid,
));
return confirm_form($form, t('Are you sure you want to remove user %name as an owner of this advertisement?', array(
'%name' => $owner->name,
)), "node/{$aid}/adowners", t('This action cannot be undone.'), t('Remove'), t('Cancel'));
}
/**
* Don't allow the removal of the primary owner of the advertisement.
*/
function ad_permission_owner_remove_validate($form_id, $form_values) {
$node = node_load($form_values['aid']);
if ($node->uid == $form_values['uid']) {
$owner = user_load(array(
'uid' => $form_values['uid'],
));
drupal_set_message(t('%name is the primary owner of this advertisement. You cannot remove the primary owner.', array(
'%name' => $owner->name,
)), 'error');
drupal_goto('node/' . $form_values['aid'] . '/adowners');
}
}
/**
* Remove the ad owner, and all associated permissions.
*/
function ad_permission_owner_remove_submit($form_id, $form_values) {
$oid = db_result(db_query('SELECT oid FROM {ad_owners} WHERE aid = %d AND uid = %d', $form_values['aid'], $form_values['uid']));
db_query('DELETE FROM {ad_owners} WHERE oid = %d', $oid);
db_query('DELETE FROM {ad_permissions} WHERE oid = %d', $oid);
$owner = user_load(array(
'uid' => $form_values['uid'],
));
module_invoke_all('adowners', 'remove', $oid, $owner);
drupal_set_message(t('The ad owner %name has been removed.', array(
'%name' => $owner->name,
)));
drupal_goto('node/' . $form_values['aid'] . '/adowners');
}Functions
Name |
Description |
|---|---|
| ad_permission_check | Determine whether the user has a given privilege. |
| ad_permission_create_hostid | Create a unique host id for each ad owner, used when displaying ads remotely. |
| ad_permission_defaults_submit | Submit handler for global settings of all ad types. |
| ad_permission_form_alter | Drupal _form_alter() hook. |
| ad_permission_is_owner | |
| ad_permission_menu | @file Provide granular permissions for advertisements. |
| ad_permission_nodeapi | Drupal _nodeapi hook. |
| ad_permission_owner | Display a form with all available permissions and their status for the selected ad and ad owner. |
| ad_permission_owners_add | Add an owner to an ad. |
| ad_permission_owners_overview | TODO: Make this themeable. TODO: Group permissions by module. TODO: Allow modules to define default value for permission. |
| ad_permission_owner_add_form | A simple form for adding new users as owners of ads. |
| ad_permission_owner_add_form_submit | |
| ad_permission_owner_add_form_validate | |
| ad_permission_owner_remove | |
| ad_permission_owner_remove_submit | Remove the ad owner, and all associated permissions. |
| ad_permission_owner_remove_validate | Don't allow the removal of the primary owner of the advertisement. |
| ad_permission_owner_submit | Store the ad owner's updated permissions in the ad_permissions table. |
| theme_ad_permission_owner | Display ad owner permissions in a simple table. |