function _book_access_restrict_options in Book access 5

We don't want users to be able to add child pages to pages they do not have 'update' grants for, so we remove select options which point to book pages user does not have that grant for.

1 call to _book_access_restrict_options()

book_access_form_alter in ./book_access.module

Implements hook_form_alter().

File

./book_access.module, line 343

Allows access control for Drupal book nodes.

Code

function _book_access_restrict_options(&$options) {
  global $user;
  $permitted_nids = NULL;
  if ($user->uid == 0 || user_access('administer nodes')) {
    return;
  }
  $sql = "SELECT nid\n    FROM {node_access}\n    WHERE realm = 'book_access'\n    AND gid IN (%s)\n    AND grant_update > 0";
  $results = db_query($sql, implode(',', array_keys($user->roles)));
  while ($result = db_fetch_object($results)) {
    $permitted_nids[$result->nid] = $result->nid;
  }
  if (!empty($options)) {
    foreach ($options as $nid => $value) {
      if ($nid > 0 && !isset($permitted_nids[$nid])) {
        unset($options[$nid]);
      }
    }
  }
}