You are here

function content_access_optimize_grants in Content Access 6

Same name and namespace in other branches
  1. 8 content_access.module \content_access_optimize_grants()
  2. 5 content_access.module \content_access_optimize_grants()
  3. 7 content_access.module \content_access_optimize_grants()

Removes grants that doesn't change anything.

@note The grants are compared with the normal access control settings.

1 call to content_access_optimize_grants()
content_access_node_access_records in ./content_access.module
Implementation of hook_node_access_records()

File

./content_access.module, line 451
Content access module file.

Code

function content_access_optimize_grants(&$grants, $node) {
  $rids = array(
    'view' => array(),
    'update' => array(),
    'delete' => array(),
  );
  foreach ($grants as $key => $grant) {
    foreach (array(
      'view',
      'update',
      'delete',
    ) as $op) {
      if (is_numeric($key) && !empty($grant['grant_' . $op])) {
        $rids[$op][] = $key;
      }
    }
  }

  // Detect if all are allowed to view
  $all = array(
    DRUPAL_ANONYMOUS_RID,
    DRUPAL_AUTHENTICATED_RID,
  );
  if (count(array_diff($all, $rids['view'])) == 0) {

    //grant view access to all instead of single roles
    $rids['view'] = array(
      'all',
    );
    $grants['all'] = array(
      'realm' => 'all',
      'gid' => 0,
      'grant_view' => 1,
      'grant_update' => 0,
      'grant_delete' => 0,
      'priority' => content_access_get_settings('priority', $node->type),
    );
  }

  // If authenticated users are involved, remove unnecessary other roles.
  foreach (array(
    'view',
    'update',
    'delete',
  ) as $op) {
    if (in_array(DRUPAL_AUTHENTICATED_RID, $rids[$op])) {
      $rids[$op] = in_array(DRUPAL_ANONYMOUS_RID, $rids[$op]) ? array(
        DRUPAL_ANONYMOUS_RID,
        DRUPAL_AUTHENTICATED_RID,
      ) : array(
        DRUPAL_AUTHENTICATED_RID,
      );
    }
  }

  // Now let's remove unnecessary grants, if any.
  foreach ($grants as $key => $grant) {
    if (!is_numeric($key)) {
      continue;
    }
    foreach (array(
      'view',
      'update',
      'delete',
    ) as $op) {
      if ($grant['grant_' . $op] && in_array($key, $rids[$op])) {

        //it's still here, so we can't remove this grant
        continue 2;
      }
    }

    //ok, remove it
    unset($grants[$key]);
  }
}