content_access.rules.inc in Content Access 6
Rules specific functions that expose content_access' API.
File
content_access.rules.incView source
<?php
/**
* @file
* Rules specific functions that expose content_access' API.
*/
/**
* Adds the role based settings to the form.
*/
function content_access_rules_role_based_form($settings, &$form) {
module_load_include('inc', 'content_access', 'content_access.admin');
$form['#includes'][] = './' . drupal_get_path('module', 'content_access') . '/content_access.admin.inc';
$form += content_access_role_based_form($settings);
}
/**
* Parse submitted settings for per-node form into internal format.
*/
function content_access_parse_settings(&$settings, $form, $form_state) {
foreach (_content_access_get_operations() as $op) {
$settings[$op] = array_keys(array_filter($form_state['values'][$op]));
}
}
/**
* Verifies that per content settings are activated for the given node.
*/
function _content_access_rules_check_setting($node) {
if (!content_access_get_settings('per_node', $node->type)) {
rules_log(t("Can't set per content permissions for content type @type. Make sure to have per content settings activated for content types you want to alter access control for.", array(
'@type' => node_get_types('name', $node->type),
)), TRUE);
return FALSE;
}
return TRUE;
}
/**
* Implementation of hook_action_info().
*/
function content_access_rules_action_info() {
$items = array(
'content_access_action_grant_node_permissions' => array(
'label' => t('Grant content permissions by role'),
'arguments' => array(
'node' => array(
'type' => 'node',
'label' => t('Content'),
),
),
'module' => 'Content access',
),
'content_access_action_revoke_node_permissions' => array(
'label' => t('Revoke content permissions by role'),
'arguments' => array(
'node' => array(
'type' => 'node',
'label' => t('Content'),
),
),
'module' => 'Content access',
),
'content_access_action_reset_node_permissions' => array(
'label' => t('Reset content permissions'),
'arguments' => array(
'node' => array(
'type' => 'node',
'label' => t('Content'),
),
),
'module' => 'Content access',
),
);
if (module_exists('acl')) {
$items += array(
'content_access_action_acl_grant_access' => array(
'label' => t('Grant access for a user'),
'arguments' => array(
'node' => array(
'type' => 'node',
'label' => t('Content'),
),
'user' => array(
'type' => 'user',
'label' => t('User'),
),
),
'module' => 'Content access',
),
'content_access_action_acl_revoke_access' => array(
'label' => t('Revoke access for a user'),
'arguments' => array(
'node' => array(
'type' => 'node',
'label' => t('Content'),
),
'user' => array(
'type' => 'user',
'label' => t('User'),
),
),
'module' => 'Content access',
),
);
}
return $items;
}
/**
* Action implementation: Grant permissions for a node.
*/
function content_access_action_grant_node_permissions($node, $settings) {
if (_content_access_rules_check_setting($node)) {
$ca_settings = array();
foreach (_content_access_get_operations() as $op) {
$settings += array(
$op => array(),
);
$ca_settings[$op] = array_keys(array_flip(content_access_per_node_setting($op, $node)) + array_flip($settings[$op]));
}
content_access_save_per_node_settings($node, $ca_settings);
// A following node_save() updates the grants for us.
return array(
'node' => $node,
);
}
}
function content_access_action_grant_node_permissions_form($settings, &$form) {
content_access_rules_role_based_form($settings, $form);
}
function content_access_action_grant_node_permissions_submit(&$settings, $form, $form_state) {
content_access_parse_settings($settings, $form, $form_state);
}
/**
* Action implementation: Revoke permissions for a node.
*/
function content_access_action_revoke_node_permissions($node, $settings) {
if (_content_access_rules_check_setting($node)) {
$ca_settings = array();
foreach (_content_access_get_operations() as $op) {
$settings += array(
$op => array(),
);
$ca_settings[$op] = array_diff(content_access_per_node_setting($op, $node), $settings[$op]);
}
content_access_save_per_node_settings($node, $ca_settings);
// A following node_save() updates the grants for us.
return array(
'node' => $node,
);
}
}
function content_access_action_revoke_node_permissions_form($settings, &$form) {
content_access_rules_role_based_form($settings, $form);
}
function content_access_action_revoke_node_permissions_submit(&$settings, $form, $form_state) {
content_access_parse_settings($settings, $form, $form_state);
}
/**
* Action implementation: Grant access for a user.
*/
function content_access_action_acl_grant_access($node, $user, $settings) {
if (_content_access_rules_check_setting($node)) {
module_load_include('inc', 'content_access', 'content_access.admin');
foreach ($settings['ops'] as $op) {
$acl_id = content_access_get_acl_id($node, $op);
acl_add_user($acl_id, $user->uid);
acl_node_add_acl($node->nid, $acl_id, $op == 'view', $op == 'update', $op == 'delete', content_access_get_settings('priority', $node->type));
}
// A following node_save() updates the grants for us.
return array(
'node' => $node,
);
}
}
function content_access_action_acl_grant_access_form($settings, &$form) {
$settings += array(
'ops' => array(
'view',
'update',
'delete',
),
);
$form['settings']['ops'] = array(
'#type' => 'checkboxes',
'#options' => drupal_map_assoc(array(
'view',
'update',
'delete',
)),
'#title' => t('Operations to grant access for'),
'#default_value' => $settings['ops'],
);
}
function content_access_action_acl_grant_access_submit(&$settings, $form, $form_state) {
$settings['ops'] = array_filter($settings['ops']);
}
function content_access_action_acl_grant_access_help() {
return t("Note that this action is not going to revoke access for not chosen operations.");
}
function content_access_action_acl_grant_access_label($settings, $argument_labels) {
return t('Grant access for @user.', $argument_labels);
}
/**
* Action implementation: Revoke access for a user.
*/
function content_access_action_acl_revoke_access($node, $user, $settings) {
if (_content_access_rules_check_setting($node)) {
module_load_include('inc', 'content_access', 'content_access.admin');
foreach ($settings['ops'] as $op) {
$acl_id = content_access_get_acl_id($node, $op);
acl_remove_user($acl_id, $user->uid);
}
// A following node_save() updates the grants for us.
return array(
'node' => $node,
);
}
}
function content_access_action_acl_revoke_access_form($settings, &$form) {
$settings += array(
'ops' => array(
'view',
'update',
'delete',
),
);
$form['settings']['ops'] = array(
'#type' => 'checkboxes',
'#options' => drupal_map_assoc(array(
'view',
'update',
'delete',
)),
'#title' => t('Operations to revoke access for'),
'#default_value' => $settings['ops'],
);
}
function content_access_action_acl_revoke_access_submit(&$settings, $form, $form_state) {
$settings['ops'] = array_filter($settings['ops']);
}
function content_access_action_acl_revoke_access_help() {
return t("Note that this action is only able to revoke access that has been previously granted with the help of the content access module.");
}
function content_access_action_acl_revoke_access_label($settings, $argument_labels) {
return t('Revoke access for @user.', $argument_labels);
}
/**
* Action implementation: Reset permissions for a node.
*/
function content_access_action_reset_node_permissions($node) {
if (_content_access_rules_check_setting($node)) {
content_access_delete_per_node_settings($node);
// A following node_save() updates the grants for us.
return array(
'node' => $node,
);
}
}
/**
* Implementation of hook_condition_info().
*/
function content_access_rules_condition_info() {
return array(
'content_access_condition_check_permissions' => array(
'label' => t('Check role based settings'),
'arguments' => array(
'node' => array(
'type' => 'node',
'label' => t('Content'),
),
),
'help' => t('Evaluates to TRUE, if content access allows all selected operations for the given roles.'),
'module' => 'Content access',
),
);
}
/**
* Condition implementation: Check if node has permissions.
*
* @note
* This will only check for the existence of permissions, not the
* absence of. I.e. a rule that checks just for authenticated write
* will return TRUE for a node that allows authenticated and anonymous
* write.
*/
function content_access_condition_check_permissions($node, $settings) {
if (_content_access_rules_check_setting($node)) {
// Compare our settings with node's settings.
foreach (_content_access_get_operations() as $op) {
$settings += array(
$op => array(),
);
$expect_roles = $settings[$op];
$current_roles = content_access_per_node_setting($op, $node);
if (count(array_diff($expect_roles, $current_roles)) != 0) {
return FALSE;
}
}
return TRUE;
}
return FALSE;
}
function content_access_condition_check_permissions_form($settings, &$form) {
content_access_rules_role_based_form($settings, $form);
}
function content_access_condition_check_permissions_submit(&$settings, $form, $form_state) {
content_access_parse_settings($settings, $form, $form_state);
}
/**
* Automatically upgrade the old 'content_access_action_set_node_permissions' to an
* 'content_access_action_grant_node_permissions' action.
*/
function content_access_action_set_node_permissions_upgrade(&$element) {
$element['#name'] = 'content_access_action_grant_node_permissions';
}