You are here

function content_lock_release_own_item in Content locking (anti-concurrent editing) 7

Same name and namespace in other branches
  1. 6.2 content_lock.module \content_lock_release_own_item()
  2. 6 content_lock.module \content_lock_release_own_item()
  3. 7.3 includes/content_lock.pages.inc \content_lock_release_own_item()
  4. 7.2 content_lock.module \content_lock_release_own_item()

Release the lock of a node. We are using the current users uid, so the user only can delete his own locks. We never fail, as if the lock does not exist, the node is unlocked anyway

Parameters

$response: When set to FALSE, indicates that the request was made through ajax. This means that we shouldn't talk to the user. It also means that we should compare the ajax_key to fix the page Reload bug (http://drupal.org/node/1049708). In the page reload bug, the browser sends a request to load the edit page and simultaneously sends an AJAX request asking for the node to be unlocked. By changing the ajax_key when responding to the browser, we can detect that the soon-to-come ajax request is from the previous page load and that it should be ignored.

$ignore_token: Use this to disable the anti-CSRF token check. This should only be disabled when some other means is being used to prevent CSRF. Drupal forms, for example, are already protected by the equivalent of a token—we need not and may not go adding tokens to the node forms we hijack.

1 call to content_lock_release_own_item()
content_lock_cancel_submit in ./content_lock.module
Callback for a cancel request on a form
1 string reference to 'content_lock_release_own_item'
content_lock_menu in ./content_lock.module
Implementation of hook_menu().

File

./content_lock.module, line 761
Allows users to lock documents for modification.

Code

function content_lock_release_own_item($nid, $response = TRUE, $ignore_token = FALSE) {
  global $user;
  if (!$ignore_token) {
    if (!isset($_GET['token']) || !drupal_valid_token($_GET['token'], "content_lock/release/{$nid}")) {
      return MENU_ACCESS_DENIED;
    }
  }
  if ($nid != NULL) {

    /*
     * Imply that this is an AJAX request if we aren't expected to
     * interface with a human.
     */
    if (!$response) {
      $lock = content_lock_fetch_lock($nid);
      if (strcmp($_GET['k'], $lock->ajax_key)) {

        /* the key doesn't match, don't unlock the node */
        if ($response) {
          drupal_set_message('Trounced AJAX unlock request.', 'status', FALSE);
        }
        exit;
      }
    }
    content_lock_release($nid, $user->uid);

    // drupal_get_messages();
    if ($response) {
      drupal_goto("node/{$nid}");
    }
    else {
      exit;
    }
  }
  else {

    // thats what we do, if a user was creating a node and canceled
    if ($response) {
      drupal_goto();
    }
    else {
      exit;
    }
  }
}