You are here

function _devel_node_access_explain_access in Devel 6

Same name and namespace in other branches
  1. 7 devel_node_access.module \_devel_node_access_explain_access()

Helper function that mimicks node.module's node_access() function.

Unfortunately, this needs to be updated manually whenever node.module changes!

Return value

An array suitable for theming with theme_dna_permission().

1 call to _devel_node_access_explain_access()
devel_node_access_block in ./devel_node_access.module

File

./devel_node_access.module, line 554
This module gives developers feedback as to what their node_access table contains, and which nodes are protected or visible to the public.

Code

function _devel_node_access_explain_access($op, $node, $account = NULL) {
  global $user;
  static $filter_formats;
  if (is_numeric($node) && !($node = node_load($node))) {
    return array(
      FALSE,
      '???',
      t('Unable to load the node – this should never happen!'),
    );
  }
  if ($op == 'create' && is_object($node)) {
    $node = $node->type;
  }
  if (!empty($account)) {
    $filter_formats = filter_formats();

    // use real current user first!
    // To try to get the most authentic result we impersonate the given user!
    // This may reveal bugs in other modules, leading to contradictory results.
    $saved_user = $user;
    session_save_session(FALSE);
    $user = $account;
    $result = _devel_node_access_explain_access($op, $node, NULL);
    $user = $saved_user;
    session_save_session(TRUE);
    $second_opinion = node_access($op, $node, $account);
    if ($second_opinion != $result[0]) {
      $result[1] .= '<span class="' . ($second_opinion ? 'ok' : 'error') . '" title="Core seems to disagree on this item. This is a bug in either DNA or Core and should be fixed! Try to look at this node as this user and check whether there is still disagreement.">*</span>';
    }
    return $result;
  }
  $variables = array(
    '!NO' => t('NO'),
    '!YES' => t('YES'),
  );
  if ($op == 'update' && !_devel_node_access_filter_access($node->format)) {
    return array(
      FALSE,
      t('!NO: input format', $variables),
      t("!NO: This user is not allowed to use the input format '!format' (!fid).", $variables += array(
        '!fid' => $node->format,
        '!format' => isset($filter_formats[$node->format]) ? $filter_formats[$node->format]->name : '***',
      )),
    );
  }
  if (user_access('administer nodes')) {
    return array(
      TRUE,
      t('!YES: administer nodes', $variables),
      t("!YES: This user has the '!administer_nodes' permission and may do everything with nodes.", $variables += array(
        '!administer_nodes' => t('administer nodes'),
      )),
    );
  }
  elseif (!user_access('access content')) {
    return array(
      FALSE,
      t('!NO: access content', $variables),
      t("!NO: This user does not have the '!access_content' permission and is denied doing anything with content.", $variables += array(
        '!access_content' => t('access content'),
      )),
    );
  }
  $module = node_get_types('module', $node);
  $access = module_invoke($module == 'node' ? 'node_content' : $module, 'access', $op, $node, $user);
  if (!is_null($access)) {
    $variables += array(
      '@module' => $module,
      '@content_type' => is_object($node) ? $node->type : $node,
    );
    if ($access) {
      return array(
        TRUE,
        t('!YES: by the module', $variables),
        t("!YES: The '@module' module (which defines the '@content_type' content type) allows this, probably based on some permission.", $variables),
      );
    }
    else {
      return array(
        FALSE,
        t('!NO: by the module', $variables),
        t("!NO: The '@module' module (which defines the '@content_type' content type) denies this.", $variables),
      );
    }
  }
  if ($op != 'create' && $node->nid && $node->status) {
    if (node_access($op, $node, $user)) {

      // delegate this part
      $variables['@node_access_table'] = '{node_access}';
      return array(
        TRUE,
        t('!YES: @node_access_table', $variables),
        t('!YES: Node access allows this based on one or more records in the @node_access_table table (see the other DNA block!).', $variables),
      );
    }
    else {
      return array(
        FALSE,
        t('!NO: node access', $variables),
        t('!NO: Node access denies this.', $variables),
      );
    }
  }
  if ($op == 'view' && $user->uid == $node->uid && $user->uid != 0) {
    return array(
      TRUE,
      t('!YES: own node', $variables),
      t('!YES: The user may view his/her own node.', $variables),
    );
  }
  return array(
    FALSE,
    t('!NO: no reason', $variables),
    t("!NO: None of the checks resulted in allowing this, so it's denied.", $variables) . ($op != 'create' && !$node->status ? ' ' . t('Node access was not checked because the node is not published.') : '') . ($op == 'create' ? ' ' . t('This is most likely due to a withheld permission.') : ''),
  );
}