You are here

function _node_revision_access in Drupal 6

Same name and namespace in other branches
  1. 7 modules/node/node.module \_node_revision_access()
1 string reference to '_node_revision_access'
node_menu in modules/node/node.module
Implementation of hook_menu().

File

modules/node/node.module, line 1393
The core that allows content to be submitted to the site. Modules and scripts may programmatically submit nodes using the usual form API pattern.

Code

function _node_revision_access($node, $op = 'view') {
  static $access = array();
  if (!isset($access[$node->vid])) {
    $node_current_revision = node_load($node->nid);
    $is_current_revision = $node_current_revision->vid == $node->vid;

    // There should be at least two revisions. If the vid of the given node
    // and the vid of the current revision differs, then we already have two
    // different revisions so there is no need for a separate database check.
    // Also, if you try to revert to or delete the current revision, that's
    // not good.
    if ($is_current_revision && (db_result(db_query('SELECT COUNT(vid) FROM {node_revisions} WHERE nid = %d', $node->nid)) == 1 || $op == 'update' || $op == 'delete')) {
      $access[$node->vid] = FALSE;
    }
    elseif (user_access('administer nodes')) {
      $access[$node->vid] = TRUE;
    }
    else {
      $map = array(
        'view' => 'view revisions',
        'update' => 'revert revisions',
        'delete' => 'delete revisions',
      );

      // First check the user permission, second check the access to the
      // current revision and finally, if the node passed in is not the current
      // revision then access to that, too.
      $access[$node->vid] = isset($map[$op]) && user_access($map[$op]) && node_access($op, $node_current_revision) && ($is_current_revision || node_access($op, $node));
    }
  }
  return $access[$node->vid];
}