You are here

Home » API reference » Location 7.3 » location_search.module

function location_search_add_access_control in Location 7.3

Add access control for users & nodes to the search query.

Parameters

object &$query: The query object.

Return value

bool Boolean for whether or not to run a query at all.

1 call to location_search_add_access_control()
location_search_search_execute in contrib/location_search/location_search.module
Implements hook_search_execute().

File

contrib/location_search/location_search.module, line 231
Location search interface.

Code

function location_search_add_access_control(&$query) {

  // Add access control.
  $has_user_location_access = user_access('access user profiles') && user_access('view all user locations');
  $has_content_access = user_access('access content');
  if (!$has_user_location_access && !$has_content_access) {

    // The user has access to no locations.
    return FALSE;
  }
  elseif ($has_user_location_access && !$has_content_access) {

    // The user doesn't have access to nodes, so include only locations
    // that don't belong to nodes.
    $query
      ->join('location_instance', 'li', 'l.lid = li.lid AND li.nid = 0');
  }
  elseif (!$has_user_location_access && $has_content_access) {

    // The user doesn't have access to user locations, so include only
    // locations that don't belong to users.
    // This also means we'll need to enforce node access.
    $query
      ->join('location_instance', 'li', 'l.lid = li.lid AND li.uid = 0');
    $query
      ->join('node', 'n', 'li.nid = n.nid AND n.status = 1');
    $query
      ->addMetaData('base_table', 'node');
    $query
      ->addTag('node_access');
  }
  else {

    // The user has access to both.  However, for the locations that
    // belong to nodes, we need to use node access. These are the ones with
    // location_instance.nid != 0
    // location_instance.nid = 0 means the location instance belongs
    // to a user record.
    $query
      ->join('location_instance', 'li', 'l.lid = li.lid');
    $query
      ->leftjoin('node', 'n', 'li.nid = n.nid AND n.status = 1');

    // The node part must use a sub-select because if the node access
    // rewrites get added to the main query there will never be any user
    // results because location instance will be inner joined to node access.
    $subselect = db_select('node', 'subnode');
    $subselect
      ->addField('subnode', 'nid');
    $subselect
      ->addMetaData('base_table', 'node');
    $subselect
      ->addTag('node_access');

    // If we pass in the subselect query object then when the pager query is
    // run later on the node_access alterations don't get applied to the
    // subselect. So instead we pass in the array result set.
    $query
      ->condition(db_or()
      ->condition('li.uid', 0, '<>')
      ->condition(db_and()
      ->condition('li.nid', 0, '<>')
      ->condition('n.nid', $subselect
      ->execute()
      ->fetchCol(), 'IN')));
  }
  return TRUE;
}