function location_search_add_access_control in Location 7.3
Add access control for users & nodes to the search query.
Parameters
object &$query: The query object.
Return value
bool Boolean for whether or not to run a query at all.
1 call to location_search_add_access_control()
- location_search_search_execute in contrib/
location_search/ location_search.module - Implements hook_search_execute().
File
- contrib/
location_search/ location_search.module, line 231 - Location search interface.
Code
function location_search_add_access_control(&$query) {
// Add access control.
$has_user_location_access = user_access('access user profiles') && user_access('view all user locations');
$has_content_access = user_access('access content');
if (!$has_user_location_access && !$has_content_access) {
// The user has access to no locations.
return FALSE;
}
elseif ($has_user_location_access && !$has_content_access) {
// The user doesn't have access to nodes, so include only locations
// that don't belong to nodes.
$query
->join('location_instance', 'li', 'l.lid = li.lid AND li.nid = 0');
}
elseif (!$has_user_location_access && $has_content_access) {
// The user doesn't have access to user locations, so include only
// locations that don't belong to users.
// This also means we'll need to enforce node access.
$query
->join('location_instance', 'li', 'l.lid = li.lid AND li.uid = 0');
$query
->join('node', 'n', 'li.nid = n.nid AND n.status = 1');
$query
->addMetaData('base_table', 'node');
$query
->addTag('node_access');
}
else {
// The user has access to both. However, for the locations that
// belong to nodes, we need to use node access. These are the ones with
// location_instance.nid != 0
// location_instance.nid = 0 means the location instance belongs
// to a user record.
$query
->join('location_instance', 'li', 'l.lid = li.lid');
$query
->leftjoin('node', 'n', 'li.nid = n.nid AND n.status = 1');
// The node part must use a sub-select because if the node access
// rewrites get added to the main query there will never be any user
// results because location instance will be inner joined to node access.
$subselect = db_select('node', 'subnode');
$subselect
->addField('subnode', 'nid');
$subselect
->addMetaData('base_table', 'node');
$subselect
->addTag('node_access');
// If we pass in the subselect query object then when the pager query is
// run later on the node_access alterations don't get applied to the
// subselect. So instead we pass in the array result set.
$query
->condition(db_or()
->condition('li.uid', 0, '<>')
->condition(db_and()
->condition('li.nid', 0, '<>')
->condition('n.nid', $subselect
->execute()
->fetchCol(), 'IN')));
}
return TRUE;
}