You are here

merci_permissions.module in MERCI (Manage Equipment Reservations, Checkout and Inventory) 6

Provides functions for resetting permissions on the permission page.

File

modules/merci_permissions/merci_permissions.module
View source
<?php

/**
 * @file
 * Provides functions for resetting permissions on the permission page.
 */
function merci_permissions_menu() {

  // Administration settings.
  $items['admin/settings/merci/permissions'] = array(
    'title' => 'MERCI Permissions',
    'page callback' => 'drupal_get_form',
    'page arguments' => array(
      'merci_permissions_form',
    ),
    'access callback' => 'user_access',
    'access arguments' => array(
      'administer MERCI',
    ),
    'description' => t('Configure reservation permissions for MERCI.'),
  );
  return $items;
}

/**
 * Implementation of hook_theme().
 */
function merci_permissions_theme() {
  return array(
    'merci_permissions_form' => array(
      'arguments' => array(
        'form' => NULL,
      ),
    ),
  );
}
function theme_merci_permissions_form($form) {
  $roles = user_roles();
  foreach (element_children($form['permission']) as $key) {

    // Don't take form control structures
    if (is_array($form['permission'][$key])) {
      $row = array();

      // Module name
      if (is_numeric($key)) {
        $row[] = array(
          'data' => t('@module', array(
            '@module' => drupal_render($form['permission'][$key]),
          )),
          'class' => 'module',
          'id' => 'module-' . $form['permission'][$key]['#value'],
          'colspan' => count($form['role_names']) + 1,
        );
      }
      else {
        $row[] = array(
          'data' => drupal_render($form['permission'][$key]),
          'class' => 'permission',
        );
        foreach (element_children($form['checkboxes']) as $rid) {
          if (is_array($form['checkboxes'][$rid])) {
            $row[] = array(
              'data' => drupal_render($form['checkboxes'][$rid][$key]),
              'class' => 'checkbox',
              'title' => $roles[$rid] . ' : ' . t($key),
            );
          }
        }
      }
      $rows[] = $row;
    }
  }
  $header[] = t('');
  foreach (element_children($form['role_names']) as $rid) {
    if (is_array($form['role_names'][$rid])) {
      $header[] = array(
        'data' => drupal_render($form['role_names'][$rid]),
        'class' => 'checkbox',
      );
    }
  }
  $output = theme('table', $header, $rows, array(
    'id' => 'permissions',
  ));
  $output .= drupal_render($form);
  return $output;
}
function merci_permissions_form_alter(&$form, $form_state, $form_id) {
  return;
  if ($form_id == 'user_admin_perm') {

    // Have to build checkboxes here after checkbox arrays are built
    $merci_types = merci_permissions_load_merci_type_settings();
    $perms = array();
    foreach ($merci_types as $key => $value) {
      $perms[] = "delete own {$key} content";
      $perms[] = "delete any {$key} content";
      $perms[] = "edit own {$key} content";
      $perms[] = "edit any {$key} content";
    }
    foreach (element_children($form['checkboxes']) as $rid) {
      if (is_array($form['checkboxes'][$rid])) {
        $options = array();
        foreach ($form['checkboxes'][$rid]['#options'] as $option => $value) {
          if (!in_array($option, $perms)) {
            $options[$option] = '';
          }
        }
        $form['checkboxes'][$rid]['#options'] = $options;
        $defaults = array();
        foreach ($form['checkboxes'][$rid]['#default_value'] as $default) {
          if (!in_array($default, $perms)) {
            $defaults[] = $default;
          }
        }
        $form['checkboxes'][$rid]['#default_value'] = $defaults;
      }
    }
    $new_perms = array();
    $new_perms[0] = $form['permission'][0];
    foreach ($form['permission'] as $key => $value) {
      if (!in_array($key, $perms)) {
        $new_perms[$key] = $form['permission'][$key];
      }
    }
    $form['permission'] = $new_perms;
    merci_permissions_add_form($form);
  }
}
function merci_permissions_add_form(&$form) {
  $role_names = user_roles();
  $result = db_query('SELECT r.rid, p.perm FROM {role} r LEFT JOIN {permission} p ON r.rid = p.rid ORDER BY name');

  // Compile role array:
  // Add a comma at the end so when searching for a permission, we can
  // always search for "$perm," to make sure we do not confuse
  // permissions that are substrings of each other.
  while ($role = db_fetch_object($result)) {
    $role_permissions[$role->rid] = $role->perm . ',';
  }
  $merci_types = merci_permissions_load_merci_type_settings();
  $options = array();
  $admin = array();
  $form['permission'][] = array(
    '#value' => t("General Permissions"),
  );
  $form['permission']['admin all reservations'] = array(
    '#value' => t('Admin all reservations'),
  );
  $options['admin all reservations'] = '';
  $merci_perms = merci_perm();
  foreach ($merci_perms as $perm) {
    $options[$perm] = '';
    $form['permission'][$perm] = array(
      '#value' => t($perm),
    );
    foreach ($role_names as $rid => $name) {

      // Builds arrays for checked boxes for each role
      if (strpos($role_permissions[$rid], $perm . ',') !== FALSE) {
        $status[$rid][] = $perm;
      }
    }
  }
  $form['permission'][] = array(
    '#value' => "Bucket and Resource Permissions",
  );
  foreach ($merci_types as $type => $name) {
    $perm = "reserve {$type}";
    $options[$perm] = '';
    $form['permission'][$perm] = array(
      '#value' => t($name),
    );
    foreach ($role_names as $rid => $name) {

      // Builds arrays for checked boxes for each role
      if (strpos($role_permissions[$rid], 'delete own ' . $type . ' content,') !== FALSE && strpos($role_permissions[$rid], 'edit own ' . $type . ' content,') !== FALSE) {
        $status[$rid][] = $perm;
      }
      if (strpos($role_permissions[$rid], 'delete any ' . $type . ' content,') !== FALSE && strpos($role_permissions[$rid], 'edit any ' . $type . ' content,') !== FALSE) {
        if (!strstr($admin[$rid], 'false')) {
          $admin[$rid] = 'true';
        }
      }
      else {
        $admin[$rid] = 'false';
      }
    }
  }
  foreach ($role_names as $rid => $name) {
    if (strstr($admin[$rid], 'true')) {
      $status[$rid][] = 'admin all reservations';
    }
  }

  // Have to build checkboxes here after checkbox arrays are built
  foreach ($role_names as $rid => $name) {
    $form['checkboxes'][$rid] = array(
      '#type' => 'checkboxes',
      '#options' => $options,
      '#default_value' => isset($status[$rid]) ? $status[$rid] : array(),
    );
    $form['role_names'][$rid] = array(
      '#value' => $name,
      '#tree' => TRUE,
    );
  }
  $form['buttons']['submit'] = array(
    '#type' => 'submit',
    '#value' => t('Save Permissions'),
  );
  $form['#submit'][] = 'merci_permissions_settings_form_submit';
}
function merci_permissions_form() {
  $form = array();
  merci_permissions_add_form($form);
  return $form;
}
function merci_permissions_load_merci_type_settings() {
  $result = db_query("SELECT nt.type,nt.name FROM {node_type} nt INNER JOIN {merci_node_type} m ON nt.type = m.type WHERE m.type_setting != 'disabled'");
  $merci_types = array();
  while ($merci_type = db_fetch_object($result)) {
    $merci_types[$merci_type->type] = $merci_type->name;
  }
  return $merci_types;
}
function merci_permissions_settings_form_submit($form, &$form_state) {
  $result = db_query('SELECT * FROM {role}');
  $merci_types = merci_permissions_load_merci_type_settings();
  $merci_perms = merci_perm();
  while ($role = db_fetch_object($result)) {
    if (isset($form_state['values'][$role->rid])) {
      $add_perms = array();
      $revoke_perms = array();
      foreach ($form_state['values'][$role->rid] as $key => $value) {
        list($cruft, $type) = split(' ', $key);
        $perms = array();
        if (array_key_exists($type, $merci_types)) {
          $perms[] = "edit own {$type} content";
          $perms[] = "delete own {$type} content";
          if ($value) {
            $add_perms = array_merge($perms, $add_perms);
          }
          else {
            $revoke_perms = array_merge($perms, $revoke_perms);
          }
        }
        else {
          if (strstr('admin all reservations', $key)) {
            foreach ($merci_types as $type => $name) {
              $perms[] = "edit own {$type} content";
              $perms[] = "delete own {$type} content";
              $perms[] = "delete any {$type} content";
              $perms[] = "edit any {$type} content";
            }
            if ($value) {
              $add_perms = array_merge($perms, $add_perms);
            }
            else {
              $revoke_perms = array_merge($perms, $revoke_perms);
            }
          }
          else {
            if (in_array($key, $merci_perms)) {
              if ($value) {
                $add_perms[] = $key;
              }
              else {
                $revoke_perms[] = $key;
              }
            }
          }
        }
      }
      merci_permissions_revoke_permissions($role->name, $revoke_perms);
      merci_permissions_grant_permissions($role->name, $add_perms);
    }
  }
}

/**
 * Helper function to grant permissions to a role.
 */
function merci_permissions_grant_permissions($role_name, $new_permissions) {
  $permissions = array();
  $updated_permissions = '';
  $role = merci_permissions_get_role($role_name);
  if (count($new_permissions) > 0) {

    // Fetch the permissions string for the given role id
    $permissions = merci_permissions_get_permissions_for_role($role->name);

    // Check to see if there are existing permissions
    if (count($permissions) > 0) {

      // Add the new permissions if the role doesn't already have the permission
      foreach ($new_permissions as $permission) {
        if (!in_array($permission, $permissions)) {
          $permissions[] = trim($permission);
        }
      }

      // rebuild the permission string
      $updated_permissions = join(', ', $permissions);
      db_query("UPDATE {permission} SET perm = '%s' WHERE rid = %d", $updated_permissions, $role->rid);
    }
    else {

      // No permissions have been set for this role, so we need to insert some
      foreach ($new_permissions as $permission) {
        $permissions[] = trim($permission);
      }

      // rebuild the permission string
      $updated_permissions = join(', ', $permissions);
      db_query("INSERT INTO {permission} (rid, perm, tid) VALUES(%d,'%s',%d)", $role->rid, $updated_permissions, 0);
    }
  }
  return;
}

/**
 * Helper function to revoke permissions from a role.
 */
function merci_permissions_revoke_permissions($role_name, $new_permissions) {
  $permissions = array();
  $updated_permissions = '';
  $role = merci_permissions_get_role($role_name);
  if (is_array($new_permissions)) {
    $new_perms = array();
    $permissions = merci_permissions_get_permissions_for_role($role->name);
    foreach ($permissions as $perm) {
      if (!in_array($perm, $new_permissions)) {
        $new_perms[] = $perm;
      }
    }

    // rebuild the permission string
    $updated_permissions = join(', ', $new_perms);
    db_query("UPDATE {permission} SET perm = '%s' WHERE rid = %d", $updated_permissions, $role->rid);
  }
  return;
}

/**
 * returns an array of permissions for a given role
 */
function merci_permissions_get_permissions_for_role($role_name) {
  $role = merci_permissions_get_role($role_name);
  $permissions = array();
  if ($role->rid > 0) {
    $perm_string = db_result(db_query("SELECT perm FROM {permission} WHERE rid = %d", $role->rid));
    if (strlen($perm_string) > 0) {
      $permissions = explode(',', $perm_string);
      foreach ($permissions as $index => $perm) {
        $permissions[$index] = trim($perm);
      }
    }
  }
  return $permissions;
}

/**
 * lookup the role by name
 */
function merci_permissions_get_role($name) {
  $role = db_fetch_object(db_query("SELECT * FROM {role} r WHERE r.name = '%s'", $name));
  return $role;
}

Functions

Namesort descending Description
merci_permissions_add_form
merci_permissions_form
merci_permissions_form_alter
merci_permissions_get_permissions_for_role returns an array of permissions for a given role
merci_permissions_get_role lookup the role by name
merci_permissions_grant_permissions Helper function to grant permissions to a role.
merci_permissions_load_merci_type_settings
merci_permissions_menu @file Provides functions for resetting permissions on the permission page.
merci_permissions_revoke_permissions Helper function to revoke permissions from a role.
merci_permissions_settings_form_submit
merci_permissions_theme Implementation of hook_theme().
theme_merci_permissions_form