You are here

function _module_grants_by_module in Module Grants 6.4

Same name and namespace in other branches
  1. 6.3 module_grants.module \_module_grants_by_module()

Return a map, keyed by module name, of SQL clauses representing the grants associated with the module, as returned by that module's hook_node_grants().

Parameters

$node_op: The operation, i.e 'view', 'update' or 'delete'

$account: User account object

$nid: Optional. If passed in, only modules with at least one row in the node_acces table for the supplied nid are included (lenient interpretation of absence of node grants). If not passed in, then all modules implementing hook_node_grants() will be included (strict).

Return value

An array of module grants SQL, keyed by module name

2 calls to _module_grants_by_module()
module_grants_node_access in ./module_grants.module
Similar to node_access() in node.module but ANDs rather than ORs grants together on a per module base to create more natural behaviour. Also makes sure that published and unpublished content are treated in the same way, i.e. that grants are checked in…
_module_grants_node_access_where_sql in ./module_grants.module
Generate an SQL where clause for use in fetching a node listing.

File

./module_grants.module, line 474
Module to apply access grants to pre-published content just as they are to published content and to make multiple content access modules work together in the expected way.

Code

function _module_grants_by_module($node_op, $account, $nid = NULL) {
  $hook = 'node_grants';
  $all_grants = array();
  foreach (module_implements($hook) as $module) {
    $module_grants = module_invoke($module, $hook, $account, $node_op);
    if (!empty($module_grants)) {

      // If a nid has been passed in, don't collect the grants for this module
      // unless it has at least one row in the node_access table for this nid.
      if ($nid) {
        $count = db_result(db_query("SELECT COUNT(*) FROM {node_access} WHERE nid=%d AND realm IN ('" . implode("','", array_keys($module_grants)) . "')", $nid));
        if ($count == 0 && $module != 'domain') {

          // #564318
          // Module doesn't have a node_access row for this node, so continue
          // to next module.
          continue;
        }
      }
      $module_gids = array();
      foreach ($module_grants as $realm => $gids) {
        foreach ($gids as $key => $gid) {
          if (is_numeric($gid)) {

            // skip $gid=='domain' etc, see [#675596]
            $module_gids[] = "(gid={$gid} AND realm='{$realm}')";
          }
        }
      }

      // #564318 Domain Access has special case with a global cross-domain grant
      if ($module == 'domain' && $nid) {
        $module_gids[] = "(nid={$nid} AND gid=0 AND realm='domain_site')";
      }

      // Within a module OR the gid/realm combinations together
      if (!empty($module_gids)) {
        $all_grants[$module] = implode(' OR ', $module_gids);
      }
    }
  }
  return $all_grants;
}