function oa_core_node_grants in Open Atrium Core 7.2
Implements hook_node_grants(). Define node access grant realm for Open Atrium sections
3 string references to 'oa_core_node_grants'
- oa_core_node_insert in includes/
oa_core.cache.inc - Implements hook_node_insert().
- oa_core_og_membership_insert in includes/
oa_core.access.inc - Implements hook_og_membership_insert().
- oa_core_update_access_records in includes/
oa_core.access.inc - Update the node_access_records of the given nodes.
File
- includes/
oa_core.access.inc, line 69 - Code for Access Control functions for OpenAtrium spaces
Code
function oa_core_node_grants($account, $op) {
$cache =& drupal_static('oa_core_node_grants', array());
if ($op != 'view' || !$account->uid) {
return array();
}
if (isset($cache[$account->uid])) {
return $cache[$account->uid];
}
// Handle unpublished content permissions
if (user_access('view own unpublished content') && $account->uid) {
$grants[OA_UNPUBLISHED_REALM] = array(
$account->uid,
);
}
// Combine the spaces the user is part of with public spaces.
$member_spaces = oa_core_get_groups_by_user($account, 'node');
$spaces = array_merge($member_spaces, oa_core_get_public_spaces(array(
OA_SPACE_TYPE => OA_SPACE_TYPE,
), NULL, FALSE, FALSE));
if (!empty($spaces)) {
$query = db_select('node', 'n');
// Join the og table to filter by spaces.
$query
->join('og_membership', 'og', "n.nid = og.etid AND og.entity_type = 'node' AND og.field_name = '" . OA_SPACE_FIELD . "'");
$query
->condition('og.gid', $spaces, 'IN');
// we join with the Groups, Teams, Users fields
$query
->fields('n', array(
'nid',
));
$query
->condition('n.type', OA_SECTION_TYPE);
// Create an or condition that finds if section is allowed.
$db_or = db_or();
// Allow author of section.
$db_or
->condition('n.uid', $account->uid, '=');
// If user is specified in user ref column.
$query
->leftJoin('field_data_field_oa_user_ref', 'u', "n.nid = u.entity_id AND u.entity_type = 'node'");
$db_or
->condition('u.field_oa_user_ref_target_id', $account->uid, '=');
// If one of the groups are included.
if ($member_spaces) {
$query
->leftJoin('field_data_field_oa_group_ref', 'o', "n.nid = o.entity_id AND o.entity_type = 'node'");
$db_or
->condition('o.field_oa_group_ref_target_id', $member_spaces, 'IN');
}
// If one of the teams are included.
$query
->leftJoin('field_data_field_oa_team_ref', 't', "n.nid = t.entity_id AND t.entity_type = 'node'");
$query
->leftJoin('node', 'tn', "tn.nid = t.field_oa_team_ref_target_id");
// Add creater of team.
$db_or
->condition('tn.uid', $account->uid, '=');
$query
->leftJoin('field_data_field_oa_team_users', 'tu', "t.field_oa_team_ref_target_id = tu.entity_id AND tu.entity_type = 'node' AND tu.deleted=0");
// If user is part of team.
$db_or
->condition('tu.field_oa_team_users_target_id', $account->uid, '=');
// Add or to query.
$query
->condition($db_or);
// Set grants to nids, which should be only valid ones.
$grants[OA_ACCESS_REALM] = $query
->execute()
->fetchCol(0);
}
$cache[$account->uid] = !empty($grants) ? $grants : array();
return $cache[$account->uid];
}