You are here

Home » API reference » Open Atrium Core 7.2 » oa_core.access.inc

function oa_core_node_grants in Open Atrium Core 7.2

Implements hook_node_grants(). Define node access grant realm for Open Atrium sections

3 string references to 'oa_core_node_grants'
oa_core_node_insert in includes/oa_core.cache.inc
Implements hook_node_insert().
oa_core_og_membership_insert in includes/oa_core.access.inc
Implements hook_og_membership_insert().
oa_core_update_access_records in includes/oa_core.access.inc
Update the node_access_records of the given nodes.

File

includes/oa_core.access.inc, line 69
Code for Access Control functions for OpenAtrium spaces

Code

function oa_core_node_grants($account, $op) {
  $cache =& drupal_static('oa_core_node_grants', array());
  if ($op != 'view' || !$account->uid) {
    return array();
  }
  if (isset($cache[$account->uid])) {
    return $cache[$account->uid];
  }

  // Handle unpublished content permissions
  if (user_access('view own unpublished content') && $account->uid) {
    $grants[OA_UNPUBLISHED_REALM] = array(
      $account->uid,
    );
  }

  // Combine the spaces the user is part of with public spaces.
  $member_spaces = oa_core_get_groups_by_user($account, 'node');
  $spaces = array_merge($member_spaces, oa_core_get_public_spaces(array(
    OA_SPACE_TYPE => OA_SPACE_TYPE,
  ), NULL, FALSE, FALSE));
  if (!empty($spaces)) {
    $query = db_select('node', 'n');

    // Join the og table to filter by spaces.
    $query
      ->join('og_membership', 'og', "n.nid = og.etid AND og.entity_type = 'node' AND og.field_name = '" . OA_SPACE_FIELD . "'");
    $query
      ->condition('og.gid', $spaces, 'IN');

    // we join with the Groups, Teams, Users fields
    $query
      ->fields('n', array(
      'nid',
    ));
    $query
      ->condition('n.type', OA_SECTION_TYPE);

    // Create an or condition that finds if section is allowed.
    $db_or = db_or();

    // Allow author of section.
    $db_or
      ->condition('n.uid', $account->uid, '=');

    // If user is specified in user ref column.
    $query
      ->leftJoin('field_data_field_oa_user_ref', 'u', "n.nid = u.entity_id AND u.entity_type = 'node'");
    $db_or
      ->condition('u.field_oa_user_ref_target_id', $account->uid, '=');

    // If one of the groups are included.
    if ($member_spaces) {
      $query
        ->leftJoin('field_data_field_oa_group_ref', 'o', "n.nid = o.entity_id AND o.entity_type = 'node'");
      $db_or
        ->condition('o.field_oa_group_ref_target_id', $member_spaces, 'IN');
    }

    // If one of the teams are included.
    $query
      ->leftJoin('field_data_field_oa_team_ref', 't', "n.nid = t.entity_id AND t.entity_type = 'node'");
    $query
      ->leftJoin('node', 'tn', "tn.nid = t.field_oa_team_ref_target_id");

    // Add creater of team.
    $db_or
      ->condition('tn.uid', $account->uid, '=');
    $query
      ->leftJoin('field_data_field_oa_team_users', 'tu', "t.field_oa_team_ref_target_id = tu.entity_id AND tu.entity_type = 'node' AND tu.deleted=0");

    // If user is part of team.
    $db_or
      ->condition('tu.field_oa_team_users_target_id', $account->uid, '=');

    // Add or to query.
    $query
      ->condition($db_or);

    // Set grants to nids, which should be only valid ones.
    $grants[OA_ACCESS_REALM] = $query
      ->execute()
      ->fetchCol(0);
  }
  $cache[$account->uid] = !empty($grants) ? $grants : array();
  return $cache[$account->uid];
}