You are here

Home » API reference » Organic groups 7.2 » og_access.module

function og_access_node_access_records in Organic groups 7.2

Same name and namespace in other branches
  1. 5.8 og_access.module \og_access_node_access_records()
  2. 5 og_access.module \og_access_node_access_records()
  3. 5.3 og_access.module \og_access_node_access_records()
  4. 5.7 og_access.module \og_access_node_access_records()
  5. 6.2 modules/og_access/og_access.module \og_access_node_access_records()
  6. 6 modules/og_access/og_access.module \og_access_node_access_records()
  7. 7 og_access/og_access.module \og_access_node_access_records()

Implements hook_node_access_records().

File

og_access/og_access.module, line 69
Enable access control for private and public groups and group content.

Code

function og_access_node_access_records($node) {
  if (empty($node->status)) {

    // Node is unpublished, so we don't allow every group member to see
    // it.
    return array();
  }

  // The group IDs, that in case access is granted, will be recorded.
  $gids = array();
  $wrapper = entity_metadata_wrapper('node', $node);

  // Verify that a group content with visibility field can't create when there
  // isn't an OG access field attached to the group entity.
  if (!empty($wrapper->{OG_CONTENT_ACCESS_FIELD}) && $wrapper->{OG_CONTENT_ACCESS_FIELD}
    ->value() == OG_CONTENT_ACCESS_DEFAULT) {
    _og_access_verify_access_field_existence($node);
  }
  if (!empty($wrapper->{OG_ACCESS_FIELD}) && $wrapper->{OG_ACCESS_FIELD}
    ->value() && og_is_group('node', $node)) {

    // Private group.
    $gids['node'][] = $node->nid;
  }

  // If there is no content access field on the group content, we assume
  // that the group defaults are needed.
  // This allows us not to have the content access field on the group
  // content but still have access control.
  $content_access = !empty($wrapper->{OG_CONTENT_ACCESS_FIELD}) ? $wrapper->{OG_CONTENT_ACCESS_FIELD}
    ->value() : OG_CONTENT_ACCESS_DEFAULT;
  switch ($content_access) {
    case OG_CONTENT_ACCESS_DEFAULT:
      if (!($entity_groups = og_get_entity_groups('node', $node))) {
        break;
      }
      $has_private = FALSE;
      foreach ($entity_groups as $group_type => $values) {
        entity_load($group_type, $values);
        foreach ($values as $gid) {
          $list_gids[$group_type][] = $gid;
          if ($has_private) {

            // We already know we have a private group, so we can avoid
            // re-checking it.
            continue;
          }
          $group_wrapper = entity_metadata_wrapper($group_type, $gid);
          if (!empty($group_wrapper->{OG_ACCESS_FIELD}) && $group_wrapper->{OG_ACCESS_FIELD}
            ->value()) {
            $has_private = TRUE;
          }
        }
      }
      if ($has_private) {
        $gids = array_merge_recursive($gids, $list_gids);
      }
      break;
    case OG_CONTENT_ACCESS_PUBLIC:

      // Do nothing.
      break;
    case OG_CONTENT_ACCESS_PRIVATE:
      $gids = array_merge_recursive($gids, og_get_entity_groups('node', $node));
      break;
  }
  foreach ($gids as $group_type => $values) {
    foreach ($values as $gid) {
      $grants[] = array(
        'realm' => OG_ACCESS_REALM . ':' . $group_type,
        'gid' => $gid,
        'grant_view' => 1,
        'grant_update' => 0,
        'grant_delete' => 0,
        'priority' => 0,
      );
    }
  }
  return !empty($grants) ? $grants : array();
}