You are here

Home » API reference » OG Role Override 7.2 » og_role_override.module

function og_role_override_node_access in OG Role Override 7.2

Implements hook_node_access().

og_node_access() takes care of denying access, so we just have to grant it if the user has the permission to act in the group.

File

./og_role_override.module, line 120
og_role_override.module Allows Core roles to act as OG roles in specific group types.

Code

function og_role_override_node_access($node, $op, $account) {
  $type = is_string($node) ? $node : (is_array($node) ? $node['type'] : $node->type);
  $entity_info = entity_get_info();

  // 'create' permission.
  if ($op == 'create' && og_is_group_content_type('node', $type)) {

    // Save some legwork if the user has the core permission.
    if (user_access("create {$type} content", $account)) {

      // We just ignore: core access will take care of it.
      return NODE_ACCESS_IGNORE;
    }

    // Get all the OG role IDs that have permission to create a node of this
    // type. This will be across all group types, but this means we only query
    // the database once.
    $og_permission_string = "create {$type} content";

    // Fetch these keyed so we can intersect with the roles array further on.
    $og_role_rids_may_create = db_query("SELECT rid FROM {og_role_permission} WHERE permission = (:permission)", array(
      ':permission' => "create {$type} content",
    ))
      ->fetchAllKeyed(0, 0);
    foreach (og_get_group_audience_fields('node', $type) as $field_name => $label) {
      $field = field_info_field($field_name);
      $group_entity_type = $field['settings']['target_type'];
      if ($field['settings']['handler_settings']['target_bundles']) {
        $group_bundles = $field['settings']['handler_settings']['target_bundles'];
      }
      else {

        // If the field does not have target bundles set, it means all apply.
        $group_bundles = array_keys($entity_info[$group_entity_type]['bundles']);
      }

      // Act over all the group bundles.
      foreach ($group_bundles as $group_bundle) {

        // Get all the roles for this group type.
        $og_roles_group = og_roles($group_entity_type, $group_bundle);

        // Intersect with the role rids that may create nodes of this type, to
        // find the roles within this group that may do so.
        // This now gets us an array keyed by rid, where values are role names.
        $og_roles_group_may_create = array_intersect_key($og_roles_group, $og_role_rids_may_create);

        // Check all the roles for the core permission.
        foreach ($og_roles_group_may_create as $og_rid => $og_role_name) {

          // Create the same permission string as in our hook_permission().
          $core_permission_string = "act as {$og_role_name} in og {$group_entity_type}:{$group_bundle}";
          if (user_access($core_permission_string, $account)) {

            // It suffices to check for one role which has access to create
            // the node type.
            return NODE_ACCESS_ALLOW;
          }
        }
      }
    }
  }

  // 'update' and 'delete' permissions go via OG permissions, and hence are
  // covered by og_role_override_og_user_access_alter().
}