You are here

Home » API reference » OG Role Override 7.2 » og_role_override.module

function og_role_override_node_grants in OG Role Override 7.2

Implements hook_node_grants().

File

./og_role_override.module, line 55
og_role_override.module Allows Core roles to act as OG roles in specific group types.

Code

function og_role_override_node_grants($account, $op) {
  $cache =& drupal_static(__FUNCTION__, array());
  if ($op != 'view') {
    return;
  }
  if (isset($cache[$account->uid])) {
    return $cache[$account->uid];
  }
  $grants = array();

  // Work over all entity types and bundles that are groups, as that is how
  // the permissions are made up.
  $group_bundles = og_get_all_group_bundle();
  foreach ($group_bundles as $group_entity_type => $group_bundles) {
    foreach ($group_bundles as $group_bundle => $bundle_label) {

      // Get all the roles for this group type.
      $og_roles = og_roles($group_entity_type, $group_bundle);
      foreach ($og_roles as $rid => $role_name) {

        // Create the same permission string as in our hook_permission().
        $core_permission_string = "act as {$role_name} in og {$group_entity_type}:{$group_bundle}";

        // Check whether the given user has permission to act as one of these
        // group roles.
        if (user_access($core_permission_string, $account)) {

          // It only suffices for one role to be granted, since view access to
          // group content doesn't work on permissions and roles, only
          // group membership. If the user account has permission to act as any
          // role in the group type, then the user has effective membership,
          // and should be granted access here.
          // Get all the groups of this type, and grant the ids for all of them
          // in the group type realm.
          $groups = og_role_override_og_get_all_group($group_entity_type, $group_bundle);

          // The realm only includes the entity type.
          // We need to remain consistent with og_access_node_grants, though
          // this may cause problems with multiple group types across the same
          // entity type.
          // See http://drupal.org/node/1997378
          $realm = OG_ACCESS_REALM . ':' . $group_entity_type;
          foreach ($groups as $gid) {
            $grants[$realm][] = $gid;
          }

          // It only suffices for one role to be granted, since view access to
          // group content doesn't work on permissions and roles, only
          // group membership.
          break;
        }
      }
    }
  }
  $cache[$account->uid] = $grants;
  return $grants;
}