View source
<?php
function photos_access_menu() {
$items['privacy/pass/%/%node'] = array(
'title' => 'Please enter password',
'page callback' => 'photos_access_page',
'page arguments' => array(
3,
),
'access callback' => 'user_access',
'access arguments' => array(
'access content',
),
'type' => MENU_CALLBACK,
);
$items['admin/config/media/photos/privacy'] = array(
'title' => 'Privacy',
'page callback' => 'drupal_get_form',
'page arguments' => array(
'photos_access_admin_settings',
),
'access arguments' => array(
'administer nodes',
),
'type' => MENU_LOCAL_TASK,
);
$items['photos-access/user/autocomplete/multiple'] = array(
'title' => 'Multiple users autocomplete',
'page callback' => 'photos_access_multiple_users_autocomplete',
'access arguments' => array(
'access user profiles',
),
'type' => MENU_CALLBACK,
);
return $items;
}
function photos_access_admin_settings() {
$form = array();
$form['privacy'] = array(
'#type' => 'fieldset',
'#title' => t('Privacy settings'),
'#description' => t('Enabled photos access privacy settings for the following content types.'),
);
$types = node_type_get_types();
foreach ($types as $type) {
$form['privacy']['photos_access_' . $type->type] = array(
'#title' => $type->name,
'#type' => 'checkbox',
'#default_value' => variable_get('photos_access_' . $type->type, 0),
);
}
return system_settings_form($form);
}
function photos_access_multiple_users_autocomplete($string = '') {
$array = drupal_explode_tags($string);
$last_string = trim(array_pop($array));
$matches = array();
if ($last_string != '') {
$result = db_select('users')
->fields('users', array(
'name',
))
->condition('name', db_like($last_string) . '%', 'LIKE')
->range(0, 10)
->execute();
$prefix = count($array) ? implode(', ', $array) . ', ' : '';
foreach ($result as $user) {
$n = $user->name;
$matches[$prefix . $n] = $user->name;
}
}
drupal_json_output($matches);
}
function photos_access_form_alter(&$form, &$form_state, $form_id) {
global $user;
if (isset($form['type']) && isset($form['#node'])) {
$node = $form['#node'];
$nid = isset($node->nid) ? $node->nid : 0;
if (variable_get('photos_access_' . $node->type, 0)) {
$form['privacy'] = array(
'#type' => 'fieldset',
'#title' => t('Privacy'),
'#collapsible' => TRUE,
'#collapsed' => FALSE,
'#weight' => -2,
'#tree' => TRUE,
);
$form['privacy']['access_id'] = array(
'#type' => 'value',
'#value' => isset($node->privacy['access_id']) ? $node->privacy['access_id'] : 0,
);
$form['privacy']['vid'] = array(
'#type' => 'value',
'#value' => isset($node->privacy['vid']) ? $node->privacy['vid'] : 0,
);
$form['privacy']['eid'] = array(
'#type' => 'value',
'#value' => isset($node->privacy['eid']) ? $node->privacy['eid'] : 0,
);
if ($nid && !isset($_SESSION['photos_access_' . $node->nid])) {
$_SESSION['photos_access_' . $node->nid] = isset($node->privacy) ? $node->privacy : '';
}
$old = $nid && isset($_SESSION['photos_access_' . $nid]) ? $_SESSION['photos_access_' . $nid] : array();
$form['privacy']['viewid'] = array(
'#type' => 'radios',
'#title' => t('Privacy'),
'#default_value' => isset($node->privacy['viewid']) ? $node->privacy['viewid'] : 0,
'#options' => array(
t('Open'),
t('Locked'),
t('Designated users'),
t('Password required'),
),
'#prefix' => '<div id="photos_access_privacy">',
'#suffix' => '</div>',
);
$form['privacy']['pass'] = array(
'#type' => 'password',
'#title' => t('Password'),
'#default_value' => isset($node->privacy['pass']) ? $node->privacy['pass'] : '',
'#prefix' => '<div id="photos_access_password">',
'#suffix' => '</div>',
);
$userhelp = t('Separated by commas. eg: username1,username2,username3.');
$form['privacy']['viewuser'] = array(
'#type' => 'textfield',
'#title' => t('Designated users'),
'#autocomplete_path' => 'photos-access/user/autocomplete/multiple',
'#default_value' => isset($node->privacy['viewuser']) && !is_array($node->privacy['viewuser']) ? $node->privacy['viewuser'] : NULL,
'#description' => t('Add people who will have access to view this node.') . ' ' . (isset($old['viewuser']) ? t('@help At present allow users:', array(
'@help' => $userhelp,
)) . ' ' : $userhelp),
'#prefix' => '<div id="photos_access_viewuser">',
'#suffix' => '</div>',
);
if (!empty($old['viewuser'])) {
foreach ($old['viewuser'] as $u) {
$form['privacy']['viewremove'][$u->uid] = array(
'#type' => 'checkbox',
'#default_value' => isset($node->viewremove[$u->uid]) ? $node->viewremove[$u->uid] : '',
'#title' => t('Delete: !name', array(
'!name' => $u->username,
)),
'#prefix' => '<div class="photos_access_remove">',
'#suffix' => '</div>',
);
}
}
$form['privacy']['updateuser'] = array(
'#type' => 'textfield',
'#title' => t('Add collaborators'),
'#autocomplete_path' => 'photos-access/user/autocomplete/multiple',
'#default_value' => isset($node->privacy['updateuser']) && !is_array($node->privacy['updateuser']) ? $node->privacy['updateuser'] : NULL,
'#description' => t('Add people who will have the authority to edit this node.') . ' ' . (isset($old['updateuser']) ? t('@help collaboration users list:', array(
'@help' => $userhelp,
)) . ' ' : $userhelp),
);
if (!empty($old['updateuser'])) {
foreach ($old['updateuser'] as $u) {
$form['privacy']['updateremove'][$u->uid] = array(
'#type' => 'checkbox',
'#default_value' => isset($node->updateremove[$u->uid]) ? $node->updateremove[$u->uid] : '',
'#title' => t('Delete: !name', array(
'!name' => $u->username,
)),
'#prefix' => '<div class="photos_access_updateremove">',
'#suffix' => '</div>',
);
}
}
}
}
}
function _photos_access_user_validate($privacy, $oldprivacy) {
global $user;
$t = preg_split('/,|,/', $privacy);
$name = array();
if (is_array($oldprivacy)) {
foreach ($oldprivacy as $list) {
$name[] = $list->name;
}
}
$output = '';
foreach ($t as $a) {
$a = trim($a);
if ($a != $user->name) {
if (in_array($a, $name)) {
$output = t('Users already on the list: %name.', array(
'%name' => $a,
));
}
elseif (!($u = _photos_access_user(array(
'name' => $a,
)))) {
$output = t('The user does not exist: %name.', array(
'%name' => $a,
));
}
}
else {
$output = t("You do not need to add your self to this list.");
}
}
return $output;
}
function photos_access_node_validate($node, $form, &$form_state) {
$old = isset($_SESSION['photos_access_' . $node->nid]) ? $_SESSION['photos_access_' . $node->nid] : array();
if (isset($node->privacy['updateuser']) && !empty($node->privacy['updateuser'])) {
$old_check = isset($old['updateuser']) ? $old['updateuser'] : array();
if ($userdate = _photos_access_user_validate($node->privacy['updateuser'], $old_check)) {
form_set_error('privacy][updateuser', $userdate);
}
}
if (isset($node->privacy['viewid']) && $node->privacy['viewid'] == 2) {
if (isset($node->privacy['viewuser']) && !empty($node->privacy['viewuser'])) {
$old_check = isset($old['viewuser']) ? $old['viewuser'] : array();
if ($userdate = _photos_access_user_validate($node->privacy['viewuser'], $old_check)) {
form_set_error('privacy][viewuser', $userdate);
}
}
}
}
function photos_access_update_access($node) {
if (variable_get('photos_access_' . $node->type, 0)) {
if (!$node->privacy['eid']) {
if ($node->privacy['updateuser']) {
$acc['updateid'] = db_query("SELECT id FROM {photos_access_album} WHERE nid = :nid", array(
':nid' => $node->nid,
))
->fetchField();
$node->privacy['vid'] = $node->privacy['eid'] = $acc['updateid'];
if ($acc['updateid']) {
db_update('photos_access_album')
->fields(array(
'viewid' => isset($node->privacy['viewid']) ? $node->privacy['viewid'] : 0,
))
->condition('id', $acc['updateid'])
->execute();
}
else {
$acc['updateid'] = db_insert('photos_access_album')
->fields(array(
'nid' => $node->nid,
'viewid' => $node->privacy['viewid'],
))
->execute();
}
_photos_access_usersave($node->privacy['updateuser'], $acc['updateid']);
}
}
else {
$remove = FALSE;
if (isset($node->privacy['updateremove']) && !empty($node->privacy['updateremove'])) {
$remove = _photos_access_usersdel($node->privacy['updateremove'], $node->privacy['eid']);
}
if (isset($node->privacy['updateuser']) && !empty($node->privacy['updateuser'])) {
_photos_access_usersave($node->privacy['updateuser'], $node->privacy['eid']);
}
$acc['updateid'] = $node->privacy['eid'];
}
if (!$node->privacy['vid']) {
$node->privacy['vid'] = $node->privacy['eid'] = db_query("SELECT id FROM {photos_access_album} WHERE nid = :nid", array(
':nid' => $node->nid,
))
->fetchField();
}
if (!$node->privacy['vid']) {
$acc['viewid'] = db_insert('photos_access_album')
->fields(array(
'nid' => $node->nid,
'viewid' => isset($node->privacy['viewid']) ? $node->privacy['viewid'] : 0,
'pass' => isset($node->privacy['pass']) && !empty($node->privacy['pass']) ? md5($node->privacy['pass']) : 0,
))
->execute();
if ($node->privacy['viewid'] && $node->privacy['viewuser']) {
_photos_access_usersave($node->privacy['viewuser'], $acc['viewid'], FALSE);
}
}
else {
switch ($node->privacy['viewid']) {
case 0:
case 1:
db_query('UPDATE {photos_access_album} SET viewid = :viewid WHERE id = :id', array(
':viewid' => $node->privacy['viewid'],
':id' => $node->privacy['vid'],
));
_photos_access_usersdel(0, $node->privacy['vid'], 1);
break;
case 2:
db_query('UPDATE {photos_access_album} SET viewid = :viewid WHERE id = :id', array(
':viewid' => $node->privacy['viewid'],
':id' => $node->privacy['vid'],
));
if ($node->privacy['viewuser']) {
_photos_access_usersave($node->privacy['viewuser'], $node->privacy['vid'], FALSE);
}
if (isset($node->privacy['viewremove'])) {
_photos_access_usersdel($node->privacy['viewremove'], $node->privacy['vid']);
}
break;
case 3:
$old = isset($_SESSION['photos_access_' . $node->nid]) ? $_SESSION['photos_access_' . $node->nid] : array();
$old_pass = isset($old['pass']) ? $old['pass'] : '';
$pass = isset($node->privacy['pass']) && !empty($node->privacy['pass']) ? md5($node->privacy['pass']) : $old_pass;
db_query("UPDATE {photos_access_album} SET viewid = :viewid, pass = :pass WHERE id = :id", array(
':viewid' => $node->privacy['viewid'],
':pass' => $pass,
':id' => $node->privacy['vid'],
));
_photos_access_usersdel(0, $node->privacy['vid'], 1);
}
$acc['viewid'] = $node->privacy['viewid'];
$acc['vid'] = $node->privacy['vid'];
}
$_SESSION['photos_access_ac_' . $node->nid] = $acc;
unset($_SESSION['photos_access_' . $node->nid]);
}
}
function photos_access_node_insert($node) {
photos_access_update_access($node);
}
function photos_access_node_update($node) {
photos_access_update_access($node);
}
function photos_access_node_load($nodes, $types) {
foreach ($nodes as $nid => $node) {
$result = db_query('SELECT * FROM {photos_access_album} WHERE nid = :nid', array(
':nid' => $nid,
))
->fetchObject();
$info = array();
if ($result) {
$info['privacy'] = array();
$info['privacy']['access_id'] = $result->id;
$info['privacy']['vid'] = $result->id;
$info['privacy']['eid'] = $result->id;
$info['privacy']['viewid'] = $result->viewid;
if ($result->viewid == 3) {
$info['privacy']['pass'] = $result->pass;
}
$info['privacy']['updateuser'] = _photos_access_userlist($result->id, TRUE);
$info['privacy']['viewuser'] = _photos_access_userlist($result->id, FALSE);
$nodes[$nid]->privacy = $info['privacy'];
}
}
}
function photos_access_node_delete($node) {
db_query('DELETE FROM {photos_access_album} WHERE nid = :nid', array(
':nid' => $node->nid,
));
if (isset($node->privacy['vid'])) {
db_query('DELETE FROM {photos_access_user} WHERE id = :id', array(
':id' => $node->privacy['vid'],
));
}
if (isset($node->privacy['eid'])) {
db_query('DELETE FROM {photos_access_user} WHERE id = :id', array(
':id' => $node->privacy['eid'],
));
}
}
function _photos_access_usersdel($value, $id, $type = 0) {
if ($type) {
db_query('DELETE FROM {photos_access_user} WHERE id = :id AND collaborate = 0', array(
':id' => $id,
));
}
elseif (is_array($value)) {
$count = count($value);
$i = 0;
foreach ($value as $key => $remove) {
if ($remove) {
++$i;
db_query('DELETE FROM {photos_access_user} WHERE id = :id AND uid = :uid', array(
':id' => $id,
':uid' => $key,
));
}
}
if ($count == $i) {
return TRUE;
}
}
}
function _photos_access_userlist($id, $collaborate = FALSE) {
$result = db_query('SELECT u.uid, u.name FROM {users} u
INNER JOIN {photos_access_user} a ON u.uid = a.uid
WHERE a.id = :id AND a.collaborate = :collaborate', array(
':id' => $id,
':collaborate' => $collaborate ? 1 : 0,
));
$users = array();
foreach ($result as $a) {
$u = new stdClass();
$u = $a;
$u->username = theme('username', array(
'account' => $a,
));
$users[] = $u;
}
return $users;
}
function _photos_access_usersave($value, $id, $collaborate = TRUE) {
$t = preg_split('/,|,/', $value);
if ($t) {
$values = array();
foreach ($t as $a) {
$a = trim($a);
if ($u = _photos_access_user(array(
'name' => $a,
))) {
$values[] = array(
'id' => $id,
'uid' => $u->uid,
'collaborate' => $collaborate ? 1 : 0,
);
}
}
if (isset($values[0])) {
$query = db_insert('photos_access_user')
->fields(array(
'id',
'uid',
'collaborate',
));
foreach ($values as $record) {
$query
->values($record);
}
$query
->execute();
}
}
}
function photos_access_node_access_records($node) {
global $user;
if (variable_get('photos_access_' . $node->type, 0)) {
if (isset($node->privacy['vid'])) {
$acc['updateid'] = isset($node->privacy['eid']) ? $node->privacy['eid'] : 0;
$acc['viewid'] = isset($node->privacy['viewid']) ? $node->privacy['viewid'] : 0;
$acc['vid'] = $node->privacy['vid'];
}
else {
$acc = isset($_SESSION['photos_access_ac_' . $node->nid]) ? $_SESSION['photos_access_ac_' . $node->nid] : '';
}
if (isset($acc['vid']) || isset($acc['updateid'])) {
$grants[] = array(
'realm' => 'photos_access_author',
'gid' => $node->uid,
'grant_view' => 1,
'grant_update' => 1,
'grant_delete' => 1,
'priority' => 0,
);
if ($acc['viewid'] != 1) {
$photos_access_gid = 0;
if ($acc['viewid'] != 0) {
$photos_access_gid = $node->nid;
}
$grants[] = array(
'realm' => 'photos_access',
'gid' => $photos_access_gid,
'grant_view' => 1,
'grant_update' => 0,
'grant_delete' => 0,
'priority' => 0,
);
}
if (isset($acc['updateid']) && !empty($acc['updateid'])) {
$grants[] = array(
'realm' => 'photos_access_update',
'gid' => $node->nid,
'grant_view' => 1,
'grant_update' => 1,
'grant_delete' => 0,
'priority' => 0,
);
}
return $grants;
}
if (isset($_SESSION['photos_access_ac_' . $node->nid])) {
unset($_SESSION['photos_access_ac_' . $node->nid]);
}
}
}
function photos_access_photos_access() {
if (arg(0) == 'node' && is_numeric(arg(1))) {
return arg(1);
}
}
function photos_access_node_grants($ac, $op) {
$viewid = array(
0,
);
$grants['photos_access_author'] = array(
$ac->uid,
);
$result = db_query('SELECT a.*, b.* FROM {photos_access_album} a INNER JOIN {photos_access_user} b ON a.id = b.id WHERE b.uid = :uid', array(
':uid' => $ac->uid,
));
foreach ($result as $a) {
if ($a->collaborate) {
$updateid[] = $a->nid;
}
elseif ($a->viewid) {
$viewid[] = $a->nid;
}
}
$args = module_invoke_all('photos_access');
if (is_array($args)) {
foreach ($args as $arg) {
$result = db_query('SELECT id, nid, viewid, pass FROM {photos_access_album} WHERE nid = :nid', array(
':nid' => $arg,
));
foreach ($result as $a) {
if ($a->viewid == 3 && isset($_SESSION[$a->nid . '_' . session_id()]) && $_SESSION[$a->nid . '_' . session_id()] == $a->pass) {
$viewid[] = $a->nid;
}
}
}
}
switch ($op) {
case 'view':
$grants['photos_access'] = $viewid;
if (isset($updateid[0])) {
$grants['photos_access_update'] = $updateid;
}
break;
case 'update':
if (isset($updateid[0])) {
$grants['photos_access_update'] = $updateid;
}
break;
}
return $grants;
}
function photos_access_page($node) {
if ($node) {
$output = drupal_get_form('photos_access_pass_form', $node);
return $output;
}
else {
drupal_not_found();
}
}
function photos_access_pass_form($form, &$form_state, $node) {
$form = array();
$form['pass'] = array(
'#type' => 'password',
'#title' => t('Please enter password'),
);
$form['nid'] = array(
'#type' => 'value',
'#value' => $node->nid,
);
$form['submit'] = array(
'#type' => 'submit',
'#value' => t('Submit'),
);
$form['#validate'][] = 'photos_access_pass_form_validate';
return $form;
}
function photos_access_pass_form_validate($form, &$form_state) {
global $user;
$node = db_query("SELECT pass, nid FROM {photos_access_album} WHERE nid = :nid AND pass = :pass", array(
':nid' => $form_state['values']['nid'],
':pass' => md5($form_state['values']['pass']),
))
->fetchObject();
if (isset($node->pass)) {
$_SESSION[$node->nid . '_' . session_id()] = $node->pass;
drupal_goto('node/' . $node->nid);
}
else {
form_set_error('pass', t('Password required'));
}
}
function photos_access_init() {
global $user;
drupal_add_css(drupal_get_path('module', 'photos_access') . '/photos_access.css');
drupal_add_js(drupal_get_path('module', 'photos_access') . '/photos_access.js');
$args = module_invoke_all('photos_access');
if (is_array($args)) {
foreach ($args as $arg) {
if ($arg) {
$t = _photos_access_pass_type(arg(1));
if (isset($t['view'])) {
if ($t['view']->viewid == 3) {
photos_access_pass_validate($t);
}
}
}
}
}
}
function _photos_access_pass_type($id, $op = 0) {
if ($op) {
$result = db_query('SELECT a.*, au.collaborate, n.uid, n.type, n.status FROM {photos_access_album} a
INNER JOIN {node} n ON a.nid = n.nid INNER JOIN {photos_image} p ON a.nid = p.pid
LEFT JOIN {photos_access_user} au ON a.id = au.id WHERE p.fid = :id', array(
':id' => $id,
));
}
else {
$result = db_query('SELECT a.*, au.collaborate, n.uid, n.type, n.status FROM {photos_access_album} a
INNER JOIN {node} n ON a.nid = n.nid LEFT JOIN {photos_access_user} au ON a.id = au.id WHERE a.nid = :id', array(
':id' => $id,
));
}
$t = array();
foreach ($result as $ac) {
if ($ac->viewid == 3) {
$t['view'] = $ac;
}
elseif ($ac->collaborate && $ac->pass) {
$t['update'] = $ac;
}
else {
$t['node'] = $ac;
}
}
return $t;
}
function photos_access_pass_validate($t) {
global $user;
if ($user->uid == 1 || isset($t['view']->uid) && $t['view']->uid == $user->uid) {
return TRUE;
}
if (isset($t['update']->pass)) {
$result = db_query('SELECT uid FROM {photos_access_user} WHERE id = :id', array(
':id' => $t['update']->id,
));
foreach ($result as $a) {
if ($a->uid == $user->uid) {
return TRUE;
}
}
}
if ($t['view']->nid) {
if (isset($_SESSION[$t['view']->nid . '_' . session_id()])) {
if ($_SESSION[$t['view']->nid . '_' . session_id()] == $t['view']->pass) {
return TRUE;
}
drupal_set_message(t('Password has expired.'));
drupal_goto('privacy/pass/' . $t['view']->type . '/' . $t['view']->nid, array(
'query' => array(
'destination' => $_GET['q'],
),
));
}
else {
drupal_set_message(t('Password required.'));
drupal_goto('privacy/pass/' . $t['view']->type . '/' . $t['view']->nid, array(
'query' => array(
'destination' => $_GET['q'],
),
));
}
}
}
function _photos_access_user($u) {
if (isset($u['name'])) {
$ac = db_query("SELECT uid, name FROM {users} WHERE name = :name", array(
':name' => $u['name'],
))
->fetchObject();
}
elseif (isset($u['uid'])) {
$ac = db_query('SELECT uid, name FROM {users} WHERE uid = :uid', array(
':uid' => $u['uid'],
))
->fetchObject();
}
if (isset($ac->uid)) {
return $ac;
}
}
function _photos_access_album_views_options() {
return array(
0 => t('Open'),
1 => t('Locked'),
2 => t('Designated users'),
3 => t('Password required'),
);
}
function photos_access_views_data() {
$data = array();
$data['photos_access_album'] = array();
$data['photos_access_album']['table'] = array();
$data['photos_access_album']['table']['group'] = t('Album Photo Access');
$data['photos_access_album']['table']['join'] = array(
'photos_album' => array(
'left_field' => 'pid',
'field' => 'nid',
'type' => 'INNER',
),
);
$data['photos_access_album']['viewid'] = array(
'title' => t('Access Type'),
'help' => t('This albums Access type.'),
'field' => array(
'handler' => 'views_handler_field_numeric',
'click sortable' => TRUE,
),
'filter' => array(
'handler' => 'views_handler_filter_in_operator',
'options callback' => '_photos_access_album_views_options',
),
'sort' => array(
'handler' => 'views_handler_sort',
),
'relationship' => array(
'base' => 'photos_album',
'base field' => 'pid',
'handler' => 'views_handler_relationship',
'label' => t('Access Type'),
'title' => t('The Access Type associated with this album.'),
'help' => t('Access to the Access Type associated with this album.'),
),
);
return $data;
}
