pmpapi_permissions.module in Public Media Platform API Integration 7

<?php

/**
 * Implements hook_permission().
 */
function pmpapi_permissions_permission() {
  return array(
    'apply PMP permissions' => array(
      'title' => t('Apply PMP API permissions'),
      'description' => t('Apply PMP API permissions to pushed entities.'),
    ),
  );
}

/**
 * Fetches all PMP groups and creates an array (which can be used as a list of
 * options in a form).
 *
 * @return array
 *   A list of groups, where group guid is the index and group title is the
 *   value.
 */
function pmpapi_permissions_get_group_options() {
  $options = array();
  $options[0] = t('All PMP users');
  $user_id = variable_get('pmpapi_user_id');
  $options[$user_id] = t('Only this user (private)');
  foreach (pmpapi_fetch_groups() as $group) {
    $options[$group->attributes->guid] = $group->attributes->title;
  }
  return $options;
}

/**
 * Implements hook_form_FORM_ID_alter() for node_type_form().
 */
function pmpapi_permissions_form_node_type_form_alter(&$form, &$form_state) {

  // find entity_type, bundle name and if mapped profile exists
  $entity_type = 'node';
  $bundle_name = $form['#node_type']->type;
  $uname = $entity_type . '__' . $bundle_name;
  if (variable_get('pmpapi_push_' . $uname . '_profile')) {
    $form['pmpapi_permissions'] = array(
      '#type' => 'fieldset',
      '#title' => t('PMP API permission settings'),
      '#collapsible' => TRUE,
      '#group' => 'additional_settings',
    );

    // Element names below are a little strange because node_type_form_submit()
    // will append "_NODE_TYPE" to the name and then variable_set() it
    $form['pmpapi_permissions']['pmpapi_permissions_default_group_node_'] = array(
      '#title' => t('Which PMP users can access these nodes (via the PMP API)?'),
      '#type' => 'select',
      '#multiple' => FALSE,
      '#default_value' => variable_get('pmpapi_permissions_default_group_' . $uname, 0),
      '#required' => TRUE,
      '#options' => pmpapi_permissions_get_group_options(),
      '#disabled' => !user_access('administer content types'),
    );
  }
}

/**
 * Implements hook_form_FORM_ID_alter() for file_entity_file_type_form().
 */
function pmpapi_permissions_form_file_entity_file_type_form_alter(&$form, &$form_state, $type) {

  // find entity_type, bundle name and if mapped profile exists
  $entity_type = 'file';
  $bundle_name = $form['#file_type']->type;
  $uname = $entity_type . '__' . $bundle_name;
  if (variable_get('pmpapi_push_' . $uname . '_profile')) {
    $form['pmpapi_permissions'] = array(
      '#type' => 'fieldset',
      '#title' => t('PMP API permission settings'),
      '#collapsible' => TRUE,
      '#collapsed' => TRUE,
    );
    $form['pmpapi_permissions']['pmpapi_permissions_default_group'] = array(
      '#title' => t('Which PMP users can access these files (via the PMP API)?'),
      '#type' => 'select',
      '#multiple' => FALSE,
      '#default_value' => variable_get('pmpapi_permissions_default_group_' . $uname, 0),
      '#required' => TRUE,
      '#options' => pmpapi_permissions_get_group_options(),
      '#disabled' => !user_access('administer content types'),
    );
    $form['#submit'][] = 'pmpapi_permissions_set_file_entity_defaults';
  }
}

/**
 * Set default group and list type for file entities.
 *
 * $form array
 *   A Drupal form array
 *
 * $form_state array
 *   The current state of the form
 */
function pmpapi_permissions_set_file_entity_defaults($form, &$form_state) {
  $entity_type = 'file';
  $bundle_name = $form['#file_type']->type;
  $uname = $entity_type . '__' . $bundle_name;
  if (variable_get('pmpapi_push_' . $uname . '_profile')) {
    $group = $form_state['values']['pmpapi_permissions_default_group'];
    variable_set('pmpapi_permissions_default_group_' . $uname, $group);
  }
}

/**
 * Implements hook_form_BASE_FORM_ID_alter().
 */
function pmpapi_permissions_form_node_form_alter(&$form, &$form_state) {
  $entity_type = 'node';
  $bundle_name = $form['#node']->type;
  $uname = $entity_type . '__' . $bundle_name;

  // if an edit, check if specific entity OK to push
  if (!empty($form['nid']['#value'])) {
    $entity = node_load($form['nid']['#value']);
    $add_perms = pmpapi_push_entity_ok_to_push($entity, 'node');
  }
  else {
    $add_perms = variable_get('pmpapi_push_' . $uname . '_profile');
  }
  if ($add_perms) {
    pmpapi_permissions_attach_perm_elements($form, 'node', $bundle_name);
  }
}

/**
 * Implements hook_form_FORM_ID_alter() for file_entity_add_upload().
 */
function pmpapi_permissions_form_file_entity_add_upload_alter(&$form, &$form_state) {
  if (isset($form['#step']) && $form['#step'] == 4) {
    $bundle_name = $form['#entity']->type;
    pmpapi_permissions_attach_perm_elements($form, 'file', $bundle_name);
  }
}

/**
 * Implements hook_form_FORM_ID_alter() for file_entity_edit().
 */
function pmpapi_permissions_form_file_entity_edit_alter(&$form, &$form_state) {
  $bundle_name = $form['#bundle'];
  pmpapi_permissions_attach_perm_elements($form, 'file', $bundle_name);
}

/**
 * Attaches any applicable permission elements to a given (entity CRUD) form.
 *
 * $form array
 *   An entity CRUD form array.
 *
 * $entity_type string
 *   The type of entity to which the permissions could be added.
 *
 * $bundle_name string
 *   The bundle name of the entity to which the permissions could be added.
 */
function pmpapi_permissions_attach_perm_elements(&$form, $entity_type, $bundle_name) {
  $uname = $entity_type . '__' . $bundle_name;
  if (variable_get('pmpapi_push_' . $uname . '_profile')) {
    $form['pmpapi_permissions'] = array(
      '#type' => 'fieldset',
      '#title' => t('PMP API permission settings'),
      '#collapsible' => TRUE,
      '#collapsed' => TRUE,
    );
    if (!empty($form['additional_settings'])) {
      $form['pmpapi_permissions']['#group'] = 'additional_settings';
    }
    $guid = pmpapi_permissions_extract_guid_from_form($form, $entity_type);
    $permissions = $guid ? pmpapi_permissions_fetch_permissions($guid) : array();
    $permission = !empty($permissions) ? $permissions[0] : NULL;
    if ($guid) {

      // GUID means a pre-existing doc
      if ($permission) {

        // Grab group from permission object
        $default_group_value = end(explode('/', $permission->href));
      }
      else {

        // Assume no permission means group = 'All'
        $default_group_value = 0;
      }
    }
    else {

      // New node/doc; we are on the add form, so grab default value (if it
      // exists).
      $default_group_value = variable_get('pmpapi_permissions_default_group_' . $uname, 0);
    }
    $form['pmpapi_permissions']['pmpapi_permissions_group'] = array(
      '#title' => t('Which PMP users can access these files (via the PMP API)?'),
      '#type' => 'select',
      '#multiple' => FALSE,
      '#default_value' => $default_group_value,
      '#required' => TRUE,
      '#options' => pmpapi_permissions_get_group_options(),
      '#disabled' => !user_access('apply PMP permissions'),
    );
    if (isset($form['actions']['submit']['#submit'])) {
      array_unshift($form['actions']['submit']['#submit'], 'pmpapi_permissions_set_' . $entity_type . '_permissions');
    }
    elseif (isset($form['#submit'])) {

      // Forms such as the multi-step at file/add might have submit handlers elsewhere
      array_unshift($form['#submit'], 'pmpapi_permissions_set_' . $entity_type . '_permissions');
    }
  }
}

/**
 * Creates a PMP permission object from fields, then attaches it to the node
 * object in the form.
 *
 * $form array
 *   An entity CRUD form array.
 *
 * $form_state array
 *   The current state of the form
 */
function pmpapi_permissions_set_node_permissions($form, &$form_state) {
  $entity_type = 'node';
  $group = !empty($form_state['values']['pmpapi_permissions_group']) ? $form_state['values']['pmpapi_permissions_group'] : NULL;
  $permission = pmp_permissions_create_permission($group);
  if ($permission !== NULL) {
    $form_state[$entity_type]->pmpapi_permissions = array(
      $permission,
    );
  }
  else {
    unset($form_state[$entity_type]->pmpapi_permissions);
  }
  $form_state[$entity_type]->pmpapi_permissions_added = TRUE;
}

/**
 * Creates a PMP permission object from fields, then attaches it to the file
 * object in the form.
 *
 * $form array
 *   An entity CRUD form array.
 *
 * $form_state array
 *   The current state of the form
 */
function pmpapi_permissions_set_file_permissions($form, &$form_state) {
  $entity_type = 'file';
  $group = !empty($form_state['values']['pmpapi_permissions_group']) ? $form_state['values']['pmpapi_permissions_group'] : NULL;
  $permission = pmp_permissions_create_permission($group);
  $permissions = $permission !== NULL ? array(
    $permission,
  ) : NULL;

  // check for multi-step file entity form
  if (isset($form_state['build_info']['form_id']) && $form_state['build_info']['form_id'] == 'file_entity_add_upload' && $form_state['step'] == 4) {
    $form_state['values']['pmpapi_permissions'] = $permissions;
    $form_state['values']['pmpapi_permissions_added'] = TRUE;
  }
  else {
    $form_state[$entity_type]->pmpapi_permissions = $permissions;
    $form_state[$entity_type]->pmpapi_permissions_added = TRUE;
  }
}

/**
 * Creates PMPAPI permission object from a group GUID, list type, and operation.
 *
 * @param $group string
 *   A permissions group GUID.
 *
 * @param $blacklist boolean
 *   Whether or not the permission should be a blacklist
 *
 * @return object
 *   A permissions object, if a permission is needed, or NULL.
 */
function pmp_permissions_create_permission($group, $blacklist = FALSE, $operation = 'read') {
  $permission = NULL;
  if ($group !== NULL) {
    $permission = new stdClass();
    $permission->href = variable_get('pmpapi_base_url') . '/docs/' . $group;
    $permission->operation = $operation;
    if ($blacklist) {

      // If blacklist == FALSE, don't even bother to add a blacklist property.
      $permission->blacklist = TRUE;
    }
  }
  return $permission;
}

/**
 * Extracts a GUID from a form containing an entity that has been or will be pushed
 * to the PMP.
 *
 * $form array
 *   A Drupal form array.
 *
 * $entity_type string
 *   The type of the entity contained within the form.
 *
 * @return string
 *   The GUID of the entity contained within the form.
 */
function pmpapi_permissions_extract_guid_from_form($form, $entity_type) {
  $indexes = array(
    'node' => '#node',
    'file' => '#entity',
  );
  $index = $indexes[$entity_type];
  if (!empty($form[$index]->pmpapi_guid)) {
    return $form[$index]->pmpapi_guid;
  }
}

/**
 * Fetches permissions for a given PMP doc.
 *
 * $guid string
 *   The GUID of the doc.
 *
 * @return object
 *   The permissions of the PMP doc.
 */
function pmpapi_permissions_fetch_permissions($guid) {
  $permissions = db_query('SELECT permissions FROM {pmpapi_local_docs} WHERE guid=:guid', array(
    ':guid' => $guid,
  ))
    ->fetchField();
  if (!empty($permissions)) {
    return unserialize($permissions);
  }
}

/**
 *  Implements hook_entity_presave().
 */
function pmpapi_permissions_entity_presave($entity, $type) {
  $wrapper = entity_metadata_wrapper($type, $entity);
  $bundle = $wrapper
    ->getBundle();
  $uname = $type . '__' . $bundle;
  $default_group = variable_get('pmpapi_permissions_default_group_' . $uname, 0);

  // If entity has not had a permission added, but DOES have a default whitelist
  // group, add it to the entity. Most obvious use-case: an entity that is added
  // programmatically (i.e., no form used)
  if (empty($entity->pmpapi_permissions_added) && $default_group) {
    $permission = pmp_permissions_create_permission($default_group);
    $entity->pmpapi_permissions = array(
      $permission,
    );
  }
}