function protected_node_and_attachment in Protected Node 7
Same name and namespace in other branches
- 6 protected_node.module \protected_node_and_attachment()
- 1.0.x protected_node.module \protected_node_and_attachment()
Helper function.
If gathering an attachment, verify that it is accessible and if not ask for the password.
Parameters
string $path: The path to the attachment file.
Return value
mixed File nid if user has access. FALSE otherwise.
1 call to protected_node_and_attachment()
- protected_node_init in ./
protected_node.module - Implements hook_init().
File
- ./
protected_node.module, line 345 - Protected Node module.
Code
function protected_node_and_attachment($path) {
global $user;
if (user_access('edit protected content')) {
return FALSE;
}
// Check whether the node linked to this file attachment is protected.
$query = db_select('node', 'n');
$query
->join('file_usage', 'fu', 'n.nid = fu.id');
$query
->join('file_managed', 'fm', 'fm.fid = fu.fid');
$query
->join('protected_nodes', 'pn', 'n.nid = pn.nid');
$query
->fields('n', array(
'nid',
'uid',
));
$query
->fields('pn', array(
'protected_node_passwd_changed',
));
$query
->condition('fu.type', 'node');
$query
->condition('fm.uri', '%' . db_like($path), 'LIKE');
$query
->condition('pn.protected_node_is_protected', '1');
$number_of_results = $query
->countQuery()
->execute()
->fetchField();
// If number is 0, node is not protected, or file is in a field collection.
if (0 == $number_of_results) {
if (module_exists('field_collection')) {
// Check if file is attached to protected node via field collection.
$query = db_select('file_usage', 'fu');
$query
->join('file_managed', 'fm', 'fu.fid = fm.fid');
$query
->fields('fu', array(
'id',
));
$query
->condition('fu.type', 'field_collection_item');
$query
->condition('fm.uri', '%' . db_like($path), 'LIKE');
$in_field_collection = $query
->countQuery()
->execute()
->fetchField();
// The file is attached to a field collection item.
if ($in_field_collection != '0') {
$field_collection_ids = $query
->execute()
->fetchCol();
$field_collection_items = entity_load('field_collection_item', $field_collection_ids);
// Get the nids.
$protected_node_nids = array();
foreach ($field_collection_items as $field_collection_item) {
$protected_node_nids[] = $field_collection_item
->hostEntity()->nid;
}
// Query the node table again with the nid the field collection belongs
// to.
$query = db_select('node', 'n');
$query
->join('protected_nodes', 'pn', 'n.nid = pn.nid');
$query
->fields('n', array(
'nid',
'uid',
));
$query
->fields('pn', array(
'protected_node_passwd_changed',
));
$query
->condition('n.nid', $protected_node_nids, 'IN');
$query
->condition('pn.protected_node_is_protected', '1');
$number_of_results = $query
->countQuery()
->execute()
->fetchField();
if (0 == $number_of_results) {
return FALSE;
}
}
else {
return FALSE;
}
}
elseif (module_exists('paragraphs')) {
// Check if file is attached to protected node via paragraphs.
$query = db_select('file_usage', 'fu');
$query
->join('file_managed', 'fm', 'fu.fid = fm.fid');
$query
->fields('fu', array(
'id',
));
$query
->condition('fu.type', 'paragraphs_item');
$query
->condition('fm.uri', '%' . db_like($path), 'LIKE');
$in_paragraphs = $query
->countQuery()
->execute()
->fetchField();
// The file is attached to a paragraphs item.
if ($in_paragraphs != '0') {
$paragraphs_ids = $query
->execute()
->fetchCol();
/** @var \ParagraphsItemEntity[] $paragraphs_items */
$paragraphs_items = entity_load('paragraphs_item', $paragraphs_ids);
// Get the nids.
$protected_node_nids = array();
foreach ($paragraphs_items as $paragraphs_item) {
$nid = _protected_node_get_paragraph_node_host_entity_id($paragraphs_item);
if ($nid) {
$protected_node_nids[] = $nid;
}
}
// Query the node table again with the nid the paragraph belongs
// to.
if (!empty($protected_node_nids)) {
$query = db_select('node', 'n');
$query
->join('protected_nodes', 'pn', 'n.nid = pn.nid');
$query
->fields('n', array(
'nid',
'uid',
));
$query
->fields('pn', array(
'protected_node_passwd_changed',
));
$query
->condition('n.nid', $protected_node_nids, 'IN');
$query
->condition('pn.protected_node_is_protected', '1');
$number_of_results = $query
->countQuery()
->execute()
->fetchField();
if (0 == $number_of_results) {
return FALSE;
}
}
else {
return FALSE;
}
}
else {
return FALSE;
}
}
else {
// If not in node, nor in field_collection or paragraphs, return FALSE
return FALSE;
/* Row doesn't exist, it's not protected */
}
}
$result = $query
->execute();
foreach ($result as $file_info) {
// Row doesn't exist, it's not protected || $user is the author.
if ($file_info === FALSE || $user->uid && $user->uid == $file_info->uid) {
return FALSE;
}
// The user has the bypass password for view.
if (user_access('view protected content', $user)) {
return FALSE;
}
// Got the global password?
if (isset($_SESSION['_protected_node']['passwords']['global'])) {
$when = $_SESSION['_protected_node']['passwords']['global'];
// This page reset time && global reset time.
if ($when > $file_info->protected_node_passwd_changed && $when > variable_get('protected_node_session_timelimit', 0)) {
return FALSE;
}
// The session is out of date, we can as well get rid of it now.
unset($_SESSION['_protected_node']['passwords']['global']);
}
else {
// Got the password?
if (isset($_SESSION['_protected_node']['passwords'][$file_info->nid])) {
$when = $_SESSION['_protected_node']['passwords'][$file_info->nid];
// This page reset time && global reset time.
if ($when > $file_info->protected_node_passwd_changed && $when > variable_get('protected_node_session_timelimit', 0)) {
return FALSE;
}
// The session is out of date, we can as well get rid of it now.
unset($_SESSION['_protected_node']['passwords'][$file_info->nid]);
}
}
// No password, access denied.
return $file_info->nid;
}
}