You are here

Home » API reference » Protected Node 6 » protected_node.module

function protected_node_is_locked in Protected Node 6

Same name and namespace in other branches
  1. 7 protected_node.module \protected_node_is_locked()
  2. 1.0.x protected_node.module \protected_node_is_locked()

Check whether a node is protected and a password is required.

\param[in] $nid The node identifier. \param[in] $op Operation: 'access', 'view', 'edit', or 'delete'

\return FALSE if the node is not protected for the current user. Return TRUE if it is protected and cannot be viewed by the current user. Return $nid if the user has a chance to unlock this protected node by entering the password.

3 calls to protected_node_is_locked()
protected_node_init in ./protected_node.module
Implementation of hook_init(). @link http://api.drupal.org/api/function/hook_init/6
protected_node_rules_condition_content_is_locked in ./protected_node_rules.rules.inc
Condition: check whether the current user has access to the node.
protected_node_webfm_file_access_alter in ./protected_node.module
@brief WebFM support.

File

./protected_node.module, line 207

Code

function protected_node_is_locked($nid, $op = 'access') {

  // get the node
  $node = node_load($nid);

  // is the node protected?
  if (!$node->protected_node_is_protected) {
    return FALSE;
  }

  // anonymous user?
  if (!$user->uid) {

    // do not cache anything for anonymous users as that could make
    // the content of the page available to people who never enter
    // the password (especially with aggressive caching.)
    if (variable_get('cache', CACHE_DISABLED)) {

      // prevent caching (do NOT use variable_set() since this is temporary for this session.)
      $GLOBALS['conf']['cache'] = CACHE_DISABLED;
    }
  }
  else {

    // author looking at his work? (if not anonymous)
    if ($node->uid === $user->uid) {
      return FALSE;
    }
  }

  // user cannot access any protected node
  // (this check avoids the rather useless drupal_goto() and thus does not
  // change the URL on the user.)
  if (!user_access('access protected content')) {
    return TRUE;
  }

  // if the user is only trying to view this node, accept
  if ($op == 'view') {
    if (user_access('view protected content') && node_access('view', $node)) {

      // user's got view permission without password
      // (password for edit/delete rights.)
      return -1;
    }
  }
  elseif ($op == 'edit') {
    if (!node_access('update', $node)) {

      // no rights to edit
      return TRUE;
    }

    // rights to edit, but password is still required in this case!
  }
  elseif ($op == 'delete') {
    if (!node_access('delete', $node)) {

      // no rights to delete
      return TRUE;
    }

    // rights to delete, but password is still required in this case!
  }
  else {
    return TRUE;
  }

  // user already entered the password?
  if (isset($_SESSION['_protected_node']['passwords'][$nid])) {
    $when = $_SESSION['_protected_node']['passwords'][$nid];
    if ($when > variable_get('protected_node_session_timelimit', 0) && $when > $node->protected_node_passwd_changed) {

      // this page reset time
      return FALSE;
    }

    // the session is out of date, we can as well get rid of it now
    unset($_SESSION['_protected_node']['passwords'][$nid]);
  }
  return $nid;
}