function protected_node_is_locked in Protected Node 7
Same name and namespace in other branches
- 6 protected_node.module \protected_node_is_locked()
- 1.0.x protected_node.module \protected_node_is_locked()
Check whether a node is protected and a password is required.
Parameters
int $nid: The node identifier.
string $op: Operation: 'access', 'view', 'edit', or 'delete'.
Return value
false if the node is not protected for the current user. Return TRUE if it is protected and cannot be viewed by the current user. Return $nid if the user has a chance to unlock this protected node by entering the password. Return -1 if the user is trying to view the node and has both access to view nodes of that type and the 'view protected content' permission.
2 calls to protected_node_is_locked()
- protected_node_init in ./
protected_node.module - Implements hook_init().
- protected_node_rules_condition_content_is_locked in protected_node_rules/
protected_node_rules.rules.inc - Condition: check whether the current user has access to the node.
File
- ./
protected_node.module, line 240 - Protected Node module.
Code
function protected_node_is_locked($nid, $op = 'access') {
global $user;
// Get the node.
$node = node_load($nid);
// Is the node protected?
if (!isset($node->protected_node_is_protected) || !$node->protected_node_is_protected) {
return FALSE;
}
// Anonymous user?
if (!$user->uid) {
// Do not cache anything for anonymous users as that could make
// the content of the page available to people who never enter
// the password (especially with aggressive caching.).
if (variable_get('cache', 1)) {
// Prevent caching (do NOT use variable_set() since this is temporary
// for this session.).
$GLOBALS['conf']['cache'] = 0;
}
}
else {
// Author looking at his work (if not anonymous)?
if ($node->uid === $user->uid) {
return FALSE;
}
}
// User cannot access any protected node. This check avoids the rather
// useless drupal_goto() and thus does not change the URL on the user.
if (!user_access('access protected node password form')) {
return TRUE;
}
// If the user is only trying to view this node, accept.
if ($op == 'view') {
if (user_access('view protected content') && node_access('view', $node)) {
// User's got view permission without password
// (password for edit/delete rights).
return -1;
}
}
elseif ($op == 'edit') {
if (!node_access('update', $node)) {
// No rights to edit.
return TRUE;
}
elseif (user_access('edit protected content') && node_access('update', $node)) {
// User's got edit permission without password
// (password for edit/delete rights).
return -1;
}
// Rights to edit, but password is still required in this case!
}
elseif ($op == 'delete') {
if (!node_access('delete', $node)) {
// No rights to delete.
return TRUE;
}
// Rights to delete, but password is still required in this case!
}
else {
return TRUE;
}
// User already entered the global password?
if (isset($_SESSION['_protected_node']['passwords']['global'])) {
$when = $_SESSION['_protected_node']['passwords']['global'];
if ($when > variable_get('protected_node_session_timelimit', 0) && $when > $node->protected_node_passwd_changed) {
return FALSE;
}
// The session is out of date, we can as well get rid of it now.
unset($_SESSION['_protected_node']['passwords']['global']);
}
else {
// User already entered the password?
if (isset($_SESSION['_protected_node']['passwords'][$nid])) {
$when = $_SESSION['_protected_node']['passwords'][$nid];
if ($when > variable_get('protected_node_session_timelimit', 0) && $when > $node->protected_node_passwd_changed) {
return FALSE;
}
// The session is out of date, we can as well get rid of it now.
unset($_SESSION['_protected_node']['passwords'][$nid]);
}
}
return $nid;
}