You are here

publishcontent.module in Publish Content 7

Add link to publish or unpublish a node, with access control based on the node type

File

publishcontent.module
View source
<?php

/**
 * @file
 * Add link to publish or unpublish a node, with access control based on the
 * node type
 */
define('PUBLISHCONTENT_METHOD_NONE', 0);
define('PUBLISHCONTENT_METHOD_ACTION_LINKS', 1);
define('PUBLISHCONTENT_METHOD_BUTTON', 2);
define('PUBLISHCONTENT_METHOD_TABS', 3);
define('PUBLISHCONTENT_ACCESS_ALLOW', TRUE);
define('PUBLISHCONTENT_ACCESS_DENY', FALSE);
define('PUBLISHCONTENT_ACCESS_IGNORE', NULL);

/**
 * Implements hook_menu().
 */
function publishcontent_menu() {
  $items = array();
  $menu_type = _publishcontent_get_menutype();
  $items['admin/config/content/publishcontent'] = array(
    'title' => 'Publish content settings',
    'page callback' => 'drupal_get_form',
    'page arguments' => array(
      'publishcontent_config_form',
    ),
    'access callback' => 'user_access',
    'access arguments' => array(
      'administer site configuration',
    ),
    'description' => 'Configure settings.',
    'file' => 'publishcontent.admin.inc',
    'type' => MENU_NORMAL_ITEM,
  );
  $items['node/%publishcontent_tab/publish/%publishcontent_security_token'] = array(
    'title' => 'Publish',
    'page callback' => 'drupal_get_form',
    'page arguments' => array(
      'publishcontent_toggle_status_form',
      1,
      2,
    ),
    'access callback' => '_publishcontent_publish_access',
    'access arguments' => array(
      1,
      3,
    ),
    'weight' => 5,
    'type' => $menu_type,
    'options' => array(
      'attributes' => array(
        'class' => array(
          'publishcontent-link',
          'publishcontent-publish',
        ),
      ),
    ),
    'context' => MENU_CONTEXT_PAGE | MENU_CONTEXT_INLINE,
  );
  $items['node/%publishcontent_tab/unpublish/%publishcontent_security_token'] = array(
    'title' => 'Unpublish',
    'page callback' => 'drupal_get_form',
    'page arguments' => array(
      'publishcontent_toggle_status_form',
      1,
      2,
    ),
    'access callback' => '_publishcontent_unpublish_access',
    'access arguments' => array(
      1,
      3,
    ),
    'weight' => 5,
    'type' => $menu_type,
    'options' => array(
      'attributes' => array(
        'class' => array(
          'publishcontent-link',
          'publishcontent-unpublish',
        ),
      ),
    ),
    'context' => MENU_CONTEXT_PAGE | MENU_CONTEXT_INLINE,
  );
  return $items;
}

/**
 * Decide to show the (un)publish tab or not.
 */
function publishcontent_tab_load($nid) {
  if (is_numeric($nid)) {
    $node = node_load($nid);
    if (variable_get('publishcontent_' . $node->type, FALSE)) {
      return $node;
    }
  }
  return FALSE;
}

/**
 * Used to append a security token to prevent XSS.
 */
function publishcontent_security_token_to_arg($arg, $map, $index) {
  return drupal_get_token();
}

/**
 * Access callback for publish action.
 */
function _publishcontent_publish_access($node, $token = FALSE) {
  if (!is_object($node)) {
    return FALSE;
  }
  if ($token && !drupal_valid_token($token)) {
    return FALSE;
  }
  if (!variable_get('publishcontent_' . $node->type, FALSE)) {
    return FALSE;
  }
  return !$node->status && publishcontent_publish_access($node);
}

/**
 * Access callback for unpublish action.
 */
function _publishcontent_unpublish_access($node, $token = FALSE) {
  if (!is_object($node)) {
    return FALSE;
  }
  if ($token && !drupal_valid_token($token)) {
    return FALSE;
  }
  if (!variable_get('publishcontent_' . $node->type, FALSE)) {
    return FALSE;
  }
  return $node->status && publishcontent_unpublish_access($node);
}

/**
 * Determine if a user has publish permission to a given node.
 *
 * @param node $node
 *   The node object to check.
 * @param user $account
 *   The user account to check - defaults to the logged in user.
 *
 * @return bool
 *   TRUE if user can publish the node.
 */
function publishcontent_publish_access($node, $account = NULL) {
  $access = FALSE;

  // Variable may be '0' or '1' or not set.
  if (!variable_get('publishcontent_' . $node->type, FALSE)) {
    return $access;
  }
  if (empty($account)) {
    global $user;
    $account = $user;
  }
  foreach (module_invoke_all('publishcontent_publish_access', $node, $account) as $module_access) {
    if (!is_null($module_access)) {
      if ($module_access === PUBLISHCONTENT_ACCESS_DENY) {

        // Anything denying access gets priority.
        return FALSE;
      }
      elseif ($module_access === PUBLISHCONTENT_ACCESS_ALLOW) {

        // Something grants access.
        $access = TRUE;
      }
    }
  }
  return $access;
}

/**
 * Implements hook_publishcontent_publish_access().
 */
function publishcontent_publishcontent_publish_access($node, $user) {
  $access = user_access('administer nodes') || user_access('publish any content') || user_access('publish own content') && $user->uid == $node->uid || user_access('publish editable content') && (!isset($node->nid) || node_access('update', $node)) || user_access('publish own ' . check_plain($node->type) . ' content', $user) && $user->uid == $node->uid || user_access('publish any ' . check_plain($node->type) . ' content') || user_access('publish editable ' . check_plain($node->type) . ' content') && (!isset($node->nid) || node_access('update', $node));
  return $access ? PUBLISHCONTENT_ACCESS_ALLOW : PUBLISHCONTENT_ACCESS_IGNORE;
}

/**
 * Determine if a user has unpublish rights on a node.
 *
 * @param node $node
 *   The node object to check against
 * @param user $account
 *   The user account object to check. Defaults to current user.
 *
 * @return bool
 *   TRUE if the user has unpublish rights to the node.
 */
function publishcontent_unpublish_access($node, $account = NULL) {
  if (empty($account)) {
    global $user;
    $account = $user;
  }
  $access = FALSE;
  foreach (module_invoke_all('publishcontent_unpublish_access', $node, $account) as $module_access) {
    if (!is_null($module_access)) {
      if ($module_access === PUBLISHCONTENT_ACCESS_DENY) {

        // Anything denying access gets priority.
        return FALSE;
      }
      elseif ($module_access === PUBLISHCONTENT_ACCESS_ALLOW) {

        // Something grants access.
        $access = TRUE;
      }
    }
  }
  return $access;
}

/**
 * Implements hook_publishcontent_unpublish_access().
 */
function publishcontent_publishcontent_unpublish_access($node, $user) {
  $access = user_access('administer nodes') || user_access('unpublish any content') || user_access('unpublish own content') && $user->uid == $node->uid || user_access('unpublish editable content') && (!isset($node->nid) || node_access('update', $node)) || user_access('unpublish own ' . check_plain($node->type) . ' content', $user) && $user->uid == $node->uid || user_access('unpublish any ' . check_plain($node->type) . ' content') || user_access('unpublish editable ' . check_plain($node->type) . ' content') && (!isset($node->nid) || node_access('update', $node));
  return $access ? PUBLISHCONTENT_ACCESS_ALLOW : PUBLISHCONTENT_ACCESS_IGNORE;
}

/**
 * Implements hook_permission().
 */
function publishcontent_permission() {
  $perms = array(
    'publish any content' => array(
      'title' => t('Publish any content'),
    ),
    'unpublish any content' => array(
      'title' => t('Unpublish any content'),
    ),
    'publish editable content' => array(
      'title' => t('Publish editable content'),
    ),
    'unpublish editable content' => array(
      'title' => t('Unpublish editable content'),
    ),
  );
  foreach (node_type_get_types() as $type) {

    // Only show permissions for activated node types.
    if (isset($type->type) && variable_get('publishcontent_' . $type->type, FALSE)) {
      $perms['publish any ' . $type->type . ' content'] = array(
        'title' => t('Publish any @type content', array(
          '@type' => $type->name,
        )),
      );
      $perms['publish own ' . $type->type . ' content'] = array(
        'title' => t('Publish own @type content', array(
          '@type' => $type->name,
        )),
      );
      $perms['publish editable ' . $type->type . ' content'] = array(
        'title' => t('Publish editable @type content', array(
          '@type' => $type->name,
        )),
      );
      $perms['unpublish any ' . $type->type . ' content'] = array(
        'title' => t('Unpublish any @type content', array(
          '@type' => $type->name,
        )),
      );
      $perms['unpublish own ' . $type->type . ' content'] = array(
        'title' => t('Unpublish own @type content', array(
          '@type' => $type->name,
        )),
      );
      $perms['unpublish editable ' . $type->type . ' content'] = array(
        'title' => t('Unpublish editable @type content', array(
          '@type' => $type->name,
        )),
      );
    }
  }
  return $perms;
}

/**
 * Helper function to generate change of status message.
 */
function _publishcontent_get_message($nid, $title, $status) {
  return $status ? t('"@title" [@nid] has been published', array(
    '@title' => $title,
    '@nid' => $nid,
  )) : t('"@title" [@nid] has been unpublished', array(
    '@title' => $title,
    '@nid' => $nid,
  ));
}

/**
 * Form to get confirmation for publish/unpublish content
 *
 * @param array $form
 * @param array $form_state
 * @param $node
 * @param string $toggle_title
 *   Title of the button e.g. Publish or Unpublish
 *
 * @return array
 */
function publishcontent_toggle_status_form($form, &$form_state, $node, $toggle_title) {
  $form['id'] = array(
    '#type' => 'value',
    '#value' => $node->nid,
  );

  // Set confirm form question.
  if ($toggle_title) {
    $question = t('Are you sure you want to %publish_state this content?', array(
      '%publish_state' => ucfirst($toggle_title),
    ));
  }
  else {
    $question = t('Are you sure?');
  }
  $description = t('Click confirm if you want to continue.');

  // Set return path if clicked on Cancel button.
  $path = 'node/' . $node->nid;
  return confirm_form($form, $question, $path, $description);
}

/**
 * Submit handler for Publish/Unpublish confirmation form
 */
function publishcontent_toggle_status_form_submit($form, &$form_state) {

  // load node using node id
  $node = node_load($form_state['values']['id']);
  publishcontent_toggle_status($node);
}

/**
 * Menu callback for publish / unpublish content actions.
 *
 * @param node $node
 *   A node object.
 */
function publishcontent_toggle_status($node) {

  // XOR the current status with 1 to get the opposite value.
  $node->status = $node->status ^ 1;

  // If this content type specifies that a new revision should be created on
  // editing, then make sure to respect this option.
  $node_options = variable_get('node_options_' . $node->type, array());
  if (in_array('revision', $node_options)) {
    $node->revision = 1;
  }

  // Save the status we want to set.
  $status = $node->status;

  // Try to update the node.
  node_save($node);

  // Validate the status has changed.
  if ($status == $node->status) {

    // Everything went well.
    drupal_set_message(_publishcontent_get_message($node->nid, $node->title, $node->status));
  }
  else {

    // Prevent the user something went wrong.
    drupal_set_message(t('The status of the node could not be updated.'), 'error');
  }

  // Clear the page and block caches.
  cache_clear_all();
  drupal_goto('node/' . $node->nid);
}

/**
 * Implements hook_form_FORM_ID_alter().
 *
 * Allow to use the 'Publishing options' on the edit/add page.
 */
function publishcontent_form_node_type_form_alter(&$form, &$form_state, $form_id) {

  // Do not activate this option by default.
  $form['workflow']['publishcontent'] = array(
    '#type' => 'checkbox',
    '#title' => t('Enable publishcontent'),
    '#default_value' => variable_get('publishcontent_' . $form['#node_type']->type, FALSE),
    '#description' => t('Display publish or unpublish link for nodes of this type.'),
  );
}

/**
 * Implements hook_form_FORM_ID_alter().
 *
 * Alter the node edit forms.
 */
function publishcontent_form_node_form_alter(&$form, &$form_state) {
  if ($form['#form_id'] == 'node_delete_confirm') {
    return;
  }
  $node = $form['#node'];
  if (!variable_get('publishcontent_' . $node->type, FALSE)) {

    // Publish content is not set or disabled for this content type.
    return;
  }
  if (!publishcontent_publish_access($node)) {
    if (!isset($node->nid)) {

      // Ensure users without permission to publish can't do so because of the
      // default setting in the content type. This setting controls the actual
      // value in $form_state.
      $form['options']['status']['#default_value'] = 0;

      // These won't affect $form_state but also need to be updated.
      $form['#node']->status = 0;
      $node->status = 0;
    }
    if (empty($node->status)) {

      // Publish content is unavailable for user without publish access.
      return;
    }
  }
  if (!empty($node->status) && !publishcontent_unpublish_access($node)) {

    // Publish content is unavailable for user without unpublish access.
    return;
  }
  if (_publishcontent_get_method() == PUBLISHCONTENT_METHOD_BUTTON) {
    _publishcontent_configure_publish_button($form, $form_state);
  }
  else {
    _publishcontent_configure_publish_checkbox($form, $form_state);
  }
}

/**
 * Add the publish button to the node edit form.
 */
function _publishcontent_configure_publish_button(&$form, &$form_state) {
  $node = $form['#node'];
  if (empty($node->nid) || empty($form['actions'])) {

    // Don't include the publish button on node add forms.
    return;
  }

  // Add either the publish or unpublish buttons.
  $form['actions']['publish'] = empty($node->status) ? publishcontent_render_publish_button() : publishcontent_render_unpublish_button();
}

/**
 * Configure the node form to include the publish checkbox.
 */
function _publishcontent_configure_publish_checkbox(&$form, &$form_state) {
  $form['options']['status']['#access'] = TRUE;
  if (!empty($form['options']['#access'])) {
    return;
  }
  else {
    $form['options']['#access'] = TRUE;
  }
  foreach (element_children($form['options']) as $key) {

    // If another form has afforded access to a particular option, do not
    // override that access. Otherwise, disable it.
    $form['options'][$key]['#access'] = isset($form['options'][$key]['#access']) ? $form['options'][$key]['#access'] : FALSE;
  }
}

/**
 * Render publish button.
 */
function publishcontent_render_publish_button() {
  return array(
    '#type' => 'submit',
    '#access' => TRUE,
    '#value' => t('Publish'),
    '#weight' => '30',
    '#submit' => array(
      '_publishcontent_publish_node',
    ),
  );
}

/**
 * Render unpublish button.
 */
function publishcontent_render_unpublish_button() {
  return array(
    '#type' => 'submit',
    '#access' => TRUE,
    '#value' => t('Unpublish'),
    '#weight' => '30',
    '#submit' => array(
      '_publishcontent_unpublish_node',
    ),
  );
}

/**
 * Submit handler to publish the node.
 */
function _publishcontent_publish_node($form, &$form_state) {

  // Set the node status as published. And that's it.
  $form_state['values']['status'] = 1;

  // Use the standard submit function. Do not go custom on me boy.
  node_form_submit($form, $form_state);
}

/**
 * Submit handler to unpublish the node.
 */
function _publishcontent_unpublish_node($form, &$form_state) {

  // Set the status as unpublished. And there is no more to that.
  $form_state['values']['status'] = 0;

  // Use the standard submit function.
  node_form_submit($form, $form_state);
}

/**
 * Implements hook_views_api().
 */
function publishcontent_views_api() {
  return array(
    'api' => 3,
  );
}

/**
 * Implements hook_views_data_alter().
 *
 * Add items to the node table that are relevant to publishcontent.
 */
function publishcontent_views_data_alter(&$data) {
  $data['node']['publishcontent'] = array(
    'title' => t('Publish link'),
    'help' => t('Display a link to publish the node.'),
    'field' => array(
      'handler' => 'publishcontent_views_handler_field_node_link',
    ),
  );
}

/**
 * Get the configured publish content method.
 */
function _publishcontent_get_method() {
  return variable_get('publishcontent_method', PUBLISHCONTENT_METHOD_TABS);
}

/**
 * Helper function for hook_menu to get the menu type for the current setup.
 */
function _publishcontent_get_menutype() {
  $method = _publishcontent_get_method();
  $menu_type = MENU_CALLBACK;
  if ($method == PUBLISHCONTENT_METHOD_TABS) {
    $menu_type = MENU_LOCAL_TASK;
  }
  elseif ($method == PUBLISHCONTENT_METHOD_ACTION_LINKS) {
    $menu_type = MENU_LOCAL_ACTION;
  }
  return $menu_type;
}

/**
 * Implements hook_og_permission().
 */
function publishcontent_og_permission() {
  $permissions = array();
  foreach (publishcontent_permission() as $name => $details) {
    $permissions[$name] = array(
      'title' => $details['title'],
      'description' => isset($details['description']) ? $details['description'] : '',
      'default role' => array(
        OG_ADMINISTRATOR_ROLE,
      ),
    );
  }
  return $permissions;
}

/**
 * Implements hook_publishcontent_publish_access().
 *
 * Implement on behalf of organic groups.
 */
function og_publishcontent_publish_access($node, $account) {
  $access = FALSE;
  foreach (og_get_entity_groups('node', $node) as $entity_type => $og_memberships) {
    foreach ($og_memberships as $entity_id) {
      $group_access = !$node->status && (og_user_access($entity_type, $entity_id, 'administer nodes', $account) || og_user_access($entity_type, $entity_id, 'publish any content', $account) || og_user_access($entity_type, $entity_id, 'publish own content', $account) && $account->uid == $node->uid || og_user_access($entity_type, $entity_id, 'publish editable content', $account) && node_access('update', $node) || og_user_access($entity_type, $entity_id, 'publish own ' . check_plain($node->type) . ' content', $account) && $account->uid == $node->uid || og_user_access($entity_type, $entity_id, 'publish any ' . check_plain($node->type) . ' content', $account) || og_user_access($entity_type, $entity_id, 'publish editable ' . check_plain($node->type) . ' content', $account) && node_access('update', $node));
      if ($group_access) {
        $access = TRUE;
      }
    }
  }
  return $access ? PUBLISHCONTENT_ACCESS_ALLOW : PUBLISHCONTENT_ACCESS_IGNORE;
}

/**
 * Implements hook_publishcontent_unpublish_access().
 *
 * Implement on behalf of organic groups.
 */
function og_publishcontent_unpublish_access($node, $account) {
  $access = FALSE;
  foreach (og_get_entity_groups('node', $node) as $entity_type => $og_memberships) {
    foreach ($og_memberships as $entity_id) {
      $group_access = $node->status && (og_user_access($entity_type, $entity_id, 'administer nodes', $account) || og_user_access($entity_type, $entity_id, 'unpublish any content', $account) || og_user_access($entity_type, $entity_id, 'unpublish own content', $account) && $account->uid == $node->uid || og_user_access($entity_type, $entity_id, 'unpublish editable content') && node_access('update', $node) || og_user_access($entity_type, $entity_id, 'unpublish own ' . check_plain($node->type) . ' content', $account) && $account->uid == $node->uid || og_user_access($entity_type, $entity_id, 'unpublish any ' . check_plain($node->type) . ' content', $account) || og_user_access($entity_type, $entity_id, 'unpublish editable ' . check_plain($node->type) . ' content', $account) && node_access('update', $node));
      if ($group_access) {
        $access = TRUE;
      }
    }
  }
  return $access ? PUBLISHCONTENT_ACCESS_ALLOW : PUBLISHCONTENT_ACCESS_IGNORE;
}

Functions

Namesort descending Description
og_publishcontent_publish_access Implements hook_publishcontent_publish_access().
og_publishcontent_unpublish_access Implements hook_publishcontent_unpublish_access().
publishcontent_form_node_form_alter Implements hook_form_FORM_ID_alter().
publishcontent_form_node_type_form_alter Implements hook_form_FORM_ID_alter().
publishcontent_menu Implements hook_menu().
publishcontent_og_permission Implements hook_og_permission().
publishcontent_permission Implements hook_permission().
publishcontent_publishcontent_publish_access Implements hook_publishcontent_publish_access().
publishcontent_publishcontent_unpublish_access Implements hook_publishcontent_unpublish_access().
publishcontent_publish_access Determine if a user has publish permission to a given node.
publishcontent_render_publish_button Render publish button.
publishcontent_render_unpublish_button Render unpublish button.
publishcontent_security_token_to_arg Used to append a security token to prevent XSS.
publishcontent_tab_load Decide to show the (un)publish tab or not.
publishcontent_toggle_status Menu callback for publish / unpublish content actions.
publishcontent_toggle_status_form Form to get confirmation for publish/unpublish content
publishcontent_toggle_status_form_submit Submit handler for Publish/Unpublish confirmation form
publishcontent_unpublish_access Determine if a user has unpublish rights on a node.
publishcontent_views_api Implements hook_views_api().
publishcontent_views_data_alter Implements hook_views_data_alter().
_publishcontent_configure_publish_button Add the publish button to the node edit form.
_publishcontent_configure_publish_checkbox Configure the node form to include the publish checkbox.
_publishcontent_get_menutype Helper function for hook_menu to get the menu type for the current setup.
_publishcontent_get_message Helper function to generate change of status message.
_publishcontent_get_method Get the configured publish content method.
_publishcontent_publish_access Access callback for publish action.
_publishcontent_publish_node Submit handler to publish the node.
_publishcontent_unpublish_access Access callback for unpublish action.
_publishcontent_unpublish_node Submit handler to unpublish the node.

Constants