rss_permissions.module in RSS Permissions 6

<?php

/**
 * Implementation of hook_help().
 */
function rss_permissions_help($path, $arg) {

  // Generic statement.
  $help = '<p>' . t('RSS permissions module allows administrator to control the display of RSS feeds.') . '</p>';
  switch ($path) {
    case 'admin/help#rss_permissions':
      $help .= '<p>' . t('You can choose to disable the RSS feeds altogether. In order to do that, go to <a href="@admin_page_url">RSS Permissions administration page</a> and select <em>"Disable altogether"</em> from the dropdown.', array(
        '@admin_page_url' => url('admin/settings/rss_permissions'),
      )) . '</p>';
      $help .= '<p>' . t('You can also manage the display or RSS feeds on a more granular level. In order to do that, go to <a href="@permissions_url">rss_permissions module</a> section of the Permissions page to set permissions for various feeds per role.', array(
        '@permissions_url' => url('admin/user/permissions', array(
          'fragment' => 'module-rss_permissions',
        )),
      )) . '</p>';
      $help .= '<p>' . t('You can manage permissions for main site RSS feed, aggregator RSS feeds (if Aggregator module is enabled), main blog RSS feed and user blog RSS feeds (if Blog module is enabled), and taxonomy RSS feeds (if Taxonomy module is enabled).') . '</p>';
      return $help;
    case 'admin/settings/rss_permissions':
      $help .= '<p>' . t('On this page you can disable the RSS feeds altogether. In order to do that, select <em>"Disable altogether"</em> from the dropdown.', array(
        '@admin_page_url' => url('admin/settings/rss_permissions'),
      )) . '</p>';
      return $help;
  }
}

/**
 * Implementation of hook_menu().
 */
function rss_permissions_menu() {
  $menu = array();

  // Administartion page for RSS Permissions settings.
  // Even though I'm a big nerd about hyphens in URLs, and even Drupal two-word
  // URLs are using hyphens, looks like it actually breaks some functionality,
  // like the "more help" link, and "administration pages" list in the help
  // section.
  // @todo: Look into filing a ticket for this.
  $menu['admin/settings/rss_permissions'] = array(
    'title' => t('RSS permissions'),
    'description' => t('Enable or disable RSS feeds on the website.'),
    'page callback' => 'drupal_get_form',
    'page arguments' => array(
      'rss_permissions_form',
    ),
    'access arguments' => array(
      'administer site configuration',
    ),
    'type' => MENU_NORMAL_ITEM,
  );
  return $menu;
}

/**
 * Implementation of hook_perm().
 */
function rss_permissions_perm() {
  $rss_permissions = array(
    'access site RSS feed',
  );
  if (module_exists('taxonomy')) {
    $rss_permissions[] = 'access taxonomy RSS feeds';
  }
  if (module_exists('blog')) {
    $rss_permissions[] = 'access user blog RSS feeds';
    $rss_permissions[] = 'access main blog RSS feed';
  }
  if (module_exists('aggregator')) {
    $rss_permissions[] = 'access aggregator RSS feeds';
  }
  return $rss_permissions;
}

/**
 * Implementation of hook_menu_alter().
 */
function rss_permissions_menu_alter(&$items) {

  // Check permissions for main site RSS feed.
  $items['rss.xml']['access callback'] = 'rss_permissions_menu_access';
  $items['rss.xml']['access arguments'] = array(
    'node',
  );

  // Check permissions for taxonomy RSS feed.
  if (module_exists('taxonomy')) {
    $items['taxonomy/term/%']['access callback'] = 'rss_permissions_menu_access';
    $items['taxonomy/term/%']['access arguments'] = array(
      'taxonomy',
      4,
    );
  }

  // Check permissions for blog RSS feeds.
  if (module_exists('blog')) {

    // Blog user feeds.
    $items['blog/%user/feed']['access callback'] = 'rss_permissions_menu_access';
    $items['blog/%user/feed']['access arguments'] = array(
      'blog_user',
      1,
    );

    // Main blog feed.
    $items['blog/feed']['access callback'] = 'rss_permissions_menu_access';
    $items['blog/feed']['access arguments'] = array(
      'blog',
    );
  }

  // Check permissions for aggregator RSS feeds.
  if (module_exists('aggregator')) {

    // Aggregator feeds
    $items['aggregator/rss']['access callback'] = 'rss_permissions_menu_access';
    $items['aggregator/rss']['access arguments'] = array(
      'aggregator',
    );

    // OPML (blogroll)
    $items['aggregator/opml']['access callback'] = 'rss_permissions_menu_access';
    $items['aggregator/opml']['access arguments'] = array(
      'aggregator',
    );
  }
}

/**
 * Implementation of hook_theme_registry_alter to override theme_feed_icon().
 *
 * In case some themes are implementing theme_feed_icon, we want to continue
 * using that function. Save the current feed_icon theming function as a
 * variable.
 */
function rss_permissions_theme_registry_alter(&$theme_registry) {

  // Save the current theme function as a variable.
  if (!empty($theme_registry['feed_icon']['function'])) {
    variable_set('rss_permissions_feed_icon_theme', $theme_registry['feed_icon']['function']);
  }

  // Now force our function to be used.
  $theme_registry['feed_icon']['function'] = 'theme_rss_permissions_feed_icon';
}

/**
 * Administartion page for RSS Permissions settings.
 */
function rss_permissions_form(&$form_state) {
  $form = array();
  $form['rss_permissions_disable_all'] = array(
    '#type' => 'select',
    '#title' => t('Disable RSS access altogether or use role permissions'),
    '#default_value' => variable_get('rss_permissions_disable_all', FALSE),
    '#options' => array(
      0 => t('Use permissions'),
      1 => t('Disable altogether'),
    ),
    '#description' => t('If you choose to disable RSS feeds altogether, the
      permissions settings for rss_permissions module will be ignored.'),
  );
  return system_settings_form($form);
}

/**
 * Overriding theme_feed_icon().
 * Check permission to view the feed before displaying the icon.
 */
function theme_rss_permissions_feed_icon($url, $title) {
  if (rss_permissions_feed_url_access($url)) {

    // Use the current feed_icon theme to style the icon.
    $theme_function = variable_get('rss_permissions_feed_icon_theme', 'theme_feed_icon');
    $arguments = func_get_args();
    return call_user_func_array($theme_function, $arguments);
  }
  return '';
}

/**
 * Check permissions to access menu callbacks.
 */
function rss_permissions_menu_access($module) {

  // Do a blanket check fo the global flag here for every case except for
  // taxonomy, which uses the same menu callback for page and feed).
  $disable_all_feeds = variable_get('rss_permissions_disable_all', FALSE);
  if ($module != 'taxonomy') {
    if ($disable_all_feeds) {
      return FALSE;
    }
  }

  // Otherwise, check granular permissions.
  switch ($module) {

    // Main site RSS feed.
    case 'node':
      return user_access('access content') && user_access('access site RSS feed');
      break;

    // Taxonomy RSS feeds.
    // Taxonomy module uses the same menu callback both for page and feed.
    // Make sure we are on the feed page before overriding the access callback.
    case 'taxonomy':
      if (func_num_args() >= 2 && func_get_arg(1) == 'feed') {
        if ($disable_all_feeds) {
          return FALSE;
        }
        else {
          return user_access('access content') && user_access('access taxonomy RSS feeds');
        }
      }
      else {
        return user_access('access content');
      }
      break;

    // Individual user blog RSS feeds.
    case 'blog_user':
      $account = func_get_arg(1);
      return blog_page_user_access($account) && user_access('access user blog RSS feeds');
      break;

    // Main blog RSS feed.
    case 'blog':
      return user_access('access content') && user_access('access main blog RSS feed');
      break;

    // Aggregator RSS feeds.
    case 'aggregator':
      return user_access('access news feeds') && user_access('access aggregator RSS feeds');
      break;

    // Reasonable default.
    default:
      return user_access('access content');
  }
}

/**
 * This function checks if user has permissions to view a given feed.
 * The logic is slightly different from rss_permissions_menu_access,
 * since we only have the feed URL to work with.
 */
function rss_permissions_feed_url_access($url) {

  // Check against the global flag.
  if (variable_get('rss_permissions_disable_all', FALSE)) {
    return FALSE;
  }

  // Otherwise, check against granular permissions.
  // Site's main RSS feed.
  if (url('rss.xml', array(
    'absolute' => TRUE,
  )) == $url) {
    return user_access('access content') && user_access('access site RSS feed');
  }

  // Taxonomy RSS feeds.
  if (preg_match('/^.*taxonomy\\/term\\/([0-9]+)\\/([0-9]+)\\/feed$/i', $url, $matches) > 0) {
    return user_access('access content') && user_access('access taxonomy RSS feeds');
  }

  // Individual user blog RSS feeds.
  if (preg_match('/^.*blog\\/([0-9]+)\\/feed$/i', $url, $matches) > 0) {
    $blog_uid = $matches[1];
    $account = user_load($blog_uid);
    return blog_page_user_access($account) && user_access('access user blog RSS feeds');
  }

  // Main blog RSS feed.
  if (url('blog/feed') == $url) {
    return user_access('access content') && user_access('access main blog RSS feed');
  }

  // Aggregator RSS feeds.
  if (strpos($url, 'aggregator/rss') != FALSE || url('aggregator/opml') == $url) {
    return user_access('access news feeds') && user_access('access aggregator RSS feeds');
  }

  // Just to be safe, fall back to a reasonable default.
  return user_access('access content');
}

/**
 * Implementation of theme_preprocess_page().
 * Use regex to remove RSS link from HEAD, if the user has no permission for that feed.
 */
function rss_permissions_preprocess_page(&$vars) {
  if (preg_match('/<link rel="alternate" type="application\\/rss\\+xml" title=".*?" href="(.*?)" \\/>/', $vars['head'], $matches)) {

    // $matches[1] is the URL to the feed.
    if (!empty($matches[1]) && !rss_permissions_feed_url_access($matches[1])) {
      $vars['head'] = preg_replace('/<link rel="alternate" type="application\\/rss\\+xml" title=".*?" href="' . addcslashes($matches[1], '/') . '" \\/>\\n/', '', $vars['head']);
    }
  }
}