search_restrict.module in Search Restrict 5

<?php

/**
 * Implementation of hook_perm().
 */
function search_restrict_perm() {
  return array(
    'administer search_restrict',
  );
}

/**
 * Implementation of hook_form_alter().
 */
function search_restrict_form_alter($form_id, &$form) {
  switch ($form_id) {
    case 'node_type_form':
      search_restrict_content_type_form($form);
      break;
  }
}

/**
 *  Alter content type forms to include search restrict options
 */
function search_restrict_content_type_form(&$form) {
  $roles = user_roles();
  ksort($roles);
  $content_type_restrictions = variable_get('search_restrict_content_type', array());
  $form['search_restrict'] = array(
    '#type' => 'fieldset',
    '#title' => t('Search Restrict'),
    '#description' => t('Select which user roles can search for this content type. By default all roles can search.'),
    '#collapsible' => TRUE,
    '#collapsed' => TRUE,
    '#access' => user_access('administer search_restrict'),
  );
  $form['search_restrict']['search_restrict_roles'] = array(
    '#type' => 'checkboxes',
    '#title' => t('Roles'),
    '#description' => t('If all checkboxes are unselected then everyone can search.'),
    '#options' => $roles,
    '#default_value' => $content_type_restrictions[$form['#node_type']->type],
  );

  // use custom submit function to avoid a query at time of search to get the list of content types
  $form['#submit']['search_restrict_content_type_form_submit'] = array();
}

/**
 *  use custom submit function to avoid a query at time of search to get the list of content types
 */
function search_restrict_content_type_form_submit($form_id, $form_values) {
  $content_type_restrictions = variable_get('search_restrict_content_type', array());
  $content_type_restrictions[$form_values['type']] = $form_values['search_restrict_roles'];
  variable_set('search_restrict_content_type', $content_type_restrictions);
}
function search_restrict_db_rewrite_sql($query, $primary_table, $primary_field, $args) {
  global $user;
  if ($user->uid == 1) {
    return;
  }
  $user_roles = $user->roles;
  $excluded_types = array();
  if ($query == '' && $primary_table == 'n' && $primary_field == 'nid' && empty($args)) {
    $content_type_restrictions = variable_get('search_restrict_content_type', array());
    foreach ($content_type_restrictions as $type => $roles) {
      $access = FALSE;
      $access_false = array();
      $access_true = array();

      // list included and excluded roles
      foreach ($roles as $role_id => $selected) {
        if (empty($selected)) {
          $access_false[] = $role_id;
        }
        else {
          $access_true[] = $role_id;
        }
      }

      // if no roles or all roles have been selected then everyone has access skip this content type
      if (!empty($access_true) && !empty($access_false)) {

        // if user has role in include list skip this content type
        foreach ($access_true as $role_selected) {
          if (!empty($user_roles[$role_selected])) {
            $access = TRUE;
          }
        }

        // user doesn't have any roles that are allowed to search this content type
        if (empty($access)) {
          $excluded_types[] = $type;
        }
      }
    }
    if (!empty($excluded_types)) {
      $where = " n.type NOT IN ('" . join("','", $excluded_types) . "') ";
      return array(
        'where' => $where,
      );
    }
  }
}