You are here

Home » API reference » Taxonomy Access Control Lite 5 » tac_lite.module

function tac_lite_db_rewrite_sql in Taxonomy Access Control Lite 5

Same name and namespace in other branches
  1. 6 tac_lite.module \tac_lite_db_rewrite_sql()

File

./tac_lite.module, line 451
Control access to site content based on taxonomy, roles and users.

Code

function tac_lite_db_rewrite_sql($query, $primary_table, $primary_field, $args) {
  global $user;

  // if administrator, give all access
  if (user_access('administer_tac_lite')) {
    return;
  }

  // the vocabularies containing protected info.
  $vids = variable_get('tac_lite_categories', array(
    0,
  ));

  // the terms this user is allowed to see
  $tids = array();
  for ($i = 1; $i <= variable_get('tac_lite_schemes', 1); $i++) {
    $config = _tac_lite_config($i);
    if (in_array('grant_view', $config['perms'])) {
      $tids = array_merge($tids, _tac_lite_user_tids($user, $i));
    }
  }

  // Note that if tac_lite is configured, but no schemes support grant_view,
  // we assume everyone can view all terms.
  if (count($tids) && is_array($vids) && count($vids)) {
    switch ($primary_field) {
      case 'tid':

        // prevent users from seeing terms they do not have permission to read.
        $join = "LEFT JOIN {term_data} tac_td ON {$primary_table}.tid = tac_td.tid";
        $where = "{$primary_table}.tid IN (" . implode(', ', $tids) . ") OR tac_td.vid NOT IN (" . implode(',', $vids) . ")";
        return array(
          'join' => $join,
          'where' => $where,
        );
        break;
      case 'vid':
        break;
    }
  }
}