You are here

Home » API reference » Taxonomy Access Control 7 » taxonomy_access.module

function _taxonomy_access_grant_query in Taxonomy Access Control 7

Builds a base query object for the specified TAC grants.

Callers should add conditions, groupings, and optionally fields.

This query should work on D7's supported versions of MySQL and PostgreSQL; patches may be needed for other databases. We add query tags to allow other systems to manipulate the query as needed.

Parameters

array $grants: Grants to select. Allowed values: 'view', 'update', 'delete', 'create', 'list'

bool $default: (optional) Flag to select default grants only. Defaults to FALSE.

Return value

object Query object.

Related topics

Taxonomy Access Control: Node access implementation
Functions to set node access based on configured access rules.
3 calls to _taxonomy_access_grant_query()
_taxonomy_access_create_defaults in ./taxonomy_access.create.inc
Retrieve vocabularies in which the current user may create terms.
_taxonomy_access_node_access_records in ./taxonomy_access.module
Calculates node access grants by role for the given node ID.
_taxonomy_access_user_term_grants in ./taxonomy_access.module
Retrieve terms that the current user may create or list.

File

./taxonomy_access.module, line 1256
Allows administrators to specify access control for taxonomy categories.

Code

function _taxonomy_access_grant_query(array $grants, $default = FALSE) {
  $table = $default ? 'taxonomy_vocabulary' : 'taxonomy_term_data';
  $query = db_select($table, 'td')
    ->addTag('taxonomy_access')
    ->addTag('taxonomy_access_grants');
  $query
    ->join('taxonomy_access_default', 'tadg', 'tadg.vid = :vid', array(
    ':vid' => TAXONOMY_ACCESS_GLOBAL_DEFAULT,
  ));
  $query
    ->leftJoin('taxonomy_access_default', 'tad', 'tad.vid = td.vid AND tad.rid = tadg.rid');
  if (!$default) {
    $query
      ->leftJoin('taxonomy_access_term', 'ta', 'ta.tid = td.tid AND ta.rid = tadg.rid');
  }

  // We add grant fields this way to reduce the risk of future vulnerabilities.
  $grant_fields = array(
    'view' => 'grant_view',
    'update' => 'grant_update',
    'delete' => 'grant_delete',
    'create' => 'grant_create',
    'list' => 'grant_list',
  );
  foreach ($grant_fields as $name => $grant) {
    if (in_array($name, $grants)) {
      if ($default) {
        $query
          ->addExpression('BIT_OR(COALESCE(' . 'tad.' . db_escape_table($grant) . ', ' . 'tadg.' . db_escape_table($grant) . '))', $grant);
      }
      else {
        $query
          ->addExpression('BIT_OR(COALESCE(' . 'ta.' . db_escape_table($grant) . ', ' . 'tad.' . db_escape_table($grant) . ', ' . 'tadg.' . db_escape_table($grant) . '))', $grant);
      }
    }
  }
  return $query;
}