You are here

Home » API reference » Taxonomy Access Control 5.2 » taxonomy_access.module

function taxonomy_access_db_rewrite_sql in Taxonomy Access Control 5.2

Same name and namespace in other branches
  1. 5 taxonomy_access.module \taxonomy_access_db_rewrite_sql()
  2. 6 taxonomy_access.module \taxonomy_access_db_rewrite_sql()

Implementation of hook_db_rewrite_sql()

File

./taxonomy_access.module, line 295
Allows administrators to specify how each category (in the taxonomy) can be used by various roles.

Code

function taxonomy_access_db_rewrite_sql($query, $table, $field) {
  if (!user_access('administer taxonomy') && ($field == 'vid' || $field == 'tid')) {
    global $user;
    $op = arg(0) == 'node' && (arg(1) == 'add' || arg(2) == 'edit') ? 'create' : 'list';

    // let's cache
    static $taxonomy_access_sql_clause;
    $clause = array();
    if (!isset($taxonomy_access_sql_clause)) {
      $taxonomy_access_sql_clause = array();
    }
    if (!isset($taxonomy_access_sql_clause[$op][$field])) {
      if (isset($user) && is_array($user->roles)) {
        $rids = array_keys($user->roles);
      }
      else {
        $rids[] = 1;
      }
      $placeholders = implode(', ', array_fill(0, count($rids), "%d"));
      $sql = db_query('SELECT t.tid AS tid, t.vid AS vid FROM {term_data} t
                      INNER JOIN {term_access_defaults} tdg ON tdg.vid=0
                      LEFT JOIN {term_access_defaults} td
                        ON td.vid=t.vid AND td.rid=tdg.rid
                      LEFT JOIN {term_access} ta
                        ON ta.tid=t.tid AND ta.rid=tdg.rid
                      WHERE tdg.rid IN (' . $placeholders . ')
                      GROUP BY t.tid, t.vid
                        HAVING BIT_OR(
                          COALESCE(
                            ta.' . db_escape_table("grant_{$op}") . ',
                            td.' . db_escape_table("grant_{$op}") . ',
                            tdg.' . db_escape_table("grant_{$op}") . '
                          )
                        ) > 0', $rids);
      $tids = array();
      $vids = array();
      while ($result = db_fetch_object($sql)) {
        $tids[] = $result->tid;
        $vids[$result->vid] = $result->vid;
      }

      // Insert required vocabularies to avoid skipping of validation at node submission
      if ($op == 'create') {
        $sql = db_query('SELECT vid FROM {vocabulary} WHERE required = 1 OR tags = 1');
        while ($row = db_fetch_array($sql)) {
          $vids[$row['vid']] = $row['vid'];
        }
      }

      // Typecast $tids and $vids as ints to sanitize.
      foreach ($tids as $key => $tid) {
        $tids[$key] = (int) $tid;
      }
      foreach ($vids as $key => $vid) {
        $vids[$key] = (int) $vid;
      }
      $clause[$op]['tid'] = isset($tids) ? implode("','", $tids) : '';
      $clause[$op]['vid'] = isset($vids) ? implode("','", $vids) : '';
      $taxonomy_access_sql_clause = $clause;
    }
    else {
      $clause[$op][$field] = $taxonomy_access_sql_clause[$op][$field];
    }
    $return = array();
    if ($clause[$op][$field]) {
      $return['where'] = db_escape_table($table) . "." . db_escape_table($field) . " IN ('" . $clause[$op][$field] . "')";
    }
    else {
      $return['where'] = db_escape_table($table) . "." . db_escape_table($field) . " IS NULL";
    }
    return $return;
  }
  else {
    return array();
  }
}