You are here

Home » API reference » Taxonomy Access Control 6 » taxonomy_access.module

function taxonomy_access_db_rewrite_sql in Taxonomy Access Control 6

Same name and namespace in other branches
  1. 5.2 taxonomy_access.module \taxonomy_access_db_rewrite_sql()
  2. 5 taxonomy_access.module \taxonomy_access_db_rewrite_sql()

Implements hook_db_rewrite_sql().

File

./taxonomy_access.module, line 390
Allows administrators to specify how each category (in the taxonomy) can be used by various roles.

Code

function taxonomy_access_db_rewrite_sql($query, $table, $field) {
  if (!user_access('administer taxonomy') && ($field == 'vid' || $field == 'tid')) {

    // Table {node_revisions} also has a vid (revision, not vocabulary)
    if ($table == 'node_revisions') {
      return array();
    }
    global $user;
    if (arg(0) == "admin") {
      $op = arg(1) == 'node' && (arg(2) == 'add' || arg(3) == 'edit') ? 'create' : 'list';
    }
    else {
      $op = arg(0) == 'node' && (arg(1) == 'add' || arg(2) == 'edit') ? 'create' : 'list';
    }

    // let's cache
    static $taxonomy_access_sql_clause;
    $clause = array();
    if (!isset($taxonomy_access_sql_clause)) {
      $taxonomy_access_sql_clause = array();
    }
    if (!isset($taxonomy_access_sql_clause[$op][$field])) {
      if (isset($user) && is_array($user->roles)) {
        $rids = array_keys($user->roles);
      }
      else {
        $rids[] = 1;
      }
      $sql = db_query('SELECT t.tid AS tid, t.vid AS vid FROM {term_data} t
         INNER JOIN {term_access_defaults} tdg ON tdg.vid=0
         LEFT JOIN {term_access_defaults} td ON td.vid=t.vid AND td.rid=tdg.rid
         LEFT JOIN {term_access} ta ON ta.tid=t.tid AND ta.rid=tdg.rid
         WHERE tdg.rid IN (' . db_placeholders($rids, 'int') . ')
         GROUP BY t.tid, t.vid
         HAVING BIT_OR(COALESCE(
                                ta.' . db_escape_table("grant_{$op}") . ',
                                td.' . db_escape_table("grant_{$op}") . ',
                                tdg.' . db_escape_table("grant_{$op}") . '
                               )) > 0', $rids);
      $tids = array();
      $vids = array();
      while ($result = db_fetch_object($sql)) {
        $tids[] = $result->tid;
        $vids[$result->vid] = $result->vid;
      }

      // Insert required vocabularies to avoid skipping of validation at node submission
      if ($op == 'create') {
        $sql = db_query('SELECT vid FROM {vocabulary} WHERE required = 1 OR tags = 1');
        while ($row = db_fetch_array($sql)) {
          $vids[$row['vid']] = $row['vid'];
        }
      }

      // Typecast $tids and $vids as ints to sanitize.
      foreach ($tids as $key => $tid) {
        $tids[$key] = (int) $tid;
      }
      foreach ($vids as $key => $vid) {
        $vids[$key] = (int) $vid;
      }
      $clause[$op]['tid'] = isset($tids) ? implode("','", $tids) : '';
      $clause[$op]['vid'] = isset($vids) ? implode("','", $vids) : '';
      $taxonomy_access_sql_clause = $clause;
    }
    else {
      $clause[$op][$field] = $taxonomy_access_sql_clause[$op][$field];
    }
    $return = array();
    if ($clause[$op][$field]) {
      $return['where'] = db_escape_table($table) . "." . db_escape_table($field) . " IN ('" . $clause[$op][$field] . "')";
    }
    else {
      $return['where'] = db_escape_table($table) . "." . db_escape_table($field) . " IS NULL";
    }
    return $return;
  }
  else {
    return array();
  }
}