function taxonomy_access_db_rewrite_sql in Taxonomy Access Control 6
Same name and namespace in other branches
- 5.2 taxonomy_access.module \taxonomy_access_db_rewrite_sql()
- 5 taxonomy_access.module \taxonomy_access_db_rewrite_sql()
Implements hook_db_rewrite_sql().
File
- ./
taxonomy_access.module, line 390 - Allows administrators to specify how each category (in the taxonomy) can be used by various roles.
Code
function taxonomy_access_db_rewrite_sql($query, $table, $field) {
if (!user_access('administer taxonomy') && ($field == 'vid' || $field == 'tid')) {
// Table {node_revisions} also has a vid (revision, not vocabulary)
if ($table == 'node_revisions') {
return array();
}
global $user;
if (arg(0) == "admin") {
$op = arg(1) == 'node' && (arg(2) == 'add' || arg(3) == 'edit') ? 'create' : 'list';
}
else {
$op = arg(0) == 'node' && (arg(1) == 'add' || arg(2) == 'edit') ? 'create' : 'list';
}
// let's cache
static $taxonomy_access_sql_clause;
$clause = array();
if (!isset($taxonomy_access_sql_clause)) {
$taxonomy_access_sql_clause = array();
}
if (!isset($taxonomy_access_sql_clause[$op][$field])) {
if (isset($user) && is_array($user->roles)) {
$rids = array_keys($user->roles);
}
else {
$rids[] = 1;
}
$sql = db_query('SELECT t.tid AS tid, t.vid AS vid FROM {term_data} t
INNER JOIN {term_access_defaults} tdg ON tdg.vid=0
LEFT JOIN {term_access_defaults} td ON td.vid=t.vid AND td.rid=tdg.rid
LEFT JOIN {term_access} ta ON ta.tid=t.tid AND ta.rid=tdg.rid
WHERE tdg.rid IN (' . db_placeholders($rids, 'int') . ')
GROUP BY t.tid, t.vid
HAVING BIT_OR(COALESCE(
ta.' . db_escape_table("grant_{$op}") . ',
td.' . db_escape_table("grant_{$op}") . ',
tdg.' . db_escape_table("grant_{$op}") . '
)) > 0', $rids);
$tids = array();
$vids = array();
while ($result = db_fetch_object($sql)) {
$tids[] = $result->tid;
$vids[$result->vid] = $result->vid;
}
// Insert required vocabularies to avoid skipping of validation at node submission
if ($op == 'create') {
$sql = db_query('SELECT vid FROM {vocabulary} WHERE required = 1 OR tags = 1');
while ($row = db_fetch_array($sql)) {
$vids[$row['vid']] = $row['vid'];
}
}
// Typecast $tids and $vids as ints to sanitize.
foreach ($tids as $key => $tid) {
$tids[$key] = (int) $tid;
}
foreach ($vids as $key => $vid) {
$vids[$key] = (int) $vid;
}
$clause[$op]['tid'] = isset($tids) ? implode("','", $tids) : '';
$clause[$op]['vid'] = isset($vids) ? implode("','", $vids) : '';
$taxonomy_access_sql_clause = $clause;
}
else {
$clause[$op][$field] = $taxonomy_access_sql_clause[$op][$field];
}
$return = array();
if ($clause[$op][$field]) {
$return['where'] = db_escape_table($table) . "." . db_escape_table($field) . " IN ('" . $clause[$op][$field] . "')";
}
else {
$return['where'] = db_escape_table($table) . "." . db_escape_table($field) . " IS NULL";
}
return $return;
}
else {
return array();
}
}