You are here

Home » API reference » Workbench Access 7 » workbench_access.module

function workbench_access_node_access in Workbench Access 7

Implements hook_node_access().

Enforces our access rules when users try to edit/delete a node.

2 calls to workbench_access_node_access()
WorkbenchAccessMenuTestCase::testWorkbenchAccessMenu in tests/workbench_access.test
WorkbenchAccessTaxonomyTestCase::testWorkbenchAccessTaxonomy in tests/workbench_access.test

File

./workbench_access.module, line 353
Workbench Access module file.

Code

function workbench_access_node_access($node, $op, $account) {

  // View step. We ignore for published nodes.
  if ($op == 'view' && $node->status) {
    return NODE_ACCESS_IGNORE;
  }

  // If not configured, do nothing.
  $tree = workbench_access_get_active_tree();
  if (empty($tree['active'])) {
    return NODE_ACCESS_IGNORE;
  }

  // If disabled for this content type, do nothing.
  if (!is_object($node)) {
    $type = $node;
  }
  else {
    $type = $node->type;
  }
  if (!variable_get('workbench_access_node_type_' . $type, 1)) {
    return NODE_ACCESS_IGNORE;
  }

  // Ignore nodes where workbench section is not set.
  // This is for sites that installed Workbench Access on top of existing
  // content. See http://drupal.org/node/1359552.
  if ($op != 'create' && empty($node->workbench_access)) {
    return NODE_ACCESS_IGNORE;
  }

  // Now check the user account.
  if (!isset($account->workbench_access)) {
    $account = user_load($account->uid);
  }

  // Create step. User must be assigned to a section to create content.
  // Note that we do not currently enforce complex rules here.
  if ($op == 'create' && !empty($account->workbench_access)) {
    return NODE_ACCESS_IGNORE;
  }

  // Load the current scheme.
  workbench_access_load_include(variable_get('workbench_access'));

  // Get the access rules for this node.
  $result = FALSE;

  // Always default to FALSE.
  if (!empty($node->workbench_access) && !empty($account->workbench_access)) {

    // In the case of "preview" the property may be a string. Not sure why.
    // See https://drupal.org/node/1935190.
    if (!is_array($node->workbench_access)) {
      $node->workbench_access = array(
        $node->workbench_access,
      );
    }
    $result = workbench_access_check($op, $type, array_filter($node->workbench_access), $account->workbench_access);
  }

  // The user must be allowed to perform this action by core node module.
  // All we do is issue an ignore response, indicating that some other module
  // may grants access. If we ever support complex data rules, this may change.
  if ($result !== FALSE) {
    return NODE_ACCESS_IGNORE;
  }
  return NODE_ACCESS_DENY;
}