function workflow_access_node_access_records in Workflow 7.2
Same name and namespace in other branches
- 8 modules/workflow_access/workflow_access.module \workflow_access_node_access_records()
- 5.2 workflow_access.module \workflow_access_node_access_records()
- 5 workflow_access.module \workflow_access_node_access_records()
- 6.2 workflow_access/workflow_access.module \workflow_access_node_access_records()
- 6 workflow_access/workflow_access.module \workflow_access_node_access_records()
- 7 workflow_access/workflow_access.module \workflow_access_node_access_records()
Implements hook_node_access_records().
Returns a list of grant records for the passed in node object. This hook is invoked by function node_access_acquire_grants().
File
- workflow_access/
workflow_access.module, line 139 - Provides node access permissions based on workflow states.
Code
function workflow_access_node_access_records($node) {
$grants = array();
$workflow_transitions_added = FALSE;
// Only relevant for content with Workflow.
if (!isset($node->workflow_transitions)) {
$node->workflow_transitions = array();
// Sometimes, a node is saved without going through workflow_transition_form.
// E.g.,
// - when saving a node with workflow_node programmatically with node_save();
// - when changing a state on a node view page/history tab;
// - when rebuilding permissions via batch for workflow_node and workflow_field.
// In that case, we need to create the workflow_transitions ourselves to
// calculate the grants.
foreach (_workflow_info_fields($node, 'node') as $field_name => $field) {
$old_sid = FALSE;
// Create a dummy transition, just to set $node->workflow_transitions.
if (isset($node->workflow)) {
$old_sid = $new_sid = $node->workflow;
}
elseif (isset($node->{$field_name}[LANGUAGE_NONE])) {
$old_sid = $new_sid = _workflow_get_sid_by_items($node->{$field_name}[LANGUAGE_NONE]);
}
if ($old_sid) {
$transition = new WorkflowTransition();
$transition
->setValues('node', $node, $field_name, $old_sid, $new_sid, $node->uid, REQUEST_TIME, '');
// Store the transition, so it can be easily fetched later on.
// Store in an array, to prepare for multiple workflow_fields per entity.
// This is a.o. used in hook_entity_update to trigger 'transition post'.
$node->workflow_transitions[$field_name] = $transition;
$workflow_transitions_added = TRUE;
}
}
}
// Get 'author' of this entity.
// - Some entities (e.g., taxonomy_term) do not have a uid.
// But then again: node_access is only for nodes...
$uid = isset($node->uid) ? $node->uid : 0;
$count = 0;
foreach ($node->workflow_transitions as $transition) {
// @todo: add support for +1 workflows per entity.
if ($count++ == 1) {
continue;
}
$field_name = $transition->field_name;
$priority = variable_get('workflow_access_priority', 0);
if ($current_sid = workflow_node_current_state($node, 'node', $field_name)) {
foreach (workflow_access_get_workflow_access_by_sid($current_sid) as $grant) {
$realm = $uid > 0 && $grant->rid == WORKFLOW_ROLE_AUTHOR_RID ? 'workflow_access_owner' : 'workflow_access';
$gid = $uid > 0 && $grant->rid == WORKFLOW_ROLE_AUTHOR_RID ? $uid : $grant->rid;
// Anonymous ($uid == 0) author is not allowed for role 'author' (== -1).
// Both logically (Anonymous having more rights then authenticated)
// and technically: $gid must be a positive int.
if ($gid < 0) {
// if ($uid == 0 && $grant->rid == WORKFLOW_ROLE_AUTHOR_RID) {
continue;
}
$grants[] = array(
'realm' => $realm,
'gid' => $gid,
'grant_view' => $grant->grant_view,
'grant_update' => $grant->grant_update,
'grant_delete' => $grant->grant_delete,
'priority' => $priority,
'field_name' => $field_name,
);
}
}
}
if ($workflow_transitions_added == TRUE) {
unset($node->workflow_transitions);
}
return $grants;
}