entity-access.inc 4.61 KB
edit raw blame history



1

2

3

4

5

6

7

8

9

10

11

12

13

14

15

16

17

18

19

20

21

22

23

24

25

26

27

28

29

30

31

32

33

34

35

36

37

38

39

40

41

42

43

44

45

46

47

48

49

50

51

52

53

54

55

56

57

58

59

60

61

62

63

64

65

66

67

68

69

70

71

72

73

74

75

76

77

78

79

80

81

82

83

84

85

86

87

88

89

90

91

92

93

94

95

96

97

98

99

100

101

102

103

104

105

106

107

108

109

110

111

112

113

114

115

116

117

118

119

120

121

122

123

124

125

126

127

128

129

130

131

132

133

134

135

136

137

138

139

140

141

142

143

144

145

146

147

148

149

150


<?php

/**
 * @file
 * Provides various callbacks for the whole core module integration.
 * This is a copy of Entity API's functionality for use when Entity API isn't
 * Enabled, and only works on view functions.
 */

/**
 * Core hack to include entity api-esque 'access callback' functions to core
 * entities without needing to rely on entity api.
 * Exception: We don't touch file entity. You must have entity API enabled to
 * view files.
 */
function _ctools_entity_access(&$entity_info, $entity_type) {
  // If the access callback is already set, don't change anything.
  if (isset($entity_info['access callback'])) {
    return;
  }

  switch ($entity_type) {
    case 'node':
      // Sad panda, we don't use Entity API, lets manually add access callbacks.
      $entity_info['access callback'] = 'ctools_metadata_no_hook_node_access';
      break;
    case 'user':
      $entity_info['access callback'] = 'ctools_metadata_user_access';
      break;
    case 'comment':
      if (module_exists('comment')) {
        $entity_info['access callback'] = 'ctools_metadata_comment_access';
      }
      break;
    case 'taxonomy_term':
      if (module_exists('taxonomy')) {
        $entity_info['access callback'] = 'ctools_metadata_taxonomy_access';
      }
      break;
    case 'taxonomy_vocabulary':
      if (module_exists('taxonomy')) {
        $entity_info['access callback'] = 'ctools_metadata_taxonomy_access';
      }
      break;
  }
}

/**
 * Access callback for the node entity.
 *
 * This function does not implement hook_node_access(), thus it may not be
 * called ctools_metadata_node_access().
 *
 * @see entity_access()
 *
 * @param $op
 *   The operation being performed. One of 'view', 'update', 'create' or
 *   'delete'.
 * @param $node
 *   A node to check access for. Must be a node object. Must have nid,
 *   except in the case of 'create' operations.
 * @param $account
 *   The user to check for. Leave it to NULL to check for the global user.
 *
 * @throws EntityMalformedException
 *
 * @return boolean
 *   TRUE if access is allowed, FALSE otherwise.
 */
function ctools_metadata_no_hook_node_access($op, $node = NULL, $account = NULL) {
  // First deal with the case where a $node is provided.
  if (isset($node)) {
    // If a non-default revision is given, incorporate revision access.
    $default_revision = node_load($node->nid);
    if ($node->vid !== $default_revision->vid) {
      return _node_revision_access($node, $op, $account);
    }
    else {
      return node_access($op, $node, $account);
    }
  }
  // No node is provided. Check for access to all nodes.
  if (user_access('bypass node access', $account)) {
    return TRUE;
  }
  if (!user_access('access content', $account)) {
    return FALSE;
  }
  if ($op == 'view' && node_access_view_all_nodes($account)) {
    return TRUE;
  }
  return FALSE;
}

/**
 * Access callback for the user entity.
 */
function ctools_metadata_user_access($op, $entity = NULL, $account = NULL, $entity_type) {
  $account = isset($account) ? $account : $GLOBALS['user'];
  // Grant access to the users own user account and to the anonymous one.
  if (isset($entity) && $op != 'delete' && (($entity->uid == $account->uid && $entity->uid) || (!$entity->uid && $op == 'view'))) {
    return TRUE;
  }
  if (user_access('administer users', $account) || user_access('access user profiles', $account) && $op == 'view' && $entity->status) {
    return TRUE;
  }
  return FALSE;
}

/**
 * Access callback for the comment entity.
 */
function ctools_metadata_comment_access($op, $entity = NULL, $account = NULL) {
  // When determining access to a comment, if comment has an associated node,
  // the user must be able to view the node in order to access the comment.
  if (isset($entity->nid)) {
    if (!node_access('view', node_load($entity->nid), $account)) {
      return FALSE;
    }
  }

  // Comment administrators are allowed to perform all operations on all
  // comments.
  if (user_access('administer comments', $account)) {
    return TRUE;
  }

  // Unpublished comments can never be accessed by non-admins.
  if (isset($entity->status) && $entity->status == COMMENT_NOT_PUBLISHED) {
    return FALSE;
  }

  if (user_access('access comments', $account) && $op == 'view') {
    return TRUE;
  }
  return FALSE;
}

/**
 * Access callback for the taxonomy entities.
 */
function ctools_metadata_taxonomy_access($op, $entity = NULL, $account = NULL, $entity_type) {
  if ($entity_type == 'taxonomy_vocabulary') {
    return user_access('administer taxonomy', $account);
  }
  if (user_access('administer taxonomy', $account) || user_access('access content', $account) && $op == 'view') {
    return TRUE;
  }
  return FALSE;
}