og_access.module

Tracking 7.x-2.x branch
  1. drupal
    1. 5 contributions/og/og_access.module
    2. 6 contributions/og/modules/og_access/og_access.module
    3. 7 contributions/og/og_access/og_access.module

Enable access control for private and public groups and group content.

Constants

NameDescription
OG_ACCESS_FIELDGroup public access field.
OG_ACCESS_REALMThe access realm of group member.
OG_CONTENT_ACCESS_DEFAULTDefine group content access by it's group defaults.
OG_CONTENT_ACCESS_FIELDGroup public access field.
OG_CONTENT_ACCESS_PRIVATEDefine group content access private regardless of its group definition.
OG_CONTENT_ACCESS_PUBLICDefine group content access public regardless of its group definition.

Functions & methods

NameDescription
og_access_node_access_recordsImplements hook_node_access_records().
og_access_node_grantsImplements hook_node_grants().
og_access_og_fields_infoImplement hook_og_fields_info().

File

View source
  1. <?php
  2. /**
  3. * @file
  4. * Enable access control for private and public groups and group content.
  5. */
  6. /**
  7. * The access realm of group member.
  8. */
  9. define('OG_ACCESS_REALM', 'og_access');
  10. /**
  11. * Group public access field.
  12. */
  13. define('OG_ACCESS_FIELD', 'group_access');
  14. /**
  15. * Group public access field.
  16. */
  17. define('OG_CONTENT_ACCESS_FIELD', 'group_content_access');
  18. /**
  19. * Define group content access by it's group defaults.
  20. */
  21. define('OG_CONTENT_ACCESS_DEFAULT', 0);
  22. /**
  23. * Define group content access public regardless of its group definition.
  24. */
  25. define('OG_CONTENT_ACCESS_PUBLIC', 1);
  26. /**
  27. * Define group content access private regardless of its group definition.
  28. */
  29. define('OG_CONTENT_ACCESS_PRIVATE', 2);
  30. /**
  31. * Implements hook_node_grants().
  32. */
  33. function og_access_node_grants($account, $op) {
  34. if ($op != 'view') {
  35. return;
  36. }
  37. if ($groups = og_get_entity_groups('user', $account)) {
  38. foreach ($groups as $group_type => $gids) {
  39. foreach ($gids as $gid) {
  40. $realm = OG_ACCESS_REALM . ':' . $group_type;
  41. $grants[$realm][] = $gid;
  42. }
  43. }
  44. }
  45. return !empty($grants) ? $grants : array();
  46. }
  47. /**
  48. * Implements hook_node_access_records().
  49. */
  50. function og_access_node_access_records($node) {
  51. if (empty($node->status)) {
  52. // Node is unpublished, so we don't allow every group member to see
  53. // it.
  54. return array();
  55. }
  56. // The group IDs, that in case access is granted, will be recorded.
  57. $gids = array();
  58. $wrapper = entity_metadata_wrapper('node', $node);
  59. if (!empty($wrapper->{OG_ACCESS_FIELD}) && $wrapper->{OG_ACCESS_FIELD}->value() && og_is_group('node', $node)) {
  60. // Private group.
  61. $gids['node'][] = $node->nid;
  62. }
  63. // If there is no content access field on the group content, we assume
  64. // that the group defaults are needed.
  65. // This allows us not to have the content access field on the group
  66. // content but still have access control.
  67. $content_access = !empty($wrapper->{OG_CONTENT_ACCESS_FIELD}) ? $wrapper->{OG_CONTENT_ACCESS_FIELD}->value() : OG_CONTENT_ACCESS_DEFAULT;
  68. switch ($content_access) {
  69. case OG_CONTENT_ACCESS_DEFAULT:
  70. if (!$entity_groups = og_get_entity_groups('node', $node)) {
  71. break;
  72. }
  73. $has_private = FALSE;
  74. foreach ($entity_groups as $group_type => $values) {
  75. entity_load($group_type, $values);
  76. foreach ($values as $gid) {
  77. $list_gids[$group_type][] = $gid;
  78. if ($has_private) {
  79. // We already know we have a private group, so we can avoid
  80. // re-checking it.
  81. continue;
  82. }
  83. $group_wrapper = entity_metadata_wrapper($group_type, $gid);
  84. if (!empty($group_wrapper->{OG_ACCESS_FIELD}) && $group_wrapper->{OG_ACCESS_FIELD}->value()) {
  85. $has_private = TRUE;
  86. }
  87. }
  88. }
  89. if ($has_private) {
  90. $gids = $gids + $list_gids;
  91. }
  92. break;
  93. case OG_CONTENT_ACCESS_PUBLIC:
  94. // Do nothing.
  95. break;
  96. case OG_CONTENT_ACCESS_PRIVATE:
  97. $gids = $gids + og_get_entity_groups('node', $node);
  98. break;
  99. }
  100. foreach ($gids as $group_type => $values) {
  101. foreach ($values as $gid) {
  102. $grants[] = array (
  103. 'realm' => OG_ACCESS_REALM . ':' . $group_type,
  104. 'gid' => $gid,
  105. 'grant_view' => 1,
  106. 'grant_update' => 0,
  107. 'grant_delete' => 0,
  108. 'priority' => 0,
  109. );
  110. }
  111. }
  112. return !empty($grants) ? $grants : array();
  113. }
  114. /**
  115. * Implement hook_og_fields_info().
  116. */
  117. function og_access_og_fields_info() {
  118. $allowed_values = array(
  119. 0 => 'Public - accessible to all site users',
  120. 1 => 'Private - accessible only to group members',
  121. );
  122. $items[OG_ACCESS_FIELD] = array(
  123. 'type' => array('group'),
  124. 'description' => t('Determine access to the group.'),
  125. // Private access can be done only on node entity.
  126. 'entity' => array('node'),
  127. 'field' => array(
  128. 'field_name' => OG_ACCESS_FIELD,
  129. 'no_ui' => TRUE,
  130. 'type' => 'list_boolean',
  131. 'cardinality' => 1,
  132. 'settings' => array('allowed_values' => $allowed_values, 'allowed_values_function' => ''),
  133. ),
  134. 'instance' => array(
  135. 'label' => t('Group visibility'),
  136. 'required' => TRUE,
  137. // Default to public.
  138. 'default_value' => array(0 => array('value' => 0)),
  139. 'widget_type' => 'options_select',
  140. 'view modes' => array(
  141. 'full' => array(
  142. 'label' => 'above',
  143. 'type' => 'options_onoff',
  144. ),
  145. 'teaser' => array(
  146. 'label' => 'above',
  147. 'type' => 'options_onoff',
  148. ),
  149. ),
  150. ),
  151. );
  152. $allowed_values = array(
  153. 0 => 'Use group defaults',
  154. 1 => 'Public - accessible to all site users',
  155. 2 => 'Private - accessible only to group members',
  156. );
  157. $items[OG_CONTENT_ACCESS_FIELD] = array(
  158. 'type' => array('group content'),
  159. 'description' => t('Determine access to the group content, which may override the group settings.'),
  160. // Private access can be done only on node entity.
  161. 'entity' => array('node'),
  162. 'field' => array(
  163. 'field_name' => OG_CONTENT_ACCESS_FIELD,
  164. 'no_ui' => TRUE,
  165. 'type' => 'list_integer',
  166. 'cardinality' => 1,
  167. 'settings' => array('allowed_values' => $allowed_values, 'allowed_values_function' => ''),
  168. ),
  169. 'instance' => array(
  170. 'label' => t('Group content visibility'),
  171. 'required' => TRUE,
  172. // Make the group type default.
  173. 'default_value' => array(0 => array('value' => 0)),
  174. 'widget_type' => 'options_select',
  175. 'view modes' => array(
  176. 'full' => array(
  177. 'label' => 'above',
  178. 'type' => 'list_default',
  179. ),
  180. 'teaser' => array(
  181. 'label' => 'above',
  182. 'type' => 'list_default',
  183. ),
  184. ),
  185. ),
  186. );
  187. return $items;
  188. }