/** * Implements LinkitSearchPluginInterface::fetchResults(). */ public function fetchResults($search_string) { // If the $search_string is not a string, something is wrong and an empty // array is returned. $matches = array(); // Get the EntityFieldQuery instance. $this->getQueryInstance(); $or = db_or(); $or->condition('n.title', '%' . db_like($search_string) . '%', 'LIKE'); $or->condition('bcd.name', '%' . db_like($search_string) . '%', 'LIKE'); $or->condition('b.biblio_secondary_title', '%' . db_like($search_string) . '%', 'LIKE'); $or->condition('bkd.word', '%' . db_like($search_string) . '%', 'LIKE'); $this->query->condition($or); $this->query->orderBy('b.biblio_year', 'DESC'); //ORDER BY created // Add the search condition to the query object. /*$this->query->propertyCondition($this->entity_field_label, '%' . db_like($search_string) . '%', 'LIKE') ->addTag('linkit_entity_autocomplete') ->addTag('linkit_' . $this->plugin['entity_type'] . '_autocomplete');*/ /* $matches[] = array( 'title' => $this->entity_field_label, 'description' => '', 'path' => '', 'group' => '', 'addClass' => '', ); return $matches; */ /* // Add access tag for the query. // There is also a runtime access check that uses entity_access(). $this->query->addTag($this->plugin['entity_type'] . '_access'); // Bundle check. if (isset($this->entity_key_bundle) && isset($this->conf['bundles']) ) { $bundles = array_filter($this->conf['bundles']); if ($bundles) { $this->query->propertyCondition($this->entity_key_bundle, $bundles, 'IN'); } }*/ // Execute the query. $result = $this->query->execute()->fetchAllAssoc('nid'); /*if (!isset($result[$this->plugin['entity_type']])) { return array(); }*/ $ids = array_keys($result); // Load all the entities with all the ids we got. $entities = entity_load('node', $ids); foreach ($entities as $key => $entity) { // Check the access againt the definded entity access callback. if (entity_access('view', 'node', $entity) === FALSE) { continue; } $matches[] = array('title' => biblio_remove_brace($this->createLabel($entity)), 'description' => $this->createDescription($entity) . ' <span class="name">' . $result[$key]->name . '</span> <span class="year">' . $result[$key]->biblio_year . '</span>', 'path' => $this->createPath($entity), 'group' => $this->createGroup($entity), 'addClass' => $this->createRowClass($entity)); } return $matches; }
/** * Implements EditEntityFieldAccessCheckInterface::accessEditEntityField(). */ public function accessEditEntityField($entity_type, $entity, $field_name) { $is_extra_field = _quickedit_is_extra_field($entity_type, $field_name); $entity_access = entity_access('update', $entity_type, $entity); $field_access = $is_extra_field ? TRUE : field_access('edit', $field_name, $entity_type, $entity); return $entity_access && $field_access; }
/** * Page callback; Displays a listing of subqueues for a queue. */ public function subqueues_page($js, $input, EntityQueue $queue) { $plugin = $this->plugin; drupal_set_title($this->get_page_title('subqueues', $queue)); _entityqueue_set_breadcrumb(); $header = array(array('data' => t('Id'), 'type' => 'property', 'specifier' => 'subqueue_id', 'class' => array('entityqueue-ui-subqueue-id')), array('data' => t('Subqueue'), 'type' => 'property', 'specifier' => 'label', 'class' => array('entityqueue-ui-subqueue-label')), array('data' => t('Operations'), 'class' => array('entityqueue-ui-subqueue-operations'))); $query = new EntityFieldQuery(); $query->entityCondition('entity_type', $this->entityType); $query->entityCondition('bundle', $queue->name); $query->pager(50); $query->tableSort($header); $results = $query->execute(); $ids = isset($results[$this->entityType]) ? array_keys($results[$this->entityType]) : array(); $subqueues = $ids ? entity_load($this->entityType, $ids) : array(); $rows = array(); foreach ($subqueues as $subqueue) { $ops = array(); if (entity_access('update', 'entityqueue_subqueue', $subqueue)) { $edit_op = str_replace('%entityqueue_subqueue', $subqueue->subqueue_id, ctools_export_ui_plugin_menu_path($plugin, 'edit subqueue', $queue->name)); $ops[] = l(t('edit items'), $edit_op); } if (entity_access('delete', 'entityqueue_subqueue', $subqueue)) { $delete_op = str_replace('%entityqueue_subqueue', $subqueue->subqueue_id, ctools_export_ui_plugin_menu_path($plugin, 'delete subqueue', $queue->name)); $ops[] = l(t('delete subqueue'), $delete_op); } $rows[] = array('data' => array(array('data' => $subqueue->subqueue_id, 'class' => array('entityqueue-ui-subqueue-id')), array('data' => filter_xss_admin($subqueue->label), 'class' => array('entityqueue-ui-subqueue-label')), array('data' => implode(' | ', $ops), 'class' => array('entityqueue-ui-subqueue-operations')))); } $render = array('table' => array('#theme' => 'table', '#header' => $header, '#rows' => $rows, '#empty' => t('There are no subqueues to display.')), 'pager' => array('#theme' => 'pager')); return $render; }
/** * Check view and edit permissions. * * @param $op * The type of operation. Either 'view' or 'edit'. */ function have_access($op) { global $user; $db = DBConnection::instance(); $field_id = (int) _post('fid'); if (!$field_id) { $field_id = (int) _get('fid'); } $field = (object) $db->dq("SELECT entity_id, entity_type, delta FROM {mytinytodo_fields} WHERE id = ?", $field_id)->fetch_assoc(); $field_info = field_info_field_by_id($field->delta); if ($field->entity_type == 'node') { if (!($node = node_load($field->entity_id))) { return false; } $node_access = $op == 'edit' ? 'update' : $op; if (node_access($node_access, $node, $user) && field_access($op, $field_info, $field->entity_type, $node, $user)) { return true; } } else { if ($field->entity_type == 'user') { if (!($account = user_load($field->entity_id))) { return false; } if (field_access($op, $field_info, $field->entity_type, $account, $user)) { return true; } } else { if ($field->entity_type == 'comment') { if (!($comment = comment_load($field->entity_id))) { return false; } if ($op == 'view' && !user_access('access comments')) { return false; } else { if ($op == 'edit' && !comment_access($op, $comment)) { return false; } } if (field_access($op, $field_info, $field->entity_type, $comment, $user)) { return true; } } else { if (module_exists('entity')) { if (!($entity = entity_load($field_id))) { return false; } $entity_access = $op == 'edit' ? 'update' : $op; if (entity_access($entity_access, $field->entity_type, $entity, $user) && field_access($op, $field_info, $field->entity_type, $entity, $user)) { return true; } } } } } return false; }
/** * Implements EntityReferenceHandler::getLabel(). */ public function getLabel($entity) { return entity_access('view', 'node', $entity) ? entity_label('node', $entity) : t('- Restricted access -'); }
/** * Implements EntityReferenceHandler::getLabel(). */ public function getLabel($entity) { $target_type = $this->field['settings']['target_type']; return entity_access('view', $target_type, $entity) ? entity_label($target_type, $entity) : t('- Restricted access -'); }
/** * The autocomplete callback function for the Linkit Entity plugin. * * @return * An associative array whose values are an * associative array containing: * - title: A string to use as the search result label. * - description: (optional) A string with additional information about the * result item. * - path: The URL to the item. * - group: (optional) A string with the group name for the result item. * Best practice is to use the plugin name as group name. * - addClass: (optional) A string with classes to add to the result row. */ function autocomplete_callback() { $matches = array(); // Get the EntityFieldQuery instance. $this->getQueryInstance(); // Add the search condition to the query object. $this->query->propertyCondition($this->entity_field_label, '%' . db_like($this->search_string) . '%', 'LIKE')->addTag('linkit_entity_autocomplete')->addTag('linkit_' . $this->plugin['entity_type'] . '_autocomplete'); // Add access tag for the query. // There is also a runtime access check that uses entity_access(). $this->query->addTag($this->plugin['entity_type'] . '_access'); // Bundle check. if (isset($this->entity_key_bundle) && isset($this->conf['bundles'])) { if ($bundles = array_filter($this->conf['bundles'])) { $this->query->propertyCondition($this->entity_key_bundle, $bundles, 'IN'); } } // Execute the query. $result = $this->query->execute(); if (!isset($result[$this->plugin['entity_type']])) { return array(); } $ids = array_keys($result[$this->plugin['entity_type']]); // Load all the entities with all the ids we got. $entities = entity_load($this->plugin['entity_type'], $ids); foreach ($entities as $entity) { // Check the access againt the definded entity access callback. if (entity_access('view', $this->plugin['entity_type'], $entity) === FALSE) { continue; } $matches[] = array('title' => $this->buildLabel($entity), 'description' => $this->buildDescription($entity), 'path' => $this->buildPath($entity), 'group' => $this->buildGroup($entity), 'addClass' => $this->buildRowClass($entity)); } return $matches; }
/** * Check access to CRUD an entity. * * @param string $op * The operation. Allowed values are "create", "update" and "delete". * @param string $entity_type * The entity type. * @param object $entity * The entity object. * * @return bool * TRUE or FALSE based on the access. If no access is known about the entity * return NULL. */ protected function checkEntityAccess($op, $entity_type, $entity) { $account = $this->getAccount(); return entity_access($op, $entity_type, $entity, $account); }
/** * {@inheritdoc} */ public function entity_access($op, $entity) { return entity_access($op, $this->entity_type, $entity); }
/** * Implements LinkitSearchPluginInterface::fetchResults(). */ public function fetchResults($search_string) { // If the $search_string is not a string, something is wrong and an empty // array is returned. $matches = array(); // Get the EntityFieldQuery instance. $this->getQueryInstance(); // Add the search condition to the query object. $this->query->propertyCondition($this->entity_field_label, '%' . db_like($search_string) . '%', 'LIKE')->addTag('linkit_entity_autocomplete')->addTag('linkit_' . $this->plugin['entity_type'] . '_autocomplete'); /* * DEBUGGING * to search a biblio node using author name * search must include tables biblio_contributor_data & biblio_contributor & (biblio or node) * EntityFieldQuery cannot support current requirement * implement plain query execution and return results in the format of EntityFieldQuery ($this->query->execute() & $matches) * e.g. (biblio.pages.inc) * $db_result = db_query('SELECT bd.cid, bd.drupal_uid, bd.name, bd.lastname, bd.firstname, bd.prefix, bd.suffix, bd.initials, bd.affiliation, bd.md5, bd.literal, COUNT(*) AS cnt FROM {biblio_contributor} b LEFT JOIN {biblio_contributor_data} bd ON b.cid = bd.cid INNER JOIN {node} n on n.vid = b.vid ' . $where_clause . ' GROUP BY bd.cid, bd.drupal_uid, bd.name, bd.lastname, bd.firstname, bd.prefix, bd.suffix, bd.initials, bd.affiliation, bd.md5, bd.literal ORDER BY lastname ASC, SUBSTRING(firstname,1,1) ASC, initials ASC', array(':filter' => $filter)); * $matches[] = array( 'title' => $this->entity_field_label, 'description' => '', 'path' => '', 'group' => '', 'addClass' => '', ); return $matches; */ // Add access tag for the query. // There is also a runtime access check that uses entity_access(). $this->query->addTag($this->plugin['entity_type'] . '_access'); // Bundle check. if (isset($this->entity_key_bundle) && isset($this->conf['bundles'])) { $bundles = array_filter($this->conf['bundles']); if ($bundles) { $this->query->propertyCondition($this->entity_key_bundle, $bundles, 'IN'); } } // Execute the query. $result = $this->query->execute(); if (!isset($result[$this->plugin['entity_type']])) { return array(); } $ids = array_keys($result[$this->plugin['entity_type']]); // Load all the entities with all the ids we got. $entities = entity_load($this->plugin['entity_type'], $ids); foreach ($entities as $entity) { // Check the access againt the definded entity access callback. if (entity_access('view', $this->plugin['entity_type'], $entity) === FALSE) { continue; } $matches[] = array('title' => $this->createLabel($entity), 'description' => $this->createDescription($entity), 'path' => $this->createPath($entity), 'group' => $this->createGroup($entity), 'addClass' => $this->createRowClass($entity)); } return $matches; }
/** * @see RestWSResourceControllerInterface::access() */ public function access($op, $id) { // Check entity access on the original entity, not our API object (which // will fail). return entity_access($op, $this->entityType, isset($id) ? $this->originalWrapper($id)->value() : NULL); }
/** * Whether user has access to update, view or delete the entity. * * @param string $op * This can either be "update", "view" or "delete". * * @return bool * TRUE if user has access and FALSE otherwise. */ public function hasObjectAccess($op) { if (!in_array($op, array('update', 'view', 'delete'))) { return FALSE; } $entity_type = $this->getEntityType(); if (module_exists('entity')) { return entity_access($op, $entity_type, $this->getEntity()); } elseif ($entity_type == 'node') { return node_access($op, $this->getEntity()); } elseif ($entity_type == 'comment' && $op == 'update') { return comment_access('edit', $this->getEntity()); } elseif (($info = entity_get_info()) && isset($info[$entity_type]['access callback'])) { return $info[$entity_type]['access callback']($op, $this->getEntity(), NULL, $entity_type); } return FALSE; }
/** * {@inheritdoc} */ public function entityAccess($operation = 'view') { return entity_access($operation, $this->getType(), array($this->getEntity())); }
/** * @deprecated Use the entity_is_public module instead. */ public static function isPubliclyVisible($entity_type, $entity, array $options = array()) { $options += array('needs alias' => FALSE); $uri = entity_uri($entity_type, $entity); if (empty($uri['path'])) { return FALSE; } elseif ($options['needs alias'] && !drupal_lookup_path('alias', $uri['path'], NULL)) { return FALSE; } elseif (module_exists('rabbit_hole') && rabbit_hole_get_action($entity_type, $entity) !== RABBIT_HOLE_DISPLAY_CONTENT) { return FALSE; } else { return entity_access('view', $entity_type, $entity, drupal_anonymous_user()); } }