/** * Test if user has the specified groupadmin role, or return array of all roles. */ function _groupadmin_user_has_role($group_node = null, $user = null, $role = null) { // All posssible roles in order of decreasing access. $all_roles = array('manager', 'admins', 'members', 'visitors'); // If no group was specified, return array of all possible roles. if (!$group_node) { return $all_roles; } // Check for explicit permission. if (_groupadmin_user_access($role)) { return TRUE; } // Test status... switch ($role) { case 'manager': $has_role = $user->uid == $group_node->uid; break; case 'admins': $has_role = og_is_group_admin($group_node, $user); break; case 'members': $has_role = _groupadmin_is_group_member($group_node->nid, $user->uid); break; case 'visitors': $has_role = node_access('view', $group_node, $user); break; default: $has_role = FALSE; } return $has_role; }
/** * Implements template_preprocess_page. */ function mooc_foundation_access_preprocess_page(&$variables) { // speedreader is enabled if (module_exists('speedreader')) { $variables['speedreader'] = TRUE; } // mespeak is enabled if (module_exists('mespeak')) { $variables['mespeak'] = TRUE; } // support for add child page shortcut $node = menu_get_object(); if ($node && user_access('access printer-friendly version')) { $variables['tabs_extras'][200][] = '<hr>'; $variables['tabs_extras'][200][] = l(t('Print'), 'book/export/html/' . arg(1)); } $child_type = variable_get('book_child_type', 'book'); if ($node && !empty($node->book) && (user_access('add content to books') || user_access('administer book outlines')) && node_access('create', $child_type) && $node->status == 1 && isset($node->book['depth']) && $node->book['depth'] < MENU_MAX_DEPTH) { $variables['tabs_extras'][200][] = '<hr>'; $variables['tabs_extras'][200][] = l(t('Add child page'), 'node/add/' . str_replace('_', '-', $child_type), array('query' => array('parent' => $node->book['mlid']))); } if (user_access('access contextual links')) { $variables['tabs_extras'][0][] = '<li class="cis_accessibility_check"></li>'; } }
/** * Submit the form to add to an existing node */ function _nodereferrer_create_add_reference_form_submit($form, &$form_state) { if ($form_state['clicked_button']['#name'] != 'add') { drupal_set_message(t('The operation was cancelled')); drupal_goto('node/' . arg(1)); return; } $append_node = node_load($form_state['values']['referrence']); $current_node = node_load(arg(1)); // Make sure the user is allowed to do this. if (!node_access('update', $current_node)) { drupal_set_message(t('You do not have rights to update this node')); drupal_goto('node/' . arg(1)); return; } $field_name = $current_node->reference_fields[arg(3)]['field_name']; $field_array =& $current_node->{$field_name}; $multiple = $current_node->reference_fields[arg(3)]['multiple'] == 1; if ($field_array[0]['nid'] === null || !$multiple) { $field_array[0]['nid'] = $append_node->nid; } else { $field_array[] = array('nid' => $append_node->nid); } // Save, and ensure the changes are noticed node_save($current_node); cache_clear_all(); drupal_set_message(t('The node was added')); drupal_goto('node/' . arg(1)); }
/** * Implements template_preprocess_page. */ function mooc_foundation_access_preprocess_page(&$variables) { // speedreader is enabled if (module_exists('speedreader')) { $variables['speedreader'] = TRUE; } // mespeak is enabled if (module_exists('mespeak')) { $variables['mespeak'] = TRUE; } // support for add child page shortcut $node = menu_get_object(); if ($node && user_access('access printer-friendly version')) { $variables['tabs_extras'][200][] = '<hr>'; $variables['tabs_extras'][200][] = l(t('Print'), 'book/export/html/' . arg(1)); } $child_type = variable_get('book_child_type', 'book'); if ($node && !empty($node->book) && (user_access('add content to books') || user_access('administer book outlines')) && node_access('create', $child_type) && $node->status == 1 && isset($node->book['depth']) && $node->book['depth'] < MENU_MAX_DEPTH) { $variables['tabs_extras'][200][] = '<hr>'; $variables['tabs_extras'][200][] = l(t('Add child page'), 'node/add/' . str_replace('_', '-', $child_type), array('query' => array('parent' => $node->book['mlid']))); } if (user_access('access contextual links')) { $variables['tabs_extras'][0][] = '<li class="cis_accessibility_check"></li>'; } // remove the prefix that provides a link to the home page // as MOOC is the thing that currently provides support directly for this // and slightly overrides the behavior $keys = array_keys($variables['page']['header']); $keyname = array_shift($keys); unset($variables['page']['header'][$keyname]['#prefix']); }
/** * Allow other modules the ability to modify access to the unpublish controls. * * Modules may implement this hook if they want to have a say in whether or not * a given user has access to perform unpublish action on a node. * * @param node $node * A node object being checked * @param user $account * The user wanting to unpublish the node. * * @return bool|NULL * TRUE - if the user should access return TRUE * FALSE - if the user definetley should not access return FALSE * NULL - This module wan't change the outcome. It is typically * better to return NULL than FALSE. If no module returns TRUE * then the user will be denied access. If one module returns * FALSE then the user will denied even if another module returns * TRUE. */ function hook_publishcontent_unpublish_access($node, $account) { $access = $node->status && (user_access('administer nodes') || user_access('unpublish any content') || user_access('unpublish own content') && $user->uid == $node->uid || user_access('unpublish editable content') && node_access('update', $node) || user_access('unpublish own ' . check_plain($node->type) . ' content', $user) && $user->uid == $node->uid || user_access('unpublish any ' . check_plain($node->type) . ' content') || user_access('unpublish editable ' . check_plain($node->type) . ' content') && node_access('update', $node)); if ($access) { return TRUE; } }
/** * Helper function : given a node, return the list of referrers the * current user is allowed to create as an array defining : * * 'name' : Name of the referrer field * 'field' : Details of the referer field * 'referrence' : Detail of the reference field * */ function _nodereferrer_create_get_referrers($node) { $list = array(); if (!variable_get('nodereferrer_create_show_on_nodereferrer', 1)) { return $list; } $type = content_types($node->type); foreach ($type['fields'] as $name => $field) { if ($field['type'] != 'nodereferrer' || !is_array($field['referrer_types'])) { continue; } foreach (array_filter($field['referrer_types']) as $reftype) { if (!node_access('create', $reftype)) { continue; } $with_field = array(); foreach (array_filter($field['referrer_fields']) as $reffield) { $cf = content_fields($reffield, $reftype); if ($cf) { $with_field[$reftype][] = $cf; } } if (count($with_field) == 0) { continue; } $list[] = array('name' => substr($name, strlen('field_')), 'field' => $field, 'referrence' => $with_field); } } return $list; }
private function canEdit() { $node = $this->getNode(); if ($node) { return node_access('update', $node); } else { return node_access('create', $node); } }
/** * Check view and edit permissions. * * @param $op * The type of operation. Either 'view' or 'edit'. */ function have_access($op) { global $user; $db = DBConnection::instance(); $field_id = (int) _post('fid'); if (!$field_id) { $field_id = (int) _get('fid'); } $field = (object) $db->dq("SELECT entity_id, entity_type, delta FROM {mytinytodo_fields} WHERE id = ?", $field_id)->fetch_assoc(); $field_info = field_info_field_by_id($field->delta); if ($field->entity_type == 'node') { if (!($node = node_load($field->entity_id))) { return false; } $node_access = $op == 'edit' ? 'update' : $op; if (node_access($node_access, $node, $user) && field_access($op, $field_info, $field->entity_type, $node, $user)) { return true; } } else { if ($field->entity_type == 'user') { if (!($account = user_load($field->entity_id))) { return false; } if (field_access($op, $field_info, $field->entity_type, $account, $user)) { return true; } } else { if ($field->entity_type == 'comment') { if (!($comment = comment_load($field->entity_id))) { return false; } if ($op == 'view' && !user_access('access comments')) { return false; } else { if ($op == 'edit' && !comment_access($op, $comment)) { return false; } } if (field_access($op, $field_info, $field->entity_type, $comment, $user)) { return true; } } else { if (module_exists('entity')) { if (!($entity = entity_load($field_id))) { return false; } $entity_access = $op == 'edit' ? 'update' : $op; if (entity_access($entity_access, $field->entity_type, $entity, $user) && field_access($op, $field_info, $field->entity_type, $entity, $user)) { return true; } } } } } return false; }
/** * Return Workbench status information in a block. * * To reduce clutter, modules are encouraged to use this hook * to provide debugging and other relevant information. * * @return * An array of message strings to print. The preferred format * is a one line string in the format Title: <em>Message</em>. * @see workbench_block_view(). */ function hook_workbench_block() { // Add editing information to this page (if it's a node). if ($node = menu_get_object()) { if (node_access('update', $node)) { return array(t('My Module: <em>You may not edit this content.</em>')); } else { return array(t('My Module: <em>You may edit this content.</em>')); } } }
/** * Allow other modules the ability to modify access to the unpublish controls. * * Modules may implement this hook if they want to have a say in whether or not * a given user has access to perform unpublish action on a node. * * @param node $node * A node object being checked * @param user $account * The user wanting to unpublish the node. * * @return bool|NULL * PUBLISHCONTENT_ACCESS_ALLOW - if the user can unpublish the node. * PUBLISHCONTENT_ACCESS_DENY - if the user definetley cannot unpublish. * PUBLISHCONTENT_ACCESS_IGNORE - This module wan't change the outcome. * It is typically better to return IGNORE than DENY. If no module returns * ALLOW then the user will be denied access. If one module returns * DENY then the user will denied even if another module returns * ALLOW. */ function hook_publishcontent_unpublish_access($node, $account) { $access = $node->status && (user_access('administer nodes') || user_access('unpublish any content') || user_access('unpublish own content') && $user->uid == $node->uid || user_access('unpublish editable content') && node_access('update', $node) || user_access('unpublish own ' . check_plain($node->type) . ' content', $user) && $user->uid == $node->uid || user_access('unpublish any ' . check_plain($node->type) . ' content') || user_access('unpublish editable ' . check_plain($node->type) . ' content') && node_access('update', $node)); if ($access) { // The user is allowed to unpublish the node according to this hook. // If another hook denys access they will be denied. return PUBLISHCONTENT_ACCESS_ALLOW; } // This function does not believe they can publish but is // not explicitly denying access to publish. If no other hooks // allow it then the user will be denied. return PUBLISHCONTENT_ACCESS_IGNORE; }
public static function setNodeValue() { // Gather URL parameters. $nid = isset($_GET['nid']) ? intval($_GET['nid']) : null; $field = isset($_GET['f']) ? $_GET['f'] : null; $value = isset($_GET['v']) ? $_GET['v'] : null; // Validate parameters and coerce types as needed. switch ($field) { case 'sharing': switch ($value) { case 'public': $value = 1; break; case 'private': $value = 0; break; default: $value = null; break; } break; default: $field = null; break; } if (!isset($nid) || !isset($field) || !isset($value)) { throw new Exception(t('Invalid method parameters.')); } // Load the node and perform update access check. require_once DRUPAL_ROOT . '/includes/common.inc'; module_load_include('module', 'node'); module_load_include('inc', 'field', 'field.attach'); module_load_include('module', 'user'); $node = node_load($nid); if (!node_access('update', $node)) { throw new Exception('User does not have access to nid ' . $nid, 403); } // Set the appropriate node fields. switch ($field) { case 'sharing': $node->status = $value; break; } // Save the node. node_save($node); die('ok'); }
/** * Implements EntityReferenceHandler::getReferencableEntities(). */ public function getReferencableEntities($match = NULL, $match_operator = 'CONTAINS', $limit = 0) { $gid = oa_core_get_space_context(); $space = node_load($gid); $type = variable_get_value('oa_worktracker_assigned_to_users'); if ($type === OA_WORKTRACKER_ASSIGN_TO_INHERITED_USERS && !module_exists('oa_subspaces')) { $type = OA_WORKTRACKER_ASSIGN_TO_ONLY_LOCAL_USERS; } $uids = array(); switch ($type) { case OA_WORKTRACKER_ASSIGN_TO_INHERITED_USERS: $uids = og_subgroups_get_users_group('node', $space); $uids = $uids['user']; $inherited = _og_subgroups_get_inherited_users('node', $gid); foreach ($inherited as $inherited_uid => $data) { $uids[] = $inherited_uid; } break; case OA_WORKTRACKER_ASSIGN_TO_ONLY_LOCAL_USERS: $query = new EntityFieldQuery(); $query->entityCondition('entity_type', 'og_membership')->propertyCondition('group_type', 'node', '=')->propertyCondition('gid', $gid, '=')->propertyCondition('entity_type', 'user', '=')->propertyCondition('state', OG_STATE_ACTIVE, '='); $result = $query->execute(); if (!empty($result['og_membership'])) { $og_memberships = og_membership_load_multiple(array_keys($result['og_membership'])); foreach ($og_memberships as $og_membership) { $uids[] = $og_membership->etid; } } break; case OA_WORKTRACKER_ASSIGN_TO_ANY_USERS: $query = db_select('users', 'u')->fields('u', array('uid'))->condition('status', 1); $uids = $query->execute()->fetchCol(); break; } $options = array('user' => array()); if (!empty($uids)) { // Get the user label and make sure that the user can access the space. $users = user_load_multiple($uids); foreach ($users as $uid => $account) { if (node_access('view', $space, $account)) { $options['user'][$uid] = check_plain($this->getLabel($account)); } } asort($options['user']); } return $options; }
/** * Implements template_preprocess_page. */ function mooc_foundation_access_preprocess_page(&$variables) { // speedreader is enabled if (module_exists('speedreader')) { $variables['speedreader'] = TRUE; } // drop some tabs that don't seem to go away on their own if (isset($variables['tabs']['#primary']) && !empty($variables['tabs']['#primary'])) { foreach ($variables['tabs']['#primary'] as $key => $value) { if (in_array($value['#link']['path'], array('node/%/display', 'node/%/outline', 'node/%/log'))) { unset($variables['tabs']['#primary'][$key]); } } // fornow drop secondary entirely for nodes if (arg(0) == 'node' && isset($variables['tabs']['#secondary'])) { unset($variables['tabs']['#secondary']); } } $child_type = variable_get('book_child_type', 'book'); $node = menu_get_object(); if ($node && !empty($node->book) && (user_access('add content to books') || user_access('administer book outlines')) && node_access('create', $child_type) && $node->status == 1 && isset($node->book['depth']) && $node->book['depth'] < MENU_MAX_DEPTH) { $variables['tabs_extras'][200][] = '<div class="divider"></div>'; $variables['tabs_extras'][200][] = '<span class="nolink cis-lmsless-text">' . t('Operations') . '</strong>'; $variables['tabs_extras'][200][] = l(t('Edit child outline'), 'node/' . $node->book['nid'] . '/outline/children'); $variables['tabs_extras'][200][] = l(t('Edit course outline'), 'admin/content/book/' . $node->book['bid']); } // support hiding the accessibility check UI which is poorly located if ($node && user_access('view accessibility tests')) { $variables['tabs_extras'][200][] = '<span class="cis_accessibility_check"></span>'; } // remove the prefix that provides a link to the home page // as MOOC is the thing that currently provides support directly for this // and slightly overrides the behavior $keys = array_keys($variables['page']['header']); $keyname = array_shift($keys); unset($variables['page']['header'][$keyname]['#prefix']); // Remove title from a page when a gitbook markdown filter is present. if (isset($variables['page']['content']['system_main']['nodes'])) { foreach ($variables['page']['content']['system_main']['nodes'] as $node) { if (isset($node['body']['#object'])) { if ($node['body']['#object']->body['und'][0]['format'] == "git_book_markdown") { $variables['title'] = ""; } } } } }
/** * Allow modules to alter access granted to a message entity. * @param $access * Boolean specifying whether the specifified account has the specified access. * @param context * Array containing relevant information for determining access to * the message entity. Keys are op, entity, entity_type, and account. */ function hook_message_access_alter(&$access, $context) { // We're only interested in the 'view' operation. if ($context['op'] != 'view') { return; } $message = $context['entity']; // Verify view access to nodes referenced in the message. if (isset($message->field_target_nodes)) { foreach ($message->field_target_nodes[LANGUAGE_NONE] as $key => $value) { $node = node_load($value['target_id']); if (!node_access('view', $node, $context['account'])) { // If the user cannot view any nodes in the message, // deny access to the entire message; $access = FALSE; return; } } } }
/** * Submit the form to add to an existing node */ function _nodereferrer_create_add_form_submit($form, &$form_state) { if ($form_state['clicked_button']['#name'] != 'add') { drupal_set_message(t('The operation was cancelled')); drupal_goto('node/' . arg(1)); } $append_node = node_load($form_state['values']['referrence']); // Make sure the user is allowed to do this if (!node_access('update', $append_node)) { drupal_set_message(t('You do not have rights to update this node')); drupal_goto('node/' . arg(1)); return; } $current_node = node_load(arg(1)); $field = $current_node->referrers[arg(3)]['referrence'][arg(4)][arg(5)]['field_name']; array_push($append_node->{$field}, array('nid' => $current_node->nid)); // Save, and ensure the changes are noticed node_save($append_node); cache_clear_all(); drupal_set_message(t('The node was added')); drupal_goto('node/' . arg(1)); }
/** * {@inheritdoc} */ public function entityAccess($operation = 'view') { global $user; $node = $this->getEntity(); // Make sure we don't render a node inside itself, preventing infinite loop. $object = menu_get_object('node'); if (is_object($object) && isset($object->nid) && $object->nid == $node->nid) { drupal_set_message(t('Cannot render a node inside itself, remove any view mode token related to the current node.')); return FALSE; } // Make sure current user can actually access the rendered node. if (user_access('bypass node access') || user_access('administer nodes')) { return TRUE; } if (!node_access($operation, $node)) { return FALSE; } if ($node->status == 0) { return $node->uid == $user->uid && user_access('view own unpublished content'); } else { return TRUE; } }
/** * Implements EntityReferenceHandler::getReferencableEntities(). */ public function getReferencableEntities($match = NULL, $match_operator = 'CONTAINS', $limit = 25) { $options = array(); $target_node_types = $this->field['settings']['handler_settings']['target_bundles']; // No target node types means all issue types may be selected. if (empty($target_node_types)) { $target_node_types = project_issue_issue_node_types(); } global $base_url; // Early return if the short match string would generate too many results. // @todo: Make this configurable? Return even if user has ebereted #nid. // It's unlikely they're trying to reference a two digit nid issue. if (strlen($match) < 4) { return $options; } // If the given string begins with the site domain, try to match it to the // URL of an issue node. if (substr($match, 0, strlen($base_url)) == $base_url) { $matches = array(); // Extract the node ID from the URL, allowing for an anchor tag. preg_match("@^{$base_url}/node/(\\d+)(?:#\\S+)?\$@", $match, $matches); if (isset($matches[1])) { $nid = $matches[1]; $node = node_load($nid); if ($node) { // Only allow the node if it's of the right type and the user has // access to view it. if (in_array($node->type, $target_node_types) && node_access('view', $node)) { $options[$node->type][$nid] = check_plain($this->getLabel($node)); // Don't return yet, as there is a slim chance that the URL is part // of the title of an issue which starts with the domain name or // even the full URL, as in 'http://example.com/node/1 is broken'. } } } } // If the given string is of the form '#1234' then try to match that as a // nid. if (strpos($match, '#') === 0) { if (preg_match("@^#(\\d+)\$@", $match)) { $nid = substr($match, 1); $node = node_load($nid); if ($node) { // Only allow the node if it's of the right type and the user has // access to view it. if (in_array($node->type, $target_node_types) && node_access('view', $node)) { $options[$node->type][$nid] = check_plain($this->getLabel($node)); // Don't return, same reason as above. } } } } // Build a query for the nodes. We can't use buildEntityFieldQuery() because // we have to use a SelectQuery rather than an EntityFieldQuery to have an // OR condition. $query = db_select('node', 'n'); if (isset($match)) { // Try to match on the title or nid. $query->condition(db_or()->condition('n.title', '%' . db_like($match) . '%', 'LIKE')->condition('n.nid', $match)); } // Set the node type. $query->condition('type', $target_node_types); if (!user_access('bypass node access')) { // Restrict the query to published nodes. $query->condition('n.status', NODE_PUBLISHED); } // Restrict the number of returned rows. jQuery UI autocomplete defaults to // showing 10 only. if (!empty($limit)) { $query->range(0, $limit); } // Order the returned nodes by some sort of relevancy. $query->orderBy('n.changed', 'DESC'); $node_data = $query->fields('n', array('nid', 'title', 'type'))->addTag('node_access')->execute()->fetchAll(); foreach ($node_data as $item) { $options[$item->type][$item->nid] = check_plain($item->title); } return $options; }
/** * Determines the visibility of a piece of content * and returns that value * * Possible values are: 'draft', 'private', and NULL * * @param Object $node The content to determine its visibility * @return String a string indicating its visibility */ public static function get_visibility($node) { $visibility = NULL; // Check if it is a draft if (isset($node->status) && $node->status == 0) { $visibility = 'draft'; } // Check if it should be excluded from recommendations if (isset($node->shareaholic_options) && $node->shareaholic_options['shareaholic_exclude_from_recommendations']) { $visibility = 'private'; } // Check if a site visitor can see the content try { $anonymous_user = user_load(0); if ($anonymous_user && !node_access('view', $node, $anonymous_user)) { $visibility = 'private'; } } catch (Exception $e) { ShareaholicUtilities::log('Error in checking node_access: ' . $e->getMessage()); } return $visibility; }
$node = node_load($nid); $node->field_modeldata[0]['value'] = $_POST["data"]; $node->changed = time(); $node->title = $_POST["title"]; $node->body = $_POST["description"]; if (node_access("update", $node)) { $node->revision = 1; node_save($node); insightica_set_tags_csv($node->nid, $_POST["tags"]); } echo $node->nid; } else { $node = new stdClass(); $node->title = $_POST["title"]; $node->body = $_POST["description"]; $node->type = "insight"; $node->uid = $user->uid; $node->teaser = ""; $node->filter = 1; $node->status = 1; $node->comment = 2; $node->created = time(); $node->changed = time(); $node->field_modeldata[0]['value'] = $_POST["data"]; $now = microtime(true); if (node_access("create", $node)) { node_save($node); insightica_set_tags_csv($node->nid, $_POST["tags"]); } echo $node->nid; }
/** * Controls the display of an item in the cart. * * Product type modules allow the creation of nodes that can be added to the * cart. The cart determines how they are displayed through this hook. This is * especially important for product kits, because it may be displayed as a * single unit in the cart even though it is represented as several items. * * This hook is only called for the module that owns the cart item in * question, as set in $item->module. * * @param $item * The item in the cart to display. * * @return * A form array containing the following elements: * - "nid" * - #type: value * - #value: The node id of the $item. * - "module" * - #type: value * - #value: The module implementing this hook and the node represented by * $item. * - "remove" * - #type: submit * - #value: t('Remove'); when clicked, will remove $item from the cart. * - "description" * - #type: markup * - #value: Themed markup (usually an unordered list) displaying extra * information. * - "title" * - #type: markup * - #value: The displayed title of the $item. * - "#total" * - "type": float * - "value": Numeric price of $item. Notice the '#' signifying that this is * not a form element but just a value stored in the form array. * - "data" * - #type: hidden * - #value: The serialized $item->data. * - "qty" * - #type: textfield * - #value: The quantity of $item in the cart. When "Update cart" is * clicked, the customer's input is saved to the cart. */ function hook_cart_display($item) { $node = node_load($item->nid); $element = array(); $element['nid'] = array('#type' => 'value', '#value' => $node->nid); $element['module'] = array('#type' => 'value', '#value' => 'uc_product'); $element['remove'] = array('#type' => 'checkbox'); $element['title'] = array('#value' => node_access('view', $node) ? l($item->title, 'node/' . $node->nid) : check_plain($item->title)); $context = array('revision' => 'altered', 'type' => 'cart_item', 'subject' => array('cart_item' => $item, 'node' => $node)); $price_info = array('price' => $item->price, 'qty' => $item->qty); $element['#total'] = uc_price($price_info, $context); $element['data'] = array('#type' => 'hidden', '#value' => serialize($item->data)); $element['qty'] = array('#type' => 'textfield', '#default_value' => $item->qty, '#size' => 5, '#maxlength' => 6); if ($description = uc_product_get_description($item)) { $element['description'] = array('#value' => $description); } return $element; }
} ?> <?php } ?> <!-- End Public Votation Link --> </div> <div class="clearfix"> </div> <!-- Edit Button --> <?php if (!$is_edit) { ?> <?php if (node_access('update', $node)) { print l('<span>' . t('Edit') . '</span>', 'node/' . $node->nid . '/edit', array('attributes' => array('title' => t('Edit'), 'class' => 'edit-content-link', 'style' => 'top: 16px; right: 16px;'), 'html' => TRUE)); } ?> <?php } ?> <!-- End Edit Button --> <div class="social-corner"> <!-- FOLLOWERS NUMBER --> <?php if (!$is_edit) { print showNumContestFollowers($node); } ?> <!-- END FOLLOWERS NUMBER -->
/** * Override or insert variables into the node templates. * * @param $vars * An array of variables to pass to the theme template. * @param $hook * The name of the template being rendered ("node" in this case.) */ function quilted_custom_preprocess_node(&$vars, $hook) { // Optionally, run node-type-specific preprocess functions, like // quilted_custom_preprocess_node_page() or quilted_custom_preprocess_node_story(). $function = __FUNCTION__ . '_' . $vars['node']->type; if (function_exists($function)) { $function($vars, $hook); } // Class hacking // $classes = explode(' ', $vars['classes']); // Explode with spaces // $classes[] = 'activity-type-' . $activity_type; // $vars['classes'] = implode(' ', $classes); // Concatenate with spaces // This is LIFO (Last In First Out) so put them in reverse order, i.e. most important last. if ($vars['page']) { $vars['template_files'] = array('node-' . $vars['node']->type, 'node-default-page', 'node-' . $vars['node']->type . '-page', 'node-' . $vars['node']->nid, 'node-' . $vars['node']->nid . '-page'); } else { $vars['template_files'] = array('node-default', 'node-' . $vars['node']->type, 'node-' . $vars['node']->nid); } // Set up items in taxonomies if ($terms = taxonomy_node_get_terms($vars['node'], $key = 'tid')) { foreach ($terms as $tid => $term) { $terms_by_vid[$term->vid][$tid] = $term; } } // set up $taxo1 if (is_array($terms_by_vid[1])) { $terms = array(); foreach ($terms_by_vid[1] as $term_single) { $terms[] = l($term_single->name, 'taxonomy/term/' . $term_single->tid, array('title' => $term_single->description)); } $vars['taxo1'] = implode(', ', $terms); } // add access check here if (node_access('update', $vars['node'])) { $vars['edit_link'] = l(t('[Edit]'), 'node/' . $vars['node']->nid . '/edit'); } // Set up read more link $read_more_link_options = array('html' => TRUE, 'attributes' => array('class' => 'read-more')); //$url = $vars['user_url']; // for user link $url = 'node/' . $vars['node']->nid; // regular node_link $vars['more_link'] = l(t("Read more »"), $url, $read_more_link_options); // EXAMPLES OF COMMON FIELDS // To-do: These should all be modified so that they each allow for multiple values in the field. /* Set up taxonomy terms list */ // if ($vars['node']->taxo_vocab_language) { // $vars['languages'] = $vars['node']->taxo_vocab_language; // } /* Set up field type text field */ // if ($vars['node']->field_event_title[0]['value']) { // $vars['event_title'] = check_markup($vars['node']->field_event_title[0]['value'], $vars['node']->field_event_title[0]['format']); // } /* Set up field type textarea */ // // Set up description // if ($vars['node']->field_event_description[0]['value']) { // $vars['event_description'] = check_markup($vars['node']->field_event_description[0]['value'], $vars['node']->field_event_description[0]['format']); // } /* Set up field type node reference */ // // Set up $event_organization // if (is_numeric($vars['node']->field_event_organization[0]['nid'])) { // $org_node = node_load($vars['node']->field_event_organization[0]['nid']); // $vars['event_organization'] = l($org_node->title, 'node/' . $org_node->nid); // } /* Set up field type user reference */ /* Set up field type location */ // // Set up $location // if ($vars['node']->field_event_locations[0]) { // $vars['event_location'] = theme('location', $vars['node']->field_event_locations[0]); // } /* Set up field type image */ // This is a relatively complicated example // if ($vars['page'] == 0) { // // if we are looking at a teaser, define a default image if no images have been uploaded // if ($vars['node']->field_housing_group_image[0]['filepath']) { // $image_filepath = $vars['node']->field_housing_group_image[0]['filepath']; // } else { // $image_filepath = path_to_theme() . '/images/default-home-icon.png'; // } // // $link_options = array( // 'html' => TRUE, // ); // // if ($image_filepath) { // $vars['housing_group_images'] = l(theme('imagecache', 'home_teaser', $image_filepath, $alt, $title, $attributes), 'node/' . $vars['node']->nid, $link_options); // } // // } elseif ($vars['node']->field_housing_group_image[0]['filepath']) { // // Add image pager here when ready // $image_filepath = $vars['node']->field_housing_group_image[0]['filepath']; // $vars['housing_group_images'] = theme('imagecache', 'home_page', $image_filepath, $alt, $title, $attributes); // } /* Set up field type link */ // // Set up $event_registration_link // if ($vars['node']->field_event_registration_link[0]['url']) { // if (check_plain($vars['node']->field_event_registration_link[0]['title'])) { // $title = $vars['node']->field_event_registration_link[0]['title']; // } else { // $title = $vars['node']->field_event_registration_link[0]['url']; // } // $url = check_plain($vars['node']->field_event_registration_link[0]['url']); // $link_options = array('html' => FALSE,); // $vars['event_registration_link'] = l($title, $url, $link_options); // } /* Set up field type datetime with no timezone conversion */ // if ($vars['node']->field_housing_group_available[0]['value']) { // $date = date_convert($vars['node']->field_housing_group_available[0]['value'], DATE_ISO, DATE_UNIX); // $timezone = 0; // $vars['housing_group_availability_date'] = format_date($date,'custom','F j, Y', $timezone); // } /* Set up field type datetime with site default timezone conversion */ // if ($vars['node']->field_housing_group_available[0]['value']) { // $date = date_convert($vars['node']->field_housing_group_available[0]['value'], DATE_ISO, DATE_UNIX); // $timezone = variable_get('date_default_timezone', 0); // $vars['housing_group_availability_date'] = format_date($date,'custom','F j, Y', $timezone); // } /* Set up field type datetime with user timezone conversion */ // if ($vars['node']->field_housing_group_available[0]['value']) { // $date = date_convert($vars['node']->field_housing_group_available[0]['value'], DATE_ISO, DATE_UNIX); // if ($vars['user']->timezone) { // $timezone = $vars['user']->timezone; // } else { // $timezone = variable_get('date_default_timezone', 0); // fall back to site default // } // // $vars['housing_group_availability_date'] = format_date($date,'custom','F j, Y', $timezone); // } // // Set up $date for start and end dates // // Set up $date // if ($vars['node']->field_event_date[0]['value']) { // // // Set timezone conversion setting // $timezone = 0; // // $date_begin = date_convert($vars['node']->field_event_date[0]['value'], DATE_ISO, DATE_UNIX); // // if ($vars['node']->field_event_date[0]['value2']) { // $date_end = date_convert($vars['node']->field_event_date[0]['value2'], DATE_ISO, DATE_UNIX); // } // // $event_begin_formatted_full = format_date($date_begin,'custom','M j, Y g:ia', $timezone); // $event_begin_formatted_short_month = format_date($date_begin,'custom','M', $timezone); // $event_begin_formatted_day = format_date($date_begin,'custom','j', $timezone); // $event_end_just_time = format_date($date_end,'custom','g:ia', $timezone); // $event_end_formatted_full = format_date($date_end,'custom','M j, Y g:ia', $timezone); // // if (format_date($date_begin,'custom','M j, Y') == format_date($date_end,'custom','M j, Y')) { // $vars['event_date'] = theme_date_display_range($event_begin_formatted_full, $event_end_just_time); // } else { // $vars['event_date'] = theme_date_display_range($event_begin_formatted_full, $event_end_formatted_full); // } // // $vars['event_date_icon'] = '<div class="month">' . $event_begin_formatted_short_month . '</div><div class="day">' . $event_begin_formatted_day . '</div>'; // } /* Set up field type phone / fax */ // // Set up $event_phone // if ($vars['node']->field_event_registration_phone[0]['value']) { // $vars['event_phone'] = check_plain($vars['node']->field_event_registration_phone[0]['value']); // } /* Set up number field (formatted as 12,893) */ // if (is_numeric($vars['node']->field_housing_group_estimated[0]['value'])) { // $vars['housing_group_estimated'] = number_format(check_plain($vars['node']->field_housing_group_estimated[0]['value'])); // } /* Set up number field (formatted as dollars - $123,763) */ // To-do: figure out a number field format that accomodates cents // if (is_numeric($vars['node']->field_housing_group_estimated[0]['value'])) { // $vars['housing_group_estimated'] = "\$" . number_format(check_plain($vars['node']->field_housing_group_estimated[0]['value'])); // } }
/** * Whether user has access to update, view or delete the entity. * * @param string $op * This can either be "update", "view" or "delete". * * @return bool * TRUE if user has access and FALSE otherwise. */ public function hasObjectAccess($op) { if (!in_array($op, array('update', 'view', 'delete'))) { return FALSE; } $entity_type = $this->getEntityType(); if (module_exists('entity')) { return entity_access($op, $entity_type, $this->getEntity()); } elseif ($entity_type == 'node') { return node_access($op, $this->getEntity()); } elseif ($entity_type == 'comment' && $op == 'update') { return comment_access('edit', $this->getEntity()); } elseif (($info = entity_get_info()) && isset($info[$entity_type]['access callback'])) { return $info[$entity_type]['access callback']($op, $this->getEntity(), NULL, $entity_type); } return FALSE; }
/** * Implements EntityReferenceHandler::countReferencableEntities(). */ public function countReferencableEntities($match = NULL, $match_operator = 'CONTAINS') { if (!empty($this->instance) && $this->instance['entity_type'] == 'node') { // Organic Groups calls this method in og_node_access to determine "create X content" permission. // There comment is this: // ----- // We can't check if user has create permissions using og_user_access(), as // there is no group context. However, we can check if there are any groups // the user will be able to select, and if not, we don't allow access. // @see OgSelectionHandler::getReferencableEntities() // ----- // Well, in Open Atrium, we DO know the group context because it's stored in the session // So we can just use og_user_access('create X content', $space_id) to determine access // Since this method isn't used anywhere else, we'll return a zero or one to determine // create X access. // ------ // We directly check session as oa_core_get_space_context checks menu_get_item // which checks node_access. // ------ // BEWARE: If you use some other module that relies on the TRUE count, it won't work $space_id =& drupal_static('oa_core_count_ref_space_id', NULL); if (!isset($space_id)) { if (!empty($_SESSION['og_context']['group_type']) && $_SESSION['og_context']['group_type'] == 'node' && ($node = node_load($_SESSION['og_context']['gid'])) && node_access('view', $node)) { $space_id = $_SESSION['og_context']['gid']; } else { $space_id = FALSE; } } if ($space_id) { $node_type = $this->instance['bundle']; return og_user_access('node', $space_id, 'create ' . $node_type . ' content') ? 1 : 0; } } return 0; }
public function entity_access($op, $entity) { // This must be implemented by the extending clas. return node_access($op, $entity); }
function gd_sync_admin_entity_export_select_form ( $form, &$form_state ) { $handlers = module_invoke_all('gd_sync_entities'); $exportHandlers = array(); foreach ( $handlers as $h ) { $exportHandlers[] = $h['export']; } // sort by operation weight usort($exportHandlers,function($a,$b){ if ($a['weight'] == $b['weight']) { return 0; } return ($a['weight'] < $b['weight']) ? -1 : 1; }); $nodes = array(); foreach ( $exportHandlers as $handler ) { $result = $handler['class']::getExportables($form_state['build_info']['args'][0]->nid); $nodes = array_merge($nodes,$result); } // Enable language column if translation module is enabled or if we have any // node with language. $multilanguage = (module_exists('translation') || db_query_range("SELECT 1 FROM {node} WHERE language <> :language", 0, 1, array(':language' => LANGUAGE_NONE))->fetchField()); // Build the sortable table header. $header = array( 'title' => array('data' => t('Title'), 'field' => 'n.title'), 'type' => array('data' => t('Type'), 'field' => 'n.type'), 'author' => t('Author'), 'status' => array('data' => t('Status'), 'field' => 'n.status'), 'changed' => array('data' => t('Updated'), 'field' => 'n.changed', 'sort' => 'desc') ); if ($multilanguage) { $header['language'] = array('data' => t('Language'), 'field' => 'n.language'); } $header['operations'] = array('data' => t('Operations')); // Prepare the list of nodes. $languages = language_list(); $destination = drupal_get_destination(); $options = array(); foreach ($nodes as $node) { $langcode = entity_language('node', $node); $l_options = $langcode != LANGUAGE_NONE && isset($languages[$langcode]) ? array('language' => $languages[$langcode]) : array(); $options[$node->nid] = array( 'title' => array( 'data' => array( '#type' => 'link', '#title' => $node->title, '#href' => 'node/' . $node->nid, '#options' => $l_options, '#suffix' => ' ' . theme('mark', array('type' => node_mark($node->nid, $node->changed))), ), ), 'type' => $node->type, 'author' => theme('username', array('account' => $node)), 'status' => $node->status ? t('published') : t('not published'), 'changed' => format_date($node->changed, 'short'), ); if ($multilanguage) { if ($langcode == LANGUAGE_NONE || isset($languages[$langcode])) { $options[$node->nid]['language'] = $langcode == LANGUAGE_NONE ? t('Language neutral') : t($languages[$langcode]->name); } else { $options[$node->nid]['language'] = t('Undefined language (@langcode)', array('@langcode' => $langcode)); } } // Build a list of all the accessible operations for the current node. $operations = array(); if (node_access('update', $node)) { $operations['edit'] = array( 'title' => t('edit'), 'href' => 'node/' . $node->nid . '/edit', 'query' => $destination, ); } if (node_access('delete', $node)) { $operations['delete'] = array( 'title' => t('delete'), 'href' => 'node/' . $node->nid . '/delete', 'query' => $destination, ); } $options[$node->nid]['operations'] = array(); if (count($operations) > 1) { // Render an unordered list of operations links. $options[$node->nid]['operations'] = array( 'data' => array( '#theme' => 'links__node_operations', '#links' => $operations, '#attributes' => array('class' => array('links', 'inline')), ), ); } elseif (!empty($operations)) { // Render the first and only operation as a link. $link = reset($operations); $options[$node->nid]['operations'] = array( 'data' => array( '#type' => 'link', '#title' => $link['title'], '#href' => $link['href'], '#options' => array('query' => $link['query']), ), ); } } $form['nodes'] = array( '#type' => 'tableselect', '#header' => $header, '#options' => $options, '#empty' => t('No content available.'), ); return $form; }
/** * {@inheritdoc} */ public function access($operation, AccountInterface $account = null, $return_as_object = false) { return (bool) node_access($operation, $this, $account); }
/** * Control download access to files. * * The hook is typically implemented to limit access based on the entity the * file is referenced, e.g., only users with access to a node should be allowed * to download files attached to that node. * * @param array $file_item * The array of information about the file to check access for. * @param $entity_type * The type of $entity; for example, 'node' or 'user'. * @param $entity * The $entity to which $file is referenced. * * @return * TRUE is access should be allowed by this entity or FALSE if denied. Note * that denial may be overridden by another entity controller, making this * grant permissive rather than restrictive. * * @see hook_field_access(). */ function hook_file_download_access($file_item, $entity_type, $entity) { if ($entity_type == 'node') { return node_access('view', $entity); } }
<a href="<?php print $node_url; ?>" title="<?php print $title ?>"><?php print $title; ?></a> </h2> <?php else: ?> <h1 class="title"><?php print $title; ?></h1> <?php endif; ?> <?php if ($unpublished): ?> <div class="unpublished"><?php print t('Unpublished'); ?></div> <?php endif; ?> <?php if ($submitted or $terms): ?> <div class="meta"> <?php if ($submitted): ?> <div class="submitted"> <?php print $submitted; ?> </div> <?php endif; ?> <?php //removed terms code here... ?> </div> <?php endif; ?> <div class="content"> <?php print $content; ?> </div> <?php print $links; ?> <?php if (node_access("update", $node->nid)) : ?> <div class="admin-node-name-display"><?php print($node->type);?></div> <?php endif ?> </div></div> <!-- /node-inner, /node -->
?> <?php } ?> </div> <?php } ?> <?php // We hide the comments and links now so that we can render them later. hide($content['comments']); hide($content['links']); hide($content['rate_likeme']); if (isset($content['group_opg_reviewer'])) { if (!node_access('update', $node) and !context_isset('context', 'opg_core_reviewer')) { hide($content['group_opg_reviewer']); } } print render($content); ?> <?php if ($node_block) { ?> <div id="node-block"> <?php print render($node_block); ?> </div> <?php