/**
* Overrides OgSelectionHandler::entityFieldQueryAlter().
*
* Add the user's groups along with the rest of the "public" groups.
*/
public function entityFieldQueryAlter(SelectQueryInterface $query)
{
$gids = og_get_entity_groups();
if (empty($gids['node'])) {
return;
}
$conditions =& $query->conditions();
// Find the condition for the "field_data_field_privacy_settings" query, and
// the one for the "node.nid", so we can later db_or() them.
$public_condition = array();
foreach ($conditions as $key => $condition) {
if ($key !== '#conjunction' && is_string($condition['field'])) {
if (strpos($condition['field'], 'field_data_field_og_subscribe_settings') === 0) {
$public_condition = $condition;
unset($conditions[$key]);
}
if ($condition['field'] === 'node.nid') {
unset($conditions[$key]);
}
}
}
if (!$public_condition) {
return;
}
$or = db_or();
$or->condition($public_condition['field'], $public_condition['value'], $public_condition['operator']);
$or->condition('node.nid', $gids['node'], 'IN');
$query->condition($or);
}
/**
* Implements EntityReference_BehaviorHandler_Abstract::Delete()
*
* CRUD memberships from field, or if entity is marked for deleteing,
* delete all the OG membership related to it.
*
* @see og_entity_delete().
*/
public function delete($entity_type, $entity, $field, $instance, $langcode, &$items)
{
if (!empty($entity->delete_og_membership)) {
// Delete all OG memberships related to this entity.
$og_memberships = array();
foreach (og_get_entity_groups($entity_type, $entity) as $group_type => $ids) {
$og_memberships = array_merge($og_memberships, array_keys($ids));
}
if ($og_memberships) {
og_membership_delete_multiple($og_memberships);
}
} else {
$this->OgMembershipCrud($entity_type, $entity, $field, $instance, $langcode, $items);
}
}
/**
* Determine if the user has access to the panelizer operation for this type.
*/
function panelizer_access($op, $bundle, $view_mode)
{
$og_access = FALSE;
if (is_object($bundle)) {
$entity = $bundle;
list($entity_id, $revision_id, $bundle) = entity_extract_ids($this->entity_type, $entity);
// Additional support for Organic Groups.
// @todo move to og_panelizer_access();
if (module_exists('og')) {
if (og_is_group($this->entity_type, $entity)) {
$og_access = og_user_access($this->entity_type, $entity_id, "administer panelizer og_group {$op}");
} else {
$og_groups = og_get_entity_groups($this->entity_type, $entity);
foreach ($og_groups as $og_group_type => $og_gids) {
foreach ($og_gids as $og_gid) {
if (og_user_access($og_group_type, $og_gid, "administer panelizer {$this->entity_type} {$bundle} {$op}")) {
$og_access = TRUE;
}
}
}
}
}
// If there is an $op, this must actually be panelized in order to pass.
// If there is no $op, then the settings page can provide us a "panelize
// it!" page even if there is no display.
if ($op && $op != 'overview' && $op != 'settings' && $op != 'choice' && empty($entity->panelizer[$view_mode])) {
return FALSE;
}
}
// Invoke hook_panelizer_access().
$panelizer_access = module_invoke_all('panelizer_access', $op, $this->entity_type, $bundle, $view_mode);
array_unshift($panelizer_access, user_access('administer panelizer'), user_access("administer panelizer {$this->entity_type} {$bundle} {$op}"));
$panelizer_access[] = $og_access;
// Trigger hook_panelizer_access_alter().
// We can't pass this many parameters to drupal_alter, so stuff them into
// an array.
$options = array('op' => $op, 'entity_type' => $this->entity_type, 'bundle' => $bundle, 'view_mode' => $view_mode);
drupal_alter('panelizer_access', $panelizer_access, $options);
foreach ($panelizer_access as $access) {
if ($access) {
return $access;
}
}
return FALSE;
}
/**
* Determine if the user has access to the panelizer operation for this type.
*/
function panelizer_access($op, $bundle, $view_mode)
{
$og_access = FALSE;
if (is_object($bundle)) {
$entity = $bundle;
list($entity_id, $revision_id, $bundle) = entity_extract_ids($this->entity_type, $entity);
// Additional support for Organic Groups.
if (module_exists('og')) {
if (og_is_group($this->entity_type, $entity)) {
$og_access = og_user_access($this->entity_type, $entity_id, "administer panelizer og_group {$op}");
} else {
$og_groups = og_get_entity_groups($this->entity_type, $entity);
foreach ($og_groups as $og_group_type => $og_gids) {
foreach ($og_gids as $og_gid) {
if (og_user_access($og_group_type, $og_gid, "administer panelizer {$this->entity_type} {$bundle} {$op}")) {
$og_access = TRUE;
}
}
}
}
}
// If there is an $op, this must actually be panelized in order to pass.
// If there is no $op, then the settings page can provide us a "panelize
// it!" page even if there is no panel.
if ($op && $op != 'overview' && $op != 'settings' && $op != 'choice' && empty($entity->panelizer[$view_mode])) {
return FALSE;
}
}
return user_access('administer panelizer') || user_access("administer panelizer {$this->entity_type} {$bundle} {$op}") || $og_access;
}
/**
* Build an EntityFieldQuery to get referencable entities.
*/
public function buildEntityFieldQuery($match = NULL, $match_operator = 'CONTAINS')
{
global $user;
$handler = EntityReference_SelectionHandler_Generic::getInstance($this->field, $this->instance, $this->entity_type, $this->entity);
$query = $handler->buildEntityFieldQuery($match, $match_operator);
// FIXME: http://drupal.org/node/1325628
unset($query->tags['node_access']);
// FIXME: drupal.org/node/1413108
unset($query->tags['entityreference']);
$query->addTag('entity_field_access');
$query->addTag('og');
$group_type = $this->field['settings']['target_type'];
$entity_info = entity_get_info($group_type);
if (!field_info_field(OG_GROUP_FIELD)) {
// There are no groups, so falsify query.
$query->propertyCondition($entity_info['entity keys']['id'], -1, '=');
return $query;
}
// Show only the entities that are active groups.
$query->fieldCondition(OG_GROUP_FIELD, 'value', 1, '=');
if (empty($this->instance['field_mode'])) {
return $query;
}
$field_mode = $this->instance['field_mode'];
if ($field_mode == 'default' || $field_mode == 'admin') {
$user_groups = oa_core_get_groups_by_user(NULL, $group_type);
$user_groups = array_merge($user_groups, $this->getGidsForCreate());
// This is a workaround for not being able to choice which default value for
// 'my groups', which causes my groups to be lost.
// @todo find a way to default my groups based on selection handler.
$user_groups_only = og_get_entity_groups();
$user_groups_only = !empty($user_groups_only['node']) ? $user_groups_only['node'] : array();
// Show the user only the groups they belong to.
if ($field_mode == 'default') {
if ($user_groups && !empty($this->instance) && $this->instance['entity_type'] == 'node') {
// Determine which groups should be selectable.
$node = $this->entity;
$node_type = $this->instance['bundle'];
$has_create_access = array_keys(array_filter(oa_user_access_nids('node', $user_groups, "create {$node_type} content")));
$has_update_access = array();
$remaining = array_diff($user_groups, $has_create_access);
if (!empty($node->nid) && $remaining) {
$groups = og_get_entity_groups('node', $node->nid);
$node_groups = !empty($groups['node']) ? $groups['node'] : array();
if ($node_groups = array_diff($node_groups, $remaining)) {
$check_perms = array("update any {$node_type} content");
if ($user->uid == $node->uid) {
$check_perms = "update own {$node_type} content";
}
$has_update_access = array_keys(array_filter(oa_user_access_nids('node', $node_groups, $check_perms)));
}
}
$ids = array_merge($has_update_access, $has_create_access);
} else {
$ids = $user_groups;
}
if ($ids) {
$query->propertyCondition($entity_info['entity keys']['id'], $ids, 'IN');
} else {
// User doesn't have permission to select any group so falsify this
// query.
$query->propertyCondition($entity_info['entity keys']['id'], -1, '=');
}
} elseif ($field_mode == 'admin' && $user_groups_only) {
// Show only groups the user doesn't belong to.
if (!empty($this->instance) && $this->instance['entity_type'] == 'node') {
// Don't include the groups, the user doesn't have create
// permission.
$node_type = $this->instance['bundle'];
foreach ($user_groups_only as $delta => $gid) {
if (!og_user_access($group_type, $gid, "create {$node_type} content")) {
unset($user_groups_only[$delta]);
}
}
}
if ($user_groups) {
$query->propertyCondition($entity_info['entity keys']['id'], $user_groups_only, 'NOT IN');
}
}
}
return $query;
}
/**
* Build an EntityFieldQuery to get referencable entities.
*/
public function buildEntityFieldQuery($match = NULL, $match_operator = 'CONTAINS')
{
global $user;
$handler = EntityReference_SelectionHandler_Generic::getInstance($this->field, $this->instance, $this->entity_type, $this->entity);
$query = $handler->buildEntityFieldQuery($match, $match_operator);
// FIXME: http://drupal.org/node/1325628
unset($query->tags['node_access']);
// FIXME: drupal.org/node/1413108
unset($query->tags['entityreference']);
$query->addTag('entity_field_access');
$query->addTag('og');
$group_type = $this->field['settings']['target_type'];
$entity_info = entity_get_info($group_type);
if (!field_info_field(OG_GROUP_FIELD)) {
// There are no groups, so falsify query.
$query->propertyCondition($entity_info['entity keys']['id'], -1, '=');
return $query;
}
// Show only the entities that are active groups.
$query->fieldCondition(OG_GROUP_FIELD, 'value', 1, '=');
if (empty($this->instance['field_mode'])) {
return $query;
}
$field_mode = $this->instance['field_mode'];
$user_groups = og_get_groups_by_user(NULL, $group_type);
$user_groups = $user_groups ? $user_groups : array();
$user_groups = array_merge($user_groups, $this->getGidsForCreate());
// Show the user only the groups they belong to.
if ($field_mode == 'default') {
if ($user_groups && !empty($this->instance) && $this->instance['entity_type'] == 'node') {
// Determine which groups should be selectable.
$node = $this->entity;
$node_type = $this->instance['bundle'];
$ids = array();
foreach ($user_groups as $gid) {
// Check if user has "create" permissions on those groups.
// If the user doesn't have create permission, check if perhaps the
// content already exists and the user has edit permission.
if (og_user_access($group_type, $gid, "create {$node_type} content")) {
$ids[] = $gid;
} elseif (!empty($node->nid) && (og_user_access($group_type, $gid, "update any {$node_type} content") || $user->uid == $node->uid && og_user_access($group_type, $gid, "update own {$node_type} content"))) {
$node_groups = isset($node_groups) ? $node_groups : og_get_entity_groups('node', $node->nid);
if (in_array($gid, $node_groups['node'])) {
$ids[] = $gid;
}
}
}
} else {
$ids = $user_groups;
}
if ($ids) {
$query->propertyCondition($entity_info['entity keys']['id'], $ids, 'IN');
} else {
// User doesn't have permission to select any group so falsify this
// query.
$query->propertyCondition($entity_info['entity keys']['id'], -1, '=');
}
} elseif ($field_mode == 'admin' && $user_groups) {
// Show only groups the user doesn't belong to.
if (!empty($this->instance) && $this->instance['entity_type'] == 'node') {
// Don't include the groups, the user doesn't have create
// permission.
$node_type = $this->instance['bundle'];
foreach ($user_groups as $delta => $gid) {
if (!og_user_access($group_type, $gid, "create {$node_type} content")) {
unset($user_groups[$delta]);
}
}
}
if ($user_groups) {
$query->propertyCondition($entity_info['entity keys']['id'], $user_groups, 'NOT IN');
}
}
return $query;
}
/**
* Return all user authorization ids (group x role) in form gid-rid such as 2-1.
* regardless of it they were granted by this module, any authorization ids should be returned.
*
* @param user object $user
* @return array such as array('3-2','7-2')
*/
public function usersAuthorizations(&$user)
{
$authorizations = array();
if ($this->ogVersion == 1) {
$groups = og_load_multiple(og_get_all_group());
$authorizations = array();
if (is_object($user) && is_array($groups)) {
foreach ($groups as $gid => $discard) {
$roles = og_get_user_roles($gid, $user->uid);
foreach ($roles as $rid => $discard) {
$authorizations[] = ldap_authorization_og_authorization_id($gid, $rid);
}
}
}
} else {
// og 7.x-2.x
$user_entities = entity_load('user', array($user->uid));
$memberships = og_get_entity_groups('user', $user_entities[$user->uid]);
foreach ($memberships as $entity_type => $entity_memberships) {
foreach ($entity_memberships as $og_membership_id => $gid) {
$roles = og_get_user_roles($entity_type, $gid, $user->uid);
foreach ($roles as $rid => $discard) {
$authorizations[] = ldap_authorization_og_authorization_id($gid, $rid, $entity_type);
}
}
}
}
return $authorizations;
}
/**
* @see ldapAuthorizationConsumerAbstract::usersAuthorizations
*/
public function usersAuthorizations(&$user, $reset = FALSE, $return_data = TRUE)
{
static $users;
if (!is_array($users)) {
$users = array();
// no cache exists, create static array
} elseif ($reset && isset($users[$user->uid])) {
unset($users[$user->uid]);
// clear users cache
} elseif (!$return_data) {
return NULL;
// simply clearing cache
} elseif (!empty($users[$user->uid])) {
return $users[$user->uid];
// return cached data
}
$authorizations = array();
if ($this->ogVersion == 1) {
$gids = og_get_groups_by_user($user);
foreach ($gids as $i => $gid) {
$roles = og_get_user_roles($gid, $user->uid);
if (!empty($roles[$this->defaultMembershipRid])) {
// if you aren't a member, doesn't matter what roles you have in og 1.5
if (isset($roles[$this->anonymousRid])) {
unset($roles[$this->anonymousRid]);
}
// ignore anonymous role
$rids = array_values($roles);
asort($rids, SORT_NUMERIC);
// go low to high to get default memberships first
foreach ($rids as $rid) {
$authorizations[] = ldap_authorization_og_authorization_id($gid, $rid);
}
}
}
} else {
// og 7.x-2.x
$user_entities = entity_load('user', array($user->uid));
$memberships = og_get_entity_groups('user', $user_entities[$user->uid]);
foreach ($memberships as $entity_type => $entity_memberships) {
foreach ($entity_memberships as $og_membership_id => $gid) {
$roles = og_get_user_roles($entity_type, $gid, $user->uid);
foreach ($roles as $rid => $discard) {
$authorizations[] = ldap_authorization_og_authorization_id($gid, $rid, $entity_type);
}
}
}
}
$users[$user->uid] = $authorizations;
return $authorizations;
}
public function get_user_groups($uid = FALSE)
{
global $user;
if ($uid) {
$account = user_load($uid);
} else {
$account = $user;
}
$retval = array();
$groups = og_get_entity_groups('user', $account);
if (is_array($groups) and count($groups) > 0) {
if (function_exists('og_get_group')) {
$retval = $groups;
} else {
$retval = $groups['node'];
}
}
return $retval;
}
function filedepot_og_get_user_groups()
{
global $user;
$retval = array();
$groups = og_get_entity_groups('user', $user);
if (is_array($groups) and count($groups) > 0) {
if (function_exists('og_get_group')) {
$retval = $groups;
} else {
$retval = $groups['node'];
}
}
return $retval;
}
/**
* Helper function to determine if a user has access to score a quiz.
*
* @param $quiz_creator
* uid of the quiz creator.
*
* @return bool
*/
public function quizContextAccessToScore($quiz_creator = NULL)
{
// Must we check this node, or the parent quiz ?
if (!isset($this->checkWhat)) {
if (isset($this->question->nid) && og_is_group_content_type('node', $this->question->type)) {
$groups = og_get_entity_groups('node', $this->node);
if (!empty($groups)) {
$this->checkWhat = 'self';
}
}
// If empty, check the parent quiz.
if (!isset($this->checkWhat)) {
// Try fetching the parent quiz, if any.
$quiz = $this->getParentQuiz();
if (isset($quiz)) {
$this->checkWhat = 'parent';
} else {
// Use default permissions.
$this->checkWhat = 'none';
}
}
}
if ($this->checkWhat != 'none') {
if ($this->checkWhat == 'parent') {
$node = $this->getParentQuiz();
} else {
$node = clone $this->question;
}
if ($quiz_creator == NULL && ($quiz = quiz_get_quiz_from_menu())) {
$quiz_creator = $quiz->uid;
}
if (!($access = og_quiz_ogs_access($node, array('score taken quiz answer', 'score taken quiz answer')))) {
$access = og_quiz_ogs_access($node, 'score own quiz');
if ($access) {
global $user;
$access = $access && $user->uid == $quiz_creator;
}
}
}
return isset($access) ? $access : quiz_access_to_score($quiz_creator);
}
