/** * Overrides OgSelectionHandler::entityFieldQueryAlter(). * * Add the user's groups along with the rest of the "public" groups. */ public function entityFieldQueryAlter(SelectQueryInterface $query) { $gids = og_get_entity_groups(); if (empty($gids['node'])) { return; } $conditions =& $query->conditions(); // Find the condition for the "field_data_field_privacy_settings" query, and // the one for the "node.nid", so we can later db_or() them. $public_condition = array(); foreach ($conditions as $key => $condition) { if ($key !== '#conjunction' && is_string($condition['field'])) { if (strpos($condition['field'], 'field_data_field_og_subscribe_settings') === 0) { $public_condition = $condition; unset($conditions[$key]); } if ($condition['field'] === 'node.nid') { unset($conditions[$key]); } } } if (!$public_condition) { return; } $or = db_or(); $or->condition($public_condition['field'], $public_condition['value'], $public_condition['operator']); $or->condition('node.nid', $gids['node'], 'IN'); $query->condition($or); }
/** * Implements EntityReference_BehaviorHandler_Abstract::Delete() * * CRUD memberships from field, or if entity is marked for deleteing, * delete all the OG membership related to it. * * @see og_entity_delete(). */ public function delete($entity_type, $entity, $field, $instance, $langcode, &$items) { if (!empty($entity->delete_og_membership)) { // Delete all OG memberships related to this entity. $og_memberships = array(); foreach (og_get_entity_groups($entity_type, $entity) as $group_type => $ids) { $og_memberships = array_merge($og_memberships, array_keys($ids)); } if ($og_memberships) { og_membership_delete_multiple($og_memberships); } } else { $this->OgMembershipCrud($entity_type, $entity, $field, $instance, $langcode, $items); } }
/** * Determine if the user has access to the panelizer operation for this type. */ function panelizer_access($op, $bundle, $view_mode) { $og_access = FALSE; if (is_object($bundle)) { $entity = $bundle; list($entity_id, $revision_id, $bundle) = entity_extract_ids($this->entity_type, $entity); // Additional support for Organic Groups. // @todo move to og_panelizer_access(); if (module_exists('og')) { if (og_is_group($this->entity_type, $entity)) { $og_access = og_user_access($this->entity_type, $entity_id, "administer panelizer og_group {$op}"); } else { $og_groups = og_get_entity_groups($this->entity_type, $entity); foreach ($og_groups as $og_group_type => $og_gids) { foreach ($og_gids as $og_gid) { if (og_user_access($og_group_type, $og_gid, "administer panelizer {$this->entity_type} {$bundle} {$op}")) { $og_access = TRUE; } } } } } // If there is an $op, this must actually be panelized in order to pass. // If there is no $op, then the settings page can provide us a "panelize // it!" page even if there is no display. if ($op && $op != 'overview' && $op != 'settings' && $op != 'choice' && empty($entity->panelizer[$view_mode])) { return FALSE; } } // Invoke hook_panelizer_access(). $panelizer_access = module_invoke_all('panelizer_access', $op, $this->entity_type, $bundle, $view_mode); array_unshift($panelizer_access, user_access('administer panelizer'), user_access("administer panelizer {$this->entity_type} {$bundle} {$op}")); $panelizer_access[] = $og_access; // Trigger hook_panelizer_access_alter(). // We can't pass this many parameters to drupal_alter, so stuff them into // an array. $options = array('op' => $op, 'entity_type' => $this->entity_type, 'bundle' => $bundle, 'view_mode' => $view_mode); drupal_alter('panelizer_access', $panelizer_access, $options); foreach ($panelizer_access as $access) { if ($access) { return $access; } } return FALSE; }
/** * Determine if the user has access to the panelizer operation for this type. */ function panelizer_access($op, $bundle, $view_mode) { $og_access = FALSE; if (is_object($bundle)) { $entity = $bundle; list($entity_id, $revision_id, $bundle) = entity_extract_ids($this->entity_type, $entity); // Additional support for Organic Groups. if (module_exists('og')) { if (og_is_group($this->entity_type, $entity)) { $og_access = og_user_access($this->entity_type, $entity_id, "administer panelizer og_group {$op}"); } else { $og_groups = og_get_entity_groups($this->entity_type, $entity); foreach ($og_groups as $og_group_type => $og_gids) { foreach ($og_gids as $og_gid) { if (og_user_access($og_group_type, $og_gid, "administer panelizer {$this->entity_type} {$bundle} {$op}")) { $og_access = TRUE; } } } } } // If there is an $op, this must actually be panelized in order to pass. // If there is no $op, then the settings page can provide us a "panelize // it!" page even if there is no panel. if ($op && $op != 'overview' && $op != 'settings' && $op != 'choice' && empty($entity->panelizer[$view_mode])) { return FALSE; } } return user_access('administer panelizer') || user_access("administer panelizer {$this->entity_type} {$bundle} {$op}") || $og_access; }
/** * Build an EntityFieldQuery to get referencable entities. */ public function buildEntityFieldQuery($match = NULL, $match_operator = 'CONTAINS') { global $user; $handler = EntityReference_SelectionHandler_Generic::getInstance($this->field, $this->instance, $this->entity_type, $this->entity); $query = $handler->buildEntityFieldQuery($match, $match_operator); // FIXME: http://drupal.org/node/1325628 unset($query->tags['node_access']); // FIXME: drupal.org/node/1413108 unset($query->tags['entityreference']); $query->addTag('entity_field_access'); $query->addTag('og'); $group_type = $this->field['settings']['target_type']; $entity_info = entity_get_info($group_type); if (!field_info_field(OG_GROUP_FIELD)) { // There are no groups, so falsify query. $query->propertyCondition($entity_info['entity keys']['id'], -1, '='); return $query; } // Show only the entities that are active groups. $query->fieldCondition(OG_GROUP_FIELD, 'value', 1, '='); if (empty($this->instance['field_mode'])) { return $query; } $field_mode = $this->instance['field_mode']; if ($field_mode == 'default' || $field_mode == 'admin') { $user_groups = oa_core_get_groups_by_user(NULL, $group_type); $user_groups = array_merge($user_groups, $this->getGidsForCreate()); // This is a workaround for not being able to choice which default value for // 'my groups', which causes my groups to be lost. // @todo find a way to default my groups based on selection handler. $user_groups_only = og_get_entity_groups(); $user_groups_only = !empty($user_groups_only['node']) ? $user_groups_only['node'] : array(); // Show the user only the groups they belong to. if ($field_mode == 'default') { if ($user_groups && !empty($this->instance) && $this->instance['entity_type'] == 'node') { // Determine which groups should be selectable. $node = $this->entity; $node_type = $this->instance['bundle']; $has_create_access = array_keys(array_filter(oa_user_access_nids('node', $user_groups, "create {$node_type} content"))); $has_update_access = array(); $remaining = array_diff($user_groups, $has_create_access); if (!empty($node->nid) && $remaining) { $groups = og_get_entity_groups('node', $node->nid); $node_groups = !empty($groups['node']) ? $groups['node'] : array(); if ($node_groups = array_diff($node_groups, $remaining)) { $check_perms = array("update any {$node_type} content"); if ($user->uid == $node->uid) { $check_perms = "update own {$node_type} content"; } $has_update_access = array_keys(array_filter(oa_user_access_nids('node', $node_groups, $check_perms))); } } $ids = array_merge($has_update_access, $has_create_access); } else { $ids = $user_groups; } if ($ids) { $query->propertyCondition($entity_info['entity keys']['id'], $ids, 'IN'); } else { // User doesn't have permission to select any group so falsify this // query. $query->propertyCondition($entity_info['entity keys']['id'], -1, '='); } } elseif ($field_mode == 'admin' && $user_groups_only) { // Show only groups the user doesn't belong to. if (!empty($this->instance) && $this->instance['entity_type'] == 'node') { // Don't include the groups, the user doesn't have create // permission. $node_type = $this->instance['bundle']; foreach ($user_groups_only as $delta => $gid) { if (!og_user_access($group_type, $gid, "create {$node_type} content")) { unset($user_groups_only[$delta]); } } } if ($user_groups) { $query->propertyCondition($entity_info['entity keys']['id'], $user_groups_only, 'NOT IN'); } } } return $query; }
/** * Build an EntityFieldQuery to get referencable entities. */ public function buildEntityFieldQuery($match = NULL, $match_operator = 'CONTAINS') { global $user; $handler = EntityReference_SelectionHandler_Generic::getInstance($this->field, $this->instance, $this->entity_type, $this->entity); $query = $handler->buildEntityFieldQuery($match, $match_operator); // FIXME: http://drupal.org/node/1325628 unset($query->tags['node_access']); // FIXME: drupal.org/node/1413108 unset($query->tags['entityreference']); $query->addTag('entity_field_access'); $query->addTag('og'); $group_type = $this->field['settings']['target_type']; $entity_info = entity_get_info($group_type); if (!field_info_field(OG_GROUP_FIELD)) { // There are no groups, so falsify query. $query->propertyCondition($entity_info['entity keys']['id'], -1, '='); return $query; } // Show only the entities that are active groups. $query->fieldCondition(OG_GROUP_FIELD, 'value', 1, '='); if (empty($this->instance['field_mode'])) { return $query; } $field_mode = $this->instance['field_mode']; $user_groups = og_get_groups_by_user(NULL, $group_type); $user_groups = $user_groups ? $user_groups : array(); $user_groups = array_merge($user_groups, $this->getGidsForCreate()); // Show the user only the groups they belong to. if ($field_mode == 'default') { if ($user_groups && !empty($this->instance) && $this->instance['entity_type'] == 'node') { // Determine which groups should be selectable. $node = $this->entity; $node_type = $this->instance['bundle']; $ids = array(); foreach ($user_groups as $gid) { // Check if user has "create" permissions on those groups. // If the user doesn't have create permission, check if perhaps the // content already exists and the user has edit permission. if (og_user_access($group_type, $gid, "create {$node_type} content")) { $ids[] = $gid; } elseif (!empty($node->nid) && (og_user_access($group_type, $gid, "update any {$node_type} content") || $user->uid == $node->uid && og_user_access($group_type, $gid, "update own {$node_type} content"))) { $node_groups = isset($node_groups) ? $node_groups : og_get_entity_groups('node', $node->nid); if (in_array($gid, $node_groups['node'])) { $ids[] = $gid; } } } } else { $ids = $user_groups; } if ($ids) { $query->propertyCondition($entity_info['entity keys']['id'], $ids, 'IN'); } else { // User doesn't have permission to select any group so falsify this // query. $query->propertyCondition($entity_info['entity keys']['id'], -1, '='); } } elseif ($field_mode == 'admin' && $user_groups) { // Show only groups the user doesn't belong to. if (!empty($this->instance) && $this->instance['entity_type'] == 'node') { // Don't include the groups, the user doesn't have create // permission. $node_type = $this->instance['bundle']; foreach ($user_groups as $delta => $gid) { if (!og_user_access($group_type, $gid, "create {$node_type} content")) { unset($user_groups[$delta]); } } } if ($user_groups) { $query->propertyCondition($entity_info['entity keys']['id'], $user_groups, 'NOT IN'); } } return $query; }
/** * Return all user authorization ids (group x role) in form gid-rid such as 2-1. * regardless of it they were granted by this module, any authorization ids should be returned. * * @param user object $user * @return array such as array('3-2','7-2') */ public function usersAuthorizations(&$user) { $authorizations = array(); if ($this->ogVersion == 1) { $groups = og_load_multiple(og_get_all_group()); $authorizations = array(); if (is_object($user) && is_array($groups)) { foreach ($groups as $gid => $discard) { $roles = og_get_user_roles($gid, $user->uid); foreach ($roles as $rid => $discard) { $authorizations[] = ldap_authorization_og_authorization_id($gid, $rid); } } } } else { // og 7.x-2.x $user_entities = entity_load('user', array($user->uid)); $memberships = og_get_entity_groups('user', $user_entities[$user->uid]); foreach ($memberships as $entity_type => $entity_memberships) { foreach ($entity_memberships as $og_membership_id => $gid) { $roles = og_get_user_roles($entity_type, $gid, $user->uid); foreach ($roles as $rid => $discard) { $authorizations[] = ldap_authorization_og_authorization_id($gid, $rid, $entity_type); } } } } return $authorizations; }
/** * @see ldapAuthorizationConsumerAbstract::usersAuthorizations */ public function usersAuthorizations(&$user, $reset = FALSE, $return_data = TRUE) { static $users; if (!is_array($users)) { $users = array(); // no cache exists, create static array } elseif ($reset && isset($users[$user->uid])) { unset($users[$user->uid]); // clear users cache } elseif (!$return_data) { return NULL; // simply clearing cache } elseif (!empty($users[$user->uid])) { return $users[$user->uid]; // return cached data } $authorizations = array(); if ($this->ogVersion == 1) { $gids = og_get_groups_by_user($user); foreach ($gids as $i => $gid) { $roles = og_get_user_roles($gid, $user->uid); if (!empty($roles[$this->defaultMembershipRid])) { // if you aren't a member, doesn't matter what roles you have in og 1.5 if (isset($roles[$this->anonymousRid])) { unset($roles[$this->anonymousRid]); } // ignore anonymous role $rids = array_values($roles); asort($rids, SORT_NUMERIC); // go low to high to get default memberships first foreach ($rids as $rid) { $authorizations[] = ldap_authorization_og_authorization_id($gid, $rid); } } } } else { // og 7.x-2.x $user_entities = entity_load('user', array($user->uid)); $memberships = og_get_entity_groups('user', $user_entities[$user->uid]); foreach ($memberships as $entity_type => $entity_memberships) { foreach ($entity_memberships as $og_membership_id => $gid) { $roles = og_get_user_roles($entity_type, $gid, $user->uid); foreach ($roles as $rid => $discard) { $authorizations[] = ldap_authorization_og_authorization_id($gid, $rid, $entity_type); } } } } $users[$user->uid] = $authorizations; return $authorizations; }
public function get_user_groups($uid = FALSE) { global $user; if ($uid) { $account = user_load($uid); } else { $account = $user; } $retval = array(); $groups = og_get_entity_groups('user', $account); if (is_array($groups) and count($groups) > 0) { if (function_exists('og_get_group')) { $retval = $groups; } else { $retval = $groups['node']; } } return $retval; }
function filedepot_og_get_user_groups() { global $user; $retval = array(); $groups = og_get_entity_groups('user', $user); if (is_array($groups) and count($groups) > 0) { if (function_exists('og_get_group')) { $retval = $groups; } else { $retval = $groups['node']; } } return $retval; }
/** * Helper function to determine if a user has access to score a quiz. * * @param $quiz_creator * uid of the quiz creator. * * @return bool */ public function quizContextAccessToScore($quiz_creator = NULL) { // Must we check this node, or the parent quiz ? if (!isset($this->checkWhat)) { if (isset($this->question->nid) && og_is_group_content_type('node', $this->question->type)) { $groups = og_get_entity_groups('node', $this->node); if (!empty($groups)) { $this->checkWhat = 'self'; } } // If empty, check the parent quiz. if (!isset($this->checkWhat)) { // Try fetching the parent quiz, if any. $quiz = $this->getParentQuiz(); if (isset($quiz)) { $this->checkWhat = 'parent'; } else { // Use default permissions. $this->checkWhat = 'none'; } } } if ($this->checkWhat != 'none') { if ($this->checkWhat == 'parent') { $node = $this->getParentQuiz(); } else { $node = clone $this->question; } if ($quiz_creator == NULL && ($quiz = quiz_get_quiz_from_menu())) { $quiz_creator = $quiz->uid; } if (!($access = og_quiz_ogs_access($node, array('score taken quiz answer', 'score taken quiz answer')))) { $access = og_quiz_ogs_access($node, 'score own quiz'); if ($access) { global $user; $access = $access && $user->uid == $quiz_creator; } } } return isset($access) ? $access : quiz_access_to_score($quiz_creator); }