/**
* Implements EditEntityFieldAccessCheckInterface::accessEditEntityField().
*/
public function accessEditEntityField($entity_type, $entity, $field_name)
{
$is_extra_field = _quickedit_is_extra_field($entity_type, $field_name);
$entity_access = entity_access('update', $entity_type, $entity);
$field_access = $is_extra_field ? TRUE : field_access('edit', $field_name, $entity_type, $entity);
return $entity_access && $field_access;
}
/**
* Check view and edit permissions.
*
* @param $op
* The type of operation. Either 'view' or 'edit'.
*/
function have_access($op)
{
global $user;
$db = DBConnection::instance();
$field_id = (int) _post('fid');
if (!$field_id) {
$field_id = (int) _get('fid');
}
$field = (object) $db->dq("SELECT entity_id, entity_type, delta FROM {mytinytodo_fields} WHERE id = ?", $field_id)->fetch_assoc();
$field_info = field_info_field_by_id($field->delta);
if ($field->entity_type == 'node') {
if (!($node = node_load($field->entity_id))) {
return false;
}
$node_access = $op == 'edit' ? 'update' : $op;
if (node_access($node_access, $node, $user) && field_access($op, $field_info, $field->entity_type, $node, $user)) {
return true;
}
} else {
if ($field->entity_type == 'user') {
if (!($account = user_load($field->entity_id))) {
return false;
}
if (field_access($op, $field_info, $field->entity_type, $account, $user)) {
return true;
}
} else {
if ($field->entity_type == 'comment') {
if (!($comment = comment_load($field->entity_id))) {
return false;
}
if ($op == 'view' && !user_access('access comments')) {
return false;
} else {
if ($op == 'edit' && !comment_access($op, $comment)) {
return false;
}
}
if (field_access($op, $field_info, $field->entity_type, $comment, $user)) {
return true;
}
} else {
if (module_exists('entity')) {
if (!($entity = entity_load($field_id))) {
return false;
}
$entity_access = $op == 'edit' ? 'update' : $op;
if (entity_access($entity_access, $field->entity_type, $entity, $user) && field_access($op, $field_info, $field->entity_type, $entity, $user)) {
return true;
}
}
}
}
}
return false;
}
/**
* Create, update or delete OG membership based on field values.
*/
public function OgMembershipCrud($entity_type, $entity, $field, $instance, $langcode, &$items)
{
if (!user_access('administer group') && !field_access('edit', $field, $entity_type, $entity)) {
// User has no access to field.
return;
}
$diff = $this->groupAudiencegetDiff($entity_type, $entity, $field, $instance, $langcode, $items);
if (!$diff) {
return;
}
$field_name = $field['field_name'];
$group_type = $field['settings']['target_type'];
$diff += array('insert' => array(), 'delete' => array());
// Delete first, so we don't trigger cardinality errors.
if ($diff['delete']) {
og_membership_delete_multiple($diff['delete']);
}
foreach ($diff['insert'] as $gid) {
$values = array('entity_type' => $entity_type, 'entity' => $entity, 'field_name' => $field_name);
og_group($group_type, $gid, $values);
}
}
/**
* Create, update or delete OG membership based on field values.
*/
public function OgMembershipCrud($entity_type, $entity, $field, $instance, $langcode, &$items)
{
if (!user_access('administer group') && !field_access('edit', $field, $entity_type, $entity)) {
// User has no access to field.
return;
}
if (!($diff = $this->groupAudiencegetDiff($entity_type, $entity, $field, $instance, $langcode, $items))) {
return;
}
$field_name = $field['field_name'];
$group_type = $field['settings']['target_type'];
$diff += array('insert' => array(), 'delete' => array());
// Delete first, so we don't trigger cardinality errors.
if ($diff['delete']) {
og_membership_delete_multiple($diff['delete']);
}
if (!$diff['insert']) {
return;
}
// Prepare an array with the membership state, if it was provided in the widget.
$states = array();
foreach ($items as $item) {
$gid = $item['target_id'];
if (empty($item['state']) || !in_array($gid, $diff['insert'])) {
// State isn't provided, or not an "insert" operation.
continue;
}
$states[$gid] = $item['state'];
}
foreach ($diff['insert'] as $gid) {
$values = array('entity_type' => $entity_type, 'entity' => $entity, 'field_name' => $field_name);
if (!empty($states[$gid])) {
$values['state'] = $states[$gid];
}
og_group($group_type, $gid, $values);
}
}
/**
* Returns whether currently logged in user has access to do specified
* operation on the given field.
*
* @param string $field_name
* Field name.
* @param string $op
* Operation. It can be either 'view' or 'edit'.
*
* @return bool|null
* If field exists, then this function returns TRUE or FALSE depending on
* the access. If field does not exist, then it returns NULL.
*/
public function hasFieldAccess($field_name, $op = 'view')
{
if (($field = field_info_field($field_name)) && in_array($op, array('edit', 'view'))) {
return field_access($op, $field, $this->getEntityType(), $this->entity);
}
return NULL;
}
