/** * Overrides OgSelectionHandler::buildEntityFieldQuery(). */ public function buildEntityFieldQuery($match = NULL, $match_operator = 'CONTAINS') { $group_type = $this->field['settings']['target_type']; // See if the Entity allows for non-member postings $user_access = FALSE; $event = NULL; if ($this->entity && isset($this->entity->og_group_ref[LANGUAGE_NONE][0]['target_id'])) { $event = $this->entity->og_group_ref[LANGUAGE_NONE][0]['target_id']; } elseif (module_exists('og_context') && isset($_SESSION)) { $event = isset($_SESSION['og_context']) ? $_SESSION['og_context'] : og_context('node'); $event = isset($event['gid']) ? $event['gid'] : NULL; } if ($event) { $user_access = og_user_access('node', $event, "create " . $this->instance['bundle'] . " content") || og_user_access('node', $event, "update own " . $this->instance['bundle'] . " content") || og_user_access('node', $event, "edit any " . $this->instance['bundle'] . " content"); } if (empty($this->instance['field_mode']) || $group_type != 'node' || user_is_anonymous() || !$user_access) { return parent::buildEntityFieldQuery($match, $match_operator); } $handler = EntityReference_SelectionHandler_Generic::getInstance($this->field, $this->instance, $this->entity_type, $this->entity); $query = $handler->buildEntityFieldQuery($match, $match_operator); // Show only the entities that are active groups. $query->fieldCondition(OG_GROUP_FIELD, 'value', 1); // Add this property to make sure we will have the {node} table later on in // OgCommonsSelectionHandler::entityFieldQueryAlter(). $query->propertyCondition('nid', 0, '>'); $query->addMetaData('entityreference_selection_handler', $this); // FIXME: http://drupal.org/node/1325628 unset($query->tags['node_access']); $query->addTag('entity_field_access'); $query->addTag('og'); return $query; }
/** * Verify the user have access to the manage boxes. */ public function checkGroupAccess() { if (parent::checkGroupAccess()) { return TRUE; } $account = $this->getAccount(); $access = !og_user_access('node', $this->space->id, 'administer boxes', $account) && !og_user_access('node', $this->space->id, 'edit boxes', $account); if ($access) { // The current user can't manage boxes. $this->throwException("You can't manage boxes in this vsite."); } return TRUE; }
/** * Overrides \RestfulEntityBaseTaxonomyTerm::checkEntityAccess(). * * Allow access to create "Tags" resource for privileged users, as * we can't use entity_access() since entity_metadata_taxonomy_access() * denies it for a non-admin user. */ protected function checkEntityAccess($op, $entity_type, $entity) { $account = $this->getAccount(); $resource_name = $this->getResourceName(); if ($resource_name == 'tags') { $group = c4m_restful_get_group_by_og_vocab_name($entity->vocabulary_machine_name); $gid = $group[0]->gid; return og_user_access('node', $gid, 'edit terms', $account); } elseif ($resource_name == 'categories') { $group = c4m_restful_get_group_by_og_vocab_name($entity->vocabulary_machine_name); $gid = $group[0]->gid; return og_user_access('node', $gid, 'administer group', $account); } return user_access('create content', $account); }
/** * Overrides \RestfulEntityBase::checkEntityAccess(). * * Set permissions to create group content based on user's OG permissions and * group status value. */ protected function checkEntityAccess($op, $entity_type, $entity) { $account = $this->getAccount(); $resource_name = $this->getResourceName(); $group_id = $this->request['group']; $wrapper = entity_metadata_wrapper('node', $group_id); $group_status = $wrapper->c4m_og_status->value(); // Only platform admins can create group content if group status // is NOT within the allowed groups array. $allowed_groups = array('draft', 'published'); if (!in_array($group_status, $allowed_groups) && !user_access('administer site configuration', $account)) { return FALSE; } return og_user_access('node', $group_id, "create {$resource_name} content", $account); }
protected function checkEntityAccess($op, $entity_type, $entity) { $request = $this->getRequest(); if ($request['vsite']) { spaces_set_space(spaces_load('og', $request['vsite'])); } if (empty($entity->nid)) { // This is still a new node. Skip. return; } if ($is_group = og_is_group($entity_type, $entity)) { $group = $entity; } else { $wrapper = entity_metadata_wrapper('node', $entity); $group = $wrapper->{OG_AUDIENCE_FIELD}->get(0)->value(); } if (empty($request['vsite'])) { spaces_set_space(spaces_load('og', $group->nid)); } $manager = og_user_access('node', $group->nid, 'administer users', $this->getAccount()); if ($is_group) { // In addition to the node access check, we need to see if the user can // manage groups. return $manager && !vsite_access_node_access($group, 'view', $this->getAccount()) == NODE_ACCESS_DENY; } else { $app = os_get_app_by_bundle($entity->type); $space = spaces_get_space(); $application_settings = $space->controllers->variable->get('spaces_features'); switch ($application_settings[$app]) { case OS_DISABLED_APP: return FALSE; case OS_PRIVATE_APP: return og_is_member('node', $group->nid, 'user', $this->getAccount()) && parent::checkEntityAccess($op, $entity_type, $entity); default: case OS_PUBLIC_APP: return parent::checkEntityAccess($op, $entity_type, $entity); } } }
/** * Determine if the user has access to the panelizer operation for this type. */ function panelizer_access($op, $bundle, $view_mode) { $og_access = FALSE; if (is_object($bundle)) { $entity = $bundle; list($entity_id, $revision_id, $bundle) = entity_extract_ids($this->entity_type, $entity); // Additional support for Organic Groups. // @todo move to og_panelizer_access(); if (module_exists('og')) { if (og_is_group($this->entity_type, $entity)) { $og_access = og_user_access($this->entity_type, $entity_id, "administer panelizer og_group {$op}"); } else { $og_groups = og_get_entity_groups($this->entity_type, $entity); foreach ($og_groups as $og_group_type => $og_gids) { foreach ($og_gids as $og_gid) { if (og_user_access($og_group_type, $og_gid, "administer panelizer {$this->entity_type} {$bundle} {$op}")) { $og_access = TRUE; } } } } } // If there is an $op, this must actually be panelized in order to pass. // If there is no $op, then the settings page can provide us a "panelize // it!" page even if there is no display. if ($op && $op != 'overview' && $op != 'settings' && $op != 'choice' && empty($entity->panelizer[$view_mode])) { return FALSE; } } // Invoke hook_panelizer_access(). $panelizer_access = module_invoke_all('panelizer_access', $op, $this->entity_type, $bundle, $view_mode); array_unshift($panelizer_access, user_access('administer panelizer'), user_access("administer panelizer {$this->entity_type} {$bundle} {$op}")); $panelizer_access[] = $og_access; // Trigger hook_panelizer_access_alter(). // We can't pass this many parameters to drupal_alter, so stuff them into // an array. $options = array('op' => $op, 'entity_type' => $this->entity_type, 'bundle' => $bundle, 'view_mode' => $view_mode); drupal_alter('panelizer_access', $panelizer_access, $options); foreach ($panelizer_access as $access) { if ($access) { return $access; } } return FALSE; }
/** * Check for group access */ public function checkGroupAccess($op, $file = null) { $account = $this->getAccount(); $vsite = null; if (!empty($this->request['vsite'])) { $vsite = $this->request['vsite']; } elseif ($file == null) { return FALSE; } elseif ($file instanceof EntityDrupalWrapper) { $value = $file->{OG_AUDIENCE_FIELD}->value(); $vsite = $value['target_id']; } elseif (is_object($file)) { $vsite = $file->{OG_AUDIENCE_FIELD}[LANGUAGE_NONE][0]['target_id']; } $permission = ''; switch ($op) { case 'create': $permission = 'create files'; break; case 'update': case 'edit': $permission = 'edit any files'; break; case 'delete': $permission = 'delete any files'; break; } if ($permission && $vsite) { return og_user_access('node', $vsite, $permission, $account); } return false; }
/** * Determine if the user has access to the panelizer operation for this type. */ function panelizer_access($op, $bundle, $view_mode) { $og_access = FALSE; if (is_object($bundle)) { $entity = $bundle; list($entity_id, $revision_id, $bundle) = entity_extract_ids($this->entity_type, $entity); // Additional support for Organic Groups. if (module_exists('og')) { if (og_is_group($this->entity_type, $entity)) { $og_access = og_user_access($this->entity_type, $entity_id, "administer panelizer og_group {$op}"); } else { $og_groups = og_get_entity_groups($this->entity_type, $entity); foreach ($og_groups as $og_group_type => $og_gids) { foreach ($og_gids as $og_gid) { if (og_user_access($og_group_type, $og_gid, "administer panelizer {$this->entity_type} {$bundle} {$op}")) { $og_access = TRUE; } } } } } // If there is an $op, this must actually be panelized in order to pass. // If there is no $op, then the settings page can provide us a "panelize // it!" page even if there is no panel. if ($op && $op != 'overview' && $op != 'settings' && $op != 'choice' && empty($entity->panelizer[$view_mode])) { return FALSE; } } return user_access('administer panelizer') || user_access("administer panelizer {$this->entity_type} {$bundle} {$op}") || $og_access; }
/** * Build an EntityFieldQuery to get referencable entities. */ public function buildEntityFieldQuery($match = NULL, $match_operator = 'CONTAINS') { global $user; $handler = EntityReference_SelectionHandler_Generic::getInstance($this->field, $this->instance, $this->entity_type, $this->entity); $query = $handler->buildEntityFieldQuery($match, $match_operator); // FIXME: http://drupal.org/node/1325628 unset($query->tags['node_access']); // FIXME: drupal.org/node/1413108 unset($query->tags['entityreference']); $query->addTag('entity_field_access'); $query->addTag('og'); $group_type = $this->field['settings']['target_type']; $entity_info = entity_get_info($group_type); if (!field_info_field(OG_GROUP_FIELD)) { // There are no groups, so falsify query. $query->propertyCondition($entity_info['entity keys']['id'], -1, '='); return $query; } // Show only the entities that are active groups. $query->fieldCondition(OG_GROUP_FIELD, 'value', 1, '='); if (empty($this->instance['field_mode'])) { return $query; } $field_mode = $this->instance['field_mode']; if ($field_mode == 'default' || $field_mode == 'admin') { $user_groups = oa_core_get_groups_by_user(NULL, $group_type); $user_groups = array_merge($user_groups, $this->getGidsForCreate()); // This is a workaround for not being able to choice which default value for // 'my groups', which causes my groups to be lost. // @todo find a way to default my groups based on selection handler. $user_groups_only = og_get_entity_groups(); $user_groups_only = !empty($user_groups_only['node']) ? $user_groups_only['node'] : array(); // Show the user only the groups they belong to. if ($field_mode == 'default') { if ($user_groups && !empty($this->instance) && $this->instance['entity_type'] == 'node') { // Determine which groups should be selectable. $node = $this->entity; $node_type = $this->instance['bundle']; $has_create_access = array_keys(array_filter(oa_user_access_nids('node', $user_groups, "create {$node_type} content"))); $has_update_access = array(); $remaining = array_diff($user_groups, $has_create_access); if (!empty($node->nid) && $remaining) { $groups = og_get_entity_groups('node', $node->nid); $node_groups = !empty($groups['node']) ? $groups['node'] : array(); if ($node_groups = array_diff($node_groups, $remaining)) { $check_perms = array("update any {$node_type} content"); if ($user->uid == $node->uid) { $check_perms = "update own {$node_type} content"; } $has_update_access = array_keys(array_filter(oa_user_access_nids('node', $node_groups, $check_perms))); } } $ids = array_merge($has_update_access, $has_create_access); } else { $ids = $user_groups; } if ($ids) { $query->propertyCondition($entity_info['entity keys']['id'], $ids, 'IN'); } else { // User doesn't have permission to select any group so falsify this // query. $query->propertyCondition($entity_info['entity keys']['id'], -1, '='); } } elseif ($field_mode == 'admin' && $user_groups_only) { // Show only groups the user doesn't belong to. if (!empty($this->instance) && $this->instance['entity_type'] == 'node') { // Don't include the groups, the user doesn't have create // permission. $node_type = $this->instance['bundle']; foreach ($user_groups_only as $delta => $gid) { if (!og_user_access($group_type, $gid, "create {$node_type} content")) { unset($user_groups_only[$delta]); } } } if ($user_groups) { $query->propertyCondition($entity_info['entity keys']['id'], $user_groups_only, 'NOT IN'); } } } return $query; }
/** * Get group IDs from URL or OG-context, with access to create group-content. * * @return * Array with group IDs a user (member or non-member) is allowed to * create, or empty array. */ private function getGidsForCreate() { if ($this->instance['entity_type'] != 'node') { return array(); } if (!module_exists('entityreference_prepopulate') || empty($this->instance['settings']['behaviors']['prepopulate'])) { return array(); } // Don't try to validate the IDs. if (!($ids = entityreference_prepopulate_get_values($this->field, $this->instance, TRUE, FALSE))) { return array(); } $node_type = $this->instance['bundle']; foreach ($ids as $delta => $id) { if (!is_numeric($id) || !$id || !og_user_access('node', $id, "create {$node_type} content")) { unset($ids[$delta]); } } return $ids; }
"<?php print $item_attributes[$delta]; ?> > <?php if (isset($item['colorbox_link'])) { ?> <div class="field-image-colorbox-link"><?php print $item['colorbox_link']; ?> </div> <?php } ?> <?php if ($element['#object'] == 'image' && og_user_access('node', $gid, 'create annotation') && empty($element['#object']->is_export)) { ?> <div class="annotation-help">Click and drag to annotate image.</div> <?php } ?> <?php if (isset($item['caption'])) { $caption = $item['caption']; unset($item['caption']); } ?> <?php print render($item); ?> <?php
/** * Create, update or delete OG membership based on field values. */ public function OgMembershipCrud($entity_type, $entity, $field, $instance, $langcode, &$items) { if (!user_access('administer group') && !field_access('edit', $field, $entity_type, $entity)) { // User has no access to field. return; } if (!($diff = $this->groupAudiencegetDiff($entity_type, $entity, $field, $instance, $langcode, $items))) { return; } $field_name = $field['field_name']; $group_type = $field['settings']['target_type']; $diff += array('insert' => array(), 'delete' => array()); // Delete first, so we don't trigger cardinality errors. if ($diff['delete']) { og_membership_delete_multiple($diff['delete']); } if (!$diff['insert']) { return; } // Prepare an array with the membership state, if it was provided in the widget. $states = array(); foreach ($items as $item) { $gid = $item['target_id']; // Must provide correct state in the event that approval is required. if (empty($item['state']) && $entity_type == 'user' && !og_user_access($group_type, $gid, 'subscribe without approval', $entity)) { $item['state'] = OG_STATE_PENDING; } elseif (empty($item['state']) || !in_array($gid, $diff['insert'])) { // State isn't provided, or not an "insert" operation. continue; } $states[$gid] = $item['state']; } foreach ($diff['insert'] as $gid) { $values = array('entity_type' => $entity_type, 'entity' => $entity, 'field_name' => $field_name); if (!empty($states[$gid])) { $values['state'] = $states[$gid]; } og_group($group_type, $gid, $values); } }
/** * Build an EntityFieldQuery to get referencable entities. */ public function buildEntityFieldQuery($match = NULL, $match_operator = 'CONTAINS') { global $user; $handler = EntityReference_SelectionHandler_Generic::getInstance($this->field, $this->instance, $this->entity_type, $this->entity); $query = $handler->buildEntityFieldQuery($match, $match_operator); // FIXME: http://drupal.org/node/1325628 unset($query->tags['node_access']); // FIXME: drupal.org/node/1413108 unset($query->tags['entityreference']); $query->addTag('entity_field_access'); $query->addTag('og'); $group_type = $this->field['settings']['target_type']; $entity_info = entity_get_info($group_type); if (!field_info_field(OG_GROUP_FIELD)) { // There are no groups, so falsify query. $query->propertyCondition($entity_info['entity keys']['id'], -1, '='); return $query; } // Show only the entities that are active groups. $query->fieldCondition(OG_GROUP_FIELD, 'value', 1, '='); if (empty($this->instance['field_mode'])) { return $query; } $field_mode = $this->instance['field_mode']; $user_groups = og_get_groups_by_user(NULL, $group_type); // Show the user only the groups they belong to. if ($field_mode == 'default') { if ($user_groups && !empty($this->instance) && $this->instance['entity_type'] == 'node') { // Determine which groups should be selectable. $node = $this->entity; $node_type = $this->instance['bundle']; $ids = array(); foreach ($user_groups as $gid) { // Check if user has "create" permissions on those groups. // If the user doesn't have create permission, check if perhaps the // content already exists and the user has edit permission. if (og_user_access($group_type, $gid, "create {$node_type} content")) { $ids[] = $gid; } elseif (!empty($node->nid) && (og_user_access($group_type, $gid, "update any {$node_type} content") || $user->uid == $node->uid && og_user_access($group_type, $gid, "update own {$node_type} content"))) { $node_groups = isset($node_groups) ? $node_groups : og_get_entity_groups('node', $node->nid); if (in_array($gid, $node_groups['node'])) { $ids[] = $gid; } } } } else { $ids = $user_groups; } if ($ids) { $query->propertyCondition($entity_info['entity keys']['id'], $ids, 'IN'); } else { // User doesn't have permission to select any group so falsify this // query. $query->propertyCondition($entity_info['entity keys']['id'], -1, '='); } } elseif ($field_mode == 'admin' && $user_groups) { // Show only groups the user doesn't belong to. if (!empty($this->instance) && $this->instance['entity_type'] == 'node') { // Don't include the groups, the user doesn't have create // permission. $node_type = $this->instance['bundle']; foreach ($user_groups as $delta => $gid) { if (!og_user_access($group_type, $gid, "create {$node_type} content")) { unset($user_groups[$delta]); } } } if ($user_groups) { $query->propertyCondition($entity_info['entity keys']['id'], $user_groups, 'NOT IN'); } } return $query; }
<?php $show_annotation_help = FALSE; if (in_array($type, array('essay', 'manuscript')) && empty($node->is_export)) { if (@($gid = $og_group_ref[LANGUAGE_NONE][0]['target_id'])) { $show_annotation_help = og_user_access('node', $gid, 'create annotation'); } } ?> <article<?php print $attributes; ?> > <?php print render($title_prefix); ?> <?php if (!$page && $title) { ?> <header> <h2<?php print $title_attributes; ?> ><a href="<?php print $node_url; ?> " title="<?php print $title; ?> "><?php print $title;
/** * Get group IDs from URL or OG-context, with access to create group-content. * * @return * Array with group IDs a user (member or non-member) is allowed to * create, or empty array. */ private function getGidsForCreate() { if ($this->instance['entity_type'] != 'node') { return array(); } if (!empty($this->entity->nid)) { // Existing node. return array(); } // want to check for create access to public spaces $ids = oa_core_get_public_spaces(); // add support for entityreference_prepopulate if (module_exists('entityreference_prepopulate') && !empty($this->instance['settings']['behaviors']['prepopulate'])) { $pre_ids = entityreference_prepopulate_get_values($this->field, $this->instance, FALSE); if (is_array($pre_ids)) { $ids = array_merge($ids, $pre_ids); } } $node_type = $this->instance['bundle']; foreach ($ids as $delta => $id) { if (!is_numeric($id) || !$id || !og_user_access($this->field['settings']['target_type'], $id, "create {$node_type} content")) { unset($ids[$delta]); } } return $ids; }
/** * Build an EntityFieldQuery to get referencable entities. */ public function buildEntityFieldQuery($match = NULL, $match_operator = 'CONTAINS') { $handler = EntityReference_SelectionHandler_Generic::getInstance($this->field, $this->instance); $query = $handler->buildEntityFieldQuery($match, $match_operator); // The "node_access" tag causes errors, so we replace it with // "entity_field_access" tag instead. // @see _node_query_node_access_alter(). unset($query->tags['node_access']); $query->addTag('entity_field_access'); $query->addTag('og'); $group_type = $this->field['settings']['target_type']; $entity_info = entity_get_info($group_type); if (!field_info_field(OG_GROUP_FIELD)) { // There are no groups, so falsify query. $query->propertyCondition($entity_info['entity keys']['id'], -1, '='); return $query; } // Show only the entities that are active groups. $query->fieldCondition(OG_GROUP_FIELD, 'value', 1, '='); $user_groups = og_get_groups_by_user(NULL, $group_type); $reference_type = $this->field['settings']['handler_settings']['reference_type']; // Show the user only the groups they belong to. if ($reference_type == 'my_groups') { if ($user_groups && !empty($this->instance) && $this->instance['entity_type'] == 'node') { // Check if user has "create" permissions on those groups. $node_type = $this->instance['bundle']; $ids = array(); foreach ($user_groups as $gid) { if (og_user_access($group_type, $gid, "create {$node_type} content")) { $ids[] = $gid; } } } else { $ids = $user_groups; } if ($ids) { $query->propertyCondition($entity_info['entity keys']['id'], $ids, 'IN'); } else { // User doesn't have permission to select any group so falsify this // query. $query->propertyCondition($entity_info['entity keys']['id'], -1, '='); } } elseif ($reference_type == 'other_groups' && $user_groups) { // Show only group the user doesn't belong to. $query->propertyCondition($entity_info['entity keys']['id'], $user_groups, 'NOT IN'); } return $query; }