/**
* Overrides OgSelectionHandler::buildEntityFieldQuery().
*/
public function buildEntityFieldQuery($match = NULL, $match_operator = 'CONTAINS')
{
$group_type = $this->field['settings']['target_type'];
// See if the Entity allows for non-member postings
$user_access = FALSE;
$event = NULL;
if ($this->entity && isset($this->entity->og_group_ref[LANGUAGE_NONE][0]['target_id'])) {
$event = $this->entity->og_group_ref[LANGUAGE_NONE][0]['target_id'];
} elseif (module_exists('og_context') && isset($_SESSION)) {
$event = isset($_SESSION['og_context']) ? $_SESSION['og_context'] : og_context('node');
$event = isset($event['gid']) ? $event['gid'] : NULL;
}
if ($event) {
$user_access = og_user_access('node', $event, "create " . $this->instance['bundle'] . " content") || og_user_access('node', $event, "update own " . $this->instance['bundle'] . " content") || og_user_access('node', $event, "edit any " . $this->instance['bundle'] . " content");
}
if (empty($this->instance['field_mode']) || $group_type != 'node' || user_is_anonymous() || !$user_access) {
return parent::buildEntityFieldQuery($match, $match_operator);
}
$handler = EntityReference_SelectionHandler_Generic::getInstance($this->field, $this->instance, $this->entity_type, $this->entity);
$query = $handler->buildEntityFieldQuery($match, $match_operator);
// Show only the entities that are active groups.
$query->fieldCondition(OG_GROUP_FIELD, 'value', 1);
// Add this property to make sure we will have the {node} table later on in
// OgCommonsSelectionHandler::entityFieldQueryAlter().
$query->propertyCondition('nid', 0, '>');
$query->addMetaData('entityreference_selection_handler', $this);
// FIXME: http://drupal.org/node/1325628
unset($query->tags['node_access']);
$query->addTag('entity_field_access');
$query->addTag('og');
return $query;
}
/**
* Verify the user have access to the manage boxes.
*/
public function checkGroupAccess()
{
if (parent::checkGroupAccess()) {
return TRUE;
}
$account = $this->getAccount();
$access = !og_user_access('node', $this->space->id, 'administer boxes', $account) && !og_user_access('node', $this->space->id, 'edit boxes', $account);
if ($access) {
// The current user can't manage boxes.
$this->throwException("You can't manage boxes in this vsite.");
}
return TRUE;
}
/**
* Overrides \RestfulEntityBaseTaxonomyTerm::checkEntityAccess().
*
* Allow access to create "Tags" resource for privileged users, as
* we can't use entity_access() since entity_metadata_taxonomy_access()
* denies it for a non-admin user.
*/
protected function checkEntityAccess($op, $entity_type, $entity)
{
$account = $this->getAccount();
$resource_name = $this->getResourceName();
if ($resource_name == 'tags') {
$group = c4m_restful_get_group_by_og_vocab_name($entity->vocabulary_machine_name);
$gid = $group[0]->gid;
return og_user_access('node', $gid, 'edit terms', $account);
} elseif ($resource_name == 'categories') {
$group = c4m_restful_get_group_by_og_vocab_name($entity->vocabulary_machine_name);
$gid = $group[0]->gid;
return og_user_access('node', $gid, 'administer group', $account);
}
return user_access('create content', $account);
}
/**
* Overrides \RestfulEntityBase::checkEntityAccess().
*
* Set permissions to create group content based on user's OG permissions and
* group status value.
*/
protected function checkEntityAccess($op, $entity_type, $entity)
{
$account = $this->getAccount();
$resource_name = $this->getResourceName();
$group_id = $this->request['group'];
$wrapper = entity_metadata_wrapper('node', $group_id);
$group_status = $wrapper->c4m_og_status->value();
// Only platform admins can create group content if group status
// is NOT within the allowed groups array.
$allowed_groups = array('draft', 'published');
if (!in_array($group_status, $allowed_groups) && !user_access('administer site configuration', $account)) {
return FALSE;
}
return og_user_access('node', $group_id, "create {$resource_name} content", $account);
}
protected function checkEntityAccess($op, $entity_type, $entity)
{
$request = $this->getRequest();
if ($request['vsite']) {
spaces_set_space(spaces_load('og', $request['vsite']));
}
if (empty($entity->nid)) {
// This is still a new node. Skip.
return;
}
if ($is_group = og_is_group($entity_type, $entity)) {
$group = $entity;
} else {
$wrapper = entity_metadata_wrapper('node', $entity);
$group = $wrapper->{OG_AUDIENCE_FIELD}->get(0)->value();
}
if (empty($request['vsite'])) {
spaces_set_space(spaces_load('og', $group->nid));
}
$manager = og_user_access('node', $group->nid, 'administer users', $this->getAccount());
if ($is_group) {
// In addition to the node access check, we need to see if the user can
// manage groups.
return $manager && !vsite_access_node_access($group, 'view', $this->getAccount()) == NODE_ACCESS_DENY;
} else {
$app = os_get_app_by_bundle($entity->type);
$space = spaces_get_space();
$application_settings = $space->controllers->variable->get('spaces_features');
switch ($application_settings[$app]) {
case OS_DISABLED_APP:
return FALSE;
case OS_PRIVATE_APP:
return og_is_member('node', $group->nid, 'user', $this->getAccount()) && parent::checkEntityAccess($op, $entity_type, $entity);
default:
case OS_PUBLIC_APP:
return parent::checkEntityAccess($op, $entity_type, $entity);
}
}
}
/**
* Determine if the user has access to the panelizer operation for this type.
*/
function panelizer_access($op, $bundle, $view_mode)
{
$og_access = FALSE;
if (is_object($bundle)) {
$entity = $bundle;
list($entity_id, $revision_id, $bundle) = entity_extract_ids($this->entity_type, $entity);
// Additional support for Organic Groups.
// @todo move to og_panelizer_access();
if (module_exists('og')) {
if (og_is_group($this->entity_type, $entity)) {
$og_access = og_user_access($this->entity_type, $entity_id, "administer panelizer og_group {$op}");
} else {
$og_groups = og_get_entity_groups($this->entity_type, $entity);
foreach ($og_groups as $og_group_type => $og_gids) {
foreach ($og_gids as $og_gid) {
if (og_user_access($og_group_type, $og_gid, "administer panelizer {$this->entity_type} {$bundle} {$op}")) {
$og_access = TRUE;
}
}
}
}
}
// If there is an $op, this must actually be panelized in order to pass.
// If there is no $op, then the settings page can provide us a "panelize
// it!" page even if there is no display.
if ($op && $op != 'overview' && $op != 'settings' && $op != 'choice' && empty($entity->panelizer[$view_mode])) {
return FALSE;
}
}
// Invoke hook_panelizer_access().
$panelizer_access = module_invoke_all('panelizer_access', $op, $this->entity_type, $bundle, $view_mode);
array_unshift($panelizer_access, user_access('administer panelizer'), user_access("administer panelizer {$this->entity_type} {$bundle} {$op}"));
$panelizer_access[] = $og_access;
// Trigger hook_panelizer_access_alter().
// We can't pass this many parameters to drupal_alter, so stuff them into
// an array.
$options = array('op' => $op, 'entity_type' => $this->entity_type, 'bundle' => $bundle, 'view_mode' => $view_mode);
drupal_alter('panelizer_access', $panelizer_access, $options);
foreach ($panelizer_access as $access) {
if ($access) {
return $access;
}
}
return FALSE;
}
/**
* Check for group access
*/
public function checkGroupAccess($op, $file = null)
{
$account = $this->getAccount();
$vsite = null;
if (!empty($this->request['vsite'])) {
$vsite = $this->request['vsite'];
} elseif ($file == null) {
return FALSE;
} elseif ($file instanceof EntityDrupalWrapper) {
$value = $file->{OG_AUDIENCE_FIELD}->value();
$vsite = $value['target_id'];
} elseif (is_object($file)) {
$vsite = $file->{OG_AUDIENCE_FIELD}[LANGUAGE_NONE][0]['target_id'];
}
$permission = '';
switch ($op) {
case 'create':
$permission = 'create files';
break;
case 'update':
case 'edit':
$permission = 'edit any files';
break;
case 'delete':
$permission = 'delete any files';
break;
}
if ($permission && $vsite) {
return og_user_access('node', $vsite, $permission, $account);
}
return false;
}
/**
* Determine if the user has access to the panelizer operation for this type.
*/
function panelizer_access($op, $bundle, $view_mode)
{
$og_access = FALSE;
if (is_object($bundle)) {
$entity = $bundle;
list($entity_id, $revision_id, $bundle) = entity_extract_ids($this->entity_type, $entity);
// Additional support for Organic Groups.
if (module_exists('og')) {
if (og_is_group($this->entity_type, $entity)) {
$og_access = og_user_access($this->entity_type, $entity_id, "administer panelizer og_group {$op}");
} else {
$og_groups = og_get_entity_groups($this->entity_type, $entity);
foreach ($og_groups as $og_group_type => $og_gids) {
foreach ($og_gids as $og_gid) {
if (og_user_access($og_group_type, $og_gid, "administer panelizer {$this->entity_type} {$bundle} {$op}")) {
$og_access = TRUE;
}
}
}
}
}
// If there is an $op, this must actually be panelized in order to pass.
// If there is no $op, then the settings page can provide us a "panelize
// it!" page even if there is no panel.
if ($op && $op != 'overview' && $op != 'settings' && $op != 'choice' && empty($entity->panelizer[$view_mode])) {
return FALSE;
}
}
return user_access('administer panelizer') || user_access("administer panelizer {$this->entity_type} {$bundle} {$op}") || $og_access;
}
/**
* Build an EntityFieldQuery to get referencable entities.
*/
public function buildEntityFieldQuery($match = NULL, $match_operator = 'CONTAINS')
{
global $user;
$handler = EntityReference_SelectionHandler_Generic::getInstance($this->field, $this->instance, $this->entity_type, $this->entity);
$query = $handler->buildEntityFieldQuery($match, $match_operator);
// FIXME: http://drupal.org/node/1325628
unset($query->tags['node_access']);
// FIXME: drupal.org/node/1413108
unset($query->tags['entityreference']);
$query->addTag('entity_field_access');
$query->addTag('og');
$group_type = $this->field['settings']['target_type'];
$entity_info = entity_get_info($group_type);
if (!field_info_field(OG_GROUP_FIELD)) {
// There are no groups, so falsify query.
$query->propertyCondition($entity_info['entity keys']['id'], -1, '=');
return $query;
}
// Show only the entities that are active groups.
$query->fieldCondition(OG_GROUP_FIELD, 'value', 1, '=');
if (empty($this->instance['field_mode'])) {
return $query;
}
$field_mode = $this->instance['field_mode'];
if ($field_mode == 'default' || $field_mode == 'admin') {
$user_groups = oa_core_get_groups_by_user(NULL, $group_type);
$user_groups = array_merge($user_groups, $this->getGidsForCreate());
// This is a workaround for not being able to choice which default value for
// 'my groups', which causes my groups to be lost.
// @todo find a way to default my groups based on selection handler.
$user_groups_only = og_get_entity_groups();
$user_groups_only = !empty($user_groups_only['node']) ? $user_groups_only['node'] : array();
// Show the user only the groups they belong to.
if ($field_mode == 'default') {
if ($user_groups && !empty($this->instance) && $this->instance['entity_type'] == 'node') {
// Determine which groups should be selectable.
$node = $this->entity;
$node_type = $this->instance['bundle'];
$has_create_access = array_keys(array_filter(oa_user_access_nids('node', $user_groups, "create {$node_type} content")));
$has_update_access = array();
$remaining = array_diff($user_groups, $has_create_access);
if (!empty($node->nid) && $remaining) {
$groups = og_get_entity_groups('node', $node->nid);
$node_groups = !empty($groups['node']) ? $groups['node'] : array();
if ($node_groups = array_diff($node_groups, $remaining)) {
$check_perms = array("update any {$node_type} content");
if ($user->uid == $node->uid) {
$check_perms = "update own {$node_type} content";
}
$has_update_access = array_keys(array_filter(oa_user_access_nids('node', $node_groups, $check_perms)));
}
}
$ids = array_merge($has_update_access, $has_create_access);
} else {
$ids = $user_groups;
}
if ($ids) {
$query->propertyCondition($entity_info['entity keys']['id'], $ids, 'IN');
} else {
// User doesn't have permission to select any group so falsify this
// query.
$query->propertyCondition($entity_info['entity keys']['id'], -1, '=');
}
} elseif ($field_mode == 'admin' && $user_groups_only) {
// Show only groups the user doesn't belong to.
if (!empty($this->instance) && $this->instance['entity_type'] == 'node') {
// Don't include the groups, the user doesn't have create
// permission.
$node_type = $this->instance['bundle'];
foreach ($user_groups_only as $delta => $gid) {
if (!og_user_access($group_type, $gid, "create {$node_type} content")) {
unset($user_groups_only[$delta]);
}
}
}
if ($user_groups) {
$query->propertyCondition($entity_info['entity keys']['id'], $user_groups_only, 'NOT IN');
}
}
}
return $query;
}
/**
* Get group IDs from URL or OG-context, with access to create group-content.
*
* @return
* Array with group IDs a user (member or non-member) is allowed to
* create, or empty array.
*/
private function getGidsForCreate()
{
if ($this->instance['entity_type'] != 'node') {
return array();
}
if (!module_exists('entityreference_prepopulate') || empty($this->instance['settings']['behaviors']['prepopulate'])) {
return array();
}
// Don't try to validate the IDs.
if (!($ids = entityreference_prepopulate_get_values($this->field, $this->instance, TRUE, FALSE))) {
return array();
}
$node_type = $this->instance['bundle'];
foreach ($ids as $delta => $id) {
if (!is_numeric($id) || !$id || !og_user_access('node', $id, "create {$node_type} content")) {
unset($ids[$delta]);
}
}
return $ids;
}
"<?php
print $item_attributes[$delta];
?>
>
<?php
if (isset($item['colorbox_link'])) {
?>
<div class="field-image-colorbox-link"><?php
print $item['colorbox_link'];
?>
</div>
<?php
}
?>
<?php
if ($element['#object'] == 'image' && og_user_access('node', $gid, 'create annotation') && empty($element['#object']->is_export)) {
?>
<div class="annotation-help">Click and drag to annotate image.</div>
<?php
}
?>
<?php
if (isset($item['caption'])) {
$caption = $item['caption'];
unset($item['caption']);
}
?>
<?php
print render($item);
?>
<?php
/**
* Create, update or delete OG membership based on field values.
*/
public function OgMembershipCrud($entity_type, $entity, $field, $instance, $langcode, &$items)
{
if (!user_access('administer group') && !field_access('edit', $field, $entity_type, $entity)) {
// User has no access to field.
return;
}
if (!($diff = $this->groupAudiencegetDiff($entity_type, $entity, $field, $instance, $langcode, $items))) {
return;
}
$field_name = $field['field_name'];
$group_type = $field['settings']['target_type'];
$diff += array('insert' => array(), 'delete' => array());
// Delete first, so we don't trigger cardinality errors.
if ($diff['delete']) {
og_membership_delete_multiple($diff['delete']);
}
if (!$diff['insert']) {
return;
}
// Prepare an array with the membership state, if it was provided in the widget.
$states = array();
foreach ($items as $item) {
$gid = $item['target_id'];
// Must provide correct state in the event that approval is required.
if (empty($item['state']) && $entity_type == 'user' && !og_user_access($group_type, $gid, 'subscribe without approval', $entity)) {
$item['state'] = OG_STATE_PENDING;
} elseif (empty($item['state']) || !in_array($gid, $diff['insert'])) {
// State isn't provided, or not an "insert" operation.
continue;
}
$states[$gid] = $item['state'];
}
foreach ($diff['insert'] as $gid) {
$values = array('entity_type' => $entity_type, 'entity' => $entity, 'field_name' => $field_name);
if (!empty($states[$gid])) {
$values['state'] = $states[$gid];
}
og_group($group_type, $gid, $values);
}
}
/**
* Build an EntityFieldQuery to get referencable entities.
*/
public function buildEntityFieldQuery($match = NULL, $match_operator = 'CONTAINS')
{
global $user;
$handler = EntityReference_SelectionHandler_Generic::getInstance($this->field, $this->instance, $this->entity_type, $this->entity);
$query = $handler->buildEntityFieldQuery($match, $match_operator);
// FIXME: http://drupal.org/node/1325628
unset($query->tags['node_access']);
// FIXME: drupal.org/node/1413108
unset($query->tags['entityreference']);
$query->addTag('entity_field_access');
$query->addTag('og');
$group_type = $this->field['settings']['target_type'];
$entity_info = entity_get_info($group_type);
if (!field_info_field(OG_GROUP_FIELD)) {
// There are no groups, so falsify query.
$query->propertyCondition($entity_info['entity keys']['id'], -1, '=');
return $query;
}
// Show only the entities that are active groups.
$query->fieldCondition(OG_GROUP_FIELD, 'value', 1, '=');
if (empty($this->instance['field_mode'])) {
return $query;
}
$field_mode = $this->instance['field_mode'];
$user_groups = og_get_groups_by_user(NULL, $group_type);
// Show the user only the groups they belong to.
if ($field_mode == 'default') {
if ($user_groups && !empty($this->instance) && $this->instance['entity_type'] == 'node') {
// Determine which groups should be selectable.
$node = $this->entity;
$node_type = $this->instance['bundle'];
$ids = array();
foreach ($user_groups as $gid) {
// Check if user has "create" permissions on those groups.
// If the user doesn't have create permission, check if perhaps the
// content already exists and the user has edit permission.
if (og_user_access($group_type, $gid, "create {$node_type} content")) {
$ids[] = $gid;
} elseif (!empty($node->nid) && (og_user_access($group_type, $gid, "update any {$node_type} content") || $user->uid == $node->uid && og_user_access($group_type, $gid, "update own {$node_type} content"))) {
$node_groups = isset($node_groups) ? $node_groups : og_get_entity_groups('node', $node->nid);
if (in_array($gid, $node_groups['node'])) {
$ids[] = $gid;
}
}
}
} else {
$ids = $user_groups;
}
if ($ids) {
$query->propertyCondition($entity_info['entity keys']['id'], $ids, 'IN');
} else {
// User doesn't have permission to select any group so falsify this
// query.
$query->propertyCondition($entity_info['entity keys']['id'], -1, '=');
}
} elseif ($field_mode == 'admin' && $user_groups) {
// Show only groups the user doesn't belong to.
if (!empty($this->instance) && $this->instance['entity_type'] == 'node') {
// Don't include the groups, the user doesn't have create
// permission.
$node_type = $this->instance['bundle'];
foreach ($user_groups as $delta => $gid) {
if (!og_user_access($group_type, $gid, "create {$node_type} content")) {
unset($user_groups[$delta]);
}
}
}
if ($user_groups) {
$query->propertyCondition($entity_info['entity keys']['id'], $user_groups, 'NOT IN');
}
}
return $query;
}
<?php
$show_annotation_help = FALSE;
if (in_array($type, array('essay', 'manuscript')) && empty($node->is_export)) {
if (@($gid = $og_group_ref[LANGUAGE_NONE][0]['target_id'])) {
$show_annotation_help = og_user_access('node', $gid, 'create annotation');
}
}
?>
<article<?php
print $attributes;
?>
>
<?php
print render($title_prefix);
?>
<?php
if (!$page && $title) {
?>
<header>
<h2<?php
print $title_attributes;
?>
><a href="<?php
print $node_url;
?>
" title="<?php
print $title;
?>
"><?php
print $title;
/**
* Get group IDs from URL or OG-context, with access to create group-content.
*
* @return
* Array with group IDs a user (member or non-member) is allowed to
* create, or empty array.
*/
private function getGidsForCreate()
{
if ($this->instance['entity_type'] != 'node') {
return array();
}
if (!empty($this->entity->nid)) {
// Existing node.
return array();
}
// want to check for create access to public spaces
$ids = oa_core_get_public_spaces();
// add support for entityreference_prepopulate
if (module_exists('entityreference_prepopulate') && !empty($this->instance['settings']['behaviors']['prepopulate'])) {
$pre_ids = entityreference_prepopulate_get_values($this->field, $this->instance, FALSE);
if (is_array($pre_ids)) {
$ids = array_merge($ids, $pre_ids);
}
}
$node_type = $this->instance['bundle'];
foreach ($ids as $delta => $id) {
if (!is_numeric($id) || !$id || !og_user_access($this->field['settings']['target_type'], $id, "create {$node_type} content")) {
unset($ids[$delta]);
}
}
return $ids;
}
/**
* Build an EntityFieldQuery to get referencable entities.
*/
public function buildEntityFieldQuery($match = NULL, $match_operator = 'CONTAINS')
{
$handler = EntityReference_SelectionHandler_Generic::getInstance($this->field, $this->instance);
$query = $handler->buildEntityFieldQuery($match, $match_operator);
// The "node_access" tag causes errors, so we replace it with
// "entity_field_access" tag instead.
// @see _node_query_node_access_alter().
unset($query->tags['node_access']);
$query->addTag('entity_field_access');
$query->addTag('og');
$group_type = $this->field['settings']['target_type'];
$entity_info = entity_get_info($group_type);
if (!field_info_field(OG_GROUP_FIELD)) {
// There are no groups, so falsify query.
$query->propertyCondition($entity_info['entity keys']['id'], -1, '=');
return $query;
}
// Show only the entities that are active groups.
$query->fieldCondition(OG_GROUP_FIELD, 'value', 1, '=');
$user_groups = og_get_groups_by_user(NULL, $group_type);
$reference_type = $this->field['settings']['handler_settings']['reference_type'];
// Show the user only the groups they belong to.
if ($reference_type == 'my_groups') {
if ($user_groups && !empty($this->instance) && $this->instance['entity_type'] == 'node') {
// Check if user has "create" permissions on those groups.
$node_type = $this->instance['bundle'];
$ids = array();
foreach ($user_groups as $gid) {
if (og_user_access($group_type, $gid, "create {$node_type} content")) {
$ids[] = $gid;
}
}
} else {
$ids = $user_groups;
}
if ($ids) {
$query->propertyCondition($entity_info['entity keys']['id'], $ids, 'IN');
} else {
// User doesn't have permission to select any group so falsify this
// query.
$query->propertyCondition($entity_info['entity keys']['id'], -1, '=');
}
} elseif ($reference_type == 'other_groups' && $user_groups) {
// Show only group the user doesn't belong to.
$query->propertyCondition($entity_info['entity keys']['id'], $user_groups, 'NOT IN');
}
return $query;
}
