/**
  * Implements EditEntityFieldAccessCheckInterface::accessEditEntityField().
  */
 public function accessEditEntityField($entity_type, $entity, $field_name)
 {
     $is_extra_field = _quickedit_is_extra_field($entity_type, $field_name);
     $entity_access = entity_access('update', $entity_type, $entity);
     $field_access = $is_extra_field ? TRUE : field_access('edit', $field_name, $entity_type, $entity);
     return $entity_access && $field_access;
 }
Пример #2
0
/**
 * Check view and edit permissions.
 *
 * @param $op
 *   The type of operation. Either 'view' or 'edit'.
 */
function have_access($op)
{
    global $user;
    $db = DBConnection::instance();
    $field_id = (int) _post('fid');
    if (!$field_id) {
        $field_id = (int) _get('fid');
    }
    $field = (object) $db->dq("SELECT entity_id, entity_type, delta FROM {mytinytodo_fields} WHERE id = ?", $field_id)->fetch_assoc();
    $field_info = field_info_field_by_id($field->delta);
    if ($field->entity_type == 'node') {
        if (!($node = node_load($field->entity_id))) {
            return false;
        }
        $node_access = $op == 'edit' ? 'update' : $op;
        if (node_access($node_access, $node, $user) && field_access($op, $field_info, $field->entity_type, $node, $user)) {
            return true;
        }
    } else {
        if ($field->entity_type == 'user') {
            if (!($account = user_load($field->entity_id))) {
                return false;
            }
            if (field_access($op, $field_info, $field->entity_type, $account, $user)) {
                return true;
            }
        } else {
            if ($field->entity_type == 'comment') {
                if (!($comment = comment_load($field->entity_id))) {
                    return false;
                }
                if ($op == 'view' && !user_access('access comments')) {
                    return false;
                } else {
                    if ($op == 'edit' && !comment_access($op, $comment)) {
                        return false;
                    }
                }
                if (field_access($op, $field_info, $field->entity_type, $comment, $user)) {
                    return true;
                }
            } else {
                if (module_exists('entity')) {
                    if (!($entity = entity_load($field_id))) {
                        return false;
                    }
                    $entity_access = $op == 'edit' ? 'update' : $op;
                    if (entity_access($entity_access, $field->entity_type, $entity, $user) && field_access($op, $field_info, $field->entity_type, $entity, $user)) {
                        return true;
                    }
                }
            }
        }
    }
    return false;
}
Пример #3
0
 /**
  * Create, update or delete OG membership based on field values.
  */
 public function OgMembershipCrud($entity_type, $entity, $field, $instance, $langcode, &$items)
 {
     if (!user_access('administer group') && !field_access('edit', $field, $entity_type, $entity)) {
         // User has no access to field.
         return;
     }
     $diff = $this->groupAudiencegetDiff($entity_type, $entity, $field, $instance, $langcode, $items);
     if (!$diff) {
         return;
     }
     $field_name = $field['field_name'];
     $group_type = $field['settings']['target_type'];
     $diff += array('insert' => array(), 'delete' => array());
     // Delete first, so we don't trigger cardinality errors.
     if ($diff['delete']) {
         og_membership_delete_multiple($diff['delete']);
     }
     foreach ($diff['insert'] as $gid) {
         $values = array('entity_type' => $entity_type, 'entity' => $entity, 'field_name' => $field_name);
         og_group($group_type, $gid, $values);
     }
 }
Пример #4
0
 /**
  * Create, update or delete OG membership based on field values.
  */
 public function OgMembershipCrud($entity_type, $entity, $field, $instance, $langcode, &$items)
 {
     if (!user_access('administer group') && !field_access('edit', $field, $entity_type, $entity)) {
         // User has no access to field.
         return;
     }
     if (!($diff = $this->groupAudiencegetDiff($entity_type, $entity, $field, $instance, $langcode, $items))) {
         return;
     }
     $field_name = $field['field_name'];
     $group_type = $field['settings']['target_type'];
     $diff += array('insert' => array(), 'delete' => array());
     // Delete first, so we don't trigger cardinality errors.
     if ($diff['delete']) {
         og_membership_delete_multiple($diff['delete']);
     }
     if (!$diff['insert']) {
         return;
     }
     // Prepare an array with the membership state, if it was provided in the widget.
     $states = array();
     foreach ($items as $item) {
         $gid = $item['target_id'];
         if (empty($item['state']) || !in_array($gid, $diff['insert'])) {
             // State isn't provided, or not an "insert" operation.
             continue;
         }
         $states[$gid] = $item['state'];
     }
     foreach ($diff['insert'] as $gid) {
         $values = array('entity_type' => $entity_type, 'entity' => $entity, 'field_name' => $field_name);
         if (!empty($states[$gid])) {
             $values['state'] = $states[$gid];
         }
         og_group($group_type, $gid, $values);
     }
 }
Пример #5
0
 /**
  * Returns whether currently logged in user has access to do specified
  * operation on the given field.
  *
  * @param string $field_name
  *   Field name.
  * @param string $op
  *   Operation. It can be either 'view' or 'edit'.
  *
  * @return bool|null
  *   If field exists, then this function returns TRUE or FALSE depending on
  *   the access. If field does not exist, then it returns NULL.
  */
 public function hasFieldAccess($field_name, $op = 'view')
 {
     if (($field = field_info_field($field_name)) && in_array($op, array('edit', 'view'))) {
         return field_access($op, $field, $this->getEntityType(), $this->entity);
     }
     return NULL;
 }