--- book_access.module.old 2009-01-26 06:56:15.000000000 +0100 +++ book_access.module 2009-02-17 22:55:48.000000000 +0100 @@ -133,6 +133,41 @@ function book_access_node_access_records } /** + * Implementation of hook_link_alter(). + * Used to remove 'Add Child page to Book' link, if user has no permission to modify book + * + */ +function book_access_link_alter(&$links, $node) { + global $user; + + if ($user->uid == 1) + return; + + echo('Möp: ' . $user->uid); + if (isset($links->links['book_add_child'])) + { + // Get all permitted books + $permitted_books = _book_access_get_permissions('update'); + + // if this node is not in the list of permitted books, remove the link + if (!in_array($links->book['bid'], $permitted_books)) + unset($links->links['book_add_child']); + } +} + +/** + * Implementation of hook_menu_alter(). + * Used to control visibility of Outline tabs + * + */ +function book_access_menu_alter(&$items) { + if (isset($items['node/%node/outline'])) + $items['node/%node/outline']['access callback'] = '_book_access_outline_access'; + if (isset($items['node/%node/outline/remove'])) + $items['node/%node/outline/remove']['access callback'] = '_book_access_outline_remove_access'; +} + +/** * Implementation of hook_form_alter(). * */ @@ -313,31 +348,19 @@ function _book_access_restrict_options($ global $user; $permitted_bids = NULL; - if ($user->uid == 0 || user_access('administer nodes')) { + if ($user->uid == 1 || user_access('administer nodes')) { return; } - $sql = " - SELECT nid - FROM {node_access} - WHERE realm = 'book_access' - AND gid IN (%s) - AND grant_update > 0 - "; - - $results = db_query($sql, implode(',', array_keys($user->roles))); - - while ($result = db_fetch_object($results)) { - $permitted_bids[$result->nid] = $result->nid; - } + $permitted_bids = _book_access_get_permissions('update'); if (isset($options)) { - foreach ($options as $bid => $value) { + foreach ($options as $nid => $value) { // option uses current nid as the key, skip it if ($bid == $nid) { continue; } - if ($bid > 0 && !isset($permitted_bids[$bid])) { + if ($nid > 0 && !isset($permitted_bids[$nid])) { unset($options[$nid]); } } @@ -362,3 +385,64 @@ function book_access_node_access_explain return array('(unknown gid!)'); } } + +/** + * Returns a list of all books with the given permission + * action is one of view, update, delete + */ +function _book_access_get_permissions($action) { + global $user; + + if ($user->uid == 1 || user_access('administer nodes')) { + return book_get_books(); + } + + $sql = "SELECT nid + FROM {node_access} + WHERE realm = 'book_access' + AND gid IN (%s) + AND grant_" . $action . " > 0"; + + $results = db_query($sql, implode(',', array_keys($user->roles))); + while ($result = db_fetch_object($results)) { + $permitted_nids[$result->nid] = $result->nid; + } + return $permitted_nids; +} + +/** + * Menu item access callback - determine if the outline tab is accessible. + */ +function _book_access_outline_access($node) { + global $user; + + if ($user->uid == 1) + return true; + if (!_book_outline_access($node)) + return false; + + // Get all permitted books + $permitted_books = _book_access_get_permissions('update'); + + // if this node is not in the list of permitted books, remove the tab + return in_array($node->book['bid'], $permitted_books); +} + +/** + * Menu item access callback - determine if the user can remove nodes from the outline. + */ +function _book_access_outline_remove_access($node) { + global $user; + + if (isset($node->book) && ($node->book['bid'] != $node->nid) && ($user->uid == 1)) + return true; + if (!_book_outline_remove_access($node)) + return false; + + // Get all permitted books + $permitted_books = _book_access_get_permissions('delete'); + + // if this node is not in the list of permitted books, remove the tab + return in_array($node->book['bid'], $permitted_books); +} +