--- /home/stealth17/tac_lite.module	2008-07-22 11:55:23.000000000 -0400
+++ /home/stealth17/acl/sites/all/modules/tac_lite/tac_lite.module	2009-03-03 23:10:47.000000000 -0500
@@ -74,6 +74,7 @@ function tac_lite_menu() {
   return $items;
 }
 
+
 /**
  * Returns the settings form
  */
@@ -115,7 +116,15 @@ function tac_lite_admin_settings() {
             '#options' => $scheme_options,
             '#required' => TRUE,
       );
-    
+
+    $form['tac_lite_access'] =
+      array('#type' => 'radios',
+            '#title' => t('Type of Access Control'),
+            '#default_value' => variable_get('tac_lite_access', 0),
+            '#options' => array(t('Normal'), t('hook_access')),
+            '#description' => t('Normal access control behavior for this module uses node access tables and sql rewrites. This will compeletely hide the nodes to users without permissions. By enabling hook_access the module will <em>only</em> use hook_access to determine the node access. This means that all nodes will show up in search queries and Views. Note: this requires a <a href="http://drupal.org/files/issues/nodeapi_access_4.patch">patch</a> to add hook_access to the nodeapi.'),
+      );
+
     $ret = system_settings_form($form);
     // Special handling is required when this form is submitted.
     $ret['#submit'][] = '_tac_lite_admin_settings_submit';
@@ -308,6 +317,11 @@ function tac_lite_user($op, $edit, $acco
  * terms.
  */
 function tac_lite_node_access_records($node) {
+
+  if (variable_get('tac_lite_access', 0)) {
+    return;
+  }
+
   // all terms from all vocabs
   $all_tids = _tac_lite_get_terms($node);
   // just the vocabs we're interested in
@@ -446,6 +460,11 @@ function _tac_lite_user_tids(&$account, 
  * requested op.
  */
 function tac_lite_node_grants(&$account, &$op) {
+
+  if (variable_get('tac_lite_access', 0)) {
+    return;
+  }
+
   $grants = array();
   for ($i = 1; $i <= variable_get('tac_lite_schemes', 1); $i++) {
     $config = _tac_lite_config($i);
@@ -453,6 +472,7 @@ function tac_lite_node_grants(&$account,
       $grants[$config['realm']] = _tac_lite_user_tids($account, $i);
     }
   }
+
   if (count($grants))
     return $grants;
 }
@@ -460,6 +480,10 @@ function tac_lite_node_grants(&$account,
 function tac_lite_db_rewrite_sql($query, $primary_table, $primary_field, $args) {
   global $user;
 
+  if (variable_get('tac_lite_access', 0)) {
+    return;
+  }
+
   // if administrator, give all access
   if (user_access('administer_tac_lite')) {
 	return;
@@ -495,3 +519,76 @@ function tac_lite_db_rewrite_sql($query,
     }
   }
 }
+
+
+/**
+ * Implementation of hook_nodeapi
+ *
+ * This is only used for hook_access when enabled in the settings.
+ * For access to exist in the nodeapi this patch must be applied: http://drupal.org/files/issues/nodeapi_access_4.patch
+ *
+ * @author Jordan Starcher of Bustle Web Solutions
+ */
+function tac_lite_nodeapi(&$node, $op, $a3 = NULL, $a4 = NULL) {
+  global $user;
+
+  if (!variable_get('tac_lite_access', 0)) {
+    return;
+  }
+
+  switch ($op) {
+    case 'access':
+        $access = FALSE;
+
+  $all_tids = _tac_lite_get_terms($node);
+  // just the vocabs we're interested in
+  $vids = variable_get('tac_lite_categories', null);
+  // now find just the terms we're interested in.
+  $tids = array();
+  if (count($all_tids) && count($vids)) {
+	$result = db_query("SELECT DISTINCT td.tid FROM {term_data} td WHERE td.vid IN (%s) AND td.tid IN (%s)",
+					   implode(',', $vids),
+					   implode(',', $all_tids));
+	while ($term = db_fetch_object($result)) {
+	  $tids[] = $term->tid;
+	}
+  }
+
+  $grants = array();
+    for ($i = 1; $i <= variable_get('tac_lite_schemes', 1); $i++) {
+      $config = _tac_lite_config($i);
+      foreach ($tids as $tid) {
+        $grant = array('realm' => $config['realm'],
+                       'gid' => $tid, // use term id as grant id
+        );
+        foreach($config['perms'] as $perm)
+          $grant[$perm] = TRUE;
+        $grants[] = $grant;
+      }
+    }
+
+  // the vocabularies containing protected info.
+  $vids = variable_get('tac_lite_categories', array(0));
+
+  // the terms this user is allowed to see
+  $tids = array();
+  for ($i = 1; $i <= variable_get('tac_lite_schemes', 1); $i++) {
+    $config = _tac_lite_config($i);
+    if (in_array('grant_view', $config['perms'])) {
+      $tids = array_merge($tids, _tac_lite_user_tids($user, $i));
+    }
+  }
+
+  // tids are what the user has permission to see
+   foreach ($grants as $grant) {
+     if ($grant['realm'] == 'tac_lite') {
+         if (in_array($grant['gid'], $tids)) {
+           $access = TRUE;
+         }
+     }
+   }
+
+        return $access;
+      break;
+  }
+}