Posted by johnv on November 17, 2011 at 12:52pm
1 follower
| Project: | editablefields |
| Version: | 7.x-1.x-dev |
| Component: | Code |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | needs review |
Issue Summary
I have a need to allow users to edit some editablefields, but I don't want to provide them full Node Update access / permission.
This problem is also described in for D6-version in:
#1021778: Editing fields without update access (D6) , which adds a new permission in the module itself, and
#488816: Requires "Edit Any" Permission, which also includes some comments on $node->status.
Since the D7-code/solution is much shorter, I created this separate issue.
The following patch allows editablefields in e.g. Views with EITHER Node_update_access OR field_edit_access:
<?php
// See if access to this form element is restricted,
// if so, skip widget processing and just set the value.
- if (!entity_access('update', $entity_type, $entity) || !field_access('edit', $field, $entity_type, $entity)) {
+ if (!entity_access('update', $entity_type, $entity) && !field_access('edit', $field, $entity_type, $entity)) {
// Can't edit.
return editablefields_fallback_formatter($entity_type, $entity, $field, $instance, $langcode, $items, $display);
?>Then, in custom code, I implemented hook_field_access().
<?php
/**
* Implements hook_permission().
*/
function my_module_permission() {
return array(
'edit editable fields' => array(
'title' => t('edit editable fields while viewing content'),
),
);
}
function my_module_field_access($op, $field, $entity_type, $entity, $account) {
if( $op == 'edit' && $field['field_name'] == 'field_my_field' ) {
$access = user_access('edit editable fields', $account);
return $access;
}
}
?>
Comments
#1
Here is a proper patch.