I would like to filter a view to only show nodes that a user has 'update' rights in TAC. Any help with this would be most appreciated.

Comments

merlinofchaos’s picture

merlinofchaos commented
Project: Views (for Drupal 7) » Taxonomy Access Control
Version: 5.x-1.6 » master

It's up to TAC to expose that information to Views. You'll have to check with that module to see if/how this is possible.

jpoesen’s picture

jpoesen commented

A solution, though not so clean and no so performant is to create template file for the view in question, explicitly check the update permissions there and only render the node if correct permissions are set.

miggs’s picture

miggs commented

Here's what I ended up doing. I added some custom code to the Argument Handling Code for the view. This code first checks to make sure the user is not uid 1 (drupal admin). If not then it gets all the roles that the current user has. It then queries the term_access table to get all the terms that the user has "update" access to. Finally, it assigns those terms to a filter for the view.

Hopefully that makes sense. The code I used is listed below:


global $user; 
if ($user->uid!=1){
  foreach (array_keys($user->roles) as $rid){
    $ridQuery .= "rid=$rid OR ";
  }
  $ridQuery = rtrim($ridQuery, ' OR ');  
  $result = db_query("SELECT DISTINCT(tid) FROM {term_access} WHERE grant_update=1 AND ($ridQuery )");
  
  $value = array();
  
  while( $row = db_fetch_array($result)){
    $termValue[] = $row['tid'];
  }  
  
  $view->filter[] = array(
    'vid' => $view->vid,
    'tablename' => '',
    'field' => 'term_node.tid',
    'value' => $termValue,
    'operator' => 'OR',
    'options' => '',
    'position'  => 0,
    'id'  =>  'term_node.id'
  );
}
bomarmonk’s picture

bomarmonk commented

This didn't quite work for me. All users see the same files, regardless of TAC permissions (filtered for the file content type).

cpugeniusmv’s picture

cpugeniusmv commented
Status: Active » Closed (fixed)

I don't feel like this belongs directly in TAC, but it seems like it would be feasible to create a separate module that exposes to Views whatever node_access ends up doing.