'edit own availability calendars' not implemented
bdietz - November 11, 2008 - 23:10
| Project: | Availability Calendars |
| Version: | 5.x-1.2 |
| Component: | Code |
| Category: | bug report |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | postponed (maintainer needs more info) |
Jump to:
Description
I have set permissions to 'edit own availability calendars' but the 'edit' option is not showing up when user's create a node type with the availability calendar enabled. Any ideas as to why this is not working properly?
#1
Do you see the actual availability calendars on the node you're trying to edit the availability of, but not the edit links for each month? Does it work for you as an admin?
#2
I got the same issue, but it is on version 5.
Edit own avaialbility calendar does not work for users. (edit links not showing)
It works for admin.
and if I change the permission of users to edit all availability calendars, it works.
Thank you
#3
I've just tried this out, and can confirm that the 'edit own availability calendars' permission isn't working. I'll try to get a fix for it soon.
#4
#5
Any updates on this ...or any idea what should be done for a possible resolution?
#6
I've not worked on it yet, sorry, and there isn't really a workaround other than to allow all users with a certain role edit all the availability calendars on a site.
#7
Hi Geodaniel,
Do you think there will be a solution soon for this ? It would be great if this module could let each user edit their own calendar even if they have the same role.
#8
This would make the functionality awesome if we could get this to work. A specific user needs the ability to edit their own calendars. Currently it is edit all users calendars or edit no calendars.
Great module! Thanks!
- Maybe option A is to present the calendar in the same form (as when viewing the node) while in edit-node-mode, showing the edit links only while editing the node. This way a user is only able to edit their own content.
- Maybe option B is to use the "node" user access code. Maybe something similar to this would work for AC.
/**
* @defgroup node_access Node access rights
* @{
* The node access system determines who can do what to which nodes.
*
* In determining access rights for a node, node_access() first checks
* whether the user has the "administer nodes" permission. Such users have
* unrestricted access to all nodes. Then the node module's hook_access()
* is called, and a TRUE or FALSE return value will grant or deny access.
* This allows, for example, the blog module to always grant access to the
* blog author, and for the book module to always deny editing access to
* PHP pages.
*
* If node module does not intervene (returns NULL), then the
* node_access table is used to determine access. All node access
* modules are queried using hook_node_grants() to assemble a list of
* "grant IDs" for the user. This list is compared against the table.
* If any row contains the node ID in question (or 0, which stands for "all
* nodes"), one of the grant IDs returned, and a value of TRUE for the
* operation in question, then access is granted. Note that this table is a
* list of grants; any matching row is sufficient to grant access to the
* node.
*
* In node listings, the process above is followed except that
* hook_access() is not called on each node for performance reasons and for
* proper functioning of the pager system. When adding a node listing to your
* module, be sure to use db_rewrite_sql() to add
* the appropriate clauses to your query for access checks.
*
* To see how to write a node access module of your own, see
* node_access_example.module.
*/
/**
* Determine whether the current user may perform the given operation on the
* specified node.
*
* @param $op
* The operation to be performed on the node. Possible values are:
* - "view"
* - "update"
* - "delete"
* - "create"
* @param $node
* The node object (or node array) on which the operation is to be performed,
* or node type (e.g. 'forum') for "create" operation.
* @param $account
* Optional, a user object representing the user for whom the operation is to
* be performed. Determines access for a user other than the current user.
* @return
* TRUE if the operation may be performed.
*/
function node_access($op, $node, $account = NULL) {
global $user;
if (!$node || !in_array($op, array('view', 'update', 'delete', 'create'), TRUE)) {
// If there was no node to check against, or the $op was not one of the
// supported ones, we return access denied.
return FALSE;
}
// Convert the node to an object if necessary:
if ($op != 'create') {
$node = (object)$node;
}
// If no user object is supplied, the access check is for the current user.
if (empty($account)) {
$account = $user;
}
// If the node is in a restricted format, disallow editing.
if ($op == 'update' && !filter_access($node->format)) {
return FALSE;
}
if (user_access('administer nodes', $account)) {
return TRUE;
}
if (!user_access('access content', $account)) {
return FALSE;
}
// Can't use node_invoke(), because the access hook takes the $op parameter
// before the $node parameter.
$module = node_get_types('module', $node);
if ($module == 'node') {
$module = 'node_content'; // Avoid function name collisions.
}
$access = module_invoke($module, 'access', $op, $node, $account);
if (!is_null($access)) {
return $access;
}
// If the module did not override the access rights, use those set in the
// node_access table.
if ($op != 'create' && $node->nid && $node->status) {
$grants = array();
foreach (node_access_grants($op, $account) as $realm => $gids) {
foreach ($gids as $gid) {
$grants[] = "(gid = $gid AND realm = '$realm')";
}
}
$grants_sql = '';
if (count($grants)) {
$grants_sql = 'AND ('. implode(' OR ', $grants) .')';
}
$sql = "SELECT COUNT(*) FROM {node_access} WHERE (nid = 0 OR nid = %d) $grants_sql AND grant_$op >= 1";
$result = db_query($sql, $node->nid);
return (db_result($result));
}
// Let authors view their own nodes.
if ($op == 'view' && $account->uid == $node->uid && $account->uid != 0) {
return TRUE;
}
return FALSE;
}
#9
If
http://localhost/availability-calendars/4/2009/05/edit?destination=node/4is a page for user A, user B can type in this address and edit user A calendar, even when permissions are not granted to edit any calendars.
Anonymous users are unable to edit so they are poperly blocked.
#10
I have chaned a few bits of code and it works for me now. Seems to work both on 5 and 6
CHanged few lines on availability_calendars.module file
function theme_availability_calendars_month($node, $year, $month, $startofweek, $booked) {
//++++++ Extra Line ++++++++
global $user;
if (user_access('edit availability calendars')) {
//++++++ Extra Line ++++++++
if (user_access('edit own availability calendars') && ($user->uid == $node->uid)) {
$output .= ' '. l('edit', 'availability-calendars/'. $node->nid .'/'. date('Y/m', mktime(0,0,0,$month,1,$year)) .'/edit', NULL, 'destination=node/'. $node->nid);
//++++++ Extra Line ++++++++
}
}
#11
please post as patch against latest 5.x version if you want the changes included. I cannot maintain 5.x, but will commit a patch for you if it's tested and works, really people should have upgraded by now, but that is a different discussion.
#12