More granular permissions contol
cfuller12 - June 8, 2009 - 17:54
| Project: | Nodequeue |
| Version: | 6.x-2.1 |
| Component: | Code |
| Category: | feature request |
| Priority: | normal |
| Assigned: | Unassigned |
| Status: | active |
Description
You may consider this a duplicate of http://drupal.org/node/272298, however, it seems to me that a simple approach to allowing more flexible and granular controls for queue permissions would be to change the following:
if ($queue->owner != 'nodequeue') { // Avoids an infinite loop.
$function = $queue->owner . '_queue_access';
if (function_exists($function)) {
$access = $function($queue, $account);
}
}to:
if ($queue->owner != 'nodequeue') { // Avoids an infinite loop.
$function = $queue->owner . '_queue_access';
$access = module_invoke_all($function, $queue, $account);
foreach ($access as $a) {
if (!$a || $a == FALSE) {
$access = FALSE;
continue;
}
else {
$access = TRUE;
}
}
}I'm keeping $queue->owner in the function name to allow for more granularity but it's probably not really necessary.
This change would need to be made to both nodequeue_api_queue_access and nodequeue_api_subqueue_access but would provide a more "typical" way to override permissions control. I'm doing this in a separate module now (using menu_alter to insert my access hooks) and it seems to work well. Do you see any major problems with this approach?