It looks like we can not use this module, although we want the same result.

Planning to implement a simple role to term table, that defaults to having roles 1 & 2 added for every term. Then using rewrite_sql, filter the results on all term queries.

If this works, would you want to implement this in this module or should I look at another project for it?

I do not plan to create the batch process that will be required to generate the initial term - role relationships post install, (no time), simply doing this step with a long timeout.

Comments

alan d.’s picture

Status: Active » Closed (fixed)

This falls down on one of the requirements that the client has sadly. I will not be pursuing this any further.

It would be great to completely allow or block access via a role however :)

alan d.’s picture

In case someone whats a head start, here was the code: It was never even run.

The core rewrite is not completed, and was where I discovered that this would not work as there is no way to determine where the query is generated from. The base table is also not populated with default term role values.

Queries in Drupal 7 are tagged, so this approach may work on this system.

File: term_roles.info

; $Id$
name = Term roles
description = Couples roles with a term to control access to that term.
package = Access control
core = 6.x

File: term_roles.install

// $Id$

/**
 * @file
 * Standard installation functions.
 */

/**
 * Implements of hook_install().
 */
function term_roles_install() {
  drupal_install_schema('term_roles');
}

/**
 * Implements hook_schema().
 */
function term_roles_schema() {
  $schema = array();

  $schema['term_role'] = array(
    'fields' => array(
      'tid' => array('type' => 'int', 'unsigned' => TRUE, 'not null' => TRUE),
      'rid' => array('type' => 'int', 'unsigned' => TRUE, 'not null' => TRUE),
    ),
    'primary key' => array('tid', 'rid'),
  );

  return $schema;
}

/**
 * Implements hook_uninstall().
 */
function term_roles_uninstall() {
  drupal_uninstall_schema('term_roles');
}

File: term_roles.module

// $Id$

/**
 * Implements hook_help().
 */
function term_roles_help($path, $arg) {
  switch ($path) {
    case 'admin/help#term_roles':
      $output = '<p>' . t('This module allows taxonomy administrators the ability to restrict access to a term per role. This should apply anywhere, but requires other modules to correctly use db_rewrite_sql() for this module to function correctly.') . '</p>';
      $output .= '<p>' . t('To add permissions for a term, go to Administer >> Content Management >> Taxonomy, and add or edit a term. Only the primary site administrator will be able to see a term if all roles are unchecked.') . '</p>';
      return $output;
  }
}

/**
 * Implements hook_taxonomy().
 */
function term_roles_taxonomy($op, $type, $array = NULL) {
  if ($type == 'term') {
    switch ($op) {
      case 'insert':
      case 'update':
        // TODO
        break;
      case 'delete':
        db_query("DELETE FROM {term_role} WHERE tid = %d", $array['tid']);
        break;
    }
  }
  if ($type == 'vocabulary' && $op == 'delete') {
    db_query("DELETE FROM {term_role} WHERE tid IN (SELECT tid FROM {term_data} WHERE vid = %d)", $array['vid']);
  }
}

/**
 * Implements of hook_form_FORM_ID_alter().
 */
function term_roles_form_taxonomy_form_term_alter(&$form, $form_state, $form_id) {
  $form['access'] = array(
    '#type' => 'fieldset',
    '#title' => t('Term roles'),
    '#description' => t('To limit selection of this term by user roles. If no roles are selected only the sites primary administrator will be able to access this term.'),
    '#collapsible' => TRUE,
    '#collapsed' => TRUE,
    '#attributes' => array('id' => 'fieldset_term_access'),
    '#tree' => TRUE,
  );

  $allowed_roles = array();
  if (!empty($form['tid']['#value'])) {
    $result = db_query("SELECT rid FROM {term_role} WHERE tid = %d", array($form['tid']['#value']));
    while($rid = db_result($result)) {
      $allowed_roles[] = $rid;
    }
  }

  // Now, lets do the Roles table.
  $form['access']['role'] = array(
    '#type' => 'checkboxes',
    '#title' => t('Enabled roles'),
    '#description' => t('Select roles that can access to this term.'),
    '#default_value' => $allowed_roles,
    '#options' => user_roles(),
  );

  $form['#submit'][] = 'term_roles_form_taxonomy_form_submit';
}

/**
 * Callback for term_roles_form_taxonomy_form_term_alter().
 */
function term_roles_form_taxonomy_form_submit($form, &$form_state) {
  db_query("DELETE FROM {term_role} WHERE tid = %d", $form_state['values']['tid']);
  foreach($form_state['values']['access']['role'] as $rid => $enabled) {
    if ($enabled) {
      db_query("INSERT INTO {term_role} (tid, rid) VALUES (%d, %d)", $form_state['values']['tid'], $rid);
    }
  }
}

/**
 * Implements hook_rewrite_sql().
 * You shall return an associative array. Possible keys are 'join', 'where' and 'distinct'. The value of 'distinct' shall be 1 if you want that the primary_field made DISTINCT.
 */
function term_roles_db_rewrite_sql($query, $primary_table, $primary_field, $args) {
  global $user;
  if ($user->uid == 1) {
    return;
  }
  if ($primary_field == 'tid') {
    // This query deals with term objects.
    return;
    // TODO
    $return = array();
    if ($primary_table != 't') {
      $return['join'] = "LEFT JOIN {term_data} t ON $primary_table.tid = t.tid";
    }
    return $return;
  }
}
deviantintegral’s picture

Thanks for at least considering to contribute your work! I'm not a huge fan of db_rewrite_sql(), but for D7 I could see adding WHERE clauses as being a much saner design. If you end up being able to work on this, feel free to reopen this issue.