From 9e50943df432ff7afa6b83fdc918110e2be2e0f0 Mon Sep 17 00:00:00 2001
From: Chris Pliakas <cpliakas@266779.no-reply.drupal.org>
Date: Sun, 17 Apr 2011 13:16:49 -0500
Subject: [PATCH] Issue #877392 by cpliakas, marvil07: Add a hook that allows modules to alter voting permissions.

---
 vud.api.php                    |   28 ++++++++++++++++++++++
 vud.module                     |   50 ++++++++++++++++++++++++++++++++++++++-
 vud_comment/vud_comment.module |    3 +-
 vud_node/vud_node.module       |    5 ++-
 vud_term/vud_term.module       |    5 ++-
 5 files changed, 84 insertions(+), 7 deletions(-)

diff --git a/vud.api.php b/vud.api.php
index 4d1d804..ff7a736 100644
--- a/vud.api.php
+++ b/vud.api.php
@@ -11,6 +11,34 @@
 define('VUD_NEWENTITY_WIDGET_MESSAGE_POSTPONED', 2);
 
 /**
+ * Allow modules to alter access to the voting operation.
+ *
+ * @param $perm
+ *   A string containing the permission required to modify the vote.
+ * @param $content_type
+ *   A string containing the type of content being voted on.
+ * @param $content_id
+ *   An integer containing the unique ID of the content being voted on.
+ * @param $value
+ *   An integer containing the vote value, 1 for an up vote, -1 for a down vote.
+ * @param $tag
+ *   A string containing the voting API tag.
+ * $param $account
+ *   An object containing the user voting on the content, NULL for the current
+ *   user.
+ *
+ * @return
+ *   A boolean forcing access to the vote, pass NULL if the function should
+ *   not modify the access restriction.
+ */
+function hook_vud_access($perm, $content_type, $content_id, $value, $tag, $account) {
+  // Denies access for all users other than user 1.
+  if ($account->uid != 1) {
+    return FALSE;
+  }
+}
+
+/**
  * Modify the array of know messages.
  *
  * For a real implementation take a look at
diff --git a/vud.module b/vud.module
index ed32d30..8a9758e 100644
--- a/vud.module
+++ b/vud.module
@@ -77,7 +77,8 @@ function vud_menu() {
     'title'            => 'Vote',
     'page callback'    => 'vud_vote',
     'page arguments'   => array(1, 2, 3, 4, 5, 6),
-    'access arguments' => array('use vote up/down'),
+    'access callback'  => 'vud_access_callback',
+    'access arguments' => array('use vote up/down', 1, 2, 3, 4),
     'type'             => MENU_CALLBACK,
     'file'             => 'vud.theme.inc',
   );
@@ -86,7 +87,8 @@ function vud_menu() {
     'title'            => 'Reset vote',
     'page callback'    => 'vud_reset',
     'page arguments'   => array(1, 2, 3, 4),
-    'access arguments' => array('reset vote up/down votes'),
+    'access callback'  => 'vud_access_callback',
+    'access arguments' => array('reset vote up/down votes', 1, 2, 3, 4),
     'type'             => MENU_CALLBACK,
   );
 
@@ -110,6 +112,50 @@ function vud_menu() {
 }
 
 /**
+ * Access callback for votes.
+ *
+ * @param $perm
+ *   A string containing the permission required to modify the vote.
+ * @param $content_type
+ *   A string containing the type of content being voted on.
+ * @param $content_id
+ *   An integer containing the unique ID of the content being voted on.
+ * @param $value
+ *   An integer containing the vote value, 1 for an up vote, -1 for a down vote.
+ * @param $tag
+ *   A string containing the voting API tag.
+ * $param $account
+ *   An object containing the user voting on the content, NULL for the current
+ *   user.
+ *
+ * @return
+ *   A boolean flagging whether or not the user has access to the vote.
+ */
+function vud_access_callback($perm, $content_type, $content_id, $value, $tag, $account = NULL) {
+  if ($account === NULL) {
+    global $user;
+    $account = $user;
+  }
+
+  // If user do not pass system permissions, deny soon.
+  if (user_access($perm, $account) !== TRUE) {
+    return FALSE;
+  }
+
+  // Invokes hook_vud_access(), gives modules ability to allow or disallow access.
+  $access_array = module_invoke_all('vud_access', $perm, $content_type, $content_id, $value, $tag, $account);
+  foreach ($access_array as $access_result) {
+    // If one hook implementation want to deny, end there.
+    if ($access_result !== TRUE) {
+      return FALSE;
+    }
+  }
+
+  // If we are here, account should pass.
+  return TRUE;
+}
+
+/**
  * Implementation of hook_perm().
  */
 function vud_perm() {
diff --git a/vud_comment/vud_comment.module b/vud_comment/vud_comment.module
index b19d6ac..052cb06 100644
--- a/vud_comment/vud_comment.module
+++ b/vud_comment/vud_comment.module
@@ -113,8 +113,9 @@ function vud_comment_comment(&$comment, $op) {
       $comment_allow = in_array($type, variable_get('vud_comment_node_types', array()), TRUE);
       if ($comment_allow && user_access('use vote up/down on comments')) {
         $tag = variable_get('vud_tag', 'vote');
+        $read_only = !vud_access_callback('use vote up/down', 'comment', $comment->cid, 0, $tag);
         $widget = variable_get('vud_comment_widget', 'plain');
-        $comment->vud_comment_widget = theme('vud_widget', $comment->cid, 'comment', $tag, $widget);
+        $comment->vud_comment_widget = theme('vud_widget', $comment->cid, 'comment', $tag, $widget, $read_only, VUD_WIDGET_MESSAGE_DENIED);
         if (variable_get('vud_comment_widget_display', VUD_COMMENT_DISPLAY_NORMAL) == VUD_COMMENT_DISPLAY_NORMAL) {
           $comment->comment = $comment->vud_comment_widget . $comment->comment;
         }
diff --git a/vud_node/vud_node.module b/vud_node/vud_node.module
index 635f600..8155c1d 100644
--- a/vud_node/vud_node.module
+++ b/vud_node/vud_node.module
@@ -141,10 +141,11 @@ function vud_node_nodeapi(&$node, $op, $a3 = NULL, $a4 = NULL) {
       if (in_array($node->build_mode, $exclude_modes)) {
         break;
       }
-      if (($can_edit=user_access('use vote up/down on nodes')) || user_access('view vote up/down count on nodes')) {
+      $tag = variable_get('vud_tag', 'vote');
+      $can_edit = (user_access('use vote up/down on nodes') && vud_access_callback('use vote up/down', 'node', $node->nid, 0, $tag));
+      if ($can_edit || user_access('view vote up/down count on nodes')) {
         $node_type = in_array($node->type, variable_get('vud_node_types', array()), TRUE);
         $widget_showmode = variable_get('vud_node_widget_show', VUD_NODE_DISPLAY_BOTH);
-        $tag = variable_get('vud_tag', 'vote');
         $widget = variable_get('vud_node_widget', 'plain');
         $vote_on_teaser = (bool)variable_get('vud_node_widget_vote_on_teaser', TRUE);
         $teaser = $a3;
diff --git a/vud_term/vud_term.module b/vud_term/vud_term.module
index 7bcdc42..b14cde5 100644
--- a/vud_term/vud_term.module
+++ b/vud_term/vud_term.module
@@ -106,6 +106,7 @@ function _vud_term_generate_table(&$node) {
   foreach ($node->taxonomy as $term => $tdetails) {
     $content_id =  $tdetails->tid;
     $tag = "n$node->nid";
+    $read_only = !vud_access_callback('use vote up/down', 'term', $content_id, 0, $tag);
     $reset_token = drupal_get_token("votereset/term/$content_id/$tag");
     if (variable_get('vud_term_reset', 0) && user_access('reset vote up/down votes')) {
       $header = array(
@@ -118,7 +119,7 @@ function _vud_term_generate_table(&$node) {
       $rows[] = array(
         $tdetails->name,
         $tdetails->description,
-        theme('vud_widget', $content_id, "term", $tag, $widget),
+        theme('vud_widget', $content_id, "term", $tag, $widget, $read_only, VUD_WIDGET_MESSAGE_DENIED),
         "<span id=\"total-votes-term-$content_id\">". _vud_term_get_row_votes($content_id, $tag) .'</span>',
         l('Reset your vote', "votereset/term/$content_id/$tag/$reset_token"),
       );
@@ -133,7 +134,7 @@ function _vud_term_generate_table(&$node) {
       $rows[] = array(
         $tdetails->name,
         $tdetails->description,
-        theme('vud_widget', $content_id, "term", $tag, $widget),
+        theme('vud_widget', $content_id, "term", $tag, $widget, $read_only, VUD_WIDGET_MESSAGE_DENIED),
         "<span id=\"total-votes-term-$content_id\">". _vud_term_get_row_votes($content_id, $tag) .'</span>',
       );
     }
-- 
1.7.4.1