$module,
'name' => $name,
'number' => $number
);
drupal_write_record('acl', $acl);
return $acl['acl_id'];
}
/**
* Delete an existing ACL.
*/
function acl_delete_acl($acl_id) {
db_delete('acl')
->condition('acl_id', $acl_id)
->execute();
db_delete('acl_user')
->condition('acl_id', $acl_id)
->execute();
db_delete('acl_node')
->condition('acl_id', $acl_id)
->execute();
}
/**
* Add the specified UID to an ACL.
*/
function acl_add_user($acl_id, $uid) {
$test_uid = db_query("SELECT uid FROM {acl_user} WHERE acl_id = :acl_id AND uid = :uid", array(
'acl_id' => $acl_id,
'uid' => $uid,
))->fetchField();
if (!$test_uid) {
db_insert('acl_user')
->fields(array(
'acl_id' => $acl_id,
'uid' => $uid,
))
->execute();
}
}
/**
* Remove the specified UID from an ACL.
*/
function acl_remove_user($acl_id, $uid) {
db_delete('acl_user')
->condition('acl_id', $acl_id)
->condition('uid', $uid)
->execute();
}
/**
* Provide a form to edit the ACL that can be embedded in other forms.
* Pass $new_acl=TRUE if you have no ACL yet, but do supply a string
* like 'my_module_new_acl' as $acl_id anyway.
*/
function acl_edit_form(&$form_state, $acl_id, $label = NULL, $new_acl = FALSE) {
$form_state['build_info']['files'][] = _acl_module_load_include('admin.inc');
return _acl_edit_form($acl_id, $label, $new_acl);
}
/**
* Provide access control to all nodes selected by a subquery, based upon an ACL id.
*/
function acl_add_nodes($subselect, $acl_id, $view, $update, $delete, $priority = 0) {
db_delete('acl_node')
->condition('acl_id', $acl_id)
->condition('nid', $subselect, 'IN')
->execute();
$subselect->addExpression($acl_id, 'acl_id');
$subselect->addExpression((int) $view, 'grant_view');
$subselect->addExpression((int) $update, 'grant_update');
$subselect->addExpression((int) $delete, 'grant_delete');
$subselect->addExpression($priority, 'priority');
db_insert('acl_node')
->from($subselect)
->execute();
}
/**
* Provide access control to a node based upon an ACL id.
*/
function acl_node_add_acl($nid, $acl_id, $view, $update, $delete, $priority = 0) {
db_delete('acl_node')
->condition('acl_id', $acl_id)
->condition('nid', $nid)
->execute();
db_insert('acl_node')
->fields(array(
'acl_id' => $acl_id,
'nid' => $nid,
'grant_view' => (int) $view,
'grant_update' => (int) $update,
'grant_delete' => (int) $delete,
'priority' => $priority,
))
->execute();
}
/**
* Remove an ACL completely from a node.
*/
function acl_node_remove_acl($nid, $acl_id) {
db_delete('acl_node')
->condition('acl_id', $acl_id)
->condition('nid', $nid)
->execute();
}
/**
* Clear all of a module's ACL's from a node.
*/
function acl_node_clear_acls($nid, $module) {
$acl_ids = db_query("SELECT acl_id FROM {acl} WHERE module = :module", array(
'module' => $module
))->fetchCol();
if ($acl_ids) {
db_delete('acl_node')
->condition('nid', $nid)
->condition('acl_id', $acl_ids, 'IN')
->execute();
}
}
/**
* Gets the id of an ACL by name (+ optionally number).
*/
function acl_get_id_by_name($module, $name, $number = NULL) {
$query = db_select('acl', 'acl')
->fields('acl', array('acl_id'))
->condition('module', $module)
->condition('name', $name);
if (isset($number)) {
$query->condition('number', $number);
}
return $query->execute()->fetchField();
}
/**
* Gets the id of an ACL by number.
*/
function acl_get_id_by_number($module, $number) {
return db_query("SELECT acl_id FROM {acl} WHERE module = :module AND number = :number", array(
'module' => $module,
'number' => $number,
))->fetchField();
}
/**
* Determines if an acl has some assigned users
*/
function acl_has_users($acl_id) {
return db_query("SELECT COUNT(uid) FROM {acl_user} WHERE acl_id = :acl_id", array(
'acl_id' => $acl_id,
))->fetchField();
}
/**
* Determines if an acl has a specific assigned user
*/
function acl_has_user($acl_id, $uid) {
return db_query("SELECT COUNT(uid) FROM {acl_user} WHERE acl_id = :acl_id AND uid = :uid", array(
'acl_id' => $acl_id,
'uid' => $uid,
))->fetchField();
}
/**
* Gets an array of acl_ids held by a user
*/
function acl_get_ids_by_user($module, $uid, $name = NULL, $number = NULL) {
$query = db_select('acl', 'a');
$query->join('acl_user', 'au', 'a.acl_id = au.acl_id');
$query
->fields('a', array('acl_id'))
->condition('a.module', $module)
->condition('au.uid', $uid);
if (isset($name)) {
$query->condition('a.name', $name);
}
if (isset($number)) {
$query->condition('a.number', $number);
}
$acl_ids = $query->execute()->fetchCol();
return $acl_ids;
}
/**
* Gets the uids of an acl
*/
function acl_get_uids($acl_id) {
$uids = db_query("SELECT uid FROM {acl_user} WHERE acl_id = :acl_id", array(
'acl_id' => $acl_id,
))->fetchCol();
return $uids;
}
/**
* Implementation of hook_node_access_records().
*/
function acl_node_access_records($node) {
if (!$node->nid) {
return;
}
$result = db_query("SELECT n.*, 'acl' AS realm, n.acl_id AS gid, a.module FROM {acl_node} n INNER JOIN {acl} a ON n.acl_id = a.acl_id WHERE nid = :nid", array(
'nid' => $node->nid,
), array('fetch' => PDO::FETCH_ASSOC));
$grants = array();
foreach ($result as $grant) {
if (module_invoke($grant['module'], 'enabled')) {
if (acl_has_users($grant['gid'])) {
$grants[] = $grant;
}
else {
//just deny access
$grants[] = array(
'realm' => 'acl',
'gid' => $grant['gid'],
'grant_view' => 0,
'grant_update' => 0,
'grant_delete' => 0,
'priority' => $grant['priority'],
);
}
}
}
return $grants;
}
/**
* Implementation of hook_node_grants().
*/
function acl_node_grants($account, $op) {
$acl_ids = db_query("SELECT acl_id FROM {acl_user} WHERE uid = :uid", array(
'uid' => $account->uid,
))->fetchCol();
return (!empty($acl_ids) ? array('acl' => $acl_ids) : NULL);
}
/**
* Implementation of hook_node_delete().
*/
function acl_node_delete($node) {
db_delete('acl_node')
->condition('nid', $node->nid)
->execute();
}
/**
* Implementation of hook_user_cancel().
*/
function acl_user_cancel($edit, $account, $method) {
db_delete('acl_user')
->condition('uid', $account->uid)
->execute();
}
function _acl_module_load_include($type) {
static $loaded = array();
if (!isset($loaded[$type])) {
$path = module_load_include($type, 'acl');
$loaded[$type] = drupal_get_path('module', 'acl') . "/acl.$type";
}
return $loaded[$type];
}
/**
* Implementation of hook_node_access_explain().
*/
function acl_node_access_explain($row) {
static $interpretations = array();
if ($row->realm == 'acl') {
if (!isset($interpretations[$row->gid])) {
$acl = db_query("SELECT * FROM {acl} WHERE acl_id = :acl_id", array(
'acl_id' => $row->gid,
))->fetchObject();
$acl->tag = '?';
if (!isset($acl->name)) {
$acl->tag = $acl->number;
}
elseif (!isset($acl->number)) {
$acl->tag = $acl->name;
}
else {
$acl->tag = $acl->name . '-' . $acl->number;
}
$result = db_query("SELECT u.name FROM {acl_user} au, {users} u WHERE au.acl_id = :acl_id AND au.uid = u.uid", array(
'acl_id' => $row->gid,
));
foreach ($result as $user) {
$users[] = $user->name;
}
if (isset($users)) {
$users = implode(', ', $users);
$interpretations[$row->gid] = _acl_get_explanation("$acl->module/$acl->tag: $users", $acl->acl_id, $acl->module, $acl->name, $acl->number, $users);
}
elseif ($row->gid == 0) {
$result = db_query("SELECT an.acl_id, a.module, a.name FROM {acl_node} an JOIN {acl} a ON an.acl_id = a.acl_id LEFT JOIN {acl_user} au ON a.acl_id = au.acl_id WHERE an.nid = :nid AND au.uid IS NULL", array(
'nid' => $row->nid,
));
foreach ($result as $acl) {
$rows[] = _acl_get_explanation("$acl->acl_id: $acl->module/$acl->tag", $acl->acl_id, $acl->module, $acl->name, $acl->number);
}
if (!empty($rows)) {
return implode('
', $rows);
}
return 'No access via ACL.';
}
else {
$interpretations[$row->gid] = _acl_get_explanation("$acl->module/$acl->tag: no users!", $acl->acl_id, $acl->module, $acl->name, $acl->number);
}
}
return $interpretations[$row->gid];
}
}
/**
* Asks the client for its interpretation of the given grant record.
*/
function _acl_get_explanation($text, $acl_id, $module, $name, $number, $users = NULL) {
$hook = $module .'_acl_explain';
if (function_exists($hook)) {
return ''. $text .'';
}
return $text;
}