summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorKaren Stevenson2008-08-25 20:59:36 (GMT)
committer Karen Stevenson2008-08-25 20:59:36 (GMT)
commit53a93046834b37ef4e25f79df8699aeb216e8cc6 (patch)
tree9a0612782b771870c2e47698970bd7eaca56fe1b
parent47e8cd762ff7e72679af5432f30fb9f8d402f137 (diff)
#298440 by Moonshine and KarenS: move form permission checking to content_field_form() and don't call hook_widget for users w/out permission.
-rw-r--r--CHANGELOG.txt1
-rw-r--r--includes/content.node_form.inc22
-rw-r--r--modules/content_permissions/content_permissions.module28
3 files changed, 36 insertions, 15 deletions
diff --git a/CHANGELOG.txt b/CHANGELOG.txt
index 022fff9..032de43 100644
--- a/CHANGELOG.txt
+++ b/CHANGELOG.txt
@@ -3,6 +3,7 @@
CCK 6.2-dev
===========
+- #298440 by Moonshine and KarenS: move form permission checking to content_field_form() and don't call hook_widget for users w/out permission.
- #294726 by profix898 and yched: _content_type_info() does not reset on content type changes.
- #293273 Nodereference: update 'referenceable types' when type name changes.
- #295914 Fix additional problems when installing CCK in install profiles.
diff --git a/includes/content.node_form.inc b/includes/content.node_form.inc
index 9afc84d..2003643 100644
--- a/includes/content.node_form.inc
+++ b/includes/content.node_form.inc
@@ -39,10 +39,29 @@ function content_field_form(&$form, &$form_state, $field, $get_delta = NULL) {
$node = $form['#node'];
$addition = array();
$form_element = array();
+ $field_name = $field['field_name'];
+
+ // See if access to this form element is restricted,
+ // if so, skip widget processing and just set the value.
+ $access = TRUE;
+ $field_access = module_invoke_all('field_access', 'edit', $field);
+ foreach ($field_access as $value) {
+ if (empty($value)) {
+ $access = FALSE;
+ }
+ }
+ if (!$access) {
+ $addition[$field_name] = array(
+ '#access' => $access,
+ '#type' => 'value',
+ '#value' => $node->$field_name,
+ );
+ return $addition;
+ }
+
// TODO: is the "if (function_exists($function)) {" needed ?
// defining the $function here makes it unclear where it is actually called
$function = $field['widget']['module'] .'_widget';
- $field_name = $field['field_name'];
if (function_exists($function)) {
// Prepare the values to be filled in the widget.
// We look in the following places:
@@ -115,6 +134,7 @@ function content_field_form(&$form, &$form_state, $field, $get_delta = NULL) {
'#field_name' => $field['field_name'],
'#tree' => TRUE,
'#weight' => $field['widget']['weight'],
+ '#access' => $access,
// TODO: what's the need for #count ? does not seem to be used anywhere ?
'#count' => count($form_element),
);
diff --git a/modules/content_permissions/content_permissions.module b/modules/content_permissions/content_permissions.module
index 531ae7c..9b2d933 100644
--- a/modules/content_permissions/content_permissions.module
+++ b/modules/content_permissions/content_permissions.module
@@ -13,20 +13,6 @@ function content_permissions_perm() {
}
/**
- * Implementation of hook_form_alter(). Remove inaccessible fields from node display.
- */
-function content_permissions_form_alter(&$form, $form_state, $form_id) {
- if (isset($form['type']) && isset($form['#node']) && $form['type']['#value'] .'_node_form' == $form_id) {
- $type = content_types($form['type']['#value']);
- foreach ($type['fields'] as $field_name => $field) {
- if (isset($form[$field_name])) {
- $form[$field_name]['#access'] = user_access('edit '. $field_name);
- }
- }
- }
-}
-
-/**
* Implementation of hook_nodeapi(). Remove inaccessible fields from node display.
*/
function content_permissions_nodeapi(&$node, $op, $a3 = NULL, $a4 = NULL) {
@@ -41,6 +27,20 @@ function content_permissions_nodeapi(&$node, $op, $a3 = NULL, $a4 = NULL) {
}
/**
+ * Remove inaccessible fields from nodes.
+ *
+ * @see content_field_form().
+ */
+function content_permissions_field_access($op, $field) {
+ switch ($op) {
+ case 'view':
+ case 'edit':
+ return user_access($op .' '. $field['field_name']);
+ }
+ return TRUE;
+}
+
+/**
* The default field access callback. Remove inaccessible fields from Views.
*
* @see content_views_field_views_data().