diff --git a/CHANGELOG.txt b/CHANGELOG.txt index 022fff9f790315a6a6f9003eb4d7fcfa0a57eec8..032de439c99fe86b62ed0d9efe6cdb7d9242085f 100644 --- a/CHANGELOG.txt +++ b/CHANGELOG.txt @@ -3,6 +3,7 @@ CCK 6.2-dev =========== +- #298440 by Moonshine and KarenS: move form permission checking to content_field_form() and don't call hook_widget for users w/out permission. - #294726 by profix898 and yched: _content_type_info() does not reset on content type changes. - #293273 Nodereference: update 'referenceable types' when type name changes. - #295914 Fix additional problems when installing CCK in install profiles. diff --git a/includes/content.node_form.inc b/includes/content.node_form.inc index 9afc84d97a903ff6ef81ed90fea0d2180d8f2b5e..2003643bd7368e44ce4330ce108dca0381fb67d7 100644 --- a/includes/content.node_form.inc +++ b/includes/content.node_form.inc @@ -39,10 +39,29 @@ function content_field_form(&$form, &$form_state, $field, $get_delta = NULL) { $node = $form['#node']; $addition = array(); $form_element = array(); + $field_name = $field['field_name']; + + // See if access to this form element is restricted, + // if so, skip widget processing and just set the value. + $access = TRUE; + $field_access = module_invoke_all('field_access', 'edit', $field); + foreach ($field_access as $value) { + if (empty($value)) { + $access = FALSE; + } + } + if (!$access) { + $addition[$field_name] = array( + '#access' => $access, + '#type' => 'value', + '#value' => $node->$field_name, + ); + return $addition; + } + // TODO: is the "if (function_exists($function)) {" needed ? // defining the $function here makes it unclear where it is actually called $function = $field['widget']['module'] .'_widget'; - $field_name = $field['field_name']; if (function_exists($function)) { // Prepare the values to be filled in the widget. // We look in the following places: @@ -115,6 +134,7 @@ function content_field_form(&$form, &$form_state, $field, $get_delta = NULL) { '#field_name' => $field['field_name'], '#tree' => TRUE, '#weight' => $field['widget']['weight'], + '#access' => $access, // TODO: what's the need for #count ? does not seem to be used anywhere ? '#count' => count($form_element), ); diff --git a/modules/content_permissions/content_permissions.module b/modules/content_permissions/content_permissions.module index 531ae7ccc79aa72d8267d8d74b5ff2d0e0abcee1..9b2d933b27364bb4d78ef7ee2f682fe22369fdca 100644 --- a/modules/content_permissions/content_permissions.module +++ b/modules/content_permissions/content_permissions.module @@ -12,20 +12,6 @@ function content_permissions_perm() { return $perms; } -/** - * Implementation of hook_form_alter(). Remove inaccessible fields from node display. - */ -function content_permissions_form_alter(&$form, $form_state, $form_id) { - if (isset($form['type']) && isset($form['#node']) && $form['type']['#value'] .'_node_form' == $form_id) { - $type = content_types($form['type']['#value']); - foreach ($type['fields'] as $field_name => $field) { - if (isset($form[$field_name])) { - $form[$field_name]['#access'] = user_access('edit '. $field_name); - } - } - } -} - /** * Implementation of hook_nodeapi(). Remove inaccessible fields from node display. */ @@ -40,6 +26,20 @@ function content_permissions_nodeapi(&$node, $op, $a3 = NULL, $a4 = NULL) { } } +/** + * Remove inaccessible fields from nodes. + * + * @see content_field_form(). + */ +function content_permissions_field_access($op, $field) { + switch ($op) { + case 'view': + case 'edit': + return user_access($op .' '. $field['field_name']); + } + return TRUE; +} + /** * The default field access callback. Remove inaccessible fields from Views. *