summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authordzhgenti2012-09-20 17:15:31 (GMT)
committerAmitai Burstein2012-09-20 17:15:31 (GMT)
commita50108334a84c39e1a34fe9dfb93f6967b495058 (patch)
tree89ff44f9bc9fd0ee87374a93a493acf952294915
parent0ee136101c683f5c05e8ad8a98722096abdef53b (diff)
Issue #1698704 by zhgenti: Added Autocomplete callback access validation.
-rw-r--r--entityreference.module34
1 files changed, 28 insertions, 6 deletions
diff --git a/entityreference.module b/entityreference.module
index 425c8aa..53d2c2b 100644
--- a/entityreference.module
+++ b/entityreference.module
@@ -97,14 +97,16 @@ function entityreference_menu() {
'title' => 'Entity Reference Autocomplete',
'page callback' => 'entityreference_autocomplete_callback',
'page arguments' => array(2, 3, 4, 5),
- 'access callback' => TRUE,
+ 'access callback' => 'entityreference_autocomplete_access_callback',
+ 'access arguments' => array(2, 3, 4, 5),
'type' => MENU_CALLBACK,
);
$items['entityreference/autocomplete/tags/%/%/%'] = array(
'title' => 'Entity Reference Autocomplete',
'page callback' => 'entityreference_autocomplete_callback',
'page arguments' => array(2, 3, 4, 5),
- 'access callback' => TRUE,
+ 'access callback' => 'entityreference_autocomplete_access_callback',
+ 'access arguments' => array(2, 3, 4, 5),
'type' => MENU_CALLBACK,
);
@@ -782,6 +784,30 @@ function entityreference_field_widget_error($element, $error) {
}
/**
+ * Menu Access callback for the autocomplete widget.
+ *
+ * @param $type
+ * The widget type (i.e. 'single' or 'tags').
+ * @param $field_name
+ * The name of the entity-reference field.
+ * @param $entity_type
+ * The entity type.
+ * @param $bundle_name
+ * The bundle name.
+ * @return
+ * True if user can access this menu item.
+ */
+function entityreference_autocomplete_access_callback($type, $field_name, $entity_type, $bundle_name) {
+ $field = field_info_field($field_name);
+ $instance = field_info_instance($entity_type, $field_name, $bundle_name);
+
+ if (!$field || !$instance || $field['type'] != 'entityreference' || !field_access('edit', $field, $entity_type)) {
+ return FALSE;
+ }
+ return TRUE;
+}
+
+/**
* Menu callback: autocomplete the label of an entity.
*
* @param $type
@@ -803,10 +829,6 @@ function entityreference_autocomplete_callback($type, $field_name, $entity_type,
$instance = field_info_instance($entity_type, $field_name, $bundle_name);
$matches = array();
- if (!$field || !$instance || $field['type'] != 'entityreference' || !field_access('edit', $field, $entity_type)) {
- return MENU_ACCESS_DENIED;
- }
-
$entity = NULL;
if ($entity_id !== 'NULL') {
$entity = entity_load_single($entity_type, $entity_id);