function og_access_node_access_records

7.x-2.x og_access.module og_access_node_access_records($node)
7.x-1.x og_access.module og_access_node_access_records($node)
6.x og_access.module og_access_node_access_records($node)

Implements hook_node_access_records().

File

og/og_access/og_access.module, line 64
Enable access control for private and public groups and group content.

Code

function og_access_node_access_records($node) {
  if (empty($node->status)) {
    // Node is unpublished, so we don't allow every group member to see
    // it.
    return array();
  }

  // The group IDs, that in case access is granted, will be recorded.
  $gids = array();

  $wrapper = entity_metadata_wrapper('node', $node);

  // Verify that a group content with visibility field can't create when there
  // isn't an OG access field attached to the group entity.
  if (!empty($wrapper->{OG_CONTENT_ACCESS_FIELD}) && $wrapper->{OG_CONTENT_ACCESS_FIELD}->value() == OG_CONTENT_ACCESS_DEFAULT) {
    _og_access_verify_access_field_existence($node);
  }

  if (!empty($wrapper->{OG_ACCESS_FIELD}) && $wrapper->{OG_ACCESS_FIELD}->value() && og_is_group('node', $node)) {
    // Private group.
    $gids['node'][] = $node->nid;
  }
  // If there is no content access field on the group content, we assume
  // that the group defaults are needed.
  // This allows us not to have the content access field on the group
  // content but still have access control.
  $content_access = !empty($wrapper->{OG_CONTENT_ACCESS_FIELD}) ? $wrapper->{OG_CONTENT_ACCESS_FIELD}->value() : OG_CONTENT_ACCESS_DEFAULT;
  switch ($content_access) {
    case OG_CONTENT_ACCESS_DEFAULT:
      if (!$entity_groups = og_get_entity_groups('node', $node)) {
        break;
      }

      $has_private = FALSE;
      foreach ($entity_groups as $group_type => $values) {
        entity_load($group_type, $values);
        foreach ($values as $gid) {
          $list_gids[$group_type][] = $gid;
          if ($has_private) {
            // We already know we have a private group, so we can avoid
            // re-checking it.
            continue;
          }
          $group_wrapper = entity_metadata_wrapper($group_type, $gid);
          if (!empty($group_wrapper->{OG_ACCESS_FIELD}) && $group_wrapper->{OG_ACCESS_FIELD}->value()) {
            $has_private = TRUE;
          }
        }
      }

      if ($has_private) {
        $gids = array_merge_recursive($gids, $list_gids);
      }
      break;

    case OG_CONTENT_ACCESS_PUBLIC:
      // Do nothing.
      break;

    case OG_CONTENT_ACCESS_PRIVATE:
      $gids = array_merge_recursive($gids, og_get_entity_groups('node', $node));
      break;
  }

  foreach ($gids as $group_type => $values) {
    foreach ($values as $gid) {
      $grants[] = array(
        'realm' => OG_ACCESS_REALM . ':' . $group_type,
        'gid' => $gid,
        'grant_view' => 1,
        'grant_update' => 0,
        'grant_delete' => 0,
        'priority' => 0,
      );
    }
  }

  return !empty($grants) ? $grants : array();
}