-
Notifications
You must be signed in to change notification settings - Fork 1
/
og_subgroups.module
executable file
·208 lines (195 loc) · 6.83 KB
/
og_subgroups.module
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
<?php
/**
* @file
* Enable defining hierarchy of groups for organic groups.
*/
/**
* Implementation of hook_ctools_plugin_directory().
*/
function og_subgroups_ctools_plugin_directory($module, $plugin) {
// Safety: go away if CTools is not at an appropriate version.
if (!module_invoke('ctools', 'api_version', OG_REQUIRED_CTOOLS_API)) {
return;
}
if ($module == 'ctools') {
return 'plugins/' . $plugin;
}
}
/**
* Check if a user has access permission in one of the ancestors groups
* and return the tree structure of the group hierarchy.
*
* @param $entity_groups
* Array of group id to check and start moving up in the hierarchy.
* @param $account
* Optional; The account to check
* @param $string
* Optional; The permission string, if empty return the full tree stucture in
* $structure, otherwise stops when the permission is grant.
* @param $structure
* Optional; This is the array that you should send by ref to get back
* all the tree structure of the given groups.
* Array contain 2 keys ['gid'] - group id, and ['level'] the depth of the
* parent.
* @param $level
* Optional; Level of tree to start counting from, normaly there is no need
* to change this. Default to 0 being the entity given.
*
* @return
* TRUE if user has access grant with the given perm to one of the enstertors
* groups.
*/
function og_subgroups_get_reverse_hierarchy_tree_perm($entity_groups, $string = '', $account = NULL, &$structure = array(), &$graph = FALSE , $level = 0) {
// Check if user has the permission in a parent group.
foreach($entity_groups as $gid) {
// Save the hierarchy structure.
$structure[$gid] = array();
$structure[$gid]['gid'] = $gid;
$structure[$gid]['level'] = $level;
// Build a graph with graph api
if (is_array($graph)) {
$group = og_load($gid);
graphapi_set_node_title($graph, $gid, $group->label);
// dpm($graph);
}
// Check access permission.
if ($string) {
if (og_user_access($gid, $string, $account, TRUE)) {
return TRUE;
}
}
}
// Get all groups that are content of user_groups (as an array of group ids).
$groups = og_load_multiple($entity_groups);
$parent_groups = array();
foreach ($groups as $group) {
// Load the entity associated with the group.
$entity = og_load_entity_from_group($group->gid);
// Get all groups that are associated with passed group.
$parents = og_get_entity_groups($group->entity_type, $entity);
$parent_groups += $parents;
// Build a graph path with graph api
if (is_array($graph)) {
foreach ($parents as $parent) {
graphapi_set_node_title($graph, $parent, $parent);
graphapi_set_link_data($graph, $group->gid, $parent, array('color' => '#018FE2'));
}
}
}
if ($parent_groups) {
// Recurssion call of the function.
return og_subgroups_get_reverse_hierarchy_tree_perm($parent_groups, $string, $account, $structure, $graph, ++$level);
}
else {
// Reached a dead end, return false.
return FALSE;
}
}
/**
* Implements hook_og_user_access_alter()
*/
function og_subgroups_og_user_access_alter(&$perm, $context) {
// Update the permission for a user that tries to access a sub group.
// This gives to any users his og group permission to all his subgroups,
// without the -need for him to be a member in the groups.
$perm[$context['string']] = og_subgroups_get_reverse_hierarchy_tree_perm(array($context['group']->gid), $context['string'], $context['account']);
}
/**
* Implements hook_node_access_records_alter().
*
* This alter is fired on node save, we want to add view permission to a user's
* subgroups (private groups), to do so we add the parent groups id to all
* groups.
*/
function og_subgroups_node_access_records_alter(&$grants, $node) {
// Relevant only for private groups.
if (module_exists('og_access')) {
// The group IDs, that in case access is granted, will be recorded.
$gids = array();
$private = FALSE;
$groups = array();
// Dealing with a node group that is private.
if (!empty($node->{OG_ACCESS_FIELD}[LANGUAGE_NONE][0]['value'])) {
$group = og_get_group('node', $node->nid);
if ($group) {
$groups[] = $group->gid;
$private = TRUE;
}
}
// Dealing with a group content.
elseif (isset($node->{OG_CONTENT_ACCESS_FIELD}[LANGUAGE_NONE][0]['value'])) {
// If no groups with og realm are defined, this means it's a public group
// then do nothing, otherwise treat as a private group.
if (($node->{OG_CONTENT_ACCESS_FIELD}[LANGUAGE_NONE][0]['value'] == OG_CONTENT_ACCESS_PRIVATE) ||
($node->{OG_CONTENT_ACCESS_FIELD}[LANGUAGE_NONE][0]['value'] == OG_CONTENT_ACCESS_DEFAULT && og_subgroups_grants_has_og_realm($grants))) {
$groups = og_get_entity_groups('node', $node);
$private = TRUE;
}
}
// If group is private, then grant permissions for parent groups.
if ($private) {
og_subgroups_get_reverse_hierarchy_tree_perm($groups,'', NULL, &$gids);
// Check existing grant and remove from gids[], to avoid duplication.
foreach ($grants as $granted) {
if (isset($gids[$granted['gid']])) {
unset($gids[$granted['gid']]);
}
}
// Build the new access Grant array.
foreach ($gids as $gid) {
$grants[] = array (
'realm' => OG_ACCESS_AUTHENTICATED_REALM,
'gid' => $gid['gid'],
'grant_view' => 1,
'grant_update' => 0,
'grant_delete' => 0,
'priority' => 0,
);
}
}
}
}
/**
* Return TRUE if $grants contain an OG realm
*/
function og_subgroups_grants_has_og_realm($grants) {
foreach ($grants as $granted) {
if ($granted['realm'] == OG_ACCESS_AUTHENTICATED_REALM) {
return TRUE;
}
}
return FALSE;
}
/**
* Get hierarchy tree.
*
* @param $entity_type
* @param $etid
* @param $options
*/
function og_get_hierarchy($entity_type, $etid, $options = array(), &$tree = array(), $depth = 0) {
$options += array(
'direction' => 'up',
'type' => 'single',
'sanitize' => TRUE,
);
$wrapper = entity_metadata_wrapper($entity_type, $etid);
if ($depth == 0 && $group = $wrapper->group->value()) {
if ($options['type'] == 'single') {
$tree[$group->gid] = og_label($group->gid, $options['sanitize']);
}
else {
$tree[$depth][$group->gid] = og_label($group->gid, $options['sanitize']);
}
}
if ($options['direction'] == 'up' && $options['type'] == 'single') {
$group = FALSE;
// Get the first group associated with the entity.
if ($wrapper->og_membership->get(0)->value()) {
$group = $wrapper->og_membership->get(0)->group->value();
$tree[$group->gid] = og_label($group->gid, $options['sanitize']);
og_get_hierarchy($group->entity_type, $group->etid, $options, $tree, $depth + 1);
}
}
return $tree;
}