Reworked split FEDORA_VIEW permissions based on convo with David. Now it's FEDORA_VIEW_OBJECTS and FEDORA_MANAGE_DATASTREAMS

12 years ago · 159f64c519
1 changed files with 52 additions and 24 deletions
--- a/islandora.module
+++ b/islandora.module
@ -27,7 +27,7 @@ define('DS_COMP_STREAM', 'DS-COMPOSITE-MODEL');

 // Permissions
 define('FEDORA_VIEW_OBJECTS', 'view fedora repository objects');
-define('FEDORA_VIEW_DATASTREAMS', 'view fedora repository datastreams');
+define('FEDORA_MANAGE_DATASTREAMS', 'view fedora repository datastreams');
 define('FEDORA_METADATA_EDIT', 'edit fedora metadata');
 define('FEDORA_ADD_DS', 'add fedora datastreams');
 define('FEDORA_INGEST', 'ingest fedora objects');
@ -90,7 +90,7 @@ function islandora_menu() {
    'page arguments' => array(2),
    'type' => MENU_NORMAL_ITEM,
    'access callback' => 'islandora_object_access_callback',
-    'access arguments' => array(array(FEDORA_VIEW_OBJECTS), 2),
+    'access arguments' => array(FEDORA_VIEW_OBJECTS, 2),
  );
  $items['islandora/object/%islandora_object/view'] = array(
    'title' => 'View',
@ -107,8 +107,8 @@ function islandora_menu() {
    'page callback' => 'islandora_edit_object',
    'page arguments' => array(2),
    'type' => MENU_LOCAL_TASK,
-    'access callback' => 'islandora_object_access_callback',
-    'access arguments' => array(array(FEDORA_VIEW_OBJECTS, FEDORA_VIEW_DATASTREAMS), 2),
+    'access callback' => 'islandora_object_manage_access_callback',
+    'access arguments' => array(array(FEDORA_MANAGE_DATASTREAMS, FEDORA_MANAGE_PROPERTIES, FEDORA_ADD_DS), 2),
  );
  $items['islandora/object/%islandora_object/manage/datastreams'] = array(
    'title' => 'Datastreams',
@ -122,7 +122,7 @@ function islandora_menu() {
    'page arguments' => array('islandora_object_properties_form', 2),
    'type' => MENU_LOCAL_TASK,
    'access callback' => 'islandora_object_access_callback',
-    'access arguments' => array(array(FEDORA_MANAGE_PROPERTIES), 2),
+    'access arguments' => array(FEDORA_MANAGE_PROPERTIES, 2),
    'weight' => -5,
  );
  $items['islandora/object/%islandora_object/delete'] = array(
@ -132,7 +132,7 @@ function islandora_menu() {
    'page arguments' => array('islandora_delete_object_form', 2),
    'type' => MENU_CALLBACK,
    'access callback' => 'islandora_object_access_callback',
-    'access arguments' => array(array(FEDORA_PURGE), 2),
+    'access arguments' => array(FEDORA_PURGE, 2),
  );
  $items['islandora/object/%islandora_object/manage/datastreams/add'] = array(
    'title' => 'Add a datastream',
@ -141,7 +141,7 @@ function islandora_menu() {
    'page arguments' => array('islandora_add_datastream_form', 2),
    'type' => MENU_LOCAL_ACTION,
    'access callback' => 'islandora_object_access_callback',
-    'access arguments' => array(array(FEDORA_ADD_DS), 2)
+    'access arguments' => array(FEDORA_ADD_DS, 2)
  );
  $items['islandora/object/%islandora_object/manage/datastreams/add/autocomplete'] = array(
    'file' => 'includes/add_datastream.form.inc',
@ -149,7 +149,7 @@ function islandora_menu() {
    'page arguments' => array(2),
    'type' => MENU_CALLBACK,
    'access callback' => 'islandora_object_access_callback',
-    'access arguments' => array(array(FEDORA_ADD_DS), 2)
+    'access arguments' => array(FEDORA_ADD_DS, 2)
  );
  $items['islandora/object/%islandora_object/datastream/%islandora_datastream'] = array(
    'title' => 'View datastream',
@ -158,7 +158,7 @@ function islandora_menu() {
    'type' => MENU_CALLBACK,
    'file' => 'includes/datastream.inc',
    'access callback' => 'islandora_object_datastream_access_callback',
-    'access arguments' => array(FEDORA_VIEW_DATASTREAMS, 2, 4),
+    'access arguments' => array(FEDORA_VIEW_OBJECTS, 2, 4),
    'load arguments' => array(2),
  );
  // This menu item uses token authentication in islandora_tokened_object.
@ -174,7 +174,7 @@ function islandora_menu() {
    'type' => MENU_CALLBACK,
    'file' => 'includes/datastream.inc',
    'access callback' => 'islandora_object_datastream_access_callback',
-    'access arguments' => array(FEDORA_VIEW_DATASTREAMS, 2, 4),
+    'access arguments' => array(FEDORA_VIEW_OBJECTS, 2, 4),
    'load arguments' => array(2),
  );
  $items['islandora/object/%islandora_object/datastream/%islandora_datastream/edit'] = array(
@ -252,9 +252,9 @@ function islandora_permission() {
      'title' => t('View repository objects'),
      'description' => t('View objects in the repository. Note: Fedora XACML security policies may override this permission.')
    ),
-    FEDORA_VIEW_DATASTREAMS => array(
-      'title' => t('View repository object datastreams'),
-      'description' => t('View datastreams of objects in the repository. Note: Fedora XACML security policies may override this permission.')
+    FEDORA_MANAGE_DATASTREAMS => array(
+      'title' => t('Manage repository object datastreams'),
+      'description' => t('Manage datastreams of objects in the repository. Note: Fedora XACML security policies may override this permission.')
    ),
    FEDORA_ADD_DS => array(
      'title' => t('Add datastreams to repository objects'),
@ -302,8 +302,8 @@ function islandora_forms($form_id) {
 * @see islandora_object_load() To find potential solutions to enable
 *   page not found errors.
 *
- * @param string $perms
- *   Array of user permission to test for.
+ * @param string $perm
+ *   User permission to test for.
 * @param FedoraObject $object
 *   The object to test, if NULL given the object doesn't exist or is
 *   inaccessible.
@ -311,7 +311,7 @@ function islandora_forms($form_id) {
 * @return boolean
 *   TRUE if the user is allowed to access this object, FALSE otherwise.
 */
-function islandora_object_access_callback($perms, $object = NULL) {
+function islandora_object_access_callback($perm, $object = NULL) {
  module_load_include('inc', 'islandora', 'includes/utilities');

  if (!$object && !islandora_describe_repository()) {
@ -319,14 +319,7 @@ function islandora_object_access_callback($perms, $object = NULL) {
    return FALSE;
  }

-  // Check to see if user has one of any of the allowable permissions
-  $has_access = FALSE;
-
-  for ($i = 0; $i < count($perms) && !$has_access; $i++) {
-    $has_access = $has_access || user_access($perms[$i]);
-  }
-
-  return $has_access && is_object($object) && islandora_namespace_accessible($object->id);
+  return user_access($perm) && is_object($object) && islandora_namespace_accessible($object->id);
 }

 /**
@ -356,6 +349,41 @@ function islandora_object_datastream_access_callback($perm, $object = NULL, $dat
  return user_access($perm) && is_object($object) && islandora_namespace_accessible($object->id) && is_object($datastream);
 }

+/**
+ * Checks whether the user can access the given object's manage tab
+ * with the given array of permissions.
+ *
+ * Checks for object existance, accessiblitly, namespace permissions,
+ * and user permissions
+ *
+ * @see islandora_object_load() To find potential solutions to enable
+ *   page not found errors.
+ *
+ * @param array $perms
+ *   Array of user permission to test for.
+ * @param FedoraObject $object
+ *   The object to test, if NULL given the object doesn't exist or is
+ *   inaccessible.
+ *
+ * @return boolean
+ *   TRUE if the user is allowed to access this object, FALSE otherwise.
+ */
+function islandora_object_manage_access_callback($perms, $object = NULL) {
+  module_load_include('inc', 'islandora', 'includes/utilities');
+
+  if (!$object && !islandora_describe_repository()) {
+    islandora_display_repository_inaccessible_message();
+    return FALSE;
+  }
+
+  $has_access = FALSE;
+  for ($i = 0; $i < count($perms) && !$has_access; $i++) {
+    $has_access = $has_access || user_access($perms[$i]);
+  }
+
+  return $has_access && is_object($object) && islandora_namespace_accessible($object->id);
+}
+
 /**
 * Renders the given objects manage page.
 *