Browse Source

ISLANDORA-1985 Add a permission to access inactive or deleted objects. (#677)

* ISLANDORA-1985 Add a permission to access inactive or deleted objects.

* Update hook grants permission to whoever can currently view objects.

* Add warning message for user locking themselves out.

* Coding standards.

* More coding standards.

* Use t() function in confirmation form.

* Change update hook to not update permissions; warn only.

* Code sniffer, you so picky.

* Use a toggle.

* Simplify logic for clarity.
pull/636/merge
Rosemary Le Faive 7 years ago committed by Diego Pino Navarro
parent
commit
4f3aefd5ec
  1. 6
      includes/admin.form.inc
  2. 36
      includes/object_properties.form.inc
  3. 1
      islandora.install
  4. 17
      islandora.module

6
includes/admin.form.inc

@ -138,6 +138,12 @@ function islandora_repository_admin(array $form, array &$form_state) {
'#description' => t('During the ingest workflow, make the OBJ file upload step mandatory.'),
'#default_value' => variable_get('islandora_require_obj_upload', TRUE),
),
'islandora_deny_inactive_and_deleted' => array(
'#type' => 'checkbox',
'#title' => t('Lock down inactive and deleted objects.'),
'#description' => t('Deny access to inactive or deleted objects using a separate permission than for active objects.'),
'#default_value' => variable_get('islandora_deny_inactive_and_deleted', FALSE),
),
),
'islandora_namespace' => array(
'#type' => 'fieldset',

36
includes/object_properties.form.inc

@ -19,6 +19,9 @@
* The drupal form definition.
*/
function islandora_object_properties_form(array $form, array &$form_state, AbstractObject $object) {
if (isset($form_state['islandora']['needs_confirmation'])) {
return islandora_object_properties_confirm_form($form_state);
}
$form_state['object'] = $object;
$temp = islandora_invoke_hook_list(ISLANDORA_UPDATE_RELATED_OBJECTS_PROPERTIES_HOOK, $object->models, array($object));
$related_objects_pids = array();
@ -110,6 +113,22 @@ function islandora_object_properties_form(array $form, array &$form_state, Abstr
* The Drupal form state.
*/
function islandora_object_properties_form_submit(array $form, array &$form_state) {
if (isset($form_state['islandora']['needs_confirmation'])) {
$form_state['values'] = $form_state['islandora']['values'];
}
else {
// Confirm if user is about to lock themselves out of this object.
if (variable_get('islandora_deny_inactive_and_deleted', FALSE) && in_array($form_state['values']['object_state'], array('I', 'D'))) {
if ($form_state['object']->state == 'A') {
if (!user_access(ISLANDORA_ACCESS_INACTIVE_AND_DELETED_OBJECTS)) {
$form_state['islandora']['needs_confirmation'] = TRUE;
$form_state['islandora']['values'] = $form_state['values'];
$form_state['rebuild'] = TRUE;
return;
}
}
}
}
$object = $form_state['object'];
$owner = $form_state['values']['object_owner'];
$state = $form_state['values']['object_state'];
@ -214,3 +233,20 @@ function islandora_update_object_properties($pid, $update_states, $state, $updat
function islandora_object_properties_regenerate_derivatives(array $form, array &$form_state) {
drupal_goto("islandora/object/{$form_state['object']}/regenerate");
}
/**
* Confirmation form for object properties admin form.
*
* @param array $form_state
* The Drupal form state.
*/
function islandora_object_properties_confirm_form(array &$form_state) {
$desc = t('You do not have permission to view Inactive or Deleted objects, so you will no longer be able to view or manage this object. Are you sure?');
$path = "islandora/object/{$form_state['object']->id}/manage/properties";
return confirm_form(array(),
t('Are you sure you want to set the object state?'),
$path,
$desc,
t('Continue'),
t('Cancel'));
}

1
islandora.install

@ -60,6 +60,7 @@ function islandora_uninstall() {
'islandora_require_obj_upload',
'islandora_breadcrumbs_backends',
'islandora_render_context_ingeststep',
'islandora_deny_inactive_and_deleted',
);
array_walk($variables, 'variable_del');
}

17
islandora.module

@ -34,6 +34,7 @@ define('ISLANDORA_INGEST', 'ingest fedora objects');
define('ISLANDORA_PURGE', 'delete fedora objects and datastreams');
define('ISLANDORA_MANAGE_PROPERTIES', 'manage object properties');
define('ISLANDORA_VIEW_DATASTREAM_HISTORY', 'view old datastream versions');
define('ISLANDORA_ACCESS_INACTIVE_AND_DELETED_OBJECTS', 'access inactive and deleted objects');
define('ISLANDORA_MANAGE_DELETED_OBJECTS', 'manage deleted objects');
define('ISLANDORA_REVERT_DATASTREAM', 'revert to old datastream');
define('ISLANDORA_REGENERATE_DERIVATIVES', 'regenerate derivatives for an object');
@ -578,7 +579,7 @@ function islandora_theme() {
* Implements hook_permission().
*/
function islandora_permission() {
return array(
$permissions = array(
ISLANDORA_VIEW_OBJECTS => array(
'title' => t('View repository objects'),
'description' => t('View objects in the repository. Note: Fedora XACML security policies may override this permission.'),
@ -624,6 +625,13 @@ function islandora_permission() {
'description' => t('Add new datastream content as latest version.'),
),
);
if (variable_get('islandora_deny_inactive_and_deleted', FALSE)) {
$permissions[ISLANDORA_ACCESS_INACTIVE_AND_DELETED_OBJECTS] = array(
'title' => t('Access inactive and deleted objects'),
'description' => t('Access objects with a Fedora state of Inactive or Deleted.'),
);
}
return $permissions;
}
/**
@ -1685,8 +1693,11 @@ function islandora_object_access($op, $object, $user = NULL) {
*/
function islandora_islandora_object_access($op, $object, $user) {
module_load_include('inc', 'islandora', 'includes/utilities');
return islandora_namespace_accessible($object->id) && user_access($op, $user);
$access = (islandora_namespace_accessible($object->id) && user_access($op, $user));
if (($object->state != 'A') && variable_get('islandora_deny_inactive_and_deleted', FALSE)) {
$access = ($access && user_access(ISLANDORA_ACCESS_INACTIVE_AND_DELETED_OBJECTS, $user));
}
return $access;
}
/**

Loading…
Cancel
Save