Code
/
islandora
7
0
Fork 0
Code Issues Pull Requests 1 Projects Releases Wiki Activity
Browse Source

Get rid of non-strict policy enforcement.

pull/352/head
Adam Vessey 12 years ago
parent
344a405894
commit
6f9b7b877a
2 changed files with 3 additions and 25 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 7
      includes/admin.form.inc
  2. 21
      islandora.module

7
includes/admin.form.inc
Unescape View File

@ -108,13 +108,6 @@ function islandora_repository_admin(array $form, array &$form_state) {
'#required' => TRUE,
);
$form['islandora_tabs']['islandora_general']['islandora_strict_user_access_enforcement'] = array(
'#type' => 'checkbox',
'#title' => t('Strict User Access Enforcement'),
'#description' => t('Restrict permissions to the result of user_access(); other modules will be able to deny things, but other modules will not be able to allow operations not allowed via Drupal permissions.'),
'#default_value' => variable_get('islandora_strict_user_access_enforcement', TRUE),
);
$form['islandora_tabs']['islandora_namespace'] = array(
'#type' => 'fieldset',
'#title' => t('Namespaces'),

21
islandora.module
Unescape View File

@ -1205,28 +1205,13 @@ function islandora_object_access($op, $object, $user = NULL) {
/**
* Implements hook_islandora_object_access().
*
* Denies according to PID namespace restrictions, passes according to
* user_access(), and makes no indication if namespace restrictions passed but
* user_access() returned a fail, to allow other modules to allow an operation.
* Denies according to PID namespace restrictions, then passes or denies
* according to core Drupal permissions according to user_access().
*/
function islandora_islandora_object_access($op, $object, $user) {
module_load_include('inc', 'islandora', 'includes/utilities');
$to_return = islandora_namespace_accessible($object->id);
$user_access_result = user_access($op, $user);
if ($to_return && $user_access_result) {
// Straight Drupal permissions, let's allow it.
return TRUE;
}
elseif ($to_return === FALSE || (variable_get('islandora_strict_user_access_enforcement', TRUE) && !$user_access_result)) {
// PID namespace is outside of those allowed. Forbid!
return FALSE;
}
else {
// Neither allowing of forbidding, to allow other modules to override.
return NULL;
}
return islandora_namespace_accessible($object->id) && user_access($op, $user);
}
/**

Write Preview
Loading…
Cancel
Save