Browse Source

Get rid of non-strict policy enforcement.

pull/352/head
Adam Vessey 12 years ago
parent
commit
6f9b7b877a
  1. 7
      includes/admin.form.inc
  2. 21
      islandora.module

7
includes/admin.form.inc

@ -108,13 +108,6 @@ function islandora_repository_admin(array $form, array &$form_state) {
'#required' => TRUE, '#required' => TRUE,
); );
$form['islandora_tabs']['islandora_general']['islandora_strict_user_access_enforcement'] = array(
'#type' => 'checkbox',
'#title' => t('Strict User Access Enforcement'),
'#description' => t('Restrict permissions to the result of user_access(); other modules will be able to deny things, but other modules will not be able to allow operations not allowed via Drupal permissions.'),
'#default_value' => variable_get('islandora_strict_user_access_enforcement', TRUE),
);
$form['islandora_tabs']['islandora_namespace'] = array( $form['islandora_tabs']['islandora_namespace'] = array(
'#type' => 'fieldset', '#type' => 'fieldset',
'#title' => t('Namespaces'), '#title' => t('Namespaces'),

21
islandora.module

@ -1205,28 +1205,13 @@ function islandora_object_access($op, $object, $user = NULL) {
/** /**
* Implements hook_islandora_object_access(). * Implements hook_islandora_object_access().
* *
* Denies according to PID namespace restrictions, passes according to * Denies according to PID namespace restrictions, then passes or denies
* user_access(), and makes no indication if namespace restrictions passed but * according to core Drupal permissions according to user_access().
* user_access() returned a fail, to allow other modules to allow an operation.
*/ */
function islandora_islandora_object_access($op, $object, $user) { function islandora_islandora_object_access($op, $object, $user) {
module_load_include('inc', 'islandora', 'includes/utilities'); module_load_include('inc', 'islandora', 'includes/utilities');
$to_return = islandora_namespace_accessible($object->id);
$user_access_result = user_access($op, $user); return islandora_namespace_accessible($object->id) && user_access($op, $user);
if ($to_return && $user_access_result) {
// Straight Drupal permissions, let's allow it.
return TRUE;
}
elseif ($to_return === FALSE || (variable_get('islandora_strict_user_access_enforcement', TRUE) && !$user_access_result)) {
// PID namespace is outside of those allowed. Forbid!
return FALSE;
}
else {
// Neither allowing of forbidding, to allow other modules to override.
return NULL;
}
} }
/** /**

Loading…
Cancel
Save