@ -108,6 +108,13 @@ function islandora_repository_admin(array $form, array &$form_state) {
'#required' => TRUE,
);
$form['islandora_tabs']['islandora_general']['islandora_strict_user_access_enforcement'] = array(
'#type' => 'checkbox',
'#title' => t('Strict User Access Enforcement'),
'#description' => t('Restrict permissions to the result of user_access(); other modules will be able to deny things, but other modules will not be able to allow operations not allowed via Drupal permissions.'),
'#default_value' => variable_get('islandora_strict_user_access_enforcement', TRUE),
$form['islandora_tabs']['islandora_namespace'] = array(
'#type' => 'fieldset',
'#title' => t('Namespaces'),
@ -1181,11 +1181,13 @@ function islandora_islandora_object_access($op, $object, $user) {
module_load_include('inc', 'islandora', 'includes/utilities');
$to_return = islandora_namespace_accessible($object->id);
if ($to_return && user_access($op, $user)) {
$user_access_result = user_access($op, $user);
if ($to_return && $user_access_result) {
// Straight Drupal permissions, let's allow it.
return TRUE;
}
elseif ($to_return === FALSE) {
elseif ($to_return === FALSE || variable_get('islandora_strict_user_access_enforcement', TRUE) && !$user_access_result) {
// PID namespace is outside of those allowed. Forbid!
return FALSE;