From 861ef05951f0f4465b9d8ec43ed49d191868dddf Mon Sep 17 00:00:00 2001
From: mroy <umroymr@cc.umanitoba.ca>
Date: Tue, 14 Dec 2010 13:57:22 -0600
Subject: [PATCH] Added content model checks in makeObject(...)  Added new
 restriction option to the fedora collection list settings page that allows
 you to enable/disable restrcitions.  Defaults to restrict for security.

---
 ObjectHelper.inc | 17 ++++++++++++++++-
 formClass.inc    | 21 ++++++++++++++-------
 2 files changed, 30 insertions(+), 8 deletions(-)

diff --git a/ObjectHelper.inc b/ObjectHelper.inc
index 7520907c..ab4cb617 100644
--- a/ObjectHelper.inc
+++ b/ObjectHelper.inc
@@ -54,13 +54,28 @@ class ObjectHelper {
       return ' ';
     }
 
-
     if (!fedora_repository_access(OBJECTHELPER :: $OBJECT_HELPER_VIEW_FEDORA, $pid, $user)) {
       drupal_set_message(t("You do not have access Fedora objects within the attempted namespace."), 'error');
       drupal_access_denied();
       return ' ';
     } 
 
+    
+    if (variable_get('fedora_object_restrict_datastreams', TRUE) == TRUE ) {    
+      if (($cm = ContentModel::loadFromObject($pid)) == FALSE) {
+	drupal_set_message(t("You do not have access to objects without an Islandora Content Model."), 'error');
+	drupal_access_denied();
+	return ' ';
+      }
+
+      $cmDatastreams = $cm->listDatastreams();
+      if ( !((isset($user) && in_array('administrator',$user->roles)) || in_array($dsID,$cmDatastreams))) {
+	drupal_set_message(t("You do not have access to the specified datastream."), 'error');
+	drupal_access_denied();
+	return ' ';
+      }
+    }
+
     module_load_include('inc', 'fedora_repository', 'api/fedora_item');
     $item = new Fedora_Item($pid);
 
diff --git a/formClass.inc b/formClass.inc
index 6e0161fd..e9995a90 100644
--- a/formClass.inc
+++ b/formClass.inc
@@ -361,13 +361,13 @@ class formClass {
       );
      */
 
-		$form['fedora_object_display_title'] = array(
-			'#type' => 'select',
-			'#title' => t('Display Object Title Behaviour'),
-			'#default_value'=> variable_get('fedora_object_display_title', ObjectHelper::$DISPLAY_ALWAYS),
-			'#options' => array(ObjectHelper::$DISPLAY_ALWAYS=>t('Always'),ObjectHelper::$DISPLAY_NEVER=>t('Never'),ObjectHelper::$DISPLAY_NO_MODEL_OUTPUT=>t('Only if no Content Model display output.')),
-			'#description' => t('Determines when to display the object (or collection) title when viewing an object/collection page.'),
-		);
+    $form['fedora_object_display_title'] = array(
+	    '#type' => 'select',
+	    '#title' => t('Display Object Title Behaviour'),
+	    '#default_value'=> variable_get('fedora_object_display_title', ObjectHelper::$DISPLAY_ALWAYS),
+	    '#options' => array(ObjectHelper::$DISPLAY_ALWAYS=>t('Always'),ObjectHelper::$DISPLAY_NEVER=>t('Never'),ObjectHelper::$DISPLAY_NO_MODEL_OUTPUT=>t('Only if no Content Model display output.')),
+	    '#description' => t('Determines when to display the object (or collection) title when viewing an object/collection page.'),
+    );
 
 
     $form['fedora_object_display_description'] = array(
@@ -377,6 +377,13 @@ class formClass {
       '#options' => array(ObjectHelper::$DISPLAY_ALWAYS=>t('Always'),ObjectHelper::$DISPLAY_NEVER=>t('Never'),ObjectHelper::$DISPLAY_NO_MODEL_OUTPUT=>t('Only if no Content Model display output.')),
       '#description' => t('Determines when to display the default object (or collection) description fieldset when viewing an object/collection page.'),
     );
+    
+    $form['fedora_object_restrict_datastreams'] = array(
+      '#type' => 'checkbox',
+      '#title' => t('Restrict Access to Fedora Object Datastreams'),
+      '#default_value'=> variable_get('fedora_object_restrict_datastreams', TRUE),
+      '#description' => t('When enabled, restricts access to fedora object datastreams that are not listed in the Islandora Content Model for the object (unless the user is an administrator).'),
+    );    
 
     $form['fedora_collection_display_list'] = array(
       '#type' => 'select',