From 8d8a97fccbcce90d1f5275b716a30e317a025afb Mon Sep 17 00:00:00 2001
From: Rosie Le Faive <lefaive@gmail.com>
Date: Thu, 17 Aug 2017 18:06:35 -0300
Subject: [PATCH] Use a toggle.

---
 includes/admin.form.inc             |  6 ++++++
 includes/object_properties.form.inc |  4 ++--
 islandora.install                   | 16 +---------------
 islandora.module                    | 15 +++++++++------
 4 files changed, 18 insertions(+), 23 deletions(-)

diff --git a/includes/admin.form.inc b/includes/admin.form.inc
index 6736596b..4259c956 100644
--- a/includes/admin.form.inc
+++ b/includes/admin.form.inc
@@ -138,6 +138,12 @@ function islandora_repository_admin(array $form, array &$form_state) {
           '#description' => t('During the ingest workflow, make the OBJ file upload step mandatory.'),
           '#default_value' => variable_get('islandora_require_obj_upload', TRUE),
         ),
+        'islandora_deny_inactive_and_deleted' => array(
+          '#type' => 'checkbox',
+          '#title' => t('Lock down inactive and deleted objects.'),
+          '#description' => t('Deny access to inactive or deleted objects using a separate permission than for active objects.'),
+          '#default_value' => variable_get('islandora_deny_inactive_and_deleted', FALSE),
+        ),
       ),
       'islandora_namespace' => array(
         '#type' => 'fieldset',
diff --git a/includes/object_properties.form.inc b/includes/object_properties.form.inc
index b7ab99a2..85a98342 100644
--- a/includes/object_properties.form.inc
+++ b/includes/object_properties.form.inc
@@ -118,7 +118,7 @@ function islandora_object_properties_form_submit(array $form, array &$form_state
   }
   else {
     // Confirm if user is about to lock themselves out of this object.
-    if (in_array($form_state['values']['object_state'], array('I', 'D'))) {
+    if (variable_get('islandora_deny_inactive_and_deleted', FALSE) && in_array($form_state['values']['object_state'], array('I', 'D'))) {
       if ($form_state['object']->state == 'A') {
         if (!user_access(ISLANDORA_ACCESS_INACTIVE_AND_DELETED_OBJECTS)) {
           $form_state['islandora']['needs_confirmation'] = TRUE;
@@ -240,7 +240,7 @@ function islandora_object_properties_regenerate_derivatives(array $form, array &
  * @param array $form_state
  *   The Drupal form state.
  */
-function islandora_object_properties_confirm_form(&$form_state) {
+function islandora_object_properties_confirm_form(array &$form_state) {
   $desc = t('You do not have permission to view Inactive or Deleted objects, so you will no longer be able to view or manage this object. Are you sure?');
   $path = "islandora/object/{$form_state['object']->id}/manage/properties";
   return confirm_form(array(),
diff --git a/islandora.install b/islandora.install
index 2ee4eda4..ef3c570f 100644
--- a/islandora.install
+++ b/islandora.install
@@ -60,6 +60,7 @@ function islandora_uninstall() {
     'islandora_require_obj_upload',
     'islandora_breadcrumbs_backends',
     'islandora_render_context_ingeststep',
+    'islandora_deny_inactive_and_deleted',
   );
   array_walk($variables, 'variable_del');
 }
@@ -132,18 +133,3 @@ function islandora_update_7001(&$sandbox) {
   $t = get_t();
   return $t("Islandora database updates complete");
 }
-
-/**
- * Implements hook_update_N().
- *
- * Add default permissions for viewing inactive or deleted objects.
- * Match permissions for viewing all objects.
- */
-function islandora_update_7002(&$sandbox) {
-  $t = get_t();
-  return $t("A new permission 'view inactive or deleted objects' has been added 
-   to the system, and these objects can no longer be viewed by someone without 
-   this permission. If you have users who need to view inactive or deleted 
-   objects please add the new permission to appropriate roles. This is 
-   especially important for sites using the 'Islandora Simple Workflow' module");
-}
diff --git a/islandora.module b/islandora.module
index 4b93fffb..7889946f 100644
--- a/islandora.module
+++ b/islandora.module
@@ -579,7 +579,7 @@ function islandora_theme() {
  * Implements hook_permission().
  */
 function islandora_permission() {
-  return array(
+  $permissions = array(
     ISLANDORA_VIEW_OBJECTS => array(
       'title' => t('View repository objects'),
       'description' => t('View objects in the repository. Note: Fedora XACML security policies may override this permission.'),
@@ -612,10 +612,6 @@ function islandora_permission() {
       'title' => t('Revert datastream history'),
       'description' => t('Revert to a previous version of a datastream.'),
     ),
-    ISLANDORA_ACCESS_INACTIVE_AND_DELETED_OBJECTS => array(
-      'title' => t('Access inactive and deleted objects'),
-      'description' => t('Access objects with a Fedora state of Inactive or Deleted'),
-    ),
     ISLANDORA_MANAGE_DELETED_OBJECTS => array(
       'title' => t('Manage deleted objects'),
       'description' => t('Purge or revert deleted objects.'),
@@ -629,6 +625,13 @@ function islandora_permission() {
       'description' => t('Add new datastream content as latest version.'),
     ),
   );
+  if (variable_get('islandora_deny_inactive_and_deleted', FALSE)) {
+    $permissions[ISLANDORA_ACCESS_INACTIVE_AND_DELETED_OBJECTS] = array(
+      'title' => t('Access inactive and deleted objects'),
+      'description' => t('Access objects with a Fedora state of Inactive or Deleted.'),
+    );
+  }
+  return $permissions;
 }
 
 /**
@@ -1690,7 +1693,7 @@ function islandora_object_access($op, $object, $user = NULL) {
  */
 function islandora_islandora_object_access($op, $object, $user) {
   module_load_include('inc', 'islandora', 'includes/utilities');
-  if ($object->state != 'A') {
+  if (($object->state != 'A') && variable_get('islandora_deny_inactive_and_deleted', FALSE)) {
     return islandora_namespace_accessible($object->id) && user_access($op, $user) && user_access(ISLANDORA_ACCESS_INACTIVE_AND_DELETED_OBJECTS, $user);
   }
   else {