Merge 1e2e183602 into 367e5772db

ObjectHelper.inc

@@ -93,7 +93,7 @@ class ObjectHelper {
       return ' ';
     }
 
-    if (!fedora_repository_check_perm(OBJECTHELPER :: $OBJECT_HELPER_VIEW_FEDORA, $pid, $user)) {
+    if (!fedora_repository_check_perm(OBJECTHELPER :: $OBJECT_HELPER_VIEW_FEDORA, $pid, $user, FALSE, $dsID)) {
       drupal_set_message(t("You do not have access Fedora objects within the attempted namespace."), 'error');
       drupal_access_denied();
       return ' ';
@@ -148,6 +148,7 @@ class ObjectHelper {
           'query' => $query_options,
         ));
       }
+
       $ch = curl_init($url);
 
       $user_agent = "Mozilla/4.0 pp(compatible; MSIE 5.01; Windows NT 5.0)";
@@ -215,7 +216,6 @@ class ObjectHelper {
           }
 
           $effective_url = $info['url'];
-          //dd($info, 'header/nobody info');
           if ($url !== $effective_url) { //Handle redirect streams (the final URL is not the same as the Fedora URL)
 
             //Add the parameters passed to Drupal, leaving out the 'q'
@@ -298,7 +298,7 @@ class ObjectHelper {
       drupal_set_message(t('You must specify an object pid and datastream ID.'), 'error');
       return '';
     }
-    if (!fedora_repository_check_perm(ObjectHelper :: $OBJECT_HELPER_VIEW_FEDORA, $pid, $user)) {
+    if (!fedora_repository_check_perm(ObjectHelper :: $OBJECT_HELPER_VIEW_FEDORA, $pid, $user, FALSE, $dsID)) {
       drupal_set_message(t('You do not have the appropriate permissions'), 'error');
       return;
     }
@@ -333,7 +333,7 @@ class ObjectHelper {
       drupal_set_message(t('You must specify an object pid and datastream ID.'), 'error');
       return '';
     }
-    if (!fedora_repository_check_perm(ObjectHelper :: $OBJECT_HELPER_VIEW_FEDORA, $pid, $user)) {
+    if (!fedora_repository_check_perm(ObjectHelper :: $OBJECT_HELPER_VIEW_FEDORA, $pid, $user, FALSE, $dsID)) {
       drupal_set_message(t('You do not have the appropriate permissions'), 'error');
       return;
     }
@@ -1104,4 +1104,3 @@ EOQ;
     }
   }
 }
-

fedora_repository.api.php

@@ -144,12 +144,15 @@ function hook_fedora_repository_can_ingest($collection_pid) {
  *   given by user_load or the $user global).  The (default) value of NULL will
  *   cause permissions to be evaluated for the current user (from the $user
  *   global).
+ * @param string $dsid
+ *  A string containing the Fedora object datastream ID on which the operation is to be
+ *   performed.
  *
  * @return boolean|null
  *   Either a boolean permitting (TRUE) or forbidding (FALSE) an operation, or
  *   NULL to make no assertion.
  */
-function hook_fedora_repository_check_perm($op, $pid = NULL, $as_user = NULL) {
+function hook_fedora_repository_check_perm($op, $pid = NULL, $as_user = NULL, $dsid = NULL) {
   return NULL;
 }
 

fedora_repository.module

@@ -962,7 +962,7 @@ function makeObject($pid, $dsID) {
     return ' ';
   }
   global $user, $conf;
-  if (!fedora_repository_check_perm(OBJECTHELPER :: $OBJECT_HELPER_VIEW_FEDORA, $pid, $user)) {
+  if (!fedora_repository_check_perm(OBJECTHELPER :: $OBJECT_HELPER_VIEW_FEDORA, $pid, $user, FALSE, $dsID)) {
     drupal_access_denied();
     return;
     drupal_set_message(t("You do not have access to Fedora objects within the attempted namespace."), 'error');
@@ -1109,7 +1109,7 @@ function fedora_repository_get_items($pid = NULL, $dsId = NULL, $collection = NU
     drupal_set_message(t("Invalid dsID!"), 'error');
     return ' ';
   }
-  if (!fedora_repository_check_perm(OBJECTHELPER::$OBJECT_HELPER_VIEW_FEDORA, $pid, $user)) {
+  if (!fedora_repository_check_perm(OBJECTHELPER::$OBJECT_HELPER_VIEW_FEDORA, $pid, $user, FALSE, $dsId)) {
     if (user_access('access administration pages')) {
       drupal_set_message(t("PIDs may be added to allowed namespaces, or all namespace restrictions removed !here", array('!here' => l('here', 'admin/settings/fedora_repository'))), 'warning');
     }
@@ -1698,12 +1698,14 @@ function fedora_repository_access() {
  *   An account to check the permission on, or NULL to use the current user.
  * @param boolean $reset_cache
  *   A boolean to reset the static cache, if required in long-running processes.
+ * @param string|null $dsid
+ *   A dsid to check, or NULL to use object level check.
  *
  * @return boolean
  *   A boolean indicating if the operation should be permitted (TRUE) or denied
  *   (FALSE).
  */
-function fedora_repository_check_perm($op, $pid = NULL, $as_user = NULL, $reset_cache = FALSE) {
+function fedora_repository_check_perm($op, $pid = NULL, $as_user = NULL, $reset_cache = FALSE, $dsid = NULL) {
   static $cache = array();
 
   if ($reset_cache) {
@@ -1717,13 +1719,19 @@ function fedora_repository_check_perm($op, $pid = NULL, $as_user = NULL, $reset_
     global $user;
     $as_user = $user;
   }
-
+  if ($dsid) {
+    $results = module_invoke_all('fedora_repository_check_perm', $op, $pid, $as_user, $dsid);
+    return (!in_array(FALSE, $results, TRUE) && in_array(TRUE, $results, TRUE));
+  }
+  else {
     // Populate the cache on a miss.
     if (!isset($cache[$op][$pid][$as_user->uid])) {
       $results = module_invoke_all('fedora_repository_check_perm', $op, $pid, $as_user);
       // Nothing returned FALSE, and something returned TRUE.
       $cache[$op][$pid][$as_user->uid] = (!in_array(FALSE, $results, TRUE) && in_array(TRUE, $results, TRUE));
     }
+  }
+
 
   return $cache[$op][$pid][$as_user->uid];
 }