|
|
@ -381,7 +381,7 @@ function islandora_forms($form_id) { |
|
|
|
* |
|
|
|
* |
|
|
|
* @global $user |
|
|
|
* @global $user |
|
|
|
* |
|
|
|
* |
|
|
|
* @param mixed $object |
|
|
|
* @param mixed $object_or_datastream |
|
|
|
* The AbstractObject or AbstractDatastream to test for accessibility, if NULL |
|
|
|
* The AbstractObject or AbstractDatastream to test for accessibility, if NULL |
|
|
|
* is given the object is assumed to not exist or be inaccessible. |
|
|
|
* is given the object is assumed to not exist or be inaccessible. |
|
|
|
* @param array $permissions |
|
|
|
* @param array $permissions |
|
|
@ -392,7 +392,7 @@ function islandora_forms($form_id) { |
|
|
|
* (optional) TRUE to grant access if any single requirement is met from both |
|
|
|
* (optional) TRUE to grant access if any single requirement is met from both |
|
|
|
* the permissions and content models parameters. FALSE if all requirements |
|
|
|
* the permissions and content models parameters. FALSE if all requirements |
|
|
|
* must be met from both the permissions and content model parameters. |
|
|
|
* must be met from both the permissions and content model parameters. |
|
|
|
* @param object $account |
|
|
|
* @param object $user |
|
|
|
* (optional) The account to check, if not given check the GET parameters for |
|
|
|
* (optional) The account to check, if not given check the GET parameters for |
|
|
|
* a token to restore the user. If no GET parameter is present use currently |
|
|
|
* a token to restore the user. If no GET parameter is present use currently |
|
|
|
* logged in user. |
|
|
|
* logged in user. |
|
|
@ -401,9 +401,10 @@ function islandora_forms($form_id) { |
|
|
|
* TRUE if the user is allowed to access this object/datastream, FALSE |
|
|
|
* TRUE if the user is allowed to access this object/datastream, FALSE |
|
|
|
* otherwise. |
|
|
|
* otherwise. |
|
|
|
*/ |
|
|
|
*/ |
|
|
|
function islandora_user_access($object, array $permissions, $content_models = array(), $access_any = TRUE, $account = NULL) { |
|
|
|
function islandora_user_access($object_or_datastream, array $permissions, $content_models = array(), $access_any = TRUE, $user = NULL) { |
|
|
|
module_load_include('inc', 'islandora', 'includes/utilities'); |
|
|
|
module_load_include('inc', 'islandora', 'includes/utilities'); |
|
|
|
$is_repository_accessible = &drupal_static(__FUNCTION__); |
|
|
|
$is_repository_accessible = &drupal_static(__FUNCTION__); |
|
|
|
|
|
|
|
|
|
|
|
// If the repository is inaccessible then access always fails. |
|
|
|
// If the repository is inaccessible then access always fails. |
|
|
|
if (!isset($is_repository_accessible)) { |
|
|
|
if (!isset($is_repository_accessible)) { |
|
|
|
$is_repository_accessible = islandora_describe_repository(); |
|
|
|
$is_repository_accessible = islandora_describe_repository(); |
|
|
@ -413,37 +414,39 @@ function islandora_user_access($object, array $permissions, $content_models = ar |
|
|
|
return FALSE; |
|
|
|
return FALSE; |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
if (!$is_repository_accessible || !is_object($object) || empty($permissions)) { |
|
|
|
if (!$is_repository_accessible || !is_object($object_or_datastream) || empty($permissions)) { |
|
|
|
return FALSE; |
|
|
|
return FALSE; |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// Determine what has been passed as $object. |
|
|
|
|
|
|
|
if (is_subclass_of($object_or_datastream, 'AbstractObject')) { |
|
|
|
|
|
|
|
$object = $object_or_datastream; |
|
|
|
|
|
|
|
$datastream = NULL; |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
elseif (is_subclass_of($object_or_datastream, 'AbstractDatastream')) { |
|
|
|
|
|
|
|
$datastream = $object_or_datastream; |
|
|
|
|
|
|
|
$object = $datastream->parent; |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
// Determine the user account to test against. |
|
|
|
// Determine the user account to test against. |
|
|
|
if (!isset($account)) { |
|
|
|
if (!isset($user)) { |
|
|
|
$token = filter_input(INPUT_GET, 'token', FILTER_SANITIZE_STRING); |
|
|
|
$token = filter_input(INPUT_GET, 'token', FILTER_SANITIZE_STRING); |
|
|
|
if ($token) { |
|
|
|
if ($token) { |
|
|
|
module_load_include('inc', 'islandora', 'includes/authtokens'); |
|
|
|
module_load_include('inc', 'islandora', 'includes/authtokens'); |
|
|
|
$user = islandora_validate_object_token($object->id, $datastream->id, $token); |
|
|
|
$token_user = islandora_validate_object_token($object->id, $datastream->id, $token); |
|
|
|
if ($user) { |
|
|
|
if ($user) { |
|
|
|
$account = user_load($user->uid); |
|
|
|
$user = user_load($token_user->uid); |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
else { |
|
|
|
else { |
|
|
|
global $user; |
|
|
|
global $user; |
|
|
|
$account = $user; |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
// Determine what has been passed as $object. |
|
|
|
|
|
|
|
if (is_subclass_of($object, 'AbstractObject')) { |
|
|
|
|
|
|
|
$datastream = NULL; |
|
|
|
|
|
|
|
// $object stays $object... |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
elseif (is_subclass_of($object, 'AbstractDatastream')) { |
|
|
|
|
|
|
|
$datastream = $object; |
|
|
|
|
|
|
|
$object = $datastream->parent; |
|
|
|
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
// Check for access. |
|
|
|
// Check for access. |
|
|
|
if ($access_any) { |
|
|
|
if ($access_any) { |
|
|
|
$has_required_permissions = function ($permissions, $datastream, $object, $user) { |
|
|
|
$has_required_content_models = empty($content_models) ? TRUE : count(array_intersect($object->models, $content_models)) > 0; |
|
|
|
|
|
|
|
if ($has_required_content_models) { |
|
|
|
foreach ($permissions as $p) { |
|
|
|
foreach ($permissions as $p) { |
|
|
|
if ($datastream !== NULL) { |
|
|
|
if ($datastream !== NULL) { |
|
|
|
$check = islandora_datastream_access($p, $datastream, $user); |
|
|
|
$check = islandora_datastream_access($p, $datastream, $user); |
|
|
@ -457,11 +460,11 @@ function islandora_user_access($object, array $permissions, $content_models = ar |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
return FALSE; |
|
|
|
return FALSE; |
|
|
|
}; |
|
|
|
} |
|
|
|
$has_required_content_models = empty($content_models) ? TRUE : count(array_intersect($object->models, $content_models)) > 0; |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
else { |
|
|
|
else { |
|
|
|
$has_required_permissions = function ($permissions, $datastream, $object, $user) { |
|
|
|
$has_required_content_models = count(array_diff($content_models, $object->models)) == 0; |
|
|
|
|
|
|
|
if ($has_required_content_models) { |
|
|
|
foreach ($permissions as $p) { |
|
|
|
foreach ($permissions as $p) { |
|
|
|
if ($datastream !== NULL) { |
|
|
|
if ($datastream !== NULL) { |
|
|
|
$check = islandora_datastream_access($p, $datastream, $user); |
|
|
|
$check = islandora_datastream_access($p, $datastream, $user); |
|
|
@ -474,13 +477,11 @@ function islandora_user_access($object, array $permissions, $content_models = ar |
|
|
|
return FALSE; |
|
|
|
return FALSE; |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
// Should already have failed if there are no $permissions. |
|
|
|
return TRUE; |
|
|
|
return TRUE; |
|
|
|
}; |
|
|
|
} |
|
|
|
$has_required_content_models = count(array_diff($content_models, $object->models)) == 0; |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
return FALSE; |
|
|
|
return $has_required_permissions($permissions, $datastream, $object, $account) && |
|
|
|
|
|
|
|
$has_required_content_models; |
|
|
|
|
|
|
|
} |
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
/** |
|
|
|
/** |
|
|
|