diff --git a/islandora.module b/islandora.module index 3bb2f92d..b649fcb0 100644 --- a/islandora.module +++ b/islandora.module @@ -26,13 +26,13 @@ define('DS_COMP_STREAM', 'DS-COMPOSITE-MODEL'); // Permissions -define('FEDORA_VIEW', 'view fedora repository'); +define('FEDORA_VIEW_OBJECTS', 'view fedora repository objects'); +define('FEDORA_MANAGE_DATASTREAMS', 'view fedora repository datastreams'); define('FEDORA_METADATA_EDIT', 'edit fedora metadata'); define('FEDORA_ADD_DS', 'add fedora datastreams'); define('FEDORA_INGEST', 'ingest fedora objects'); define('FEDORA_PURGE', 'delete fedora objects and datastreams'); define('FEDORA_MANAGE_PROPERTIES', 'manage object properties'); -define('FEDORA_MANAGE', 'manage fedora items'); // Hooks define('ISLANDORA_VIEW_HOOK', 'islandora_view_object'); @@ -82,7 +82,7 @@ function islandora_menu() { 'title' => 'Islandora Repository', 'page callback' => 'islandora_view_default_object', 'type' => MENU_NORMAL_ITEM, - 'access arguments' => array(FEDORA_VIEW), + 'access arguments' => array(FEDORA_VIEW_OBJECTS), ); $items['islandora/object/%islandora_object'] = array( 'title' => 'Repository', @@ -90,7 +90,7 @@ function islandora_menu() { 'page arguments' => array(2), 'type' => MENU_NORMAL_ITEM, 'access callback' => 'islandora_object_access_callback', - 'access arguments' => array(FEDORA_VIEW, 2), + 'access arguments' => array(FEDORA_VIEW_OBJECTS, 2), ); $items['islandora/object/%islandora_object/view'] = array( 'title' => 'View', @@ -107,8 +107,8 @@ function islandora_menu() { 'page callback' => 'islandora_edit_object', 'page arguments' => array(2), 'type' => MENU_LOCAL_TASK, - 'access callback' => 'islandora_object_access_callback', - 'access arguments' => array(FEDORA_MANAGE, 2), + 'access callback' => 'islandora_object_manage_access_callback', + 'access arguments' => array(array(FEDORA_MANAGE_DATASTREAMS, FEDORA_MANAGE_PROPERTIES, FEDORA_ADD_DS), 2), ); $items['islandora/object/%islandora_object/manage/datastreams'] = array( 'title' => 'Datastreams', @@ -158,7 +158,7 @@ function islandora_menu() { 'type' => MENU_CALLBACK, 'file' => 'includes/datastream.inc', 'access callback' => 'islandora_object_datastream_access_callback', - 'access arguments' => array(FEDORA_VIEW, 2, 4), + 'access arguments' => array(FEDORA_VIEW_OBJECTS, 2, 4), 'load arguments' => array(2), ); // This menu item uses token authentication in islandora_tokened_object. @@ -174,7 +174,7 @@ function islandora_menu() { 'type' => MENU_CALLBACK, 'file' => 'includes/datastream.inc', 'access callback' => 'islandora_object_datastream_access_callback', - 'access arguments' => array(FEDORA_VIEW, 2, 4), + 'access arguments' => array(FEDORA_VIEW_OBJECTS, 2, 4), 'load arguments' => array(2), ); $items['islandora/object/%islandora_object/datastream/%islandora_datastream/edit'] = array( @@ -248,9 +248,13 @@ function islandora_theme() { */ function islandora_permission() { return array( - FEDORA_VIEW => array( - 'title' => t('View repository objects and datastreams'), - 'description' => t('View objects in the repository and their associated datastreams. Note: Fedora XACML security policies may override this permission.') + FEDORA_VIEW_OBJECTS => array( + 'title' => t('View repository objects'), + 'description' => t('View objects in the repository. Note: Fedora XACML security policies may override this permission.') + ), + FEDORA_MANAGE_DATASTREAMS => array( + 'title' => t('Manage repository object datastreams'), + 'description' => t('Manage datastreams of objects in the repository. Note: Fedora XACML security policies may override this permission.') ), FEDORA_ADD_DS => array( 'title' => t('Add datastreams to repository objects'), @@ -272,10 +276,6 @@ function islandora_permission() { 'title' => t('Manage object properties'), 'description' => t('Modify object labels, owner IDs, and states.') ), - FEDORA_MANAGE => array( - 'title' => t('View object management tabs'), - 'description' => t('View tabs that provide object management functions.') - ) ); } @@ -303,7 +303,7 @@ function islandora_forms($form_id) { * page not found errors. * * @param string $perm - * The user permission to test for. + * User permission to test for. * @param FedoraObject $object * The object to test, if NULL given the object doesn't exist or is * inaccessible. @@ -349,6 +349,41 @@ function islandora_object_datastream_access_callback($perm, $object = NULL, $dat return user_access($perm) && is_object($object) && islandora_namespace_accessible($object->id) && is_object($datastream); } +/** + * Checks whether the user can access the given object's manage tab + * with the given array of permissions. + * + * Checks for object existance, accessiblitly, namespace permissions, + * and user permissions + * + * @see islandora_object_load() To find potential solutions to enable + * page not found errors. + * + * @param array $perms + * Array of user permission to test for. + * @param FedoraObject $object + * The object to test, if NULL given the object doesn't exist or is + * inaccessible. + * + * @return boolean + * TRUE if the user is allowed to access this object, FALSE otherwise. + */ +function islandora_object_manage_access_callback($perms, $object = NULL) { + module_load_include('inc', 'islandora', 'includes/utilities'); + + if (!$object && !islandora_describe_repository()) { + islandora_display_repository_inaccessible_message(); + return FALSE; + } + + $has_access = FALSE; + for ($i = 0; $i < count($perms) && !$has_access; $i++) { + $has_access = $has_access || user_access($perms[$i]); + } + + return $has_access && is_object($object) && islandora_namespace_accessible($object->id); +} + /** * Renders the given objects manage page. *