Merge 159f64c519 into 9e3ef60e21

islandora.module

@@ -26,13 +26,13 @@
 define('DS_COMP_STREAM', 'DS-COMPOSITE-MODEL');
 
 // Permissions
-define('FEDORA_VIEW', 'view fedora repository');
+define('FEDORA_VIEW_OBJECTS', 'view fedora repository objects');
+define('FEDORA_MANAGE_DATASTREAMS', 'view fedora repository datastreams');
 define('FEDORA_METADATA_EDIT', 'edit fedora metadata');
 define('FEDORA_ADD_DS', 'add fedora datastreams');
 define('FEDORA_INGEST', 'ingest fedora objects');
 define('FEDORA_PURGE', 'delete fedora objects and datastreams');
 define('FEDORA_MANAGE_PROPERTIES', 'manage object properties');
-define('FEDORA_MANAGE', 'manage fedora items');
 
 // Hooks
 define('ISLANDORA_VIEW_HOOK', 'islandora_view_object');
@@ -82,7 +82,7 @@ function islandora_menu() {
     'title' => 'Islandora Repository',
     'page callback' => 'islandora_view_default_object',
     'type' => MENU_NORMAL_ITEM,
-    'access arguments' => array(FEDORA_VIEW),
+    'access arguments' => array(FEDORA_VIEW_OBJECTS),
   );
   $items['islandora/object/%islandora_object'] = array(
     'title' => 'Repository',
@@ -90,7 +90,7 @@ function islandora_menu() {
     'page arguments' => array(2),
     'type' => MENU_NORMAL_ITEM,
     'access callback' => 'islandora_object_access_callback',
-    'access arguments' => array(FEDORA_VIEW, 2),
+    'access arguments' => array(FEDORA_VIEW_OBJECTS, 2),
   );
   $items['islandora/object/%islandora_object/view'] = array(
     'title' => 'View',
@@ -107,8 +107,8 @@ function islandora_menu() {
     'page callback' => 'islandora_edit_object',
     'page arguments' => array(2),
     'type' => MENU_LOCAL_TASK,
-    'access callback' => 'islandora_object_access_callback',
+    'access callback' => 'islandora_object_manage_access_callback',
-    'access arguments' => array(FEDORA_MANAGE, 2),
+    'access arguments' => array(array(FEDORA_MANAGE_DATASTREAMS, FEDORA_MANAGE_PROPERTIES, FEDORA_ADD_DS), 2),
   );
   $items['islandora/object/%islandora_object/manage/datastreams'] = array(
     'title' => 'Datastreams',
@@ -158,7 +158,7 @@ function islandora_menu() {
     'type' => MENU_CALLBACK,
     'file' => 'includes/datastream.inc',
     'access callback' => 'islandora_object_datastream_access_callback',
-    'access arguments' => array(FEDORA_VIEW, 2, 4),
+    'access arguments' => array(FEDORA_VIEW_OBJECTS, 2, 4),
     'load arguments' => array(2),
   );
   // This menu item uses token authentication in islandora_tokened_object.
@@ -174,7 +174,7 @@ function islandora_menu() {
     'type' => MENU_CALLBACK,
     'file' => 'includes/datastream.inc',
     'access callback' => 'islandora_object_datastream_access_callback',
-    'access arguments' => array(FEDORA_VIEW, 2, 4),
+    'access arguments' => array(FEDORA_VIEW_OBJECTS, 2, 4),
     'load arguments' => array(2),
   );
   $items['islandora/object/%islandora_object/datastream/%islandora_datastream/edit'] = array(
@@ -248,9 +248,13 @@ function islandora_theme() {
  */
 function islandora_permission() {
   return array(
-    FEDORA_VIEW => array(
+    FEDORA_VIEW_OBJECTS => array(
-      'title' => t('View repository objects and datastreams'),
+      'title' => t('View repository objects'),
-      'description' => t('View objects in the repository and their associated datastreams. Note: Fedora XACML security policies may override this permission.')
+      'description' => t('View objects in the repository. Note: Fedora XACML security policies may override this permission.')
+    ),
+    FEDORA_MANAGE_DATASTREAMS => array(
+      'title' => t('Manage repository object datastreams'),
+      'description' => t('Manage datastreams of objects in the repository. Note: Fedora XACML security policies may override this permission.')
     ),
     FEDORA_ADD_DS => array(
       'title' => t('Add datastreams to repository objects'),
@@ -272,10 +276,6 @@ function islandora_permission() {
       'title' => t('Manage object properties'),
       'description' => t('Modify object labels, owner IDs, and states.')
     ),
-    FEDORA_MANAGE => array(
-      'title' => t('View object management tabs'),
-      'description' => t('View tabs that provide object management functions.')
-    )
   );
 }
 
@@ -303,7 +303,7 @@ function islandora_forms($form_id) {
  *   page not found errors.
  *
  * @param string $perm
- *   The user permission to test for.
+ *   User permission to test for.
  * @param FedoraObject $object
  *   The object to test, if NULL given the object doesn't exist or is
  *   inaccessible.
@@ -349,6 +349,41 @@ function islandora_object_datastream_access_callback($perm, $object = NULL, $dat
   return user_access($perm) && is_object($object) && islandora_namespace_accessible($object->id) && is_object($datastream);
 }
 
+/**
+ * Checks whether the user can access the given object's manage tab
+ * with the given array of permissions.
+ *
+ * Checks for object existance, accessiblitly, namespace permissions,
+ * and user permissions
+ *
+ * @see islandora_object_load() To find potential solutions to enable
+ *   page not found errors.
+ *
+ * @param array $perms
+ *   Array of user permission to test for.
+ * @param FedoraObject $object
+ *   The object to test, if NULL given the object doesn't exist or is
+ *   inaccessible.
+ *
+ * @return boolean
+ *   TRUE if the user is allowed to access this object, FALSE otherwise.
+ */
+function islandora_object_manage_access_callback($perms, $object = NULL) {
+  module_load_include('inc', 'islandora', 'includes/utilities');
+
+  if (!$object && !islandora_describe_repository()) {
+    islandora_display_repository_inaccessible_message();
+    return FALSE;
+  }
+
+  $has_access = FALSE;
+  for ($i = 0; $i < count($perms) && !$has_access; $i++) {
+    $has_access = $has_access || user_access($perms[$i]);
+  }
+
+  return $has_access && is_object($object) && islandora_namespace_accessible($object->id);
+}
+
 /**
  * Renders the given objects manage page.
  *