Commit 93053d8c authored by klausi's avatar klausi

Patch by fago, dawehner: Apply entity access restrictions to Views field or...

Patch by fago, dawehner: Apply entity access restrictions to Views field or area plugin integration.
parent bf66bcd5
......@@ -379,6 +379,7 @@ class EntityDefaultViewsController {
$label = isset($this->info['plural label']) ? $this->info['plural label'] : $this->info['label'];
$data[$table]['table']['base'] = array(
'field' => $this->info['entity keys']['id'],
'access query tag' => $this->type . '_access',
'title' => drupal_ucfirst($label),
'help' => isset($this->info['description']) ? $this->info['description'] : '',
);
......
......@@ -10,6 +10,7 @@ class entity_views_handler_area_entity extends views_handler_area {
$options['entity_type'] = array('default' => 'node');
$options['entity_id'] = array('default' => '');
$options['view_mode'] = array('default' => 'full');
$options['bypass_access'] = array('default' => FALSE);
return $options;
}
......@@ -73,6 +74,12 @@ class entity_views_handler_area_entity extends views_handler_area {
);
}
}
$form['bypass_access'] = array(
'#type' => 'checkbox',
'#title' => t('Bypass access checks'),
'#description' => t('If enabled, access permissions for rendering the entity are not checked.'),
'#default_value' => !empty($this->options['bypass_access']),
);
return $form;
}
......@@ -99,10 +106,12 @@ class entity_views_handler_area_entity extends views_handler_area {
*/
public function render_entity($entity_type, $entity_id, $view_mode) {
if (!empty($entity_type) && !empty($entity_id) && !empty($view_mode)) {
$entities = entity_load($entity_type, array($entity_id));
$render = entity_view($entity_type, $entities, $view_mode);
$render_entity = reset($render);
return drupal_render($render_entity);
$entity = entity_load_single($entity_type, $entity_id);
if (!empty($this->options['bypass_access']) || entity_access('view', $entity_type, $entity)) {
$render = entity_view($entity_type, array($entity), $view_mode);
$render_entity = reset($render);
return drupal_render($render_entity);
}
}
else {
return '';
......
......@@ -80,6 +80,7 @@ class entity_views_handler_field_entity extends views_handler_field {
$options['display'] = array('default' => 'label');
$options['link_to_entity']['default'] = TRUE;
$options['view_mode'] = array('default' => 'default');
$options['bypass_access'] = array('default' => FALSE);
return $options;
}
......@@ -134,6 +135,12 @@ class entity_views_handler_field_entity extends views_handler_field {
'#value' => $options ? key($options) : 'default',
);
}
$form['bypass_access'] = array(
'#type' => 'checkbox',
'#title' => t('Bypass access checks'),
'#description' => t('If enabled, access permissions for rendering the entity are not checked.'),
'#default_value' => !empty($this->options['bypass_access']),
);
}
public function render($values) {
......@@ -175,7 +182,8 @@ class entity_views_handler_field_entity extends views_handler_field {
if (!is_object($entity) && isset($entity) && $entity !== FALSE) {
$entity = entity_load_single($type, $entity);
}
if (!$entity) {
// Make sure the entity exists and access is either given or bypassed.
if (!$entity || !(!empty($this->options['bypass_access']) || entity_access('view', $type, $entity))) {
return '';
}
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment