Skip to content
GitLab
Explore
Sign in
Primary navigation
Search or go to…
Project
xmlsitemap
Manage
Activity
Members
Labels
Plan
Wiki
Custom issue tracker
Code
Merge requests
Repository
Branches
Commits
Tags
Repository graph
Compare revisions
Snippets
Locked files
Build
Pipelines
Jobs
Pipeline schedules
Artifacts
Deploy
Model registry
Analyze
Value stream analytics
Contributor analytics
CI/CD analytics
Repository analytics
Code review analytics
Insights
Model experiments
Help
Help
Support
GitLab documentation
Compare GitLab plans
GitLab community forum
Contribute to GitLab
Provide feedback
Terms and privacy
Keyboard shortcuts
?
Snippets
Groups
Projects
Show more breadcrumbs
project
xmlsitemap
Commits
df6749e1
Commit
df6749e1
authored
Apr 15, 2010
by
Dave Reid
Browse files
Options
Downloads
Patches
Plain Diff
by Dave Reid: Fixed domain-controlled nodes caused node_access() to return FALSE.
parent
6b96b0cf
No related branches found
No related tags found
No related merge requests found
Changes
1
Show whitespace changes
Inline
Side-by-side
Showing
1 changed file
xmlsitemap_node/xmlsitemap_node.module
+126
-1
126 additions, 1 deletion
xmlsitemap_node/xmlsitemap_node.module
with
126 additions
and
1 deletion
xmlsitemap_node/xmlsitemap_node.module
+
126
−
1
View file @
df6749e1
...
@@ -237,8 +237,133 @@ function xmlsitemap_node_create_link(stdClass &$node) {
...
@@ -237,8 +237,133 @@ function xmlsitemap_node_create_link(stdClass &$node) {
// The following values must always be checked because they are volatile.
// The following values must always be checked because they are volatile.
$node
->
xmlsitemap
[
'lastmod'
]
=
isset
(
$node
->
changed
)
?
$node
->
changed
:
REQUEST_TIME
;
$node
->
xmlsitemap
[
'lastmod'
]
=
isset
(
$node
->
changed
)
?
$node
->
changed
:
REQUEST_TIME
;
$node
->
xmlsitemap
[
'access'
]
=
$node
->
nid
?
(
bool
)
node_access
(
'view'
,
$node
,
drupal_anonymous_user
())
:
1
;
$node
->
xmlsitemap
[
'access'
]
=
$node
->
nid
?
xmlsitemap_node_view_access
(
$node
,
drupal_anonymous_user
())
:
1
;
$node
->
xmlsitemap
[
'language'
]
=
isset
(
$node
->
language
)
?
$node
->
language
:
LANGUAGE_NONE
;
$node
->
xmlsitemap
[
'language'
]
=
isset
(
$node
->
language
)
?
$node
->
language
:
LANGUAGE_NONE
;
return
$node
->
xmlsitemap
;
return
$node
->
xmlsitemap
;
}
}
/**
* Determine whether a user may view the specified node.
*
* @param $node
* The node object on which the operation is to be performed, or node type
* (e.g. 'forum') for "create" operation.
* @param $account
* Optional, a user object representing the user for whom the operation is to
* be performed. Determines access for a user other than the current user.
* @return
* TRUE if the operation may be performed, FALSE otherwise.
*
* This is for all intesive purposes a copy of Drupal 7's node_access() function.
* It invokes a backport of Drupal 7's hook_node_grants_alter() specifically
* for use with XML sitemap.
*/
function
xmlsitemap_node_view_access
(
$node
,
$account
=
NULL
)
{
global
$user
;
$op
=
'view'
;
$rights
=
&
drupal_static
(
__FUNCTION__
,
array
());
if
(
!
$node
||
!
in_array
(
$op
,
array
(
'view'
,
'update'
,
'delete'
,
'create'
),
TRUE
))
{
// If there was no node to check against, or the $op was not one of the
// supported ones, we return access denied.
return
FALSE
;
}
// If no user object is supplied, the access check is for the current user.
if
(
empty
(
$account
))
{
$account
=
$user
;
}
// $node may be either an object or a node type. Since node types cannot be
// an integer, use either nid or type as the static cache id.
//$cid = is_object($node) ? $node->nid : $node;
// If we've already checked access for this node, user and op, return from
// cache.
if
(
isset
(
$rights
[
$account
->
uid
][
$node
->
nid
]))
{
return
$rights
[
$account
->
uid
][
$node
->
nid
];
}
if
(
user_access
(
'bypass node access'
,
$account
))
{
$rights
[
$account
->
uid
][
$node
->
nid
]
=
TRUE
;
return
TRUE
;
}
if
(
!
user_access
(
'access content'
,
$account
))
{
$rights
[
$account
->
uid
][
$node
->
nid
]
=
FALSE
;
return
FALSE
;
}
// We grant access to the node if both of the following conditions are met:
// - No modules say to deny access.
// - At least one module says to grant access.
// If no module specified either allow or deny, we fall back to the
// node_access table.
$access
=
module_invoke_all
(
'node_access'
,
$node
,
$op
,
$account
);
if
(
in_array
(
NODE_ACCESS_DENY
,
$access
,
TRUE
))
{
$rights
[
$account
->
uid
][
$node
->
nid
]
=
FALSE
;
return
FALSE
;
}
elseif
(
in_array
(
NODE_ACCESS_ALLOW
,
$access
,
TRUE
))
{
$rights
[
$account
->
uid
][
$node
->
nid
]
=
TRUE
;
return
TRUE
;
}
// Check if authors can view their own unpublished nodes.
if
(
$op
==
'view'
&&
!
$node
->
status
&&
user_access
(
'view own unpublished content'
,
$account
)
&&
$account
->
uid
==
$node
->
uid
&&
$account
->
uid
!=
0
)
{
$rights
[
$account
->
uid
][
$node
->
nid
]
=
TRUE
;
return
TRUE
;
}
// If the module did not override the access rights, use those set in the
// node_access table.
if
(
$op
!=
'create'
&&
$node
->
nid
)
{
if
(
module_implements
(
'node_grants'
))
{
$query
=
db_select
(
'node_access'
);
$query
->
addExpression
(
'1'
);
$query
->
condition
(
'grant_'
.
$op
,
1
,
'>='
);
$nids
=
db_or
()
->
condition
(
'nid'
,
$node
->
nid
);
if
(
$node
->
status
)
{
$nids
->
condition
(
'nid'
,
0
);
}
$query
->
condition
(
$nids
);
$query
->
range
(
0
,
1
);
// Fetch the node grants and allow other modules to alter them (D7 backport).
$grants
=
&
drupal_static
(
__FUNCTION__
.
':grants'
,
array
());
if
(
!
isset
(
$grants
[
$account
->
uid
][
$op
]))
{
// Indicate that this is our special function in the grants.
$account
->
xmlsitemap_node_access
=
TRUE
;
$grants
[
$account
->
uid
][
$op
]
=
node_access_grants
(
$op
,
$account
);
// Remove the special indicator.
unset
(
$account
->
xmlsitemap_node_access
);
}
$grant_condition
=
db_or
();
foreach
(
$grants
[
$account
->
uid
][
$op
]
as
$realm
=>
$gids
)
{
foreach
(
$gids
as
$gid
)
{
$grant_condition
->
condition
(
db_and
()
->
condition
(
'gid'
,
$gid
)
->
condition
(
'realm'
,
$realm
)
);
}
}
if
(
count
(
$grant_condition
)
>
0
)
{
$query
->
condition
(
$grant_condition
);
}
$result
=
(
bool
)
$query
->
execute
()
->
fetchField
();
$rights
[
$account
->
uid
][
$node
->
nid
]
=
$result
;
return
$result
;
}
elseif
(
is_object
(
$node
)
&&
$op
==
'view'
&&
$node
->
status
)
{
// If no modules implement hook_node_grants(), the default behaviour is to
// allow all users to view published nodes, so reflect that here.
$rights
[
$account
->
uid
][
$node
->
nid
]
=
TRUE
;
return
TRUE
;
}
}
return
FALSE
;
}
This diff is collapsed.
Click to expand it.
Preview
0%
Loading
Try again
or
attach a new file
.
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Save comment
Cancel
Please
register
or
sign in
to comment