1 node.module | _node_revision_access(Node $node, $op = 'view', $account = NULL) |
Access callback: Checks node revision access.
Parameters
Node $node: The node to check.
$op: (optional) The specific operation being checked. Defaults to 'view.'
object $account: (optional) A user object representing the user for whom the operation is to be performed. Determines access for a user other than the current user.
Return value
TRUE if the operation may be performed, FALSE otherwise.:
See also
File
- core/
modules/ node/ node.module, line 1578 - The core module that allows content to be submitted to the site.
Code
function _node_revision_access(Node $node, $op = 'view', $account = NULL) {
$access = &backdrop_static(__FUNCTION__, array());
$map = array(
'view' => 'view revisions',
'update' => 'revert revisions',
'delete' => 'delete revisions',
);
if (!$node || !isset($map[$op])) {
// If there was no node to check against, or the $op was not one of the
// supported ones, we return access denied.
return FALSE;
}
if (!isset($account)) {
$account = $GLOBALS['user'];
}
// Statically cache access by revision ID, user account ID, and operation.
$cid = $node->vid . ':' . $account->uid . ':' . $op;
if (!isset($access[$cid])) {
// Perform basic permission checks first.
if (!user_access($map[$op], $account) && !user_access('administer nodes', $account)) {
return $access[$cid] = FALSE;
}
$node_current_revision = node_load($node->nid);
$is_current_revision = $node->isActiveRevision();
// There should be at least two revisions. If the vid of the given node
// and the vid of the active revision differ, then we already have two
// different revisions so there is no need for a separate database check.
// Also, if you try to revert to or delete the active revision, that's
// not good.
if ($is_current_revision && (db_query('SELECT COUNT(vid) FROM {node_revision} WHERE nid = :nid', array(':nid' => $node->nid))->fetchField() == 1 || $op == 'update' || $op == 'delete')) {
$access[$cid] = FALSE;
}
elseif (user_access('administer nodes', $account)) {
$access[$cid] = TRUE;
}
else {
// First check the access to the active revision and finally, if the
// node passed in is not the active revision then access to that, too.
$access[$cid] = node_access($op, $node_current_revision, $account) && ($is_current_revision || node_access($op, $node, $account));
}
}
return $access[$cid];
}