function _devel_node_access_explain_access

Same name in other branches
  1. 7.x-1.x devel_node_access.module \_devel_node_access_explain_access()

Helper function that mimicks node.module's node_access() function.

Unfortunately, this needs to be updated manually whenever node.module changes!

Return value

An array suitable for theming with theme_dna_permission().

1 call to _devel_node_access_explain_access()
devel_node_access_block in ./devel_node_access.module

File

./devel_node_access.module, line 554

Code

function _devel_node_access_explain_access($op, $node, $account = NULL) {
    global $user;
    static $filter_formats;
    if (is_numeric($node) && !($node = node_load($node))) {
        return array(
            FALSE,
            '???',
            t('Unable to load the node – this should never happen!'),
        );
    }
    if ($op == 'create' && is_object($node)) {
        $node = $node->type;
    }
    if (!empty($account)) {
        $filter_formats = filter_formats();
        // use real current user first!
        // To try to get the most authentic result we impersonate the given user!
        // This may reveal bugs in other modules, leading to contradictory results.
        $saved_user = $user;
        session_save_session(FALSE);
        $user = $account;
        $result = _devel_node_access_explain_access($op, $node, NULL);
        $user = $saved_user;
        session_save_session(TRUE);
        $second_opinion = node_access($op, $node, $account);
        if ($second_opinion != $result[0]) {
            $result[1] .= '<span class="' . ($second_opinion ? 'ok' : 'error') . '" title="Core seems to disagree on this item. This is a bug in either DNA or Core and should be fixed! Try to look at this node as this user and check whether there is still disagreement.">*</span>';
        }
        return $result;
    }
    $variables = array(
        '!NO' => t('NO'),
        '!YES' => t('YES'),
    );
    if ($op == 'update' && !_devel_node_access_filter_access($node->format)) {
        return array(
            FALSE,
            t('!NO: input format', $variables),
            t("!NO: This user is not allowed to use the input format '!format' (!fid).", $variables += array(
                '!fid' => $node->format,
                '!format' => isset($filter_formats[$node->format]) ? $filter_formats[$node->format]->name : '***',
            )),
        );
    }
    if (user_access('administer nodes')) {
        return array(
            TRUE,
            t('!YES: administer nodes', $variables),
            t("!YES: This user has the '!administer_nodes' permission and may do everything with nodes.", $variables += array(
                '!administer_nodes' => t('administer nodes'),
            )),
        );
    }
    elseif (!user_access('access content')) {
        return array(
            FALSE,
            t('!NO: access content', $variables),
            t("!NO: This user does not have the '!access_content' permission and is denied doing anything with content.", $variables += array(
                '!access_content' => t('access content'),
            )),
        );
    }
    $module = node_get_types('module', $node);
    $access = module_invoke($module == 'node' ? 'node_content' : $module, 'access', $op, $node, $user);
    if (!is_null($access)) {
        $variables += array(
            '@module' => $module,
            '@content_type' => is_object($node) ? $node->type : $node,
        );
        if ($access) {
            return array(
                TRUE,
                t('!YES: by the module', $variables),
                t("!YES: The '@module' module (which defines the '@content_type' content type) allows this, probably based on some permission.", $variables),
            );
        }
        else {
            return array(
                FALSE,
                t('!NO: by the module', $variables),
                t("!NO: The '@module' module (which defines the '@content_type' content type) denies this.", $variables),
            );
        }
    }
    if ($op != 'create' && $node->nid && $node->status) {
        if (node_access($op, $node, $user)) {
            // delegate this part
            $variables['@node_access_table'] = '{node_access}';
            return array(
                TRUE,
                t('!YES: @node_access_table', $variables),
                t('!YES: Node access allows this based on one or more records in the @node_access_table table (see the other DNA block!).', $variables),
            );
        }
        else {
            return array(
                FALSE,
                t('!NO: node access', $variables),
                t('!NO: Node access denies this.', $variables),
            );
        }
    }
    if ($op == 'view' && $user->uid == $node->uid && $user->uid != 0) {
        return array(
            TRUE,
            t('!YES: own node', $variables),
            t('!YES: The user may view his/her own node.', $variables),
        );
    }
    return array(
        FALSE,
        t('!NO: no reason', $variables),
        t("!NO: None of the checks resulted in allowing this, so it's denied.", $variables) . ($op != 'create' && !$node->status ? ' ' . t('Node access was not checked because the node is not published.') : '') . ($op == 'create' ? ' ' . t('This is most likely due to a withheld permission.') : ''),
    );
}