php / Drupal-列出给定用户有权编辑的所有节点
[英]php/Drupal - list all nodes that a given user to permission to edit
问题描述
I have a function that lists all nodes on the system. 
我有一个列出系统上所有节点的函数。 I would like to refine this to show only nodes that current user is able to edit - either with API or SQL statement. 我想对此进行改进,以仅显示当前用户能够编辑的节点-使用API或SQL语句。 (Drupal 6) (Drupal 6)
function fnGetNodeTypes($typeOfNodes) {
$string = "";
$types_of_nodes = array_keys(node_get_types());
$string .= "<select name='typeOfNodes'>";
$string .= "<option value=''>Please select</option> ";
$string .= "<option value='all'>All</option> ";
foreach($types_of_nodes as $node){
if($typeOfNodes == $node ){
$selected = "selected";
}
else{
$selected = "";
}
$string .= "<option $selected value=\"" . $node . "\">" . $node ;
$string .= "</option>\n";
}
$string .= "</select\n>";
return $string;
}
Update: 更新:
Following @chx suggestion I tried messing around with users, users_roles and permissions. 按照@chx的建议,我尝试弄乱用户,users_roles和权限。 Let me know if there is a more Drupal way of doing this. 让我知道是否有更多的Drupal方法可以做到这一点。
//----------------------------------------------
// Contruct select/option box of node types
//----------------------------------------------
function fnGetNodeTypes($typeOfNodes) {
$string = "";
$types_of_nodes = array_keys(node_get_types());
$string .= "<select name='typeOfNodes'>";
$string .= "<option value=''>Please select</option> ";
//$string .= "<option value='all'>All</option> ";
foreach($types_of_nodes as $node_type){
if (fnInArray($node_type))
{
if($typeOfNodes == $node_type ){
$selected = "selected";
}
else{
$selected = "";
}
$string .= "<option $selected value=\"" . $node_type . "\">" . $node_type ;
$string .= "</option>\n";
}
}
$string .= "</select\n>";
return $string;
}
//---------------------------------------------------------------------
// function fnInArray - see if user is allowed to edit this node type
//---------------------------------------------------------------------
function fnInArray($node_type)
{
global $user;
if ($user->name == 'admin') { return TRUE; }
// get list of all nodes that user is allowed to access
//
$string = " SELECT permission.perm as permission_perm " .
" from users " .
" join users_roles on ( users_roles.uid = users.uid ) " .
" join permission on (permission.rid = users_roles.rid) " .
" where users.name = '" . $user->name . "'";
$result = db_query($string);
while ($row = db_fetch_object($result)) {
$pieces = explode(", " , $row->permission_perm);
$node_name = "edit any " . trim($node_type) . " content";
if (in_array($node_name, $pieces ))
{
return TRUE;
}
return FALSE;
}
}
4 个解决方案
解决方案1
1 2011-03-12 23:38:46
This is fairly impossible to do. 这是完全不可能做到的。 Node access can be specified by a hook so the only generic way to do that would be to retrieve every. 可以通过钩子指定节点访问权限,因此唯一的通用方法是检索每个节点。 single. 单。 node. 节点。 and run node_access($node, 'update') on them. 并在其上运行node_access($node, 'update') 。 That's not too fast. 不太快。 You can mess around with node types, permissions, the node access table etc depending on how your site is set up and modules are used. 您可以根据站点的设置和模块的使用方式弄乱节点类型,权限,节点访问表等。 If we presume that the only thing controlling your nodes are the permissions and understand please this presumption is not always true by far, then in Drupal 6 and below (I suspect from node_get_types() you are not using D7) you would indeed iterate over node_get_types() and check user_access("edit own $type content") || user access("edit any $type content") 如果我们假设控制节点的唯一事情就是权限,并且了解这一点,那么这种假设并不总是正确的,那么在Drupal 6及以下版本中(我怀疑从node_get_types()您没有使用D7)您的确会遍历node_get_types()并检查user_access("edit own $type content") || user access("edit any $type content") user_access("edit own $type content") || user access("edit any $type content") but this won't go too far. user_access("edit own $type content") || user access("edit any $type content")但这不会太过分。
解决方案2
0 2011-03-12 23:35:51
Not quite sure of the proper method for Drupal 6 (check db_rewrite_sql ) but for Drupal 7, while you are building your query add addTag('node_access') to the query and that will limit it to only nodes that the user has permission to edit. 不太确定Drupal 6的正确方法(请检查db_rewrite_sql ),但对于Drupal 7来说,不确定的是在构建查询时,将addTag('node_access')添加到查询中,这会将其限制为仅用户有权编辑的节点。 If you go to the link for db_rewrite_sql above make sure to take a look at the comments. 如果转到上面的db_rewrite_sql链接,请确保查看注释。
解决方案3
0 2011-03-13 15:39:55
db_query + db_rewrite_sql :仅返回允许登录用户查看的行。
$results = db_query(db_rewrite_sql($query), $args);
解决方案4
0 2011-07-20 00:35:31
This is what the Module Grants Monitor module is for http://drupal.org/project/module_grants . 这就是http://drupal.org/project/module_grants的“模块赠款监视器”模块。 From the project page: "Clicking on it reveals a summary of all the content the logged-in user has access to (ie view, edit) after access controls have been applied by the content access modules installed on your site". 在项目页面上:“单击它可以显示登录的用户在您站点上安装的内容访问模块应用访问控制后可以访问(即查看,编辑)的所有内容的摘要”。 I installed and tested this today and it seems to work. 我今天安装并测试了它,它似乎可以工作。 Does anyone have comments or experience with this module? 有人对这个模块有意见或经验吗?
It seems like this should also be possible with Views or Rules... but maybe that's just because everything seems possible with them... 似乎也可以通过“视图”或“规则”来实现……但这也许仅仅是因为一切似乎都可以实现……
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.