Fixed default permissions

legacy/tripal_core/tripal_core.module

@@ -169,7 +169,11 @@ function tripal_core_theme($existing, $type, $theme, $path) {
     // Theme function for the extension admin page.
     'tripal_core_extensions_form_tables' => array(
       'render element' => 'element',
-    )
+    ),
+    'administer controlled vocabularies' => array(
+      'title' => t('Administer controlled vocabularies (CVs).'),
+      'description' => t('Allow a user to add, edit and delete controlled vocabularies as well as add and edit terms.')
+    ),
   );
 }
 

tripal/api/tripal.entities.api.inc

@@ -310,6 +310,37 @@ function tripal_create_bundle($args, &$error = '') {
   return $bundle;
 }
 
+/**
+ * Retrieves a list of the content types.
+ *
+ * @return
+ *   An array of bundles. Each bundle is an object containing information
+ *   about that bundle.
+ */
+function tripal_get_content_types() {
+  return db_select('tripal_bundle', 'tb')
+    ->fields('tb')
+    ->execute()
+    ->fetchAll();
+}
+
+/**
+ * Retrieves information about a given content type.
+ *
+ * @param $bundle_name
+ *   The name of a bundle.
+ *
+ * @return
+ *   An object containing information about the bundle.
+ */
+function tripal_get_content_type($bundle_name) {
+  return db_select('tripal_bundle', 'tb')
+    ->fields('tb')
+    ->condition('tb.name', $bundle_name)
+    ->execute()
+    ->fetchAll();
+}
+
 /**
  * Refreshes the bundle such that new fields added by modules will be found.
  *

tripal/includes/TripalBundleUIController.inc

@@ -32,7 +32,7 @@ class TripalBundleUIController extends EntityDefaultUIController {
       'description' => 'Add data type content',
       'page callback' => 'drupal_get_form',
       'page arguments' => array('tripal_admin_add_type_form'),
-      'access arguments' => array('administer tripal data types'),
+      'access arguments' => array('manage tripal content types'),
       'type' => MENU_LOCAL_ACTION,
       'weight' => 2
     );
@@ -398,7 +398,7 @@ function tripal_tripal_bundle_form_submit($form, &$form_state) {
  * Access callback for the entity API.
  */
 function tripal_bundle_access($op, $type = NULL, $account = NULL) {
-  return user_access('administer tripal data types', $account);
+  return user_access('manage tripal content types', $account);
 }
 
 /**

tripal/includes/TripalEntityController.inc

@@ -29,6 +29,7 @@ class TripalEntityController extends EntityAPIController {
 
     // Add some items to the values array passed to the constructor
     global $user;
+
     $values['uid'] = $user->uid;
     $values['created'] = time();
     $values['changed'] = time();

tripal/includes/TripalEntityUIController.inc

@@ -22,7 +22,7 @@ class TripalEntityUIController extends EntityDefaultUIController {
       'page callback' => 'tripal_content_view',
       'file' =>  'includes/tripal.admin.inc',
       'file path' => drupal_get_path('module', 'tripal'),
-      'access arguments' => array('administer tripal data'),
+      'access arguments' => array('access tripal content overview'),
       'type' => MENU_LOCAL_TASK,
       'weight' => -9
     );
@@ -30,7 +30,7 @@ class TripalEntityUIController extends EntityDefaultUIController {
     $items['bio_data/add'] = array(
       'title' => 'Add Tripal Content',
       'page callback' => 'tripal_add_page',
-      'access arguments' => array('administer tripal data'),
+      'access callback' => '_tripal_entity_add_access',
     );
 
     // Add a menu item for creating each bundle
@@ -54,8 +54,7 @@ class TripalEntityUIController extends EntityDefaultUIController {
           'description' => tripal_get_bundle_variable('description', $bundle->id, $default_description),
           'page callback'  => 'drupal_get_form',
           'page arguments' => array('tripal_entity_form', 2),
-          'access callback'  => 'tripal_entity_access',
-          'access arguments' => array('edit'),
+          'access arguments' => array('create bio_data_' . $term->id),
         );
       }
     }
@@ -92,32 +91,13 @@ class TripalEntityUIController extends EntityDefaultUIController {
       'type' => MENU_LOCAL_TASK,
       'weight' => -8,
     );
-//     $items['bio_data/' . $wildcard . '/layout'] = array(
-//       'title' => 'Layout',
-//       'page callback' => 'drupal_goto',
-//       'page arguments' => array(url("admin/structure/bio_data/manage/bio_data_$term_id/display")),
-//       'access callback' => 'tripal_entity_access',
-//       'access arguments' => array('admin', 1),
-//       'type' => MENU_LOCAL_TASK,
-//       'weight' => -8,
-//     );
-//     $items['bio_data/' . $wildcard . '/fields'] = array(
-//       'title' => 'Fields',
-//       'page callback' => 'drupal_goto',
-//       'page arguments' => array(url("admin/structure/bio_data/manage/bio_data_$term_id/fields")),
-//       'access callback' => 'tripal_entity_access',
-//       'access arguments' => array('admin', 1),
-//       'type' => MENU_LOCAL_TASK,
-//       'weight' => -8,
-//     );
-
     // Menu item for deleting tripal data entities.
     $items['bio_data/' . $wildcard . '/delete'] = array(
       'title'  => 'Delete',
       'page callback' => 'drupal_get_form',
       'page arguments' => array('tripal_entity_delete_form', 1),
       'access callback' => 'tripal_entity_access',
-      'access arguments' => array('edit', 1),
+      'access arguments' => array('delete', 1),
       'type' => MENU_CALLBACK,
       'weight' => 10,
     );
@@ -175,6 +155,7 @@ function tripal_view_entity($entity, $view_mode = 'full') {
   *   A form array describing this listing to the Form API.
   */
  function tripal_content_overview_form($form, &$form_state) {
+   global $user;
 
    // Set form defaults.  The $_SESSION contains the last known selection
    // by this user. That should be overridden if the $_GET variable contains
@@ -371,6 +352,16 @@ function tripal_view_entity($entity, $view_mode = 'full') {
 
      // Retrieve details about the user who created this data.
      $author = user_load($entity->uid);
+
+     // Build the action links
+     $links = '';
+     if (entity_access('edit', 'TripalEntity', $entity, $user)) {
+       $links .= '  ' . l('edit', 'bio_data/' . $entity->id . '/edit');
+     }
+     if (entity_access('delete', 'TripalEntity', $entity, $user)) {
+       $links .= '  ' . l('delete', 'bio_data/' . $entity->id . '/delete');
+     }
+
      // Add information to the table.
      $rows[] = array(
        l($entity->title, 'bio_data/' . $entity->id),
@@ -379,8 +370,7 @@ function tripal_view_entity($entity, $view_mode = 'full') {
        l($author->name, 'user/' . $entity->uid),
        $entity->status == 1 ? 'published' : 'unpublished',
        format_date($entity->changed, 'short'),
-       l('edit', 'bio_data/' . $entity->id . '/edit') . '  ' .
-       l('delete', 'bio_data/' . $entity->id . '/delete')
+       $links,
      );
    }
 
@@ -444,6 +434,7 @@ function tripal_view_entity($entity, $view_mode = 'full') {
   *
   */
  function tripal_entity_form($form, &$form_state, $term_id = '', $entity = NULL) {
+   global $user;
    $bundle_name = 'bio_data_' . $term_id;
 
    // Add a vertical tabs element
@@ -479,13 +470,15 @@ function tripal_view_entity($entity, $view_mode = 'full') {
 
      // Put the delete button on the far-right so that it's harder
      // to accidentally click it.
-     $form['delete_button'] = array(
-       '#type' => 'submit',
-       '#value' => t('Delete'),
-       '#name' => 'delete_data',
-       '#weight' => 1002,
-       '#attributes' => array('style' => 'float: right')
-     );
+     if (entity_access('delete', 'TripalEntity', $entity, $user)) {
+       $form['delete_button'] = array(
+         '#type' => 'submit',
+         '#value' => t('Delete'),
+         '#name' => 'delete_data',
+         '#weight' => 1002,
+         '#attributes' => array('style' => 'float: right')
+       );
+     }
    }
    $form['cancel_button'] = array(
      '#type' => 'submit',
@@ -587,9 +580,7 @@ function tripal_entity_form_ajax_callback($form, $form_state) {
   */
  function tripal_add_page() {
    $item = menu_get_item();
-
    $content = system_admin_menu_block($item);
-
    // Bypass the node/add listing if only one content type is available.
    if (count($content) == 1) {
      $item = array_shift($content);
@@ -660,6 +651,12 @@ function tripal_entity_form_ajax_callback($form, $form_state) {
  function tripal_entity_delete_form_submit($form, &$form_state) {
    $entity = $form_state['entity'];
 
+   if (!entity_access('delete', 'TripalEntity', $entity, $user)) {
+     drupal_set_message(t('You do not have permission to delete this content.'), "error");
+     $form_state['redirect'] = 'admin/content/bio_data';
+     return;
+   }
+
    $entity_controller = new TripalEntityController($entity->type);
 
    if ($entity_controller->delete(array($entity->id))) {
@@ -670,3 +667,22 @@ function tripal_entity_form_ajax_callback($form, $form_state) {
      drupal_set_message(t('The tripal_entity %name was not deleted.', array('%name' => $entity->title)), "error");
    }
  }
+
+ /**
+  * A helper function for checking if a user can add Tripal Content.
+  *
+  * This function is a callback for the bio_data/add menu path.
+  */
+ function _tripal_entity_add_access() {
+   global $user;
+
+
+   $types = tripal_get_content_types();
+   foreach ($types as $type) {
+     if (user_access('create ' . $type->name, $user)) {
+       return TRUE;
+     }
+   }
+   return FALSE;
+
+ }

tripal/includes/tripal.entity.inc

@@ -177,7 +177,7 @@ function tripal_entity_info() {
       'path' => 'admin/content/bio_data',
       'controller class' => 'TripalEntityUIController',
       'menu wildcard' => '%TripalEntity',
-      'file' => 'includes/TripalEntityUIController.inc'
+      'file' => 'includes/TripalEntityUIController.inc',
     ),
     'view modes' => array (
       'full' => array (
@@ -251,7 +251,7 @@ function tripal_entity_info_alter(&$entity_info){
           'real path' => 'admin/structure/bio_data/manage/' . $bundle_name,
           'bundle argument' => 4,
           'access arguments' => array (
-            'administer tripal data types'
+            'manage tripal content types'
           )
         )
       );
@@ -261,16 +261,46 @@ function tripal_entity_info_alter(&$entity_info){
 
 /**
  * Checks access permissions for a given entity.
+ *
+ * This function is set for TripalEntity access checking in the
+ * tripal_entity_info() under the 'access callback' element.
+ *
+ * @param $op
+ *   The operation. One of: create, view, edit, delete.
+ * @param $entity
+ *   The entity to check access for.
+ * @param $account
+ *   The user account.
+ * @param $entity_type
+ *   The type of entity (will always be TripalEntity).
  */
-function tripal_entity_access($entity) {
-  // TODO: need to implement this function.
-  return TRUE;
-}
+function tripal_entity_access($op, $entity = NULL, $account = NULL, $entity_type = NULL) {
+  global $user;
 
-function tripal_form_tripal_entity_form_alter(&$form, &$form_state, $form_id) {
+  if ($entity) {
+    $bundle_name = $entity->bundle;
+  }
+  else {
+    return FALSE;
+  }
 
+  if (!isset($account)) {
+    $account = $user;
+  }
+  switch ($op) {
+    case 'create':
+      return user_access('create ' . $bundle_name, $account);
+    case 'view':
+      return user_access('view ' . $bundle_name, $account);
+    case 'edit':
+      return user_access('edit ' . $bundle_name, $account);
+    case 'delete':
+      return user_access('delete ' . $bundle_name, $account);
+  }
+  return FALSE;
 }
 
+
 /**
  * Implements hook_entity_view.
  *

tripal/tripal.module

@@ -72,6 +72,9 @@ function tripal_init() {
 
 }
 
+function tripal_menu_alter(&$items) {
+  //drupal_debug($items);
+}
 /**
  * Implements hook_menu().
  * Defines all menu items needed by Tripal Core
@@ -238,16 +241,17 @@ function tripal_menu() {
   /*
    * Term Lookup
    */
-  $items['cv/lookup'] = array(
-    'title' => 'Vocabulary Lookup',
-    'description' => t("Provides a tool to discover controlled vocabularies and their terms used by this site."),
-    'access arguments' => array('access content'),
-    'page callback' => 'drupal_get_form',
-    'page arguments' => array('tripal_vocabulary_lookup_form'),
-    'file' => 'includes/tripal.term_lookup.inc',
-    'file path' => drupal_get_path('module', 'tripal'),
-    'type' => MENU_NORMAL_ITEM,
-  );
+// TODO: finish this menu callback.
+//   $items['cv/lookup'] = array(
+//     'title' => 'Vocabulary Lookup',
+//     'description' => t("Provides a tool to discover controlled vocabularies and their terms used by this site."),
+//     'access arguments' => array('access content'),
+//     'page callback' => 'drupal_get_form',
+//     'page arguments' => array('tripal_vocabulary_lookup_form'),
+//     'file' => 'includes/tripal.term_lookup.inc',
+//     'file path' => drupal_get_path('module', 'tripal'),
+//     'type' => MENU_NORMAL_ITEM,
+//   );
 
   $items['cv/lookup/%/%'] = array(
     'title' => 'Vocabulary Lookup',
@@ -278,10 +282,18 @@ function tripal_menu() {
  * Implements hook_permission().
  */
 function tripal_permission() {
-  return array(
+  $permissions = array(
     'administer tripal' => array(
       'title' => t('Administer Tripal'),
-      'description' => t('Allow the user to access administrative pages of Tripal.')
+      'description' => t('Allow the user to access administrative pages of Tripal. This includes management of jobs, the storage systems, extensions and the controlled vocabularies.')
+    ),
+    'access tripal content overview' => array(
+      'title' => t('Access the Tripal content overview page'),
+      'description' => t('Get an overview of all Tripal content')
+    ),
+    'manage tripal content types' => array(
+      'title' => t('Manage Tripal content types'),
+      'description' => t('Allows the user to create, update and delete Tripal content types.'),
     ),
     'view dev helps' => array(
       'title' => t('View Developer Hints'),
@@ -291,19 +303,30 @@ function tripal_permission() {
           be disabled once developers are accustomed to these hints.'),
       'restrict access' => TRUE,
     ),
-    'administer tripal data types' => array(
-      'title' => t('Administer Tripal data types'),
-      'description' => t('Create and delete fields for Tripal data types, and set their permissions.'),
-    ),
-    'administer tripal data' => array(
-      'title' => t('Administer Tripal data'),
-      'description' => t('Edit and delete all tripal data'),
-    ),
-    'administer controlled vocabularies' => array(
-      'title' => t('Administer controlled vocabularies (CVs).'),
-      'description' => t('Allow a user to add, edit and delete controlled vocabularies as well as add and edit terms.')
-    ),
+
   );
+
+  // Add permissions for each content type.
+  $bundles = tripal_get_content_types();
+  foreach ($bundles as $bundle) {
+    $permissions['view ' . $bundle->name] = array(
+      'title' => t('%label: View Content', array('%label' => $bundle->label)),
+      'description' => t('Allow the user to view %label content', array('%label' => $bundle->label)),
+    );
+    $permissions['create ' . $bundle->name] = array(
+      'title' => t('%label: Create Content', array('%label' => $bundle->label)),
+      'description' => t('Allow the user to create %label content', array('%label' => $bundle->label)),
+    );
+    $permissions['edit ' . $bundle->name] = array(
+      'title' => t('%label: Edit Content', array('%label' => $bundle->label)),
+      'description' => t('Allow the user to edit %label content', array('%label' => $bundle->label)),
+    );
+    $permissions['delete ' . $bundle->name] = array(
+      'title' => t('%label: Delete Content', array('%label' => $bundle->label)),
+      'description' => t('Allow the user to delete %label content', array('%label' => $bundle->label)),
+    );
+  }
+  return $permissions;
 }
 
 /**
@@ -514,18 +537,6 @@ function TripalEntity_load($id, $reset = FALSE) {
   return reset($entity);
 }
 
-/**
- * Implements hook_menu_alter().
- */
-function tripal_menu_alter(&$items) {
-  // We don't want to allow deletion of fields added by the storage backend.
-  // TODO: this shouldn't be hardcoded here.  These settings
-  // should be part of the field and handled by the tripal_entity module.
-  //$items['admin/structure/bio_data/manage/%TripalBundle/fields/%field_ui_menu/delete']['page callback'] = 'tripal_field_no_delete';
-  //$items['admin/structure/bio_data/manage/%TripalBundle/fields/%field_ui_menu/delete']['page arguments'] = array();
-}
-
-
 /**
  * Imports all of the Tripal API into scope.
  *

tripal_chado/includes/tripal_chado.entity.inc

@@ -127,37 +127,6 @@ function tripal_chado_entity_delete($entity, $type) {
 
 }
 
-/**
- * Determines whether the given user has access to a tripal data entity.
- *
- * TODO: I'm not sure this function should be at this level. I think all
- * access controls should be handled by the tripal_entity module and that
- * storage backends should just attach data as requested.
- *
- * @param $op
- *   The operation being performed. One of 'view', 'update', 'create', 'delete'
- *   or just 'edit' (being the same as 'create' or 'update').
- * @param $entity
- *   Optionally a tripal data entity or a tripal data type to check access for.
- *   If nothing is given, access for all types is determined.
- * @param $account
- *   The user to check for. Leave it to NULL to check for the global user.
- * @return boolean
- *   Whether access is allowed or not.
- */
-function tripal_chado_entity_access($op, $entity = NULL, $account = NULL) {
-  if (user_access('administer tripal data', $account)) {
-    return TRUE;
-  }
-  if (isset($entity) && $type_name = $entity->type) {
-    $op = ($op == 'view') ? 'view' : 'edit';
-    if (user_access("$op any $type_name data", $account)) {
-      return TRUE;
-    }
-  }
-  return FALSE;
-}
-
 /**
  * Implements hook_tripal_default_title_format().
  *

tripal_chado/tripal_chado.views_default.inc

@@ -453,7 +453,7 @@ function tripal_chado_defaultview_admin_cvs_listing() {
   $handler->display->display_options['title'] = 'Controlled Vocabularies';
   $handler->display->display_options['use_more_always'] = FALSE;
   $handler->display->display_options['access']['type'] = 'perm';
-  $handler->display->display_options['access']['perm'] = 'administer controlled vocabularies';
+  $handler->display->display_options['access']['perm'] = 'administer tripal';
   $handler->display->display_options['cache']['type'] = 'none';
   $handler->display->display_options['query']['type'] = 'views_query';
   $handler->display->display_options['exposed_form']['type'] = 'input_required';
@@ -646,7 +646,7 @@ function tripal_chado_defaultview_admin_cvterms_listing() {
   $handler->display->display_options['title'] = 'Controlled Vocabulary Terms';
   $handler->display->display_options['use_more_always'] = FALSE;
   $handler->display->display_options['access']['type'] = 'perm';
-  $handler->display->display_options['access']['perm'] = 'administer controlled vocabularies';
+  $handler->display->display_options['access']['perm'] = 'administer tripal';
   $handler->display->display_options['cache']['type'] = 'none';
   $handler->display->display_options['query']['type'] = 'views_query';
   $handler->display->display_options['exposed_form']['type'] = 'input_required';