<?php
// $Id$

/**
 * @file
 * A custom Origo Drupal module for displaying private pages that only
 * project members can access.
 */

// Integers denoting the visibility status of a node.
// These values correspond to the number in the DB-Table's `private` column of
// the module.
define('DEVELOPER_PAGES_PUBLIC', 0);
define('DEVELOPER_PAGES_PRIVATE', 1);
define('DEVELOPER_PAGES_FORCED_PRIVATE', 2);

/**
 * Implementation of hook_help().
 */
function developer_pages_help($path, $arg) {
  switch ($path) {
    case 'admin/modules#description':
      return t('Restricts access to private nodes');
  }
}

/**
 * Implementation of hook_enable().
 *
 * A node access module needs to force a rebuild of the node access table
 * when it is enabled to ensure that things are set up.
 */
function developer_pages_enable() {
  node_access_rebuild();
}

/**
 * Implementation of hook_disable().
 *
 * A node access module needs to force a rebuild of the node access table
 * when it is disabled to ensure that its entries are removed from the table.
 */
function developer_pages_disable() {
  developer_pages_disabling(TRUE);
  node_access_rebuild();
}

/**
 * Simple function to make sure we don't respond with grants when disabling
 * ourselves.
 */
function developer_pages_disabling($set = NULL) {
  static $disabling = FALSE;
  if ($set !== NULL) {
    $disabling = $set;
  }
  return $disabling;
}

/**
 * Implementation of hook_perm().
 *
 * In this example, we will use a simple permission to determine whether a user
 * has access to "private" content. This permission is defined here.
 */
function developer_pages_perm() {
  return array('access private developer pages');
}

/**
 * Implementation of hook_node_grants().
 *
 * Tell the node access system what GIDs the user belongs to for each realm.
 * In this example, we are providing two realms: the developer_page realm, which
 * has just one group id (1) and the user is either a member or not depending
 * upon the operation and the access permission set.
 *
 */
function developer_pages_node_grants($account, $op) {
  if (($op == 'view' || $op == 'update' || $op == 'delete') && user_access('access private developer pages', $account)) {
    $grants['developer_page'] = array(1);
  }
  return $grants;
}

/**
 * Implementation of hook_node_access_records().
 *
 * All node access modules must implement this hook. If the module is
 * interested in the privacy of the node passed in, return a list
 * of node access values for each grant ID we offer. Since this
 * example module only offers 1 grant ID, we will only ever be
 * returning one record.
 */
function developer_pages_node_access_records($node) {
  if (developer_pages_disabling()) {
    return;
  }

  // We only care about the node if it's been marked private. If not, it is
  // treated just like any other node and we completely ignore it.
  if ($node->private) {
    $grants = array();
    $grants[] = array(
      'realm' => 'developer_page',
      'gid' => TRUE,
      'grant_view' => TRUE,
      'grant_update' => TRUE,
      'grant_delete' => TRUE,
      'priority' => 0,
    );

    return $grants;
  }
}

/**
 * Implementation of hook_form_alter().
 *
 * This module adds a simple checkbox to the node form labeled private. If the
 * checkbox is labelled, only the users with 'access private developer pages'
 * privileges may see it.
 */
function developer_pages_form_alter(&$form, $form_state, $form_id) {
  if ($form['#id'] == 'node-form' && user_access('access private developer pages')) {
    if (isset($form['#node']->private)) {
      $is_private = (bool)$form['#node']->private;
    }
    else {
      // load for access to origo-constants
      module_load_include('inc', 'origo_home', 'origo_constants');

      $project_info = origo_auth_xml_rpc(variable_get('origo_api_internal', ''), 'internal_project.retrieve', (int)variable_get('origo_project_id', 0));
      if ((int)xmlrpc_errno() != 0) {
        form_set_error(t(xmlrpc_error_msg()));
      }

      // TODO: how can we properly extend this for all project-types?
      // 2010-02-02, bherlig
      $is_private = (bool)((int)$project_info['project_type'] != ORIGO_OPEN_SOURCE);
    }

    $form['private'] = array(
      '#type' => 'checkbox',
      '#title' => t('Private'),
      '#description' => t('Check here if this content should be set private and only shown to project developers.'),
      '#default_value' => $is_private,
    );
  }
}

/**
 * Implementation of hook_nodeapi().
 *
 * The module must track the access status of the node.
 */
function developer_pages_nodeapi(&$node, $op, $arg = 0) {
  switch ($op) {
    case 'load':
      $result = db_fetch_object(db_query('SELECT * FROM {developer_pages} WHERE vid = %d', $node->vid));
      $node->private = (int)$result->private;
      break;
    case 'delete':
      // remove all revisions of this node
      db_query('DELETE FROM {developer_pages} WHERE nid = %d', $node->nid);
      break;
    case 'insert':
      if ($node->private) {
        db_query('INSERT INTO {developer_pages} (nid, vid, private) VALUES (%d, %d, %d)', $node->nid, $node->vid, DEVELOPER_PAGES_PRIVATE);
      }
      break;
    case 'update':
      if ($node->private) {
        // Make all previous revisions private, albeit with a special status
        // FORCED_PRIVATE, denoting that the node's revision was not explicitly
        // set private by the user (but indirectly).
        //
        // Do this because it prevents accessing a previous revision of a now
        // private node.
        $revs = node_revision_list($node);
        if (count($revs) > 0) {
          // Using INSERT IGNORE will only insert a row for revisions that were
          // not private yet, i.e. a FORCED one.
          $sql = "INSERT IGNORE INTO {developer_pages} (nid, vid, private) VALUES (%d, %d, %d)";
          foreach ($revs as $r) {
            $sql .= ", ({$node->nid}, $r->vid, ". DEVELOPER_PAGES_FORCED_PRIVATE .")";
          }

          // Insert the current revision  (with a regular PRIVATE status),
          // together with all revisions of the node
          db_query($sql, $node->nid, $node->vid, DEVELOPER_PAGES_PRIVATE);
        }
      }
      break;
    default:
      break;
  }
}


/**
 * Implementation of hook_wiki_nodelink_attributes().
 * This hook is used by the mediawiki_filter module to add additional css classes to wiki links.
 */
function developer_pages_wiki_nodelink_attributes($nid) {
  // retrieve the current revision of this node
  $private = db_result(
    db_query("SELECT private FROM {developer_pages} WHERE vid = (SELECT MAX(vid) FROM {node_revisions} WHERE nid = %d)", $nid)
  );

  if ($private) {
    return 'origo-private';
  }
}

/**
 * Implementation of hook_init().
 */
function developer_pages_init() {
  // Add a javascript section which adds "private" image after all private links
  $external_img_url = base_path() . drupal_get_path('theme', 'oxymoron') .'/private-page-link.png';
  drupal_add_js(drupal_get_path('module', 'mediawiki_filter') .'/mediawiki_filter.js');
  drupal_add_js(
    'if (Drupal.jsEnabled) {
      $(document).ready(function() {
        $(\'a.origo-private\').each(function() {
          $(this).append(\'&nbsp;<img src="' . $external_img_url .'" alt="private"/>\');
        });
      });
    }',
    'inline', 'footer');
}