Updates to roles plugin - implemented role based page handling

languages/en.php

@@ -19,6 +19,8 @@
 
 	'user:role:success' => 'User role has been successfully updated',
 	'user:role:fail' => 'Could not update user role. Please try again later.',
+
+	'roles:page:denied' => 'Sorry, but you do not have the necessary privileges to view that page.',
 
 );
 

lib/config.php

@@ -39,7 +39,7 @@ function roles_get_roles_config() {
 				),
 
 				'pages' => array(
-					'group/new/$guid' => array('rule' => 'deny')
+					'groups/add/{$self_guid}' => array('rule' => 'deny')
 				),
 
 				'menus' => array(

lib/roles.php

@@ -194,34 +194,24 @@ function roles_find_menu_index($menu_name, $item_name) {
 
 
 function roles_prepare_menu_vars($vars) {
-	$user = elgg_get_logged_in_user_entity();
-	$self_username = $user->username;
-	$self_guid = $user->guid;
 
 	$prepared_vars = $vars;
 	if (isset($prepared_vars['href'])) {
-		$prepared_vars['href'] = str_replace('{$self_username}', $self_username, $prepared_vars['href']);
-		$prepared_vars['href'] = str_replace('{$self_guid}', $self_guid, $prepared_vars['href']);
+		$prepared_vars['href'] = roles_replace_dynamic_paths($prepared_vars['href']);
 	}
 
 	return $prepared_vars;
 }
 
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
-
+function roles_replace_dynamic_paths($str) {
+	$user = elgg_get_logged_in_user_entity();
+	$self_username = $user->username;
+	$self_guid = $user->guid;
+
+	$res = str_replace('{$self_username}', $self_username, $str); 
+	$res = str_replace('{$self_guid}', $self_guid, $res);
+
+	return $res;
+}
 
 

start.php

@@ -23,8 +23,8 @@ function roles_init() {
 
 
 	elgg_register_plugin_hook_handler('action', 'all', 'roles_actions_permissions');
+	elgg_register_plugin_hook_handler('route', 'all', 'roles_pages_permissions');
 	elgg_register_event_handler('pagesetup', 'system', 'roles_menus_permissions');
-	elgg_register_event_handler('pagesetup', 'system', 'roles_pages_permissions');
 
 	roles_register_views_hook_handler();
 
@@ -81,9 +81,10 @@ function roles_views_permissions($hook_name, $entity_type, $return_value, $param
 				}
 			}
 		}
-	}		
+	}
 }
 
+
 function roles_actions_permissions($hook_name, $entity_type, $return_value, $params) {
 }
 
@@ -121,7 +122,39 @@ function roles_menus_permissions($event, $type, $object) {
 	return true;
 }
 
-function roles_pages_permissions($event, $type, $object) {
+function roles_pages_permissions($hook_name, $entity_type, $return_value, $params) {
+	$role = roles_get_role();
+	if (elgg_instanceof($role, 'object', 'role')) {
+		$role_perms = roles_get_role_permissions($role, 'pages');
+		$page_path = $return_value['handler'] . '/' . implode('/', $return_value['segments']);
+		if (is_array($role_perms) && !empty($role_perms)) {
+			foreach ($role_perms as $page => $perm_details) {
+				error_log("Checking $page against $page_path");
+				if (roles_replace_dynamic_paths($page) == $page_path) {
+					switch ($perm_details['rule']) {
+						case 'deny':
+							register_error(elgg_echo('roles:page:denied'));
+							if (isset($perm_details['forward'])) {
+								forward($perm_details['forward']);
+							} else {
+								forward(REFERER);
+							}
+							break;
+						case 'redirect':
+							if (isset($perm_details['forward'])) {
+								forward($perm_details['forward']);
+							} else {
+								forward(REFERER);
+							}
+							break;
+						case 'allow':
+						default:
+							break;
+					}
+				}
+			}
+		}
+	}
 }
 
 function roles_users_settings_save($hook_name, $entity_type, $return_value, $params) {