You are here

function bat_entity_access in Booking and Availability Management Tools for Drupal 7

Same name and namespace in other branches
  1. 8 bat.module \bat_entity_access()

Generic access control for entities that BAT defines.

Parameters

string $op: The operation being performed. One of 'view', 'update', 'create' or 'delete'.

object $entity: Optionally an entity to check access for. If no entity is given, it will be determined whether access is allowed for all entities of the given type.

object $account: The user to check for. Leave it to NULL to check for the global user.

string $entity_type: The entity type of the entity to check for.

Return value

bool Boolean indicating whether the user is granted or not.

See also

entity_access()

4 calls to bat_entity_access()
bat_booking_access in modules/bat_booking/bat_booking.module
Determines whether the given user has access to a unit.
bat_event_access in modules/bat_event/bat_event.module
Checks event access for various operations.
bat_type_access in modules/bat_unit/bat_unit.module
Determines whether the given user has access to a type.
bat_unit_access in modules/bat_unit/bat_unit.module
Determines whether the given user has access to a unit.

File

./bat.module, line 158
Provides basic underlying functionality and configuration options used by all BAT modules.

Code

function bat_entity_access($op, $entity, $account, $entity_type) {
  $rights =& drupal_static(__FUNCTION__, array());
  global $user;
  $account = isset($account) ? $account : $user;
  $entity_info = entity_get_info($entity_type);

  // $entity may be either an object or a entity type. Since entity types cannot
  // be an integer, use either nid or type as the static cache id.
  $cid = is_object($entity) ? $entity->{$entity_info['entity keys']['id']} : $entity;

  // If we are creating a new entity make sure we set the type so permissions get
  // applied.
  if ($op == 'create' && $cid == '') {
    $cid = $entity->type;
  }

  // If we've already checked access for this node, user and op, return the
  // cached result.
  if (isset($rights[$account->uid][$cid][$op])) {
    return $rights[$account->uid][$cid][$op];
  }

  // Grant generic administrator level access.
  if (user_access('bypass ' . $entity_type . ' entities access', $account)) {
    $rights[$account->uid][$cid][$op] = TRUE;
    return TRUE;
  }
  if ($op == 'view') {
    if (isset($entity)) {

      // When trying to figure out access to an entity, query the base table
      // using our access control tag.
      if (!empty($entity_info['access arguments']['access tag']) && module_implements('query_' . $entity_info['access arguments']['access tag'] . '_alter')) {
        $query = db_select($entity_info['base table']);
        $query
          ->addExpression('1');
        $result = (bool) $query
          ->addTag($entity_info['access arguments']['access tag'])
          ->addMetaData('account', $account)
          ->condition($entity_info['entity keys']['id'], $entity->{$entity_info['entity keys']['id']})
          ->range(0, 1)
          ->execute()
          ->fetchField();
        $rights[$account->uid][$cid][$op] = $result;
        return $result;
      }
      else {
        $rights[$account->uid][$cid][$op] = TRUE;
        return TRUE;
      }
    }
    else {
      $access = user_access('view any ' . $entity_type . ' entity', $account);
      $rights[$account->uid][$cid][$op] = $access;
      return $access;
    }
  }
  else {

    // Non-view operations.
    // First grant access to the entity for the specified operation if no other
    // module denies it and at least one other module says to grant access.
    $access_results = module_invoke_all('bat_entity_access', $op, $entity, $account, $entity_type);
    if (in_array(FALSE, $access_results, TRUE)) {
      $rights[$account->uid][$cid][$op] = FALSE;
      return FALSE;
    }
    elseif (in_array(TRUE, $access_results, TRUE)) {
      $rights[$account->uid][$cid][$op] = TRUE;
      return TRUE;
    }

    // Grant access based on entity type and bundle specific permissions with
    // special handling for the create operation since the entity passed in will
    // be initialized without ownership.
    if ($op == 'create') {

      // Assuming an entity was passed in and we know its bundle key, perform
      // the entity type and bundle-level access checks.
      if (isset($entity) && !empty($entity_info['entity keys']['bundle'])) {
        $access = user_access('create ' . $entity_type . ' entities', $account) || user_access('create ' . $entity_type . ' entities of bundle ' . $entity->{$entity_info['entity keys']['bundle']}, $account);
        $rights[$account->uid][$cid][$op] = $access;
        return $access;
      }
      else {

        // Otherwise perform an entity type-level access check.
        $access = user_access('create ' . $entity_type . ' entities', $account);
        $rights[$account->uid][$cid][$op] = $access;
        return $access;
      }
    }
    else {

      // Finally perform checks for the rest of operations. Begin by
      // extracting the bundle name from the entity if available.
      $bundle_name = '';
      if (isset($entity) && !empty($entity_info['entity keys']['bundle'])) {
        $bundle_name = $entity->{$entity_info['entity keys']['bundle']};
      }

      // For the delete and delete operations, first perform the entity type and
      // bundle-level access check for any entity.
      if (user_access($op . ' any ' . $entity_type . ' entity', $account) || user_access($op . ' any ' . $entity_type . ' entity of bundle ' . $bundle_name, $account)) {
        $rights[$account->uid][$cid][$op] = TRUE;
        return TRUE;
      }

      // Check an authenticated user's access to delete own entities.
      if ($account->uid && !empty($entity_info['access arguments']['user key']) && isset($entity->{$entity_info['access arguments']['user key']}) && $entity->{$entity_info['access arguments']['user key']} == $account->uid) {
        if (user_access($op . ' own ' . $entity_type . ' entities', $account) || user_access($op . ' own ' . $entity_type . ' entities of bundle ' . $bundle_name, $account)) {
          $rights[$account->uid][$cid][$op] = TRUE;
          return TRUE;
        }
      }
    }
  }
  return FALSE;
}