function bat_entity_access in Booking and Availability Management Tools for Drupal 7
Same name and namespace in other branches
- 8 bat.module \bat_entity_access()
Generic access control for entities that BAT defines.
Parameters
string $op: The operation being performed. One of 'view', 'update', 'create' or 'delete'.
object $entity: Optionally an entity to check access for. If no entity is given, it will be determined whether access is allowed for all entities of the given type.
object $account: The user to check for. Leave it to NULL to check for the global user.
string $entity_type: The entity type of the entity to check for.
Return value
bool Boolean indicating whether the user is granted or not.
See also
4 calls to bat_entity_access()
- bat_booking_access in modules/
bat_booking/ bat_booking.module - Determines whether the given user has access to a unit.
- bat_event_access in modules/
bat_event/ bat_event.module - Checks event access for various operations.
- bat_type_access in modules/
bat_unit/ bat_unit.module - Determines whether the given user has access to a type.
- bat_unit_access in modules/
bat_unit/ bat_unit.module - Determines whether the given user has access to a unit.
File
- ./
bat.module, line 158 - Provides basic underlying functionality and configuration options used by all BAT modules.
Code
function bat_entity_access($op, $entity, $account, $entity_type) {
$rights =& drupal_static(__FUNCTION__, array());
global $user;
$account = isset($account) ? $account : $user;
$entity_info = entity_get_info($entity_type);
// $entity may be either an object or a entity type. Since entity types cannot
// be an integer, use either nid or type as the static cache id.
$cid = is_object($entity) ? $entity->{$entity_info['entity keys']['id']} : $entity;
// If we are creating a new entity make sure we set the type so permissions get
// applied.
if ($op == 'create' && $cid == '') {
$cid = $entity->type;
}
// If we've already checked access for this node, user and op, return the
// cached result.
if (isset($rights[$account->uid][$cid][$op])) {
return $rights[$account->uid][$cid][$op];
}
// Grant generic administrator level access.
if (user_access('bypass ' . $entity_type . ' entities access', $account)) {
$rights[$account->uid][$cid][$op] = TRUE;
return TRUE;
}
if ($op == 'view') {
if (isset($entity)) {
// When trying to figure out access to an entity, query the base table
// using our access control tag.
if (!empty($entity_info['access arguments']['access tag']) && module_implements('query_' . $entity_info['access arguments']['access tag'] . '_alter')) {
$query = db_select($entity_info['base table']);
$query
->addExpression('1');
$result = (bool) $query
->addTag($entity_info['access arguments']['access tag'])
->addMetaData('account', $account)
->condition($entity_info['entity keys']['id'], $entity->{$entity_info['entity keys']['id']})
->range(0, 1)
->execute()
->fetchField();
$rights[$account->uid][$cid][$op] = $result;
return $result;
}
else {
$rights[$account->uid][$cid][$op] = TRUE;
return TRUE;
}
}
else {
$access = user_access('view any ' . $entity_type . ' entity', $account);
$rights[$account->uid][$cid][$op] = $access;
return $access;
}
}
else {
// Non-view operations.
// First grant access to the entity for the specified operation if no other
// module denies it and at least one other module says to grant access.
$access_results = module_invoke_all('bat_entity_access', $op, $entity, $account, $entity_type);
if (in_array(FALSE, $access_results, TRUE)) {
$rights[$account->uid][$cid][$op] = FALSE;
return FALSE;
}
elseif (in_array(TRUE, $access_results, TRUE)) {
$rights[$account->uid][$cid][$op] = TRUE;
return TRUE;
}
// Grant access based on entity type and bundle specific permissions with
// special handling for the create operation since the entity passed in will
// be initialized without ownership.
if ($op == 'create') {
// Assuming an entity was passed in and we know its bundle key, perform
// the entity type and bundle-level access checks.
if (isset($entity) && !empty($entity_info['entity keys']['bundle'])) {
$access = user_access('create ' . $entity_type . ' entities', $account) || user_access('create ' . $entity_type . ' entities of bundle ' . $entity->{$entity_info['entity keys']['bundle']}, $account);
$rights[$account->uid][$cid][$op] = $access;
return $access;
}
else {
// Otherwise perform an entity type-level access check.
$access = user_access('create ' . $entity_type . ' entities', $account);
$rights[$account->uid][$cid][$op] = $access;
return $access;
}
}
else {
// Finally perform checks for the rest of operations. Begin by
// extracting the bundle name from the entity if available.
$bundle_name = '';
if (isset($entity) && !empty($entity_info['entity keys']['bundle'])) {
$bundle_name = $entity->{$entity_info['entity keys']['bundle']};
}
// For the delete and delete operations, first perform the entity type and
// bundle-level access check for any entity.
if (user_access($op . ' any ' . $entity_type . ' entity', $account) || user_access($op . ' any ' . $entity_type . ' entity of bundle ' . $bundle_name, $account)) {
$rights[$account->uid][$cid][$op] = TRUE;
return TRUE;
}
// Check an authenticated user's access to delete own entities.
if ($account->uid && !empty($entity_info['access arguments']['user key']) && isset($entity->{$entity_info['access arguments']['user key']}) && $entity->{$entity_info['access arguments']['user key']} == $account->uid) {
if (user_access($op . ' own ' . $entity_type . ' entities', $account) || user_access($op . ' own ' . $entity_type . ' entities of bundle ' . $bundle_name, $account)) {
$rights[$account->uid][$cid][$op] = TRUE;
return TRUE;
}
}
}
}
return FALSE;
}