You are here

Home » API reference » Boxes 7.2 » boxes.module

function boxes_access in Boxes 7.2

Determines whether the given user has access to a boxes.

Parameters

$op: The operation being performed. One of 'view', 'update', 'create', 'delete' or just 'edit' (being the same as 'create' or 'update').

$box: Optionally a box or a box type to check access for. If nothing is given, access for all boxess is determined.

$account: The user to check for. Leave it to NULL to check for the current user.

Return value

boolean Whether access is allowed or not.

3 calls to boxes_access()
boxes_add_page_access in ./boxes.module
Access callback for the general boxes add page (block/add).
boxes_block_view in ./boxes.module
Implements hook_block_view().
EntityTranslationBoxHandler::getAccess in includes/translation.handler.boxes.inc
Checks if the user can perform the given operation on the wrapped entity.
2 string references to 'boxes_access'
boxes_entity_info in ./boxes.module
Implements hook_entity_info().
boxes_menu in ./boxes.module
Implements hook_menu().

File

./boxes.module, line 529

Code

function boxes_access($op, $box = NULL, $account = NULL) {
  $rights =& drupal_static(__FUNCTION__, array());

  // Only real permissions are view, delete, create and edit
  switch ($op) {
    case 'view':
    case 'delete':
    case 'create':
      $op = $op;
      break;
    case 'add':
      $op = 'create';
      break;
    default:
      $op = 'edit';
  }

  // If no user object is supplied, the access check is for the current user.
  if (empty($account)) {
    $account = $GLOBALS['user'];
  }
  $cid = is_object($box) ? $box->bid : $box;

  // If we've already checked access for this node, user and op, return from cache.
  if (isset($rights[$account->uid][$cid][$op])) {
    return $rights[$account->uid][$cid][$op];
  }
  if (user_access('administer boxes', $account)) {
    return TRUE;
  }

  // We grant access to the boxes if both of the following conditions are met:
  // - No modules say to deny access.
  // - At least one module says to grant access.
  // If no module specified either allow or deny, we fall back to the default.
  $access = module_invoke_all('boxes_access', $box, $op, $account);
  if (in_array(FALSE, $access, TRUE)) {
    $rights[$account->uid][$cid][$op] = FALSE;
    return FALSE;
  }
  elseif (in_array(TRUE, $access, TRUE)) {
    $rights[$account->uid][$cid][$op] = TRUE;
    return TRUE;
  }
  if (isset($box) && isset($box->type)) {
    if (user_access("{$op} any {$box->type} box", $account)) {
      $rights[$account->uid][$cid][$op] = TRUE;
      return TRUE;
    }
  }
  else {

    // Here we are looking for access to any of the types.
    foreach (boxes_get_types() as $box_type) {
      $perm = $op . ' any ' . $box_type->type . ' box';
      if (user_access($perm, $account)) {
        $rights[$account->uid][$cid][$op] = TRUE;
        return TRUE;
      }
    }
  }
  return FALSE;
}