You are here

Home » API reference » Commerce Wishlist 7.3 » commerce_wishlist.module

function commerce_wishlist_user_access in Commerce Wishlist 7.3

Determine whether the user has a privilege to manage a wish list.

Parameters

object $account: The account whose wishlist will be affected by some action. (e.g. viewed or updated).

string $operation: One of "view" or "update" based on the action.

object|null $wishlist: The wishlist to be affected. If the param is null, the default wishlist for a user will be loaded.

Return value

bool TRUE if allowed, FALSE if not.

3 calls to commerce_wishlist_user_access()
commerce_wishlist_block_view in ./commerce_wishlist.module
Implements hook_block_view().
commerce_wishlist_handler_field_remove::render in includes/views/handlers/commerce_wishlist_handler_field_remove.inc
Render the field.
commerce_wishlist_view_user_wishlist in ./commerce_wishlist.module
Page callback for viewing a wish list.
1 string reference to 'commerce_wishlist_user_access'
commerce_wishlist_menu in ./commerce_wishlist.module
Implements hook_menu().

File

./commerce_wishlist.module, line 593
Provides a wish list for use in Drupal Commerce.

Code

function commerce_wishlist_user_access($account, $operation, $wishlist = NULL) {
  global $user;

  // Allow administrators to edit any wishlist on the site.
  if (user_access('administer wish lists')) {
    return TRUE;
  }

  // Before we perform checks on view/update operations, we will load the
  // default wishlist order for the user account, if there is none provided.
  // This will be the case on "/user/%user/wishlist" page.
  if (!is_object($wishlist)) {
    $wishlist = commerce_wishlist_order_load($account->uid);
    if (!$wishlist) {
      return user_access('manage any wish list');
    }
  }

  // Users can always view their own wish list. Or, a user can view any wish
  // list if they have the correct permission.
  if ($operation == 'view') {
    if (!empty($wishlist->uid) && $account->uid == $wishlist->uid || empty($wishlist) && $account->uid == $user->uid || user_access('view any wish list', $user) || user_access('administer wish lists', $user) || commerce_wishlist_is_public($wishlist)) {
      return TRUE;
    }
    return FALSE;
  }
  if ($operation == 'update') {
    if ($account->uid == $user->uid && user_access('manage own wish list')) {
      return TRUE;
    }

    // Check if the wish list owner and the user who is trying to edit the wish
    // list are the same, and if they have permission to manage own wish list.
    return $account->uid == $user->uid && user_access('manage own wish list') && $wishlist->uid == $account->uid;
  }
  return FALSE;
}