function entityform_access in Entityform 7
Same name and namespace in other branches
- 7.2 entityform.module \entityform_access()
Determines whether the given user has access to a entityform.
Parameters
$op: The operation being performed. One of 'view', 'update', 'create', 'delete' or just 'edit' (being the same as 'create' or 'update').
$entityform: Optionally a entityform or a entityform type to check access for. If nothing is given, access for all entityforms is determined.
$account: The user to check for. Leave it to NULL to check for the global user.
Return value
boolean Whether access is allowed or not.
4 calls to entityform_access()
- entityform_handler_delete_link_field::render in views/
entityform_handler_delete_link_field.inc - Render the field.
- entityform_handler_edit_link_field::render in views/
entityform_handler_edit_link_field.inc - Render the field.
- entityform_type_access in ./
entityform.module - Access callback for the entity API.
- entityform_type_handler_submit_link_field::render in views/
entityform_type_handler_submit_link_field.inc - Render the field.
2 string references to 'entityform_access'
- EntityformUIController::hook_menu in ./
entityform.admin.inc - Overrides hook_menu() defaults. Main reason for doing this is that parent class hook_menu() is optimized for entity type administration.
- entityform_entity_info in ./
entityform.module - Implement hook_entity_info().
File
- ./
entityform.module, line 267 - Module for the Entityform Entity - a starting point to create your own Entity and associated administration interface
Code
function entityform_access($op, $entityform = NULL, $account = NULL) {
// User #1 has all privileges:
global $user;
if (!isset($account)) {
$account = $user;
}
if ($account->uid == 1) {
return TRUE;
}
if (!empty($entityform)) {
if (is_object($entityform)) {
$type_name = $entityform->type;
}
else {
$type_name = $entityform;
}
$entityform_type = entityform_type_load($type_name);
}
// Convert ops - For instance if user_access is called by VBO with 'update any entityform"
switch ($op) {
case 'update':
$op = 'edit';
break;
case 'create':
$op = 'submit';
break;
}
global $user;
if ($op == 'submit' || $op == 'confirm') {
if (isset($entityform_type) && is_object($entityform_type) && is_array($entityform_type->data) && array_intersect($entityform_type->data['roles'], array_keys($user->roles))) {
$can_submit = TRUE;
}
else {
$can_submit = FALSE;
}
if ($op == 'submit') {
if (!isset($entityform_type->data['form_status']) || $entityform_type->data['form_status'] != ENTITYFORM_STATUS_CLOSED) {
return $can_submit;
}
return FALSE;
}
//confirm page
$entityform_id = $_GET['entityform_id'];
if (empty($user->uid)) {
// If this is anonymous user then entityform_id should be stored in session
if (!isset($_SESSION['entityform_submission'])) {
return FALSE;
}
$match = $_SESSION['entityform_submission'] == $entityform_id;
unset($_SESSION['entityform_submission']);
return $match;
}
else {
if (!($entityform = entityform_load($entityform_id))) {
return FALSE;
}
//only grant access if this is the user who made the submission
return $entityform->uid == $user->uid;
}
// return user_access("submit $type_name entityform");
}
if (isset($entityform) && $type_name && is_object($entityform)) {
if (user_access("{$op} any entityform", $account)) {
return TRUE;
}
elseif (!empty($user->uid) && $entityform->uid == $user->uid && user_access("{$op} own entityform", $account)) {
return TRUE;
}
}
return FALSE;
}