function entityform_access in Entityform 7.2
Same name and namespace in other branches
- 7 entityform.module \entityform_access()
Determines whether the given user has access to a entityform.
Parameters
string $op: The operation being performed. One of 'view', 'update', 'create', 'delete' or just 'edit' (being the same as 'create' or 'update').
Entityform|EntityformType $entityform: Optionally a entityform or a entityform type to check access for. If nothing is given, access for all entityforms is determined.
object $account: The user to check for. Leave it to NULL to check for the global user.
Return value
boolean Whether access is allowed or not.
2 calls to entityform_access()
- entityform_type_access in ./
entityform.module - Access callback for the entity API.
- entityform_type_handler_submit_link_field::render in views/
entityform_type_handler_submit_link_field.inc - Render the field.
2 string references to 'entityform_access'
- EntityformUIController::hook_menu in ./
entityform.admin.inc - Overrides hook_menu() defaults. Main reason for doing this is that parent class hook_menu() is optimized for entity type administration.
- entityform_entity_info in ./
entityform.module - Implements hook_entity_info().
File
- ./
entityform.module, line 231 - Module for the Entityform Entity - a starting point to create your own Entity and associated administration interface
Code
function entityform_access($op, $entityform = NULL, $account = NULL) {
// User #1 has all privileges:
global $user;
$access = NULL;
if (!isset($account)) {
$account = $user;
}
if ($account->uid == 1) {
return TRUE;
}
if (!empty($entityform)) {
if (is_object($entityform)) {
$type_name = $entityform->type;
}
else {
$type_name = $entityform;
}
$entityform_type = entityform_type_load($type_name);
}
// Convert ops - For instance if user_access is called by VBO with
// 'update any entityform'.
switch ($op) {
case 'update':
$op = 'edit';
break;
case 'create':
$op = 'submit';
break;
}
if ($op == 'submit' || $op == 'confirm') {
if (isset($entityform_type) && is_object($entityform_type) && is_array($entityform_type->data) && array_intersect($entityform_type->data['roles'], array_keys($account->roles))) {
$can_submit = TRUE;
}
else {
$can_submit = FALSE;
}
if ($op == 'submit') {
$access = $can_submit;
}
else {
// Confirm page.
$entityform_id = isset($_GET['entityform_id']) ? $_GET['entityform_id'] : NULL;
if (empty($entityform_id)) {
return FALSE;
}
if (user_is_anonymous()) {
// If this is anonymous user then entityform_id should be stored
// in session.
if (!isset($_SESSION['entityform_submission'])) {
$access = FALSE;
}
else {
// Submission was stored in session. Make sure it matches.
$match = $_SESSION['entityform_submission'] == $entityform_id;
unset($_SESSION['entityform_submission']);
$access = $match;
}
}
else {
if (!($entityform = entityform_load($entityform_id))) {
// Entityform didn't load. It may have been deleted.
$access = FALSE;
}
else {
// Only grant access if this is the user who made the submission.
$access = $entityform->uid == $account->uid;
}
}
}
}
if ($access === NULL) {
if (isset($entityform) && $type_name && is_object($entityform)) {
if (user_access("{$op} any entityform", $account)) {
$access = TRUE;
}
elseif (!empty($account->uid) && $entityform->uid == $account->uid && user_access("{$op} own entityform", $account)) {
$access = TRUE;
}
}
}
// If $access set then set to FALSE.
if ($access === NULL) {
$access = FALSE;
}
// Allow other modules to change access.
$context = array(
'entityform' => $entityform,
'account' => $account,
);
drupal_alter('entityform_access', $access, $op, $context);
return $access;
}