You are here

function farm_asset_access in farmOS 7

Access callback for asset entities.

Parameters

string $op: The operation being performed. One of 'view', 'update', 'create', 'delete'.

FarmAsset|string $farm_asset: Optionally a specific asset entity to check.

object $account: The user to check for. Leave it to NULL to check for the global user.

Return value

bool Whether access is allowed or not.

7 calls to farm_asset_access()
FarmAssetProcessor::entitySaveAccess in modules/farm/farm_asset/includes/feeds/plugins/FarmAssetProcessor.inc
Check that the user has permission to save a farm asset.
farm_asset_add_access in modules/farm/farm_asset/farm_asset.module
Access callback: Checks whether the user has permission to add an asset.
farm_asset_add_types_page in modules/farm/farm_asset/farm_asset.pages.inc
Page to select asset type to add new asset.
farm_asset_farm_asset_view_access_check in modules/farm/farm_asset/includes/ctools/farm_asset_view.inc
Callback to determine if a page is accessible.
farm_asset_form in modules/farm/farm_asset/farm_asset.pages.inc
Asset form.

... See full list

2 string references to 'farm_asset_access'
farm_asset_entity_info in modules/farm/farm_asset/farm_asset.module
Implements hook_entity_info().
farm_asset_menu in modules/farm/farm_asset/farm_asset.module
Implements hook_menu().

File

modules/farm/farm_asset/farm_asset.module, line 555
Farm asset - A farm asset entity type.

Code

function farm_asset_access($op, $farm_asset = NULL, $account = NULL) {
  $rights =& drupal_static(__FUNCTION__, array());

  // If $op is not one of the supported ones, deny access.
  if (!in_array($op, array(
    'create',
    'view',
    'update',
    'delete',
  ), TRUE)) {
    return FALSE;
  }

  // If no user object is supplied, the access check is for the current user.
  if (empty($account)) {
    global $user;
    $account = $user;
  }

  // If no asset is provided, check for access to all assets.
  if (empty($farm_asset)) {
    return user_access('view farm assets', $account);
  }

  // $farm_asset may be either an object or an asset type. Since asset types
  // cannot be an integer, use either id or type as the static cache id.
  $cid = is_object($farm_asset) ? $farm_asset->id : $farm_asset;

  // If we've already checked access for this asset, user and op, return from
  // cache.
  if (isset($rights[$account->uid][$cid][$op])) {
    return $rights[$account->uid][$cid][$op];
  }

  // If the user has 'administer farm_asset module' permission, grant them
  // access.
  if (user_access('administer farm_asset module', $account)) {
    $rights[$account->uid][$cid][$op] = TRUE;
    return TRUE;
  }

  // Check access to the asset based on it's type.
  $type = is_string($farm_asset) ? $farm_asset : $farm_asset->type;
  $farm_asset_types = farm_asset_types();
  $type_names = array();
  foreach ($farm_asset_types as $name => $farm_asset_type) {
    $type_names[] = $name;
  }
  if (in_array($type, $type_names)) {
    if ($op == 'create' && user_access('create ' . $type . ' farm assets', $account)) {
      $rights[$account->uid][$cid][$op] = TRUE;
      return TRUE;
    }
    if ($op == 'view') {
      if (user_access('view any ' . $type . ' farm assets', $account) || user_access('view own ' . $type . ' farm assets', $account) && $account->uid == $farm_asset->uid) {
        $rights[$account->uid][$cid][$op] = TRUE;
        return TRUE;
      }
    }
    if ($op == 'update') {
      if (user_access('edit any ' . $type . ' farm assets', $account) || user_access('edit own ' . $type . ' farm assets', $account) && $account->uid == $farm_asset->uid) {
        $rights[$account->uid][$cid][$op] = TRUE;
        return TRUE;
      }
    }
    if ($op == 'delete') {
      if (user_access('delete any ' . $type . ' farm assets', $account) || user_access('delete own ' . $type . ' farm assets', $account) && $account->uid == $farm_asset->uid) {
        $rights[$account->uid][$cid][$op] = TRUE;
        return TRUE;
      }
    }
  }

  // If all else fails, deny access.
  return FALSE;
}