You are here

Home » API reference » File Entity (fieldable files) 7.2 » file_entity.module

function file_entity_access in File Entity (fieldable files) 7.2

Same name and namespace in other branches
  1. 7.3 file_entity.module \file_entity_access()
  2. 7 file_entity.module \file_entity_access()

Determine if a user may perform the given operation on the specified file.

Parameters

$op: The operation to be performed on the file. Possible values are:

  • "view"
  • "download"
  • "update"
  • "delete"
  • "create"

$file: The file object on which the operation is to be performed, or file type (e.g. 'image') for "create" operation.

$account: Optional, a user object representing the user for whom the operation is to be performed. Determines access for a user other than the current user.

Return value

TRUE if the operation may be performed, FALSE otherwise.

Related topics

File access rights
The file access system determines who can do what to which files.
15 calls to file_entity_access()
FileEntityAccessTestCase::assertFileEntityAccess in ./file_entity.test
Asserts file_entity_access correctly grants or denies access.
file_entity_add_upload_multiple_submit in ./file_entity.pages.inc
Submit handler for the multiple upload form.
file_entity_admin_files in ./file_entity.admin.inc
Form builder: Builds the file administration overview.
file_entity_edit in ./file_entity.pages.inc
Page callback: Form constructor for the file edit form.
file_entity_field_formatter_view in ./file_entity.field.inc
Implements hook_field_formatter_view().

... See full list

4 string references to 'file_entity_access'
FileEntityAccessTestCase::assertFileEntityAccess in ./file_entity.test
Asserts file_entity_access correctly grants or denies access.
file_entity_entity_info_alter in ./file_entity.module
Implements hook_entity_info_alter().
file_entity_hook_info in ./file_entity.module
Implements hook_hook_info().
file_entity_menu in ./file_entity.module
Implements hook_menu().

File

./file_entity.module, line 1754
Extends Drupal file entities to be fieldable and viewable.

Code

function file_entity_access($op, $file = NULL, $account = NULL) {
  $rights =& drupal_static(__FUNCTION__, array());
  if (!$file && !in_array($op, array(
    'view',
    'download',
    'update',
    'delete',
    'create',
  ), TRUE)) {

    // If there was no file to check against, and the $op was not one of the
    // supported ones, we return access denied.
    return FALSE;
  }

  // If no user object is supplied, the access check is for the current user.
  if (empty($account)) {
    $account = $GLOBALS['user'];
  }

  // $file may be either an object or a file type. Since file types cannot be
  // an integer, use either fid or type as the static cache id.
  $cache_id = NULL;
  if (is_object($file) && !empty($file->fid)) {
    $cache_id = $file->fid;
  }
  elseif ($op == 'create' && is_string($file)) {
    $cache_id = $file;
  }
  elseif ($op == 'create' && is_object($file) && !empty($file->type)) {
    $cache_id = $file->type;
  }
  else {
    $cache_id = drupal_hash_base64(serialize($file));
  }

  // If we've already checked access for this file, user and op, return from
  // cache.
  if (isset($rights[$account->uid][$cache_id][$op])) {
    return $rights[$account->uid][$cache_id][$op];
  }
  if (user_access('bypass file access', $account)) {
    return $rights[$account->uid][$cache_id][$op] = TRUE;
  }

  // We grant access to the file if both of the following conditions are met:
  // - No modules say to deny access.
  // - At least one module says to grant access.
  $access = module_invoke_all('file_entity_access', $op, $file, $account);
  if (in_array(FILE_ENTITY_ACCESS_DENY, $access, TRUE)) {
    return $rights[$account->uid][$cache_id][$op] = FALSE;
  }
  elseif (in_array(FILE_ENTITY_ACCESS_ALLOW, $access, TRUE)) {
    return $rights[$account->uid][$cache_id][$op] = TRUE;
  }

  // Fall back to default behaviors on view.
  if ($op == 'view' && is_object($file)) {
    $scheme = file_uri_scheme($file->uri);
    $wrapper = file_entity_get_stream_wrapper($scheme);
    if (!empty($wrapper['private'])) {

      // For private files, users can view private files if the
      // user has the 'view private files' permission.
      if (user_access('view private files', $account)) {
        return $rights[$account->uid][$cache_id][$op] = TRUE;
      }

      // For private files, users can view their own private files if the
      // user is not anonymous, and has the 'view own private files' permission.
      if (!empty($account->uid) && $file->uid == $account->uid && user_access('view own private files', $account)) {
        return $rights[$account->uid][$cache_id][$op] = TRUE;
      }
    }
    elseif ($file->status == FILE_STATUS_PERMANENT && $file->uid == $account->uid && user_access('view own files', $account)) {

      // For non-private files, allow to see if user owns the file.
      return $rights[$account->uid][$cache_id][$op] = TRUE;
    }
    elseif ($file->status == FILE_STATUS_PERMANENT && user_access('view files', $account)) {

      // For non-private files, users can view if they have the 'view files'
      // permission.
      return $rights[$account->uid][$cache_id][$op] = TRUE;
    }
  }
  return FALSE;
}