function filedepot::checkPermission in filedepot 6

Same name and namespace in other branches

7 filedepot.class.php \filedepot::checkPermission()

9 calls to filedepot::checkPermission()

filedepot::approveFileSubmission in ./filedepot.class.php
filedepot::createFolder in ./filedepot.class.php
filedepot::deleteFile in ./filedepot.class.php
filedepot::deleteFolder in ./filedepot.class.php
filedepot::getAllowableCategories in ./filedepot.class.php: Return list of repository categories user has permission to access to be used in SQL statements

... See full list

File

./filedepot.class.php, line 206: filedepot.class.php Main class for the Filedepot module

Class

filedepot: @file filedepot.class.php Main class for the Filedepot module

Code

function checkPermission($cid, $rights, $userid = 0, $adminOverRide = TRUE) {
  global $user;
  if (intval($cid) < 1) {
    return FALSE;
  }

  // If user is an admin - they should have access to all rights on all categories
  if ($userid == 0) {
    if (empty($user->uid) or $user->uid == 0) {
      $uid = 0;
    }
    else {
      $uid = $user->uid;
    }
  }
  else {
    $uid = $userid;
  }
  if ($adminOverRide and user_access('administer filedepot', $user)) {
    return TRUE;
  }
  else {

    // Check user access records
    $sql = "SELECT view,upload,upload_direct,upload_ver,approval,admin from {filedepot_access} WHERE catid=%d AND permtype='user' AND permid=%d";
    $query = db_query($sql, $cid, $uid);
    while ($rec = db_fetch_array($query)) {
      list($view, $upload, $upload_dir, $upload_ver, $approval, $admin) = array_values($rec);
      if (is_array($rights)) {
        foreach ($rights as $key) {

          // Field name above needs to match access right name
          if (${$key} == 1) {
            return TRUE;
          }
        }
      }
      elseif (${$rights} == 1) {
        return TRUE;
      }
    }
    if ($this->ogenabled) {

      // Retrieve all the Organic Groups this user is a member of
      $sql = "SELECT node.nid AS nid FROM {node} node LEFT JOIN {og_uid} og_uid ON node.nid = og_uid.nid " . "INNER JOIN {users} users ON node.uid = users.uid " . "WHERE (node.status <> 0) AND (og_uid.uid = %d) ";
      $groupquery = db_query($sql, $uid);
      while ($grouprec = db_fetch_array($groupquery)) {
        $sql = "SELECT view,upload,upload_direct,upload_ver,approval,admin from {filedepot_access} WHERE catid=%d AND permtype='group' AND permid=%d";
        $query = db_query($sql, $cid, $grouprec['nid']);
        while ($rec = db_fetch_array($query)) {
          list($view, $upload, $upload_dir, $upload_ver, $approval, $admin) = array_values($rec);
          if (is_array($rights)) {
            foreach ($rights as $key) {

              // Field name above needs to match access right name
              if (${$key} == 1) {
                return TRUE;
              }
            }
          }
          elseif (${$rights} == 1) {
            return TRUE;
          }
        }
      }
    }

    // For each role that the user is a member of - check if they have the right
    foreach ($user->roles as $rid => $role) {
      $sql = "SELECT view,upload,upload_direct,upload_ver,approval,admin from {filedepot_access} WHERE catid=%d AND permtype='role' AND permid=%d";
      $query = db_query($sql, $cid, $rid);
      while ($rec = db_fetch_array($query)) {
        list($view, $upload, $upload_dir, $upload_ver, $approval, $admin) = array_values($rec);
        if (is_array($rights)) {

          // If any of the required permissions set - return TRUE
          foreach ($rights as $key) {
            if (${$key} == 1) {

              // Field name above needs to match access right name
              return TRUE;
            }
          }
        }
        elseif (${$rights} == 1) {
          return TRUE;
        }
      }
    }
  }
  return FALSE;
}

You are here

function filedepot::checkPermission in filedepot 6

File

Class

Code

API Navigation