You are here

Home » API reference » Flag 7.3 » flag_flag.inc » flag_flag

function flag_flag::access in Flag 7.3

Same name and namespace in other branches
  1. 6.2 flag.inc \flag_flag::access()
  2. 7.2 flag.inc \flag_flag::access()

Determines whether the user may flag, or unflag, the given entity.

This method typically should not be overridden by child classes. Instead they should implement type_access(), which is called by this method.

Parameters

int $entity_id: The entity ID to flag/unflag.

string|NULL $action: The action to test. Either 'flag' or 'unflag'. Leave NULL to determine by flag status.

stdClass $account: The user on whose behalf to test the flagging action. Leave NULL for the current user.

Return value

bool Boolean TRUE if the user is allowed to flag/unflag the given entity. FALSE otherwise.

1 call to flag_flag::access()
flag_flag::flag in includes/flag/flag_flag.inc
Flags, or unflags, an item.

File

includes/flag/flag_flag.inc, line 477
Contains the flag_flag class. Flag type classes use an object oriented style inspired by that of Views 2.

Class

flag_flag
This abstract class represents a flag, or, in Views 2 terminology, "a handler".

Code

function access($entity_id, $action = NULL, $account = NULL) {
  if (!isset($account)) {
    $account = $GLOBALS['user'];
  }
  if (isset($entity_id) && !$this
    ->applies_to_entity_id($entity_id)) {

    // Flag does not apply to this entity.
    return FALSE;
  }
  if (!isset($action)) {
    $uid = $account->uid;
    $sid = flag_get_sid($uid);
    $action = $this
      ->is_flagged($entity_id, $uid, $sid) ? 'unflag' : 'flag';
  }

  // Base initial access on the user's basic permission to use this flag.
  $access = $this
    ->user_access($action, $account);

  // Check for additional access rules provided by sub-classes.
  $child_access = $this
    ->type_access($entity_id, $action, $account);
  if (isset($child_access)) {
    $access = $child_access;
  }

  // Allow modules to disallow (or allow) access to flagging.
  // We grant access to the flag if both of the following conditions are met:
  // - No modules say to deny access.
  // - At least one module says to grant access.
  // If no module specified either allow or deny, we fall back to the
  // default access check above.
  $module_access = module_invoke_all('flag_access', $this, $entity_id, $action, $account);
  if (in_array(FALSE, $module_access, TRUE)) {
    $access = FALSE;
  }
  elseif (in_array(TRUE, $module_access, TRUE)) {

    // WARNING: This allows modules to bypass the default access check!
    $access = TRUE;
  }
  return $access;
}