function hosting_task_cancel_access in Hosting 7.4

Same name and namespace in other branches

6.2 task/hosting_task.module \hosting_task_cancel_access()
7.3 task/hosting_task.module \hosting_task_cancel_access()

Implements hook_access().

Parameters

$node object: the node object we're trying to access

1 string reference to 'hosting_task_cancel_access'

hosting_task_menu in task/hosting_task.module: Implements hook_menu().

File

task/hosting_task.module, line 250: Web server node type is defined here.

Code

function hosting_task_cancel_access($node) {

  // Bring $user into scope, so we can test task ownership.
  global $user;

  // To prevent CSRF attacks, a unique token based upon user is used. Deny
  // access if the token is missing or invalid.
  if (!isset($_GET['token']) || !drupal_valid_token($_GET['token'], $user->uid)) {
    return FALSE;
  }

  // 'administer tasks' allows cancelling any and all tasks on the system.
  if (user_access('administer tasks')) {
    return TRUE;
  }

  // 'cancel own tasks' allows cancelling any task the user *could have* created,
  // on nodes she can view.
  if (user_access('cancel own tasks') && user_access('create ' . $node->task_type . ' task') && node_access('view', $node)) {
    return TRUE;
  }
}

You are here

function hosting_task_cancel_access in Hosting 7.4

Parameters

File

Code

API Navigation