You are here

Home » API reference » MERCI (Manage Equipment Reservations, Checkout and Inventory) 6.2 » merci.module

function merci_access in MERCI (Manage Equipment Reservations, Checkout and Inventory) 6.2

Same name and namespace in other branches
  1. 6 merci.module \merci_access()

Implementation of hook_access().

File

./merci.module, line 158
MERCI - Managed Equipment Reservation Checkout and Inventory

Code

function merci_access($op, $node, $account) {
  global $user;
  $type = isset($node->type) ? $node->type : $node;
  $uid = isset($node->uid) ? $node->uid : FALSE;
  if ($type == 'merci_reservation') {
    if (user_access('manage reservations')) {
      return TRUE;
    }
    elseif (user_access('view all reservations') && $op == 'view') {
      return TRUE;
    }
    elseif (user_access('create reservations') and !user_access('suspend MERCI access')) {

      //users working with their own reservations access reservation

      //additional check in merci_form permission to edit confirmed reservations

      // Users without administer or manage reservations permission can only alter their own Unconfirmed Reservations.
      if (($op == 'delete' or $op == 'update') && isset($node->merci_reservation_status) && $node->merci_reservation_status != MERCI_STATUS_UNCONFIRMED && !user_access('create confirmed reservations')) {
        return FALSE;
      }
      if ($uid === FALSE || $uid == $account->uid) {
        return TRUE;
      }
    }
    return FALSE;
  }
}