You are here

Home » API reference » MERCI (Manage Equipment Reservations, Checkout and Inventory) 7.2 » merci.module

function merci_node_access in MERCI (Manage Equipment Reservations, Checkout and Inventory) 7.2

Implements hook_node_access().

File

./merci.module, line 170
MERCI - Managed Equipment Reservation Checkout and Inventory

Code

function merci_node_access($node, $op, $account) {
  global $user;
  $type = isset($node->type) ? $node->type : $node;
  $uid = isset($node->uid) ? $node->uid : FALSE;
  if ($type == 'merci_reservation') {
    if (user_access('manage reservations')) {
      return NODE_ACCESS_ALLOW;
    }
    elseif (user_access('view all reservations') && $op == 'view') {
      return NODE_ACCESS_ALLOW;
    }
    elseif (user_access('create reservations') and !user_access('suspend MERCI access')) {

      //users working with their own reservations access reservation

      //additional check in merci_form permission to edit confirmed reservations

      // Users without administer or manage reservations permission can only alter their own Unconfirmed Reservations.
      if (($op == 'delete' or $op == 'update') && isset($node->merci_reservation_status) && $node->merci_reservation_status != MERCI_STATUS_UNCONFIRMED && !user_access('create confirmed reservations')) {
        return NODE_ACCESS_DENY;
      }
      if ($uid === FALSE || $uid == $account->uid) {
        return NODE_ACCESS_ALLOW;
      }
    }
    return NODE_ACCESS_DENY;
  }
}