You are here

Home » API reference » Node Gallery 6.3 » node_gallery.module

function node_gallery_user_access in Node Gallery 6.3

Same name and namespace in other branches
  1. 6 node_gallery.module \node_gallery_user_access()
  2. 6.2 node_gallery.module \node_gallery_user_access()

Determines if a user has access to do something to a gallery or it's images.

Parameters

$op: The operation being requested.

object $gallery: (optional) The populated gallery node. Defaults to NULL.

Return value

boolean

4 calls to node_gallery_user_access()
node_gallery_change_gallery_action_form in ./node_gallery.actions.inc
Builds the form to allow a user to change the gallery of an image.
node_gallery_get_gallery_list in ./node_gallery.inc
Returns an array of galleries, suitable for use in a form select.
node_gallery_help in ./node_gallery.module
Implements hook_help().
node_gallery_json_create_gallery in ./node_gallery.pages.inc
Javascript page callback to create an empty gallery.
1 string reference to 'node_gallery_user_access'
node_gallery_menu in ./node_gallery.module
Implements hook_menu().

File

./node_gallery.module, line 1077
Node gallery module file.

Code

function node_gallery_user_access($op, $gallery = NULL, $account = NULL) {
  global $user;
  if (user_access('administer nodes') || user_access(NODE_GALLERY_PERM_ADMIN_GALLERY)) {

    // Admins can do everything
    return TRUE;
  }
  if (isset($account)) {
    if (!$account->uid || !$account->status) {

      // Cannot view gallery of anonymous or blocked users.
      // This condition should prevent seeing the link in the nav block for anonymous users.
      return FALSE;
    }
  }
  $any = 'any';
  $content = 'content';
  $generic_permissions = array(
    'view',
    'view My Galleries',
    'administer',
  );
  if (!in_array($op, $generic_permissions)) {
    if (!isset($gallery)) {
      return FALSE;
    }
    $type = $gallery->type;
    $image_operations = array(
      'upload',
      'edit image',
    );
    if (in_array($op, $image_operations)) {
      $relationship = node_gallery_get_relationship($type);
      $type = $relationship['image_type'];
    }

    // Respect Ubercart's renaming of content types. This is ugly, but we deem
    // Ubercart important enough to merit this.
    if (module_exists('uc_product')) {
      $node_type = node_get_types('type', $type);
      if ($node_type->module == 'uc_product') {
        $any = 'all';
        $content = 'products';
      }
    }
  }
  switch ($op) {

    /**
     * Generic permissions.
     */
    case 'view':
      return user_access(NODE_GALLERY_PERM_VIEW_GALLERY);
      break;
    case 'view My Galleries':

      // Users not blocked and not anonymous with 'view gallery' perms can see a "My Galleries" link
      if ($user->status) {
        return user_access(NODE_GALLERY_PERM_VIEW_GALLERY);
      }
      return FALSE;
      break;
    case 'administer':
      return user_access(NODE_GALLERY_PERM_ADMIN_GALLERY);
      break;

    /**
     * Permissions acting on gallery images.
     */
    case 'upload':
      if (!user_access(NODE_GALLERY_PERM_UPLOAD_TO_ALL_GALLERIES) && $user->uid != $gallery->uid) {
        return FALSE;
      }
      return user_access('create ' . $type . ' ' . $content);
      break;
    case 'edit image':
      if ($user->uid == $gallery->uid) {
        return user_access('edit own ' . $type . ' ' . $content) || user_access('edit ' . $any . ' ' . $type . ' ' . $content);
      }
      else {
        return user_access('edit ' . $any . ' ' . $type . ' ' . $content);
      }
      break;

    /**
     * Permissions acting on galleries.
     */
    case 'create':
      return user_access('create ' . $type . ' ' . $content);
      break;
    case 'edit':
    case 'delete':
      if (!user_access($op . ' ' . $any . ' ' . $type . ' ' . $content) && $user->uid != $gallery->uid) {
        return FALSE;
      }
      return user_access($op . ' own ' . $type . ' ' . $content);
      break;
  }
  return FALSE;
}