You are here

Home » API reference » Node Gallery 7 » node_gallery_api.module

function node_gallery_api_user_access in Node Gallery 7

Determines if a user has access to do something to a gallery or it's images.

Parameters

string $op: The operation being requested.

object $gallery: (optional) The populated gallery node. Defaults to NULL.

Return value

boolean

2 calls to node_gallery_api_user_access()
node_gallery_api_help in ./node_gallery_api.module
Implements hook_help().
node_gallery_api_upload_access in ./node_gallery_api.module
Access function for uploads.
1 string reference to 'node_gallery_api_user_access'
node_gallery_api_menu in ./node_gallery_api.module
Implements hook_menu().

File

./node_gallery_api.module, line 1317
Node Gallery module.

Code

function node_gallery_api_user_access($op, $gallery = NULL, $account = NULL) {
  global $user;
  if (user_access('administer nodes') || user_access(NODE_GALLERY_PERM_ADMIN_GALLERY)) {

    // Admins can do everything.
    return TRUE;
  }
  if (isset($account)) {
    if (!$account->uid || !$account->status) {

      // Cannot view gallery of anonymous or blocked users.
      // This condition should prevent seeing the link in the nav block for
      // anonymous users.
      return FALSE;
    }
  }
  $any = 'any';
  $content = 'content';
  $generic_permissions = array(
    'view',
    'view My Galleries',
    'administer',
  );
  if (!in_array($op, $generic_permissions)) {
    if (!isset($gallery)) {
      return FALSE;
    }
    $gallery_type = $gallery->type;
    $image_operations = array(
      'upload',
      'edit item',
    );
    if (in_array($op, $image_operations)) {
      $relationship = node_gallery_api_get_relationship_type($gallery_type);
      $types = $relationship->item_types;
    }
  }
  switch ($op) {

    // Generic permissions.
    case 'administer':
      return user_access(NODE_GALLERY_PERM_ADMIN_GALLERY);

    // Permissions acting on gallery images.
    case 'upload':
      if (!user_access(NODE_GALLERY_PERM_UPLOAD_TO_ALL_GALLERIES) && $user->uid != $gallery->uid) {
        return FALSE;
      }
      foreach ($types as $type) {
        if (user_access('create ' . $type . ' ' . $content)) {
          return TRUE;
        }
      }
      return FALSE;
    case 'edit item':
      foreach ($types as $type) {
        if ($user->uid == $gallery->uid) {
          if (user_access('edit own ' . $type . ' ' . $content) || user_access('edit ' . $any . ' ' . $type . ' ' . $content)) {
            return TRUE;
          }
        }
        else {
          if (user_access('edit ' . $any . ' ' . $type . ' ' . $content)) {
            return TRUE;
          }
        }
      }
      return FALSE;

    // Permissions acting on galleries.
    case 'create':
      return user_access('create ' . $gallery_type . ' ' . $content);
    case 'edit':
    case 'delete':
      if (!user_access($op . ' ' . $any . ' ' . $gallery_type . ' ' . $content) && $user->uid != $gallery->uid) {
        return FALSE;
      }
      return user_access($op . ' own ' . $gallery_type . ' ' . $content);
  }
  return FALSE;
}