You are here

Home » API reference » Notifications 6.4 » notifications.module

function notifications_user_allowed in Notifications 6.4

Same name and namespace in other branches
  1. 5 notifications.module \notifications_user_allowed()
  2. 6 notifications.module \notifications_user_allowed()
  3. 6.2 notifications.module \notifications_user_allowed()
  4. 6.3 notifications.module \notifications_user_allowed()

Check access to objects

This will check permissions for subscriptions and events before subscribing and before getting updates.

Parameters

$type: Type of object to check for access. Possible values:

  • 'event', will check access to event objects
  • 'subscription', will check access to subscribed objects
2 calls to notifications_user_allowed()
Notifications_Event::user_access in includes/notifications_event.class.inc
Check user access to event's objects
notifications_user_allowed_subscription in ./notifications.module
Check access to create/edit subscriptions

File

./notifications.module, line 1652
Notifications module

Code

function notifications_user_allowed($type, $account, $object = NULL) {
  notifications_include('object.inc');

  // First invoke the hook for 'event'  or 'subscription'. If we get any false return value, that's it
  $hook = 'notifications_' . $type;
  foreach (module_implements($hook) as $module) {
    $permission = module_invoke($module, $hook, 'access', $object, $account);
    if (isset($permission) && ($permission === FALSE || is_array($permission) && in_array(FALSE, $permission, TRUE))) {
      return FALSE;
    }
  }
  if (is_object($object)) {

    // For events and subscriptions check first all objects are loaded
    if (!$object
      ->load_objects()) {
      return FALSE;
    }

    // Now check all the loaded objects
    foreach ($object
      ->get_objects() as $check_type => $values) {

      // Subscriptions can have several objects of one type
      $type_list = is_array($values) ? $values : array(
        $values,
      );
      foreach ($type_list as $check_object) {
        if (notifications_object_access($check_type, $check_object, $account) === FALSE) {
          return FALSE;
        }
      }
    }
  }

  // This means we've done all the checking and found nothing, so we allow access
  return TRUE;
}