function og_node_access in Organic groups 7.2
Same name and namespace in other branches
- 7 og.module \og_node_access()
Implements hook_node_access().
File
- ./
og.module, line 490 - Enable users to create and manage groups with roles and permissions.
Code
function og_node_access($node, $op, $account) {
$type = is_string($node) ? $node : (is_array($node) ? $node['type'] : $node->type);
if ($op == 'create' && og_is_group_content_type('node', $type)) {
// Save some legwork if the user has the core permission and strict node
// access is not set.
if (!variable_get('og_node_access_strict', TRUE) && user_access("create {$type} content", $account)) {
// We just ignore: core access will take care of it.
return NODE_ACCESS_IGNORE;
}
if (user_access('administer group', $account)) {
return NODE_ACCESS_ALLOW;
}
// We can't check if user has create permissions using og_user_access(), as
// there is no group context. However, we can check if there are any groups
// the user will be able to select, and if not, we don't allow access.
// @see OgSelectionHandler::getReferencableEntities()
$required = FALSE;
foreach (og_get_group_audience_fields('node', $type) as $field_name => $label) {
$field = field_info_field($field_name);
$instance = field_info_instance('node', $field_name, $type);
// Set the "field mode" to default, before passing it to the
// selection handler.
$instance['field_mode'] = 'default';
if (entityreference_get_selection_handler($field, $instance)
->countReferencableEntities()) {
return NODE_ACCESS_ALLOW;
}
// Allow users to create content outside of groups, if none of the
// audience fields is required.
if ($instance['required']) {
$required = TRUE;
}
}
// If no group audience field is required, we ignore.
if (!$required) {
return NODE_ACCESS_IGNORE;
}
// Otherwise, ignore or deny based on whether strict node access is set.
return variable_get('og_node_access_strict', TRUE) ? NODE_ACCESS_DENY : NODE_ACCESS_IGNORE;
}
elseif (in_array($op, array(
'update',
'delete',
))) {
$access = og_user_access_entity('administer group', 'node', $node, $account);
if (is_null($access)) {
// The node isn't in an OG context, so no need to keep testing.
return NODE_ACCESS_IGNORE;
}
else {
$access = $access || og_user_access_entity("{$op} any {$type} content", 'node', $node, $account) || $account->uid == $node->uid && og_user_access_entity("{$op} own {$type} content", 'node', $node, $account);
}
if (!$access && $op == 'update' && og_is_group('node', $node)) {
// The node is a group, so check "update group" permission.
$access = og_user_access_entity('update group', 'node', $node, $account);
}
if ($access) {
return NODE_ACCESS_ALLOW;
}
// Check if OG should explicitly deny access or not.
return variable_get('og_node_access_strict', TRUE) ? NODE_ACCESS_DENY : NODE_ACCESS_IGNORE;
}
return NODE_ACCESS_IGNORE;
}