You are here

Home » API reference » Organic groups 7.2 » og.module

function og_node_access in Organic groups 7.2

Same name and namespace in other branches
  1. 7 og.module \og_node_access()

Implements hook_node_access().

File

./og.module, line 490
Enable users to create and manage groups with roles and permissions.

Code

function og_node_access($node, $op, $account) {
  $type = is_string($node) ? $node : (is_array($node) ? $node['type'] : $node->type);
  if ($op == 'create' && og_is_group_content_type('node', $type)) {

    // Save some legwork if the user has the core permission and strict node
    // access is not set.
    if (!variable_get('og_node_access_strict', TRUE) && user_access("create {$type} content", $account)) {

      // We just ignore: core access will take care of it.
      return NODE_ACCESS_IGNORE;
    }
    if (user_access('administer group', $account)) {
      return NODE_ACCESS_ALLOW;
    }

    // We can't check if user has create permissions using og_user_access(), as
    // there is no group context. However, we can check if there are any groups
    // the user will be able to select, and if not, we don't allow access.
    // @see OgSelectionHandler::getReferencableEntities()
    $required = FALSE;
    foreach (og_get_group_audience_fields('node', $type) as $field_name => $label) {
      $field = field_info_field($field_name);
      $instance = field_info_instance('node', $field_name, $type);

      // Set the "field mode" to default, before passing it to the
      // selection handler.
      $instance['field_mode'] = 'default';
      if (entityreference_get_selection_handler($field, $instance)
        ->countReferencableEntities()) {
        return NODE_ACCESS_ALLOW;
      }

      // Allow users to create content outside of groups, if none of the
      // audience fields is required.
      if ($instance['required']) {
        $required = TRUE;
      }
    }

    // If no group audience field is required, we ignore.
    if (!$required) {
      return NODE_ACCESS_IGNORE;
    }

    // Otherwise, ignore or deny based on whether strict node access is set.
    return variable_get('og_node_access_strict', TRUE) ? NODE_ACCESS_DENY : NODE_ACCESS_IGNORE;
  }
  elseif (in_array($op, array(
    'update',
    'delete',
  ))) {
    $access = og_user_access_entity('administer group', 'node', $node, $account);
    if (is_null($access)) {

      // The node isn't in an OG context, so no need to keep testing.
      return NODE_ACCESS_IGNORE;
    }
    else {
      $access = $access || og_user_access_entity("{$op} any {$type} content", 'node', $node, $account) || $account->uid == $node->uid && og_user_access_entity("{$op} own {$type} content", 'node', $node, $account);
    }
    if (!$access && $op == 'update' && og_is_group('node', $node)) {

      // The node is a group, so check "update group" permission.
      $access = og_user_access_entity('update group', 'node', $node, $account);
    }
    if ($access) {
      return NODE_ACCESS_ALLOW;
    }

    // Check if OG should explicitly deny access or not.
    return variable_get('og_node_access_strict', TRUE) ? NODE_ACCESS_DENY : NODE_ACCESS_IGNORE;
  }
  return NODE_ACCESS_IGNORE;
}