function og_user_access in Organic groups 7
Same name and namespace in other branches
- 7.2 og.module \og_user_access()
Determine whether a user has a given privilege.
Parameters
$gid: The group ID.
$string: The permission, such as "administer nodes", being checked for.
$account: (optional) The account to check, if not given use currently lgroupged in user.
$skip_hook: If TRUE and the variable 'og_user_access_invoke_alter' is set to TRUE, then a a module_invoke_all command will not be triggered. This can be used by modules implementing hook_og_user_access_alter() that still want to use og_user_access(), but without causing a recursion.
Return value
Boolean TRUE if the current user has the requested permission.
All permission checks in OG should go through this function. This way, we guarantee consistent behavior, and ensure that the superuser can perform all actions.
13 calls to og_user_access()
- OgUiUserPermissionsTestCase::testOgUiUserPermissionChanges in og_ui/
og_ui.test - Change user permissions and check og_user_access().
- OgUserPermissionsTestCase::testOgUserRoleChangePermissions in ./
og.test - Verify proper permission changes by og_role_change_permissions().
- og_context_plugin_access_og_perm::access in og_context/
includes/ views/ og_context_plugin_access_og_perm.inc - Determine if the current user has access or not.
- og_perm_ctools_access_check in plugins/
access/ og_perm.inc - Check for access.
- og_rules_user_has_permission in ./
og.rules.inc - Condition: User has group permisison.
1 string reference to 'og_user_access'
- og_invalidate_cache in ./
og.module - Invalidate cache.
File
- ./
og.module, line 1792 - Enable users to create and manage groups with roles and permissions.
Code
function og_user_access($gid, $string, $account = NULL, $skip_alter = FALSE) {
if (variable_get('og_skip_access', FALSE)) {
// User access should always return TRUE, as Group is requested to
// skip any access check.
return TRUE;
}
global $user;
$perm =& drupal_static(__FUNCTION__, array());
// Mark the group ID and permissions that invoked an alter.
$perm_alter =& drupal_static(__FUNCTION__ . '_alter', array());
if (empty($account)) {
$account = clone $user;
}
// User #1 has all privileges.
if ($account->uid == 1) {
return TRUE;
}
// Administer Group permission.
if (user_access('administer group', $account)) {
return TRUE;
}
if (!($group = og_load($gid))) {
// Not a group.
return FALSE;
}
// Group manager has all privileges (if variable is TRUE).
if (variable_get('og_group_manager_full_access', TRUE)) {
$entity = current(entity_load($group->entity_type, array(
$group->etid,
)));
if (!empty($entity->uid) && $entity->uid == $account->uid) {
return TRUE;
}
}
// To reduce the number of SQL queries, we cache the user's permissions
// in a static variable.
if (!isset($perm[$gid][$account->uid])) {
$roles = og_get_user_roles($gid, $account->uid);
$role_permissions = og_role_permissions($roles);
$perms = array();
foreach ($role_permissions as $one_role) {
$perms += $one_role;
$perm[$gid][$account->uid] = $perms;
}
}
if (!$skip_alter && empty($perm_alter[$gid][$account->uid][$string])) {
// Let modules alter the permissions. since $perm is static we create a
// clone of it.
$temp_perm = $perm[$gid][$account->uid];
$context = array(
'string' => $string,
'group' => $group,
'account' => $account,
);
drupal_alter('og_user_access', $temp_perm, $context);
// Re-assing the altered permissions.
$perm[$gid][$account->uid] = $temp_perm;
// Make sure alter isn't called for the same permissions.
$perm_alter[$gid][$account->uid][$string] = TRUE;
}
return !empty($perm[$gid][$account->uid][$string]);
}