You are here

Home » API reference » Organic groups 7.2 » og.module

function og_user_access in Organic groups 7.2

Same name and namespace in other branches
  1. 7 og.module \og_user_access()

Determine whether a user has a given privilege.

All permission checks in OG should go through this function. This way, we guarantee consistent behavior, and ensure that the superuser and group administrators can perform all actions.

Parameters

$group_type: The entity type of the group.

$gid: The entity ID of the group.

$string: The permission, such as "administer group", being checked for.

$account: (optional) The account to check. Defaults to the current user.

$skip_alter: (optional) If TRUE then user access will not be sent to other modules using drupal_alter(). This can be used by modules implementing hook_og_user_access_alter() that still want to use og_user_access(), but without causing a recursion. Defaults to FALSE.

$ignore_admin: (optional) When TRUE the specific permission is checked, ignoring the "administer group" permission if the user has it. When FALSE, a user with "administer group" will be granted all permissions. Defaults to FALSE.

Return value

TRUE or FALSE if the current user has the requested permission. NULL, if the given group isn't a valid group.

21 calls to og_user_access()
OgPermissionsTestCase::testBlockedAndPendingRoles in ./og.test
Assert blocked and pending roles influence the allowed permissions.
OgPermissionsTestCase::testOgUserRoleChangePermissions in ./og.test
Verify proper permission changes by og_role_change_permissions().
OgSelectionHandler::buildEntityFieldQuery in plugins/entityreference/selection/OgSelectionHandler.class.php
Build an EntityFieldQuery to get referencable entities.
OgSelectionHandler::getGidsForCreate in plugins/entityreference/selection/OgSelectionHandler.class.php
Get group IDs from URL or OG-context, with access to create group-content.
OgUiUserPermissionsTestCase::testOgUiUserPermissionChanges in og_ui/og_ui.test
Change user permissions and check og_user_access().

... See full list

1 string reference to 'og_user_access'
og_invalidate_cache in ./og.module
Invalidate cache.

File

./og.module, line 2145
Enable users to create and manage groups with roles and permissions.

Code

function og_user_access($group_type, $gid, $string, $account = NULL, $skip_alter = FALSE, $ignore_admin = FALSE) {
  global $user;
  $perm =& drupal_static(__FUNCTION__, array());

  // Mark the group ID and permissions that invoked an alter.
  $perm_alter =& drupal_static(__FUNCTION__ . '_alter', array());
  if (!og_is_group($group_type, $gid)) {

    // Not a group.
    return NULL;
  }
  if (empty($account)) {
    $account = clone $user;
  }

  // User #1 has all privileges.
  if ($account->uid == 1) {
    return TRUE;
  }

  // Administer group permission.
  if (user_access('administer group', $account) && !$ignore_admin) {
    return TRUE;
  }

  // Group manager has all privileges (if variable is TRUE).
  if (!empty($account->uid) && variable_get('og_group_manager_full_access', TRUE)) {
    $group = entity_load_single($group_type, $gid);
    if (!empty($group->uid) && $group->uid == $account->uid) {
      return TRUE;
    }
  }
  $identifier = $group_type . ':' . $gid;

  // To reduce the number of SQL queries, we cache the user's permissions
  // in a static variable.
  if (!isset($perm[$identifier][$account->uid])) {
    $perms = array();
    if ($roles = og_get_user_roles($group_type, $gid, $account->uid)) {

      // Member might not have roles if they are blocked.
      // A pending member is treated as a non-member.
      $role_permissions = og_role_permissions($roles);
      foreach ($role_permissions as $one_role) {
        $perms += $one_role;
      }
    }
    $perm[$identifier][$account->uid] = $perms;
  }
  if (!$skip_alter && empty($perm_alter[$identifier][$account->uid][$string])) {

    // Let modules alter the permissions. since $perm is static we create
    // a clone of it.
    $group = !empty($group) ? $group : entity_load_single($group_type, $gid);
    $temp_perm = $perm[$identifier][$account->uid];
    $context = array(
      'string' => $string,
      'group_type' => $group_type,
      'group' => $group,
      'account' => $account,
    );
    drupal_alter('og_user_access', $temp_perm, $context);

    // Re-assing the altered permissions.
    $perm[$identifier][$account->uid] = $temp_perm;

    // Make sure alter isn't called for the same permissions.
    $perm_alter[$identifier][$account->uid][$string] = TRUE;
  }
  return !empty($perm[$identifier][$account->uid][$string]) || !empty($perm[$identifier][$account->uid]['administer group']) && !$ignore_admin;
}