function og_user_access in Organic groups 7.2
Same name and namespace in other branches
- 7 og.module \og_user_access()
Determine whether a user has a given privilege.
All permission checks in OG should go through this function. This way, we guarantee consistent behavior, and ensure that the superuser and group administrators can perform all actions.
Parameters
$group_type: The entity type of the group.
$gid: The entity ID of the group.
$string: The permission, such as "administer group", being checked for.
$account: (optional) The account to check. Defaults to the current user.
$skip_alter: (optional) If TRUE then user access will not be sent to other modules using drupal_alter(). This can be used by modules implementing hook_og_user_access_alter() that still want to use og_user_access(), but without causing a recursion. Defaults to FALSE.
$ignore_admin: (optional) When TRUE the specific permission is checked, ignoring the "administer group" permission if the user has it. When FALSE, a user with "administer group" will be granted all permissions. Defaults to FALSE.
Return value
TRUE or FALSE if the current user has the requested permission. NULL, if the given group isn't a valid group.
21 calls to og_user_access()
- OgPermissionsTestCase::testBlockedAndPendingRoles in ./
og.test - Assert blocked and pending roles influence the allowed permissions.
- OgPermissionsTestCase::testOgUserRoleChangePermissions in ./
og.test - Verify proper permission changes by og_role_change_permissions().
- OgSelectionHandler::buildEntityFieldQuery in plugins/
entityreference/ selection/ OgSelectionHandler.class.php - Build an EntityFieldQuery to get referencable entities.
- OgSelectionHandler::getGidsForCreate in plugins/
entityreference/ selection/ OgSelectionHandler.class.php - Get group IDs from URL or OG-context, with access to create group-content.
- OgUiUserPermissionsTestCase::testOgUiUserPermissionChanges in og_ui/
og_ui.test - Change user permissions and check og_user_access().
1 string reference to 'og_user_access'
- og_invalidate_cache in ./
og.module - Invalidate cache.
File
- ./
og.module, line 2145 - Enable users to create and manage groups with roles and permissions.
Code
function og_user_access($group_type, $gid, $string, $account = NULL, $skip_alter = FALSE, $ignore_admin = FALSE) {
global $user;
$perm =& drupal_static(__FUNCTION__, array());
// Mark the group ID and permissions that invoked an alter.
$perm_alter =& drupal_static(__FUNCTION__ . '_alter', array());
if (!og_is_group($group_type, $gid)) {
// Not a group.
return NULL;
}
if (empty($account)) {
$account = clone $user;
}
// User #1 has all privileges.
if ($account->uid == 1) {
return TRUE;
}
// Administer group permission.
if (user_access('administer group', $account) && !$ignore_admin) {
return TRUE;
}
// Group manager has all privileges (if variable is TRUE).
if (!empty($account->uid) && variable_get('og_group_manager_full_access', TRUE)) {
$group = entity_load_single($group_type, $gid);
if (!empty($group->uid) && $group->uid == $account->uid) {
return TRUE;
}
}
$identifier = $group_type . ':' . $gid;
// To reduce the number of SQL queries, we cache the user's permissions
// in a static variable.
if (!isset($perm[$identifier][$account->uid])) {
$perms = array();
if ($roles = og_get_user_roles($group_type, $gid, $account->uid)) {
// Member might not have roles if they are blocked.
// A pending member is treated as a non-member.
$role_permissions = og_role_permissions($roles);
foreach ($role_permissions as $one_role) {
$perms += $one_role;
}
}
$perm[$identifier][$account->uid] = $perms;
}
if (!$skip_alter && empty($perm_alter[$identifier][$account->uid][$string])) {
// Let modules alter the permissions. since $perm is static we create
// a clone of it.
$group = !empty($group) ? $group : entity_load_single($group_type, $gid);
$temp_perm = $perm[$identifier][$account->uid];
$context = array(
'string' => $string,
'group_type' => $group_type,
'group' => $group,
'account' => $account,
);
drupal_alter('og_user_access', $temp_perm, $context);
// Re-assing the altered permissions.
$perm[$identifier][$account->uid] = $temp_perm;
// Make sure alter isn't called for the same permissions.
$perm_alter[$identifier][$account->uid][$string] = TRUE;
}
return !empty($perm[$identifier][$account->uid][$string]) || !empty($perm[$identifier][$account->uid]['administer group']) && !$ignore_admin;
}