You are here

Home » API reference » Organic Groups Webform Integration 7 » og_webform.module

function og_webform_webform_submission_access in Organic Groups Webform Integration 7

Same name and namespace in other branches
  1. 6 og_webform.module \og_webform_webform_submission_access()

Implements hook_webform_submission_access().

See also

webform_submission_access()

File

./og_webform.module, line 55
Enables organic group administrators to modify webforms within their groups.

Code

function og_webform_webform_submission_access($node, $submission, $op = 'view', $account = NULL) {
  global $user;
  $account = isset($account) ? $account : $user;

  // Ensure a full node object, as Views handlers may not load the entire node.
  if (empty($node->vid) && !empty($node->nid)) {
    $node = node_load($node->nid);
  }

  // If this webform is not in a group, don't affect access.
  if (empty($node->group_audience['und'])) {
    return;
  }
  $access_all = FALSE;
  $access_own_submission = FALSE;
  foreach ($node->group_audience['und'] as $group) {

    // Determine if the user has access to all results and submissions.
    if (og_user_access($group['gid'], 'access all webform results', $account)) {
      $access_all = TRUE;
      break;

      // If we access to everything, "access own" doesn't matter.
    }

    // Or check if they have access to just their own submissions.
    if (isset($submission) && og_user_access($group['gid'], 'access own webform submissions', $account) && ($account->uid && $account->uid == $submission->uid || isset($_SESSION['webform_submission'][$submission->sid]))) {
      $access_own_submission = TRUE;
    }
  }

  // Access to any operation (view/edit/delete) requires access permission.
  $general_access = $access_all || $access_own_submission;
  switch ($op) {
    case 'view':
      return $general_access;
    case 'save':

      // The "save" case tells Webform to save a session for anonymous users if
      // they have permission to access their own permissions.
      return og_user_access($group['gid'], 'access own webform submissions', $account);
    case 'list':
      return og_user_access($group['gid'], 'access all webform results', $account) || og_user_access($group['gid'], 'access own webform submissions', $account) && ($account->uid || isset($_SESSION['webform_submission']));
    case 'edit':
      if ($general_access) {
        foreach ($node->group_audience['und'] as $group) {
          if (og_user_access($group['gid'], 'edit all webform submissions', $account) || og_user_access($group['gid'], 'edit own webform submissions', $account) && $submission->uid == $account->uid) {
            return TRUE;
          }
        }
      }
      break;
    case 'delete':
      if ($general_access) {
        foreach ($node->group_audience['und'] as $group) {
          if (og_user_access($group['gid'], 'delete all webform submissions', $account) || og_user_access($group['gid'], 'delete own webform submissions', $account) && $submission->uid == $account->uid) {
            return TRUE;
          }
        }
      }
      break;
  }
}