You are here

function party_access in Party 7

Same name and namespace in other branches
  1. 8.2 party.module \party_access()

Determines whether operations are allowed on a Party and attached entities.

Parameters

$op: The operation being performed. Currently one of:

  • 'view': Whether the user may view the given party or data set.
  • 'edit': Whether the user may edit the given party or data set.
  • 'add': Whether the user may create a new entity the given data set to the party.
  • 'attach': Whether the user may attach an existing entity in the given data set to the party.
  • 'detach': Whether the user may detach the given data set from the party.
  • 'create': Whether the user may create a party of the type given by $party->type.

@todo: consider distinguishing $op values for solo party vs attached entity, eg 'view attached' / 'view', so that we don't have to keep mucking about testing isset($attached_entity).

$party: A party to check access for.

$data_set: (optional) A dataset name or full definition to check access for. If nothing is given, access for just the party itself is determined.

$account: (optional) The user to check for. Omit to check for the global user.

Return value

boolean Whether access is allowed or not.

See also

hook_party_access()

party_party_access()

8 calls to party_access()
PartyAccessTestCase::testPartyCRUDAccess in tests/party_access.test
Test CRUD Access on Party Entities.
PartyAccessTestCase::testPartyDataSetCRUDAccess in tests/party_access.test
Test Data Set CRUD Access.
PartyDefaultDataSet::getActions in includes/party.data.inc
Get actions for the attached entity. Check party access in each case.
party_attached_entity_content_type_render in plugins/content_types/attached_entity/attached_entity.inc
Render the custom content type.
party_data_set_form in ./party.module
Get the form for a data set (more to the point get a set of fields for the data set might need to work on this). This function checks the edit party attached data set permission.

... See full list

4 string references to 'party_access'
party_entity_query_alter in ./party.module
Implements hook_entity_query_alter().
party_menu in ./party.module
Implements hook_menu().
party_party_party_pieces in ./party.party_info.inc
Implements hook_party_party_pieces().
party_query_alter in ./party.module
Implements hook_query_alter().

File

./party.module, line 484
Provides a generic CRM party entity.

Code

function party_access($op, $party = NULL, $data_set = NULL, $account = NULL) {

  // Let the admin through when there's no attached entity being considered.
  if (!isset($data_set) && user_access('administer parties', $account)) {
    return TRUE;
  }

  // If the party has been archived, check we have access.
  if (is_object($party) && $party->archived && !user_access('view archived parties', $account)) {
    return FALSE;
  }

  // If we've been passed a data set name we change it into an array.
  if (isset($data_set) && is_string($data_set)) {
    $data_set = party_get_data_set_info($data_set);
  }
  if (!isset($account)) {
    $account = $GLOBALS['user'];
  }

  // If $party is a string, convert it to an entity.
  if (is_string($party)) {
    $party = party_create();
  }

  // Allow modules to grant / deny access.
  // Keep track of which modules grant / deny access. This allows for easier
  // debugging and may be helpful in the future.
  foreach (module_implements('party_access') as $module) {
    $access[$module] = module_invoke($module, 'party_access', $op, $party, $data_set, $account);
  }

  // Only grant access if at least one module granted access and no one denied
  // access.
  if (in_array(FALSE, $access, TRUE)) {
    return FALSE;
  }
  elseif (in_array(TRUE, $access, TRUE)) {
    return TRUE;
  }
  return FALSE;
}