function party_access in Party 7
Same name and namespace in other branches
- 8.2 party.module \party_access()
Determines whether operations are allowed on a Party and attached entities.
Parameters
$op: The operation being performed. Currently one of:
- 'view': Whether the user may view the given party or data set.
- 'edit': Whether the user may edit the given party or data set.
- 'add': Whether the user may create a new entity the given data set to the party.
- 'attach': Whether the user may attach an existing entity in the given data set to the party.
- 'detach': Whether the user may detach the given data set from the party.
- 'create': Whether the user may create a party of the type given by $party->type.
@todo: consider distinguishing $op values for solo party vs attached entity, eg 'view attached' / 'view', so that we don't have to keep mucking about testing isset($attached_entity).
$party: A party to check access for.
$data_set: (optional) A dataset name or full definition to check access for. If nothing is given, access for just the party itself is determined.
$account: (optional) The user to check for. Omit to check for the global user.
Return value
boolean Whether access is allowed or not.
See also
8 calls to party_access()
- PartyAccessTestCase::testPartyCRUDAccess in tests/
party_access.test - Test CRUD Access on Party Entities.
- PartyAccessTestCase::testPartyDataSetCRUDAccess in tests/
party_access.test - Test Data Set CRUD Access.
- PartyDefaultDataSet::getActions in includes/
party.data.inc - Get actions for the attached entity. Check party access in each case.
- party_attached_entity_content_type_render in plugins/
content_types/ attached_entity/ attached_entity.inc - Render the custom content type.
- party_data_set_form in ./
party.module - Get the form for a data set (more to the point get a set of fields for the data set might need to work on this). This function checks the edit party attached data set permission.
4 string references to 'party_access'
- party_entity_query_alter in ./
party.module - Implements hook_entity_query_alter().
- party_menu in ./
party.module - Implements hook_menu().
- party_party_party_pieces in ./
party.party_info.inc - Implements hook_party_party_pieces().
- party_query_alter in ./
party.module - Implements hook_query_alter().
File
- ./
party.module, line 484 - Provides a generic CRM party entity.
Code
function party_access($op, $party = NULL, $data_set = NULL, $account = NULL) {
// Let the admin through when there's no attached entity being considered.
if (!isset($data_set) && user_access('administer parties', $account)) {
return TRUE;
}
// If the party has been archived, check we have access.
if (is_object($party) && $party->archived && !user_access('view archived parties', $account)) {
return FALSE;
}
// If we've been passed a data set name we change it into an array.
if (isset($data_set) && is_string($data_set)) {
$data_set = party_get_data_set_info($data_set);
}
if (!isset($account)) {
$account = $GLOBALS['user'];
}
// If $party is a string, convert it to an entity.
if (is_string($party)) {
$party = party_create();
}
// Allow modules to grant / deny access.
// Keep track of which modules grant / deny access. This allows for easier
// debugging and may be helpful in the future.
foreach (module_implements('party_access') as $module) {
$access[$module] = module_invoke($module, 'party_access', $op, $party, $data_set, $account);
}
// Only grant access if at least one module granted access and no one denied
// access.
if (in_array(FALSE, $access, TRUE)) {
return FALSE;
}
elseif (in_array(TRUE, $access, TRUE)) {
return TRUE;
}
return FALSE;
}