You are here

Home » API reference » Party 8.2 » party.module

function party_party_access in Party 8.2

Same name and namespace in other branches
  1. 7 party.party.inc \party_party_access()

Implements hook_party_access().

Handles basic access to parties:

  • user permissions
  • data set cardinality settings

File

./party.module, line 501
Provides a generic CRM party entity.

Code

function party_party_access($op, $party = NULL, $data_set = NULL, $account = NULL) {

  // Set the data_set_name
  if (isset($data_set)) {
    $data_set_name = $data_set['set_name'];
  }

  // If we're looking at permission for a particular data set we check these.
  if (isset($data_set_name)) {

    // Determine what the Core permissions system has to say about this.
    switch ($op) {
      case 'view':
        $permission_string = 'view party attached ' . $data_set_name;
        break;
      case 'edit':
        $permission_string = 'edit party attached ' . $data_set_name;
        break;
      case 'detach':
        $permission_string = 'detach party attached ' . $data_set_name;
        break;
      case 'attach':
      case 'add':
        $permission_string = 'attach party ' . $data_set_name;
        break;
    }
    if (isset($permission_string)) {
      $permission_access = user_access($permission_string, $account);
    }

    // Determine what data set info has to say about this.
    // Data set actions in hook_party_data_set_info() are defined to match with
    // values of $op here.
    // Build an array of forced allowed actions.
    // @TODO: remove this when we re-work permissions.
    $allowed_ops = array(
      'view',
      'edit',
      'detach',
    );

    // Other ops depend on the data set defining the action.
    if (isset($data_set['actions'][$op]) || in_array($op, $allowed_ops)) {
      $data_access = TRUE;

      // TEMPORARY until we handle all actions here.
      // see http://drupal.org/node/1673608, http://drupal.org/node/1673606
      if ($op == 'add' || $op == 'attach') {

        // Operations 'add' and 'attach' additionally need a check on data set
        // cardinality.
        // TODO: store the information about which ops need this elsewhere?
        if (isset($data_set['max cardinality'])) {
          $data_set_controller = party_get_crm_controller($party, $data_set_name);
          $ids = $data_set_controller
            ->getEntityIds();
          if (count($ids) >= $data_set['max cardinality']) {
            $data_access = FALSE;
          }
        }
      }
    }
    else {
      $data_access = FALSE;
    }
  }
  else {

    // If we're not being asked about attachments, just use plain permissions.
    switch ($op) {
      case 'view':
        $permission_string = 'view parties';
        break;
      case 'edit':
        $permission_string = 'edit parties';
        break;
      case 'delete':
        $permission_string = 'delete parties';
        break;
    }
    if (isset($permission_string)) {
      $permission_access = user_access($permission_string, $account);
    }
  }

  // A data access deny is global.
  if (isset($data_access) && $data_access == FALSE) {
    return FALSE;
  }

  // Otherwise, permission access returns allow or ignore.
  return !empty($permission_access) ? TRUE : NULL;
}