function party_party_access in Party 7
Same name and namespace in other branches
- 8.2 party.module \party_party_access()
Implements hook_party_access().
Handles basic access to parties:
- user permissions
- data set cardinality settings
File
- ./
party.party.inc, line 14 - Party general hook include.
Code
function party_party_access($op, $party = NULL, $data_set = NULL, $account = NULL) {
// Set the data_set_name
if (isset($data_set)) {
$data_set_name = $data_set['set_name'];
}
// If we're looking at permission for a particular data set we check these.
if (isset($data_set_name)) {
// Determine what the Core permissions system has to say about this.
switch ($op) {
case 'view':
$permission_string = 'view party attached ' . $data_set_name;
break;
case 'edit':
$permission_string = 'edit party attached ' . $data_set_name;
break;
case 'detach':
$permission_string = 'detach party attached ' . $data_set_name;
break;
case 'attach':
case 'add':
$permission_string = 'attach party ' . $data_set_name;
break;
}
if (isset($permission_string)) {
$permission_access = user_access($permission_string, $account);
}
// Determine what data set info has to say about this.
// Data set actions in hook_party_data_set_info() are defined to match with
// values of $op here.
// Build an array of forced allowed actions.
// @TODO: remove this when we re-work permissions.
$allowed_ops = array(
'view',
'edit',
'detach',
);
// Other ops depend on the data set defining the action.
if (isset($data_set['actions'][$op]) || in_array($op, $allowed_ops)) {
$data_access = TRUE;
// TEMPORARY until we handle all actions here.
// see http://drupal.org/node/1673608, http://drupal.org/node/1673606
if ($op == 'add' || $op == 'attach') {
// Operations 'add' and 'attach' additionally need a check on data set
// cardinality.
// TODO: store the information about which ops need this elsewhere?
if (isset($data_set['max cardinality'])) {
$ids = $party
->getDataSetController($data_set_name)
->getEntityIds();
if (count($ids) >= $data_set['max cardinality']) {
$data_access = FALSE;
}
}
}
}
else {
$data_access = FALSE;
}
}
else {
// If we're not being asked about attachments, just use plain permissions.
switch ($op) {
case 'view':
$permission_string = 'view parties';
break;
case 'edit':
$permission_string = 'edit parties';
break;
case 'archive':
$permission_string = 'archive parties';
break;
case 'delete':
$permission_string = 'delete parties';
break;
}
if (isset($permission_string)) {
$permission_access = user_access($permission_string, $account);
}
}
// A data access deny is global.
if (isset($data_access) && $data_access == FALSE) {
return FALSE;
}
// Otherwise, permission access returns allow or ignore.
return !empty($permission_access) ? TRUE : NULL;
}