You are here

function payment_access in Payment 7

Check if a user has access to perform a certain payment operation.

Parameters

string $operation: One of the following operations:

  • "create"
  • "update" (does not require $payment, but only grants access if the user has permission to update any payment)
  • "delete" (does not require $payment_method, but only grants access if the user has permission to delete any payment)
  • "view" (does not require $payment_method, but only grants access if the user has permission to view any payment)

Payment $payment: The payment the user wants to perform the operation on.

object $account: The user account for which to check access. If NULL, the current user is used.

Return value

boolean

See also

payment_permission()

4 calls to payment_access()
paymentform_payment_finish in modules/paymentform/paymentform.module
Implements Payment::finish_callback.
paymentreference_form_process_paymentreference in modules/paymentreference/paymentreference.module
Implements form process callback for paymentreference elements.
payment_form_standalone in ./payment.ui.inc
Implements form build callback: the payment add/edit form.
payment_form_standalone_submit in ./payment.ui.inc
Implements form submit callback for payment_form().
3 string references to 'payment_access'
PaymentTestPaymentEntityPermissionWebTestCase::testPaymentEntityPermissions in tests/payment_test/tests/PaymentTestPaymentEntityPermissionWebTestCase.test
payment_entity_info in ./payment.module
Implements hook_entity_info().
payment_menu in ./payment.module
Implements hook_menu().

File

./payment.module, line 925
Hook implementations and shared functions.

Code

function payment_access($operation, Payment $payment = NULL, $account = NULL) {
  global $user;
  if (!$account) {
    $account = $user;
  }
  switch ($operation) {
    case 'create':

      // We let other modules decide whether users have access to create
      // new payments. There is no corresponding permission for this operation.
      return TRUE;
    case 'view':
    case 'update':
    case 'delete':
      return user_access('payment.payment.' . $operation . '.any', $account) || $payment && user_access('payment.payment.' . $operation . '.own', $account) && $account->uid == $payment->uid;
  }
  return FALSE;
}