You are here

function _photos_access in Album Photos 8.4

Same name and namespace in other branches
  1. 6.2 photos.module \_photos_access()
  2. 7.3 photos.module \_photos_access()

Photos access checks for different operations.

Parameters

string $op: Operation to check access.

int|\Drupal\node\Entity\Node|\Drupal\user\Entity\User $value: $node, $user, $file->id() OR $node->id().

Return value

bool TRUE if user is allowed access content, otherwise FALSE.

12 calls to _photos_access()
PhotosAlbumController::access in src/Controller/PhotosAlbumController.php
A custom access check.
PhotosEditController::access in src/Controller/PhotosEditController.php
A custom access check.
PhotosEditController::ajaxEditUpdate in src/Controller/PhotosEditController.php
Ajax edit image.
PhotosEditController::ajaxEditUpdateLoad in src/Controller/PhotosEditController.php
Ajax edit image load text.
PhotosImageController::access in src/Controller/PhotosImageController.php
A custom access check.

... See full list

File

./photos.module, line 41
Implementation of photos.module.

Code

function _photos_access($op, $value) {
  $user = \Drupal::currentUser();
  switch ($op) {
    case 'viewUser':
      return $value
        ->id() && $value
        ->hasPermission('create photo') || \Drupal::currentUser()
        ->hasPermission('access user profiles') && \Drupal::currentUser()
        ->hasPermission('view photo');
    case 'imageOrig':
      if (!\Drupal::currentUser()
        ->hasPermission('view original')) {
        return FALSE;
      }
      else {
        return TRUE;
      }
    case 'imageView':

      // Value is fid, check if user can view this photo's album.
      if ($user
        ->id() == 1) {
        return TRUE;
      }
      if (\Drupal::config('photos.settings')
        ->get('photos_access_photos')) {

        // Check if album password is required.
        photos_access_request_album_password();
        $node = _photos_access_pass_type($value, 1);
        $uid = FALSE;

        // Check if user is node author.
        if (isset($node['node'])) {
          $uid = $node['node']->uid;
        }
        elseif (isset($node['view'])) {
          $uid = $node['view']->uid;
        }
        if ($uid && $user
          ->id() == $uid) {
          return TRUE;
        }
        if (\Drupal::currentUser()
          ->hasPermission('view photo')) {
          if (isset($node['node']->viewid) && $node['node']->viewid != 3) {

            // Check node access.
            $node = Node::load($node['node']->nid);
            return $node
              ->access('view');
          }
          elseif (isset($node['view']->pass)) {

            // Check password.
            if (isset($_SESSION[$node['view']->nid . '_' . session_id()]) && $node['view']->pass == $_SESSION[$node['view']->nid . '_' . session_id()] || !photos_access_pass_validate($node)) {
              return TRUE;
            }
          }
        }
        return \Drupal::currentUser()
          ->hasPermission('view photo');
      }
      else {
        return \Drupal::currentUser()
          ->hasPermission('view photo');
      }
    case 'album':
      if (\Drupal::config('photos.settings')
        ->get('photos_access_photos')) {

        // Check if album password is required.
        photos_access_request_album_password();
      }
      return $value
        ->getType() == 'photos' && $value
        ->access('view');
    case 'editAlbum':
      if ($value
        ->getType() == 'photos') {
        return $value
          ->access('update');
      }
      break;
    case 'imageEdit':
      if (!is_object($value)) {
        $db = \Drupal::database();
        $query = $db
          ->select('node', 'n');
        $query
          ->join('photos_image', 'p', 'p.pid = n.nid');
        $query
          ->fields('n', [
          'nid',
        ])
          ->condition('p.fid', $value);
        $nid = $query
          ->execute()
          ->fetchField();
        if ($nid) {
          $value = \Drupal::entityTypeManager()
            ->getStorage('node')
            ->load($nid);
        }
        else {

          // Not found.
          throw new NotFoundHttpException();
        }
      }
      return $value
        ->access('update') || $value
        ->access('delete');
    case 'imageDelete':
      if (!is_object($value)) {
        $db = \Drupal::database();
        $query = $db
          ->select('node', 'n');
        $query
          ->join('photos_image', 'p', 'p.pid = n.nid');
        $query
          ->fields('n', [
          'nid',
        ])
          ->condition('p.fid', $value);
        $nid = $query
          ->execute()
          ->fetchField();
        $value = \Drupal::entityTypeManager()
          ->getStorage('node')
          ->load($nid);
      }
      return $value
        ->access('delete');
  }
  return FALSE;
}