function _photos_access in Album Photos 8.4
Same name and namespace in other branches
- 6.2 photos.module \_photos_access()
- 7.3 photos.module \_photos_access()
Photos access checks for different operations.
Parameters
string $op: Operation to check access.
int|\Drupal\node\Entity\Node|\Drupal\user\Entity\User $value: $node, $user, $file->id() OR $node->id().
Return value
bool TRUE if user is allowed access content, otherwise FALSE.
12 calls to _photos_access()
- PhotosAlbumController::access in src/
Controller/ PhotosAlbumController.php - A custom access check.
- PhotosEditController::access in src/
Controller/ PhotosEditController.php - A custom access check.
- PhotosEditController::ajaxEditUpdate in src/
Controller/ PhotosEditController.php - Ajax edit image.
- PhotosEditController::ajaxEditUpdateLoad in src/
Controller/ PhotosEditController.php - Ajax edit image load text.
- PhotosImageController::access in src/
Controller/ PhotosImageController.php - A custom access check.
File
- ./
photos.module, line 41 - Implementation of photos.module.
Code
function _photos_access($op, $value) {
$user = \Drupal::currentUser();
switch ($op) {
case 'viewUser':
return $value
->id() && $value
->hasPermission('create photo') || \Drupal::currentUser()
->hasPermission('access user profiles') && \Drupal::currentUser()
->hasPermission('view photo');
case 'imageOrig':
if (!\Drupal::currentUser()
->hasPermission('view original')) {
return FALSE;
}
else {
return TRUE;
}
case 'imageView':
// Value is fid, check if user can view this photo's album.
if ($user
->id() == 1) {
return TRUE;
}
if (\Drupal::config('photos.settings')
->get('photos_access_photos')) {
// Check if album password is required.
photos_access_request_album_password();
$node = _photos_access_pass_type($value, 1);
$uid = FALSE;
// Check if user is node author.
if (isset($node['node'])) {
$uid = $node['node']->uid;
}
elseif (isset($node['view'])) {
$uid = $node['view']->uid;
}
if ($uid && $user
->id() == $uid) {
return TRUE;
}
if (\Drupal::currentUser()
->hasPermission('view photo')) {
if (isset($node['node']->viewid) && $node['node']->viewid != 3) {
// Check node access.
$node = Node::load($node['node']->nid);
return $node
->access('view');
}
elseif (isset($node['view']->pass)) {
// Check password.
if (isset($_SESSION[$node['view']->nid . '_' . session_id()]) && $node['view']->pass == $_SESSION[$node['view']->nid . '_' . session_id()] || !photos_access_pass_validate($node)) {
return TRUE;
}
}
}
return \Drupal::currentUser()
->hasPermission('view photo');
}
else {
return \Drupal::currentUser()
->hasPermission('view photo');
}
case 'album':
if (\Drupal::config('photos.settings')
->get('photos_access_photos')) {
// Check if album password is required.
photos_access_request_album_password();
}
return $value
->getType() == 'photos' && $value
->access('view');
case 'editAlbum':
if ($value
->getType() == 'photos') {
return $value
->access('update');
}
break;
case 'imageEdit':
if (!is_object($value)) {
$db = \Drupal::database();
$query = $db
->select('node', 'n');
$query
->join('photos_image', 'p', 'p.pid = n.nid');
$query
->fields('n', [
'nid',
])
->condition('p.fid', $value);
$nid = $query
->execute()
->fetchField();
if ($nid) {
$value = \Drupal::entityTypeManager()
->getStorage('node')
->load($nid);
}
else {
// Not found.
throw new NotFoundHttpException();
}
}
return $value
->access('update') || $value
->access('delete');
case 'imageDelete':
if (!is_object($value)) {
$db = \Drupal::database();
$query = $db
->select('node', 'n');
$query
->join('photos_image', 'p', 'p.pid = n.nid');
$query
->fields('n', [
'nid',
])
->condition('p.fid', $value);
$nid = $query
->execute()
->fetchField();
$value = \Drupal::entityTypeManager()
->getStorage('node')
->load($nid);
}
return $value
->access('delete');
}
return FALSE;
}