You are here

function redhen_contact_access in RedHen CRM 7

Checks contact access for various operations.

Parameters

string $op: The operation being performed. One of 'view', 'update', 'create' or 'delete'.

RedhenContact|string $contact: Contact to check access for, or for the create operation, the contact type. If nothing is given access permissions for all contacts are returned.

object $account: The user to check for. Leave it to NULL to check for the current user.

4 calls to redhen_contact_access()
redhen_contact_page in modules/redhen_contact/includes/redhen_contact.pages.inc
Page callback for contact overview page.
redhen_contact_revision_list in modules/redhen_contact/includes/redhen_contact.pages.inc
Page callback for listing contact revisions.
redhen_contact_user_contact_access in modules/redhen_contact/redhen_contact.module
Access callback for redhen_contact_user_categories().
redhen_contact_user_view in modules/redhen_contact/redhen_contact.module
Implements hook_user_view().
5 string references to 'redhen_contact_access'
redhen_contact_entity_info in modules/redhen_contact/redhen_contact.module
Implements hook_entity_info().
redhen_contact_menu in modules/redhen_contact/redhen_contact.module
Implements hook_menu().
redhen_contact_rules_action_info in modules/redhen_contact/includes/redhen_contact.rules.inc
Implements hook_rules_action_info().
redhen_engagement_menu in modules/redhen_engagement/redhen_engagement.module
Implements hook_menu().
redhen_registration_menu in modules/redhen_registration/redhen_registration.module
Implements hook_menu().

File

modules/redhen_contact/redhen_contact.module, line 455
Module file for RedHen contacts.

Code

function redhen_contact_access($op, $contact = NULL, $account = NULL) {

  // Map 'update' to 'edit' which is used internally below.
  $op = $op == 'update' ? 'edit' : $op;
  global $user;
  $redhen_relation_role_permissions = module_exists('redhen_relation') ? redhen_relation_role_get_permissions($user) : array();
  $account = isset($account) ? $account : $user;
  $related_orgs = $contact && module_exists('redhen_relation') ? redhen_relation_relations($contact, REDHEN_RELATION_AFFILIATION, TRUE) : array();
  if ($op == 'archive' && $contact->redhen_state == REDHEN_STATE_ARCHIVED) {
    return FALSE;
  }
  if ($op == 'unarchive' && $contact->redhen_state == REDHEN_STATE_ACTIVE) {
    return FALSE;
  }
  if (user_access('administer redhen contacts', $account)) {
    return TRUE;
  }

  // Set $default_revision as a shortcut variable to check, because relation
  // role permissions do not currently support revisions.
  if (is_object($contact) && $contact
    ->isDefaultRevision()) {
    $default_revision = TRUE;
  }
  else {
    $default_revision = FALSE;
  }
  switch ($op) {
    case 'view':
      if ($default_revision) {

        // Regular and relation role checks.
        if (user_access('access redhen contacts', $account)) {
          return TRUE;
        }

        // Check whether user can view own contact.
        if (user_access('view own redhen contact', $account) && $contact->uid == $user->uid) {
          return TRUE;
        }
        foreach ($related_orgs as $org) {
          if (isset($redhen_relation_role_permissions[$org[0]->org_id])) {
            return TRUE;
          }
        }
      }
      else {

        // Revision checks. Relation role permissions do not support revisions.
        if (user_access('view redhen contact revisions', $account)) {
          return TRUE;
        }
      }
      break;
    case 'archive':
    case 'unarchive':

      // We have already checked the op against the current state. Just check
      // the permissions.
      if (user_access('manage redhen contacts', $account)) {
        return TRUE;
      }
      break;
    case 'edit':
      if ($default_revision) {

        // Regular and relations role checks.
        if (user_access('manage redhen contacts', $account)) {
          return TRUE;
        }
        foreach ($related_orgs as $org) {
          if (isset($redhen_relation_role_permissions[$org[0]->org_id]['edit_contact']) && $redhen_relation_role_permissions[$org[0]->org_id]['edit_contact'] !== 0) {
            return TRUE;
          }
        }
      }
      else {

        // Revision checks. Relation role permissions do not support revisions.
        if (user_access('edit redhen contact revisions', $account)) {
          return TRUE;
        }
      }
      break;
    case 'delete':
      if ($default_revision) {

        // Regular and relations role checks.
        if (user_access('manage redhen contacts', $account)) {
          return TRUE;
        }
        foreach ($related_orgs as $org) {
          if (isset($redhen_relation_role_permissions[$org[0]->org_id]['delete_contact']) && $redhen_relation_role_permissions[$org[0]->org_id]['delete_contact'] !== 0) {
            return TRUE;
          }
        }
      }
      else {

        // Revision checks. Relation role permissions do not support revisions.
        if (user_access('manage redhen contacts', $account)) {
          return TRUE;
        }
      }
      break;
    case 'create':
      if (user_access('manage redhen contacts', $account)) {
        return TRUE;
      }
      if (isset($contact) && is_string($contact)) {
        if (user_access('create ' . $contact . ' contacts', $account)) {
          return TRUE;
        }
      }
      break;
  }
  return FALSE;
}