You are here

function redhen_org_access in RedHen CRM 7

Checks org access for various operations.

Parameters

string $op: The operation being performed. One of 'view', 'update', 'create' or 'delete'.

RedhenOrg|string $org: Optionally a org to check access for or for the create operation the org type. If nothing is given access permissions for all orgs are returned.

object $account: The user to check for. Leave it to NULL to check for the current user.

2 calls to redhen_org_access()
redhen_org_page in modules/redhen_org/includes/redhen_org.pages.inc
Page callback for org overview page.
redhen_org_revision_list in modules/redhen_org/includes/redhen_org.pages.inc
Page callback for listing org revisions.
2 string references to 'redhen_org_access'
redhen_org_entity_info in modules/redhen_org/redhen_org.module
Implements hook_entity_info().
redhen_org_menu in modules/redhen_org/redhen_org.module
Implements hook_menu().

File

modules/redhen_org/redhen_org.module, line 425

Code

function redhen_org_access($op, $org = NULL, $account = NULL) {

  // Map 'update' to 'edit' which is used internally below.
  $op = $op == 'update' ? 'edit' : $op;
  global $user;
  $account = isset($account) ? $account : $user;
  $redhen_relation_role_permissions = module_exists('redhen_relation') ? redhen_relation_role_get_permissions($user) : array();

  // The 'archive' case is special because if it's already archived, it is not
  // possible to archive it again.
  if ($op == 'archive' && $org->redhen_state == REDHEN_STATE_ARCHIVED) {
    return FALSE;
  }
  if ($op == 'unarchive' && $org->redhen_state == REDHEN_STATE_ACTIVE) {
    return FALSE;
  }

  // If user has 'administer redhen orgs', all actions are allowed.
  if (user_access('administer redhen orgs', $account)) {
    return TRUE;
  }

  // Set $default_revision as a shortcut variable to check, because relation
  // role permissions do not currently support revisions.
  if (is_object($org) && $org
    ->isDefaultRevision()) {
    $default_revision = TRUE;
  }
  else {
    $default_revision = FALSE;
  }
  switch ($op) {
    case 'view':
      if ($default_revision) {

        // Regular and relation role checks.
        if (user_access('access redhen orgs', $account)) {
          return TRUE;
        }

        // If the org id exists as a key in this user's relation role
        // permissions, they have access to view it.
        if (isset($redhen_relation_role_permissions[$org->org_id])) {
          return TRUE;
        }
      }
      else {

        // Revision checks. Relation role permissions not currently supported.
        if (user_access('access redhen org revisions', $account)) {
          return TRUE;
        }
      }
      break;
    case 'archive':
    case 'unarchive':

      // We have already checked the op against the current state. Just check
      // the permissions.
      if (user_access('manage redhen orgs', $account)) {
        return TRUE;
      }
      break;
    case 'edit':
      if ($default_revision) {

        // Regular and relation role checks.
        if (user_access('manage redhen orgs', $account) && $org->redhen_state != REDHEN_STATE_ARCHIVED) {
          return TRUE;
        }

        // Check 'edit_org' for the org_id of relation role permissions. It will
        // usually be set to either 0 or 'edit_org', but we check for anything
        // non null-ish.
        if (!empty($redhen_relation_role_permissions[$org->org_id]['edit_org'])) {
          return TRUE;
        }
      }
      else {

        // Revision checks. Relation role permissions not currently supported.
        if (user_access('manage redhen org revisions', $account) && $org->redhen_state != REDHEN_STATE_ARCHIVED) {
          return TRUE;
        }
      }
      break;
    case 'delete':
      if ($default_revision) {

        // Regular and relation role checks.
        if (user_access('manage redhen orgs', $account)) {
          return TRUE;
        }

        // Check 'delete_org' for the org_id of relation role permissions. It will
        // usually be set to either 0 or 'delete_org', but we check for anything
        // non null-ish.
        if (!empty($redhen_relation_role_permissions[$org->org_id]['delete_org'])) {
          return TRUE;
        }
      }
      else {

        // Revision checks. Relation role permissions not currently supported.
        if (user_access('manage redhen org revisions', $account)) {
          return TRUE;
        }
      }
      break;
    case 'create':
      if (user_access('manage redhen orgs', $account)) {
        return TRUE;
      }
      if (isset($org) && is_string($org)) {
        if (user_access('create ' . $org . ' orgs', $account)) {
          return TRUE;
        }
      }
      break;
  }
  return FALSE;
}