function redhen_org_access in RedHen CRM 7
Checks org access for various operations.
Parameters
string $op: The operation being performed. One of 'view', 'update', 'create' or 'delete'.
RedhenOrg|string $org: Optionally a org to check access for or for the create operation the org type. If nothing is given access permissions for all orgs are returned.
object $account: The user to check for. Leave it to NULL to check for the current user.
2 calls to redhen_org_access()
- redhen_org_page in modules/
redhen_org/ includes/ redhen_org.pages.inc - Page callback for org overview page.
- redhen_org_revision_list in modules/
redhen_org/ includes/ redhen_org.pages.inc - Page callback for listing org revisions.
2 string references to 'redhen_org_access'
- redhen_org_entity_info in modules/
redhen_org/ redhen_org.module - Implements hook_entity_info().
- redhen_org_menu in modules/
redhen_org/ redhen_org.module - Implements hook_menu().
File
- modules/
redhen_org/ redhen_org.module, line 425
Code
function redhen_org_access($op, $org = NULL, $account = NULL) {
// Map 'update' to 'edit' which is used internally below.
$op = $op == 'update' ? 'edit' : $op;
global $user;
$account = isset($account) ? $account : $user;
$redhen_relation_role_permissions = module_exists('redhen_relation') ? redhen_relation_role_get_permissions($user) : array();
// The 'archive' case is special because if it's already archived, it is not
// possible to archive it again.
if ($op == 'archive' && $org->redhen_state == REDHEN_STATE_ARCHIVED) {
return FALSE;
}
if ($op == 'unarchive' && $org->redhen_state == REDHEN_STATE_ACTIVE) {
return FALSE;
}
// If user has 'administer redhen orgs', all actions are allowed.
if (user_access('administer redhen orgs', $account)) {
return TRUE;
}
// Set $default_revision as a shortcut variable to check, because relation
// role permissions do not currently support revisions.
if (is_object($org) && $org
->isDefaultRevision()) {
$default_revision = TRUE;
}
else {
$default_revision = FALSE;
}
switch ($op) {
case 'view':
if ($default_revision) {
// Regular and relation role checks.
if (user_access('access redhen orgs', $account)) {
return TRUE;
}
// If the org id exists as a key in this user's relation role
// permissions, they have access to view it.
if (isset($redhen_relation_role_permissions[$org->org_id])) {
return TRUE;
}
}
else {
// Revision checks. Relation role permissions not currently supported.
if (user_access('access redhen org revisions', $account)) {
return TRUE;
}
}
break;
case 'archive':
case 'unarchive':
// We have already checked the op against the current state. Just check
// the permissions.
if (user_access('manage redhen orgs', $account)) {
return TRUE;
}
break;
case 'edit':
if ($default_revision) {
// Regular and relation role checks.
if (user_access('manage redhen orgs', $account) && $org->redhen_state != REDHEN_STATE_ARCHIVED) {
return TRUE;
}
// Check 'edit_org' for the org_id of relation role permissions. It will
// usually be set to either 0 or 'edit_org', but we check for anything
// non null-ish.
if (!empty($redhen_relation_role_permissions[$org->org_id]['edit_org'])) {
return TRUE;
}
}
else {
// Revision checks. Relation role permissions not currently supported.
if (user_access('manage redhen org revisions', $account) && $org->redhen_state != REDHEN_STATE_ARCHIVED) {
return TRUE;
}
}
break;
case 'delete':
if ($default_revision) {
// Regular and relation role checks.
if (user_access('manage redhen orgs', $account)) {
return TRUE;
}
// Check 'delete_org' for the org_id of relation role permissions. It will
// usually be set to either 0 or 'delete_org', but we check for anything
// non null-ish.
if (!empty($redhen_relation_role_permissions[$org->org_id]['delete_org'])) {
return TRUE;
}
}
else {
// Revision checks. Relation role permissions not currently supported.
if (user_access('manage redhen org revisions', $account)) {
return TRUE;
}
}
break;
case 'create':
if (user_access('manage redhen orgs', $account)) {
return TRUE;
}
if (isset($org) && is_string($org)) {
if (user_access('create ' . $org . ' orgs', $account)) {
return TRUE;
}
}
break;
}
return FALSE;
}