You are here

function registration_access in Entity Registration 7

Same name and namespace in other branches
  1. 8.2 registration.module \registration_access()
  2. 8 registration.module \registration_access()
  3. 7.2 registration.module \registration_access()

Access callback: Entity API for Registration entities.

Checks if a user has permission to execute an operation on a registration entity.

Parameters

string $op: Operation user wishes to perform.

Registration $registration: (optional) A fully loaded registration object.

object $account: (optional) An user object, or omit for logged in user.

Return value

bool

See also

registration_entity_info()

1 string reference to 'registration_access'
registration_entity_info in ./registration.module
Implements hook_entity_info().

File

./registration.module, line 1920

Code

function registration_access($op, Registration $registration = NULL, $account = NULL) {
  $account = isset($account) ? $account : $GLOBALS['user'];
  $admin = user_access('administer registration', $account);
  if (!isset($registration)) {
    return $admin;
  }
  $type = $registration
    ->bundle();

  // bypass further access checks if user can administer registration
  if ($admin || user_access("administer {$type} registration", $account)) {
    return TRUE;
  }

  // Check environment for Registration.
  switch ($op) {
    case 'update':
      $people = registration_access_people($registration);
      $registrant_type = $registration
        ->registrant_type($account);
      if (!isset($registrant_type) && !isset($people[$registrant_type])) {
        return FALSE;
      }
      break;
    case 'create':
      if (!count(registration_access_people($registration))) {
        return FALSE;
      }
      break;
  }

  // First grant access to the entity for the specified operation if no other
  // module denies it and at least one other module says to grant access.
  $access_results = module_invoke_all('registration_access', $op, $registration, $account);
  if (in_array(FALSE, $access_results, TRUE)) {
    return FALSE;
  }
  elseif (in_array(TRUE, $access_results, TRUE)) {
    return TRUE;
  }
  $wrapper = entity_metadata_wrapper('registration', $registration);
  $author = $wrapper->author
    ->value();
  $account_own = $author && $author->uid == $account->uid;

  // Fall back to assigned permissions
  switch ($op) {
    case 'view':
      return $account_own && user_access("view own {$type} registration", $account) || user_access("view {$type} registration", $account);
    case 'update':
      return $account_own && user_access("update own {$type} registration", $account) || user_access("update any {$type} registration", $account);
    case 'create':
      return user_access("create {$type} registration", $account);
    case 'delete':
      return $account_own && user_access("delete own {$type} registration", $account) || user_access("delete any {$type} registration", $account);
  }
}