You are here

function registration_access in Entity Registration 8.2

Same name and namespace in other branches
  1. 8 registration.module \registration_access()
  2. 7.2 registration.module \registration_access()
  3. 7 registration.module \registration_access()

Access callback: Entity API for Registration entities.

Checks if a user has permission to execute an operation on a registration entity.

Parameters

string $op: Operation user wishes to perform.

Registration $registration: (optional) A fully loaded registration object.

object $account: (optional) An user object, or omit for logged in user.

Return value

bool

See also

registration_entity_info()

1 string reference to 'registration_access'
registration_entity_info in ./registration.module
Implements hook_entity_info().

File

./registration.module, line 1920

Code

function registration_access($op, Registration $registration = NULL, $account = NULL) {
  $user = \Drupal::currentUser();
  $account = isset($account) ? $account : $user;
  $admin = $account
    ->hasPermission('administer registration');
  if (!isset($registration)) {
    return $admin;
  }
  $type = $registration
    ->bundle();

  // bypass further access checks if user can administer registration
  if ($admin || $account
    ->hasPermission("administer {$type} registration")) {
    return TRUE;
  }

  // First grant access to the entity for the specified operation if no other
  // module denies it and at least one other module says to grant access.
  $access_results = \Drupal::moduleHandler()
    ->invokeAll('registration_access', [
    $op,
    $registration,
    $account,
  ]);
  if (in_array(FALSE, $access_results, TRUE)) {
    return FALSE;
  }
  elseif (in_array(TRUE, $access_results, TRUE)) {
    return TRUE;
  }
  $wrapper = entity_metadata_wrapper('registration', $registration);
  $author = $wrapper->author
    ->value();
  $account_own = $author && $author->uid == $account->uid;

  // Fall back to assigned permissions
  switch ($op) {
    case 'view':
      return $account_own && $account
        ->hasPermission("view own {$type} registration") || $account
        ->hasPermission("view {$type} registration");
    case 'update':
      return $account_own && $account
        ->hasPermission("update own {$type} registration") || $account
        ->hasPermission("update any {$type} registration");
    case 'create':
      return $account
        ->hasPermission("create {$type} registration") || $account
        ->hasPermission("create own {$type} registration");
    case 'delete':
      return $account_own && $account
        ->hasPermission("delete own {$type} registration") || $account
        ->hasPermission("delete any {$type} registration");
  }
}