You are here

function registration_own_access in Entity Registration 7

Same name and namespace in other branches
  1. 7.2 registration.module \registration_own_access()

Define our own view/update/delete access.

Check access based on the entity permissions for all users Also check that an anonymous user created the registration via session token.

1 string reference to 'registration_own_access'
registration_menu in ./registration.module
Implements hook_menu().

File

./registration.module, line 322

Code

function registration_own_access($action, $registration, $hash = NULL) {
  if (entity_access($action, 'registration', $registration)) {

    // Only check session information if this is an anonymous user.
    if (!user_is_anonymous()) {

      // They have access to the registration and they aren't anonymous.
      return TRUE;
    }

    // Anonymous has access, and we are anonymous. Check for a valid hash.
    $in_session = FALSE;

    // If we were not handed a hash, check for it in the session or a query
    // parameter.
    if (!$hash) {

      // If they made it or validated already this session:
      if (isset($_SESSION['registration_ids'][$registration->registration_id])) {
        $in_session = TRUE;
        $hash = $_SESSION['registration_ids'][$registration->registration_id];
      }
      else {
        global $_SESSION;
        $params = drupal_get_query_parameters();
        if (isset($params['registration_hash'])) {
          $hash = $params['registration_hash'];
        }
      }
    }
    if ($hash === registration_anonymous_access_hash($registration)) {
      if (!$in_session) {
        $_SESSION['registration_ids'][$registration->registration_id] = $hash;
      }
      return TRUE;
    }
  }
  return FALSE;
}