function registration_own_access in Entity Registration 7.2
Same name and namespace in other branches
- 7 registration.module \registration_own_access()
Define our own view/update/delete access.
Check access based on the entity permissions for all users Also check that an anonymous user created the registration via session token.
1 string reference to 'registration_own_access'
- registration_menu in ./
registration.module - Implements hook_menu().
File
- ./
registration.module, line 312
Code
function registration_own_access($action, $registration, $hash = NULL) {
if (entity_access($action, 'registration', $registration)) {
// Only check session information if this is an anonymous user.
if (!user_is_anonymous()) {
// They have access to the registration and they aren't anonymous.
return TRUE;
}
// Anonymous has access, and we are anonymous. Check for a valid hash.
$in_session = FALSE;
// If we were not handed a hash, check for it in the session or a query
// parameter.
if (!$hash) {
// If they made it or validated already this session:
if (isset($_SESSION['registration_ids'][$registration->registration_id])) {
$in_session = TRUE;
$hash = $_SESSION['registration_ids'][$registration->registration_id];
}
else {
global $_SESSION;
$params = drupal_get_query_parameters();
if (isset($params['registration_hash'])) {
$hash = $params['registration_hash'];
}
}
}
if ($hash === registration_anonymous_access_hash($registration)) {
if (!$in_session) {
$_SESSION['registration_ids'][$registration->registration_id] = $hash;
}
return TRUE;
}
}
return FALSE;
}