protected function RestWSEntityResourceController::checkPropertyAccess in RESTful Web Services 7.2
Same name and namespace in other branches
- 7 restws.entity.inc \RestWSEntityResourceController::checkPropertyAccess()
Helper method to check access on a property.
@todo Remove this once Entity API properly handles text format access.
Parameters
EntityMetadataWrapper $entity: The parent entity.
string $property_name: The property name on the entity.
EntityMetadataWrapper $property: The property whose access is to be checked.
Return value
bool TRUE if the current user has access to set the property, FALSE otherwise.
2 calls to RestWSEntityResourceController::checkPropertyAccess()
- RestWSEntityResourceController::create in ./
restws.entity.inc - Create a new resource.
- RestWSEntityResourceController::update in ./
restws.entity.inc - Update an existing resource.
File
- ./
restws.entity.inc, line 415 - RESTful web services module integration for entities.
Class
- RestWSEntityResourceController
- Controller for entity-bases resources.
Code
protected function checkPropertyAccess($entity, $property_name, $property) {
global $user;
// Special case node author: we allow access if set to the current user.
if ($entity
->type() == 'node' && $property_name == 'author' && $property
->raw() == $GLOBALS['user']->uid) {
return TRUE;
}
elseif ($property
->type() == 'text_formatted' && $property->format
->value()) {
$format = (object) array(
'format' => $property->format
->value(),
);
if (!filter_access($format)) {
return FALSE;
}
}
// We don't want the property wrapper to check access again on the parent
// entity so we directly check access for the property. That way only the
// pure property/field access is taken into account.
$info = $property
->info();
if (!empty($info['access callback'])) {
global $user;
$data = $entity
->value();
return call_user_func($info['access callback'], 'edit', $property_name, $data, $user, $entity
->type());
}
elseif (isset($info['setter permission'])) {
return user_access($info['setter permission']);
}
return TRUE;
}