You are here

protected function RestWSEntityResourceController::checkPropertyAccess in RESTful Web Services 7.2

Same name and namespace in other branches
  1. 7 restws.entity.inc \RestWSEntityResourceController::checkPropertyAccess()

Helper method to check access on a property.

@todo Remove this once Entity API properly handles text format access.

Parameters

EntityMetadataWrapper $entity: The parent entity.

string $property_name: The property name on the entity.

EntityMetadataWrapper $property: The property whose access is to be checked.

Return value

bool TRUE if the current user has access to set the property, FALSE otherwise.

2 calls to RestWSEntityResourceController::checkPropertyAccess()
RestWSEntityResourceController::create in ./restws.entity.inc
Create a new resource.
RestWSEntityResourceController::update in ./restws.entity.inc
Update an existing resource.

File

./restws.entity.inc, line 415
RESTful web services module integration for entities.

Class

RestWSEntityResourceController
Controller for entity-bases resources.

Code

protected function checkPropertyAccess($entity, $property_name, $property) {
  global $user;

  // Special case node author: we allow access if set to the current user.
  if ($entity
    ->type() == 'node' && $property_name == 'author' && $property
    ->raw() == $GLOBALS['user']->uid) {
    return TRUE;
  }
  elseif ($property
    ->type() == 'text_formatted' && $property->format
    ->value()) {
    $format = (object) array(
      'format' => $property->format
        ->value(),
    );
    if (!filter_access($format)) {
      return FALSE;
    }
  }

  // We don't want the property wrapper to check access again on the parent
  // entity so we directly check access for the property. That way only the
  // pure property/field access is taken into account.
  $info = $property
    ->info();
  if (!empty($info['access callback'])) {
    global $user;
    $data = $entity
      ->value();
    return call_user_func($info['access callback'], 'edit', $property_name, $data, $user, $entity
      ->type());
  }
  elseif (isset($info['setter permission'])) {
    return user_access($info['setter permission']);
  }
  return TRUE;
}