You are here

Home » API reference » Shoutbox 5 » shoutbox.module

function _shoutbox_user_access in Shoutbox 5

Same name and namespace in other branches
  1. 6.2 shoutbox.module \_shoutbox_user_access()
  2. 6 shoutbox.module \_shoutbox_user_access()
  3. 7.2 shoutbox.module \_shoutbox_user_access()
  4. 7 shoutbox.module \_shoutbox_user_access()

This function is necessary because even if a user has permission (according to the user_access function), they still should not have some permissions, such as moderating their own posts, etc.

Parameters

$permission: The user's permissions.

$shout: The shout post object.

Return value

Returns 1 if user should have accces, 0 otherwise.

9 calls to _shoutbox_user_access()
shoutbox_access_callback in ./shoutbox.module
Function to handle shoutbox access callbacks that require a shout_id. Does some sanity checking on on the id and loads the shout before calling _shoutbox_user_access.
shoutbox_add_form_submit in ./shoutbox.module
Handles submission of a shout.
shoutbox_delete_form_submit in ./shoutbox.module
Handle the delete form submission.
shoutbox_edit_form in ./shoutbox.module
Form for editing shouts.
shoutbox_edit_form_submit in ./shoutbox.module
Handle the edit form submission.

... See full list

File

./shoutbox.module, line 1012
shoutbox module displays a block for users to create short messages for thw whole site. Uses AHAH to update the database and display content.

Code

function _shoutbox_user_access($permission, $shout = NULL) {
  global $user;

  // Handles both user uid = 1 and
  // administer case
  if (user_access('administer shoutbox')) {
    return TRUE;
  }
  $user_timeout = FALSE;
  $user_owned = FALSE;
  $access_granted = user_access($permission);

  // If user_access says no, it's definitely no.
  if ($access_granted && ($permission == 'edit own shouts' || $permission == 'delete own shouts')) {
    if (_shoutbox_is_user_owned($shout)) {

      // A registered user's own post.
      if ($shout->uid > 0 && $shout->created < time() - 60 * variable_get('shoutbox_registered_timeout', 1440)) {
        $user_timeout = TRUE;
      }
      else {
        if ($shout->uid == 0 && $shout->created < time() - 60 * variable_get('shoutbox_anonymous_timeout', 20)) {
          $user_timeout = TRUE;
        }
      }
      $user_owned = TRUE;
    }

    // If not user owned the post or editing priviledges have timed out ...
    $access_granted = $user_owned && !$user_timeout;
  }
  return $access_granted;
}