You are here

function _shoutbox_user_access in Shoutbox 6

Same name and namespace in other branches
  1. 5 shoutbox.module \_shoutbox_user_access()
  2. 6.2 shoutbox.module \_shoutbox_user_access()
  3. 7.2 shoutbox.module \_shoutbox_user_access()
  4. 7 shoutbox.module \_shoutbox_user_access()

This function is necessary because even if a user has permission (according to the user_access function), they still should not have some permissions, such as moderating their own posts, etc.

Parameters

$permission: The user's permissions.

$shout: The shout post object.

Return value

Returns 1 if user should have accces, 0 otherwise.

8 calls to _shoutbox_user_access()
shoutbox_add_form_submit in ./shoutbox.module
Handles submission of a shout. Handles both ajax submission and regular form submission.
shoutbox_delete_form_submit in ./shoutbox.module
Handle the delete form submission.
shoutbox_edit_form in ./shoutbox.module
Form for editing shouts.
shoutbox_edit_form_submit in ./shoutbox.module
Handle the edit form submission.
_shoutbox_block_view in ./shoutbox.module
Returns the themed HTML to be displayed in the block.

... See full list

1 string reference to '_shoutbox_user_access'
shoutbox_menu in ./shoutbox.module
Implementation of hook_menu().

File

./shoutbox.module, line 980
shoutbox module displays a block for users to create short messages for thw whole site. Uses AHAH to update the database and display content.

Code

function _shoutbox_user_access($permission, $shout = NULL) {
  global $user;
  if (user_access('administer shoutbox')) {
    return TRUE;
  }
  $user_timeout = FALSE;
  $user_owned = FALSE;
  $access_granted = user_access($permission);

  // If user_access says no, it's definitely no.
  if ($access_granted && ($permission == 'edit own shouts' || $permission == 'delete own shouts')) {
    if (_shoutbox_is_user_owned($shout)) {

      // A registered user's own post.
      if ($shout->uid > 0 && $shout->created < time() - 60 * variable_get('shoutbox_registered_timeout', 1440)) {
        $user_timeout = TRUE;
      }
      else {
        if ($shout->uid == 0 && $shout->created < time() - 60 * variable_get('shoutbox_anonymous_timeout', 20)) {
          $user_timeout = TRUE;
        }
      }
      $user_owned = TRUE;
    }

    // If not user owned the post or editing priviledges have timed out ...
    $access_granted = $user_owned && !$user_timeout;
  }
  return $access_granted;
}