You are here

Home » API reference » Shoutbox 7.2 » shoutbox.module

function _shoutbox_user_access in Shoutbox 7.2

Same name and namespace in other branches
  1. 5 shoutbox.module \_shoutbox_user_access()
  2. 6.2 shoutbox.module \_shoutbox_user_access()
  3. 6 shoutbox.module \_shoutbox_user_access()
  4. 7 shoutbox.module \_shoutbox_user_access()

This function is necessary because even if a user has permission (according to the user_access function), they still should not have some permissions, such as moderating their own posts, etc.

Parameters

$permission: The user's permissions.

$shout: The shout post object.

Return value

Returns 1 if user should have accces, 0 otherwise.

6 calls to _shoutbox_user_access()
shoutbox_add_form in ./shoutbox.module
Generates form for adding shouts.
shoutbox_add_form_submit in ./shoutbox.module
Handles submission of a shout.
shoutbox_add_form_validate in ./shoutbox.module
Makes sure uses don't submit default values.
shoutbox_display_posts in ./shoutbox.module
Output existing shoutbox posts as html.
shoutbox_edit_form in ./shoutbox.pages.inc
Form for editing shouts.

... See full list

1 string reference to '_shoutbox_user_access'
shoutbox_menu in ./shoutbox.module
Implements hook_menu().

File

./shoutbox.module, line 889
Shoutbox module displays a block for users to create short messages for the whole site. Uses AHAH to update the database and display content.

Code

function _shoutbox_user_access($permission, $shout = NULL) {
  global $user;
  if (user_access('administer shoutbox')) {
    return TRUE;
  }
  $user_timeout = FALSE;
  $user_owned = FALSE;
  $access_granted = user_access($permission);

  //  If user_access says no, it's definitely no.
  if ($access_granted && ($permission == 'edit own shouts' || $permission == 'delete own shouts')) {
    if (_shoutbox_is_user_owned($shout)) {

      //  A registered user's own post.
      if ($shout->uid) {

        //  Only act if there is a timeout set.
        if ($timeout = variable_get('shoutbox_registered_timeout', 0)) {

          //  Check to see if timeout has been met.
          if ($shout->created < REQUEST_TIME - 60 * $timeout) {
            $user_timeout = TRUE;
          }
        }
      }
      else {

        //  Only act if there is a timeout set
        if ($timeout = variable_get('shoutbox_anonymous_timeout', 20)) {

          //  Check to see if timeout has been met
          if ($shout->created < REQUEST_TIME - 60 * $timeout) {
            $user_timeout = TRUE;
          }
        }
      }
      $user_owned = TRUE;
    }

    //  If not user owned the post or editing priviledges have timed out ...
    $access_granted = $user_owned && !$user_timeout;
  }
  drupal_alter('shoutbox_user_access', $access_granted, $permission, $shout);
  return $access_granted;
}