You are here

Home » API reference » Support Ticketing System 6 » support.module

function support_access in Support Ticketing System 6

Implementation of hook_access().

File

./support.module, line 35
support.module

Code

function support_access($op, $node, $account) {
  switch ($op) {
    case 'create':
      return user_access('create tickets', $account);
    case 'update':
      return user_access('edit any ticket', $account) || user_access('edit own tickets', $account) && $node->uid == $account->uid || user_access('administer support', $account);
    case 'delete':
      return user_access('delete any ticket', $account) || user_access('delete own tickets', $account) && $node->uid == $account->uid || user_access('administer support', $account);
    case 'view':
      if (isset($node->client)) {
        $client = support_client_load($node->client);

        // User can access at least some of this client's tickets.
        if (support_access_clients($client, $account)) {

          // User can access this ticket.
          if (user_access('view other users tickets') || user_access('administer support') || user_access('edit any ticket') || user_access('delete any ticket')) {
            $access = NULL;
          }
          else {

            // User created this ticket, allow access.
            if ($account->uid == $node->uid && $account->uid != 0) {
              $access = NULL;
            }
            else {
              if (db_result(db_query('SELECT 1 FROM {support_assigned} WHERE nid = %d AND uid = %d', $node->nid, $account->uid))) {
                $access = NULL;
              }
              else {
                $access = FALSE;
              }
            }
          }
        }
        else {
          $access = FALSE;
        }

        // We return FALSE to explicitly block access to a ticket.  Otherwise
        // we return NULL to allow other access modules to weigh in.
        return $access;
      }
  }
}