You are here

Home » API reference » Support Ticketing System 7 » support.module

function support_node_access in Support Ticketing System 7

Implementation of hook_node_access().

File

./support.module, line 160
support.module

Code

function support_node_access($node, $op, $account) {
  $type = is_string($node) ? $node : $node->type;
  if ($type != 'support_ticket') {

    // We are only interested in support_ticket nodes.
    return NODE_ACCESS_IGNORE;
  }
  switch ($op) {
    case 'create':
      if (user_access('create support_ticket content', $account)) {
        return NODE_ACCESS_ALLOW;
      }
      return NODE_ACCESS_DENY;
    case 'update':
      if (user_access('edit any support_ticket content', $account) || user_access('edit own support_ticket content', $account) && $node->uid == $account->uid || user_access('administer support', $account)) {
        return NODE_ACCESS_ALLOW;
      }
      return NODE_ACCESS_DENY;
    case 'delete':
      if (user_access('delete any support_ticket content', $account) || user_access('delete own support_ticket content', $account) && $node->uid == $account->uid || user_access('administer support', $account)) {
        return NODE_ACCESS_ALLOW;
      }
      return NODE_ACCESS_DENY;
    case 'view':
      if (isset($node->client)) {
        $client = support_client_load($node->client);

        // User can access at least some of this client's tickets.
        if (support_access_clients($client, $account)) {

          // User can access this ticket.
          if (user_access('view other users tickets') || user_access('administer support') || user_access('edit any support_ticket content') || user_access('delete any support_ticket content')) {
            $access = NODE_ACCESS_IGNORE;
          }
          else {

            // User created this ticket, allow access.
            if ($account->uid == $node->uid && $account->uid != 0) {
              $access = NODE_ACCESS_IGNORE;
            }
            else {
              if (db_query('SELECT 1 FROM {support_assigned} WHERE nid = :nid AND uid = :uid', array(
                ':nid' => $node->nid,
                ':uid' => $account->uid,
              ))
                ->fetchField()) {
                $access = NODE_ACCESS_IGNORE;
              }
              else {
                $access = NODE_ACCESS_DENY;
              }
            }
          }
        }
        else {
          $access = NODE_ACCESS_DENY;
        }

        // We return NODE_ACCESS_DENY to explicitly block access to a ticket.  Otherwise
        // we return NODE_ACCESS_IGNORE to allow other access modules to weigh in.
        return $access;
      }
  }
}