You are here

class UcAddressesPermissions in Ubercart Addresses 7

Same name and namespace in other branches
  1. 6.2 class/UcAddressesPermissions.class.php \UcAddressesPermissions

The permission class: UcAddressesPermissions.

This class checks for view, edit and delete access for a single address. So whenever you want to check permissions for address access, you should not call user_access(), but call the appropiate method in this class. Call canViewAddress() for view access, canEditAddress() for edit access and canDeleteAddress() for delete access. The class will then take care for calling user_access() itself.

If the permissions defined by Ubercart Addresses do not fit your needs, you are able to get further control about address access by implementing hook_uc_addresses_may_view(), hook_uc_addresses_may_edit() or hook_uc_addresses_may_delete(). See uc_addresses.api.php - included with the module - for more information.

Hierarchy

Expanded class hierarchy of UcAddressesPermissions

File

class/UcAddressesPermissions.class.php, line 24
Permission class.

View source
class UcAddressesPermissions {

  // -----------------------------------------------------------------------------
  // CONSTANTS
  // -----------------------------------------------------------------------------

  /**
   * Give users permissiony to view their default address.
   */
  const VIEW_OWN_DEFAULT = 'view own default addresses';

  /**
   * Give users permission to view all of their own addresses.
   * Implies VIEW_OWN_DEFAULT.
   */
  const VIEW_OWN = 'view own addresses';

  /**
   * Give users the ability to view anyone's default address.
   * Implies VIEW_OWN_DEFAULT.
   */
  const VIEW_ALL_DEFAULTS = 'view all default addresses';

  /**
   * Give users the ability to view anyone's addresses.
   * Implies VIEW_OWN, VIEW_ALL_DEFAULTS.
   */
  const VIEW_ALL = 'view all addresses';

  /**
   * Give users the ability to add or edit their own addresses.
   * Implies VIEW_OWN.
   */
  const EDIT_OWN = 'add/edit own addresses';

  /**
   * Give users the ability to add or edit anyone's addresses.
   * Implies VIEW_ALL, EDIT_OWN.
   */
  const EDIT_ALL = 'add/edit all addresses';

  /**
   * Give users the ability to delete their own addresses.
   * Implies VIEW_OWN.
   */
  const DELETE_OWN = 'delete own addresses';

  /**
   * Give users the ability to delete anyone's addresses.
   * Implies VIEW_ALL, DELETE_OWN.
   */
  const DELETE_ALL = 'delete all addresses';

  // -----------------------------------------------------------------------------
  // METHODS
  // -----------------------------------------------------------------------------

  /**
   * Check if user may view this address.
   *
   * @param object $address_user
   *   The owner of the address.
   * @param UcAddressesAddress|NULL $address
   *   (optional) The address object.
   * @param object $account
   *   (optional) The account to check access for.
   *   Defaults to the current active user.
   *
   * @access public
   * @static
   * @return boolean
   *   TRUE if the given user has permission to view the address.
   *   FALSE otherwise.
   */
  public static function canViewAddress($address_user, UcAddressesAddress $address = NULL, $account = NULL) {
    $account = self::getAccount($account);
    if ($address_user->uid == $account->uid) {

      // User is the owner of the address.
      // If trying to view own address.
      if (self::canViewOwn($account)) {

        // Ask other modules if the address may be viewed.
        return self::invoke('uc_addresses_may_view', $address_user, $address, $account);
      }

      // If viewing all addresses, we permit the operation if the user
      // can view the default address. The non-default addresses will
      // need to be filtered out elsewhere.
      if ($address == NULL) {
        if (self::canViewOwnDefault($account)) {

          // Ask other modules if the address may be viewed.
          return self::invoke('uc_addresses_may_view', $address_user, $address, $account);
        }
        return FALSE;
      }

      // Check if the address is a default address and if the user
      // may view own default addresses.
      if ($address
        ->isDefault('shipping') || $address
        ->isDefault('billing')) {
        if (self::canViewOwnDefault($account)) {

          // Ask other modules if the address may be viewed.
          return self::invoke('uc_addresses_may_view', $address_user, $address, $account);
        }
      }
    }
    else {

      // User is NOT the owner of the address.
      // If trying to view someone else's address.
      if (self::canViewAll($account)) {

        // Ask other modules if the address may be viewed.
        return self::invoke('uc_addresses_may_view', $address_user, $address, $account);
      }

      // If viewing all addresses, we permit the operation if the user
      // can view the default address. The non-default addresses will
      // need to be filtered out elsewhere.
      if ($address == NULL) {
        if (self::canViewAllDefaults($account)) {

          // Ask other modules if the address may be viewed.
          return self::invoke('uc_addresses_may_view', $address_user, $address, $account);
        }
        return FALSE;
      }

      // Check if the address is a default address and if the user
      // may view default addresses of all users.
      if ($address
        ->isDefault('shipping') || $address
        ->isDefault('billing')) {
        if (self::canViewAllDefaults($account)) {

          // Ask other modules if the address may be viewed.
          return self::invoke('uc_addresses_may_view', $address_user, $address, $account);
        }
      }
    }

    // No other cases are permitted.
    return FALSE;
  }

  /**
   * Check if the user can edit addresses of this user.
   *
   * @param object $address_user
   *   The owner of the address.
   * @param UcAddressesAddress
   *   (optional) The address object.
   * @param object $account
   *   (optional) The account to check access for.
   *   Defaults to the current active user.
   *
   * @access public
   * @static
   * @return boolean
   *   TRUE if the given user has permission to edit the address.
   *   FALSE otherwise.
   */
  public static function canEditAddress($address_user, UcAddressesAddress $address = NULL, $account = NULL) {
    $account = self::getAccount($account);
    if ($address_user->uid == $account->uid && self::canEditOwn($account)) {

      // Ask other modules if the address may be edited.
      return self::invoke('uc_addresses_may_edit', $address_user, $address, $account);
    }
    if ($address_user->uid != $account->uid && self::canEditAll($account)) {

      // Ask other modules if the address may be edited.
      return self::invoke('uc_addresses_may_edit', $address_user, $address, $account);
    }

    // No other cases are permitted.
    return FALSE;
  }

  /**
   * Check if the user can delete addresses of this user.
   * Default addresses can never be deleted.
   *
   * @param object $address_user
   *   The owner of the address.
   * @param UcAddressesAddress
   *   (optional) The address object.
   * @param object $account
   *   (optional) The account to check access for.
   *   Defaults to the current active user.
   *
   * @access public
   * @static
   * @return boolean
   *   TRUE if the given user has permission to delete the address.
   *   FALSE otherwise.
   */
  public static function canDeleteAddress($address_user, UcAddressesAddress $address = NULL, $account = NULL) {
    $account = self::getAccount($account);
    if ($address instanceof UcAddressesAddress) {

      // Check if the address is a default address. If so, the address may not be deleted.
      if ($address
        ->isDefault('shipping') || $address
        ->isDefault('billing')) {
        return FALSE;
      }
    }
    if ($address_user->uid == $account->uid && self::canDeleteOwn($account)) {

      // Ask other modules if the address may be deleted.
      return self::invoke('uc_addresses_may_delete', $address_user, $address, $account);
    }
    if ($address_user->uid != $account->uid && self::canDeleteAll($account)) {

      // Ask other modules if the address may be deleted.
      return self::invoke('uc_addresses_may_delete', $address_user, $address, $account);
    }

    // No other cases are permitted.
    return FALSE;
  }

  /**
   * If the account may view its own default addresses.
   *
   * @param object $account
   *   (optional) The account to check access for.
   *   Defaults to the current active user.
   *
   * @access public
   * @static
   * @return boolean
   *   TRUE if the account may view its own default addresses.
   *   FALSE otherwise.
   */
  public static function canViewOwnDefault($account = NULL) {
    $account = self::getAccount($account);
    return user_access(self::VIEW_OWN_DEFAULT, $account) || self::canViewAllDefaults($account) || self::canViewOwn($account);
  }

  /**
   * If the account may view its own addresses.
   *
   * @param object $account
   *   (optional) The account to check access for.
   *   Defaults to the current active user.
   *
   * @access public
   * @static
   * @return boolean
   *   TRUE if the account may view its own addresses.
   *   FALSE otherwise.
   */
  public static function canViewOwn($account = NULL) {
    $account = self::getAccount($account);
    return user_access(self::VIEW_OWN, $account) || self::canViewAll($account) || self::canEditOwn($account) || self::canDeleteOwn($account);
  }

  /**
   * If the account may view all default addresses.
   *
   * @param object $account
   *   (optional) The account to check access for.
   *   Defaults to the current active user.
   *
   * @access public
   * @static
   * @return boolean
   *   TRUE if the account may view all default addresses.
   *   FALSE otherwise.
   */
  public static function canViewAllDefaults($account = NULL) {
    $account = self::getAccount($account);
    return user_access(self::VIEW_ALL_DEFAULTS, $account) || self::canViewAll($account);
  }

  /**
   * If the account may view all addresses.
   *
   * @param object $account
   *   (optional) The account to check access for.
   *   Defaults to the current active user.
   *
   * @access public
   * @static
   * @return boolean
   *   TRUE if the account may view all addresses.
   *   FALSE otherwise.
   */
  public static function canViewAll($account = NULL) {
    $account = self::getAccount($account);
    return user_access(self::VIEW_ALL, $account) || self::canEditAll($account) || self::canDeleteAll($account);
  }

  /**
   * If the account may edit its own addresses.
   *
   * @param object $account
   *   (optional) The account to check access for.
   *   Defaults to the current active user.
   *
   * @access public
   * @static
   * @return boolean
   *   TRUE if the account may edit its own addresses.
   *   FALSE otherwise.
   */
  public static function canEditOwn($account = NULL) {
    $account = self::getAccount($account);
    return user_access(self::EDIT_OWN, $account) || self::canEditAll($account);
  }

  /**
   * If the account may edit all addresses.
   *
   * @param object $account
   *   (optional) The account to check access for.
   *   Defaults to the current active user.
   *
   * @access public
   * @static
   * @return boolean
   *   TRUE if the account may edit all addresses.
   *   FALSE otherwise.
   */
  public static function canEditAll($account = NULL) {
    $account = self::getAccount($account);
    return user_access(self::EDIT_ALL, $account);
  }

  /**
   * If the account may delete its own addresses.
   *
   * @param object $account
   *   (optional) The account to check access for.
   *   Defaults to the current active user.
   *
   * @access public
   * @static
   * @return boolean
   *   TRUE if the account may delete its own addresses.
   *   FALSE otherwise.
   */
  public static function canDeleteOwn($account = NULL) {
    $account = self::getAccount($account);
    return user_access(self::DELETE_OWN, $account) || self::canDeleteAll($account);
  }

  /**
   * If the account may delete all addresses.
   *
   * @param object $account
   *   (optional) The account to check access for.
   *   Defaults to the current active user.
   *
   * @access public
   * @static
   * @return boolean
   *   TRUE if the account may delete all addresses.
   *   FALSE otherwise.
   */
  public static function canDeleteAll($account = NULL) {
    $account = self::getAccount($account);
    return user_access(self::DELETE_ALL, $account);
  }

  // -----------------------------------------------------------------------------
  // PRIVATE
  // -----------------------------------------------------------------------------

  /**
   * Helper function for getting the account to check access for.
   *
   * @param object $account
   *   (optional) The account return.
   *   Defaults to the current active user.
   *
   * @access private
   * @static
   * @return object
   *   The account to check access for.
   */
  private static function getAccount($account = NULL) {
    if (!$account) {
      global $user;
      return $user;
    }
    return $account;
  }

  /**
   * Ask other modules if a particular operation is permitted.
   *
   * @param string $hook
   *   The hook to invoke.
   * @param object $address_user
   *   The owner of the address.
   * @param UcAddressesAddress
   *   (optional) The address object.
   * @param object $account
   *   (optional) The account to check access for.
   *   Defaults to the current active user.
   *
   * @access private
   * @static
   * @return boolean
   *   TRUE if all modules agree that the operation is permitted.
   *   FALSE otherwise.
   */
  private static function invoke($hook, $address_user, UcAddressesAddress $address = NULL, $account = NULL) {
    $account = self::getAccount($account);
    if ($account->uid != 1) {

      // Ask other modules if the operation on the address is permitted.
      // If one of the modules returns FALSE, then the operation on the address is not permitted.
      // The superuser (user 1) may do everything, for this user the check is bypassed.
      foreach (module_implements($hook) as $module) {
        $function = $module . '_' . $hook;
        if (!$function($address_user, $address, $account)) {
          return FALSE;
        }
      }
    }
    return TRUE;
  }

}

Members

Namesort descending Modifiers Type Description Overrides
UcAddressesPermissions::canDeleteAddress public static function Check if the user can delete addresses of this user. Default addresses can never be deleted.
UcAddressesPermissions::canDeleteAll public static function If the account may delete all addresses.
UcAddressesPermissions::canDeleteOwn public static function If the account may delete its own addresses.
UcAddressesPermissions::canEditAddress public static function Check if the user can edit addresses of this user.
UcAddressesPermissions::canEditAll public static function If the account may edit all addresses.
UcAddressesPermissions::canEditOwn public static function If the account may edit its own addresses.
UcAddressesPermissions::canViewAddress public static function Check if user may view this address.
UcAddressesPermissions::canViewAll public static function If the account may view all addresses.
UcAddressesPermissions::canViewAllDefaults public static function If the account may view all default addresses.
UcAddressesPermissions::canViewOwn public static function If the account may view its own addresses.
UcAddressesPermissions::canViewOwnDefault public static function If the account may view its own default addresses.
UcAddressesPermissions::DELETE_ALL constant Give users the ability to delete anyone's addresses. Implies VIEW_ALL, DELETE_OWN.
UcAddressesPermissions::DELETE_OWN constant Give users the ability to delete their own addresses. Implies VIEW_OWN.
UcAddressesPermissions::EDIT_ALL constant Give users the ability to add or edit anyone's addresses. Implies VIEW_ALL, EDIT_OWN.
UcAddressesPermissions::EDIT_OWN constant Give users the ability to add or edit their own addresses. Implies VIEW_OWN.
UcAddressesPermissions::getAccount private static function Helper function for getting the account to check access for.
UcAddressesPermissions::invoke private static function Ask other modules if a particular operation is permitted.
UcAddressesPermissions::VIEW_ALL constant Give users the ability to view anyone's addresses. Implies VIEW_OWN, VIEW_ALL_DEFAULTS.
UcAddressesPermissions::VIEW_ALL_DEFAULTS constant Give users the ability to view anyone's default address. Implies VIEW_OWN_DEFAULT.
UcAddressesPermissions::VIEW_OWN constant Give users permission to view all of their own addresses. Implies VIEW_OWN_DEFAULT.
UcAddressesPermissions::VIEW_OWN_DEFAULT constant Give users permissiony to view their default address.