function user_relationships_ui_check_access in User Relationships 7
Same name and namespace in other branches
- 6 user_relationships_ui/user_relationships_ui.module \user_relationships_ui_check_access()
Check access callback
11 calls to user_relationships_ui_check_access()
- theme_user_relationship_implications_page in user_relationship_implications/
user_relationship_implications.module - Categorized list of relationships for a given user
- theme_user_relationship_privatemsg_format in user_relationship_privatemsg/
user_relationship_privatemsg.module - Format a relationship for displaying as recipient.
- user_relationships_page in user_relationships_ui/
user_relationships_ui.pages.inc - Main list of relationships for a specified user
- user_relationships_pending_requests_page in user_relationships_ui/
user_relationships_ui.pages.inc - List of pending requests from other users
- user_relationships_ui_actions_between in user_relationships_ui/
user_relationships_ui.module - List of possible relationship actions with between two users.
1 string reference to 'user_relationships_ui_check_access'
- user_relationships_ui_menu in user_relationships_ui/
user_relationships_ui.module - Implements hook_menu().
File
- user_relationships_ui/
user_relationships_ui.module, line 131 - UI components of user_relationships @author Jeff Smick (creator) @author Alex Karshakevich (maintainer) http://drupal.org/user/183217 @author Darren Ferguson (contributor) http://drupal.org/user/70179
Code
function user_relationships_ui_check_access($type, $account = NULL, $relationship_type = NULL) {
global $user;
if (!is_object($account)) {
$account = $user;
}
if (!is_object($relationship_type)) {
$relationship_type = user_relationships_type_load($relationship_type);
}
if (user_access('administer user relationships')) {
return TRUE;
}
// If the user does not any have permission, deny access.
if (!user_relationships_can_receive($account)) {
return FALSE;
}
switch ($type) {
case 'view':
// First check if it is the current user and if he has view own
// permission.
if ($account->uid == $user->uid && user_relationships_user_access('view own @relationship relationships', $relationship_type)) {
return TRUE;
}
// If this is a different user or he doesn't have that permission,
// check the view all permission.
if (user_relationships_user_access('view all @relationship relationships', $relationship_type)) {
return TRUE;
}
break;
case 'approve':
// Only the administer permission allows to approve, request, delete
// relationships for other users, which was already checked.
if ($account->uid == $user->uid && user_relationships_user_access('maintain @relationship relationships', $relationship_type)) {
return TRUE;
}
break;
case 'request':
if ($account->uid == $user->uid && user_relationships_can_request($account, $relationship_type)) {
return TRUE;
}
break;
case 'delete':
// Do not allow access if this is a oneway relationship requested by another user.
if (is_object($relationship_type) && $relationship_type->is_oneway && $relationship_type->requester_id != $user->uid) {
return FALSE;
}
if ($account->uid == $user->uid && user_relationships_user_access('delete @relationship relationships', $relationship_type)) {
return TRUE;
}
break;
}
return FALSE;
}