function user_relationships_ui_check_access in User Relationships 7

Same name and namespace in other branches

1. 6 user_relationships_ui/user_relationships_ui.module \user_relationships_ui_check_access()

Check access callback

11 calls to user_relationships_ui_check_access()

theme_user_relationship_implications_page in user_relationship_implications/user_relationship_implications.module

Categorized list of relationships for a given user

theme_user_relationship_privatemsg_format in user_relationship_privatemsg/user_relationship_privatemsg.module

Format a relationship for displaying as recipient.

user_relationships_page in user_relationships_ui/user_relationships_ui.pages.inc

Main list of relationships for a specified user

user_relationships_pending_requests_page in user_relationships_ui/user_relationships_ui.pages.inc

List of pending requests from other users

user_relationships_ui_actions_between in user_relationships_ui/user_relationships_ui.module

List of possible relationship actions with between two users.

... See full list

1 string reference to 'user_relationships_ui_check_access'

user_relationships_ui_menu in user_relationships_ui/user_relationships_ui.module

Implements hook_menu().

File

user_relationships_ui/user_relationships_ui.module, line 131

UI components of user_relationships @author Jeff Smick (creator) @author Alex Karshakevich (maintainer) http://drupal.org/user/183217 @author Darren Ferguson (contributor) http://drupal.org/user/70179

Code

function user_relationships_ui_check_access($type, $account = NULL, $relationship_type = NULL) {
  global $user;
  if (!is_object($account)) {
    $account = $user;
  }
  if (!is_object($relationship_type)) {
    $relationship_type = user_relationships_type_load($relationship_type);
  }
  if (user_access('administer user relationships')) {
    return TRUE;
  }

  // If the user does not any have permission, deny access.
  if (!user_relationships_can_receive($account)) {
    return FALSE;
  }
  switch ($type) {
    case 'view':

      // First check if it is the current user and if he has view own
      // permission.
      if ($account->uid == $user->uid && user_relationships_user_access('view own @relationship relationships', $relationship_type)) {
        return TRUE;
      }

      // If this is a different user or he doesn't have that permission,
      // check the view all permission.
      if (user_relationships_user_access('view all @relationship relationships', $relationship_type)) {
        return TRUE;
      }
      break;
    case 'approve':

      // Only the administer permission allows to approve, request, delete
      // relationships for other users, which was already checked.
      if ($account->uid == $user->uid && user_relationships_user_access('maintain @relationship relationships', $relationship_type)) {
        return TRUE;
      }
      break;
    case 'request':
      if ($account->uid == $user->uid && user_relationships_can_request($account, $relationship_type)) {
        return TRUE;
      }
      break;
    case 'delete':

      // Do not allow access if this is a oneway relationship requested by another user.
      if (is_object($relationship_type) && $relationship_type->is_oneway && $relationship_type->requester_id != $user->uid) {
        return FALSE;
      }
      if ($account->uid == $user->uid && user_relationships_user_access('delete @relationship relationships', $relationship_type)) {
        return TRUE;
      }
      break;
  }
  return FALSE;
}