You are here

Home » API reference » Webform 6.3 » webform.module

function webform_submission_access in Webform 6.3

Same name and namespace in other branches
  1. 5.2 webform_submissions.inc \webform_submission_access()
  2. 6.2 webform.module \webform_submission_access()
  3. 7.4 webform.module \webform_submission_access()
  4. 7.3 webform.module \webform_submission_access()
3 calls to webform_submission_access()
webform_handler_field_submission_link::render in views/webform_handler_field_submission_link.inc
webform_node_view in ./webform.module
Implements hook_node_view().
webform_results_submissions in includes/webform.report.inc
Retrieve lists of submissions for a given webform.
1 string reference to 'webform_submission_access'
webform_menu in ./webform.module
Implements hook_menu().

File

./webform.module, line 415

Code

function webform_submission_access($node, $submission, $op = 'view', $account = NULL) {
  global $user;
  $account = isset($account) ? $account : $user;
  $access_all = user_access('access all webform results', $account);
  $access_own_submission = isset($submission) && user_access('access own webform submissions', $account) && ($account->uid && $account->uid == $submission->uid || isset($_SESSION['webform_submission'][$submission->sid]));
  $access_node_submissions = user_access('access own webform results', $account) && $account->uid == $node->uid;
  $general_access = $access_all || $access_own_submission || $access_node_submissions;

  // Disable the page cache for anonymous users in this access callback,
  // otherwise the "Access denied" page gets cached.
  if (!$account->uid && user_access('access own webform submissions', $account)) {
    webform_disable_page_cache();
  }
  $module_access = count(array_filter(module_invoke_all('webform_submission_access', $node, $submission, $op, $account))) > 0;
  switch ($op) {
    case 'view':
      return $module_access || $general_access;
    case 'edit':
      return $module_access || $general_access && (user_access('edit all webform submissions', $account) || user_access('edit own webform submissions', $account) && $account->uid == $submission->uid);
    case 'delete':
      return $module_access || $general_access && (user_access('delete all webform submissions', $account) || user_access('delete own webform submissions', $account) && $account->uid == $submission->uid);
    case 'list':
      return $module_access || user_access('access all webform results', $account) || user_access('access own webform submissions', $account) && ($account->uid || isset($_SESSION['webform_submission'])) || user_access('access own webform results', $account) && $account->uid == $node->uid;
  }
}