function webform_submission_access in Webform 7.4
Same name and namespace in other branches
- 5.2 webform_submissions.inc \webform_submission_access()
- 6.3 webform.module \webform_submission_access()
- 6.2 webform.module \webform_submission_access()
- 7.3 webform.module \webform_submission_access()
Access function for Webform submissions.
Parameters
object $node: The webform node object.
object $submission: The webform submission object.
object $op: The operation to perform. Must be one of view, edit, delete, list.
object $account: Optional. A user object or NULL to use the currently logged-in user.
Return value
bool Boolean whether the user has access to a webform submission.
6 calls to webform_submission_access()
- webform_confirmation_page_access in ./
webform.module - Access function for confirmation pages.
- webform_file_download in ./
webform.module - Implements hook_file_download().
- webform_handler_field_submission_count::render in views/
webform_handler_field_submission_count.inc - Render the field.
- webform_handler_field_submission_link::render in views/
webform_handler_field_submission_link.inc - Render the field.
- webform_node_view in ./
webform.module - Implements hook_node_view().
1 string reference to 'webform_submission_access'
- webform_menu in ./
webform.module - Implements hook_menu().
File
- ./
webform.module, line 627 - This module provides a simple way to create forms and questionnaires.
Code
function webform_submission_access($node, $submission, $op = 'view', $account = NULL) {
global $user;
$account = isset($account) ? $account : $user;
$access_all = user_access('access all webform results', $account);
$access_own_submission = isset($submission) && user_access('access own webform submissions', $account) && ($account->uid && $account->uid == $submission->uid || isset($_SESSION['webform_submission'][$submission->sid]));
$access_node_submissions = user_access('access own webform results', $account) && $account->uid == $node->uid;
$token_access = $submission && isset($_GET['token']) && $_GET['token'] == webform_get_submission_access_token($submission);
// If access is granted via a token, then allow subsequent submission access
// for anonymous users.
if (!$account->uid && $token_access) {
$_SESSION['webform_submission'][$submission->sid] = $node->nid;
}
$general_access = $access_all || $access_own_submission || $access_node_submissions || $token_access;
// Disable the page cache for anonymous users in this access callback,
// otherwise the "Access denied" page gets cached.
if (!$account->uid && user_access('access own webform submissions', $account)) {
webform_disable_page_cache();
}
$module_access = count(array_filter(module_invoke_all('webform_submission_access', $node, $submission, $op, $account))) > 0;
switch ($op) {
case 'view':
return $module_access || $general_access;
case 'edit':
case 'delete':
return $module_access || $general_access && (user_access($op . ' all webform submissions', $account) || user_access($op . ' own webform submissions', $account) && $account->uid == $submission->uid);
case 'list':
return $module_access || user_access('access all webform results', $account) || user_access('access own webform submissions', $account) && ($account->uid || isset($_SESSION['webform_submission'])) || user_access('access own webform results', $account) && $account->uid == $node->uid;
}
}