function content_user_access

Search API

6.x content.module	`content_user_access($op, $var)`
4.x content.module	`content_user_access($op, $var)`
5.x content.module	`content_user_access($op, $var)`

Custom user access function to determine if the user can add, edit, etc, the content

$op can equal: "add" (adding a new piece of content) $var will be the content_type. Ex: "engagement" "view" (attempting to view the content as a full page) "edit" (trying to edit an existing piece of content "delete" (trying to delete the content)

Parameters

unknown_type $op:

unknown_type $var:

4 calls to content_user_access()

content_edit_content_form in modules/content/content.module: This form lets the user edit some piece of content
content_edit_content_form_submit in modules/content/content.module: Submit handler for the edit content form.
content_files_user_may_download_file in modules/content/content.module: Returns TRUE or FALSE if the user has access to download this particular student's file.
engagements_display_main in modules/engagements/engagements.module: displays the main Engagements tab, which shows the history of past engagements.

File

modules/content/content.module, line 664

Code

function content_user_access($op, $var) {
  global $user;

  if ($user->id == 1) {
    return TRUE; // the admin user.
  }


  $cid = intval($var);
  $content = NULL;

  if ($op != "add") {
    $content = content_load($cid);
  }

  // Simply trying to view the content.  Do we have permission to view published content of this type?  
  if ($op == 'view' && user_has_permission("view_" . $content->type . "_content")) {
    if (intval($content->published) === 1) {


      // If the user is a student, we must take special considerations into account, like if
      // the visibility is set to faculty/staff only, and if the content is not ABOUT the student.
      if ($user->is_student == TRUE) {

        // Is this a faculty only file, and the user is a student?
        if (isset($content->field__visibility) && $content->field__visibility ['value'] == "faculty") {
          return FALSE; // nope, can't view it.
        }

        // Is the user a student, and is the content ABOUT this student?  If not, then they cannot view it.  In other words,
        // a student can't see another student's engagements, etc.          
        if (isset($content->field__student_id) && $content->field__student_id ['value'] != $user->cwid) {
          return FALSE; // nope, can't view it.
        }

      }


      return TRUE;
    }
  }


  // Trying to add new content of the type specified in $var.  Do we have permission?
  if ($op == 'add' && user_has_permission("add_" . $var . "_content")) {
    return TRUE;
  }


  // Trying to edit or delete this content.  
  if ($op == "edit" || $op == "delete") {

    // Does the user have permission to edit/delete ANY of this type?
    if (user_has_permission($op . "_any_" . $content->type . "_content")) {
      return TRUE;
    }

    // Otherwise, does the content belong the the user, and do they have permission to edit/delete their OWN content?
    if ($content->user_id == $user->id && user_has_permission($op . "_own_" . $content->type . "_content")) {
      return TRUE;
    }


  } // op == edit or delete



  // Failed all of the previous tests, so return false.  
  return FALSE;
}

FlightPath academic advising and degree audit

You are here

function content_user_access

Search API

Parameters

File

Code

FlightPath
academic advising and degree audit