function content_user_access
Search API
6.x content.module | content_user_access($op, $var) |
4.x content.module | content_user_access($op, $var) |
5.x content.module | content_user_access($op, $var) |
Custom user access function to determine if the user can add, edit, etc, the content
$op can equal: "add" (adding a new piece of content) $var will be the content_type. Ex: "engagement" "view" (attempting to view the content as a full page) "edit" (trying to edit an existing piece of content "delete" (trying to delete the content)
Parameters
unknown_type $op:
unknown_type $var:
4 calls to content_user_access()
- content_edit_content_form in modules/
content/ content.module - This form lets the user edit some piece of content
- content_edit_content_form_submit in modules/
content/ content.module - Submit handler for the edit content form.
- content_files_user_may_download_file in modules/
content/ content.module - Returns TRUE or FALSE if the user has access to download this particular student's file.
- engagements_display_main in modules/
engagements/ engagements.module - displays the main Engagements tab, which shows the history of past engagements.
File
- modules/
content/ content.module, line 664
Code
function content_user_access($op, $var) {
global $user;
if ($user->id == 1) {
return TRUE; // the admin user.
}
$cid = intval($var);
$content = NULL;
if ($op != "add") {
$content = content_load($cid);
}
// Simply trying to view the content. Do we have permission to view published content of this type?
if ($op == 'view' && user_has_permission("view_" . $content->type . "_content")) {
if (intval($content->published) === 1) {
// If the user is a student, we must take special considerations into account, like if
// the visibility is set to faculty/staff only, and if the content is not ABOUT the student.
if ($user->is_student == TRUE) {
// Is this a faculty only file, and the user is a student?
if (isset($content->field__visibility) && $content->field__visibility ['value'] == "faculty") {
return FALSE; // nope, can't view it.
}
// Is the user a student, and is the content ABOUT this student? If not, then they cannot view it. In other words,
// a student can't see another student's engagements, etc.
if (isset($content->field__student_id) && $content->field__student_id ['value'] != $user->cwid) {
return FALSE; // nope, can't view it.
}
}
return TRUE;
}
}
// Trying to add new content of the type specified in $var. Do we have permission?
if ($op == 'add' && user_has_permission("add_" . $var . "_content")) {
return TRUE;
}
// Trying to edit or delete this content.
if ($op == "edit" || $op == "delete") {
// Does the user have permission to edit/delete ANY of this type?
if (user_has_permission($op . "_any_" . $content->type . "_content")) {
return TRUE;
}
// Otherwise, does the content belong the the user, and do they have permission to edit/delete their OWN content?
if ($content->user_id == $user->id && user_has_permission($op . "_own_" . $content->type . "_content")) {
return TRUE;
}
} // op == edit or delete
// Failed all of the previous tests, so return false.
return FALSE;
}