function advise_user_can_view_advising_session_access_callback

6.x advise.module advise_user_can_view_advising_session_access_callback()
4.x advise.module advise_user_can_view_advising_session_access_callback()
5.x advise.module advise_user_can_view_advising_session_access_callback()

This is an access callback. Can the user view the advising session specified in the REQUEST?

File

modules/advise/advise.module, line 1127

Code

function advise_user_can_view_advising_session_access_callback() {
  global $user;

  if (user_has_permission("view_any_advising_session")) {
    return TRUE;
  }


  if (user_has_permission("view_own_advising_session") || user_has_permission("view_advisee_advising_session")) {

    $advising_session_id = $_REQUEST ["advising_session_id"];

    // First, what was the student's CWID associated with that advising_session_id?
    $res = db_query("SELECT student_id FROM advising_sessions
                     WHERE advising_session_id = ? ", $advising_session_id);
    $cur = db_fetch_array($res);

    if (user_has_permission("view_own_advising_session") && $user->cwid == $cur ["student_id"]) {
      return TRUE;
    }

    if (user_has_permission("view_advisee_advising_session")) {
      $faculty_advisees = advise_get_advisees();
      if (in_array($cur ["student_id"], $faculty_advisees)) {
        return TRUE;
      }
    }

  }

  return FALSE;
}