function schools_check_access

7.x schools.module schools_check_access($op, $entity_code, $catalog_year)
6.x schools.module schools_check_access($op, $entity_code, $catalog_year)

this is our custom access callback.

op is expected to be 'edit-degree', 'edit-course', or 'edit-group' entity_code is the degree_id for degrees, group_id for groups, and course_id for courses.

1 string reference to 'schools_check_access'
schools_menu_alter in modules/schools/schools.module
hook_menu_alter

File

modules/schools/schools.module, line 463
Schools module.

Code

function schools_check_access($op, $entity_code, $catalog_year) {

  // If the user doesn't have this base permission, they can't edit anything
  // at all.          
  if (!user_has_permission("can_edit_data_entry")) {
    return FALSE;
  }


  $school_id = $entity_type = "";
  $db = get_global_database_handler();

  /////////////////////
  if ($op == 'edit-degree') {

    $entity_type = 'degree';
    $school_id = db_result(db_query("SELECT school_id FROM draft_degrees 
                                     WHERE degree_id = ?
                                     AND catalog_year = ?", $entity_code, $catalog_year));

  }



  ///////////////////////
  // The path for editing a group looks like this:
  //    admin/groups/edit-group?group_id=XXX&de_catalog_year=XXX
  if ($op == 'edit-group') {
    $entity_type = "group";
    $group_id = $_REQUEST ['group_id'];

    if ($group_id == 'new') {
      return TRUE;
    }

    $school_id = intval(db_result(db_query("SELECT school_id FROM draft_groups WHERE group_id = ?", $group_id)));

  }


  ///////////////////////
  // The path for editing a course looks like this:
  //    admin/courses/edit-course?course_id=XXX&de_catalog_year=XXX    
  if ($op == 'edit-course') {
    $entity_type = "course";
    $course_id = $_REQUEST ['course_id'];

    if ($course_id == 'new') {
      return TRUE;
    }
    $school_id = intval(db_result(db_query("SELECT school_id FROM draft_courses WHERE course_id = ?", $course_id)));


  }





  // Actually check the permission, IF there is a school_id set.
  if ($school_id != "" && $entity_type != "") {
    if (!user_has_permission('administer_' . $school_id . '_' . $entity_type . '_data')) {
      return FALSE;
    }
  }



  // If we got here, then we didn't fail any permission checks, so we can let the user proceed.
  return TRUE;

}