1.20.x user.entity.inc | public User::access($op, $account = NULL) |
Overrides Entity::access().
Parameters
string $op: The operation to be performed on the user. Possible values are:
- create
- view
- update
- delete
User $account: (optional) The user to check for. Leave it to NULL to check for the global user.
Return value
bool: TRUE if access is granted, FALSE otherwise.
Overrides Entity::access
File
- modules/
user/ user.entity.inc, line 193 - Entity classes and controllers for User module.
Class
- User
- Defines the user entity class.
Code
public function access($op, $account = NULL) {
// Casting class with private property causes errors due to added prefix.
// e.g. "\0" . 'User' . "\0". So use static array instead.
$rights = &backdrop_static(__METHOD__, array());
// We can't always count on Backdrop to provide an AnonymousUser for
// anonymous users, so test explicitly.
if (!$this->uid) {
return FALSE;
}
if ($op == 'create') {
return self::createAccess(NULL, $account);
}
elseif (!in_array($op, array('view', 'update', 'delete'), TRUE)) {
// If the $op was not one of the supported ones, we return access denied.
return FALSE;
}
// If no user object is supplied, the access check is for the current user.
if (empty($account)) {
$account = $GLOBALS['user'];
}
$cid = $this->id();
// If we've already checked access for this node, user and op, return from
// cache.
if (isset($rights[$account->uid][$cid][$op])) {
return $rights[$account->uid][$cid][$op];
}
if ($op == 'view') {
// Admins can view all, users can view own profiles at all times.
if ($account->uid == $this->uid || user_access('administer users', $account)) {
$rights[$account->uid][$cid][$op] = TRUE;
return $rights[$account->uid][$cid][$op];
}
elseif (user_access('access user profiles', $account)) {
$rights[$account->uid][$cid][$op] = $account->status;
return $rights[$account->uid][$cid][$op];
}
$rights[$account->uid][$cid][$op] = FALSE;
return $rights[$account->uid][$cid][$op];
}
elseif ($op == 'update') {
$rights[$account->uid][$cid][$op] = (($account->uid == $this->uid) || user_access('administer users', $account)) && $this->uid > 0;
return $rights[$account->uid][$cid][$op];
}
elseif ($op == 'delete') {
$rights[$account->uid][$cid][$op] = ((($account->uid == $this->uid) && user_access('cancel account', $account)) || user_access('administer users', $account)) && $this->uid > 0;
return $rights[$account->uid][$cid][$op];
}
$rights[$account->uid][$cid][$op] = FALSE;
return $rights[$account->uid][$cid][$op];
}