1.20.x user.entity.inc public User::access($op, $account = NULL)

Overrides Entity::access().

Parameters

string $op: The operation to be performed on the user. Possible values are:

  • create
  • view
  • update
  • delete

User $account: (optional) The user to check for. Leave it to NULL to check for the global user.

Return value

bool: TRUE if access is granted, FALSE otherwise.

Overrides Entity::access

File

modules/user/user.entity.inc, line 193
Entity classes and controllers for User module.

Class

User
Defines the user entity class.

Code

public function access($op, $account = NULL) {
  // Casting class with private property causes errors due to added prefix.
  // e.g. "\0" . 'User' . "\0". So use static array instead.
  $rights = &backdrop_static(__METHOD__, array());

  // We can't always count on Backdrop to provide an AnonymousUser for
  // anonymous users, so test explicitly.
  if (!$this->uid) {
    return FALSE;
  }

  if ($op == 'create') {
    return self::createAccess(NULL, $account);
  }
  elseif (!in_array($op, array('view', 'update', 'delete'), TRUE)) {
    // If the $op was not one of the supported ones, we return access denied.
    return FALSE;
  }
  // If no user object is supplied, the access check is for the current user.
  if (empty($account)) {
    $account = $GLOBALS['user'];
  }

  $cid = $this->id();

  // If we've already checked access for this node, user and op, return from
  // cache.
  if (isset($rights[$account->uid][$cid][$op])) {
    return $rights[$account->uid][$cid][$op];
  }

  if ($op == 'view') {
    // Admins can view all, users can view own profiles at all times.
    if ($account->uid == $this->uid || user_access('administer users', $account)) {
      $rights[$account->uid][$cid][$op] = TRUE;
      return $rights[$account->uid][$cid][$op];
    }
    elseif (user_access('access user profiles', $account)) {
      $rights[$account->uid][$cid][$op] = $account->status;
      return $rights[$account->uid][$cid][$op];
    }
    $rights[$account->uid][$cid][$op] = FALSE;
    return $rights[$account->uid][$cid][$op];
  }
  elseif ($op == 'update') {
    $rights[$account->uid][$cid][$op] = (($account->uid == $this->uid) || user_access('administer users', $account)) && $this->uid > 0;
    return $rights[$account->uid][$cid][$op];
  }
  elseif ($op == 'delete') {
    $rights[$account->uid][$cid][$op] = ((($account->uid == $this->uid) && user_access('cancel account', $account)) || user_access('administer users', $account)) && $this->uid > 0;
    return $rights[$account->uid][$cid][$op];
  }

  $rights[$account->uid][$cid][$op] = FALSE;
  return $rights[$account->uid][$cid][$op];
}