Home Explore Help
Sign In
bachir
/
materio-base-d7
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: 1e27fcca51
Branches Tags
materio-base...
/
sites
/
all
/
modules
/
contrib
/
ecommerce
/
ubercart
/
uc_order
/
views
/
uc_order_plugin_argument_validate_user_perm.inc

uc_order_plugin_argument_validate_user_perm.inc 3.2 KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899 
  1. <?php
    2. 

  2. 

  3. /**
    4. 

  4.  * Validate whether an argument is the current user or has a permission.
    5. 

  5.  *
    6. 

  6.  * This supports either numeric arguments (UID) or strings (username) and
    7. 

  7.  * converts either one into the user's UID.  This validator also sets the
    8. 

  8.  * argument's title to the username.
    9. 

  9.  */
    10. 

  10. class uc_order_plugin_argument_validate_user_perm extends views_plugin_argument_validate_user {
    11. 

  11. 

  12.   function option_definition() {
    13. 

  13.     $options = parent::option_definition();
    14. 

  14. 

  15.     $options['perm'] = array('default' => 'view all orders');
    16. 

  16. 

  17.     return $options;
    18. 

  18.   }
    19. 

  19. 

  20.   function options_form(&$form, &$form_state) {
    21. 

  21.     parent::options_form($form, $form_state);
    22. 

  22. 

  23.     $form['restrict_roles']['#access'] = FALSE;
    24. 

  24.     $form['roles']['#access'] = FALSE;
    25. 

  25. 

  26.     $perms = array();
    27. 

  27.     $module_info = system_get_info('module');
    28. 

  28. 

  29.     // Get list of permissions
    30. 

  30.     foreach (module_implements('permission') as $module) {
    31. 

  31.       $permissions = module_invoke($module, 'permission');
    32. 

  32.       foreach ($permissions as $name => $perm) {
    33. 

  33.         $perms[$module_info[$module]['name']][$name] = strip_tags($perm['title']);
    34. 

  34.       }
    35. 

  35.     }
    36. 

  36. 

  37.     asort($perms);
    38. 

  38. 

  39.     $form['perm'] = array(
    40. 

  40.       '#type' => 'select',
    41. 

  41.       '#options' => $perms,
    42. 

  42.       '#title' => t('Permission'),
    43. 

  43.       '#default_value' => $this->options['perm'],
    44. 

  44.       '#description' => t('Users with the selected permission flag will be able to bypass validation.'),
    45. 

  45.     );
    46. 

  46.   }
    47. 

  47. 

  48.   function validate_argument($argument) {
    49. 

  49.     $type = $this->options['type'];
    50. 

  50.     // is_numeric() can return false positives, so we ensure it's an integer.
    51. 

  51.     // However, is_integer() will always fail, since $argument is a string.
    52. 

  52.     if (is_numeric($argument) && $argument == (int) $argument) {
    53. 

  53.       if ($type == 'uid' || $type == 'either') {
    54. 

  54.         if ($argument == $GLOBALS['user']->uid) {
    55. 

  55.           // If you assign an object to a variable in PHP, the variable
    56. 

  56.           // automatically acts as a reference, not a copy, so we use
    57. 

  57.           // clone to ensure that we don't actually mess with the
    58. 

  58.           // real global $user object.
    59. 

  59.           $account = clone $GLOBALS['user'];
    60. 

  60.         }
    61. 

  61.         $where = 'uid = :argument';
    62. 

  62.       }
    63. 

  63.     }
    64. 

  64.     else {
    65. 

  65.       if ($type == 'name' || $type == 'either') {
    66. 

  66.         $name = !empty($GLOBALS['user']->name) ? $GLOBALS['user']->name : variable_get('anonymous', t('Anonymous'));
    67. 

  67.         if ($argument == $name) {
    68. 

  68.           $account = clone $GLOBALS['user'];
    69. 

  69.         }
    70. 

  70.         $where = "name = :argument";
    71. 

  71.       }
    72. 

  72.     }
    73. 

  73. 

  74.     // If we don't have a WHERE clause, the argument is invalid.
    75. 

  75.     if (empty($where)) {
    76. 

  76.       return FALSE;
    77. 

  77.     }
    78. 

  78. 

  79.     if (!isset($account)) {
    80. 

  80.       $query = "SELECT uid, name FROM {users} WHERE $where";
    81. 

  81.       $account = db_query($query, array(':argument' => $argument))->fetchObject();
    82. 

  82.     }
    83. 

  83.     if (empty($account)) {
    84. 

  84.       // User not found.
    85. 

  85.       return FALSE;
    86. 

  86.     }
    87. 

  87. 

  88.     // If the current user is not the account specified by the argument
    89. 

  89.     // and doesn't have the correct permission, validation fails.
    90. 

  90.     if ($GLOBALS['user']->uid != $account->uid && !user_access($this->options['perm'])) {
    91. 

  91.       return FALSE;
    92. 

  92.     }
    93. 

  93. 

  94.     $this->argument->argument = $account->uid;
    95. 

  95.     $this->argument->validated_title = isset($account->name) ? check_plain($account->name) : check_plain(variable_get('anonymous', t('Anonymous')));
    96. 

  96.     return TRUE;
    97. 

  97.   }
    98. 

  98. 

  99. }
    100.