protected function checkEntityAccess($op, $entity_type, $entity)
{
$request = $this->getRequest();
if ($request['vsite']) {
spaces_set_space(spaces_load('og', $request['vsite']));
}
if (empty($entity->nid)) {
// This is still a new node. Skip.
return;
}
if ($is_group = og_is_group($entity_type, $entity)) {
$group = $entity;
} else {
$wrapper = entity_metadata_wrapper('node', $entity);
$group = $wrapper->{OG_AUDIENCE_FIELD}->get(0)->value();
}
if (empty($request['vsite'])) {
spaces_set_space(spaces_load('og', $group->nid));
}
$manager = og_user_access('node', $group->nid, 'administer users', $this->getAccount());
if ($is_group) {
// In addition to the node access check, we need to see if the user can
// manage groups.
return $manager && !vsite_access_node_access($group, 'view', $this->getAccount()) == NODE_ACCESS_DENY;
} else {
$app = os_get_app_by_bundle($entity->type);
$space = spaces_get_space();
$application_settings = $space->controllers->variable->get('spaces_features');
switch ($application_settings[$app]) {
case OS_DISABLED_APP:
return FALSE;
case OS_PRIVATE_APP:
return og_is_member('node', $group->nid, 'user', $this->getAccount()) && parent::checkEntityAccess($op, $entity_type, $entity);
default:
case OS_PUBLIC_APP:
return parent::checkEntityAccess($op, $entity_type, $entity);
}
}
}
/**
* Overrides the default validate method.
*
* @param bool $validate_request
* Determine if we need to validate the sent request values. In case of
* delete we don't need to validate the sent request values.
*/
public function validate($validate_request = TRUE)
{
$this->getObject();
$this->object->group_type = 'node';
if (empty($this->object->gid)) {
$this->object->gid = 0;
} else {
// Set up the space.
spaces_set_space(vsite_get_vsite($this->object->gid));
}
$this->object->gid = (int) $this->object->gid;
$this->setRequest((array) $this->object);
if ($validate_request) {
parent::validate();
}
$function = $this->object->gid ? 'og_user_access' : 'user_access';
$params = $this->object->gid ? array('node', $this->object->gid, 'administer users', $this->getAccount()) : array('administer users', $this->getAccount());
if (!call_user_func_array($function, $params)) {
throw new \RestfulForbiddenException('You are not allowed to manage roles.');
}
}
/**
* Verify the user's request has access CRUD in the current group.
*/
public function checkGroupAccess()
{
$this->getObject();
if (!($this->space = spaces_load('og', $this->object->vsite))) {
// No vsite context.
$this->throwException('The vsite ID is missing.');
}
// Set up the space.
spaces_set_space($this->space);
$this->group = entity_metadata_wrapper('node', $this->space->og);
if (user_access('administer group', $this->getAccount())) {
return TRUE;
}
}