diff --git a/message.api.php b/message.api.php index 89ccd39..e6b00f5 100644 --- a/message.api.php +++ b/message.api.php @@ -64,6 +64,35 @@ function hook_message_view_alter(&$build) { } /** + * Allow modules to alter access granted to a message entity. + * @param $access + * Boolean specifying whether the specifified account has the specified access. + * @param context + * Array containing relevant information for determining access to + * the message entity. Keys are op, entity, entity_type, and account. + */ +function hook_message_access_alter(&$access, $context) { + // We're only interested in the 'view' operation. + if ($context['op'] != 'view') { + return; + } + + $message = $context['entity']; + // Verify view access to nodes referenced in the message. + if (isset($message->field_target_nodes)) { + foreach ($message->field_target_nodes[LANGUAGE_NONE] as $key => $value) { + $node = node_load($value['target_id']); + if (!node_access('view', $node, $context['account'])) { + // If the user cannot view any nodes in the message, + // deny access to the entire message; + $access = FALSE; + return; + } + } + } +} + +/** * Define default message type configurations. * * @return diff --git a/message.module b/message.module index 86922c8..6c8e3b5 100644 --- a/message.module +++ b/message.module @@ -746,7 +746,21 @@ function message_delete_multiple($mids = array()) { * Access callback for the message entity. */ function message_access($op, $entity, $account = NULL, $entity_type = 'message') { - return user_access('create messages', $account); + if ($op == 'create') { + $access = user_access('create messages', $account); + } + else { + $access = user_access('access content', $account); + } + $context = array( + 'op' => $op, + 'entity' => $entity, + 'entity_type' => $entity_type, + 'account' => $account, + ); + // Allow other modules to alter access to a message entity. + drupal_alter('message_access', $access, $context); + return $access; } /**