The registration_administer_registrations_access() function is currently used as an access callback for a menu item. It checks whether the current user has access to a given registration.

I am in a position where I need to check programmatically if an account other than the current user has access to registration for a given entity.

Proposed solution

Here is a prosed solution which is backward-compatible. Change

/**
 * Access callback: for registration_registrations_page().
 *
 * Check if user has access to administer registrations for a host entity.
 *
 * @param string $entity_type
 *   The host entity type.
 * @param object $entity
 *   The host entity.
 *
 * @return bool
 *   Whether a user can view registrations for a host entity.
 *
 * @see registration_registrations_page()
 * @see registration_menu()
 */
function registration_administer_registrations_access($entity_type, $entity) {
  $registration_type = registration_get_entity_registration_type($entity_type, $entity);
  if ($registration_type) {
    if (user_access("administer $registration_type registration")) {
      return TRUE;
    }
    elseif (user_access("administer own $registration_type registration") && entity_access('update', $entity_type, $entity)) {
      return TRUE;
    }
  }
  return FALSE;
}

to 

/**
 * Access callback: for registration_registrations_page().
 *
 * Check if user has access to administer registrations for a host entity.
 *
 * @param string $entity_type
 *   The host entity type.
 * @param object $entity
 *   The host entity.
 * @param object $account = NULL
 *   An account for which to check access. If NULL is provided the current
 *   user is used.
 *
 * @return bool
 *   Whether a user can view registrations for a host entity.
 *
 * @see registration_registrations_page()
 * @see registration_menu()
 */
function registration_administer_registrations_access($entity_type, $entity, $account = NULL) {
  $registration_type = registration_get_entity_registration_type($entity_type, $entity);
  if ($registration_type) {
    if (user_access("administer $registration_type registration", $account)) {
      return TRUE;
    }
    elseif (user_access("administer own $registration_type registration", $account) && entity_access('update', $entity_type, $entity, $account)) {
      return TRUE;
    }
  }
  return FALSE;
}
CommentFileSizeAuthor
#4 2357533-4-registration-7.x-1.x-access-check-for-other-accounts.patch1.43 KBalberto56
#3 2357533-3-registration-7.x-1.x-access-check-for-other-accounts.patch1.42 KBalberto56
#1 2357533-1-registration-7.x-1.x-access-check-for-other-accounts.patch1.42 KBalberto56

Comments

alberto56’s picture

alberto56 commented
Status: Active » Needs review
StatusFileSize
new 2357533-1-registration-7.x-1.x-access-check-for-other-accounts.patch1.42 KB

Here is a patch that does this.

alberto56’s picture

alberto56 commented
Issue summary: View changes
alberto56’s picture

alberto56 commented
StatusFileSize
new 2357533-3-registration-7.x-1.x-access-check-for-other-accounts.patch1.42 KB

Oops small typo on the patch. Here is a better version

alberto56’s picture

alberto56 commented
StatusFileSize
new 2357533-4-registration-7.x-1.x-access-check-for-other-accounts.patch1.43 KB

Here's an even better one.

caxy4’s picture

caxy4 commented
Status: Needs review » Closed (fixed)

Albert, I've applied your patch to the 7.x-1.x branch with commit 6077bab after a slight tweak (s/administer own $registration_type registration/update own $registration_type registration/).
It will be in the upcoming 7.x-1.4 release.