By mark_ian_newton on

Hey guys,

I have been posting a bit here, and not getting much of a response. I think I have some code which does what I want it to do. But could someone have a look at it for me and tell me if its secure enough to use? I had a look through the documentation but couldn't just see anything which stood out.

///load current user
global $user;
///drupal_set_message("current user id" .$user->uid);

///get the club id
$club_id = array(':nid' => $contexts['argument_entity_id:node_1']->data->field_club['und']['0']['target_id']); 
///drupal_set_message("The club nid " .$club_id[':nid']);

///sql to get the author id for the club
$sql = 'SELECT uid FROM {node} WHERE nid = :nid;';

///drupal_set_message("sql: " .$sql);

$result = db_query($sql, $club_id);

foreach ($result as $author_id) {
  // Do something with each $record
  ///$node = node_load($author_id->uid);
  ///drupal_set_message("Club author id: " .$author_id->uid);
 
  if ($author_id->uid == $user->uid){
     /// drupal_set_message("the user should be able to reply to this review");
       return true;
  }else{
      ///drupal_set_message("the user should not be able to reply to this review");
      return false;
  } 
}

The code is for a hyperlink to appear on a panel page for a node using drupal 7.x.

Thanks in advance for any responses,

Mark.

Categories: Drupal 7.x

Comments

Jaypan’s picture

Jaypan commented

Looks fine. The only thing I would change is this:

$contexts['argument_entity_id:node_1']->data->field_club['und']['0']['target_id']

To this:

$contexts['argument_entity_id:node_1']->data->field_club[LANGUAGE_NONE][0]['target_id']
mark_ian_newton’s picture

mark_ian_newton commented

Hey Jaypan,

Thanks for the reply. I am pretty new to coding php bits in drupal, so thanks again,

Mark,