Added a new function islandora_user_access() to simplify access callbacks.

This function will check the given object/datastream against the given
permissions and required content models using the given user. If no user is
given the user identified by the GET token will be used, if no token is present
the global user will be used.

islandora.module

@@ -334,6 +334,88 @@ function islandora_forms($form_id) {
   return $forms;
 }
 
+/**
+ * Checks whether the user can access the given object.
+ *
+ * Checks for repository access, object/datastream existance, namespace access,
+ * user permissions, content models.
+ *
+ * Will check the given user or the user repersented by the GET token parameter,
+ * failing that it will use the global user.
+ *
+ * @global $user
+ *
+ * @param mixed $object
+ *   The FedoraObject or FedoraDatastream to test for accessibility, if NULL
+ *   is given the object is assumed to not exist or be inaccessible.
+ * @param array $permissions
+ *   The required user permissions.
+ * @param array $content_models
+ *   The required content models.
+ * @param bool $access_any
+ *   (optional) TRUE to grant access if any single requirement is met from both
+ *   the permissions and content models parameters. FALSE if all requirements
+ *   must be met from both the permissions and content model parameters.
+ * @param object $account
+ *   (optional) The account to check, if not given check the GET parameters for
+ *   a token to restore the user. If no GET parameter is present use currently
+ *   logged in user.
+ *
+ * @return bool
+ *   TRUE if the user is allowed to access this object/datastream, FALSE
+ *   otherwise.
+ */
+function islandora_user_access($object, array $permissions, $content_models = array(), $access_any = TRUE, $account = NULL) {
+  module_load_include('inc', 'islandora', 'includes/utilities');
+  $is_repository_accessible = &drupal_static(__FUNCTION__);
+  // If the repository is inaccessible then access always fails.
+  if (!isset($is_repository_accessible)) {
+    $is_repository_accessible = islandora_describe_repository();
+    if (!$is_repository_accessible) {
+      // Only display the inaccessible message once.
+      islandora_display_repository_inaccessible_message();
+      return FALSE;
+    }
+  }
+  if (!$is_repository_accessible || !is_object($object)) {
+    return FALSE;
+  }
+  // Determine the user account to test against.
+  if (!isset($account)) {
+    $token = filter_input(INPUT_GET, 'token', FILTER_SANITIZE_STRING);
+    if ($token) {
+      module_load_include('inc', 'islandora', 'includes/authtokens');
+      $user = islandora_validate_object_token($object->id, $datastream->id, $token);
+      if ($user) {
+        $account = user_load($user->uid);
+      }
+    }
+    else {
+      global $user;
+      $account = $user;
+    }
+  }
+  // Determine what has been passed as $object.
+  if (is_subclass_of($object, 'FedoraObject')) {
+    $object = $object;
+  }
+  elseif (is_subclass_of($object, 'FedoraDatastream')) {
+    $datastream = $object;
+    $object = $datstream->parent;
+  }
+  // Check for access.
+  $accessible_namespace = islandora_namespace_accessible($object->id);
+  if ($access_any) {
+    $has_required_permissions = islandora_user_access_any($permissions, $account);
+    $has_required_content_models = empty($content_models) ? TRUE : count(array_intersect($object->models, $content_models)) > 0;
+  }
+  else {
+    $has_required_permissions = islandora_user_access_all($permissions, $account);
+    $has_required_content_models = count(array_diff($content_models, $object->models)) == 0;
+  }
+  return $accessible_namespace && $has_required_permissions && $has_required_content_models;
+}
+
 /**
  * Checks whether the user can access the given object.
  *