diff --git a/islandora.module b/islandora.module index 5d9ae54e..47f74cbd 100644 --- a/islandora.module +++ b/islandora.module @@ -379,6 +379,48 @@ function islandora_object_datastream_tokened_access_callback($perm, $object = NU return islandora_object_datastream_access_callback($perm, $object, $datastream, $token_account); } +/** + * Checks whether the user who added the token can access the given object and datastream with + * the given permission. + * + * Checks for object existance, accessiblitly, namespace permissions, + * and user permissions + * + * @see islandora_object_load() To find potential solutions to enable page + * not found errors. + * + * @param string $perm + * The user permission to test for. + * @param FedoraObject $object + * The object to test, if NULL given the object doesn't exist or is + * inaccessible. + * @param FedoraDatastream $datastream + * The datastream to test, if NULL given the datastream doesn't exist + * or is inaccessible. + * + * @return boolean + * TRUE if the user is allowed to access this object. + * TRUE if the user who created the token is allowed to access the object + * FALSE otherwise + */ +function islandora_object_datastream_tokened_access_callback($perm, $object = NULL, $datastream = NULL) { + module_load_include('inc', 'islandora', 'includes/utilities'); + $drupal_access = islandora_object_datastream_access_callback($perm, $object, $datastream); + $token_access = FALSE; + if($drupal_access) { + return $drupal_access; + } + if (array_key_exists('token', $_GET)) { + $token = filter_input(INPUT_GET, 'token', FILTER_SANITIZE_STRING); + $token_user = islandora_validate_object_token($object->id, $datastream->id, $token); + if (isset($token_user)) { + $token_account = user_load(array('uid' => $token_user->uid)); + $token_access = user_access($perm, $token_account); + } + } + return $token_access; +} + /** * Checks whether the user can access the given object's manage tab * with the given array of permissions.