Restirct access to a users own profile

Posted by: 
Dominique De Cooman

Here is an example that restricts access for an admin of an organic group to his own profile.

/**
 *  Implementation of hook_menu_alter() 
 */ 
function tandem_internal_menu_alter(&$callbacks) {
  $callbacks['user/%user/delete']['access callback'] = 'tandem_internal_restrict_access_to_profile';
  $callbacks['user/%user_category/edit']['access callback'] = 'tandem_internal_restrict_access_to_profile';
  $callbacks['user/%user_category/edit/account']['access callback'] = 'tandem_internal_restrict_access_to_profile';
  $callbacks['user/%user_category/edit/persoonlijke informatie']['access callback'] = 'tandem_internal_restrict_access_to_profile';
}
 
/**
 * Custom function that check if a user is an admin of an organic group, if so restrict access
 * At the end we still run the user_edit_access function so unauthorised users dont gain access to profiles 
 */  
 
function tandem_internal_restrict_access_to_profile() {
  global $user;
  $access = db_result(db_query("SELECT nid FROM {og_uid} WHERE uid = %d AND is_admin = 1 LIMIT 1", $user->uid));
  if ($access && $user->uid != 1) {
    return false;
  }
  return user_edit_access($user);
}

Add new comment