Restirct access to a users own profile
Here is an example that restricts access for an admin of an organic group to his own profile.
/**
* Implementation of hook_menu_alter()
*/
function tandem_internal_menu_alter(&$callbacks) {
$callbacks['user/%user/delete']['access callback'] = 'tandem_internal_restrict_access_to_profile';
$callbacks['user/%user_category/edit']['access callback'] = 'tandem_internal_restrict_access_to_profile';
$callbacks['user/%user_category/edit/account']['access callback'] = 'tandem_internal_restrict_access_to_profile';
$callbacks['user/%user_category/edit/persoonlijke informatie']['access callback'] = 'tandem_internal_restrict_access_to_profile';
}
/**
* Custom function that check if a user is an admin of an organic group, if so restrict access
* At the end we still run the user_edit_access function so unauthorised users dont gain access to profiles
*/
function tandem_internal_restrict_access_to_profile() {
global $user;
$access = db_result(db_query("SELECT nid FROM {og_uid} WHERE uid = %d AND is_admin = 1 LIMIT 1", $user->uid));
if ($access && $user->uid != 1) {
return false;
}
return user_edit_access($user);
}
Add new comment