Elgg  Version 1.10
AccessCollections.php
Go to the documentation of this file.
1 <?php
2 
3 namespace Elgg\Database;
4 
14 class AccessCollections {
18  private $site_guid;
19 
25  public function __construct($site_guid) {
26  $this->site_guid = $site_guid;
27  }
28 
44  function getAccessList($user_guid = 0, $site_guid = 0, $flush = false) {
45  global $init_finished;
46  $cache = _elgg_services()->accessCache;
47 
48  if ($flush) {
49  $cache->clear();
50  }
51 
52  if ($user_guid == 0) {
53  $user_guid = _elgg_services()->session->getLoggedInUserGuid();
54  }
55 
56  if (($site_guid == 0) && $this->site_guid) {
57  $site_guid = $this->site_guid;
58  }
59  $user_guid = (int) $user_guid;
60  $site_guid = (int) $site_guid;
61 
62  $hash = $user_guid . $site_guid . 'get_access_list';
63 
64  if ($cache[$hash]) {
65  return $cache[$hash];
66  }
67 
68  $access_array = get_access_array($user_guid, $site_guid, $flush);
69  $access = "(" . implode(",", $access_array) . ")";
70 
71  if ($init_finished) {
72  $cache[$hash] = $access;
73  }
74 
75  return $access;
76  }
77 
103  function getAccessArray($user_guid = 0, $site_guid = 0, $flush = false) {
104  global $init_finished;
105 
106  $cache = _elgg_services()->accessCache;
107 
108  if ($flush) {
109  $cache->clear();
110  }
111 
112  if ($user_guid == 0) {
113  $user_guid = _elgg_services()->session->getLoggedInUserGuid();
114  }
115 
116  if (($site_guid == 0) && $this->site_guid) {
117  $site_guid = $this->site_guid;
118  }
119 
120  $user_guid = (int) $user_guid;
121  $site_guid = (int) $site_guid;
122 
123  $hash = $user_guid . $site_guid . 'get_access_array';
124 
125  if ($cache[$hash]) {
126  $access_array = $cache[$hash];
127  } else {
128  $access_array = array(ACCESS_PUBLIC);
129 
130  // The following can only return sensible data for a known user.
131  if ($user_guid) {
132  $db = _elgg_services()->db;
133  $prefix = $db->getTablePrefix();
134 
135  $access_array[] = ACCESS_LOGGED_IN;
136 
137  // Get ACL memberships
138  $query = "SELECT am.access_collection_id"
139  . " FROM {$prefix}access_collection_membership am"
140  . " LEFT JOIN {$prefix}access_collections ag ON ag.id = am.access_collection_id"
141  . " WHERE am.user_guid = $user_guid AND (ag.site_guid = $site_guid OR ag.site_guid = 0)";
142 
143  $collections = $db->getData($query);
144  if ($collections) {
145  foreach ($collections as $collection) {
146  if (!empty($collection->access_collection_id)) {
147  $access_array[] = (int)$collection->access_collection_id;
148  }
149  }
150  }
151 
152  // Get ACLs owned.
153  $query = "SELECT ag.id FROM {$prefix}access_collections ag ";
154  $query .= "WHERE ag.owner_guid = $user_guid AND (ag.site_guid = $site_guid OR ag.site_guid = 0)";
155 
156  $collections = $db->getData($query);
157  if ($collections) {
158  foreach ($collections as $collection) {
159  if (!empty($collection->id)) {
160  $access_array[] = (int)$collection->id;
161  }
162  }
163  }
164 
165  $ignore_access = elgg_check_access_overrides($user_guid);
166 
167  if ($ignore_access == true) {
168  $access_array[] = ACCESS_PRIVATE;
169  }
170  }
171 
172  if ($init_finished) {
173  $cache[$hash] = $access_array;
174  }
175  }
176 
177  $options = array(
178  'user_id' => $user_guid,
179  'site_id' => $site_guid
180  );
181 
182  // see the warning in the docs for this function about infinite loop potential
183  return _elgg_services()->hooks->trigger('access:collections:read', 'user', $options, $access_array);
184  }
185 
225  function getWhereSql(array $options = array()) {
226  global $ENTITY_SHOW_HIDDEN_OVERRIDE;
227 
228  $defaults = array(
229  'table_alias' => 'e',
230  'user_guid' => _elgg_services()->session->getLoggedInUserGuid(),
231  'use_enabled_clause' => !$ENTITY_SHOW_HIDDEN_OVERRIDE,
232  'access_column' => 'access_id',
233  'owner_guid_column' => 'owner_guid',
234  'guid_column' => 'guid',
235  );
236 
237  $options = array_merge($defaults, $options);
238 
239  // just in case someone passes a . at the end
240  $options['table_alias'] = rtrim($options['table_alias'], '.');
241 
242  foreach (array('table_alias', 'access_column', 'owner_guid_column', 'guid_column') as $key) {
243  $options[$key] = sanitize_string($options[$key]);
244  }
245  $options['user_guid'] = sanitize_int($options['user_guid'], false);
246 
247  // only add dot if we have an alias or table name
248  $table_alias = $options['table_alias'] ? $options['table_alias'] . '.' : '';
249 
250  $options['ignore_access'] = elgg_check_access_overrides($options['user_guid']);
251 
252  $clauses = array(
253  'ors' => array(),
254  'ands' => array()
255  );
256 
257  $prefix = _elgg_services()->db->getTablePrefix();
258 
259  if ($options['ignore_access']) {
260  $clauses['ors'][] = '1 = 1';
261  } else if ($options['user_guid']) {
262  // include content of user's friends
263  $clauses['ors'][] = "$table_alias{$options['access_column']} = " . ACCESS_FRIENDS . "
264  AND $table_alias{$options['owner_guid_column']} IN (
265  SELECT guid_one FROM {$prefix}entity_relationships
266  WHERE relationship = 'friend' AND guid_two = {$options['user_guid']}
267  )";
268 
269  // include user's content
270  $clauses['ors'][] = "$table_alias{$options['owner_guid_column']} = {$options['user_guid']}";
271  }
272 
273  // include standard accesses (public, logged in, access collections)
274  if (!$options['ignore_access']) {
275  $access_list = get_access_list($options['user_guid']);
276  $clauses['ors'][] = "$table_alias{$options['access_column']} IN {$access_list}";
277  }
278 
279  if ($options['use_enabled_clause']) {
280  $clauses['ands'][] = "{$table_alias}enabled = 'yes'";
281  }
282 
283  $clauses = _elgg_services()->hooks->trigger('get_sql', 'access', $options, $clauses);
284 
285  $clauses_str = '';
286  if (is_array($clauses['ors']) && $clauses['ors']) {
287  $clauses_str = '(' . implode(' OR ', $clauses['ors']) . ')';
288  }
289 
290  if (is_array($clauses['ands']) && $clauses['ands']) {
291  if ($clauses_str) {
292  $clauses_str .= ' AND ';
293  }
294  $clauses_str .= '(' . implode(' AND ', $clauses['ands']) . ')';
295  }
296 
297  return "($clauses_str)";
298  }
299 
319  function hasAccessToEntity($entity, $user = null) {
320 
321 
322  // See #7159. Must not allow ignore access to affect query
323  $ia = elgg_set_ignore_access(false);
324 
325  if (!isset($user)) {
326  $access_bit = _elgg_get_access_where_sql();
327  } else {
328  $access_bit = _elgg_get_access_where_sql(array('user_guid' => $user->getGUID()));
329  }
330 
331  elgg_set_ignore_access($ia);
332 
333  $db = _elgg_services()->db;
334  $prefix = $db->getTablePrefix();
335 
336  $query = "SELECT guid from {$prefix}entities e WHERE e.guid = {$entity->guid}";
337  // Add access controls
338  $query .= " AND " . $access_bit;
339  if ($db->getData($query)) {
340  return true;
341  } else {
342  return false;
343  }
344  }
345 
371  function getWriteAccessArray($user_guid = 0, $site_guid = 0, $flush = false) {
372  global $init_finished;
373  $cache = _elgg_services()->accessCache;
374 
375  if ($flush) {
376  $cache->clear();
377  }
378 
379  if ($user_guid == 0) {
380  $user_guid = _elgg_services()->session->getLoggedInUserGuid();
381  }
382 
383  if (($site_guid == 0) && $this->site_guid) {
384  $site_guid = $this->site_guid;
385  }
386 
387  $user_guid = (int) $user_guid;
388  $site_guid = (int) $site_guid;
389 
390  $hash = $user_guid . $site_guid . 'get_write_access_array';
391 
392  if ($cache[$hash]) {
393  $access_array = $cache[$hash];
394  } else {
395  // @todo is there such a thing as public write access?
396  $access_array = array(
397  ACCESS_PRIVATE => _elgg_services()->translator->translate("PRIVATE"),
398  ACCESS_FRIENDS => _elgg_services()->translator->translate("access:friends:label"),
399  ACCESS_LOGGED_IN => _elgg_services()->translator->translate("LOGGED_IN"),
400  ACCESS_PUBLIC => _elgg_services()->translator->translate("PUBLIC")
401  );
402 
403  $db = _elgg_services()->db;
404  $prefix = $db->getTablePrefix();
405 
406  $query = "SELECT ag.* FROM {$prefix}access_collections ag ";
407  $query .= " WHERE (ag.site_guid = $site_guid OR ag.site_guid = 0)";
408  $query .= " AND (ag.owner_guid = $user_guid)";
409 
410  $collections = $db->getData($query);
411  if ($collections) {
412  foreach ($collections as $collection) {
413  $access_array[$collection->id] = $collection->name;
414  }
415  }
416 
417  if ($init_finished) {
418  $cache[$hash] = $access_array;
419  }
420  }
421 
422  $options = array(
423  'user_id' => $user_guid,
424  'site_id' => $site_guid
425  );
426  return _elgg_services()->hooks->trigger('access:collections:write', 'user',
427  $options, $access_array);
428  }
429 
444  function canEdit($collection_id, $user_guid = null) {
445  if ($user_guid) {
446  $user = _elgg_services()->entityTable->get((int) $user_guid);
447  } else {
448  $user = _elgg_services()->session->getLoggedInUser();
449  }
450 
451  $collection = get_access_collection($collection_id);
452 
453  if (!($user instanceof \ElggUser) || !$collection) {
454  return false;
455  }
456 
457  $write_access = get_write_access_array($user->getGUID(), 0, true);
458 
459  // don't ignore access when checking users.
460  if ($user_guid) {
461  return array_key_exists($collection_id, $write_access);
462  } else {
463  return elgg_get_ignore_access() || array_key_exists($collection_id, $write_access);
464  }
465  }
466 
484  function create($name, $owner_guid = 0, $site_guid = 0) {
485  $name = trim($name);
486  if (empty($name)) {
487  return false;
488  }
489 
490  if ($owner_guid == 0) {
491  $owner_guid = _elgg_services()->session->getLoggedInUserGuid();
492  }
493  if (($site_guid == 0) && $this->site_guid) {
494  $site_guid = $this->site_guid;
495  }
496 
497  $db = _elgg_services()->db;
498  $prefix = $db->getTablePrefix();
499 
500  $name = $db->sanitizeString($name);
501 
502  $q = "INSERT INTO {$prefix}access_collections
503  SET name = '{$name}',
504  owner_guid = {$owner_guid},
505  site_guid = {$site_guid}";
506  $id = $db->insertData($q);
507  if (!$id) {
508  return false;
509  }
510 
511  $params = array(
512  'collection_id' => $id
513  );
514 
515  if (!_elgg_services()->hooks->trigger('access:collections:addcollection', 'collection', $params, true)) {
516  return false;
517  }
518 
519  return $id;
520  }
521 
536  function update($collection_id, $members) {
537  $acl = $this->get($collection_id);
538 
539  if (!$acl) {
540  return false;
541  }
542  $members = (is_array($members)) ? $members : array();
543 
544  $cur_members = $this->getMembers($collection_id, true);
545  $cur_members = (is_array($cur_members)) ? $cur_members : array();
546 
547  $remove_members = array_diff($cur_members, $members);
548  $add_members = array_diff($members, $cur_members);
549 
550  $result = true;
551 
552  foreach ($add_members as $guid) {
553  $result = $result && $this->addUser($guid, $collection_id);
554  }
555 
556  foreach ($remove_members as $guid) {
557  $result = $result && $this->removeUser($guid, $collection_id);
558  }
559 
560  return $result;
561  }
562 
570  function delete($collection_id) {
571  $collection_id = (int) $collection_id;
572  $params = array('collection_id' => $collection_id);
573 
574  if (!_elgg_services()->hooks->trigger('access:collections:deletecollection', 'collection', $params, true)) {
575  return false;
576  }
577 
578  $db = _elgg_services()->db;
579  $prefix = $db->getTablePrefix();
580 
581  // Deleting membership doesn't affect result of deleting ACL.
582  $q = "DELETE FROM {$prefix}access_collection_membership
583  WHERE access_collection_id = {$collection_id}";
584  $db->deleteData($q);
585 
586  $q = "DELETE FROM {$prefix}access_collections
587  WHERE id = {$collection_id}";
588  $result = $db->deleteData($q);
589 
590  return (bool)$result;
591  }
592 
605  function get($collection_id) {
606 
607  $collection_id = (int) $collection_id;
608 
609  $db = _elgg_services()->db;
610  $prefix = $db->getTablePrefix();
611 
612  $query = "SELECT * FROM {$prefix}access_collections WHERE id = {$collection_id}";
613  $get_collection = $db->getDataRow($query);
614 
615  return $get_collection;
616  }
617 
628  function addUser($user_guid, $collection_id) {
629  $collection_id = (int) $collection_id;
630  $user_guid = (int) $user_guid;
631  $user = get_user($user_guid);
632 
633  $collection = $this->get($collection_id);
634 
635  if (!($user instanceof \ElggUser) || !$collection) {
636  return false;
637  }
638 
639  $params = array(
640  'collection_id' => $collection_id,
641  'user_guid' => $user_guid
642  );
643 
644  $result = _elgg_services()->hooks->trigger('access:collections:add_user', 'collection', $params, true);
645  if ($result == false) {
646  return false;
647  }
648 
649  $db = _elgg_services()->db;
650  $prefix = $db->getTablePrefix();
651 
652  // if someone tries to insert the same data twice, we do a no-op on duplicate key
653  $q = "INSERT INTO {$prefix}access_collection_membership
654  SET access_collection_id = $collection_id, user_guid = $user_guid
655  ON DUPLICATE KEY UPDATE user_guid = user_guid";
656  $result = $db->insertData($q);
657 
658  return $result !== false;
659  }
660 
671  function removeUser($user_guid, $collection_id) {
672  $collection_id = (int) $collection_id;
673  $user_guid = (int) $user_guid;
674  $user = get_user($user_guid);
675 
676  $collection = $this->get($collection_id);
677 
678  if (!($user instanceof \ElggUser) || !$collection) {
679  return false;
680  }
681 
682  $params = array(
683  'collection_id' => $collection_id,
684  'user_guid' => $user_guid,
685  );
686 
687  if (!_elgg_services()->hooks->trigger('access:collections:remove_user', 'collection', $params, true)) {
688  return false;
689  }
690 
691  $db = _elgg_services()->db;
692  $prefix = $db->getTablePrefix();
693 
694  $q = "DELETE FROM {$prefix}access_collection_membership
695  WHERE access_collection_id = {$collection_id}
696  AND user_guid = {$user_guid}";
697 
698  return (bool)$db->deleteData($q);
699  }
700 
709  function getUserCollections($owner_guid, $site_guid = 0) {
710  $owner_guid = (int) $owner_guid;
711  $site_guid = (int) $site_guid;
712 
713  if (($site_guid == 0) && $this->site_guid) {
714  $site_guid = $this->site_guid;
715  }
716 
717  $db = _elgg_services()->db;
718  $prefix = $db->getTablePrefix();
719 
720  $query = "SELECT * FROM {$prefix}access_collections
721  WHERE owner_guid = {$owner_guid}
722  AND site_guid = {$site_guid}
723  ORDER BY name ASC";
724 
725  $collections = $db->getData($query);
726 
727  return $collections;
728  }
729 
738  function getMembers($collection, $idonly = false) {
739  $collection = (int)$collection;
740 
741  $db = _elgg_services()->db;
742  $prefix = $db->getTablePrefix();
743 
744  if (!$idonly) {
745  $query = "SELECT e.* FROM {$prefix}access_collection_membership m"
746  . " JOIN {$prefix}entities e ON e.guid = m.user_guid"
747  . " WHERE m.access_collection_id = {$collection}";
748  $collection_members = $db->getData($query, "entity_row_to_elggstar");
749  } else {
750  $query = "SELECT e.guid FROM {$prefix}access_collection_membership m"
751  . " JOIN {$prefix}entities e ON e.guid = m.user_guid"
752  . " WHERE m.access_collection_id = {$collection}";
753  $collection_members = $db->getData($query);
754  if (!$collection_members) {
755  return false;
756  }
757  foreach ($collection_members as $key => $val) {
758  $collection_members[$key] = $val->guid;
759  }
760  }
761 
762  return $collection_members;
763  }
764 }
Elgg\Database\AccessCollections\getAccessList
getAccessList($user_guid=0, $site_guid=0, $flush=false)
Return a string of access_ids for $user_guid appropriate for inserting into an SQL IN clause...
Definition: AccessCollections.php:44
Elgg\Database\AccessCollections\getUserCollections
getUserCollections($owner_guid, $site_guid=0)
Returns an array of database row objects of the access collections owned by $owner_guid.
Definition: AccessCollections.php:709
Elgg\Database\AccessCollections\__construct
__construct($site_guid)
Constructor.
Definition: AccessCollections.php:25
Elgg\Database\AccessCollections\removeUser
removeUser($user_guid, $collection_id)
Removes a user from an access collection.
Definition: AccessCollections.php:671
get_access_array
get_access_array($user_guid=0, $site_guid=0, $flush=false)
Returns an array of access IDs a user is permitted to see.
Definition: access.php:102
$result
$result
Definition: set_maintenance_mode.php:11
$name
if($guid==elgg_get_logged_in_user_guid()) $name
Definition: delete.php:21
$members
$members
Definition: pickercallback.php:18
site_guid
$CONFIG site_guid
The guid of the current site object.
Definition: config.php:122
Elgg\Database\AccessCollections\hasAccessToEntity
hasAccessToEntity($entity, $user=null)
Can a user access an entity.
Definition: AccessCollections.php:319
Elgg\Database\AccessCollections\update
update($collection_id, $members)
Updates the membership in an access collection.
Definition: AccessCollections.php:536
Elgg\Database\AccessCollections\getAccessArray
getAccessArray($user_guid=0, $site_guid=0, $flush=false)
Returns an array of access IDs a user is permitted to see.
Definition: AccessCollections.php:103
$ia
$ia
Definition: upgrade.php:26
_elgg_services
if(!$autoload_available) _elgg_services()
Definition: autoloader.php:20
$guid
$guid
Removes an admin notice.
Definition: delete_admin_notice.php:6
ACCESS_FRIENDS
const ACCESS_FRIENDS
Definition: elgglib.php:2049
$collection
$collection
Definition: pickercallback.php:17
Elgg\Database\AccessCollections\getWhereSql
getWhereSql(array $options=array())
Returns the SQL where clause for enforcing read access to data.
Definition: AccessCollections.php:225
get_access_collection
get_access_collection($collection_id)
Get a specified access collection.
Definition: access.php:356
sanitize_string
sanitize_string($string)
Sanitize a string for database use.
Definition: database.php:140
elgg_get_ignore_access
elgg_get_ignore_access()
Get current ignore access setting.
Definition: access.php:54
$params
$params
Definition: login.php:72
$options
$options
Definition: index.php:14
$owner_guid
$owner_guid
Definition: comments_block.php:21
Elgg\Database\AccessCollections\addUser
addUser($user_guid, $collection_id)
Adds a user to an access collection.
Definition: AccessCollections.php:628
$init_finished
$init_finished
A flag to set if Elgg&#39;s access initialization is finished.
Definition: access.php:547
elgg_check_access_overrides
elgg_check_access_overrides($user_guid=0)
Decides if the access system should be ignored for a user.
Definition: access.php:529
get_user
get_user($guid)
Get a user object from a GUID.
Definition: users.php:87
$key
$key
Definition: summary.php:34
elgg_set_ignore_access
elgg_set_ignore_access($ignore=true)
Set if Elgg&#39;s access system should be ignored.
Definition: access.php:43
Elgg\Database\AccessCollections\getMembers
getMembers($collection, $idonly=false)
Get all of members of an access collection.
Definition: AccessCollections.php:738
$ENTITY_SHOW_HIDDEN_OVERRIDE
$ENTITY_SHOW_HIDDEN_OVERRIDE
Allow disabled entities and metadata to be returned by getter functions.
Definition: access.php:148
$user
$user
Definition: ban.php:13
ACCESS_PRIVATE
const ACCESS_PRIVATE
Definition: elgglib.php:2046
global
elgg global
Pointer to the global context.
Definition: elgglib.js:12
get_access_list
get_access_list($user_guid=0, $site_guid=0, $flush=false)
Return a string of access_ids for $user_guid appropriate for inserting into an SQL IN clause...
Definition: access.php:73
Elgg\Database\AccessCollections\getWriteAccessArray
getWriteAccessArray($user_guid=0, $site_guid=0, $flush=false)
Returns an array of access permissions that the user is allowed to save content with.
Definition: AccessCollections.php:371
Elgg\Database\AccessCollections\create
create($name, $owner_guid=0, $site_guid=0)
Creates a new access collection.
Definition: AccessCollections.php:484
$collection_id
$collection_id
Definition: delete.php:9
ACCESS_PUBLIC
const ACCESS_PUBLIC
Definition: elgglib.php:2048
ACCESS_LOGGED_IN
const ACCESS_LOGGED_IN
Definition: elgglib.php:2047
sanitize_int
sanitize_int($int, $signed=true)
Sanitizes an integer for database use.
Definition: database.php:161
$user_guid
$user_guid
Avatar remove action.
Definition: remove.php:6
$defaults
$defaults
Definition: access.php:19
$entity
$entity
Definition: delete.php:10
_elgg_get_access_where_sql
_elgg_get_access_where_sql(array $options=array())
Returns the SQL where clause for enforcing read access to data.
Definition: access.php:214
$id
if(!$collection_name) $id
Definition: add.php:17
Elgg\Database\AccessCollections\canEdit
canEdit($collection_id, $user_guid=null)
Can the user change this access collection?
Definition: AccessCollections.php:444
get_write_access_array
get_write_access_array($user_guid=0, $site_guid=0, $flush=false)
Returns an array of access permissions that the user is allowed to save content with.
Definition: access.php:266
$access
$access
Definition: save.php:15
Generated on Sun May 5 2024 00:02:38 for Elgg by   doxygen 1.8.11