Elgg  Version 1.11
Namespaces | Functions | Variables
access.php File Reference

Go to the source code of this file.

Namespaces

 Elgg\Core
 Activate a plugin or plugins.
 

Functions

 elgg_set_ignore_access ($ignore=true)
 Set if Elgg's access system should be ignored. More...
 
 elgg_get_ignore_access ()
 Get current ignore access setting. More...
 
 get_access_list ($user_guid=0, $site_guid=0, $flush=false)
 Return a string of access_ids for $user_guid appropriate for inserting into an SQL IN clause. More...
 
 get_access_array ($user_guid=0, $site_guid=0, $flush=false)
 Returns an array of access IDs a user is permitted to see. More...
 
 get_default_access (ElggUser $user=null, array $input_params=array())
 Gets the default access permission. More...
 
 access_show_hidden_entities ($show_hidden)
 Show or hide disabled entities. More...
 
 access_get_show_hidden_status ()
 Return current status of showing disabled entities. More...
 
 _elgg_get_access_where_sql (array $options=array())
 Returns the SQL where clause for enforcing read access to data. More...
 
 has_access_to_entity ($entity, $user=null)
 Can a user access an entity. More...
 
 get_write_access_array ($user_guid=0, $site_guid=0, $flush=false, array $input_params=array())
 Returns an array of access permissions that the user is allowed to save content with. More...
 
 can_edit_access_collection ($collection_id, $user_guid=null)
 Can the user change this access collection? More...
 
 create_access_collection ($name, $owner_guid=0, $site_guid=0)
 Creates a new access collection. More...
 
 update_access_collection ($collection_id, $members)
 Updates the membership in an access collection. More...
 
 delete_access_collection ($collection_id)
 Deletes a specified access collection and its membership. More...
 
 get_access_collection ($collection_id)
 Get a specified access collection. More...
 
 add_user_to_access_collection ($user_guid, $collection_id)
 Adds a user to an access collection. More...
 
 remove_user_from_access_collection ($user_guid, $collection_id)
 Removes a user from an access collection. More...
 
 get_user_access_collections ($owner_guid, $site_guid=0)
 Returns an array of database row objects of the access collections owned by $owner_guid. More...
 
 get_members_of_access_collection ($collection, $idonly=false)
 Get all of members of an access collection. More...
 
 elgg_get_entities_from_access_id (array $options=array())
 Return entities based upon access id. More...
 
 elgg_list_entities_from_access_id (array $options=array())
 Lists entities from an access collection. More...
 
 get_readable_access_level ($entity_access_id)
 Return the name of an ACCESS_* constant or an access collection, but only if the logged in user has write access to it. More...
 
 elgg_check_access_overrides ($user_guid=0)
 Decides if the access system should be ignored for a user. More...
 
 access_init ()
 A quick and dirty way to make sure the access permissions have been correctly set up. More...
 
 elgg_override_permissions ($hook, $type, $value, $params)
 Overrides the access system if appropriate. More...
 
 access_test ($hook, $type, $value, $params)
 Runs unit tests for the access library. More...
 

Variables

 $ENTITY_SHOW_HIDDEN_OVERRIDE = false
 Allow disabled entities and metadata to be returned by getter functions. More...
 
 $init_finished = false
 A flag to set if Elgg's access initialization is finished. More...
 
return function (\Elgg\EventsService $events,\Elgg\HooksRegistrationService $hooks)
 The function used to get results. More...
 

Function Documentation

_elgg_get_access_where_sql ( array  $options = array())

Returns the SQL where clause for enforcing read access to data.

Note that if this code is executed in privileged mode it will return (1=1).

Otherwise it returns a where clause to retrieve the data that a user has permission to read.

Plugin authors can hook into the 'get_sql', 'access' plugin hook to modify, remove, or add to the where clauses. The plugin hook will pass an array with the current ors and ands to the function in the form: array( 'ors' => array(), 'ands' => array() )

The results will be combined into an SQL where clause in the form: ((or1 OR or2 OR orN) AND (and1 AND and2 AND andN))

Parameters
array$optionsArray in format:
table_alias => STR Optional table alias. This is based on the select and join clauses.
                Default is 'e'. 

user_guid => INT Optional GUID for the user that we are retrieving data for. Defaults to the logged in user.

use_enabled_clause => BOOL Optional. Should we append the enabled clause? The default is set by access_show_hidden_entities().

access_column => STR Optional access column name. Default is 'access_id'.

owner_guid_column => STR Optional owner_guid column. Default is 'owner_guid'.

guid_column => STR Optional guid_column. Default is 'guid'.

Returns
string private

Definition at line 216 of file access.php.

access_get_show_hidden_status ( )

Return current status of showing disabled entities.

Returns
bool private

Definition at line 172 of file access.php.

access_init ( )

A quick and dirty way to make sure the access permissions have been correctly set up.

init system

Returns
void

Definition at line 533 of file access.php.

access_show_hidden_entities (   $show_hidden)

Show or hide disabled entities.

Parameters
bool$show_hiddenShow disabled entities.
Returns
bool private

Definition at line 159 of file access.php.

access_test (   $hook,
  $type,
  $value,
  $params 
)

Runs unit tests for the access library.

Parameters
string$hook
string$type
array$value
array$params
Returns
array

private

Definition at line 596 of file access.php.

add_user_to_access_collection (   $user_guid,
  $collection_id 
)

Adds a user to an access collection.

Triggers the 'access:collections:add_user', 'collection' plugin hook.

Parameters
int$user_guidThe GUID of the user to add
int$collection_idThe ID of the collection to add them to
Returns
bool
See also
update_access_collection()
remove_user_from_access_collection()

Definition at line 375 of file access.php.

can_edit_access_collection (   $collection_id,
  $user_guid = null 
)

Can the user change this access collection?

Use the plugin hook of 'access:collections:write', 'user' to change this.

See also
get_write_access_array() for details on the hook.

Respects access control disabling for admin users and elgg_set_ignore_access()

See also
get_write_access_array()
Parameters
int$collection_idThe collection id
mixed$user_guidThe user GUID to check for. Defaults to logged in user.
Returns
bool

Definition at line 287 of file access.php.

create_access_collection (   $name,
  $owner_guid = 0,
  $site_guid = 0 
)

Creates a new access collection.

Access colletions allow plugins and users to create granular access for entities.

Triggers plugin hook 'access:collections:addcollection', 'collection'

Note
Internal: Access collections are stored in the access_collections table. Memberships to collections are in access_collections_membership.
Parameters
string$nameThe name of the collection.
int$owner_guidThe GUID of the owner (default: currently logged in user).
int$site_guidThe GUID of the site (default: current site).
Returns
int|false The collection ID if successful and false on failure.
See also
update_access_collection()
delete_access_collection()

Definition at line 310 of file access.php.

delete_access_collection (   $collection_id)

Deletes a specified access collection and its membership.

Parameters
int$collection_idThe collection ID
Returns
bool
See also
create_access_collection()
update_access_collection()

Definition at line 343 of file access.php.

elgg_check_access_overrides (   $user_guid = 0)

Decides if the access system should be ignored for a user.

Returns true (meaning ignore access) if either of these 2 conditions are true: 1) an admin user guid is passed to this function. 2) elgg_get_ignore_access() returns true.

See also
elgg_set_ignore_access()
Parameters
int$user_guidThe user to check against.
Returns
bool
Since
1.7.0

Definition at line 505 of file access.php.

elgg_get_entities_from_access_id ( array  $options = array())

Return entities based upon access id.

TODO(ewinslow): Move this logic into elgg_get_entities

Parameters
array$optionsAny options accepted by elgg_get_entities() and access_id => int The access ID of the entity.
See also
elgg_get_entities()
Returns
mixed If count, int. If not count, array. false on errors.
Since
1.7.0

Definition at line 434 of file access.php.

elgg_get_ignore_access ( )

Get current ignore access setting.

Returns
bool
Since
1.7.0
See also
elgg_set_ignore_access()

Definition at line 54 of file access.php.

elgg_list_entities_from_access_id ( array  $options = array())

Lists entities from an access collection.

Parameters
array$optionsSee elgg_list_entities() and elgg_get_entities_from_access_id()
See also
elgg_list_entities()
elgg_get_entities_from_access_id()
Returns
string

Definition at line 466 of file access.php.

elgg_override_permissions (   $hook,
  $type,
  $value,
  $params 
)

Overrides the access system if appropriate.

Allows admin users and calls after elgg_set_ignore_access to bypass the access system.

Registered for the 'permissions_check', 'all' and the 'container_permissions_check', 'all' plugin hooks.

Returns true to override the access system or null if no change is needed.

Definition at line 558 of file access.php.

elgg_set_ignore_access (   $ignore = true)

Set if Elgg's access system should be ignored.

The access system will not return entities in any getter functions if the user doesn't have access. This removes this restriction.

When the access system is being ignored, all checks for create, retrieve, update, and delete should pass. This affects all the canEdit() and related methods.

Use this to access entities in automated scripts when no user is logged in.

Warning
This will not show disabled entities. Use access_show_hidden_entities() to access disabled entities.
Note
Internal: The access override is checked in elgg_override_permissions(). It is registered for the 'permissions_check' hooks to override the access system for the canEdit() and canWriteToContainer() methods.
Internal: This clears the access cache.
Internal: For performance reasons this is done at the database access clause level.
Parameters
bool$ignoreIf true, disables all access checks.
Returns
bool Previous ignore_access setting.
Since
1.7.0
See also
elgg_get_ignore_access()

Definition at line 43 of file access.php.

get_access_array (   $user_guid = 0,
  $site_guid = 0,
  $flush = false 
)

Returns an array of access IDs a user is permitted to see.

Can be overridden with the 'access:collections:read', 'user' plugin hook.

Warning
A callback for that plugin hook needs to either not retrieve data from the database that would use the access system (triggering the plugin again) or ignore the second call. Otherwise, an infinite loop will be created.

This returns a list of all the collection ids a user owns or belongs to plus public and logged in access levels. If the user is an admin, it includes the private access level.

Note
Internal: this is only used in core for creating the SQL where clause when retrieving content from the database. The friends access level is handled by _elgg_get_access_where_sql().
See also
get_write_access_array() for the access levels that a user can write to.
Parameters
int$user_guidUser ID; defaults to currently logged in user
int$site_guidSite ID; defaults to current site
bool$flushIf set to true, will refresh the access ids from the database rather than using this function's cache.
Returns
array An array of access collections ids

Definition at line 102 of file access.php.

get_access_collection (   $collection_id)

Get a specified access collection.

Note
This doesn't return the members of an access collection, just the database row of the actual collection.
See also
get_members_of_access_collection()
Parameters
int$collection_idThe collection ID
Returns
object|false

Definition at line 359 of file access.php.

get_access_list (   $user_guid = 0,
  $site_guid = 0,
  $flush = false 
)

Return a string of access_ids for $user_guid appropriate for inserting into an SQL IN clause.

get_access_array

See also
get_access_array()
Parameters
int$user_guidUser ID; defaults to currently logged in user
int$site_guidSite ID; defaults to current site
bool$flushIf set to true, will refresh the access list from the database rather than using this function's cache.
Returns
string A list of access collections suitable for using in an SQL call private

Definition at line 73 of file access.php.

get_default_access ( ElggUser  $user = null,
array  $input_params = array() 
)

Gets the default access permission.

This returns the default access level for the site or optionally of the user. If want you to change the default access based on group of other information, use the 'default', 'access' plugin hook.

Parameters
ElggUser$userThe user for whom we're getting default access. Defaults to logged in user.
array$input_paramsParameters passed into an input/access view
Returns
int default access id (see ACCESS defines in elgglib.php)

Definition at line 118 of file access.php.

get_members_of_access_collection (   $collection,
  $idonly = false 
)

Get all of members of an access collection.

Parameters
int$collectionThe collection's ID
bool$idonlyIf set to true, will only return the members' GUIDs (default: false)
Returns
ElggUser[]|int[]|false guids or entities if successful, false if not
See also
add_user_to_access_collection()
Examples:
/root/Elgg/engine/lib/views.php.

Definition at line 418 of file access.php.

get_readable_access_level (   $entity_access_id)

Return the name of an ACCESS_* constant or an access collection, but only if the logged in user has write access to it.

Write access requirement prevents us from exposing names of access collections that current user has been added to by other members and may contain sensitive classification of the current user (e.g. close friends vs acquaintances).

Returns a string in the language of the user for global access levels, e.g.'Public, 'Friends', 'Logged in', 'Public'; or a name of the owned access collection, e.g. 'My work colleagues'; or a name of the group or other access collection, e.g. 'Group: Elgg technical support'; or 'Limited' if the user access is restricted to read-only, e.g. a friends collection the user was added to

Parameters
int$entity_access_idThe entity's access id
Returns
string
Since
1.7.0

Definition at line 486 of file access.php.

get_user_access_collections (   $owner_guid,
  $site_guid = 0 
)

Returns an array of database row objects of the access collections owned by $owner_guid.

Parameters
int$owner_guidThe entity guid
int$site_guidThe GUID of the site (default: current site).
Returns
array|false
See also
add_access_collection()
get_members_of_access_collection()
Examples:
/root/Elgg/engine/lib/views.php.

Definition at line 405 of file access.php.

get_write_access_array (   $user_guid = 0,
  $site_guid = 0,
  $flush = false,
array  $input_params = array() 
)

Returns an array of access permissions that the user is allowed to save content with.

Permissions returned are of the form (id => 'name').

Example return value in English: array( 0 => 'Private', -2 => 'Friends', 1 => 'Logged in users', 2 => 'Public', 34 => 'My favorite friends', );

Plugin hook of 'access:collections:write', 'user'

Warning
this only returns access collections that the user owns plus the standard access levels. It does not return access collections that the user belongs to such as the access collection for a group.
Parameters
int$user_guidThe user's GUID.
int$site_guidThe current site.
bool$flushIf this is set to true, this will ignore a cached access array
array$input_paramsSome parameters passed into an input/access view
Returns
array List of access permissions

Definition at line 269 of file access.php.

has_access_to_entity (   $entity,
  $user = null 
)

Can a user access an entity.

Warning
If a logged in user doesn't have access to an entity, the core engine will not load that entity.

This is mostly useful for checking if a user other than the logged in user has access to an entity that is currently loaded.

Parameters
\ElggEntity$entityThe entity to check access for.
\ElggUser$userOptionally user to check access for. Defaults to logged in user (which is a useless default).
Returns
bool

Definition at line 239 of file access.php.

remove_user_from_access_collection (   $user_guid,
  $collection_id 
)

Removes a user from an access collection.

Triggers the 'access:collections:remove_user', 'collection' plugin hook.

Parameters
int$user_guidThe user GUID
int$collection_idThe access collection ID
Returns
bool
See also
update_access_collection()
remove_user_from_access_collection()

Definition at line 391 of file access.php.

update_access_collection (   $collection_id,
  $members 
)

Updates the membership in an access collection.

Warning
Expects a full list of all members that should be part of the access collection
Note
This will run all hooks associated with adding or removing members to access collections.
Parameters
int$collection_idThe ID of the collection.
array$membersArray of member GUIDs
Returns
bool
See also
add_user_to_access_collection()
remove_user_from_access_collection()

Definition at line 330 of file access.php.

Variable Documentation

$ENTITY_SHOW_HIDDEN_OVERRIDE = false

Allow disabled entities and metadata to be returned by getter functions.

Definition at line 150 of file access.php.

$init_finished = false

A flag to set if Elgg's access initialization is finished.

bool $init_finished private

Definition at line 523 of file access.php.

mixed A string array or closure or lamda ElggBatch::function

The function used to get results.

A callback function to pass results through.

Definition at line 603 of file access.php.