5 use Doctrine\DBAL\Exception\UniqueConstraintViolationException;
14 use Elgg\Traits\Loggable;
68 $this->init_complete = true;
96 $cache = $this->access_cache;
103 $user_guid = $this->session_manager->getLoggedInUserGuid();
108 $access_array = $cache->load($hash);
109 if ($access_array ===
null) {
120 $membership_query = $select->subquery(self::MEMBERSHIP_TABLE_NAME);
121 $membership_query->select(
'access_collection_id')
124 $select->select(
'id')
126 ->orWhere($select->compare(
'id',
'in', $membership_query->getSQL()));
128 $collections = $this->db->getData($select);
129 if (!empty($collections)) {
130 foreach ($collections as $collection) {
131 $access_array[] = (int) $collection->id;
135 $ignore_access = $this->capabilities->canBypassPermissionsCheck(
$user_guid);
137 if ($ignore_access ===
true) {
142 if ($this->init_complete) {
143 $cache->save($hash, $access_array);
152 return $this->events->triggerResults(
'access:collections:read',
'user',
$options, $access_array);
225 $cache = $this->access_cache;
232 $user_guid = $this->session_manager->getLoggedInUserGuid();
235 $hash =
$user_guid .
'get_write_access_array';
237 $access_array = $cache->load($hash);
238 if ($access_array ===
null) {
245 $access_array += $this->getCollectionsForWriteAccess(
$user_guid);
247 if ($this->init_complete) {
248 $cache->save($hash, $access_array);
257 $access_array = $this->events->triggerResults(
'access:collections:write',
'user',
$options, $access_array);
261 if (!isset($access_array[
$access])) {
265 $temp = $access_array[
$access];
267 $access_array[
$access] = $temp;
271 return $access_array;
283 $subtypes = $this->events->triggerResults(
'access:collections:write:subtypes',
'user', [
'owner_guid' =>
$owner_guid], []);
285 $select = Select::fromTable(self::TABLE_NAME);
288 $select->compare(
'subtype',
'is null'),
296 ->andWhere($select->merge($ors,
'OR'))
297 ->orderBy(
'name',
'ASC');
299 $collections = $this->db->getData($select, [$this,
'rowToElggAccessCollection']);
300 if (empty($collections)) {
305 foreach ($collections as $collection) {
306 $result[$collection->id] = $collection->getDisplayName();
336 $collection = $this->
get($collection_id);
341 if ($this->capabilities->canBypassPermissionsCheck(
$user->guid)) {
345 $write_access = $this->getWriteAccessArray(
$user->guid,
true);
346 return array_key_exists($collection_id, $write_access);
365 if (!empty($acl->id)) {
366 return $this->update($acl);
369 return $this->events->triggerSequence(
'create', $acl->getType(), $acl, function (\
ElggAccessCollection $acl) {
370 $insert = Insert::intoTable(self::TABLE_NAME);
377 $id = $this->db->insertData($insert);
384 $this->access_cache->clear();
398 if (empty($acl->id)) {
399 return $this->create($acl);
403 $update = Update::table(self::TABLE_NAME);
407 ->where($update->compare(
'id',
'=', $acl->id,
ELGG_VALUE_ID));
409 if (!$this->db->updateData($update)) {
413 $this->access_cache->clear();
427 if (empty($acl->id)) {
432 $delete = Delete::fromTable(self::TABLE_NAME);
435 if (!$this->db->deleteData(
$delete)) {
440 $delete_membership = Delete::fromTable(self::MEMBERSHIP_TABLE_NAME);
441 $delete_membership->where($delete_membership->compare(
'access_collection_id',
'=', $acl->id,
ELGG_VALUE_ID));
443 $this->db->deleteData($delete_membership);
446 $this->access_cache->clear();
471 $query = Select::fromTable(self::TABLE_NAME);
475 return $this->db->getDataRow(
$query, [$this,
'rowToElggAccessCollection']) ?:
null;
491 return (
bool) $this->getMembers($collection_id,
$options);
505 $collection = $this->get($collection_id);
516 'collection_id' => $collection->id,
521 $result = $this->events->triggerResults(
'access:collections:add_user',
'collection',
$event_params,
true);
527 $insert = Insert::intoTable(self::MEMBERSHIP_TABLE_NAME);
529 'access_collection_id' => $insert->param($collection_id,
ELGG_VALUE_ID),
534 $result = $this->db->insertData($insert);
535 }
catch (DatabaseException $e) {
536 $prev = $e->getPrevious();
537 if ($prev instanceof UniqueConstraintViolationException) {
545 $this->access_cache->clear();
563 'collection_id' => $collection_id,
568 if (!$this->events->triggerResults(
'access:collections:remove_user',
'collection',
$params,
true)) {
572 $delete = Delete::fromTable(self::MEMBERSHIP_TABLE_NAME);
576 $this->access_cache->clear();
578 return (
bool) $this->db->deleteData(
$delete);
590 $supported_options = [
'owner_guid',
'subtype'];
592 $select = Select::fromTable(self::TABLE_NAME);
594 ->orderBy(
'name',
'ASC');
596 foreach ($supported_options as $option) {
598 if (!isset($option_value)) {
604 $select->andWhere($select->compare($option,
'=', $option_value,
ELGG_VALUE_GUID));
607 $select->andWhere($select->compare($option,
'=', $option_value,
ELGG_VALUE_STRING));
612 return $this->db->getData($select, [$this,
'rowToElggAccessCollection']);
625 $qb->join($table_alias, self::MEMBERSHIP_TABLE_NAME,
'acm',
$qb->compare(
'acm.user_guid',
'=',
"{$table_alias}.guid"));
641 $select =
Select::fromTable(self::TABLE_NAME,
'ac');
642 $select->
join($select->getTableAlias(), self::MEMBERSHIP_TABLE_NAME,
'acm', $select->compare(
"{$select->getTableAlias()}.id",
'=',
'acm.access_collection_id'));
644 $select->select(
"{$select->getTableAlias()}.*")
645 ->where($select->compare(
'acm.user_guid',
'=', $member_guid,
ELGG_VALUE_GUID))
646 ->orderBy(
'name',
'ASC');
648 return $this->db->getData($select, [$this,
'rowToElggAccessCollection']);
669 $translator = $this->translator;
676 ACCESS_PUBLIC => $translator->translate(
'access:label:public'),
679 if (array_key_exists($entity_access_id, $access_array)) {
680 return $access_array[$entity_access_id];
686 $collection = $this->
get($entity_access_id);
690 return $translator->translate(
'access:limited:label');
693 return $collection->getDisplayName();
$id
Generic annotation delete action.
$params
Saves global plugin settings.
return[ 'admin/delete_admin_notices'=>['access'=> 'admin'], 'admin/menu/save'=>['access'=> 'admin'], 'admin/plugins/activate'=>['access'=> 'admin'], 'admin/plugins/activate_all'=>['access'=> 'admin'], 'admin/plugins/deactivate'=>['access'=> 'admin'], 'admin/plugins/deactivate_all'=>['access'=> 'admin'], 'admin/plugins/set_priority'=>['access'=> 'admin'], 'admin/security/security_txt'=>['access'=> 'admin'], 'admin/security/settings'=>['access'=> 'admin'], 'admin/security/regenerate_site_secret'=>['access'=> 'admin'], 'admin/site/cache/invalidate'=>['access'=> 'admin'], 'admin/site/flush_cache'=>['access'=> 'admin'], 'admin/site/icons'=>['access'=> 'admin'], 'admin/site/set_maintenance_mode'=>['access'=> 'admin'], 'admin/site/set_robots'=>['access'=> 'admin'], 'admin/site/theme'=>['access'=> 'admin'], 'admin/site/unlock_upgrade'=>['access'=> 'admin'], 'admin/site/settings'=>['access'=> 'admin'], 'admin/upgrade'=>['access'=> 'admin'], 'admin/upgrade/reset'=>['access'=> 'admin'], 'admin/user/ban'=>['access'=> 'admin'], 'admin/user/bulk/ban'=>['access'=> 'admin'], 'admin/user/bulk/delete'=>['access'=> 'admin'], 'admin/user/bulk/unban'=>['access'=> 'admin'], 'admin/user/bulk/validate'=>['access'=> 'admin'], 'admin/user/change_email'=>['access'=> 'admin'], 'admin/user/delete'=>['access'=> 'admin'], 'admin/user/login_as'=>['access'=> 'admin'], 'admin/user/logout_as'=>[], 'admin/user/makeadmin'=>['access'=> 'admin'], 'admin/user/resetpassword'=>['access'=> 'admin'], 'admin/user/removeadmin'=>['access'=> 'admin'], 'admin/user/unban'=>['access'=> 'admin'], 'admin/user/validate'=>['access'=> 'admin'], 'annotation/delete'=>[], 'avatar/upload'=>[], 'comment/save'=>[], 'diagnostics/download'=>['access'=> 'admin'], 'entity/chooserestoredestination'=>[], 'entity/delete'=>[], 'entity/mute'=>[], 'entity/restore'=>[], 'entity/subscribe'=>[], 'entity/trash'=>[], 'entity/unmute'=>[], 'entity/unsubscribe'=>[], 'login'=>['access'=> 'logged_out'], 'logout'=>[], 'notifications/mute'=>['access'=> 'public'], 'plugins/settings/remove'=>['access'=> 'admin'], 'plugins/settings/save'=>['access'=> 'admin'], 'plugins/usersettings/save'=>[], 'register'=>['access'=> 'logged_out', 'middleware'=>[\Elgg\Router\Middleware\RegistrationAllowedGatekeeper::class,],], 'river/delete'=>[], 'settings/notifications'=>[], 'settings/notifications/subscriptions'=>[], 'user/changepassword'=>['access'=> 'public'], 'user/requestnewpassword'=>['access'=> 'public'], 'useradd'=>['access'=> 'admin'], 'usersettings/save'=>[], 'widgets/add'=>[], 'widgets/delete'=>[], 'widgets/move'=>[], 'widgets/save'=>[],]
getType()
{Return the type of the object - eg.object, group, user, relationship, metadata, annotation etcstring...
canEdit(?int $user_guid=null)
Check if user can edit this collection.
Access collections database service.
removeUser(int $user_guid, int $collection_id)
Removes a user from an access collection.
const MEMBERSHIP_TABLE_NAME
canEdit(int $collection_id, ?int $user_guid=null)
Can the user change this access collection?
getCollectionsByMember(int $member_guid)
Return an array of collections that the entity is member of.
getEntityCollections(array $options=[])
Returns access collections.
getWriteAccessArray(int $user_guid=0, bool $flush=false, array $input_params=[])
Returns an array of access permissions that the user is allowed to save content with.
__construct(protected Config $config, protected Database $db, protected EntityTable $entities, protected UserCapabilities $capabilities, protected AccessCache $access_cache, protected EventsService $events, protected SessionManagerService $session_manager, protected Translator $translator)
Constructor.
create(\ElggAccessCollection $acl)
Creates a new access collection.
getCollectionsForWriteAccess(int $owner_guid)
Returns an array of access collections to be used in the write access array.
getMembers(int $collection_id, array $options=[])
Get members of an access collection.
hasUser(int $user_guid, int $collection_id)
Check if user is already in the collection.
addUser(int $user_guid, int $collection_id)
Adds a user to an access collection.
hasAccessToEntity(\ElggEntity $entity, int $user_guid=0)
Can a user access an entity.
rowToElggAccessCollection(\stdClass $row)
Transforms a database row to an instance of ElggAccessCollection.
getAccessArray(int $user_guid=0, bool $flush=false)
Returns an array of access IDs a user is permitted to see.
update(\ElggAccessCollection $acl)
Update an existing access collection.
getReadableAccessLevel(int $entity_access_id)
Return the name of an ACCESS_* constant or an access collection, but only if the logged in user owns ...
markInitComplete()
Mark the access system as initialized.
Entity table database service.
Database abstraction query builder.
join(string $fromAlias, string $join, string $alias, ?string $condition=null)
{}
Query builder for fetching data from the database.
static fromTable(string $table, ?string $alias=null)
Returns a QueryBuilder for selecting data from a given table.
A generic parent class for database exceptions.
Exception indicating a user could not be looked up for a permissions check.
User capabilities service.
const ELGG_VALUE_INTEGER
Value types.
const ELGG_ENFORCE_ACCESS
if($who_can_change_language==='nobody') elseif($who_can_change_language==='admin_only' &&!elgg_is_admin_logged_in()) $options
$config
Advanced site settings, debugging section.
foreach($recommendedExtensions as $extension) if(empty(ini_get('session.gc_probability'))||empty(ini_get('session.gc_divisor'))) $db
elgg_call(int $flags, Closure $closure)
Calls a callable autowiring the arguments using public DI services and applying logic based on flags.
elgg_extract($key, $array, $default=null, bool $strict=true)
Checks for $array[$key] and returns its value if it exists, else returns $default.
if(parse_url(elgg_get_site_url(), PHP_URL_PATH) !=='/') if(file_exists(elgg_get_root_path() . 'robots.txt'))
Set robots.txt.