Elgg  Version 3.0
UserCapabilities.php
Go to the documentation of this file.
1 <?php
2 
3 namespace Elgg;
4 
8 use ElggEntity;
9 use ElggFile;
10 use ElggRiverItem;
11 use ElggMetadata;
12 use ElggSession;
14 
24 
28  private $hooks;
29 
33  private $entities;
34 
38  private $session;
39 
47  public function __construct(PluginHooksService $hooks, EntityTable $entities, ElggSession $session) {
48  $this->hooks = $hooks;
49  $this->entities = $entities;
50  $this->session = $session;
51  }
52 
66  public function canBypassPermissionsCheck($user_guid = 0) {
67  if ($this->session->getIgnoreAccess()) {
68  // Checking ignored access first to avoid infinite loops,
69  // when trying to fetch a user by guid
70  return true;
71  }
72 
73  try {
74  $user = $this->entities->getUserForPermissionsCheck($user_guid);
75  } catch (UserFetchFailureException $e) {
76  return false;
77  }
78 
79  return $user && $user->isAdmin();
80  }
81 
93  public function canEdit(ElggEntity $entity, $user_guid = 0) {
94  if ($this->canBypassPermissionsCheck($user_guid)) {
95  return true;
96  }
97 
98  try {
99  $user = $this->entities->getUserForPermissionsCheck($user_guid);
100  } catch (UserFetchFailureException $e) {
101  return false;
102  }
103 
104  // Test user if possible - should default to false unless a plugin hook says otherwise
105  $default = call_user_func(function () use ($entity, $user) {
106  if (!$user) {
107  return false;
108  }
109 
110  // favor the persisted attributes if not saved
111  $attrs = array_merge(
112  [
113  'owner_guid' => $entity->owner_guid,
114  'container_guid' => $entity->container_guid,
115  ], $entity->getOriginalAttributes()
116  );
117 
118  if ($attrs['owner_guid'] == $user->guid) {
119  return true;
120  }
121 
122  if ($attrs['container_guid'] == $user->guid) {
123  return true;
124  }
125 
126  if ($entity->guid == $user->guid) {
127  return true;
128  }
129 
130  $container = $this->entities->get($attrs['container_guid']);
131 
132  return ($container && $container->canEdit($user->guid));
133  });
134 
135  $params = ['entity' => $entity, 'user' => $user];
136  return $this->hooks->trigger('permissions_check', $entity->getType(), $params, $default);
137  }
138 
151  public function canDelete(ElggEntity $entity, $user_guid = 0) {
152  if ($this->canBypassPermissionsCheck($user_guid)) {
153  return true;
154  }
155 
156  try {
157  $user = $this->entities->getUserForPermissionsCheck($user_guid);
158  } catch (UserFetchFailureException $e) {
159  return false;
160  }
161 
162  $return = $entity->canEdit($user_guid);
163 
164  $params = [
165  'entity' => $entity,
166  'user' => $user
167  ];
168  return $this->hooks->trigger('permissions_check:delete', $entity->getType(), $params, $return);
169  }
170 
184  if ($this->canBypassPermissionsCheck($user_guid)) {
185  return true;
186  }
187 
188  try {
189  $user = $this->entities->getUserForPermissionsCheck($user_guid);
190  } catch (UserFetchFailureException $e) {
191  return false;
192  }
193 
194  $params = [
195  'item' => $item,
196  'user' => $user,
197  ];
198  return $this->hooks->trigger('permissions_check:delete', 'river', $params, false);
199  }
200 
222  elgg_deprecated_notice(__METHOD__ . ' is deprecated. Metadata no longer has it\'s own access system', '3.0', 3);
223 
224  if (!$entity->guid) {
225  // @todo cannot edit metadata on unsaved entity?
226  return false;
227  }
228 
229  if ($this->canBypassPermissionsCheck($user_guid)) {
230  return true;
231  }
232 
233  try {
234  $user = $this->entities->getUserForPermissionsCheck($user_guid);
235  } catch (UserFetchFailureException $e) {
236  return false;
237  }
238 
239  // metadata and user may be null
240  $params = [
241  'entity' => $entity,
242  'user' => $user,
243  'metadata' => $metadata
244  ];
245 
246  $default = $metadata ? true : $entity->canEdit($user->guid);
247 
248  return $this->hooks->triggerDeprecated('permissions_check:metadata', $entity->getType(), $params, $default,
249  'Metadata no longer has it\'s own access system. You should not rely on this hook preventing metadata permissions.',
250  '3.0'
251  );
252  }
253 
265  if (!$annotation) {
266  return false;
267  }
268 
269  if ($this->canBypassPermissionsCheck($user_guid)) {
270  return true;
271  }
272 
273  try {
274  $user = $this->entities->getUserForPermissionsCheck($user_guid);
275  } catch (UserFetchFailureException $e) {
276  return false;
277  }
278 
279  $result = false;
280 
281  if ($user) {
282  // If the owner of annotation is the specified user, they can edit.
283  if ($annotation->owner_guid == $user->guid) {
284  $result = true;
285  }
286 
287  // If the user can edit the entity this is attached to, they can edit.
288  if ($result === false && $entity->canEdit($user->guid)) {
289  $result = true;
290  }
291  }
292 
293  // Trigger plugin hook - note that $user may be null
294  $params = [
295  'entity' => $entity,
296  'user' => $user,
297  'annotation' => $annotation
298  ];
299 
300  return $this->hooks->trigger('permissions_check', 'annotation', $params, $result);
301  }
302 
314  public function canWriteToContainer(ElggEntity $entity, $user_guid = 0, $type = 'all', $subtype = 'all') {
315  try {
316  $user = $this->entities->getUserForPermissionsCheck($user_guid);
317  } catch (UserFetchFailureException $e) {
318  return false;
319  }
320 
321  if ($user) {
322  $user_guid = $user->guid;
323  }
324 
325  $params = [
326  'container' => $entity,
327  'user' => $user,
328  'subtype' => $subtype
329  ];
330 
331  // Unlike permissions, logic check can be used to prevent certain entity
332  // types from being contained by other entity types,
333  // e.g. discussion reply objects can only be contained by discussion objects.
334  // This hook can also be used to apply status logic, e.g. to disallow
335  // new replies in closed discussions.
336  // We do not take a stand hence the return is null. This can be used by
337  // handlers to check if another hook has modified the value.
338  $logic_check = $this->hooks->trigger('container_logic_check', $type, $params);
339 
340  if ($logic_check === false) {
341  return false;
342  }
343 
344  if ($this->canBypassPermissionsCheck($user_guid)) {
345  return true;
346  }
347 
348  $return = false;
349  if ($entity) {
350  // If the user can edit the container, they can also write to it
351  if ($entity->canEdit($user_guid)) {
352  $return = true;
353  }
354  }
355 
356  // Container permissions can prevent users from writing to an entity.
357  // For instance, these permissions can prevent non-group members from writing
358  // content to the group.
359  return $this->hooks->trigger('container_permissions_check', $type, $params, $return);
360  }
361 
374  public function canComment(ElggEntity $entity, $user_guid = 0, $default = null) {
375  if ($this->canBypassPermissionsCheck($user_guid)) {
376  return true;
377  }
378 
379  try {
380  $user = $this->entities->getUserForPermissionsCheck($user_guid);
381  } catch (UserFetchFailureException $e) {
382  return false;
383  }
384 
385  // By default, we don't take a position of whether commenting is allowed
386  // because it is handled by the subclasses of \ElggEntity
387  $params = [
388  'entity' => $entity,
389  'user' => $user
390  ];
391  return $this->hooks->trigger('permissions_check:comment', $entity->getType(), $params, $default);
392  }
393 
409  public function canAnnotate(ElggEntity $entity, $user_guid = 0, $annotation_name = '') {
410  if ($annotation_name === null || $annotation_name === false) {
411  // accepting these for BC
412  $annotation_name = '';
413  } elseif (!is_string($annotation_name)) {
414  throw new InvalidArgumentException(__METHOD__ . ' expects \$annotation_name to be a string');
415  }
416 
417  if ($this->canBypassPermissionsCheck($user_guid)) {
418  return true;
419  }
420 
421  try {
422  $user = $this->entities->getUserForPermissionsCheck($user_guid);
423  } catch (UserFetchFailureException $e) {
424  return false;
425  }
426 
427  $return = (bool) $user;
428 
429  $params = [
430  'entity' => $entity,
431  'user' => $user,
432  'annotation_name' => $annotation_name,
433  ];
434 
435  if (!empty($annotation_name)) {
436  $return = $this->hooks->trigger("permissions_check:annotate:$annotation_name", $entity->getType(), $params, $return);
437  }
438 
439  return $this->hooks->trigger('permissions_check:annotate', $entity->getType(), $params, $return);
440  }
441 
453  public function canDownload(ElggFile $entity, $user_guid = 0, $default = true) {
454  if ($this->canBypassPermissionsCheck($user_guid)) {
455  return true;
456  }
457 
458  try {
459  $user = $this->entities->getUserForPermissionsCheck($user_guid);
460  } catch (UserFetchFailureException $e) {
461  return false;
462  }
463 
464  $params = [
465  'entity' => $entity,
466  'user' => $user
467  ];
468 
469  return $this->hooks->trigger('permissions_check:download', 'file', $params, $default);
470  }
471 
472 }
canDeleteRiverItem(ElggRiverItem $item, $user_guid=0)
Can a user delete this river item?
$params
Saves global plugin settings.
Definition: save.php:13
$annotation
Elgg default annotation view.
Definition: default.php:10
if(!$items) $item
Definition: delete.php:13
canEditMetadata(ElggEntity $entity, $user_guid=0, ElggMetadata $metadata=null)
Can a user edit metadata on this entity?
$subtype
Definition: delete.php:22
canAnnotate(ElggEntity $entity, $user_guid=0, $annotation_name= '')
Can a user annotate an entity?
$type
Definition: delete.php:21
__construct(PluginHooksService $hooks, EntityTable $entities, ElggSession $session)
Constructor.
canEdit($user_guid=0)
Can a user edit this entity?
$metadata
Outputs object metadata $vars[&#39;metadata&#39;] Metadata/menu $vars[&#39;show_entity_menu&#39;] Show the entity m...
Definition: metadata.php:10
$user_guid
Validate a user.
Definition: validate.php:6
Configuration exception.
canDownload(ElggFile $entity, $user_guid=0, $default=true)
Can a user download a file?
$entity
Definition: reset.php:8
$container
Definition: delete.php:23
canDelete(ElggEntity $entity, $user_guid=0)
Can a user delete this entity?
Exception indicating a user could not be looked up for a permissions check.
$user
Definition: ban.php:7
elgg_deprecated_notice($msg, $dep_version, $backtrace_level=1)
Log a notice about deprecated use of a function, view, etc.
Definition: elgglib.php:841
if($item instanceof\ElggEntity) elseif($item instanceof\ElggRiverItem) elseif(is_callable([$item, 'getType']))
Definition: item.php:39
$default
Definition: checkbox.php:35
canComment(ElggEntity $entity, $user_guid=0, $default=null)
Can a user comment on an entity?
canEditAnnotation(ElggEntity $entity, $user_guid=0, ElggAnnotation $annotation=null)
Determines whether or not the user can edit this annotation.
getType()
Returns the entity type.
if(elgg_extract('hidden', $vars, true)) $attrs
Definition: ajax_loader.php:25
getOriginalAttributes()
Get the original values of attribute(s) that have been modified since the entity was persisted...
Definition: ElggEntity.php:278
canWriteToContainer(ElggEntity $entity, $user_guid=0, $type= 'all', $subtype= 'all')
Can a user add an entity to this container.
canEdit(ElggEntity $entity, $user_guid=0)
Can a user edit this entity?
canBypassPermissionsCheck($user_guid=0)
Decides if the access system should be ignored for a user.
WARNING: API IN FLUX.
elgg ElggEntity
Definition: ElggEntity.js:15
WARNING: API IN FLUX.
Definition: EntityTable.php:38