Elgg  Version 3.0
Namespaces | Functions | Variables
access.php File Reference

Go to the source code of this file.

Namespaces

 Elgg\Core
 Updates the advanced settings for the primary site object.
 

Functions

 elgg_set_ignore_access ($ignore=true)
 Set if Elgg's access system should be ignored. More...
 
 elgg_get_ignore_access ()
 Get current ignore access setting. More...
 
 get_access_list ($user_guid=0, $ignored=0, $flush=false)
 Return a string of access_ids for $user_guid appropriate for inserting into an SQL IN clause. More...
 
 get_access_array ($user_guid=0, $ignored=0, $flush=false)
 Returns an array of access IDs a user is permitted to see. More...
 
 get_default_access (ElggUser $user=null, array $input_params=[])
 Gets the default access permission. More...
 
 access_show_hidden_entities ($show_hidden)
 Show or hide disabled entities. More...
 
 access_get_show_hidden_status ()
 Return current status of showing disabled entities. More...
 
 has_access_to_entity ($entity, $user=null)
 Can a user access an entity. More...
 
 get_write_access_array ($user_guid=0, $ignored=0, $flush=false, array $input_params=[])
 Returns an array of access permissions that the user is allowed to save content with. More...
 
 can_edit_access_collection ($collection_id, $user_guid=null)
 Can the user change this access collection? More...
 
 create_access_collection ($name, $owner_guid=0, $subtype=null)
 Creates a new access collection. More...
 
 update_access_collection ($collection_id, $members)
 Updates the membership in an access collection. More...
 
 delete_access_collection ($collection_id)
 Deletes a specified access collection and its membership. More...
 
 get_access_collection ($collection_id)
 Get a specified access collection. More...
 
 add_user_to_access_collection ($user_guid, $collection_id)
 Adds a user to an access collection. More...
 
 remove_user_from_access_collection ($user_guid, $collection_id)
 Removes a user from an access collection. More...
 
 elgg_get_access_collections ($options=[])
 Returns access collections. More...
 
 get_members_of_access_collection ($collection_id, $guids_only=false, array $options=[])
 Get all of members of an access collection. More...
 
 get_readable_access_level ($entity_access_id)
 Return the name of an ACCESS_* constant or an access collection, but only if the logged in user has write access to it. More...
 
 access_init ()
 A quick and dirty way to make sure the access permissions have been correctly set up. More...
 
 access_friends_acl_create (\Elgg\Event $event)
 Creates a Friends ACL for a user. More...
 
 access_friends_acl_add_friend (\Elgg\Event $event)
 Adds the friend to the user friend ACL. More...
 
 access_friends_acl_remove_friend (\Elgg\Event $event)
 Add the friend to the user friends ACL. More...
 
 access_friends_acl_get_name (\Elgg\Hook $hook)
 Return the name of a friends ACL. More...
 
 access_test ($hook, $type, $value, $params)
 Runs unit tests for the access library. More...
 

Variables

global $ENTITY_SHOW_HIDDEN_OVERRIDE
 Allow disabled entities and metadata to be returned by getter functions. More...
 
return function (\Elgg\EventsService $events,\Elgg\HooksRegistrationService $hooks)
 

Function Documentation

access_friends_acl_add_friend ( \Elgg\Event  $event)

Adds the friend to the user friend ACL.

'create', 'relationship'

Parameters
\Elgg\Event$eventevent
Returns
void
Since
3.0.0

Definition at line 447 of file access.php.

access_friends_acl_create ( \Elgg\Event  $event)

Creates a Friends ACL for a user.

'create', 'user'

Parameters
\Elgg\Event$eventevent
Returns
void
Since
3.0.0

Definition at line 425 of file access.php.

access_friends_acl_get_name ( \Elgg\Hook  $hook)

Return the name of a friends ACL.

'access_collection:name', 'access_collection'

Parameters
\Elgg\Hook$hookhook
Returns
string|void
Since
3.0.0

Definition at line 522 of file access.php.

access_friends_acl_remove_friend ( \Elgg\Event  $event)

Add the friend to the user friends ACL.

'delete', 'relationship'

Parameters
\Elgg\Event$eventevent
Returns
void
Since
3.0.0

Definition at line 484 of file access.php.

access_get_show_hidden_status ( )

Return current status of showing disabled entities.

Returns
bool

Definition at line 165 of file access.php.

access_init ( )

A quick and dirty way to make sure the access permissions have been correctly set up.

init system

Returns
void

Definition at line 408 of file access.php.

access_show_hidden_entities (   $show_hidden)

Show or hide disabled entities.

Parameters
bool$show_hiddenShow disabled entities.
Returns
bool

Definition at line 156 of file access.php.

access_test (   $hook,
  $type,
  $value,
  $params 
)

Runs unit tests for the access library.

Parameters
string$hook'unit_test'
string$type'system'
array$valuecurrent return value
array$paramssupplied params
Returns
array

Definition at line 548 of file access.php.

add_user_to_access_collection (   $user_guid,
  $collection_id 
)

Adds a user to an access collection.

Triggers the 'access:collections:add_user', 'collection' plugin hook.

Parameters
int$user_guidThe GUID of the user to add
int$collection_idThe ID of the collection to add them to
Returns
bool
See also
update_access_collection()
remove_user_from_access_collection()

Definition at line 324 of file access.php.

can_edit_access_collection (   $collection_id,
  $user_guid = null 
)

Can the user change this access collection?

Use the plugin hook of 'access:collections:write', 'user' to change this.

See also
get_write_access_array() for details on the hook.

Respects access control disabling for admin users and elgg_set_ignore_access()

See also
get_write_access_array()
Parameters
int$collection_idThe collection id
mixed$user_guidThe user GUID to check for. Defaults to logged in user.
Returns
bool

Definition at line 236 of file access.php.

create_access_collection (   $name,
  $owner_guid = 0,
  $subtype = null 
)

Creates a new access collection.

Access colletions allow plugins and users to create granular access for entities.

Triggers plugin hook 'access:collections:addcollection', 'collection'

Note
Internal: Access collections are stored in the access_collections table. Memberships to collections are in access_collections_membership.
Parameters
string$nameThe name of the collection.
int$owner_guidThe GUID of the owner (default: currently logged in user).
string$subtypeThe subtype indicates the usage of the acl
Returns
int|false The collection ID if successful and false on failure.
See also
update_access_collection()
delete_access_collection()

Definition at line 259 of file access.php.

delete_access_collection (   $collection_id)

Deletes a specified access collection and its membership.

Parameters
int$collection_idThe collection ID
Returns
bool
See also
create_access_collection()
update_access_collection()

Definition at line 292 of file access.php.

elgg_get_access_collections (   $options = [])

Returns access collections.

Parameters
array$optionsarray of options to get access collections by
Returns
[]

Definition at line 350 of file access.php.

elgg_get_ignore_access ( )

Get current ignore access setting.

Returns
bool
Since
1.7.0
See also
elgg_set_ignore_access()

Definition at line 63 of file access.php.

elgg_set_ignore_access (   $ignore = true)

Set if Elgg's access system should be ignored.

The access system will not return entities in any getter functions if the user doesn't have access. This removes this restriction.

When the access system is being ignored, all checks for create, retrieve, update, and delete should pass. This affects all the canEdit() and related methods.

Use this to access entities in automated scripts when no user is logged in.

Warning
This will not show disabled entities. Use access_show_hidden_entities() to access disabled entities.
Note
Internal: The access override is checked in elgg_override_permissions(). It is registered for the 'permissions_check' hooks to override the access system for the canEdit() and canWriteToContainer() methods.
Internal: This clears the access cache.
Internal: For performance reasons this is done at the database access clause level.
Parameters
bool$ignoreIf true, disables all access checks.
Returns
bool Previous ignore_access setting.
Since
1.7.0
See also
elgg_get_ignore_access()

Definition at line 52 of file access.php.

get_access_array (   $user_guid = 0,
  $ignored = 0,
  $flush = false 
)

Returns an array of access IDs a user is permitted to see.

Can be overridden with the 'access:collections:read', 'user' plugin hook.

Warning
A callback for that plugin hook needs to either not retrieve data from the database that would use the access system (triggering the plugin again) or ignore the second call. Otherwise, an infinite loop will be created.

This returns a list of all the collection ids a user owns or belongs to plus public and logged in access levels. If the user is an admin, it includes the private access level.

Note
Internal: this is only used in core for creating the SQL where clause when retrieving content from the database. The friends access level is handled by Elgg\Database\Clauses\AccessWhereClause@seeget_write_access_array()fortheaccesslevelsthatausercanwriteto.@paramint$user_guidUserID;defaultstocurrentlyloggedinuser@paramint$ignoredIgnoredparameter@parambool$flushIfsettotrue,willrefreshtheaccessidsfromthedatabaseratherthanusingthisfunction'scache.@returnarrayAnarrayofaccesscollectionsids

Definition at line 111 of file access.php.

get_access_collection (   $collection_id)

Get a specified access collection.

Note
This doesn't return the members of an access collection, just the database row of the actual collection.
See also
get_members_of_access_collection()
Parameters
int$collection_idThe collection ID
Returns
ElggAccessCollection|false

Definition at line 308 of file access.php.

get_access_list (   $user_guid = 0,
  $ignored = 0,
  $flush = false 
)

Return a string of access_ids for $user_guid appropriate for inserting into an SQL IN clause.

get_access_array

See also
get_access_array()
Parameters
int$user_guidUser ID; defaults to currently logged in user
int$ignoredIgnored parameter
bool$flushIf set to true, will refresh the access list from the database rather than using this function's cache.
Returns
string A list of access collections suitable for using in an SQL call

Definition at line 82 of file access.php.

get_default_access ( ElggUser  $user = null,
array  $input_params = [] 
)

Gets the default access permission.

This returns the default access level for the site or optionally of the user. If want you to change the default access based on group of other information, use the 'default', 'access' plugin hook.

Parameters
ElggUser$userThe user for whom we're getting default access. Defaults to logged in user.
array$input_paramsParameters passed into an input/access view
Returns
int default access id (see ACCESS defines in elgglib.php)

Definition at line 127 of file access.php.

get_members_of_access_collection (   $collection_id,
  $guids_only = false,
array  $options = [] 
)

Get all of members of an access collection.

Parameters
int$collection_idThe collection's ID
bool$guids_onlyIf set to true, will only return the members' GUIDs (default: false)
array$optionsege* options
Returns
[]|int|int[]|mixed guids or entities if successful, false if not
See also
add_user_to_access_collection()

Definition at line 364 of file access.php.

get_readable_access_level (   $entity_access_id)

Return the name of an ACCESS_* constant or an access collection, but only if the logged in user has write access to it.

Write access requirement prevents us from exposing names of access collections that current user has been added to by other members and may contain sensitive classification of the current user (e.g. close friends vs acquaintances).

Returns a string in the language of the user for global access levels, e.g.'Public, 'Friends', 'Logged in', 'Public'; or a name of the owned access collection, e.g. 'My work colleagues'; or a name of the group or other access collection, e.g. 'Group: Elgg technical support'; or 'Limited' if the user access is restricted to read-only, e.g. a friends collection the user was added to

Parameters
int$entity_access_idThe entity's access id
Returns
string
Since
1.7.0

Definition at line 397 of file access.php.

get_write_access_array (   $user_guid = 0,
  $ignored = 0,
  $flush = false,
array  $input_params = [] 
)

Returns an array of access permissions that the user is allowed to save content with.

Permissions returned are of the form (id => 'name').

Example return value in English: array( 0 => 'Private', -2 => 'Friends', 1 => 'Logged in users', 2 => 'Public', 34 => 'My favorite friends', );

Plugin hook of 'access:collections:write', 'user'

Warning
this only returns access collections that the user owns plus the standard access levels. It does not return access collections that the user belongs to such as the access collection for a group.
Parameters
int$user_guidThe user's GUID.
int$ignoredIgnored parameter
bool$flushIf this is set to true, this will ignore a cached access array
array$input_paramsSome parameters passed into an input/access view
Returns
array List of access permissions

Definition at line 218 of file access.php.

has_access_to_entity (   $entity,
  $user = null 
)

Can a user access an entity.

Warning
If a logged in user doesn't have access to an entity, the core engine will not load that entity.

This is mostly useful for checking if a user other than the logged in user has access to an entity that is currently loaded.

Parameters
\ElggEntity$entityThe entity to check access for.
\ElggUser$userOptionally user to check access for. Defaults to logged in user (which is a useless default).
Returns
bool

Definition at line 188 of file access.php.

remove_user_from_access_collection (   $user_guid,
  $collection_id 
)

Removes a user from an access collection.

Triggers the 'access:collections:remove_user', 'collection' plugin hook.

Parameters
int$user_guidThe user GUID
int$collection_idThe access collection ID
Returns
bool
See also
update_access_collection()
remove_user_from_access_collection()

Definition at line 340 of file access.php.

update_access_collection (   $collection_id,
  $members 
)

Updates the membership in an access collection.

Warning
Expects a full list of all members that should be part of the access collection
Note
This will run all hooks associated with adding or removing members to access collections.
Parameters
int$collection_idThe ID of the collection.
array$membersArray of member GUIDs
Returns
bool
See also
add_user_to_access_collection()
remove_user_from_access_collection()

Definition at line 279 of file access.php.

Variable Documentation

global $ENTITY_SHOW_HIDDEN_OVERRIDE

Allow disabled entities and metadata to be returned by getter functions.

bool $ENTITY_SHOW_HIDDEN_OVERRIDE

Definition at line 20 of file access.php.

See also
::loadCore Do not do work here. Just register for events.

Definition at line 556 of file access.php.