Elgg  Version master
AccessWhereClause.php
Go to the documentation of this file.
1 <?php
2 
4 
6 
11 
12  public string $access_column = 'access_id';
13 
14  public string $owner_guid_column = 'owner_guid';
15 
16  public string $guid_column = 'guid';
17 
18  public string $enabled_column = 'enabled';
19 
20  public string $deleted_column = 'deleted';
21 
22  public ?bool $ignore_access = null;
23 
24  public ?bool $use_enabled_clause = null;
25 
26  public ?bool $use_deleted_clause = null;
27 
28  public ?int $viewer_guid = null;
29 
33  public function prepare(QueryBuilder $qb, $table_alias = null) {
34  $alias = function ($column) use ($table_alias) {
35  return $table_alias ? "{$table_alias}.{$column}" : $column;
36  };
37 
38  if (!isset($this->viewer_guid)) {
39  $this->viewer_guid = _elgg_services()->session_manager->getLoggedInUserGuid();
40  }
41 
42  if (!isset($this->ignore_access)) {
43  $this->ignore_access = _elgg_services()->userCapabilities->canBypassPermissionsCheck($this->viewer_guid);
44  }
45 
46  if (!isset($this->use_enabled_clause)) {
47  $this->use_enabled_clause = !_elgg_services()->session_manager->getDisabledEntityVisibility();
48  }
49 
50  if (!isset($this->use_deleted_clause)) {
51  $this->use_deleted_clause = !_elgg_services()->session_manager->getDeletedEntityVisibility();
52  }
53 
54  $ors = [];
55  $ands = [];
56 
57  $ands[] = parent::prepare($qb, $table_alias);
58 
59  if (!$this->ignore_access) {
60  if ($this->viewer_guid) {
61  // include user's content
62  $ors['owner_access'] = $qb->compare($alias($this->owner_guid_column), '=', $this->viewer_guid, ELGG_VALUE_INTEGER);
63  }
64 
65  // include standard accesses (public, logged in, access collections)
66  $access_list = _elgg_services()->accessCollections->getAccessArray($this->viewer_guid);
67  $ors['acl_access'] = $qb->compare($alias($this->access_column), '=', $access_list, ELGG_VALUE_INTEGER);
68  }
69 
70  if ($this->use_enabled_clause) {
71  $ands[] = $qb->compare($alias($this->enabled_column), '=', 'yes', ELGG_VALUE_STRING);
72  }
73 
74  if ($this->use_deleted_clause) {
75  $ands[] = $qb->compare($alias($this->deleted_column), '=', 'no', ELGG_VALUE_STRING);
76  }
77 
78  $params = [
79  'table_alias' => $table_alias,
80  'user_guid' => $this->viewer_guid,
81  'ignore_access' => $this->ignore_access,
82  'use_enabled_clause' => $this->use_enabled_clause,
83  'access_column' => $this->access_column,
84  'owner_guid_column' => $this->owner_guid_column,
85  'guid_column' => $this->guid_column,
86  'enabled_column' => $this->enabled_column,
87  'deleted_column' => $this->deleted_column,
88  'use_deleted_clause' => $this->use_deleted_clause,
89  'query_builder' => $qb,
90  ];
91 
92  $clauses = _elgg_services()->events->triggerResults('get_sql', 'access', $params, [
93  'ors' => $ors,
94  'ands' => $ands,
95  ]);
96 
97  $ors = array_filter($clauses['ors']);
98  $ands = array_filter($clauses['ands']);
99 
100  if (!empty($ors)) {
101  $ands[] = $qb->merge($ors, 'OR');
102  }
103 
104  return $qb->merge($ands);
105  }
106 }
$params
Saves global plugin settings.
Definition: save.php:13
const ELGG_VALUE_INTEGER
Value types.
Definition: constants.php:111
$column
Definition: add.php:10
Database abstraction query builder.
compare(string $x, string $comparison, $y=null, string $type=null, bool $case_sensitive=null)
Build value comparison clause.
prepare(QueryBuilder $qb, $table_alias=null)
{}
Builds a clause from closure or composite expression.
Definition: WhereClause.php:12
merge($parts=null, $boolean= 'AND')
Merges multiple composite expressions with a boolean.
const ELGG_VALUE_STRING
Definition: constants.php:112
_elgg_services()
Get the global service provider.
Definition: elgglib.php:351
$qb
Definition: queue.php:12
Builds queries to restrict access.