AccessCollections.php 25 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407408409410411412413414415416417418419420421422423424425426427428429430431432433434435436437438439440441442443444445446447448449450451452453454455456457458459460461462463464465466467468469470471472473474475476477478479480481482483484485486487488489490491492493494495496497498499500501502503504505506507508509510511512513514515516517518519520521522523524525526527528529530531532533534535536537538539540541542543544545546547548549550551552553554555556557558559560561562563564565566567568569570571572573574575576577578579580581582583584585586587588589590591592593594595596597598599600601602603604605606607608609610611612613614615616617618619620621622623624625626627628629630631632633634635636637638639640641642643644645646647648649650651652653654655656657658659660661662663664665666667668669670671672673674675676677678679680681682683684685686687688689690691692693694695696697698699700701702703704705706707708709710711712713714715716717718719720721722723724725726727728729730731732733734735736737738739740741742743744745746747748749750751752753754755756757758759760761762763764765766767768769770771772773774775776777778779780781782783784785786787788789790791792793794795796797798799800801802803804805806807808809810811812813814815816817818819820821822823824825826827828829830831832833834835836837838839840841842843844
  1. <?php
  2. namespace Elgg\Database;
  3. /**
  4. * WARNING: API IN FLUX. DO NOT USE DIRECTLY.
  5. *
  6. * @access private
  7. *
  8. * @package Elgg.Core
  9. * @subpackage Database
  10. * @since 1.10.0
  11. */
  12. class AccessCollections {
  13. /**
  14. * @var int
  15. */
  16. private $site_guid;
  17. /**
  18. * Constructor
  19. *
  20. * @param int $site_guid The GUID of the default Elgg site
  21. */
  22. public function __construct($site_guid) {
  23. $this->site_guid = $site_guid;
  24. }
  25. /**
  26. * Return a string of access_ids for $user_guid appropriate for inserting into an SQL IN clause.
  27. *
  28. * @uses get_access_array
  29. *
  30. * @see get_access_array()
  31. *
  32. * @param int $user_guid User ID; defaults to currently logged in user
  33. * @param int $site_guid Site ID; defaults to current site
  34. * @param bool $flush If set to true, will refresh the access list from the
  35. * database rather than using this function's cache.
  36. *
  37. * @return string A list of access collections suitable for using in an SQL call
  38. * @access private
  39. */
  40. function getAccessList($user_guid = 0, $site_guid = 0, $flush = false) {
  41. global $init_finished;
  42. $cache = _elgg_services()->accessCache;
  43. if ($flush) {
  44. $cache->clear();
  45. }
  46. if ($user_guid == 0) {
  47. $user_guid = _elgg_services()->session->getLoggedInUserGuid();
  48. }
  49. if (($site_guid == 0) && $this->site_guid) {
  50. $site_guid = $this->site_guid;
  51. }
  52. $user_guid = (int) $user_guid;
  53. $site_guid = (int) $site_guid;
  54. $hash = $user_guid . $site_guid . 'get_access_list';
  55. if ($cache[$hash]) {
  56. return $cache[$hash];
  57. }
  58. $access_array = get_access_array($user_guid, $site_guid, $flush);
  59. $access = "(" . implode(",", $access_array) . ")";
  60. if ($init_finished) {
  61. $cache[$hash] = $access;
  62. }
  63. return $access;
  64. }
  65. /**
  66. * Returns an array of access IDs a user is permitted to see.
  67. *
  68. * Can be overridden with the 'access:collections:read', 'user' plugin hook.
  69. * @warning A callback for that plugin hook needs to either not retrieve data
  70. * from the database that would use the access system (triggering the plugin again)
  71. * or ignore the second call. Otherwise, an infinite loop will be created.
  72. *
  73. * This returns a list of all the collection ids a user owns or belongs
  74. * to plus public and logged in access levels. If the user is an admin, it includes
  75. * the private access level.
  76. *
  77. * @internal this is only used in core for creating the SQL where clause when
  78. * retrieving content from the database. The friends access level is handled by
  79. * _elgg_get_access_where_sql().
  80. *
  81. * @see get_write_access_array() for the access levels that a user can write to.
  82. *
  83. * @param int $user_guid User ID; defaults to currently logged in user
  84. * @param int $site_guid Site ID; defaults to current site
  85. * @param bool $flush If set to true, will refresh the access ids from the
  86. * database rather than using this function's cache.
  87. *
  88. * @return array An array of access collections ids
  89. */
  90. function getAccessArray($user_guid = 0, $site_guid = 0, $flush = false) {
  91. global $init_finished;
  92. $cache = _elgg_services()->accessCache;
  93. if ($flush) {
  94. $cache->clear();
  95. }
  96. if ($user_guid == 0) {
  97. $user_guid = _elgg_services()->session->getLoggedInUserGuid();
  98. }
  99. if (($site_guid == 0) && $this->site_guid) {
  100. $site_guid = $this->site_guid;
  101. }
  102. $user_guid = (int) $user_guid;
  103. $site_guid = (int) $site_guid;
  104. $hash = $user_guid . $site_guid . 'get_access_array';
  105. if ($cache[$hash]) {
  106. $access_array = $cache[$hash];
  107. } else {
  108. $access_array = array(ACCESS_PUBLIC);
  109. // The following can only return sensible data for a known user.
  110. if ($user_guid) {
  111. $db = _elgg_services()->db;
  112. $prefix = $db->getTablePrefix();
  113. $access_array[] = ACCESS_LOGGED_IN;
  114. // Get ACL memberships
  115. $query = "SELECT am.access_collection_id"
  116. . " FROM {$prefix}access_collection_membership am"
  117. . " LEFT JOIN {$prefix}access_collections ag ON ag.id = am.access_collection_id"
  118. . " WHERE am.user_guid = $user_guid AND (ag.site_guid = $site_guid OR ag.site_guid = 0)";
  119. $collections = $db->getData($query);
  120. if ($collections) {
  121. foreach ($collections as $collection) {
  122. if (!empty($collection->access_collection_id)) {
  123. $access_array[] = (int)$collection->access_collection_id;
  124. }
  125. }
  126. }
  127. // Get ACLs owned.
  128. $query = "SELECT ag.id FROM {$prefix}access_collections ag ";
  129. $query .= "WHERE ag.owner_guid = $user_guid AND (ag.site_guid = $site_guid OR ag.site_guid = 0)";
  130. $collections = $db->getData($query);
  131. if ($collections) {
  132. foreach ($collections as $collection) {
  133. if (!empty($collection->id)) {
  134. $access_array[] = (int)$collection->id;
  135. }
  136. }
  137. }
  138. $ignore_access = elgg_check_access_overrides($user_guid);
  139. if ($ignore_access == true) {
  140. $access_array[] = ACCESS_PRIVATE;
  141. }
  142. }
  143. if ($init_finished) {
  144. $cache[$hash] = $access_array;
  145. }
  146. }
  147. $options = array(
  148. 'user_id' => $user_guid,
  149. 'site_id' => $site_guid
  150. );
  151. // see the warning in the docs for this function about infinite loop potential
  152. return _elgg_services()->hooks->trigger('access:collections:read', 'user', $options, $access_array);
  153. }
  154. /**
  155. * Returns the SQL where clause for enforcing read access to data.
  156. *
  157. * Note that if this code is executed in privileged mode it will return (1=1).
  158. *
  159. * Otherwise it returns a where clause to retrieve the data that a user has
  160. * permission to read.
  161. *
  162. * Plugin authors can hook into the 'get_sql', 'access' plugin hook to modify,
  163. * remove, or add to the where clauses. The plugin hook will pass an array with the current
  164. * ors and ands to the function in the form:
  165. * array(
  166. * 'ors' => array(),
  167. * 'ands' => array()
  168. * )
  169. *
  170. * The results will be combined into an SQL where clause in the form:
  171. * ((or1 OR or2 OR orN) AND (and1 AND and2 AND andN))
  172. *
  173. * @param array $options Array in format:
  174. *
  175. * table_alias => STR Optional table alias. This is based on the select and join clauses.
  176. * Default is 'e'.
  177. *
  178. * user_guid => INT Optional GUID for the user that we are retrieving data for.
  179. * Defaults to the logged in user.
  180. *
  181. * use_enabled_clause => BOOL Optional. Should we append the enabled clause? The default
  182. * is set by access_show_hidden_entities().
  183. *
  184. * access_column => STR Optional access column name. Default is 'access_id'.
  185. *
  186. * owner_guid_column => STR Optional owner_guid column. Default is 'owner_guid'.
  187. *
  188. * guid_column => STR Optional guid_column. Default is 'guid'.
  189. *
  190. * @return string
  191. * @access private
  192. */
  193. function getWhereSql(array $options = array()) {
  194. global $ENTITY_SHOW_HIDDEN_OVERRIDE;
  195. $defaults = array(
  196. 'table_alias' => 'e',
  197. 'user_guid' => _elgg_services()->session->getLoggedInUserGuid(),
  198. 'use_enabled_clause' => !$ENTITY_SHOW_HIDDEN_OVERRIDE,
  199. 'access_column' => 'access_id',
  200. 'owner_guid_column' => 'owner_guid',
  201. 'guid_column' => 'guid',
  202. );
  203. $options = array_merge($defaults, $options);
  204. // just in case someone passes a . at the end
  205. $options['table_alias'] = rtrim($options['table_alias'], '.');
  206. foreach (array('table_alias', 'access_column', 'owner_guid_column', 'guid_column') as $key) {
  207. $options[$key] = sanitize_string($options[$key]);
  208. }
  209. $options['user_guid'] = sanitize_int($options['user_guid'], false);
  210. // only add dot if we have an alias or table name
  211. $table_alias = $options['table_alias'] ? $options['table_alias'] . '.' : '';
  212. $options['ignore_access'] = elgg_check_access_overrides($options['user_guid']);
  213. $clauses = array(
  214. 'ors' => array(),
  215. 'ands' => array()
  216. );
  217. $prefix = _elgg_services()->db->getTablePrefix();
  218. if ($options['ignore_access']) {
  219. $clauses['ors'][] = '1 = 1';
  220. } else if ($options['user_guid']) {
  221. // include content of user's friends
  222. $clauses['ors'][] = "$table_alias{$options['access_column']} = " . ACCESS_FRIENDS . "
  223. AND $table_alias{$options['owner_guid_column']} IN (
  224. SELECT guid_one FROM {$prefix}entity_relationships
  225. WHERE relationship = 'friend' AND guid_two = {$options['user_guid']}
  226. )";
  227. // include user's content
  228. $clauses['ors'][] = "$table_alias{$options['owner_guid_column']} = {$options['user_guid']}";
  229. }
  230. // include standard accesses (public, logged in, access collections)
  231. if (!$options['ignore_access']) {
  232. $access_list = get_access_list($options['user_guid']);
  233. $clauses['ors'][] = "$table_alias{$options['access_column']} IN {$access_list}";
  234. }
  235. if ($options['use_enabled_clause']) {
  236. $clauses['ands'][] = "{$table_alias}enabled = 'yes'";
  237. }
  238. $clauses = _elgg_services()->hooks->trigger('get_sql', 'access', $options, $clauses);
  239. $clauses_str = '';
  240. if (is_array($clauses['ors']) && $clauses['ors']) {
  241. $clauses_str = '(' . implode(' OR ', $clauses['ors']) . ')';
  242. }
  243. if (is_array($clauses['ands']) && $clauses['ands']) {
  244. if ($clauses_str) {
  245. $clauses_str .= ' AND ';
  246. }
  247. $clauses_str .= '(' . implode(' AND ', $clauses['ands']) . ')';
  248. }
  249. return "($clauses_str)";
  250. }
  251. /**
  252. * Can a user access an entity.
  253. *
  254. * @warning If a logged in user doesn't have access to an entity, the
  255. * core engine will not load that entity.
  256. *
  257. * @tip This is mostly useful for checking if a user other than the logged in
  258. * user has access to an entity that is currently loaded.
  259. *
  260. * @todo This function would be much more useful if we could pass the guid of the
  261. * entity to test access for. We need to be able to tell whether the entity exists
  262. * and whether the user has access to the entity.
  263. *
  264. * @param \ElggEntity $entity The entity to check access for.
  265. * @param \ElggUser $user Optionally user to check access for. Defaults to
  266. * logged in user (which is a useless default).
  267. *
  268. * @return bool
  269. */
  270. function hasAccessToEntity($entity, $user = null) {
  271. // See #7159. Must not allow ignore access to affect query
  272. $ia = elgg_set_ignore_access(false);
  273. if (!isset($user)) {
  274. $access_bit = _elgg_get_access_where_sql();
  275. } else {
  276. $access_bit = _elgg_get_access_where_sql(array('user_guid' => $user->getGUID()));
  277. }
  278. elgg_set_ignore_access($ia);
  279. $db = _elgg_services()->db;
  280. $prefix = $db->getTablePrefix();
  281. $query = "SELECT guid from {$prefix}entities e WHERE e.guid = {$entity->guid}";
  282. // Add access controls
  283. $query .= " AND " . $access_bit;
  284. if ($db->getData($query)) {
  285. return true;
  286. } else {
  287. return false;
  288. }
  289. }
  290. /**
  291. * Returns an array of access permissions that the user is allowed to save content with.
  292. * Permissions returned are of the form (id => 'name').
  293. *
  294. * Example return value in English:
  295. * array(
  296. * 0 => 'Private',
  297. * -2 => 'Friends',
  298. * 1 => 'Logged in users',
  299. * 2 => 'Public',
  300. * 34 => 'My favorite friends',
  301. * );
  302. *
  303. * Plugin hook of 'access:collections:write', 'user'
  304. *
  305. * @warning this only returns access collections that the user owns plus the
  306. * standard access levels. It does not return access collections that the user
  307. * belongs to such as the access collection for a group.
  308. *
  309. * @param int $user_guid The user's GUID.
  310. * @param int $site_guid The current site.
  311. * @param bool $flush If this is set to true, this will ignore a cached access array
  312. * @param array $input_params Some parameters passed into an input/access view
  313. *
  314. * @return array List of access permissions
  315. */
  316. function getWriteAccessArray($user_guid = 0, $site_guid = 0, $flush = false, array $input_params = array()) {
  317. global $init_finished;
  318. $cache = _elgg_services()->accessCache;
  319. if ($flush) {
  320. $cache->clear();
  321. }
  322. if ($user_guid == 0) {
  323. $user_guid = _elgg_services()->session->getLoggedInUserGuid();
  324. }
  325. if (($site_guid == 0) && $this->site_guid) {
  326. $site_guid = $this->site_guid;
  327. }
  328. $user_guid = (int) $user_guid;
  329. $site_guid = (int) $site_guid;
  330. $hash = $user_guid . $site_guid . 'get_write_access_array';
  331. if ($cache[$hash]) {
  332. $access_array = $cache[$hash];
  333. } else {
  334. // @todo is there such a thing as public write access?
  335. $access_array = array(
  336. ACCESS_PRIVATE => $this->getReadableAccessLevel(ACCESS_PRIVATE),
  337. ACCESS_FRIENDS => $this->getReadableAccessLevel(ACCESS_FRIENDS),
  338. ACCESS_LOGGED_IN => $this->getReadableAccessLevel(ACCESS_LOGGED_IN),
  339. ACCESS_PUBLIC => $this->getReadableAccessLevel(ACCESS_PUBLIC)
  340. );
  341. $collections = $this->getEntityCollections($user_guid, $site_guid);
  342. if ($collections) {
  343. foreach ($collections as $collection) {
  344. $access_array[$collection->id] = $collection->name;
  345. }
  346. }
  347. if ($init_finished) {
  348. $cache[$hash] = $access_array;
  349. }
  350. }
  351. $options = array(
  352. 'user_id' => $user_guid,
  353. 'site_id' => $site_guid,
  354. 'input_params' => $input_params,
  355. );
  356. return _elgg_services()->hooks->trigger('access:collections:write', 'user', $options, $access_array);
  357. }
  358. /**
  359. * Can the user change this access collection?
  360. *
  361. * Use the plugin hook of 'access:collections:write', 'user' to change this.
  362. * @see get_write_access_array() for details on the hook.
  363. *
  364. * Respects access control disabling for admin users and {@link elgg_set_ignore_access()}
  365. *
  366. * @see get_write_access_array()
  367. *
  368. * @param int $collection_id The collection id
  369. * @param mixed $user_guid The user GUID to check for. Defaults to logged in user.
  370. * @return bool
  371. */
  372. function canEdit($collection_id, $user_guid = null) {
  373. if ($user_guid) {
  374. $user = _elgg_services()->entityTable->get((int) $user_guid);
  375. } else {
  376. $user = _elgg_services()->session->getLoggedInUser();
  377. }
  378. $collection = get_access_collection($collection_id);
  379. if (!($user instanceof \ElggUser) || !$collection) {
  380. return false;
  381. }
  382. $write_access = get_write_access_array($user->getGUID(), 0, true);
  383. // don't ignore access when checking users.
  384. if ($user_guid) {
  385. return array_key_exists($collection_id, $write_access);
  386. } else {
  387. return elgg_get_ignore_access() || array_key_exists($collection_id, $write_access);
  388. }
  389. }
  390. /**
  391. * Creates a new access collection.
  392. *
  393. * Access colletions allow plugins and users to create granular access
  394. * for entities.
  395. *
  396. * Triggers plugin hook 'access:collections:addcollection', 'collection'
  397. *
  398. * @internal Access collections are stored in the access_collections table.
  399. * Memberships to collections are in access_collections_membership.
  400. *
  401. * @param string $name The name of the collection.
  402. * @param int $owner_guid The GUID of the owner (default: currently logged in user).
  403. * @param int $site_guid The GUID of the site (default: current site).
  404. *
  405. * @return int|false The collection ID if successful and false on failure.
  406. */
  407. function create($name, $owner_guid = 0, $site_guid = 0) {
  408. $name = trim($name);
  409. if (empty($name)) {
  410. return false;
  411. }
  412. if ($owner_guid == 0) {
  413. $owner_guid = _elgg_services()->session->getLoggedInUserGuid();
  414. }
  415. if (($site_guid == 0) && $this->site_guid) {
  416. $site_guid = $this->site_guid;
  417. }
  418. $db = _elgg_services()->db;
  419. $prefix = $db->getTablePrefix();
  420. $name = $db->sanitizeString($name);
  421. $q = "INSERT INTO {$prefix}access_collections
  422. SET name = '{$name}',
  423. owner_guid = {$owner_guid},
  424. site_guid = {$site_guid}";
  425. $id = $db->insertData($q);
  426. if (!$id) {
  427. return false;
  428. }
  429. $params = array(
  430. 'collection_id' => $id
  431. );
  432. if (!_elgg_services()->hooks->trigger('access:collections:addcollection', 'collection', $params, true)) {
  433. return false;
  434. }
  435. return $id;
  436. }
  437. /**
  438. * Updates the membership in an access collection.
  439. *
  440. * @warning Expects a full list of all members that should
  441. * be part of the access collection
  442. *
  443. * @note This will run all hooks associated with adding or removing
  444. * members to access collections.
  445. *
  446. * @param int $collection_id The ID of the collection.
  447. * @param array $members Array of member GUIDs
  448. *
  449. * @return bool
  450. */
  451. function update($collection_id, $members) {
  452. $acl = $this->get($collection_id);
  453. if (!$acl) {
  454. return false;
  455. }
  456. $members = (is_array($members)) ? $members : array();
  457. $cur_members = $this->getMembers($collection_id, true);
  458. $cur_members = (is_array($cur_members)) ? $cur_members : array();
  459. $remove_members = array_diff($cur_members, $members);
  460. $add_members = array_diff($members, $cur_members);
  461. $result = true;
  462. foreach ($add_members as $guid) {
  463. $result = $result && $this->addUser($guid, $collection_id);
  464. }
  465. foreach ($remove_members as $guid) {
  466. $result = $result && $this->removeUser($guid, $collection_id);
  467. }
  468. return $result;
  469. }
  470. /**
  471. * Deletes a specified access collection and its membership.
  472. *
  473. * @param int $collection_id The collection ID
  474. *
  475. * @return bool
  476. */
  477. function delete($collection_id) {
  478. $collection_id = (int) $collection_id;
  479. $params = array('collection_id' => $collection_id);
  480. if (!_elgg_services()->hooks->trigger('access:collections:deletecollection', 'collection', $params, true)) {
  481. return false;
  482. }
  483. $db = _elgg_services()->db;
  484. $prefix = $db->getTablePrefix();
  485. // Deleting membership doesn't affect result of deleting ACL.
  486. $q = "DELETE FROM {$prefix}access_collection_membership
  487. WHERE access_collection_id = {$collection_id}";
  488. $db->deleteData($q);
  489. $q = "DELETE FROM {$prefix}access_collections
  490. WHERE id = {$collection_id}";
  491. $result = $db->deleteData($q);
  492. return (bool)$result;
  493. }
  494. /**
  495. * Get a specified access collection
  496. *
  497. * @note This doesn't return the members of an access collection,
  498. * just the database row of the actual collection.
  499. *
  500. * @see get_members_of_access_collection()
  501. *
  502. * @param int $collection_id The collection ID
  503. *
  504. * @return object|false
  505. */
  506. function get($collection_id) {
  507. $collection_id = (int) $collection_id;
  508. $db = _elgg_services()->db;
  509. $prefix = $db->getTablePrefix();
  510. $query = "SELECT * FROM {$prefix}access_collections WHERE id = {$collection_id}";
  511. $get_collection = $db->getDataRow($query);
  512. return $get_collection;
  513. }
  514. /**
  515. * Adds a user to an access collection.
  516. *
  517. * Triggers the 'access:collections:add_user', 'collection' plugin hook.
  518. *
  519. * @param int $user_guid The GUID of the user to add
  520. * @param int $collection_id The ID of the collection to add them to
  521. *
  522. * @return bool
  523. */
  524. function addUser($user_guid, $collection_id) {
  525. $collection_id = (int) $collection_id;
  526. $user_guid = (int) $user_guid;
  527. $user = get_user($user_guid);
  528. $collection = $this->get($collection_id);
  529. if (!($user instanceof \ElggUser) || !$collection) {
  530. return false;
  531. }
  532. $params = array(
  533. 'collection_id' => $collection_id,
  534. 'user_guid' => $user_guid
  535. );
  536. $result = _elgg_services()->hooks->trigger('access:collections:add_user', 'collection', $params, true);
  537. if ($result == false) {
  538. return false;
  539. }
  540. $db = _elgg_services()->db;
  541. $prefix = $db->getTablePrefix();
  542. // if someone tries to insert the same data twice, we do a no-op on duplicate key
  543. $q = "INSERT INTO {$prefix}access_collection_membership
  544. SET access_collection_id = $collection_id, user_guid = $user_guid
  545. ON DUPLICATE KEY UPDATE user_guid = user_guid";
  546. $result = $db->insertData($q);
  547. return $result !== false;
  548. }
  549. /**
  550. * Removes a user from an access collection.
  551. *
  552. * Triggers the 'access:collections:remove_user', 'collection' plugin hook.
  553. *
  554. * @param int $user_guid The user GUID
  555. * @param int $collection_id The access collection ID
  556. *
  557. * @return bool
  558. */
  559. function removeUser($user_guid, $collection_id) {
  560. $collection_id = (int) $collection_id;
  561. $user_guid = (int) $user_guid;
  562. $user = get_user($user_guid);
  563. $collection = $this->get($collection_id);
  564. if (!($user instanceof \ElggUser) || !$collection) {
  565. return false;
  566. }
  567. $params = array(
  568. 'collection_id' => $collection_id,
  569. 'user_guid' => $user_guid,
  570. );
  571. if (!_elgg_services()->hooks->trigger('access:collections:remove_user', 'collection', $params, true)) {
  572. return false;
  573. }
  574. $db = _elgg_services()->db;
  575. $prefix = $db->getTablePrefix();
  576. $q = "DELETE FROM {$prefix}access_collection_membership
  577. WHERE access_collection_id = {$collection_id}
  578. AND user_guid = {$user_guid}";
  579. return (bool)$db->deleteData($q);
  580. }
  581. /**
  582. * Returns an array of database row objects of the access collections owned by $owner_guid.
  583. *
  584. * @param int $owner_guid The entity guid
  585. * @param int $site_guid The GUID of the site (default: current site).
  586. *
  587. * @return array|false
  588. */
  589. function getEntityCollections($owner_guid, $site_guid = 0) {
  590. $owner_guid = (int) $owner_guid;
  591. $site_guid = (int) $site_guid;
  592. if (($site_guid == 0) && $this->site_guid) {
  593. $site_guid = $this->site_guid;
  594. }
  595. $db = _elgg_services()->db;
  596. $prefix = $db->getTablePrefix();
  597. $query = "SELECT * FROM {$prefix}access_collections
  598. WHERE owner_guid = {$owner_guid}
  599. AND site_guid = {$site_guid}
  600. ORDER BY name ASC";
  601. $collections = $db->getData($query);
  602. return $collections;
  603. }
  604. /**
  605. * Get all of members of an access collection
  606. *
  607. * @param int $collection_id The collection's ID
  608. * @param bool $guids_only If set to true, will only return the members' GUIDs (default: false)
  609. *
  610. * @return ElggUser[]|int[]|false guids or entities if successful, false if not
  611. */
  612. function getMembers($collection_id, $guids_only = false) {
  613. $collection_id = (int) $collection_id;
  614. $db = _elgg_services()->db;
  615. $prefix = $db->getTablePrefix();
  616. if (!$guids_only) {
  617. $query = "SELECT e.* FROM {$prefix}access_collection_membership m"
  618. . " JOIN {$prefix}entities e ON e.guid = m.user_guid"
  619. . " WHERE m.access_collection_id = {$collection_id}";
  620. $collection_members = $db->getData($query, "entity_row_to_elggstar");
  621. } else {
  622. $query = "SELECT e.guid FROM {$prefix}access_collection_membership m"
  623. . " JOIN {$prefix}entities e ON e.guid = m.user_guid"
  624. . " WHERE m.access_collection_id = {$collection_id}";
  625. $collection_members = $db->getData($query);
  626. if (!$collection_members) {
  627. return false;
  628. }
  629. foreach ($collection_members as $key => $val) {
  630. $collection_members[$key] = $val->guid;
  631. }
  632. }
  633. return $collection_members;
  634. }
  635. /**
  636. * Return an array of database row objects of the access collections $entity_guid is a member of.
  637. *
  638. * @param int $member_guid The entity guid
  639. * @param int $site_guid The GUID of the site (default: current site).
  640. *
  641. * @return array|false
  642. */
  643. function getCollectionsByMember($member_guid, $site_guid = 0) {
  644. $member_guid = (int) $member_guid;
  645. $site_guid = (int) $site_guid;
  646. if (($site_guid == 0) && $this->site_guid) {
  647. $site_guid = $this->site_guid;
  648. }
  649. $db = _elgg_services()->db;
  650. $prefix = $db->getTablePrefix();
  651. $query = "SELECT ac.* FROM {$prefix}access_collections ac
  652. JOIN {$prefix}access_collection_membership m ON ac.id = m.access_collection_id
  653. WHERE m.user_guid = {$member_guid}
  654. AND ac.site_guid = {$site_guid}
  655. ORDER BY name ASC";
  656. $collections = $db->getData($query);
  657. return $collections;
  658. }
  659. /**
  660. * Return the name of an ACCESS_* constant or an access collection,
  661. * but only if the logged in user owns the access collection or is an admin.
  662. * Ownership requirement prevents us from exposing names of access collections
  663. * that current user has been added to by other members and may contain
  664. * sensitive classification of the current user (e.g. close friends vs acquaintances).
  665. *
  666. * Returns a string in the language of the user for global access levels, e.g.'Public, 'Friends', 'Logged in', 'Private';
  667. * or a name of the owned access collection, e.g. 'My work colleagues';
  668. * or a name of the group or other access collection, e.g. 'Group: Elgg technical support';
  669. * or 'Limited' if the user access is restricted to read-only, e.g. a friends collection the user was added to
  670. *
  671. * @param int $entity_access_id The entity's access id
  672. *
  673. * @return string
  674. * @since 1.11
  675. */
  676. function getReadableAccessLevel($entity_access_id) {
  677. $access = (int) $entity_access_id;
  678. $translator = _elgg_services()->translator;
  679. // Check if entity access id is a defined global constant
  680. $access_array = array(
  681. ACCESS_PRIVATE => $translator->translate("PRIVATE"),
  682. ACCESS_FRIENDS => $translator->translate("access:friends:label"),
  683. ACCESS_LOGGED_IN => $translator->translate("LOGGED_IN"),
  684. ACCESS_PUBLIC => $translator->translate("PUBLIC"),
  685. );
  686. if (array_key_exists($access, $access_array)) {
  687. return $access_array[$access];
  688. }
  689. $user_guid = _elgg_services()->session->getLoggedInUserGuid();
  690. if (!$user_guid) {
  691. // return 'Limited' if there is no logged in user
  692. return $translator->translate('access:limited:label');
  693. }
  694. // Entity access id is probably a custom access collection
  695. // Check if the user has write access to it and can see it's label
  696. // Admins should always be able to see the readable version
  697. $collection = $this->get($access);
  698. if ($collection) {
  699. if (($collection->owner_guid == $user_guid) || _elgg_services()->session->isAdminLoggedIn()) {
  700. return $collection->name;
  701. }
  702. }
  703. // return 'Limited' if the user does not have access to the access collection
  704. return $translator->translate('access:limited:label');
  705. }
  706. }