start.php 6.9 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254
  1. <?php
  2. namespace MFP\BlockUsers;
  3. /**
  4. * Block users
  5. *
  6. * Blocked users are stored as private settings on the blocking user entity.
  7. * When a user accesses a page that is owned by someone who blocked him, the list of blocked users
  8. * is pulled from the 'blocked' relationship and checked. If the user is blocked, it redirects to a
  9. * message page. The redirect is necessary because we don't want to fire the pagesetup events on
  10. * the blocked page again.
  11. */
  12. const PLUGIN_ID = 'block_users';
  13. require_once __DIR__ . '/lib/functions.php';
  14. elgg_register_event_handler('init', 'system', __NAMESPACE__ . '\\init');
  15. /**
  16. * Init
  17. */
  18. function init() {
  19. elgg_register_page_handler('block_users', __NAMESPACE__ . '\\page_handler');
  20. // settings menu
  21. $menu_item = \ElggMenuItem::factory(array(
  22. 'name' => 'blocked_users',
  23. 'text' => elgg_echo('block_users:manage_blocked_users'),
  24. 'href' => 'block_users/blocked_users',
  25. 'context' => 'settings'
  26. ));
  27. elgg_register_menu_item('page', $menu_item);
  28. // user hover menu
  29. elgg_register_plugin_hook_handler('register', 'menu:user_hover', __NAMESPACE__ . '\\setup_hover_menu');
  30. elgg_register_plugin_hook_handler('action', 'messages/send', __NAMESPACE__ . '\\messages_send_action');
  31. // actions
  32. elgg_register_action('block_users/block', __DIR__ . "/actions/block_users/block.php");
  33. elgg_register_action('block_users/unblock', __DIR__ . "/actions/block_users/unblock.php");
  34. // check page owners
  35. elgg_register_event_handler('pagesetup', 'system', __NAMESPACE__ . '\\check_page_owner', 1000);
  36. // check actions
  37. elgg_register_plugin_hook_handler('action', 'all', __NAMESPACE__ . '\\check_action');
  38. // register default actions
  39. elgg_register_plugin_hook_handler('block_users', 'get_actions', __NAMESPACE__ . '\\default_actions');
  40. }
  41. /**
  42. * Serve pages. URLs in the form:
  43. *
  44. * pg/block_users/blocked_users/<username> - Users blocked by <username>. If not set, defaults to logged in.
  45. * pg/block_users/blocked - The page to display when a user is blocked.
  46. *
  47. * @param array $page
  48. * @return bool Depending on success
  49. */
  50. function page_handler($page) {
  51. gatekeeper();
  52. if (!isset($page[0])) {
  53. $page[0] = 'blocked_users';
  54. }
  55. switch($page[0]) {
  56. case 'blocked_user_content':
  57. $site = elgg_get_site_entity();
  58. elgg_set_page_owner_guid($site->guid);
  59. include dirname(__FILE__) . '/pages/block_users/blocked_user_content.php';
  60. break;
  61. case 'blocked_content':
  62. $site = elgg_get_site_entity();
  63. elgg_set_page_owner_guid($site->guid);
  64. include dirname(__FILE__) . '/pages/block_users/blocked_content.php';
  65. break;
  66. default:
  67. case 'blocked_users':
  68. $logged_in_user = elgg_get_logged_in_user_entity();
  69. if (!isset($page[1])) {
  70. $page[1] = $logged_in_user->username;
  71. }
  72. set_input('blocking_username', $page[1]);
  73. // only admins can see another user's block list
  74. if ($page[1] != $logged_in_user->username) {
  75. admin_gatekeeper();
  76. }
  77. include dirname(__FILE__) . '/pages/block_users/blocked_users.php';
  78. }
  79. return true;
  80. }
  81. /**
  82. * Disallows blocked users from performing actions on the users who blocked them.
  83. * Also disallows blocking users from performing the same actions so they can't troll.
  84. *
  85. * @param type $hook
  86. * @param type $type
  87. * @param type $value
  88. * @param type $params
  89. */
  90. function check_action($hook, $type, $value, $params) {
  91. $actions = elgg_trigger_plugin_hook('block_users', 'get_actions', null, array());
  92. if (isset($actions[$type])) {
  93. $target_user = get_entity(get_input($actions[$type]));
  94. $viewing_user = elgg_get_logged_in_user_entity();
  95. if ($target_user instanceof \ElggUser) {
  96. // viewing user is blocked by target_user
  97. if (is_blocked($viewing_user, $target_user)) {
  98. // @todo should this emit a error then forward to referrer?
  99. forward('block_users/blocked_content');
  100. }
  101. // viewing user has blocked target user
  102. if (is_blocked($target_user, $viewing_user)) {
  103. // redirect to the REFERRING PAGE if unblocked.
  104. if (isset($_SERVER['HTTP_REFERER'])) {
  105. $next = '&next=' . urlencode($_SERVER['HTTP_REFERER']);
  106. } else {
  107. $next = '';
  108. }
  109. // @todo should this emit a error then forward to referrer?
  110. forward('block_users/blocked_user_content?blocked_username=' . $target_user->username . $next);
  111. }
  112. }
  113. }
  114. }
  115. /**
  116. * Returns a set of default blocked actions for the core plugins
  117. *
  118. * @param type $hook
  119. * @param type $type
  120. * @param type $value
  121. * @param type $params
  122. */
  123. function default_actions($hook, $type, $value, $params) {
  124. if (!is_array($value)) {
  125. $value = array();
  126. }
  127. $value['messageboard/add'] = 'pageOwner';
  128. $value['messages/send'] = 'send_to';
  129. $value['friends/add'] = 'friend';
  130. return $value;
  131. }
  132. /**
  133. * Intercept pages and check the page owner.
  134. *
  135. * @param type $event
  136. * @param type $type
  137. * @param type $return
  138. * @return type
  139. */
  140. function check_page_owner($event, $type, $return) {
  141. $page_owner = elgg_get_page_owner_entity();
  142. if (!$page_owner) {
  143. return null;
  144. }
  145. $viewing_user = elgg_get_logged_in_user_entity();
  146. if (!$viewing_user) {
  147. return null;
  148. }
  149. // viewing user is blocked by content owner.
  150. if (is_blocked($viewing_user, $page_owner)) {
  151. forward('block_users/blocked_content');
  152. }
  153. // viewing user has blocked the content owner
  154. if (is_blocked($page_owner, $viewing_user)) {
  155. // redirect to THIS PAGE if unblocked.
  156. $url = current_page_url();
  157. if ($url) {
  158. $next = '&next=' . urlencode($url);
  159. } else {
  160. $next = '';
  161. }
  162. forward('block_users/blocked_user_content?blocked_username=' . $page_owner->username . $next);
  163. }
  164. }
  165. /**
  166. * Add a menu item to block users to the user hover menu.
  167. *
  168. * @param type $hook
  169. * @param type $type
  170. * @param type $return
  171. * @param type $params
  172. * @return \ElggMenuItem
  173. */
  174. function setup_hover_menu($hook, $type, $return, $params) {
  175. $user = $params['entity'];
  176. if (!elgg_is_logged_in() || elgg_get_logged_in_user_guid() == $user->guid) {
  177. return $return;
  178. }
  179. $logged_in_user = elgg_get_logged_in_user_entity();
  180. if (elgg_in_context('profile') && !elgg_in_context('widgets')) {
  181. $class = 'elgg-button elgg-button-action';
  182. }
  183. if (is_blocked($user, $logged_in_user)) {
  184. $link = elgg_view('output/url', array(
  185. 'href' => 'action/block_users/unblock?blocked_user_guid=' . $user->getGUID(),
  186. 'text' => elgg_echo('block_users:unblock_user'),
  187. 'confirm' => true,
  188. 'class' => $class
  189. ));
  190. } else {
  191. $link = elgg_view('output/url', array(
  192. 'href' => 'action/block_users/block?blocked_user_guid=' . $user->getGUID(),
  193. 'text' => elgg_echo('block_users:block_user'),
  194. 'confirm' => true,
  195. 'class' => $class
  196. ));
  197. }
  198. $item = new \ElggMenuItem('block', $link, false);
  199. $item->setSection('action');
  200. $return[] = $item;
  201. return $return;
  202. }
  203. function messages_send_action($hook, $type, $return, $params) {
  204. $user = get_user_by_username(get_input('recipient_username'));
  205. if (is_blocked(elgg_get_logged_in_user_entity(), $user)) {
  206. elgg_make_sticky_form('messages');
  207. register_error(elgg_echo('block_users:blocked_content_notice'));
  208. return false;
  209. }
  210. }