edit.php 6.6 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230
  1. <?php
  2. /**
  3. * Elgg groups plugin edit action.
  4. *
  5. * @package ElggGroups
  6. */
  7. elgg_make_sticky_form('groups');
  8. /**
  9. * wrapper for recursive array walk decoding
  10. *
  11. * @param string &$v value
  12. *
  13. * @return string
  14. */
  15. function profile_array_decoder(&$v) {
  16. $v = _elgg_html_decode($v);
  17. }
  18. // Get group fields
  19. $input = array();
  20. foreach (elgg_get_config('group') as $shortname => $valuetype) {
  21. $input[$shortname] = get_input($shortname);
  22. // @todo treat profile fields as unescaped: don't filter, encode on output
  23. if (is_array($input[$shortname])) {
  24. array_walk_recursive($input[$shortname], 'profile_array_decoder');
  25. } else {
  26. $input[$shortname] = _elgg_html_decode($input[$shortname]);
  27. }
  28. if ($valuetype == 'tags') {
  29. $input[$shortname] = string_to_tag_array($input[$shortname]);
  30. }
  31. }
  32. $input['name'] = htmlspecialchars(get_input('name', '', false), ENT_QUOTES, 'UTF-8');
  33. $user = elgg_get_logged_in_user_entity();
  34. $group_guid = (int)get_input('group_guid');
  35. $is_new_group = $group_guid == 0;
  36. if ($is_new_group
  37. && (elgg_get_plugin_setting('limited_groups', 'groups') == 'yes')
  38. && !$user->isAdmin()) {
  39. register_error(elgg_echo("groups:cantcreate"));
  40. forward(REFERER);
  41. }
  42. $group = $group_guid ? get_entity($group_guid) : new ElggGroup();
  43. if (elgg_instanceof($group, "group") && !$group->canEdit()) {
  44. register_error(elgg_echo("groups:cantedit"));
  45. forward(REFERER);
  46. }
  47. // Assume we can edit or this is a new group
  48. if (sizeof($input) > 0) {
  49. foreach ($input as $shortname => $value) {
  50. // update access collection name if group name changes
  51. if (!$is_new_group && $shortname == 'name' && $value != $group->name) {
  52. $group_name = html_entity_decode($value, ENT_QUOTES, 'UTF-8');
  53. $ac_name = sanitize_string(elgg_echo('groups:group') . ": " . $group_name);
  54. $acl = get_access_collection($group->group_acl);
  55. if ($acl) {
  56. // @todo Elgg api does not support updating access collection name
  57. $db_prefix = elgg_get_config('dbprefix');
  58. $query = "UPDATE {$db_prefix}access_collections SET name = '$ac_name'
  59. WHERE id = $group->group_acl";
  60. update_data($query);
  61. }
  62. }
  63. $group->$shortname = $value;
  64. }
  65. }
  66. // Validate create
  67. if (!$group->name) {
  68. register_error(elgg_echo("groups:notitle"));
  69. forward(REFERER);
  70. }
  71. // Set group tool options
  72. $tool_options = elgg_get_config('group_tool_options');
  73. if ($tool_options) {
  74. foreach ($tool_options as $group_option) {
  75. $option_toggle_name = $group_option->name . "_enable";
  76. $option_default = $group_option->default_on ? 'yes' : 'no';
  77. $group->$option_toggle_name = get_input($option_toggle_name, $option_default);
  78. }
  79. }
  80. // Group membership - should these be treated with same constants as access permissions?
  81. $is_public_membership = (get_input('membership') == ACCESS_PUBLIC);
  82. $group->membership = $is_public_membership ? ACCESS_PUBLIC : ACCESS_PRIVATE;
  83. $content_access_mode = get_input('content_access_mode');
  84. $group->setContentAccessMode($content_access_mode);
  85. if ($is_new_group) {
  86. $group->access_id = ACCESS_PUBLIC;
  87. // if new group, we need to save so group acl gets set in event handler
  88. $group->save();
  89. }
  90. // Invisible group support
  91. // @todo this requires save to be called to create the acl for the group. This
  92. // is an odd requirement and should be removed. Either the acl creation happens
  93. // in the action or the visibility moves to a plugin hook
  94. if (elgg_get_plugin_setting('hidden_groups', 'groups') == 'yes') {
  95. $visibility = (int)get_input('vis');
  96. if ($visibility == ACCESS_PRIVATE) {
  97. // Make this group visible only to group members. We need to use
  98. // ACCESS_PRIVATE on the form and convert it to group_acl here
  99. // because new groups do not have acl until they have been saved once.
  100. $visibility = $group->group_acl;
  101. // Force all new group content to be available only to members
  102. $group->setContentAccessMode(ElggGroup::CONTENT_ACCESS_MODE_MEMBERS_ONLY);
  103. }
  104. $group->access_id = $visibility;
  105. }
  106. $group->save();
  107. // default access
  108. $default_access = (int) get_input('group_default_access');
  109. if (($group->getContentAccessMode() === ElggGroup::CONTENT_ACCESS_MODE_MEMBERS_ONLY) && (($default_access === ACCESS_PUBLIC) || ($default_access === ACCESS_LOGGED_IN))) {
  110. system_message(elgg_echo('group_tools:action:group:edit:error:default_access'));
  111. $default_access = (int) $group->group_acl;
  112. }
  113. $group->setPrivateSetting("elgg_default_access", $default_access);
  114. // group saved so clear sticky form
  115. elgg_clear_sticky_form('groups');
  116. // group creator needs to be member of new group and river entry created
  117. if ($is_new_group) {
  118. // @todo this should not be necessary...
  119. elgg_set_page_owner_guid($group->guid);
  120. $group->join($user);
  121. elgg_create_river_item(array(
  122. 'view' => 'river/group/create',
  123. 'action_type' => 'create',
  124. 'subject_guid' => $user->guid,
  125. 'object_guid' => $group->guid,
  126. ));
  127. }
  128. $has_uploaded_icon = get_resized_image_from_uploaded_file("icon", 100, 100);
  129. if ($has_uploaded_icon) {
  130. $icon_sizes = elgg_get_config('icon_sizes');
  131. $prefix = "groups/" . $group->guid;
  132. $filehandler = new ElggFile();
  133. $filehandler->owner_guid = $group->owner_guid;
  134. $filehandler->setFilename($prefix . ".jpg");
  135. $filehandler->open("write");
  136. $filehandler->write(get_uploaded_file('icon'));
  137. $filehandler->close();
  138. $filename = $filehandler->getFilenameOnFilestore();
  139. $sizes = array('tiny', 'small', 'medium', 'large');
  140. $thumbs = array();
  141. foreach ($sizes as $size) {
  142. $thumbs[$size] = get_resized_image_from_existing_file(
  143. $filename,
  144. $icon_sizes[$size]['w'],
  145. $icon_sizes[$size]['h'],
  146. $icon_sizes[$size]['square']
  147. );
  148. }
  149. if ($thumbs['tiny']) { // just checking if resize successful
  150. $thumb = new ElggFile();
  151. $thumb->owner_guid = $group->owner_guid;
  152. $thumb->setMimeType('image/jpeg');
  153. foreach ($sizes as $size) {
  154. $thumb->setFilename("{$prefix}{$size}.jpg");
  155. $thumb->open("write");
  156. $thumb->write($thumbs[$size]);
  157. $thumb->close();
  158. }
  159. $group->icontime = time();
  160. }
  161. }
  162. // owner transfer
  163. $old_owner_guid = $is_new_group ? 0 : $group->owner_guid;
  164. $new_owner_guid = (int) get_input('owner_guid');
  165. if (!$is_new_group && $new_owner_guid && ($new_owner_guid != $old_owner_guid)) {
  166. // who can transfer
  167. $admin_transfer = elgg_get_plugin_setting("admin_transfer", "group_tools");
  168. $transfer_allowed = false;
  169. if (($admin_transfer == "admin") && elgg_is_admin_logged_in()) {
  170. $transfer_allowed = true;
  171. } elseif (($admin_transfer == "owner") && (($group->getOwnerGUID() == $user->getGUID()) || elgg_is_admin_logged_in())) {
  172. $transfer_allowed = true;
  173. }
  174. if ($transfer_allowed) {
  175. // get the new owner
  176. $new_owner = get_user($new_owner_guid);
  177. // transfer the group to the new owner
  178. group_tools_transfer_group_ownership($group, $new_owner);
  179. }
  180. }
  181. system_message(elgg_echo("groups:saved"));
  182. forward($group->getUrl());