/**
* Return a string of access_ids for $user_id appropriate for inserting into an SQL IN clause.
*
* @uses get_access_array
*
* @link http://docs.elgg.org/Access
* @see get_access_array()
*
* @param int $user_id User ID; defaults to currently logged in user
* @param int $site_id Site ID; defaults to current site
* @param bool $flush If set to true, will refresh the access list from the
* database rather than using this function's cache.
*
* @return string A list of access collections suitable for using in an SQL call
* @access private
*/
function get_access_list($user_id = 0, $site_id = 0, $flush = false)
{
global $CONFIG, $init_finished;
$cache = _elgg_get_access_cache();
if ($flush) {
$cache->clear();
}
if ($user_id == 0) {
$user_id = elgg_get_logged_in_user_guid();
}
if ($site_id == 0 && isset($CONFIG->site_id)) {
$site_id = $CONFIG->site_id;
}
$user_id = (int) $user_id;
$site_id = (int) $site_id;
$hash = $user_id . $site_id . 'get_access_list';
if ($cache[$hash]) {
return $cache[$hash];
}
$access_array = get_access_array($user_id, $site_id, $flush);
$access = "(" . implode(",", $access_array) . ")";
if ($init_finished) {
$cache[$hash] = $access;
}
return $access;
}
/**
* Return a string of access_ids for $user_id appropriate for inserting into an SQL IN clause.
*
* @uses get_access_array
*
* @link http://docs.elgg.org/Access
* @see get_access_array()
*
* @param int $user_id User ID; defaults to currently logged in user
* @param int $site_id Site ID; defaults to current site
* @param bool $flush If set to true, will refresh the access list from the
* database rather than using this function's cache.
*
* @return string A list of access collections suitable for using in an SQL call
* @access private
*/
function get_access_list($user_id = 0, $site_id = 0, $flush = false)
{
global $CONFIG, $init_finished;
static $access_list;
if (!isset($access_list)) {
$access_list = array();
}
if ($user_id == 0) {
$user_id = elgg_get_logged_in_user_guid();
}
if ($site_id == 0 && isset($CONFIG->site_id)) {
$site_id = $CONFIG->site_id;
}
$user_id = (int) $user_id;
$site_id = (int) $site_id;
if (isset($access_list[$user_id]) && $flush == false) {
return $access_list[$user_id];
}
$access = "(" . implode(",", get_access_array($user_id, $site_id, $flush)) . ")";
// only cache if done with init and access is enabled (unless admin user)
// session is loaded before init is finished, so don't need to check for user session
if ($init_finished && (elgg_is_admin_logged_in() || !elgg_get_ignore_access())) {
$access_list[$user_id] = $access;
return $access_list[$user_id];
} else {
return $access;
}
}
/**
* Return a string of access_ids for $user_guid appropriate for inserting into an SQL IN clause.
*
* @uses get_access_array
*
* @see get_access_array()
*
* @param int $user_guid User ID; defaults to currently logged in user
* @param int $site_guid Site ID; defaults to current site
* @param bool $flush If set to true, will refresh the access list from the
* database rather than using this function's cache.
*
* @return string A list of access collections suitable for using in an SQL call
* @access private
*/
function getAccessList($user_guid = 0, $site_guid = 0, $flush = false)
{
global $init_finished;
$cache = _elgg_services()->accessCache;
if ($flush) {
$cache->clear();
}
if ($user_guid == 0) {
$user_guid = _elgg_services()->session->getLoggedInUserGuid();
}
if ($site_guid == 0 && $this->site_guid) {
$site_guid = $this->site_guid;
}
$user_guid = (int) $user_guid;
$site_guid = (int) $site_guid;
$hash = $user_guid . $site_guid . 'get_access_list';
if ($cache[$hash]) {
return $cache[$hash];
}
$access_array = get_access_array($user_guid, $site_guid, $flush);
$access = "(" . implode(",", $access_array) . ")";
if ($init_finished) {
$cache[$hash] = $access;
}
return $access;
}
function pleiofile_permissions_check($hook_name, $entity_type, $return_value, $parameters)
{
$user = $parameters['user'];
$entity = $parameters['entity'];
if (!$user | !$entity) {
return $return_value;
}
if ($entity->getType() !== "object" | !in_array($entity->getSubtype(), array(PLEIOFILE_FILE_OBJECT, PLEIOFILE_FOLDER_OBJECT))) {
return $return_value;
}
if ($return_value === true) {
return true;
}
$write_permission = $entity->write_access_id;
if (!$write_permission) {
$write_permission = ACCESS_PRIVATE;
}
switch ($write_permission) {
case ACCESS_PRIVATE:
return;
break;
case ACCESS_FRIENDS:
$owner = $params['entity']->getOwnerEntity();
if ($owner && $owner->isFriendsWith($user->guid)) {
return true;
}
break;
default:
$list = get_access_array($user->guid);
if (in_array($write_permission, $list)) {
// user in the access collection
return true;
}
break;
}
$container = $entity->getContainerEntity();
if (!$container instanceof ElggGroup) {
return false;
}
$container = $entity->getContainerEntity();
if ($container->isMember($user) && $container->pleiofile_management_can_edit_enable === "yes") {
return true;
} else {
return false;
}
}
public function __construct($index, $searchtype = SEARCH_DEFAULT)
{
$this->searchtype = $searchtype;
$this->params['index'] = $index;
$this->params['body'] = array();
$site = elgg_get_site_entity();
$this->params['body']['query']['bool']['must'][] = array('term' => array('site_guid' => $site->guid));
$user = elgg_get_logged_in_user_guid();
$ignore_access = elgg_check_access_overrides($user);
if ($ignore_access != true && !elgg_is_admin_logged_in()) {
$this->access_array = get_access_array();
$this->params['body']['query']['bool']['must'][] = array('terms' => array('access_id' => $this->access_array));
}
//@todo: implement $sort and $order
$this->params['body']['sort'] = array('time_updated' => 'desc');
$this->params['body']['facets'] = array();
$this->params['body']['facets']['type']['terms'] = array('field' => '_type');
$this->params['body']['facets']['subtype']['terms'] = array('field' => 'subtype');
}
/**
* Get the list of access restrictions the given user is allowed to see on this site
*
* @uses get_access_array
* @param int $user_id User ID; defaults to currently logged in user
* @param int $site_id Site ID; defaults to current site
* @param boolean $flush If set to true, will refresh the access list from the database
* @return string A list of access collections suitable for injection in an SQL call
*/
function get_access_list($user_id = 0, $site_id = 0, $flush = false)
{
global $CONFIG, $init_finished, $SESSION;
static $access_list;
if (!isset($access_list) || !$init_finished) {
$access_list = array();
}
if ($user_id == 0) {
$user_id = $SESSION['id'];
}
if ($site_id == 0 && isset($CONFIG->site_id)) {
$site_id = $CONFIG->site_id;
}
$user_id = (int) $user_id;
$site_id = (int) $site_id;
if (isset($access_list[$user_id])) {
return $access_list[$user_id];
}
$access_list[$user_id] = "(" . implode(",", get_access_array($user_id, $site_id, $flush)) . ")";
return $access_list[$user_id];
}
function elgg_solr_get_access_query()
{
if (elgg_is_admin_logged_in() || elgg_get_ignore_access()) {
return false;
// no access limit
}
static $return;
if ($return) {
return $return;
}
$access = get_access_array();
// access filter query
if ($access) {
$access_list = implode(' ', $access);
}
if (elgg_is_logged_in()) {
// get friends
// @TODO - is there a better way? Not sure if there's a limit on solr if
// someone has a whole lot of friends...
$friends = elgg_get_entities_from_relationship(array('type' => 'user', 'relationship' => 'friend', 'relationship_guid' => elgg_get_logged_in_user_guid(), 'inverse_relationship' => true, 'limit' => false, 'callback' => false));
$friend_guids = array();
foreach ($friends as $friend) {
$friend_guids[] = $friend->guid;
}
$friends_list = '';
if ($friend_guids) {
$friends_list = elgg_solr_escape_special_chars(implode(' ', $friend_guids));
}
}
//$query->createFilterQuery('access')->setQuery("owner_guid: {guid} OR access_id:({$access_list}) OR (access_id:" . ACCESS_FRIENDS . " AND owner_guid:({$friends}))");
if (elgg_is_logged_in()) {
$return = "owner_guid:" . elgg_get_logged_in_user_guid();
} else {
$return = '';
}
if ($access_list) {
if ($return) {
$return .= ' OR ';
}
$return .= "access_id:(" . elgg_solr_escape_special_chars($access_list) . ")";
}
$fr_prefix = '';
$fr_suffix = '';
if ($return && $friends_list) {
$return .= ' OR ';
$fr_prefix = '(';
$fr_suffix = ')';
}
if ($friends_list) {
$return .= $fr_prefix . 'access_id:' . elgg_solr_escape_special_chars(ACCESS_FRIENDS) . ' AND owner_guid:(' . $friends_list . ')' . $fr_suffix;
}
return $return;
}
/**
* Extend permissions checking to extend can-edit for write users.
*
* @param string $hook
* @param string $entity_type
* @param bool $returnvalue
* @param array $params
*
* @return bool
*/
function pages_write_permission_check($hook, $entity_type, $returnvalue, $params)
{
if (!pages_is_page($params['entity'])) {
return null;
}
$entity = $params['entity'];
/* @var ElggObject $entity */
$write_permission = $entity->write_access_id;
$user = $params['user'];
if ($write_permission && $user) {
switch ($write_permission) {
case ACCESS_PRIVATE:
// Elgg's default decision is what we want
return null;
break;
case ACCESS_FRIENDS:
$owner = $entity->getOwnerEntity();
if ($owner instanceof ElggUser && $owner->isFriendsWith($user->guid)) {
return true;
}
break;
default:
$list = get_access_array($user->guid);
if (in_array($write_permission, $list)) {
// user in the access collection
return true;
}
break;
}
}
}
/**
* Extend permissions checking to extend can-edit for write users.
*
* @param string $hook
* @param string $entity_type
* @param bool $returnvalue
* @param array $params
*/
function pages_write_permission_check($hook, $entity_type, $returnvalue, $params)
{
if ($params['entity']->getSubtype() == 'page' || $params['entity']->getSubtype() == 'page_top') {
$write_permission = $params['entity']->write_access_id;
$user = $params['user'];
if ($write_permission && $user) {
switch ($write_permission) {
case ACCESS_PRIVATE:
// Elgg's default decision is what we want
return;
break;
case ACCESS_FRIENDS:
$owner = $params['entity']->getOwnerEntity();
if ($owner && $owner->isFriendsWith($user->guid)) {
return true;
}
break;
default:
$list = get_access_array($user->guid);
if (in_array($write_permission, $list)) {
// user in the access collection
return true;
}
break;
}
}
}
}
/**
* Extend permissions checking to extend can-edit for write users.
*
* @param unknown_type $hook
* @param unknown_type $entity_type
* @param unknown_type $returnvalue
* @param unknown_type $params
*/
function pages_write_permission_check($hook, $entity_type, $returnvalue, $params)
{
if ($params['entity']->getSubtype() == 'page' || $params['entity']->getSubtype() == 'page_top') {
$write_permission = $params['entity']->write_access_id;
$user = $params['user'];
if ($write_permission && $user) {
// $list = get_write_access_array($user->guid);
$list = get_access_array($user->guid);
// get_access_list($user->guid);
if ($write_permission != 0 && in_array($write_permission, $list)) {
return true;
}
}
}
}
public function addEntityAccessFilter($user_guid = 0)
{
$user_guid = sanitise_int($user_guid, false);
if (empty($user_guid)) {
$user_guid = elgg_get_logged_in_user_guid();
}
if (elgg_check_access_overrides($user_guid)) {
return;
}
$access_filter = [];
if (!empty($user_guid)) {
// check for owned content
$access_filter[]['term']['owner_guid'] = $user_guid;
// add friends check
$friends = elgg_get_entities_from_relationship(['type' => 'user', 'relationship' => 'friend', 'relationship_guid' => $user_guid, 'inverse_relationship' => true, 'limit' => false, 'callback' => function ($row) {
return $row->guid;
}]);
if (!empty($friends)) {
$access_filter[] = ['bool' => ['must' => ['term' => ['owner_guid' => $friends], 'term' => ['access_id' => ACCESS_FRIENDS]]]];
}
}
// add acl filter
$access_array = get_access_array($user_guid);
if (!empty($access_array)) {
$access_filter[]['terms']['access_id'] = $access_array;
}
if (empty($access_filter)) {
return;
}
$filter['bool']['must'][]['bool']['should'] = $access_filter;
$this->addFilter($filter);
}
/**
* Add user profile fields, group membership, and user friendships to the Solr index
*
* @param string $hook "elgg_solr:index"
* @param string $type "user"
* @param DocumentInterface $return Solr document
* @param array $params Hook params
* @return DocumentInterface
*/
function elgg_solr_index_user($hook, $type, $return, $params)
{
$entity = elgg_extract('entity', $params);
if (!$entity instanceof ElggUser) {
return;
}
// Add username to doc
$return->username = $entity->username;
// Add profile fields to additional fields
$profile_fields = elgg_get_config('profile_fields');
if (is_array($profile_fields) && sizeof($profile_fields) > 0) {
foreach ($profile_fields as $shortname => $valtype) {
if (is_array($entity->{$shortname}) || $valtype == 'tags') {
$key = 'profile_' . $shortname . '_ss';
} else {
$key = 'profile_' . $shortname . '_s';
}
$return->{$key} = $entity->{$shortname};
}
}
// Index group membership
$group_guids = [];
$groups_batch = new ElggBatch('elgg_get_entities_from_relationship', ['type' => 'group', 'relationship' => 'member', 'relationship_guid' => $entity->guid, 'limit' => 0, 'callback' => false]);
foreach ($groups_batch as $group) {
$group_guids[] = $group->guid;
}
$return->groups_is = $group_guids;
$return->groups_count_i = count($group_guids);
// Index friendships (people friended by this user)
$friends_guids = [];
$friends_batch = new ElggBatch('elgg_get_entities_from_relationship', ['type' => 'user', 'relationship' => 'friend', 'relationship_guid' => $entity->guid, 'limit' => 0, 'callback' => false]);
foreach ($friends_batch as $friend) {
$friends_guids[] = $friend->guid;
}
$return->friends_is = $friends_guids;
$return->friends_count_i = count($friends_guids);
// Index friendships (people that friended this user)
$friends_of_guids = [];
$friends_of_batch = new ElggBatch('elgg_get_entities_from_relationship', ['type' => 'user', 'relationship' => 'friend', 'relationship_guid' => $entity->guid, 'inverse_relationship' => true, 'limit' => 0, 'callback' => false]);
foreach ($friends_of_batch as $friend_of) {
$friends_of_guids[] = $friend_of->guid;
}
$return->friends_of_is = $friends_of_guids;
$return->friends_of_count_i = count($friends_of_guids);
$return->last_login_i = (int) $entity->last_login;
$return->last_action_i = (int) $entity->last_action;
$return->has_pic_b = (bool) $entity->icontime;
$return->access_list_is = get_access_array($entity->guid, 0, true);
return $return;
}
// delete all annotations on the user
$annotations = elgg_get_annotations(array('guids' => array($user->guid)));
if (is_array($annotations)) {
foreach ($annotations as $annotation) {
$annotation->delete();
}
}
// delete all access collections
$collections = get_user_access_collections($user->guid);
if (is_array($collections)) {
foreach ($collections as $collection) {
delete_access_collection($collection->id);
}
}
// remove from access collections
$access = get_access_array();
foreach ($access as $id) {
if (!in_array($id, array(ACCESS_PUBLIC, ACCESS_LOGGED_IN, ACCESS_FRIENDS, ACCESS_PRIVATE))) {
remove_user_from_access_collection($user->guid, $id);
}
}
// reset password to unusable password
$user->password = '';
$user->salt = '';
$user->password_hash = '';
$user->email = "anon{$user->guid}@" . get_site_domain();
// set our single piece of metadata that tells us this user has been deleted
$user->member_selfdelete = "anonymized";
$user->save();
logout();
session_regenerate_id(true);
/**
* Extend permissions checking to extend can-edit for write users.
*
* @param unknown_type $hook
* @param unknown_type $entity_type
* @param unknown_type $returnvalue
* @param unknown_type $params
*/
function markdown_wiki_write_permission_check($hook, $entity_type, $returnvalue, $params)
{
if ($params['entity']->getSubtype() == 'markdown_wiki') {
$write_permission = $params['entity']->write_access_id;
$user = $params['user'];
if ($write_permission && $user) {
$list_access = get_access_array($user->guid);
if (can_write_to_container($user, $params['entity']->container_guid, 'object', 'markdown_wiki') || in_array($write_permission, $list_access)) {
return true;
}
}
}
return $returnvalue;
}
