/** * https://github.com/Elgg/Elgg/pull/6393 * Hook handlers for 'access:collections:write','all' hook should respect * group's content access mode and container write permissions */ public function testWriteAccessArray() { $membersonly = ElggGroup::CONTENT_ACCESS_MODE_MEMBERS_ONLY; $unrestricted = ElggGroup::CONTENT_ACCESS_MODE_UNRESTRICTED; $original_page_owner = elgg_get_page_owner_entity(); elgg_set_page_owner_guid($this->group->guid); $ia = elgg_set_ignore_access(false); // User is not a member of the group // Member-only group $this->group->setContentAccessMode($membersonly); $write_access = get_write_access_array($this->user->guid, true); $this->assertFalse(array_key_exists($this->group->group_acl, $write_access)); // Unrestricted group $this->group->setContentAccessMode($unrestricted); $write_access = get_write_access_array($this->user->guid, true); $this->assertFalse(array_key_exists($this->group->group_acl, $write_access)); // User is a member (can write to container) $this->group->join($this->user); // Member-only group $this->group->setContentAccessMode($membersonly); $write_access = get_write_access_array($this->user->guid, true); $this->assertTrue(array_key_exists($this->group->group_acl, $write_access)); // Unrestricted group $this->group->setContentAccessMode($unrestricted); $write_access = get_write_access_array($this->user->guid, true); $this->assertTrue(array_key_exists($this->group->group_acl, $write_access)); elgg_set_ignore_access($ia); $this->group->leave($this->user); $original_page_owner_guid = elgg_instanceof($original_page_owner) ? $original_page_owner->guid : 0; elgg_set_page_owner_guid($original_page_owner_guid); }
static function getSite($a, $args, $c) { $site = elgg_get_site_entity(); $accessIds = []; foreach (get_write_access_array() as $id => $description) { $accessIds[] = ["id" => $id, "description" => $description]; } return ["guid" => $site->guid, "title" => $site->title, "menu" => [["guid" => "menu:" . 1, "title" => "Blog", "link" => "/blog", "js" => true], ["guid" => "menu:" . 2, "title" => "Nieuws", "link" => "/news", "js" => true], ["guid" => "menu:" . 3, "title" => "Forum", "link" => "/forum", "js" => true]], "accessIds" => $accessIds, "defaultAccessId" => get_default_access()]; }
function hypefaker_add_page($owner, $container, $parent = null) { $locale = elgg_get_plugin_setting('locale', 'hypeFaker', 'en_US'); $faker = Factory::create($locale); $access_array = get_write_access_array($owner->guid); $access_id = array_rand($access_array, 1); $write_access_array = get_write_access_array($owner->guid); unset($write_access_array[ACCESS_PUBLIC]); $write_access_id = array_rand($write_access_array, 1); $page = new ElggObject(); $page->subtype = $parent ? 'page' : 'page_top'; $page->owner_guid = $owner->guid; $page->container_guid = $container->guid; $page->title = $faker->sentence(6); $page->description = $faker->text(500); $page->tags = $faker->words(5); $page->access_id = $access_id; $page->write_access_id = $write_access_id; $page->__faker = true; if ($parent) { $page->parent_guid = $parent->guid; } if ($page->save()) { $page->annotate('page', $page->description, $page->access_id, $page->owner_guid); elgg_create_river_item(array('view' => 'river/object/page/create', 'action_type' => 'create', 'subject_guid' => $page->owner_guid, 'object_guid' => $page->getGUID())); // add some revisions $users = elgg_get_entities_from_metadata(array('types' => 'user', 'limit' => rand(1, 10), 'order_by' => 'RAND()', 'metadata_names' => '__faker')); foreach ($users as $user) { if ($page->canAnnotate($user->guid, 'page')) { $last_revision = $faker->text(500); $page->annotate('page', $last_annotation, $page->access_id, $user->guid); } } if (!empty($last_revision)) { $page->description = $last_revision; $page->save(); } return $page; } return false; }
/** * Can the user change this access collection? * * Use the plugin hook of 'access:collections:write', 'user' to change this. * @see get_write_access_array() for details on the hook. * * Respects access control disabling for admin users and {@link elgg_set_ignore_access()} * * @see get_write_access_array() * * @param int $collection_id The collection id * @param mixed $user_guid The user GUID to check for. Defaults to logged in user. * @return bool */ function canEdit($collection_id, $user_guid = null) { if ($user_guid) { $user = _elgg_services()->entityTable->get((int) $user_guid); } else { $user = _elgg_services()->session->getLoggedInUser(); } $collection = get_access_collection($collection_id); if (!$user instanceof \ElggUser || !$collection) { return false; } $write_access = get_write_access_array($user->getGUID(), 0, true); // don't ignore access when checking users. if ($user_guid) { return array_key_exists($collection_id, $write_access); } else { return elgg_get_ignore_access() || array_key_exists($collection_id, $write_access); } }
/** * Return a humanreadable version of an entity's access level * * @param $entity_accessid (int) The entity's access id * @return string e.g. Public, Private etc **/ function get_readable_access_level($entity_accessid) { $access = (int) $entity_accessid; //get the access level for object in readable string $options = get_write_access_array(); foreach ($options as $key => $option) { if ($key == $access) { $entity_acl = htmlentities($option, ENT_QUOTES, 'UTF-8'); return $entity_acl; break; } } return false; }
use Faker as F; set_time_limit(0); $success = $error = 0; $count = (int) get_input('count'); $faker = F\Factory::create(LOCALE); for ($i = 0; $i < $count; $i++) { $users = elgg_get_entities_from_metadata(array('types' => 'user', 'limit' => 1, 'order_by' => 'RAND()', 'metadata_names' => '__faker')); $owner = $users[0]; $containers = array($owner); $groups = $owner->getGroups(array(), 100); if ($groups) { $containers = array_merge($containers, $groups); } foreach ($containers as $container) { elgg_set_page_owner_guid($container->guid); $access_array = get_write_access_array($owner->guid); $access_id = array_rand($access_array, 1); $bookmark = new ElggObject(); $bookmark->subtype = 'bookmarks'; $bookmark->owner_guid = $owner->guid; $bookmark->container_guid = $container->guid; $bookmark->title = $faker->sentence(6); $bookmark->description = $faker->text(500); $bookmark->tags = $faker->words(5); $bookmark->address = $faker->url; $bookmark->access_id = $access_id; $bookmark->__faker = true; if ($bookmark->save()) { $success++; elgg_create_river_item(array('view' => 'river/object/bookmarks/create', 'action_type' => 'create', 'subject_guid' => $owner->guid, 'object_guid' => $bookmark->getGUID())); } else {
/** * Elgg access level input * Displays a dropdown input field * * @uses $vars['value'] The current value, if any * @uses $vars['options_values'] Array of value => label pairs (overrides default) * @uses $vars['name'] The name of the input field * @uses $vars['entity'] Optional. The entity for this access control (uses access_id) * @uses $vars['class'] Additional CSS class */ if (isset($vars['class'])) { $vars['class'] = "elgg-input-access {$vars['class']}"; } else { $vars['class'] = "elgg-input-access"; } $defaults = array('disabled' => false, 'value' => get_default_access(), 'options_values' => get_write_access_array()); /* @var ElggEntity $entity */ $entity = elgg_extract('entity', $vars); unset($vars['entity']); // should we tell users that public/logged-in access levels will be ignored? $container = elgg_get_page_owner_entity(); if ($container instanceof ElggGroup && $container->getContentAccessMode() === ElggGroup::CONTENT_ACCESS_MODE_MEMBERS_ONLY && !elgg_in_context('group-edit') && !($entity && $entity instanceof ElggGroup)) { $show_override_notice = true; } else { $show_override_notice = false; } if ($entity) { $defaults['value'] = $entity->access_id; } $vars = array_merge($defaults, $vars); if ($vars['value'] == ACCESS_DEFAULT) {
<?php $entity = elgg_extract('entity', $vars); $user = elgg_get_page_owner_entity(); echo '<div>'; echo '<label>' . elgg_echo('wall:usersettings:river_access_id') . '</label>'; echo '<div class="elgg-text-help">' . elgg_echo('wall:usersettings:river_access_id:help') . '</div>'; $user_write_access = get_write_access_array(); unset($user_write_access[ACCESS_PUBLIC]); unset($user_write_access[ACCESS_LOGGED_IN]); echo elgg_view('input/access', array('name' => 'params[river_access_id]', 'value' => elgg_get_plugin_user_setting('river_access_id', $user->guid, 'hypeWall'), 'options_values' => $user_write_access)); echo '</div>'; if (hypeWall()->config->third_party_wall) { echo '<div>'; echo '<label>' . elgg_echo('wall:usersettings:third_party_wall') . '</label>'; echo elgg_view('input/access', array('name' => 'params[third_party_wall]', 'value' => elgg_get_plugin_user_setting('third_party_wall', $user->guid, 'hypeWall'), 'options_values' => array(0 => elgg_echo('option:no'), 1 => elgg_echo('option:yes')))); echo '</div>'; }
/** * Return the name of an ACCESS_* constant or an access collection, * but only if the logged in user has write access to it. * Write access requirement prevents us from exposing names of access collections * that current user has been added to by other members and may contain * sensitive classification of the current user (e.g. close friends vs acquaintances). * * Returns a string in the language of the user for global access levels, e.g.'Public, 'Friends', 'Logged in', 'Public'; * or a name of the owned access collection, e.g. 'My work colleagues'; * or a name of the group or other access collection, e.g. 'Group: Elgg technical support'; * or 'Limited' if the user access is restricted to read-only, e.g. a friends collection the user was added to * * @uses get_write_access_array() * * @param int $entity_access_id The entity's access id * @return string * @since 1.7.0 */ function get_readable_access_level($entity_access_id) { $access = (int) $entity_access_id; // Check if entity access id is a defined global constant $access_array = array(ACCESS_PRIVATE => elgg_echo("PRIVATE"), ACCESS_FRIENDS => elgg_echo("access:friends:label"), ACCESS_LOGGED_IN => elgg_echo("LOGGED_IN"), ACCESS_PUBLIC => elgg_echo("PUBLIC")); if (array_key_exists($access, $access_array)) { return $access_array[$access]; } // Entity access id is a custom access collection // Check if the user has write access to it and can see it's label $write_access_array = get_write_access_array(); if (array_key_exists($access, $write_access_array)) { return $write_access_array[$access]; } // return 'Limited' if the user does not have access to the access collection return elgg_echo('access:limited:label'); }
$hidden = ' hidden'; $set_custom = false; if ($acl) { $ga = elgg_get_entities_from_metadata(array('type' => 'object', 'subtype' => 'granular_access', 'metadata_name_value_pairs' => array('name' => 'acl_id', 'value' => $acl->id))); if ($ga) { $granular_access = $ga[0]; } } // determine whether we display this filled out by default // only do this if $granluar_access is valid // AND there's no existing matching option in the dropdown if ($granular_access) { if (is_array($vars['options_values'])) { $options_values = $vars['options_values']; } else { $options_values = get_write_access_array(); } if (array_search($vars['value'], $options_values) === false) { $set_custom = true; } } $name = $vars['name'] ? $vars['name'] : 'access_id'; echo elgg_view('input/hidden', array('name' => 'granular_access_names[]', 'value' => $name)); if ($set_custom) { // this is a granular_access value, so we should show the form by default $hidden = ''; } $default_callback = __NAMESPACE__ . '\\tokeninput_search'; $callback = elgg_trigger_plugin_hook('granular_access', 'search_callback', $vars, $default_callback); ?> <div class="granular-access-wrapper<?php
/** * Removes a user from an access collection * * @param int $user_guid The user GUID * @param int $collection_id The access collection ID * @return true|false Depending on success */ function remove_user_from_access_collection($user_guid, $collection_id) { $collection_id = (int) $collection_id; $user_guid = (int) $user_guid; $collections = get_write_access_array(); if (!($collection = get_access_collection($collection_id))) { return false; } if ((array_key_exists($collection_id, $collections) || $collection->owner_guid == 0) && ($user = get_user($user_guid))) { global $CONFIG; delete_data("delete from {$CONFIG->dbprefix}access_collection_membership where access_collection_id = {$collection_id} and user_guid = {$user_guid}"); return true; } return false; }
<?php elgg_load_css('pleiofile'); elgg_load_js('pleiofile'); $widget = elgg_extract("entity", $vars); $container = $widget->getContainerEntity(); $homeGuid = $widget->folder ? $widget->folder : $container->guid; $data = array('containerGuid' => $container->guid, 'homeGuid' => $homeGuid, 'accessIds' => get_write_access_array(), 'isWidget' => true, 'odt_enabled' => elgg_is_active_plugin('odt_editor') ? true : false, 'limit' => $widget->limit ? $widget->limit : 10); echo "<script> var _appData = " . json_encode($data) . "; </script>"; echo "<div class=\"pleiofile\" data-containerguid=\"" . (int) $container->guid . "\" data-homeguid=\"" . (int) $homeGuid . "\"></div>";
$container = elgg_get_page_owner_entity(); if (!$params['container_guid'] && $container) { $params['container_guid'] = $container->guid; } // don't call get_default_access() unless we need it if (!isset($vars['value']) || $vars['value'] == ACCESS_DEFAULT) { if ($entity) { $vars['value'] = $entity->access_id; } else { $vars['value'] = get_default_access(null, $params); } } $params['value'] = $vars['value']; // don't call get_write_access_array() unless we need it if (!isset($vars['options_values'])) { $vars['options_values'] = get_write_access_array(0, 0, false, $params); } if (!isset($vars['disabled'])) { $vars['disabled'] = false; } // if access is set to a value not present in the available options, add the option if (!isset($vars['options_values'][$vars['value']])) { $acl = get_access_collection($vars['value']); $display = $acl ? $acl->name : elgg_echo('access:missing_name'); $vars['options_values'][$vars['value']] = $display; } // should we tell users that public/logged-in access levels will be ignored? if ($container instanceof ElggGroup && $container->getContentAccessMode() === ElggGroup::CONTENT_ACCESS_MODE_MEMBERS_ONLY && !elgg_in_context('group-edit') && !$entity instanceof ElggGroup) { $show_override_notice = true; } else { $show_override_notice = false;
<?php /** * Elgg access level input * Displays a dropdown input field * * @package Elgg * @subpackage Core * * @uses $vars['value'] The current value, if any * @uses $vars['options_values'] * @uses $vars['name'] The name of the input field */ $defaults = array('class' => 'elgg-input-access', 'disabled' => FALSE, 'value' => get_default_access(), 'options_values' => get_write_access_array()); $vars = array_merge($defaults, $vars); if ($vars['value'] == ACCESS_DEFAULT) { $vars['value'] = get_default_access(); } if (is_array($vars['options_values']) && sizeof($vars['options_values']) > 0) { echo elgg_view('input/dropdown', $vars); }
<?php /** * Write access * * Removes the public option found in input/access * * @uses $vars['value'] The current value, if any * @uses $vars['options_values'] * @uses $vars['name'] The name of the input field * @uses $vars['entity'] Optional. The entity for this access control (uses write_access_id) */ $options = get_write_access_array(); unset($options[ACCESS_PUBLIC]); $defaults = array('class' => 'elgg-input-access', 'disabled' => FALSE, 'value' => get_default_access(), 'options_values' => $options); if (isset($vars['entity'])) { $defaults['value'] = $vars['entity']->write_access_id; unset($vars['entity']); } $vars = array_merge($defaults, $vars); if ($vars['value'] == ACCESS_DEFAULT) { $vars['value'] = get_default_access(); } $vars['value'] = $vars['value'] == ACCESS_PUBLIC ? ACCESS_LOGGED_IN : $vars['value']; echo elgg_view('input/dropdown', $vars);
global $CONFIG; elgg_load_css('pleiofile'); elgg_load_js('pleiofile'); $page_owner = elgg_get_page_owner_entity(); if ($page_owner) { $title_text = elgg_echo("file:user", array($page_owner->name)); } else { $title_text = elgg_echo("file"); } $params = array("title" => $title_text); if ($page_owner instanceof ElggGroup) { $containerGuid = $page_owner->guid; $params['filter'] = false; } elseif ($page_owner instanceof ElggUser) { $containerGuid = $page_owner->guid; if ($page_owner->getGUID() == elgg_get_logged_in_user_guid()) { $params["filter_context"] = "mine"; } else { $params["filter_context"] = $page_owner->username; } } else { $containerGuid = 0; } $data = array('accessIds' => get_write_access_array(), 'isWidget' => false, 'odt_enabled' => elgg_is_active_plugin('odt_editor') ? true : false); $params['content'] = "<script> var _appData = " . json_encode($data) . "; </script>"; $params['content'] .= "<div class=\"pleiofile\" data-containerguid=\"" . (int) $containerGuid . "\" data-homeguid=\"" . (int) $containerGuid . "\"></div>"; if ($page_owner instanceof ElggGroup && elgg_is_active_plugin('search')) { $params['sidebar'] = elgg_view('groups/sidebar/search', array('entity' => $page_owner)); } echo elgg_view_page($title_text, elgg_view_layout("content", $params));
/** * Return the name of an ACCESS_* constant or a access collection, * but only if the user has write access on that ACL. * * @warning This function probably doesn't work how it's meant to. * * @param int $entity_access_id The entity's access id * * @return string 'Public', 'Private', etc. * @since 1.7.0 * @todo I think this probably wants get_access_array() instead of get_write_access_array(), * but those two functions return different types of arrays. */ function get_readable_access_level($entity_access_id) { $access = (int) $entity_access_id; //get the access level for object in readable string $options = get_write_access_array(); if (array_key_exists($access, $options)) { return $options[$access]; } // return 'Limited' if the user does not have access to the access collection return elgg_echo('access:limited:label'); }
case 'summary': echo '<div class="summary">'; echo elgg_trigger_plugin_hook('markdown_wiki_edit', 'summary', $vars['guid'], ''); echo '<label>' . elgg_echo("markdown_wiki:{$name}") . '</label>'; echo elgg_view("input/{$type}", array('name' => $name, 'value' => $vars[$name])); echo elgg_view("input/checkbox", array('name' => 'minorchange')); echo elgg_echo('markdown_wiki:minorchange'); echo '</div>'; break; case 'tags': break; case 'write_access_id': if ($user) { $entity = get_entity($vars['guid']); if (!$vars['guid'] && can_write_to_container($user, $vars['container_guid'], 'object', 'markdown_wiki') || $entity && $entity->canEdit($user_guid)) { $list = get_write_access_array(); $list[0] = elgg_echo('markdown_wiki:access:private'); unset($list[2]); // no public. echo '<div>'; echo '<label>' . elgg_echo("markdown_wiki:{$name}") . '</label><br/>'; echo elgg_view("input/{$type}", array('name' => $name, 'value' => $vars[$name], 'options_values' => $list)); echo '</div>'; } } break; case 'title': echo elgg_view("input/{$type}", array('name' => $name, 'value' => $vars[$name])); break; case 'guid': if ($vars['guid']) {
* @uses $vars['js'] Any Javascript to enter into the input tag * @uses $vars['internalname'] The name of the input field * */ if (isset($vars['class'])) { $class = $vars['class']; } if (!$class) { $class = "input-access"; } if (!array_key_exists('value', $vars) || $vars['value'] == ACCESS_DEFAULT) { $vars['value'] = get_default_access(); } if (!isset($vars['options']) || !is_array($vars['options'])) { $vars['options'] = array(); $vars['options'] = get_write_access_array(); } if (is_array($vars['options']) && sizeof($vars['options']) > 0) { ?> <select name="<?php echo $vars['internalname']; ?> " <?php if (isset($vars['js'])) { echo $vars['js']; } ?> <?php if (isset($vars['disabled']) && $vars['disabled']) { echo ' disabled="yes" ';
/** * Can the user change this access collection? * * Use the plugin hook of 'access:collections:write', 'user' to change this. * @see get_write_access_array() for details on the hook. * * Respects access control disabling for admin users and {@link elgg_set_ignore_access()} * * @see get_write_access_array() * * @param int $collection_id The collection id * @param mixed $user_guid The user GUID to check for. Defaults to logged in user. * @return bool */ function canEdit($collection_id, $user_guid = null) { try { $user = _elgg_services()->entityTable->getUserForPermissionsCheck($user_guid); } catch (UserFetchFailureException $e) { return false; } $collection = get_access_collection($collection_id); if (!$user || !$collection) { return false; } $write_access = get_write_access_array($user->guid, 0, true); // don't ignore access when checking users. if ($user_guid) { return array_key_exists($collection_id, $write_access); } else { return elgg_get_ignore_access() || array_key_exists($collection_id, $write_access); } }