/**
* https://github.com/Elgg/Elgg/pull/6393
* Hook handlers for 'access:collections:write','all' hook should respect
* group's content access mode and container write permissions
*/
public function testWriteAccessArray()
{
$membersonly = ElggGroup::CONTENT_ACCESS_MODE_MEMBERS_ONLY;
$unrestricted = ElggGroup::CONTENT_ACCESS_MODE_UNRESTRICTED;
$original_page_owner = elgg_get_page_owner_entity();
elgg_set_page_owner_guid($this->group->guid);
$ia = elgg_set_ignore_access(false);
// User is not a member of the group
// Member-only group
$this->group->setContentAccessMode($membersonly);
$write_access = get_write_access_array($this->user->guid, true);
$this->assertFalse(array_key_exists($this->group->group_acl, $write_access));
// Unrestricted group
$this->group->setContentAccessMode($unrestricted);
$write_access = get_write_access_array($this->user->guid, true);
$this->assertFalse(array_key_exists($this->group->group_acl, $write_access));
// User is a member (can write to container)
$this->group->join($this->user);
// Member-only group
$this->group->setContentAccessMode($membersonly);
$write_access = get_write_access_array($this->user->guid, true);
$this->assertTrue(array_key_exists($this->group->group_acl, $write_access));
// Unrestricted group
$this->group->setContentAccessMode($unrestricted);
$write_access = get_write_access_array($this->user->guid, true);
$this->assertTrue(array_key_exists($this->group->group_acl, $write_access));
elgg_set_ignore_access($ia);
$this->group->leave($this->user);
$original_page_owner_guid = elgg_instanceof($original_page_owner) ? $original_page_owner->guid : 0;
elgg_set_page_owner_guid($original_page_owner_guid);
}
static function getSite($a, $args, $c)
{
$site = elgg_get_site_entity();
$accessIds = [];
foreach (get_write_access_array() as $id => $description) {
$accessIds[] = ["id" => $id, "description" => $description];
}
return ["guid" => $site->guid, "title" => $site->title, "menu" => [["guid" => "menu:" . 1, "title" => "Blog", "link" => "/blog", "js" => true], ["guid" => "menu:" . 2, "title" => "Nieuws", "link" => "/news", "js" => true], ["guid" => "menu:" . 3, "title" => "Forum", "link" => "/forum", "js" => true]], "accessIds" => $accessIds, "defaultAccessId" => get_default_access()];
}
function hypefaker_add_page($owner, $container, $parent = null)
{
$locale = elgg_get_plugin_setting('locale', 'hypeFaker', 'en_US');
$faker = Factory::create($locale);
$access_array = get_write_access_array($owner->guid);
$access_id = array_rand($access_array, 1);
$write_access_array = get_write_access_array($owner->guid);
unset($write_access_array[ACCESS_PUBLIC]);
$write_access_id = array_rand($write_access_array, 1);
$page = new ElggObject();
$page->subtype = $parent ? 'page' : 'page_top';
$page->owner_guid = $owner->guid;
$page->container_guid = $container->guid;
$page->title = $faker->sentence(6);
$page->description = $faker->text(500);
$page->tags = $faker->words(5);
$page->access_id = $access_id;
$page->write_access_id = $write_access_id;
$page->__faker = true;
if ($parent) {
$page->parent_guid = $parent->guid;
}
if ($page->save()) {
$page->annotate('page', $page->description, $page->access_id, $page->owner_guid);
elgg_create_river_item(array('view' => 'river/object/page/create', 'action_type' => 'create', 'subject_guid' => $page->owner_guid, 'object_guid' => $page->getGUID()));
// add some revisions
$users = elgg_get_entities_from_metadata(array('types' => 'user', 'limit' => rand(1, 10), 'order_by' => 'RAND()', 'metadata_names' => '__faker'));
foreach ($users as $user) {
if ($page->canAnnotate($user->guid, 'page')) {
$last_revision = $faker->text(500);
$page->annotate('page', $last_annotation, $page->access_id, $user->guid);
}
}
if (!empty($last_revision)) {
$page->description = $last_revision;
$page->save();
}
return $page;
}
return false;
}
/**
* Can the user change this access collection?
*
* Use the plugin hook of 'access:collections:write', 'user' to change this.
* @see get_write_access_array() for details on the hook.
*
* Respects access control disabling for admin users and {@link elgg_set_ignore_access()}
*
* @see get_write_access_array()
*
* @param int $collection_id The collection id
* @param mixed $user_guid The user GUID to check for. Defaults to logged in user.
* @return bool
*/
function canEdit($collection_id, $user_guid = null)
{
if ($user_guid) {
$user = _elgg_services()->entityTable->get((int) $user_guid);
} else {
$user = _elgg_services()->session->getLoggedInUser();
}
$collection = get_access_collection($collection_id);
if (!$user instanceof \ElggUser || !$collection) {
return false;
}
$write_access = get_write_access_array($user->getGUID(), 0, true);
// don't ignore access when checking users.
if ($user_guid) {
return array_key_exists($collection_id, $write_access);
} else {
return elgg_get_ignore_access() || array_key_exists($collection_id, $write_access);
}
}
/**
* Return a humanreadable version of an entity's access level
*
* @param $entity_accessid (int) The entity's access id
* @return string e.g. Public, Private etc
**/
function get_readable_access_level($entity_accessid)
{
$access = (int) $entity_accessid;
//get the access level for object in readable string
$options = get_write_access_array();
foreach ($options as $key => $option) {
if ($key == $access) {
$entity_acl = htmlentities($option, ENT_QUOTES, 'UTF-8');
return $entity_acl;
break;
}
}
return false;
}
use Faker as F;
set_time_limit(0);
$success = $error = 0;
$count = (int) get_input('count');
$faker = F\Factory::create(LOCALE);
for ($i = 0; $i < $count; $i++) {
$users = elgg_get_entities_from_metadata(array('types' => 'user', 'limit' => 1, 'order_by' => 'RAND()', 'metadata_names' => '__faker'));
$owner = $users[0];
$containers = array($owner);
$groups = $owner->getGroups(array(), 100);
if ($groups) {
$containers = array_merge($containers, $groups);
}
foreach ($containers as $container) {
elgg_set_page_owner_guid($container->guid);
$access_array = get_write_access_array($owner->guid);
$access_id = array_rand($access_array, 1);
$bookmark = new ElggObject();
$bookmark->subtype = 'bookmarks';
$bookmark->owner_guid = $owner->guid;
$bookmark->container_guid = $container->guid;
$bookmark->title = $faker->sentence(6);
$bookmark->description = $faker->text(500);
$bookmark->tags = $faker->words(5);
$bookmark->address = $faker->url;
$bookmark->access_id = $access_id;
$bookmark->__faker = true;
if ($bookmark->save()) {
$success++;
elgg_create_river_item(array('view' => 'river/object/bookmarks/create', 'action_type' => 'create', 'subject_guid' => $owner->guid, 'object_guid' => $bookmark->getGUID()));
} else {
/**
* Elgg access level input
* Displays a dropdown input field
*
* @uses $vars['value'] The current value, if any
* @uses $vars['options_values'] Array of value => label pairs (overrides default)
* @uses $vars['name'] The name of the input field
* @uses $vars['entity'] Optional. The entity for this access control (uses access_id)
* @uses $vars['class'] Additional CSS class
*/
if (isset($vars['class'])) {
$vars['class'] = "elgg-input-access {$vars['class']}";
} else {
$vars['class'] = "elgg-input-access";
}
$defaults = array('disabled' => false, 'value' => get_default_access(), 'options_values' => get_write_access_array());
/* @var ElggEntity $entity */
$entity = elgg_extract('entity', $vars);
unset($vars['entity']);
// should we tell users that public/logged-in access levels will be ignored?
$container = elgg_get_page_owner_entity();
if ($container instanceof ElggGroup && $container->getContentAccessMode() === ElggGroup::CONTENT_ACCESS_MODE_MEMBERS_ONLY && !elgg_in_context('group-edit') && !($entity && $entity instanceof ElggGroup)) {
$show_override_notice = true;
} else {
$show_override_notice = false;
}
if ($entity) {
$defaults['value'] = $entity->access_id;
}
$vars = array_merge($defaults, $vars);
if ($vars['value'] == ACCESS_DEFAULT) {
<?php
$entity = elgg_extract('entity', $vars);
$user = elgg_get_page_owner_entity();
echo '<div>';
echo '<label>' . elgg_echo('wall:usersettings:river_access_id') . '</label>';
echo '<div class="elgg-text-help">' . elgg_echo('wall:usersettings:river_access_id:help') . '</div>';
$user_write_access = get_write_access_array();
unset($user_write_access[ACCESS_PUBLIC]);
unset($user_write_access[ACCESS_LOGGED_IN]);
echo elgg_view('input/access', array('name' => 'params[river_access_id]', 'value' => elgg_get_plugin_user_setting('river_access_id', $user->guid, 'hypeWall'), 'options_values' => $user_write_access));
echo '</div>';
if (hypeWall()->config->third_party_wall) {
echo '<div>';
echo '<label>' . elgg_echo('wall:usersettings:third_party_wall') . '</label>';
echo elgg_view('input/access', array('name' => 'params[third_party_wall]', 'value' => elgg_get_plugin_user_setting('third_party_wall', $user->guid, 'hypeWall'), 'options_values' => array(0 => elgg_echo('option:no'), 1 => elgg_echo('option:yes'))));
echo '</div>';
}
/**
* Return the name of an ACCESS_* constant or an access collection,
* but only if the logged in user has write access to it.
* Write access requirement prevents us from exposing names of access collections
* that current user has been added to by other members and may contain
* sensitive classification of the current user (e.g. close friends vs acquaintances).
*
* Returns a string in the language of the user for global access levels, e.g.'Public, 'Friends', 'Logged in', 'Public';
* or a name of the owned access collection, e.g. 'My work colleagues';
* or a name of the group or other access collection, e.g. 'Group: Elgg technical support';
* or 'Limited' if the user access is restricted to read-only, e.g. a friends collection the user was added to
*
* @uses get_write_access_array()
*
* @param int $entity_access_id The entity's access id
* @return string
* @since 1.7.0
*/
function get_readable_access_level($entity_access_id)
{
$access = (int) $entity_access_id;
// Check if entity access id is a defined global constant
$access_array = array(ACCESS_PRIVATE => elgg_echo("PRIVATE"), ACCESS_FRIENDS => elgg_echo("access:friends:label"), ACCESS_LOGGED_IN => elgg_echo("LOGGED_IN"), ACCESS_PUBLIC => elgg_echo("PUBLIC"));
if (array_key_exists($access, $access_array)) {
return $access_array[$access];
}
// Entity access id is a custom access collection
// Check if the user has write access to it and can see it's label
$write_access_array = get_write_access_array();
if (array_key_exists($access, $write_access_array)) {
return $write_access_array[$access];
}
// return 'Limited' if the user does not have access to the access collection
return elgg_echo('access:limited:label');
}
$hidden = ' hidden';
$set_custom = false;
if ($acl) {
$ga = elgg_get_entities_from_metadata(array('type' => 'object', 'subtype' => 'granular_access', 'metadata_name_value_pairs' => array('name' => 'acl_id', 'value' => $acl->id)));
if ($ga) {
$granular_access = $ga[0];
}
}
// determine whether we display this filled out by default
// only do this if $granluar_access is valid
// AND there's no existing matching option in the dropdown
if ($granular_access) {
if (is_array($vars['options_values'])) {
$options_values = $vars['options_values'];
} else {
$options_values = get_write_access_array();
}
if (array_search($vars['value'], $options_values) === false) {
$set_custom = true;
}
}
$name = $vars['name'] ? $vars['name'] : 'access_id';
echo elgg_view('input/hidden', array('name' => 'granular_access_names[]', 'value' => $name));
if ($set_custom) {
// this is a granular_access value, so we should show the form by default
$hidden = '';
}
$default_callback = __NAMESPACE__ . '\\tokeninput_search';
$callback = elgg_trigger_plugin_hook('granular_access', 'search_callback', $vars, $default_callback);
?>
<div class="granular-access-wrapper<?php
/**
* Removes a user from an access collection
*
* @param int $user_guid The user GUID
* @param int $collection_id The access collection ID
* @return true|false Depending on success
*/
function remove_user_from_access_collection($user_guid, $collection_id)
{
$collection_id = (int) $collection_id;
$user_guid = (int) $user_guid;
$collections = get_write_access_array();
if (!($collection = get_access_collection($collection_id))) {
return false;
}
if ((array_key_exists($collection_id, $collections) || $collection->owner_guid == 0) && ($user = get_user($user_guid))) {
global $CONFIG;
delete_data("delete from {$CONFIG->dbprefix}access_collection_membership where access_collection_id = {$collection_id} and user_guid = {$user_guid}");
return true;
}
return false;
}
<?php
elgg_load_css('pleiofile');
elgg_load_js('pleiofile');
$widget = elgg_extract("entity", $vars);
$container = $widget->getContainerEntity();
$homeGuid = $widget->folder ? $widget->folder : $container->guid;
$data = array('containerGuid' => $container->guid, 'homeGuid' => $homeGuid, 'accessIds' => get_write_access_array(), 'isWidget' => true, 'odt_enabled' => elgg_is_active_plugin('odt_editor') ? true : false, 'limit' => $widget->limit ? $widget->limit : 10);
echo "<script> var _appData = " . json_encode($data) . "; </script>";
echo "<div class=\"pleiofile\" data-containerguid=\"" . (int) $container->guid . "\" data-homeguid=\"" . (int) $homeGuid . "\"></div>";
$container = elgg_get_page_owner_entity();
if (!$params['container_guid'] && $container) {
$params['container_guid'] = $container->guid;
}
// don't call get_default_access() unless we need it
if (!isset($vars['value']) || $vars['value'] == ACCESS_DEFAULT) {
if ($entity) {
$vars['value'] = $entity->access_id;
} else {
$vars['value'] = get_default_access(null, $params);
}
}
$params['value'] = $vars['value'];
// don't call get_write_access_array() unless we need it
if (!isset($vars['options_values'])) {
$vars['options_values'] = get_write_access_array(0, 0, false, $params);
}
if (!isset($vars['disabled'])) {
$vars['disabled'] = false;
}
// if access is set to a value not present in the available options, add the option
if (!isset($vars['options_values'][$vars['value']])) {
$acl = get_access_collection($vars['value']);
$display = $acl ? $acl->name : elgg_echo('access:missing_name');
$vars['options_values'][$vars['value']] = $display;
}
// should we tell users that public/logged-in access levels will be ignored?
if ($container instanceof ElggGroup && $container->getContentAccessMode() === ElggGroup::CONTENT_ACCESS_MODE_MEMBERS_ONLY && !elgg_in_context('group-edit') && !$entity instanceof ElggGroup) {
$show_override_notice = true;
} else {
$show_override_notice = false;
<?php
/**
* Elgg access level input
* Displays a dropdown input field
*
* @package Elgg
* @subpackage Core
*
* @uses $vars['value'] The current value, if any
* @uses $vars['options_values']
* @uses $vars['name'] The name of the input field
*/
$defaults = array('class' => 'elgg-input-access', 'disabled' => FALSE, 'value' => get_default_access(), 'options_values' => get_write_access_array());
$vars = array_merge($defaults, $vars);
if ($vars['value'] == ACCESS_DEFAULT) {
$vars['value'] = get_default_access();
}
if (is_array($vars['options_values']) && sizeof($vars['options_values']) > 0) {
echo elgg_view('input/dropdown', $vars);
}
<?php
/**
* Write access
*
* Removes the public option found in input/access
*
* @uses $vars['value'] The current value, if any
* @uses $vars['options_values']
* @uses $vars['name'] The name of the input field
* @uses $vars['entity'] Optional. The entity for this access control (uses write_access_id)
*/
$options = get_write_access_array();
unset($options[ACCESS_PUBLIC]);
$defaults = array('class' => 'elgg-input-access', 'disabled' => FALSE, 'value' => get_default_access(), 'options_values' => $options);
if (isset($vars['entity'])) {
$defaults['value'] = $vars['entity']->write_access_id;
unset($vars['entity']);
}
$vars = array_merge($defaults, $vars);
if ($vars['value'] == ACCESS_DEFAULT) {
$vars['value'] = get_default_access();
}
$vars['value'] = $vars['value'] == ACCESS_PUBLIC ? ACCESS_LOGGED_IN : $vars['value'];
echo elgg_view('input/dropdown', $vars);
global $CONFIG;
elgg_load_css('pleiofile');
elgg_load_js('pleiofile');
$page_owner = elgg_get_page_owner_entity();
if ($page_owner) {
$title_text = elgg_echo("file:user", array($page_owner->name));
} else {
$title_text = elgg_echo("file");
}
$params = array("title" => $title_text);
if ($page_owner instanceof ElggGroup) {
$containerGuid = $page_owner->guid;
$params['filter'] = false;
} elseif ($page_owner instanceof ElggUser) {
$containerGuid = $page_owner->guid;
if ($page_owner->getGUID() == elgg_get_logged_in_user_guid()) {
$params["filter_context"] = "mine";
} else {
$params["filter_context"] = $page_owner->username;
}
} else {
$containerGuid = 0;
}
$data = array('accessIds' => get_write_access_array(), 'isWidget' => false, 'odt_enabled' => elgg_is_active_plugin('odt_editor') ? true : false);
$params['content'] = "<script> var _appData = " . json_encode($data) . "; </script>";
$params['content'] .= "<div class=\"pleiofile\" data-containerguid=\"" . (int) $containerGuid . "\" data-homeguid=\"" . (int) $containerGuid . "\"></div>";
if ($page_owner instanceof ElggGroup && elgg_is_active_plugin('search')) {
$params['sidebar'] = elgg_view('groups/sidebar/search', array('entity' => $page_owner));
}
echo elgg_view_page($title_text, elgg_view_layout("content", $params));
/**
* Return the name of an ACCESS_* constant or a access collection,
* but only if the user has write access on that ACL.
*
* @warning This function probably doesn't work how it's meant to.
*
* @param int $entity_access_id The entity's access id
*
* @return string 'Public', 'Private', etc.
* @since 1.7.0
* @todo I think this probably wants get_access_array() instead of get_write_access_array(),
* but those two functions return different types of arrays.
*/
function get_readable_access_level($entity_access_id)
{
$access = (int) $entity_access_id;
//get the access level for object in readable string
$options = get_write_access_array();
if (array_key_exists($access, $options)) {
return $options[$access];
}
// return 'Limited' if the user does not have access to the access collection
return elgg_echo('access:limited:label');
}
case 'summary':
echo '<div class="summary">';
echo elgg_trigger_plugin_hook('markdown_wiki_edit', 'summary', $vars['guid'], '');
echo '<label>' . elgg_echo("markdown_wiki:{$name}") . '</label>';
echo elgg_view("input/{$type}", array('name' => $name, 'value' => $vars[$name]));
echo elgg_view("input/checkbox", array('name' => 'minorchange'));
echo elgg_echo('markdown_wiki:minorchange');
echo '</div>';
break;
case 'tags':
break;
case 'write_access_id':
if ($user) {
$entity = get_entity($vars['guid']);
if (!$vars['guid'] && can_write_to_container($user, $vars['container_guid'], 'object', 'markdown_wiki') || $entity && $entity->canEdit($user_guid)) {
$list = get_write_access_array();
$list[0] = elgg_echo('markdown_wiki:access:private');
unset($list[2]);
// no public.
echo '<div>';
echo '<label>' . elgg_echo("markdown_wiki:{$name}") . '</label><br/>';
echo elgg_view("input/{$type}", array('name' => $name, 'value' => $vars[$name], 'options_values' => $list));
echo '</div>';
}
}
break;
case 'title':
echo elgg_view("input/{$type}", array('name' => $name, 'value' => $vars[$name]));
break;
case 'guid':
if ($vars['guid']) {
* @uses $vars['js'] Any Javascript to enter into the input tag
* @uses $vars['internalname'] The name of the input field
*
*/
if (isset($vars['class'])) {
$class = $vars['class'];
}
if (!$class) {
$class = "input-access";
}
if (!array_key_exists('value', $vars) || $vars['value'] == ACCESS_DEFAULT) {
$vars['value'] = get_default_access();
}
if (!isset($vars['options']) || !is_array($vars['options'])) {
$vars['options'] = array();
$vars['options'] = get_write_access_array();
}
if (is_array($vars['options']) && sizeof($vars['options']) > 0) {
?>
<select name="<?php
echo $vars['internalname'];
?>
" <?php
if (isset($vars['js'])) {
echo $vars['js'];
}
?>
<?php
if (isset($vars['disabled']) && $vars['disabled']) {
echo ' disabled="yes" ';
/**
* Can the user change this access collection?
*
* Use the plugin hook of 'access:collections:write', 'user' to change this.
* @see get_write_access_array() for details on the hook.
*
* Respects access control disabling for admin users and {@link elgg_set_ignore_access()}
*
* @see get_write_access_array()
*
* @param int $collection_id The collection id
* @param mixed $user_guid The user GUID to check for. Defaults to logged in user.
* @return bool
*/
function canEdit($collection_id, $user_guid = null)
{
try {
$user = _elgg_services()->entityTable->getUserForPermissionsCheck($user_guid);
} catch (UserFetchFailureException $e) {
return false;
}
$collection = get_access_collection($collection_id);
if (!$user || !$collection) {
return false;
}
$write_access = get_write_access_array($user->guid, 0, true);
// don't ignore access when checking users.
if ($user_guid) {
return array_key_exists($collection_id, $write_access);
} else {
return elgg_get_ignore_access() || array_key_exists($collection_id, $write_access);
}
}
