/**
* {@inheritdoc}
*/
public function handle(ElggEntity $entity)
{
$value = get_input($this->getShortname());
$value = strip_tags($value);
// update access collection name if group name changes
if ($entity->guid && $value != $entity->name) {
$entity_name = html_entity_decode($value, ENT_QUOTES, 'UTF-8');
$ac_name = sanitize_string(elgg_echo('groups:group') . ": " . $entity_name);
$acl = get_access_collection($entity->group_acl);
if ($acl) {
$db_prefix = elgg_get_config('dbprefix');
$query = "UPDATE {$db_prefix}access_collections SET name = '{$ac_name}'\n\t\t\t\tWHERE id = {$entity->group_acl}";
update_data($query);
}
}
$entity->name = $value;
return $entity;
}
/**
* add in our own page in the friends/collections URI
*
* @param type $hook
* @param type $type
* @param type $return
* @param type $params
* @return boolean
*/
function friend_collection_message_router($hook, $type, $return, $params)
{
if (!($return['segments'][0] == 'collections' && $return['segments'][1] == 'message')) {
return $return;
}
$id = $return['segments'][2];
$collection = get_access_collection($id);
$owner = get_user($collection->owner_guid);
$can_message = elgg_trigger_plugin_hook('can_message', 'collection', array('collection_id' => $id), true);
if (!$collection || !$owner || !$owner->canEdit() || !$can_message) {
return $return;
}
$step = get_input('step', 1);
// if we don't havea subject/message we will force step 1
$subject = get_input('subject');
$message = get_input('message');
if (!$subject || !$message) {
$step = 1;
}
$title = elgg_echo('friend_collection_message:title', array($collection->name));
$collections_link = elgg_normalize_url('collections/' . $owner->username);
elgg_push_breadcrumb(elgg_echo('friends:collections'), $collections_link);
elgg_push_breadcrumb($title);
switch ($step) {
case 2:
$action = 'action/friend_collection_message/send';
$content = elgg_view_form('friend_collection_message/send', array('action' => $action), array('collection' => $collection));
break;
default:
$action = elgg_http_remove_url_query_element(current_page_url(), 'step');
$action = elgg_http_add_url_query_elements($action, array('step' => 2));
$content = elgg_view_form('friend_collection_message/compose', array('action' => $action), array('collection' => $collection));
break;
}
$layout = elgg_view_layout('content', array('title' => $title, 'content' => $content, 'filter' => false));
echo elgg_view_page($title, $layout);
return false;
}
<?php
namespace GranularAccess;
elgg_require_js('granular_access');
// check to see if the current value is a granular access
$acl = get_access_collection($vars['value']);
$granular_access = false;
$hidden = ' hidden';
$set_custom = false;
if ($acl) {
$ga = elgg_get_entities_from_metadata(array('type' => 'object', 'subtype' => 'granular_access', 'metadata_name_value_pairs' => array('name' => 'acl_id', 'value' => $acl->id)));
if ($ga) {
$granular_access = $ga[0];
}
}
// determine whether we display this filled out by default
// only do this if $granluar_access is valid
// AND there's no existing matching option in the dropdown
if ($granular_access) {
if (is_array($vars['options_values'])) {
$options_values = $vars['options_values'];
} else {
$options_values = get_write_access_array();
}
if (array_search($vars['value'], $options_values) === false) {
$set_custom = true;
}
}
$name = $vars['name'] ? $vars['name'] : 'access_id';
echo elgg_view('input/hidden', array('name' => 'granular_access_names[]', 'value' => $name));
/**
* Update notifications for changes in access collection membership.
*
* This function assumes that only friends can belong to access collections.
*
* @param string $event
* @param string $object_type
* @param bool $returnvalue
* @param array $params
*/
function notifications_update_collection_notify($event, $object_type, $returnvalue, $params)
{
global $NOTIFICATION_HANDLERS;
// only update notifications for user owned collections
$collection_id = $params['collection_id'];
$collection = get_access_collection($collection_id);
$user = get_entity($collection->owner_guid);
if (!$user instanceof ElggUser) {
return $returnvalue;
}
$member_guid = $params['user_guid'];
// loop through all notification types
foreach ($NOTIFICATION_HANDLERS as $method => $foo) {
$metaname = 'collections_notifications_preferences_' . $method;
$collections_preferences = $user->{$metaname};
if (!$collections_preferences) {
continue;
}
if (!is_array($collections_preferences)) {
$collections_preferences = array($collections_preferences);
}
if (in_array(-1, $collections_preferences)) {
// if "all friends" notify is on, we don't change any notifications
// since must be a friend to be in an access collection
continue;
}
if (in_array($collection_id, $collections_preferences)) {
// notifications are on for this collection so we add/remove
if ($event == 'access:collections:add_user') {
add_entity_relationship($user->guid, "notify{$method}", $member_guid);
} elseif ($event == 'access:collections:remove_user') {
// removing someone from an access collection is not a guarantee
// that they should be removed from notifications
//remove_entity_relationship($user->guid, "notify$method", $member_guid);
}
}
}
}
/**
* Removes a user from an access collection.
*
* Triggers the 'access:collections:remove_user', 'collection' plugin hook.
*
* @param int $user_guid The user GUID
* @param int $collection_id The access collection ID
*
* @return bool
* @see update_access_collection()
* @see remove_user_from_access_collection()
* @link http://docs.elgg.org/Access/Collections
*/
function remove_user_from_access_collection($user_guid, $collection_id)
{
global $CONFIG;
$collection_id = (int) $collection_id;
$user_guid = (int) $user_guid;
$user = get_user($user_guid);
$collection = get_access_collection($collection_id);
if (!$user instanceof Elgguser || !$collection) {
return false;
}
$params = array('collection_id' => $collection_id, 'user_guid' => $user_guid);
if (!elgg_trigger_plugin_hook('access:collections:remove_user', 'collection', $params, true)) {
return false;
}
$q = "DELETE FROM {$CONFIG->dbprefix}access_collection_membership\n\t\tWHERE access_collection_id = {$collection_id}\n\t\t\tAND user_guid = {$user_guid}";
return (bool) delete_data($q);
}
/**
* Can the user change this access collection?
*
* Use the plugin hook of 'access:collections:write', 'user' to change this.
* @see get_write_access_array() for details on the hook.
*
* Respects access control disabling for admin users and {@link elgg_set_ignore_access()}
*
* @see get_write_access_array()
*
* @param int $collection_id The collection id
* @param mixed $user_guid The user GUID to check for. Defaults to logged in user.
* @return bool
*/
function canEdit($collection_id, $user_guid = null)
{
if ($user_guid) {
$user = _elgg_services()->entityTable->get((int) $user_guid);
} else {
$user = _elgg_services()->session->getLoggedInUser();
}
$collection = get_access_collection($collection_id);
if (!$user instanceof \ElggUser || !$collection) {
return false;
}
$write_access = get_write_access_array($user->getGUID(), 0, true);
// don't ignore access when checking users.
if ($user_guid) {
return array_key_exists($collection_id, $write_access);
} else {
return elgg_get_ignore_access() || array_key_exists($collection_id, $write_access);
}
}
/**
* Remove a user from an access collection,
* can't use remove_user_from_access_collection() because user might not exists any more
*
* @param int $user_guid the user GUID to remove
* @param int $collection_id the ID of the ACL to be removed from
*
* @return boolean true on success
*/
function group_tools_remove_user_from_access_collection($user_guid, $collection_id)
{
$collection_id = sanitise_int($collection_id, false);
$user_guid = sanitise_int($user_guid, false);
$collection = get_access_collection($collection_id);
if (empty($user_guid) || !$collection) {
return false;
}
$params = array("collection_id" => $collection_id, "user_guid" => $user_guid);
if (!elgg_trigger_plugin_hook("access:collections:remove_user", "collection", $params, true)) {
return false;
}
$dbprefix = elgg_get_config("dbprefix");
$query = "DELETE";
$query .= " FROM " . $dbprefix . "access_collection_membership";
$query .= " WHERE access_collection_id = " . $collection_id;
$query .= " AND user_guid = " . $user_guid;
return (bool) delete_data($query);
}
forward(REFERER);
}
$group = new ElggGroup($group_guid);
// load if present, if not create a new group
if ($group_guid && !$group->canEdit()) {
register_error(elgg_echo("groups:cantedit"));
forward(REFERER);
}
// Assume we can edit or this is a new group
if (sizeof($input) > 0) {
foreach ($input as $shortname => $value) {
// update access collection name if group name changes
if (!$is_new_group && $shortname == 'name' && $value != $group->name) {
$group_name = html_entity_decode($value, ENT_QUOTES, 'UTF-8');
$ac_name = sanitize_string(elgg_echo('groups:group') . ": " . $group_name);
$acl = get_access_collection($group->group_acl);
if ($acl) {
// @todo Elgg api does not support updating access collection name
$db_prefix = elgg_get_config('dbprefix');
$query = "UPDATE {$db_prefix}access_collections SET name = '{$ac_name}' \n\t\t\t\t\tWHERE id = {$group->group_acl}";
update_data($query);
}
}
$group->{$shortname} = $value;
}
}
// Validate create
if (!$group->name) {
register_error(elgg_echo("groups:notitle"));
forward(REFERER);
}
function pleio_api_send_tweio($message, $access_id = "", $reply = 0, $group_id = 0)
{
$access_ids = explode(",", $access_id);
$user = elgg_get_logged_in_user_entity();
$user_id = $user !== false ? $user->guid : 0;
$method = "api";
$parent_guid = $reply;
$guid = false;
$group_id = intval($group_id);
foreach ($access_ids as $access_id) {
$access = get_access_collection($access_id);
if ($access || $access_id < 3) {
$site_guid = false;
if ($access && strpos($access->name, "subsite_acl_") === 0) {
$site_guid = intval(substr($access->name, 12));
}
$guid = thewire_save_post($message, $user_id, $access_id, $parent_guid, $method);
if ($site_guid) {
$site_guid = $site_guid;
// site_guid wordt niet gezet door thewire_save_post
update_data(sprintf("update %sentities set site_guid = %d where guid = %d", get_config("dbprefix"), $site_guid, $guid));
update_data(sprintf("update %sriver set site_guid = %d where object_guid = %d", get_config("dbprefix"), $site_guid, $guid));
}
if ($group_id) {
// container_guid wordt niet gezet door thewire_save_post
update_data(sprintf("update %sentities set container_guid = %d where guid = %d", get_config("dbprefix"), $group_id, $guid));
}
}
}
if ($guid) {
return new SuccessResult(elgg_echo("thewire:posted"));
} else {
return new ErrorResult(elgg_echo("thewire:error"));
}
}
$trip->summaryPreOrderConfirmed = array('_', '_');
}
//initialize variable to the given by the trip promoter
$trip->bultosDisponibles = $trip->nbultos;
if (elgg_instanceof($trip, "trip") && !$trip->canEdit()) {
register_error(elgg_echo("mytrips:cantedit"));
forward(REFERER);
}
// Assume we can edit or this is a new trip
if (sizeof($input) > 0) {
foreach ($input as $shortname => $value) {
// update access collection name if trip name changes
if (!$is_new_trip && $shortname == 'name' && $value != $trip->name) {
$trip_name = html_entity_decode($value, ENT_QUOTES, 'UTF-8');
$ac_name = sanitize_string(elgg_echo('mytrips:trip') . ": " . $trip_name);
$acl = get_access_collection($trip->trip_acl);
if ($acl) {
// @todo Elgg api does not support updating access collection name
$db_prefix = elgg_get_config('dbprefix');
$query = "UPDATE {$db_prefix}access_collections SET name = '{$ac_name}'\n\t\t\t\t\tWHERE id = {$trip->trip_acl}";
update_data($query);
}
}
if ($value === '') {
// The trip profile displays all profile fields that have a value.
// We don't want to display fields with empty string value, so we
// remove the metadata completely.
$trip->deleteMetadata($shortname);
continue;
}
$trip->{$shortname} = $value;
/**
* {@inheritdoc}
*/
public function put(ParameterBag $params)
{
hypeGraph()->logger->vardump('params', $params);
$user = isset($params->owner_guid) && $params->owner_guid ? get_entity($params->owner_guid) : elgg_get_logged_in_user_entity();
$group_guid = isset($params->guid) ? $params->guid : 0;
// allows us to recycle this method from SiteGroups controller
$is_new_group = $group_guid == 0;
if ($is_new_group && elgg_get_plugin_setting('limited_groups', 'groups') == 'yes' && !$user->isAdmin()) {
throw new GraphException(elgg_echo("groups:cantcreate"), 403);
}
$group = $group_guid ? get_entity($group_guid) : new ElggGroup();
if (elgg_instanceof($group, "group") && !$group->canEdit()) {
throw new GraphException(elgg_echo("groups:cantedit"), 403);
}
if (!$is_new_group) {
foreach ($params as $key => $value) {
if ($value === null) {
$params->{$key} = $group->{$key};
}
}
}
$input = array();
foreach (elgg_get_config('group') as $shortname => $valuetype) {
$input[$shortname] = $params->{$shortname};
if (is_array($input[$shortname])) {
array_walk_recursive($input[$shortname], function (&$v) {
$v = _elgg_html_decode($v);
});
} else {
$input[$shortname] = _elgg_html_decode($input[$shortname]);
}
if ($valuetype == 'tags') {
$input[$shortname] = string_to_tag_array($input[$shortname]);
}
}
$input = array_filter($input);
$input['name'] = htmlspecialchars(get_input('name', '', false), ENT_QUOTES, 'UTF-8');
// Assume we can edit or this is a new group
if (sizeof($input) > 0) {
foreach ($input as $shortname => $value) {
// update access collection name if group name changes
if (!$is_new_group && $shortname == 'name' && $value != $group->name) {
$group_name = html_entity_decode($value, ENT_QUOTES, 'UTF-8');
$ac_name = sanitize_string(elgg_echo('groups:group') . ": " . $group_name);
$acl = get_access_collection($group->group_acl);
if ($acl) {
// @todo Elgg api does not support updating access collection name
$db_prefix = elgg_get_config('dbprefix');
$query = "UPDATE {$db_prefix}access_collections SET name = '{$ac_name}'\n\t\t\t\t\tWHERE id = {$group->group_acl}";
update_data($query);
}
}
if ($value === '') {
// The group profile displays all profile fields that have a value.
// We don't want to display fields with empty string value, so we
// remove the metadata completely.
$group->deleteMetadata($shortname);
continue;
}
$group->{$shortname} = $value;
}
}
// Validate create
if (!$group->name) {
throw new GraphException(elgg_echo("groups:notitle"), 400);
}
// Set group tool options
$tool_options = elgg_get_config('group_tool_options');
if ($tool_options) {
foreach ($tool_options as $group_option) {
$option_toggle_name = $group_option->name . "_enable";
$option_default = $group->{$option_toggle_name} ?: $group_option->default_on ? 'yes' : 'no';
$group->{$option_toggle_name} = $params->{$option_toggle_name} ?: $option_default;
}
}
// Group membership - should these be treated with same constants as access permissions?
$is_public_membership = (int) $params->membership == ACCESS_PUBLIC;
$group->membership = $is_public_membership ? ACCESS_PUBLIC : ACCESS_PRIVATE;
$group->setContentAccessMode($params->content_access_mode);
if ($is_new_group) {
$group->owner_guid = $user->guid;
$group->access_id = ACCESS_PUBLIC;
}
if ($is_new_group) {
// if new group, we need to save so group acl gets set in event handler
if (!$group->save()) {
throw new GraphException(elgg_echo("groups:save_error"));
}
}
if (elgg_get_plugin_setting('hidden_groups', 'groups') == 'yes') {
$visibility = (int) $params->vis;
if ($visibility == ACCESS_PRIVATE) {
// Make this group visible only to group members. We need to use
// ACCESS_PRIVATE on the form and convert it to group_acl here
// because new groups do not have acl until they have been saved once.
$visibility = $group->group_acl;
// Force all new group content to be available only to members
$group->setContentAccessMode(ElggGroup::CONTENT_ACCESS_MODE_MEMBERS_ONLY);
}
$group->access_id = $visibility;
}
if (!$group->save()) {
throw new GraphException(elgg_echo("groups:save_error"));
}
$river_id = false;
if ($is_new_group) {
elgg_set_page_owner_guid($group->guid);
$group->join($user);
$river_id = elgg_create_river_item(array('view' => 'river/group/create', 'action_type' => 'create', 'subject_guid' => $user->guid, 'object_guid' => $group->guid));
}
$return = array('nodes' => array('group' => $group));
if ($river_id) {
$river = elgg_get_river(array('ids' => $river_id));
$return['nodes']['activity'] = $river ? $river[0] : $river_id;
}
return $return;
}
/**
* Removes a user from an access collection
*
* @param int $user_guid The user GUID
* @param int $collection_id The access collection ID
* @return true|false Depending on success
*/
function remove_user_from_access_collection($user_guid, $collection_id)
{
$collection_id = (int) $collection_id;
$user_guid = (int) $user_guid;
$collections = get_write_access_array();
if (!($collection = get_access_collection($collection_id))) {
return false;
}
if ((array_key_exists($collection_id, $collections) || $collection->owner_guid == 0) && ($user = get_user($user_guid))) {
global $CONFIG;
delete_data("delete from {$CONFIG->dbprefix}access_collection_membership where access_collection_id = {$collection_id} and user_guid = {$user_guid}");
return true;
}
return false;
}
/**
* Remove a user from an access collection,
* can't use remove_user_from_access_collection() because user might not exists any more
*
* @param int $user_guid the user GUID to remove
* @param int $collection_id the ID of the ACL to be removed from
*
* @return bool
*/
function group_tools_remove_user_from_access_collection($user_guid, $collection_id)
{
$collection_id = sanitize_int($collection_id, false);
$user_guid = sanitize_int($user_guid, false);
$collection = get_access_collection($collection_id);
if (empty($user_guid) || empty($collection)) {
return false;
}
$params = ['collection_id' => $collection_id, 'user_guid' => $user_guid];
if (!elgg_trigger_plugin_hook('access:collections:remove_user', 'collection', $params, true)) {
return false;
}
$dbprefix = elgg_get_config('dbprefix');
$query = 'DELETE';
$query .= " FROM {$dbprefix}access_collection_membership";
$query .= " WHERE access_collection_id = {$collection_id}";
$query .= " AND user_guid = {$user_guid}";
return (bool) delete_data($query);
}
/*$members = get_input('members','');
if (!empty($members)) {
$members = explode(',',$members);
} else {
$members = array();
}*/
$collection = (int) get_input('collection', 0);
$members = get_members_of_access_collection($collection, true);
if (!$members) {
$members = array();
}
$friendspicker = (int) get_input('friendspicker', 0);
// Get page owner (bomb out if there isn't one)
$pageowner = page_owner_entity();
if (!$pageowner) {
forward();
exit;
}
// Depending on the view type, launch a different view
switch ($type) {
case 'list':
$js_segment = elgg_view('friends/tablelistcountupdate', array('friendspicker' => $friendspicker, 'count' => sizeof($members)));
$content = elgg_view('friends/tablelist', array('entities' => $members, 'content' => $js_segment));
break;
default:
$friends = $pageowner->getFriends('', 9999);
$content = elgg_view('friends/picker', array('entities' => $friends, 'value' => $members, 'callback' => true, 'friendspicker' => $friendspicker, 'formcontents' => elgg_view('friends/forms/collectionfields', array('collection' => get_access_collection($collection))), 'formtarget' => $CONFIG->wwwroot . 'action/friends/editcollection'));
break;
}
// Output the content
echo $content;
<?php
$collection = false;
if (isset($vars['entity']->friend_collection)) {
$collection = get_access_collection($vars['entity']->friend_collection);
}
$owner = $vars['entity']->getOwnerEntity();
if ($collection && $owner->canEdit()) {
$can_message = elgg_trigger_plugin_hook('can_message', 'collection', array('collection_id' => $collection->id), true);
if (!$can_message) {
return;
}
$text = elgg_view_icon('mail') . ' ' . elgg_echo('friend_collection_message:widget:send');
$href = elgg_normalize_url('friends/collections/message/' . $vars['entity']->friend_collection);
$link = elgg_view('output/url', array('text' => $text, 'href' => $href, 'is_trusted' => true, 'encode_text' => false));
echo '<br>';
echo $link;
}
<?php
/**
* Elgg add a collection of friends
*
* @package Elgg.Core
* @subpackage Social.Collections
*/
// You need to be logged in for this one
elgg_gatekeeper();
//get which collection we are using
$collection = (int) get_input("collection");
//add page menu items back for edit page
//friends
$params = array('name' => 'friends', 'text' => elgg_echo('friends'), 'href' => 'friends/' . elgg_get_logged_in_user_entity()->username, 'contexts' => array('friends'));
elgg_register_menu_item('page', $params);
//friend circles
elgg_register_menu_item('page', array('name' => 'friends:view:collections', 'text' => elgg_echo('friends:collections'), 'href' => "collections/owner/" . elgg_get_logged_in_user_entity()->username, 'contexts' => array('friends')));
//friend request
$menu_item = array("name" => "friend_request", "text" => elgg_echo("friend_request:menu") . $extra, "href" => "friend_request/" . $page_owner->username, "contexts" => array("friends", "friendsof", "collections"));
elgg_register_menu_item("page", $menu_item);
$title = elgg_echo('friends:collections:edit');
elgg_set_context('friends');
$content = elgg_view_form('friends/collections/edit', array(), array('friends' => elgg_get_logged_in_user_entity()->getFriends(array('limit' => 0)), 'collection' => get_access_collection($collection)));
$body = elgg_view_layout('one_sidebar', array('title' => $title, 'content' => $content));
echo elgg_view_page($title, $body);
public function testCreateDeleteGroupACL()
{
if (!elgg_is_active_plugin('groups')) {
return;
}
$group = new ElggGroup();
$group->name = 'Test group';
$group->save();
$acl = get_access_collection($group->group_acl);
// ACLs are owned by groups
$this->assertEqual($acl->owner_guid, $group->guid);
// removing group and acl
$this->assertTrue($group->delete());
$acl = get_access_collection($group->group_acl);
$this->assertFalse($acl);
$group->delete();
}
/**
* Make sure the provided access_id is valid for this container
*
* @param int $access_id the current access_id
* @param int $container_guid the container where the entity will be placed
*
* @return int
*/
function questions_validate_access_id($access_id, $container_guid)
{
$access_id = sanitise_int($access_id);
if ($access_id === ACCESS_DEFAULT) {
$access_id = get_default_access();
}
if (empty($container_guid)) {
return $access_id;
}
$container = get_entity($container_guid);
if (empty($container)) {
return $access_id;
}
if ($container instanceof ElggUser) {
// is a default level defined in the plugin settings
$personal_access_id = questions_get_personal_access_level();
if ($personal_access_id !== false) {
$access_id = $personal_access_id;
} else {
// make sure access_id is not a group acl
$acl = get_access_collection($access_id);
if (!empty($acl) && $acl->owner_guid != $container->getGUID()) {
// this acl is a group acl, so set to something else
$access_id = ACCESS_LOGGED_IN;
}
}
} elseif ($container instanceof ElggGroup) {
// is a default level defined in the plugin settings
$group_access_id = questions_get_group_access_level($container);
if ($group_access_id !== false) {
$access_id = $group_access_id;
} else {
// friends access not allowed in groups
if ($access_id === ACCESS_FRIENDS) {
// so set it to group access
$access_id = (int) $container->group_acl;
}
// check if access is an acl
$acl = get_access_collection($access_id);
if (!empty($acl) && $acl->owner_guid != $container->getGUID()) {
// this acl is an acl, make sure it's the group acl
$access_id = (int) $container->group_acl;
}
}
}
return $access_id;
}
/**
* Removes a user from an access collection
*
* @param int $user_guid The user GUID
* @param int $collection_id The access collection ID
* @return true|false Depending on success
*/
function remove_user_from_access_collection($user_guid, $collection_id)
{
$collection_id = (int) $collection_id;
$user_guid = (int) $user_guid;
$collections = get_write_access_array();
if (!($collection = get_access_collection($collection_id))) {
return false;
}
if ((array_key_exists($collection_id, $collections) || $collection->owner_guid == 0) && ($user = get_user($user_guid))) {
global $CONFIG;
$params = array('collection_id' => $collection_id, 'user_guid' => $user_guid);
if (!trigger_plugin_hook('access:collections:remove_user', 'collection', $params, true)) {
return false;
}
delete_data("delete from {$CONFIG->dbprefix}access_collection_membership where access_collection_id = {$collection_id} and user_guid = {$user_guid}");
return true;
}
return false;
}
<?php
/**
* Elgg add a collection of friends
*
* @package Elgg
* @subpackage Core
* @license http://www.gnu.org/licenses/old-licenses/gpl-2.0.html GNU Public License version 2
* @author Curverider Ltd
* @copyright Curverider Ltd 2008-2009
* @link http://elgg.org/
*/
// Start engine
require_once dirname(dirname(__FILE__)) . "/engine/start.php";
// You need to be logged in for this one
gatekeeper();
//set the title
$area1 = elgg_view_title(elgg_echo('friends:collectionedit'), false);
//grab the collection id passed to the edit form
$collection_id = get_input('collection');
//get the full collection
$collection = get_access_collection($collection_id);
//get all members of the collection
$collection_members = get_members_of_access_collection($collection_id);
$area2 = elgg_view('friends/forms/edit', array('collection' => $collection, 'collection_members' => $collection_members));
// Format page
$body = elgg_view_layout('two_column_left_sidebar', $area1 . $area2);
// Draw it
page_draw(elgg_echo('friends:add'), $body);
/**
* Can the user change this access collection?
*
* Use the plugin hook of 'access:collections:write', 'user' to change this.
* @see get_write_access_array() for details on the hook.
*
* Respects access control disabling for admin users and {@link elgg_set_ignore_access()}
*
* @see get_write_access_array()
*
* @param int $collection_id The collection id
* @param mixed $user_guid The user GUID to check for. Defaults to logged in user.
* @return bool
*/
function canEdit($collection_id, $user_guid = null)
{
try {
$user = _elgg_services()->entityTable->getUserForPermissionsCheck($user_guid);
} catch (UserFetchFailureException $e) {
return false;
}
$collection = get_access_collection($collection_id);
if (!$user || !$collection) {
return false;
}
$write_access = get_write_access_array($user->guid, 0, true);
// don't ignore access when checking users.
if ($user_guid) {
return array_key_exists($collection_id, $write_access);
} else {
return elgg_get_ignore_access() || array_key_exists($collection_id, $write_access);
}
}
