/**
* Get all views & collections for a (user,group), grouped
* by their accesslists as defined by the accessconf column
*
* @param integer $owner
* @param integer $group
*
* @return array
*/
public static function get_accesslists($owner = null, $group = null, $institution = null)
{
require_once 'institution.php';
if (!is_null($owner) && !is_array($owner) && $owner > 0) {
$ownerobj = new User();
$ownerobj->find_by_id($owner);
}
$data = array();
list($data['collections'], $data['views']) = self::get_views_and_collections($owner, $group, $institution);
// Remember one representative viewid in each collection
$viewindex = array();
// Add strings to describe startdate/stopdate access overrides
foreach ($data['collections'] as &$c) {
$view = current($c['views']);
$viewindex[$view['id']] = array('type' => 'collections', 'id' => $c['id']);
$c['access'] = self::access_override_description($view);
$c['viewid'] = $view['id'];
}
foreach ($data['views'] as &$v) {
$viewindex[$v['id']] = array('type' => 'views', 'id' => $v['id']);
$v['access'] = self::access_override_description($v);
$v['viewid'] = $v['id'];
}
if (empty($viewindex)) {
return $data;
}
// Get view_access records, apart from those with visible = 0 (system access records)
$accessgroups = get_records_sql_array('
SELECT va.*, g.grouptype, g.name, g.urlid
FROM {view_access} va LEFT OUTER JOIN {group} g ON (g.id = va.group AND g.deleted = 0)
WHERE va.view IN (' . join(',', array_keys($viewindex)) . ') AND va.visible = 1
ORDER BY va.view, va.accesstype, g.grouptype, va.role, g.name, va.group, va.usr', array());
if (!$accessgroups) {
return $data;
}
if (!function_exists('is_probationary_user')) {
require_once get_config('libroot') . 'antispam.php';
}
foreach ($accessgroups as $access) {
// remove 'Public' from the list if the owner isn't allowed to have them
if ($access->accesstype == 'public' && (get_config('allowpublicviews') != 1 || isset($ownerobj) && !$ownerobj->institution_allows_public_views() || isset($ownerobj) && is_probationary_user($ownerobj->id))) {
continue;
}
$vi = $viewindex[$access->view];
// Just count secret urls.
if ($access->token) {
if (!isset($data[$vi['type']][$vi['id']]['secreturls'])) {
$data[$vi['type']][$vi['id']]['secreturls'] = 0;
}
$data[$vi['type']][$vi['id']]['secreturls']++;
continue;
}
$key = null;
if ($access->usr) {
$access->accesstype = 'user';
$access->id = $access->usr;
} else {
if ($access->group) {
$access->accesstype = 'group';
$access->id = $access->group;
if ($access->role) {
$access->roledisplay = get_string($access->role, 'grouptype.' . $access->grouptype);
}
$access->groupurl = group_homepage_url((object) array('id' => $access->group, 'urlid' => $access->urlid));
} else {
if ($access->institution) {
$access->accesstype = 'institution';
$access->id = $access->institution;
$access->name = institution_display_name($access->institution);
} else {
$key = $access->accesstype;
}
}
}
if ($key) {
if (!isset($data[$vi['type']][$vi['id']]['accessgroups'][$key])) {
$data[$vi['type']][$vi['id']]['accessgroups'][$key] = (array) $access;
}
} else {
$data[$vi['type']][$vi['id']]['accessgroups'][] = (array) $access;
}
}
return $data;
}
} else {
$elements['grouptype'] = array('type' => 'select', 'title' => get_string('Roles', 'group'), 'options' => $grouptypeoptions, 'defaultvalue' => $group_data->grouptype, 'help' => true);
}
$elements['invitefriends'] = array('type' => 'switchbox', 'title' => get_string('friendinvitations', 'group'), 'description' => get_string('invitefriendsdescription1', 'group'), 'defaultvalue' => $group_data->invitefriends);
$elements['suggestfriends'] = array('type' => 'switchbox', 'title' => get_string('Recommendations', 'group'), 'description' => get_string('suggestfriendsdescription1', 'group'), 'defaultvalue' => $group_data->suggestfriends && ($group_data->open || $group_data->request), 'disabled' => !$group_data->open && !$group_data->request);
$elements['pages'] = array('type' => 'html', 'value' => '<h4>' . get_string('content') . '</h4>');
$elements['editroles'] = array('type' => 'select', 'options' => group_get_editroles_options(), 'title' => get_string('editroles1', 'group'), 'description' => get_string('editrolesdescription1', 'group'), 'defaultvalue' => $group_data->editroles, 'help' => true);
if ($cancreatecontrolled) {
$elements['submittableto'] = array('type' => 'switchbox', 'title' => get_string('allowsubmissions', 'group'), 'description' => get_string('allowssubmissionsdescription1', 'group'), 'defaultvalue' => $group_data->submittableto);
$elements['allowarchives'] = array('type' => 'switchbox', 'title' => get_string('allowsarchives', 'group'), 'description' => get_string('allowsarchivesdescription', 'group'), 'defaultvalue' => $group_data->allowarchives, 'disabled' => !$group_data->submittableto, 'help' => true);
} else {
$form['elements']['submittableto'] = array('type' => 'hidden', 'value' => $group_data->submittableto);
$form['elements']['allowarchives'] = array('type' => 'hidden', 'value' => $group_data->allowarchives);
}
$publicallowed = get_config('createpublicgroups') == 'all' || get_config('createpublicgroups') == 'admins' && $USER->get('admin');
$publicallowed = $publicallowed && !is_probationary_user();
if (!$id && !param_exists('pieform_editgroup')) {
// If a 'public=0' parameter is passed on the first page load, hide the
// public checkbox. The only purpose of this is to allow custom create
// group buttons/links which lead to a slightly simplified form.
$publicparam = param_integer('public', null);
}
$ignorepublic = !$publicallowed || isset($publicparam) && $publicparam === 0;
if ($cancreatecontrolled || !$ignorepublic) {
$elements['visibility'] = array('type' => 'html', 'value' => '<h4>' . get_string('Visibility') . '</h4>');
}
$elements['public'] = array('type' => 'switchbox', 'title' => get_string('publiclyviewablegroup', 'group'), 'description' => get_string('publiclyviewablegroupdescription1', 'group'), 'defaultvalue' => $group_data->public, 'help' => true, 'ignore' => $ignorepublic);
if ($cancreatecontrolled) {
$elements['hidden'] = array('type' => 'switchbox', 'title' => get_string('hiddengroup', 'group'), 'description' => get_string('hiddengroupdescription1', 'group'), 'defaultvalue' => $group_data->hidden);
$elements['hidemembers'] = array('type' => 'switchbox', 'title' => get_string('hidemembers', 'group'), 'description' => get_string('hidemembersdescription', 'group'), 'defaultvalue' => $group_data->hidemembers || $group_data->hidemembersfrommembers, 'disabled' => $group_data->hidemembersfrommembers);
$elements['hidemembersfrommembers'] = array('type' => 'switchbox', 'title' => get_string('hidemembersfrommembers', 'group'), 'description' => get_string('hidemembersfrommembersdescription1', 'group'), 'defaultvalue' => $group_data->hidemembersfrommembers);
/**
* Given a view id, and a user id (defaults to currently logged in user if not
* specified) will return wether this user is allowed to look at this view.
*
* @param mixed $view viewid or View to check
* @param integer $user_id User trying to look at the view (defaults to
* currently logged in user, or null if user isn't logged in)
*
* @returns boolean Wether the specified user can look at the specified view.
*/
function can_view_view($view, $user_id = null)
{
global $USER, $SESSION;
if (defined('BULKEXPORT')) {
return true;
}
$now = time();
$dbnow = db_format_timestamp($now);
if ($user_id === null) {
$user = $USER;
$user_id = $USER->get('id');
} else {
$user = new User();
if ($user_id) {
try {
$user->find_by_id($user_id);
} catch (AuthUnknownUserException $e) {
}
}
}
$publicviews = get_config('allowpublicviews');
$publicprofiles = get_config('allowpublicprofiles');
// If the user is logged out and the publicviews & publicprofiles sitewide configs are false,
// we can deny access without having to hit the database at all
if (!$user_id && !$publicviews && !$publicprofiles) {
return false;
}
require_once get_config('libroot') . 'view.php';
if ($view instanceof View) {
$view_id = $view->get('id');
} else {
$view = new View($view_id = $view);
}
// If the page belongs to an individual, check for individual-specific overrides
if ($view->get('owner')) {
$ownerobj = $view->get_owner_object();
// Suspended user
if ($ownerobj->suspendedctime) {
return false;
}
// Probationary user (no public pages or profiles)
// (setting these here instead of doing a return-false, so that we can do checks for
// logged-in users later)
require_once get_config('libroot') . 'antispam.php';
$onprobation = is_probationary_user($ownerobj->id);
$publicviews = $publicviews && !$onprobation;
$publicprofiles = $publicprofiles && !$onprobation;
// Member of an institution that prohibits public pages
// (group views and logged in users are not affected by
// the institution level config for public views)
$owner = new User();
$owner->find_by_id($ownerobj->id);
$publicviews = $publicviews && $owner->institution_allows_public_views();
}
// Now that we've examined the page owner, check again for whether it can be viewed by a logged-out user
if (!$user_id && !$publicviews && !$publicprofiles) {
return false;
}
if ($user_id && $user->can_edit_view($view)) {
return true;
}
// If the view's owner is suspended, deny access to the view
if ($view->get('owner')) {
if (!($owner = $view->get_owner_object()) || $owner->suspendedctime) {
return false;
}
}
if ($SESSION->get('mnetuser')) {
$mnettoken = get_cookie('mviewaccess:' . $view_id);
}
// If the page has been marked "objectionable" admins should be able to view
// it for review purposes.
if ($view->is_objectionable()) {
if ($owner = $view->get('owner')) {
if ($user->is_admin_for_user($owner)) {
return true;
}
} else {
if ($view->get('group') && $user->get('admin')) {
return true;
}
}
}
// Overriding start/stop dates are set by the owner to deny access
// to users who would otherwise be allowed to see the view. However,
// for some kinds of access (e.g. objectionable content, submitted
// views), we have to override the override and let the logged in
// user see it anyway. So we can't return false now, we have to wait
// till we find out what kind of view_access record is being used.
$overridestart = $view->get('startdate');
$overridestop = $view->get('stopdate');
$allowedbyoverride = (empty($overridestart) || $overridestart < $dbnow) && (empty($overridestop) || $overridestop > $dbnow);
$access = View::user_access_records($view_id, $user_id);
if (empty($access)) {
return false;
}
foreach ($access as &$a) {
if ($a->accesstype == 'public' && $allowedbyoverride) {
if ($publicviews) {
return true;
} else {
if ($publicprofiles && $view->get('type') == 'profile') {
return true;
}
}
} else {
if ($a->token && ($allowedbyoverride || !$a->visible)) {
$usertoken = get_cookie('viewaccess:' . $view_id);
if ($a->token == $usertoken && $publicviews) {
return true;
}
if (!empty($mnettoken) && $a->token == $mnettoken) {
$mnetviewlist = $SESSION->get('mnetviewaccess');
if (empty($mnetviewlist)) {
$mnetviewlist = array();
}
$mnetviewlist[$view_id] = true;
$SESSION->set('mnetviewaccess', $mnetviewlist);
return true;
}
// Don't bother to pull the collection out unless the user actually
// has some collection access cookies.
if ($ctokens = get_cookies('caccess:')) {
$cid = $view->collection_id();
if ($cid && isset($ctokens[$cid]) && $a->token == $ctokens[$cid]) {
return true;
}
}
} else {
if ($user_id) {
if ($a->accesstype == 'friends') {
$owner = $view->get('owner');
if (!get_field_sql('
SELECT COUNT(*) FROM {usr_friend} f WHERE (usr1=? AND usr2=?) OR (usr1=? AND usr2=?)', array($owner, $user_id, $user_id, $owner))) {
continue;
}
} else {
if ($a->institution) {
// Check if user belongs to the allowed institution
if (!in_array($a->institution, array_keys($user->get('institutions')))) {
continue;
}
}
}
if (!$allowedbyoverride && $a->visible) {
continue;
}
// The view must have loggedin access, user access for the user
// or group/role access for one of the user's groups
return true;
}
}
}
}
return false;
}
global $view, $collection;
$viewid = $view->get('id');
if ($collection) {
$collection->new_token();
$viewid = reset($collection->get_viewids());
} else {
View::new_token($viewid);
}
redirect('/view/urls.php?id=' . $viewid);
}
// Determine whether
$allownew = get_config('allowpublicviews') && (!$view->get('owner') || $USER->institution_allows_public_views());
// The page belongs to a user in an institution without public views
// If the user would be allowed to create new views, check whether they should be prohibited because they're on probation
if ($allownew) {
$onprobation = get_config('allowpublicviews') && is_probationary_user();
$allownew = !$onprobation;
} else {
$onprobation = false;
}
$newform = $allownew ? pieform($newform) : null;
$js .= <<<EOF
jQuery(function(\$) {
\$('.url-open-editform').click(function(e) {
e.preventDefault();
\$('#' + this.id + '-form').toggleClass('js-hidden');
});
});
EOF;
$smarty = smarty(array('js/zeroclipboard/ZeroClipboard.min.js'), array(), array(), array('sidebars' => true));
$smarty->assign('PAGEHEADING', TITLE);
/**
* Check for external links and images being posted by a probationary user
* @param string $text
* @return BOOLEAN true if the text is okay, false if not
*/
function probation_validate_content($text)
{
if (!is_using_probation()) {
return true;
}
if (!has_external_links_or_images($text)) {
return true;
}
if (is_probationary_user()) {
return false;
}
return true;
}
/**
* Provides an element to manage a view ACL
*
* @param array $element The element to render
* @param Pieform $form The form to render the element for
* @return string The HTML for the element
*/
function pieform_element_viewacl(Pieform $form, $element)
{
global $USER, $SESSION, $LANGDIRECTION;
$strlen = function_exists('mb_strlen') ? 'mb_strlen' : 'strlen';
$smarty = smarty_core();
$smarty->left_delimiter = '{{';
$smarty->right_delimiter = '}}';
$value = $form->get_value($element);
// Look for the presets and split them into two groups
require_once get_config('libroot') . 'antispam.php';
$public = false;
if (is_probationary_user()) {
$public = false;
} else {
if (get_config('allowpublicviews') && $USER->institution_allows_public_views()) {
$public = true;
} else {
if (get_config('allowpublicprofiles') && $element['viewtype'] == 'profile') {
$public = true;
}
}
}
$allpresets = array('public', 'loggedin', 'friends');
$allowedpresets = array();
$loggedinindex = 0;
if ($public) {
$allowedpresets[] = 'public';
$loggedinindex = 1;
}
$allowedpresets[] = 'loggedin';
if ($form->get_property('userview')) {
$allowedpresets[] = 'friends';
}
$accesslist = array();
if ($value) {
foreach ($value as $item) {
if (is_array($item)) {
if ($item['type'] == 'public') {
$item['publicallowed'] = (int) $public;
}
if (in_array($item['type'], $allpresets)) {
$item['name'] = get_string($item['type'] == 'loggedin' ? 'registeredusers' : $item['type'], 'view');
$item['preset'] = true;
} else {
$item['name'] = pieform_render_viewacl_getvaluebytype($item['type'], $item['id']);
}
if ($strlen($item['name']) > 30) {
$item['shortname'] = str_shorten_text($item['name'], 30, true);
}
// only show access that is still current. Expired access will be deleted if the form is saved
if ($form->is_submitted() || empty($item['stopdate']) || time() <= strtotime($item['stopdate'])) {
$accesslist[] = $item;
}
}
}
}
$defaultaccesslist = $accesslist ? 0 : 1;
$myinstitutions = array();
foreach ($USER->get('institutions') as $i) {
$myinstitutions[] = array('type' => 'institution', 'id' => $i->institution, 'start' => null, 'end' => null, 'name' => hsc($i->displayname), 'preset' => false);
}
foreach ($allowedpresets as &$preset) {
$preset = array('type' => $preset, 'id' => $preset, 'start' => null, 'end' => null, 'name' => get_string($preset == 'loggedin' ? 'registeredusers' : $preset, 'view'), 'preset' => true);
}
$allgroups = array('type' => 'allgroups', 'id' => 'allgroups', 'start' => null, 'end' => null, 'name' => get_string('allmygroups', 'group'), 'preset' => true);
$mygroups = array();
foreach (group_get_user_groups($USER->get('id')) as $g) {
$group = array('type' => 'group', 'id' => $g->id, 'start' => null, 'end' => null, 'name' => $g->name, 'preset' => false);
if ($strlen($g->name) > 30) {
$group['shortname'] = str_shorten_text($g->name, 30, true);
}
$mygroups[] = $group;
}
$faves = array();
foreach (get_user_favorites($USER->get('id')) as $u) {
$fave = array('type' => 'user', 'id' => $u->id, 'start' => null, 'end' => null, 'name' => $u->name, 'preset' => false);
if ($strlen($u->name) > 30) {
$fave['shortname'] = str_shorten_text($u->name, 30, true);
}
$faves[] = $fave;
}
require_once get_config('libroot') . 'pieforms/pieform/elements/calendar.php';
$options = array('dateFormat' => get_string('calendar_dateFormat', 'langconfig'), 'timeFormat' => get_string('calendar_timeFormat', 'langconfig'), 'stepHour' => 1, 'stepMinute' => 5);
$options = pieform_element_calendar_get_lang_strings($options, $LANGDIRECTION);
$datepickeroptionstr = '';
foreach ($options as $key => $option) {
if (is_numeric($option)) {
$datepickeroptionstr .= $key . ': ' . $option . ',';
} else {
if (is_array($option)) {
foreach ($option as $k => $v) {
if (!is_numeric($v)) {
if (preg_match('/^\'(.*)\'$/', $v, $match)) {
$v = $match[1];
}
$option[$k] = json_encode($v);
}
}
$option = '[' . implode(',', $option) . ']';
$datepickeroptionstr .= $key . ': ' . $option . ',';
} else {
$datepickeroptionstr .= $key . ': ' . json_encode($option) . ',';
}
}
}
$smarty->assign('datepickeroptions', $datepickeroptionstr);
$smarty->assign('viewtype', $element['viewtype']);
$smarty->assign('potentialpresets', json_encode($allowedpresets));
$smarty->assign('loggedinindex', $loggedinindex);
$smarty->assign('accesslist', json_encode($accesslist));
$smarty->assign('defaultaccesslist', $defaultaccesslist);
$smarty->assign('viewid', $form->get_property('viewid'));
$smarty->assign('formname', $form->get_property('name'));
$smarty->assign('myinstitutions', json_encode($myinstitutions));
$smarty->assign('allowcomments', $element['allowcomments']);
$smarty->assign('allgroups', json_encode($allgroups));
$smarty->assign('mygroups', json_encode($mygroups));
$smarty->assign('faves', json_encode($faves));
return $smarty->fetch('form/viewacl.tpl');
}
