Example #1
0
/**
 * @param integer $permission
 *     The permission level to check for. The function will check if the
 *     user has equal or higher permissions for the group(s). The available
 *     permission levels in low-to-high level order are:
 *     - {@link PHORUM_USER_GROUP_SUSPENDED}
 *     - {@link PHORUM_USER_GROUP_UNAPPROVED}
 *     - {@link PHORUM_USER_GROUP_APPROVED}
 *     - {@link PHORUM_USER_GROUP_MODERATOR}
 *
 * @param mixed $group_id
 *     Specifies the group(s) to look at. Available options are:
 *     - The id of the group for which to check the access.
 *     - An array of group_ids to check.
 *     - {@link PHORUM_ACCESS_ANY} to check if the user has access rights
 *       for any of the available groups.
 *     - {@link PHORUM_ACCESS_LIST} to return a list of group_ids for which the
 *       user has access rights.
 *
 * @param mixed $user
 *     Specifies the user to look at. Available options are:
 *     - 0 (zero, the default) to look at the active Phorum user.
 *     - A full user data array.
 *     - A single user_id.
 *
 * @return mixed
 *     The return value depends on the $group_id argument that was used:
 *
 *     - Single group_id or {@link PHORUM_ACCESS_ANY}:
 *       return either TRUE (access granted) or FALSE (access denied).
 *
 *     - An array of group_ids or {@link PHORUM_ACCESS_LIST}:
 *       return an array, containing all groups for which permission was
 *       granted. The keys in this array are group_ids and the values are
 *       group info arrays. These arrays contain the fields "group_id",
 *       "name", "open", "permissions" (which contains an array of
 *       forum permissions, indexed by forum_id), "user_status" (which contains
 *       the group status for the user, i.e. one of the PHORUM_USER_GROUP_*
 *       constants).
 */
function phorum_api_user_check_group_access($permission, $group_id, $user = 0)
{
    $PHORUM = $GLOBALS['PHORUM'];
    // Prepare the user to check the access for.
    if (empty($user)) {
        $user = $PHORUM['user'];
    } elseif (!is_array($user)) {
        $user = phorum_api_user_get($user);
    }
    // Retrieve all the groups for the current user. Admins get all groups.
    if (!empty($user['user_id']) && !empty($user['admin'])) {
        $groups = phorum_db_get_groups(0, TRUE);
    } else {
        $usergroups = phorum_db_user_get_groups($user['user_id']);
        $groups = empty($usergroups) ? array() : phorum_db_get_groups(array_keys($usergroups), TRUE);
    }
    // Prepare the array of group_ids to check.
    $group_access = array();
    $single_group_id = NULL;
    // An array of group ids.
    if (is_array($group_id)) {
        foreach ($group_id as $id) {
            $group_access[$id] = FALSE;
        }
        // Retrieve a group access list or access-rights-in-any-group.
    } elseif ($group_id == PHORUM_ACCESS_LIST || $group_id == PHORUM_ACCESS_ANY) {
        foreach ($groups as $id => $data) {
            $group_access[$id] = FALSE;
        }
        // A single group id.
    } else {
        $single_group_id = $group_id;
        $group_access[$group_id] = FALSE;
    }
    // Inactive users have no group permissions at all.
    if (!empty($user['user_id']) && empty($user['active'])) {
        if ($group_id == PHORUM_ACCESS_ANY) {
            return FALSE;
        }
        // No further code required. We'll just keep all group
        // permissions set to FALSE here.
    } elseif (!empty($user['user_id']) && !empty($user['admin'])) {
        if ($group_id == PHORUM_ACCESS_ANY) {
            return TRUE;
        }
        foreach ($group_access as $id => $data) {
            $group_access[$id] = $groups[$id];
            $group_access[$id]['user_status'] = PHORUM_USER_GROUP_MODERATOR;
        }
    } else {
        foreach ($group_access as $id => $data) {
            if (!isset($groups[$id])) {
                continue;
            }
            if ($usergroups[$id] >= $permission) {
                if ($group_id == PHORUM_ACCESS_ANY) {
                    return TRUE;
                }
                $group_access[$id] = $groups[$id];
                $group_access[$id]['user_status'] = $usergroups[$id];
                continue;
            }
        }
    }
    // If we reach this code, then we did not find any group for the user.
    if ($group_id == PHORUM_ACCESS_ANY) {
        return FALSE;
    }
    // Return the results.
    if ($single_group_id !== NULL) {
        // Return either TRUE or FALSE.
        return empty($group_access[$single_group_id]) ? FALSE : TRUE;
    } else {
        // Return an array of groups for which permission is granted.
        // The keys are group_ids and the values the user's permissions
        // for the groups.
        $return = array();
        foreach ($group_access as $id => $group) {
            if ($group !== FALSE) {
                $return[$id] = $group;
            }
        }
        return $return;
    }
}
Example #2
0
/**
 * phorum_user_get_groups()
 *
 * This function will return a list of groups the user
 * is a member of, as well as the users permissions.
 *
 * The returned list has the group id as the key, and
 * the permission as the value. Permissions are the
 * PHORUM_USER_GROUP constants.
 * @param int - the users user_id
 * @return array
 */
function phorum_user_get_groups($user_id)
{
    return phorum_db_user_get_groups($user_id);
}