public static function getAccessEntitiesForUser($user) {
$entities = array();
$db = Loader::db();
if ($user->isRegistered()) {
$pae = PageOwnerPermissionAccessEntity::getOrCreate();
$r = $db->GetOne('select cID from Pages where uID = ?', array($user->getUserID()));
if ($r > 0) {
$entities[] = $pae;
}
}
return $entities;
}
<?php
defined('C5_EXECUTE') or die("Access Denied.");
if (Loader::helper('validation/token')->validate('process')) {
$js = Loader::helper('json');
$obj = new stdClass();
$pae = PageOwnerPermissionAccessEntity::getOrCreate();
$obj->peID = $pae->getAccessEntityID();
$obj->label = $pae->getAccessEntityLabel();
print $js->encode($obj);
}
/**
* Sets up a list to only return items the proper user can access
*/
public function setupPermissions()
{
$u = new User();
if ($u->isSuperUser() || $this->ignorePermissions) {
return;
// super user always sees everything. no need to limit
}
$accessEntities = $u->getUserAccessEntityObjects();
foreach ($accessEntities as $pae) {
$peIDs[] = $pae->getAccessEntityID();
}
$owpae = PageOwnerPermissionAccessEntity::getOrCreate();
// now we retrieve a list of permission duration object IDs that are attached view_page or view_page_version
// against any of these access entity objects. We just get'em all.
$db = Loader::db();
$activePDIDs = array();
$vpPKID = $db->GetOne('select pkID from PermissionKeys where pkHandle = \'view_page\'');
$vpvPKID = $db->GetOne('select pkID from PermissionKeys where pkHandle = \'view_page_versions\'');
$pdIDs = $db->GetCol("select distinct pdID from PagePermissionAssignments ppa inner join PermissionAccessList pa on ppa.paID = pa.paID where pkID in (?, ?) and pdID > 0", array($vpPKID, $vpvPKID));
if (count($pdIDs) > 0) {
// then we iterate through all of them and find any that are active RIGHT NOW
foreach ($pdIDs as $pdID) {
$pd = PermissionDuration::getByID($pdID);
if ($pd->isActive()) {
$activePDIDs[] = $pd->getPermissionDurationID();
}
}
}
$activePDIDs[] = 0;
if ($this->includeAliases) {
$cInheritPermissionsFromCID = 'if(p2.cID is null, p1.cInheritPermissionsFromCID, p2.cInheritPermissionsFromCID)';
} else {
$cInheritPermissionsFromCID = 'p1.cInheritPermissionsFromCID';
}
if ($this->displayOnlyApprovedPages) {
$cvIsApproved = ' and cv.cvIsApproved = 1';
}
$uID = 0;
if ($u->isRegistered()) {
$uID = $u->getUserID();
}
$this->filter(false, "((select count(cID) from PagePermissionAssignments ppa1 inner join PermissionAccessList pa1 on ppa1.paID = pa1.paID where ppa1.cID = {$cInheritPermissionsFromCID} and pa1.accessType = " . PermissionKey::ACCESS_TYPE_INCLUDE . " and pa1.pdID in (" . implode(',', $activePDIDs) . ")\n\t\t\tand pa1.peID in (" . implode(',', $peIDs) . ") and (if(pa1.peID = " . $owpae->getAccessEntityID() . " and p1.uID <>" . $uID . ", false, true)) and (ppa1.pkID = " . $vpPKID . $cvIsApproved . " or ppa1.pkID = " . $vpvPKID . ")) > 0\n\t\t\tor (p1.cPointerExternalLink !='' AND p1.cPointerExternalLink IS NOT NULL))");
$this->filter(false, "((select count(cID) from PagePermissionAssignments ppaExclude inner join PermissionAccessList paExclude on ppaExclude.paID = paExclude.paID where ppaExclude.cID = {$cInheritPermissionsFromCID} and accessType = " . PermissionKey::ACCESS_TYPE_EXCLUDE . " and pdID in (" . implode(',', $activePDIDs) . ")\n\t\t\tand paExclude.peID in (" . implode(',', $peIDs) . ") and (if(paExclude.peID = " . $owpae->getAccessEntityID() . " and p1.uID <>" . $uID . ", false, true)) and (ppaExclude.pkID = " . $vpPKID . $cvIsApproved . " or ppaExclude.pkID = " . $vpvPKID . ")) = 0)");
}
