/** * validates that the current can create a node with these values * * @param array Array of field => value pairs which define the record. * @param string Parameters to be checked for permission * * @return bool */ public function validate(&$data, $action = self::ACTION_ADD, $nodeid = false, $nodes = false) { //One extra check. If the node would otherwise be viewable but viewperms is zero for an album, the the current user //is the owner or follows the owner, they can see it. if (parent::validate($data, $action, $nodeid, $nodes)) { return true; } if ($action == self::ACTION_VIEW) { if (empty($data) and !empty($nodeid)) { $data = vB_Library::instance('node')->getNodeBare($nodeid); } if (isset($data['nodeid']) and isset($data['userid']) and isset($data['parentid']) and isset($data['viewperms'])) { $nodes = array($data); } else { if (!is_array($nodeid)) { $nodeid = array($nodeid); } if (!$nodes) { $nodes = vB_Api::instanceInternal('node')->getNodes($nodeid); } } $albumChannel = vB_Library::instance('node')->fetchAlbumChannel(); $following = vB_Api::instanceInternal('follow')->getFollowingParameters(); if (empty($following['user'])) { $following = array(vB::getCurrentSession()->get('userid')); } else { $following = $following['user']; $following[] = vB::getCurrentSession()->get('userid'); } foreach ($nodes as $node) { if ($node['parentid'] != $albumChannel or $node['viewperms'] != 0 or !in_array($node['userid'], $following)) { return false; } } //If we got here all is O.K. return true; } return false; }