/** * Sets or unsets the approved field * @param array $nodeids * @param boolean $approved - set or unset the approved field * @throws vB_Exception_Api * @return array - the nodeids that have the permission to be changed */ function setApproved($nodeids, $approved = true) { $nodeids = vB::getCleaner()->clean($nodeids, is_array($nodeids) ? vB_Cleaner::TYPE_ARRAY_UINT : vB_Cleaner::TYPE_UINT); if (empty($nodeids)) { return false; } $currentUserid = vB::getCurrentSession()->get('userid'); if (empty($currentUserid)) { return false; } if (!is_array($nodeids)) { $nodeids = array($nodeids); } $existing = vB_Library::instance('node')->getNodes($nodeids); if (empty($existing)) { return false; } // need to see if we require authentication $userContext = vB::getUserContext(); $approveNodeIds = array(); //allow unapproving of VMs by the recipient that has canmanageownprofile $need_auth = false; $moderateInfo = vB::getUserContext()->getCanModerate(); $timeNow = vB::getRequest()->getTimeNow(); $result = false; foreach ($existing as $node) { //Two possibilities. It might be unapproved, in which case we need moderate permissions. Or it might be unpublished, // in which case we need canpublish. //if (($node['publishdate'] < $timeNow) OR ($node['unpublishdate'] > 0)) if (!$this->library->isPublished($node)) { $this->inlinemodAuthCheck(); if ($userContext->getChannelPermission('forumpermissions2', 'canpublish', $node['nodeid'])) { $this->setPublishDate($node['nodeid'], $timeNow); $result = true; } } $currentApproved = intval($node['approved']) > 0; if ($approved != $currentApproved) { //do we need to call setApproved? Not if we just have $approve = 1; $canModerateOwn = $userContext->getChannelPermission('forumpermissions2', 'canmanageownchannels', $node['nodeid']); // check if this is the owner of a blog that needs to moderate the comments if (!empty($moderateInfo['can']) or $canModerateOwn) { // let's get the channel node $channelid = vB_Library::instance('node')->getChannelId($node); if ($channelid == $node['nodeid']) { $channel = $node; } else { $channel = vB_Library::instance('node')->getNodeBare($channelid); } // this channel was created by the current user so we don't need the auth check if (in_array($channelid, $moderateInfo['can']) or $canModerateOwn and $channel['userid'] == $currentUserid) { $approveNodeIds[] = $node['nodeid']; continue; } } // don't check permissions if the user is the recipient of the VM if (!empty($node['setfor']) and $node['setfor'] == $currentUserid and $userContext->hasPermission('visitormessagepermissions', 'canmanageownprofile')) { $approveNodeIds[] = $node['nodeid']; } else { $this->inlinemodAuthCheck(); if ($userContext->getChannelPermission('moderatorpermissions', 'canmanagethreads', $node['nodeid'])) { $approveNodeIds[] = $node['nodeid']; } } } } if (empty($approveNodeIds)) { return $result; } return $this->library->setApproved($approveNodeIds, $approved); }