public function createACL()
{
$result = false;
$name = "subsite_acl_" . $this->guid;
if ($acl = create_access_collection($name, $this->owner_guid, $this->owner_guid)) {
if ($this->setPrivateSetting("subsite_acl", $acl)) {
$result = $acl;
}
}
return $result;
}
function au_subgroups_fix_acls_20121024a($result, $getter, $options)
{
if ($result->group_acl === NULL) {
// group has no acl... create it and add all the members
$ac_name = elgg_echo('groups:group') . ": " . $result->name;
$group_acl = create_access_collection($ac_name, $result->guid);
$result->group_acl = $group_acl;
// now add all members of the group to the acl
$members = $result->getMembers(0, 0, false);
if (is_array($members) && count($members)) {
foreach ($members as $member) {
add_user_to_access_collection($member->guid, $group_acl);
}
}
}
}
function build_acl_from_guids($guids)
{
$site = elgg_get_site_entity();
$token = get_token_from_guids($guids);
$ia = elgg_set_ignore_access(true);
$granular_access = new ElggObject();
$granular_access->subtype = 'granular_access';
$granular_access->access_id = ACCESS_PUBLIC;
$granular_access->owner_guid = $site->guid;
$granular_access->container_guid = $site->guid;
$granular_access->token = $token;
$granular_access->access_list = $guids;
$guid = $granular_access->save();
if (!$guid) {
elgg_set_ignore_access($ia);
return false;
}
// check, if this is a single group, lets use the acl from that
if (count($guids) == 1) {
$entity = get_entity($guids[0]);
if (elgg_instanceof($entity, 'group') && $entity->group_acl) {
$granular_access->acl_id = $entity->group_acl;
$granular_access->single_group = 1;
// flag for use later to tell that this is using groups default acl
// no need to populate
elgg_set_ignore_access($ia);
return $entity->group_acl;
}
}
$id = create_access_collection('granular_access:' . $token, $site->guid);
$granular_access->acl_id = $id;
elgg_set_ignore_access($ia);
// actually populating the acl can take a long time, so we save that for vroom
// make it happen on the shutdown event
// add our guid to a list to populate
register_new_granular_access($guid);
if (!$GLOBALS['shutdown_flag']) {
// unregister first so we don't end up with multiple firings of the event
elgg_unregister_event_handler('shutdown', 'system', __NAMESPACE__ . '\\populate_acls');
elgg_register_event_handler('shutdown', 'system', __NAMESPACE__ . '\\populate_acls');
} else {
populate_acls();
}
return $id;
}
/**
* Creates a new access collection and adds members
*
* @param string $name Name of the collection
* @param array $members Members to add to the collection
* @return int ID of the created collection
*/
public function createCollection($name, $members = array())
{
$site = elgg_get_site_entity();
$acl_id = create_access_collection($name, $site->guid);
if (!empty($members)) {
update_access_collection($acl_id, $members);
}
return $acl_id;
}
public function testCanEditACLHook()
{
// if only we supported closures!
global $acl_test_info;
$acl_id = create_access_collection('test acl');
$acl_test_info = array('acl_id' => $acl_id, 'user' => $this->user);
function test_acl_access_hook($hook, $type, $value, $params)
{
global $acl_test_info;
if ($params['user_id'] == $acl_test_info['user']->guid) {
$acl = get_access_collection($acl_test_info['acl_id']);
$value[$acl->id] = $acl->name;
}
return $value;
}
elgg_register_plugin_hook_handler('access:collections:write', 'all', 'test_acl_access_hook');
// enable security since we usually run as admin
$ia = elgg_set_ignore_access(false);
$result = can_edit_access_collection($acl_id, $this->user->guid);
$this->assertTrue($result);
$ia = elgg_set_ignore_access($ia);
elgg_unregister_plugin_hook_handler('access:collections:write', 'all', 'test_acl_access_hook');
delete_access_collection($acl_id);
}
<?php
/**
* Change ownership of group ACLs to group entity
*/
elgg_set_ignore_access(TRUE);
$params = array('type' => 'group', 'limit' => 0);
$groups = elgg_get_entities($params);
if ($groups) {
foreach ($groups as $group) {
$acl = $group->group_acl;
try {
$query = "UPDATE {$CONFIG->dbprefix}access_collections\n\t\t\t\tSET owner_guid = {$group->guid} WHERE id = {$acl}";
update_data($query);
} catch (Exception $e) {
// no acl so create one
$ac_name = elgg_echo('groups:group') . ": " . $group->name;
$group_acl = create_access_collection($ac_name, $group->guid);
if ($group_acl) {
create_metadata($group->guid, 'group_acl', $group_acl, 'integer', $group->owner_guid);
$object->group_acl = $group_id;
}
}
}
}
elgg_set_ignore_access(FALSE);
<?php
/**
* Elgg collection add page
*
* @package Elgg.Core
* @subpackage Friends.Collections
*/
$collection_name = htmlspecialchars(get_input('collection_name', '', false), ENT_QUOTES, 'UTF-8');
$friends = get_input('friends_collection');
if (!$collection_name) {
register_error(elgg_echo("friends:nocollectionname"));
forward(REFERER);
}
$id = create_access_collection($collection_name);
if ($id) {
$result = update_access_collection($id, $friends);
if ($result) {
system_message(elgg_echo("friends:collectionadded"));
forward("collections/owner/" . elgg_get_logged_in_user_entity()->username);
} else {
register_error(elgg_echo("friends:nocollectionname"));
forward(REFERER);
}
} else {
register_error(elgg_echo("friends:nocollectionname"));
forward(REFERER);
}
/**
* Retrieve the workflow access collection controlling access
* of the workflow entities.
*
* @return int $ac_id the access id
*/
function questions_get_workflow_access_collection()
{
$site = elgg_get_site_entity();
$aclGuid = $site->getPrivateSetting('workflow_acl');
if (!$aclGuid) {
$aclGuid = create_access_collection("Workflow " . $site->name, $site->guid);
$site->setPrivateSetting('workflow_acl', $aclGuid);
}
return $aclGuid;
}
/**
* Groups created so create an access list for it
*/
function groups_create_event_listener($event, $object_type, $object)
{
$ac_name = elgg_echo('groups:group') . ": " . $object->name;
$ac_id = create_access_collection($ac_name, $object->guid);
if ($ac_id) {
$object->group_acl = $ac_id;
} else {
// delete group if access creation fails
return false;
}
return true;
}
<?php
/**
* create access collections for existing groups
*
*/
$access = elgg_get_ignore_access();
elgg_set_ignore_access(true);
//get all groups
$groups = elgg_get_entities(array('type' => 'group', 'order_by' => 'e.guid desc', 'limit' => 1000, 'full_view' => false));
foreach ($groups as $group) {
//create access collection
$ac_admin_name = elgg_echo('groups:group') . ":admin: " . $group->name;
$group_admin_id = create_access_collection($ac_admin_name, $group->guid);
//give group an admin_acl
$group->group_admin_acl = $group_admin_id;
if ($group->save()) {
//add group owner to access collection
add_user_to_access_collection($group->owner_guid, $group->group_admin_acl);
//add group admins to access collection
//get group admins
$admins = elgg_get_entities_from_relationship(array('relationship' => 'group_admin', 'relationship_guid' => $group->guid, 'inverse_relationship' => true, 'limit' => 30));
foreach ($admins as $admin) {
add_user_to_access_collection($admin->guid, $group->group_admin_acl);
}
}
}
elgg_set_ignore_access($access);
/**
* dgroups created, so add users to access lists.
*/
function dgroups_create_event_listener($event, $object_type, $object)
{
//if (($event == 'create') && ($object_type == 'dgroup') && ($object instanceof ElggGroup))
//{
$dgroup_subtype = get_subtype_id('group', 'dgroup');
//error_log("obj subtype: " . $object->subtype);
if ($object->subtype != $dgroup_subtype) {
return true;
}
$dgroup_id = create_access_collection(elgg_echo('dgroups:dgroup') . ": " . $object->name);
if ($dgroup_id) {
$object->dgroup_acl = $dgroup_id;
} else {
return false;
}
//}
return true;
}
/**
* Send a message to specified recipients
*
* @param int $sender_guid GUID of the sender entity
* @param array $recipient_guids An array of recipient GUIDs
* @param str $subject Subject of the message
* @param str $message Body of the message
* @param str $message_type Type of the message
* @param array $params Additional parameters, e.g. 'message_hash', 'attachments'
* @return boolean
*/
function hj_inbox_send_message($sender_guid, $recipient_guids, $subject = '', $message = '', $message_type = '', array $params = array())
{
$ia = elgg_set_ignore_access();
if (!is_array($recipient_guids)) {
$recipient_guids = array($recipient_guids);
}
if (isset($params['message_hash'])) {
$message_hash = elgg_extract('message_hash', $params);
}
if (isset($params['attachments'])) {
$attachments = elgg_extract('attachments', $params);
}
$user_guids = $recipient_guids;
$user_guids[] = $sender_guid;
sort($user_guids);
if (!$message_hash) {
$title = strtolower($subject);
$title = trim(str_replace('re:', '', $title));
$message_hash = sha1(implode(':', $user_guids) . $title);
}
$acl_hash = sha1(implode(':', $user_guids));
$dbprefix = elgg_get_config('dbprefix');
$query = "SELECT * FROM {$dbprefix}access_collections WHERE name = '{$acl_hash}'";
$collection = get_data_row($query);
//error_log(print_r($collection, true));
$acl_id = $collection->id;
if (!$acl_id) {
$site = elgg_get_site_entity();
$acl_id = create_access_collection($acl_hash, $site->guid);
update_access_collection($acl_id, $user_guids);
}
//error_log($acl_id);
$message_sent = new ElggObject();
$message_sent->subtype = "messages";
$message_sent->owner_guid = $sender_guid;
$message_sent->container_guid = $sender_guid;
$message_sent->access_id = ACCESS_PRIVATE;
$message_sent->title = $subject;
$message_sent->description = $message;
$message_sent->toId = $recipient_guids;
// the users receiving the message
$message_sent->fromId = $sender_guid;
// the user sending the message
$message_sent->readYet = 1;
// this is a toggle between 0 / 1 (1 = read)
$message_sent->hiddenFrom = 0;
// this is used when a user deletes a message in their sentbox, it is a flag
$message_sent->hiddenTo = 0;
// this is used when a user deletes a message in their inbox
$message_sent->msg = 1;
$message_sent->msgType = $message_type;
$message_sent->msgHash = $message_hash;
$message_sent->save();
if ($attachments) {
$count = count($attachments['name']);
for ($i = 0; $i < $count; $i++) {
if ($attachments['error'][$i] || !$attachments['name'][$i]) {
continue;
}
$name = $attachments['name'][$i];
$file = new ElggFile();
$file->container_guid = $message_sent->guid;
$file->title = $name;
$file->access_id = (int) $acl_id;
$prefix = "file/";
$filestorename = elgg_strtolower(time() . $name);
$file->setFilename($prefix . $filestorename);
$file->open("write");
$file->close();
move_uploaded_file($attachments['tmp_name'][$i], $file->getFilenameOnFilestore());
$saved = $file->save();
if ($saved) {
$mime_type = ElggFile::detectMimeType($attachments['tmp_name'][$i], $attachments['type'][$i]);
$info = pathinfo($name);
$office_formats = array('docx', 'xlsx', 'pptx');
if ($mime_type == "application/zip" && in_array($info['extension'], $office_formats)) {
switch ($info['extension']) {
case 'docx':
$mime_type = "application/vnd.openxmlformats-officedocument.wordprocessingml.document";
break;
case 'xlsx':
$mime_type = "application/vnd.openxmlformats-officedocument.spreadsheetml.sheet";
break;
case 'pptx':
$mime_type = "application/vnd.openxmlformats-officedocument.presentationml.presentation";
break;
}
}
// check for bad ppt detection
if ($mime_type == "application/vnd.ms-office" && $info['extension'] == "ppt") {
$mime_type = "application/vnd.ms-powerpoint";
}
$file->msgHash = $message_hash;
$file->toId = $recipient_guids;
$file->fromId = $sender_guid;
$file->setMimeType($mime_type);
$file->originalfilename = $name;
if (elgg_is_active_plugin('file')) {
$file->simpletype = file_get_simple_type($mime_type);
}
$file->save();
$guid = $file->getGUID();
$uploaded_attachments[] = $guid;
$attachment_urls .= '<div class="inbox-attachment">' . elgg_view('output/url', array('href' => "messages/download/{$guid}", 'text' => $file->title, 'is_trusted' => true)) . '</div>';
if ($file->simpletype == "image") {
$file->icontime = time();
$thumbnail = get_resized_image_from_existing_file($file->getFilenameOnFilestore(), 60, 60, true);
if ($thumbnail) {
$thumb = new ElggFile();
$thumb->setMimeType($attachments['type'][$i]);
$thumb->setFilename($prefix . "thumb" . $filestorename);
$thumb->open("write");
$thumb->write($thumbnail);
$thumb->close();
$file->thumbnail = $prefix . "thumb" . $filestorename;
unset($thumbnail);
}
$thumbsmall = get_resized_image_from_existing_file($file->getFilenameOnFilestore(), 153, 153, true);
if ($thumbsmall) {
$thumb->setFilename($prefix . "smallthumb" . $filestorename);
$thumb->open("write");
$thumb->write($thumbsmall);
$thumb->close();
$file->smallthumb = $prefix . "smallthumb" . $filestorename;
unset($thumbsmall);
}
$thumblarge = get_resized_image_from_existing_file($file->getFilenameOnFilestore(), 600, 600, false);
if ($thumblarge) {
$thumb->setFilename($prefix . "largethumb" . $filestorename);
$thumb->open("write");
$thumb->write($thumblarge);
$thumb->close();
$file->largethumb = $prefix . "largethumb" . $filestorename;
unset($thumblarge);
}
}
}
}
}
$success = $error = 0;
foreach ($recipient_guids as $recipient_guid) {
$message_to = new ElggObject();
$message_to->subtype = "messages";
$message_to->owner_guid = $recipient_guid;
$message_to->container_guid = $recipient_guid;
$message_to->access_id = ACCESS_PRIVATE;
$message_to->title = $subject;
$message_to->description = $message;
$message_to->toId = $recipient_guids;
// the users receiving the message
$message_to->fromId = $sender_guid;
// the user sending the message
$message_to->readYet = 0;
// this is a toggle between 0 / 1 (1 = read)
$message_to->hiddenFrom = 0;
// this is used when a user deletes a message in their sentbox, it is a flag
$message_to->hiddenTo = 0;
// this is used when a user deletes a message in their inbox
$message_to->msg = 1;
$message_to->msgType = $message_type;
$message_to->msgHash = $message_hash;
if ($message_to->save()) {
$success++;
// Make attachments
if ($uploaded_attachments) {
foreach ($uploaded_attachments as $attachment_guid) {
make_attachment($message_to->guid, $attachment_guid);
}
}
// Send out notifications skipping 'site' notification handler
if ($recipient_guid != $sender_guid) {
$methods = (array) get_user_notification_settings($recipient_guid);
unset($methods['site']);
if (count($methods)) {
$recipient = get_user($recipient_guid);
$sender = get_user($sender_guid);
$notification_subject = elgg_echo('messages:email:subject');
$notification_message = strip_tags($message);
if ($uploaded_attachments) {
$notification_message .= elgg_view_module('inbox-attachments', elgg_echo('messages:attachments'), $attachment_urls);
}
$notification_body = elgg_echo('messages:email:body', array($sender->name, $notification_message, elgg_get_site_url() . "messages/inbox/{$recipient->username}?message_type={$message_type}", $sender->name, elgg_get_site_url() . "messages/thread/{$message_hash}"));
notify_user($recipient_guid, $sender_guid, $notification_subject, $notification_body, null, $methods);
}
}
} else {
$error++;
}
}
if ($success > 0) {
// Make attachments
if ($uploaded_attachments) {
foreach ($uploaded_attachments as $attachment_guid) {
make_attachment($message_sent->guid, $attachment_guid);
}
}
$return = true;
} else {
$message_sent->delete();
$return = false;
}
elgg_set_ignore_access($ia);
return $return;
}
public function testAddMemberToACLRemoveMember()
{
// create a new user to check against
$user = new \ElggUser();
$user->username = '******';
$user->save();
$acl_id = create_access_collection('test acl');
$result = add_user_to_access_collection($user->guid, $acl_id);
$this->assertTrue($result);
if ($result) {
$this->assertTrue($user->delete());
// since there are no more members this should return false
$acl_members = get_members_of_access_collection($acl_id, true);
$this->assertFalse($acl_members);
}
delete_access_collection($acl_id);
}
$wall_post->origin = 'wall';
// Wall post access id is set to private, which means it should be visible only to the poster and tagged users
// Creating a new ACL for that
if ($access_id == ACCESS_PRIVATE && count($friend_guids)) {
$user_guids = array($poster->guid, $container->guid);
$user_guids = array_merge($user_guids, $friend_guids);
$user_guids = array_unique($user_guids);
sort($user_guids);
$acl_hash = sha1(implode(':', $user_guids));
$dbprefix = elgg_get_config('dbprefix');
$query = "SELECT * FROM {$dbprefix}access_collections WHERE name = '{$acl_hash}'";
$collection = get_data_row($query);
$acl_id = $collection->id;
if (!$acl_id) {
$site = elgg_get_site_entity();
$acl_id = create_access_collection($acl_hash, $site->guid);
update_access_collection($acl_id, $user_guids);
}
$wall_post->access_id = $acl_id;
$wall_post->save();
}
$extractor = Extractor::extract($status);
if (count($extractor->hashtags)) {
$wall_post->tags = $extractor->hashtags;
}
if (count($extractor->usernames)) {
foreach ($extractor->usernames as $username) {
$user = get_user_by_username($username);
if (elgg_instanceof($user) && !in_array($user->guid, $friend_guids)) {
$friend_guids[] = $user->guid;
}
delete_access_collection($col->id);
}
$friends = elgg_get_entities_from_metadata(array('types' => 'user', 'limit' => $friends_count, 'order_by' => 'RAND()', 'wheres' => array("e.guid != {$user->guid}"), 'metadata_names' => '__faker'));
$rand_friends = false;
$collection_id = create_access_collection('Best Fake Friends Collection', $user->guid);
if ($collection_id) {
$rand_friends = array_rand($friends, rand(2, $friends_count));
$collections++;
}
foreach ($friends as $friends_key => $friend) {
if ($user->addFriend($friend->guid)) {
$rels++;
elgg_create_river_item(array('view' => 'river/relationship/friend/create', 'action_type' => 'friend', 'subject_guid' => $user->guid, 'object_guid' => $friend->guid));
if ($rand_friends && array_key_exists($friends_key, $rand_friends)) {
add_user_to_access_collection($friend->guid, $collection_id);
}
}
}
$random_acl_members = elgg_get_entities_from_metadata(array('types' => 'user', 'limit' => 10, 'order_by' => 'RAND()', 'wheres' => array("e.guid != {$user->guid}"), 'metadata_names' => '__faker'));
if ($random_acl_members) {
$collection_id = create_access_collection('Fake Arbitrary Collection', $user->guid);
if ($collection_id) {
$collections++;
foreach ($random_acl_members as $random_acl_member) {
add_user_to_access_collection($random_acl_member->guid, $collection_id);
}
}
}
}
system_message(elgg_echo('faker:gen_friends:success', array($rels, $collections)));
forward(REFERER);
/**
* Groups created so create an access list for it
*/
function groups_create_event_listener($event, $object_type, $object)
{
$ac_name = elgg_echo('groups:group') . ": " . $object->name;
$ac_admin_name = elgg_echo('groups:group') . ":admin: " . $object->name;
$group_id = create_access_collection($ac_name, $object->guid);
$group_admin_id = create_access_collection($ac_admin_name, $object->guid);
if ($group_id) {
$object->group_acl = $group_id;
$object->group_admin_acl = $group_admin_id;
add_user_to_access_collection($object->owner_guid, $group_admin_id);
} else {
// delete group if access creation fails
return false;
}
return true;
}
/**
* Elgg collection add page
*
* @package Elgg
* @subpackage Core
* @author Curverider Ltd
* @link http://elgg.org/
*/
//must be logged in
gatekeeper();
$collection_name = get_input('collection_name');
$friends = get_input('friends_collection');
//first check to make sure that a collection name has been set and create the new colection
if ($collection_name) {
//create the collection
$create_collection = create_access_collection($collection_name, $_SESSION['user']->getGUID());
//if the collection was created and the user passed some friends from the form, add them
if ($create_collection && !empty($friends)) {
//add friends to the collection
foreach ($friends as $friend) {
add_user_to_access_collection($friend, $create_collection);
}
}
// Success message
system_message(elgg_echo("friends:collectionadded"));
// Forward to the collections page
forward("pg/collections/" . $_SESSION['user']->username);
} else {
register_error(elgg_echo("friends:nocollectionname"));
// Forward to the add collection page
forward("pg/collections/add");
/**
* Groups created, so add users to access lists.
*/
function groups_create_event_listener($event, $object_type, $object)
{
//if (($event == 'create') && ($object_type == 'group') && ($object instanceof ElggGroup))
//{
$group_id = create_access_collection(elgg_echo('groups:group') . ": " . $object->name);
if ($group_id) {
$object->group_acl = $group_id;
} else {
return false;
}
//}
return true;
}
<?php
/**
* Elgg collection add page
*
* @package Elgg.Core
* @subpackage Friends.Collections
*/
$collection_name = get_input('collection_name');
$friends = get_input('friends_collection');
//first check to make sure that a collection name has been set and create the new colection
if ($collection_name) {
//create the collection
$create_collection = create_access_collection($collection_name, elgg_get_logged_in_user_guid());
//if the collection was created and the user passed some friends from the form, add them
if ($create_collection && !empty($friends)) {
//add friends to the collection
foreach ($friends as $friend) {
add_user_to_access_collection($friend, $create_collection);
}
}
// Success message
system_message(elgg_echo("friends:collectionadded"));
// Forward to the collections page
forward("collections/" . elgg_get_logged_in_user_entity()->username);
} else {
register_error(elgg_echo("friends:nocollectionname"));
// Forward to the add collection page
forward("collections/add");
}