public function testAddRemoveUserToACL()
{
$acl_id = create_access_collection('test acl');
$result = add_user_to_access_collection($this->user->guid, $acl_id);
$this->assertTrue($result);
if ($result) {
$result = remove_user_from_access_collection($this->user->guid, $acl_id);
$this->assertIdentical(true, $result);
}
delete_access_collection($acl_id);
}
/**
* Listens to a group leave event and removes a user from the group's access control
*
*/
function groups_user_leave_event_listener($event, $object_type, $object)
{
$group = $object['group'];
$user = $object['user'];
$acl = $group->group_acl;
remove_user_from_access_collection($user->guid, $acl);
return true;
}
/**
* Removes a user from another user's friends list.
*
* @param int $user_guid The GUID of the friending user
* @param int $friend_guid The GUID of the user on the friends list
* @return true|false Depending on success
*/
function user_remove_friend($user_guid, $friend_guid)
{
global $CONFIG;
$user_guid = (int) $user_guid;
$friend_guid = (int) $friend_guid;
// perform cleanup for access lists.
$collections = get_user_access_collections($user_guid);
foreach ($collections as $collection) {
remove_user_from_access_collection($friend_guid, $collection->id);
}
return remove_entity_relationship($user_guid, "friend", $friend_guid);
}
/**
* Removes a user as a friend
*
* @param int $friend_guid The GUID of the user to remove
*
* @return bool
* @todo change to accept \ElggUser
*/
public function removeFriend($friend_guid)
{
if (!get_user($friend_guid)) {
return false;
}
// @todo this should be done with a plugin hook handler on the delete relationship
// perform cleanup for access lists.
$collections = get_user_access_collections($this->guid);
if ($collections) {
foreach ($collections as $collection) {
remove_user_from_access_collection($friend_guid, $collection->id);
}
}
return remove_entity_relationship($this->guid, "friend", $friend_guid);
}
/**
* Removes a user from another user's friends list.
*
* @param int $user_guid The GUID of the friending user
* @param int $friend_guid The GUID of the user on the friends list
*
* @return bool Depending on success
* @deprecated 1.9 Use \ElggUser::removeFriend()
*/
function user_remove_friend($user_guid, $friend_guid)
{
elgg_deprecated_notice(__FUNCTION__ . ' is deprecated. Use \\ElggUser::removeFriend()', 1.9);
$user_guid = (int) $user_guid;
$friend_guid = (int) $friend_guid;
// perform cleanup for access lists.
$collections = get_user_access_collections($user_guid);
if ($collections) {
foreach ($collections as $collection) {
remove_user_from_access_collection($friend_guid, $collection->id);
}
}
return remove_entity_relationship($user_guid, "friend", $friend_guid);
}
/**
* Updates the membership in an access collection.
*
* @warning Expects a full list of all members that should
* be part of the access collection
*
* @note This will run all hooks associated with adding or removing
* members to access collections.
*
* @param int $collection_id The ID of the collection.
* @param array $members Array of member GUIDs
*
* @return bool
* @link http://docs.elgg.org/Access/Collections
* @see add_user_to_access_collection()
* @see remove_user_from_access_collection()
*/
function update_access_collection($collection_id, $members)
{
global $CONFIG;
$acl = get_access_collection($collection_id);
if (!$acl) {
return false;
}
$members = is_array($members) ? $members : array();
$cur_members = get_members_of_access_collection($collection_id, true);
$cur_members = is_array($cur_members) ? $cur_members : array();
$remove_members = array_diff($cur_members, $members);
$add_members = array_diff($members, $cur_members);
$result = true;
foreach ($add_members as $guid) {
$result = $result && add_user_to_access_collection($guid, $collection_id);
}
foreach ($remove_members as $guid) {
$result = $result && remove_user_from_access_collection($guid, $collection_id);
}
return $result;
}
/**
* Updates the membership in an access collection.
*
* @param int $collection_id The ID of the collection.
* @param array $members Array of member GUIDs
* @return true|false Depending on success
*/
function update_access_collection($collection_id, $members)
{
global $CONFIG;
$collection_id = (int) $collection_id;
$members = is_array($members) ? $members : array();
$collections = get_write_access_array();
if (array_key_exists($collection_id, $collections)) {
$cur_members = get_members_of_access_collection($collection_id, true);
$cur_members = is_array($cur_members) ? $cur_members : array();
$remove_members = array_diff($cur_members, $members);
$add_members = array_diff($members, $cur_members);
$params = array('collection_id' => $collection_id, 'members' => $members, 'add_members' => $add_members, 'remove_members' => $remove_members);
foreach ($add_members as $guid) {
add_user_to_access_collection($guid, $collection_id);
}
foreach ($remove_members as $guid) {
remove_user_from_access_collection($guid, $collection_id);
}
return true;
}
return false;
}
public function removeUser($user_guid = 0, $notify_message = "")
{
$result = false;
if (empty($user_guid)) {
$user_guid = elgg_get_logged_in_user_guid();
}
if (!empty($user_guid)) {
// check if this user is not an admin of this site
if (!$this->isAdmin($user_guid)) {
// get the user for further use
$user = get_user($user_guid);
// remove the user from the subsite ACL
remove_user_from_access_collection($user_guid, $this->getACL());
$result = parent::removeUser($user_guid);
// update member_count
$this->getMembers(array("count" => true, "force_update_member_count" => true));
// remove the user from every group on this site
$options = array("relationship" => "member", "relationship_guid" => $user_guid, "type" => "group", "limit" => false, "site_guid" => $this->getGUID());
// exclude invited groups
global $SUBSITE_MANAGER_INVITED_GROUPS;
if (!empty($SUBSITE_MANAGER_INVITED_GROUPS)) {
$options["wheres"] = array("e.guid NOT IN (" . implode(",", $SUBSITE_MANAGER_INVITED_GROUPS) . ")");
}
if ($groups = elgg_get_entities_from_relationship($options)) {
foreach ($groups as $group) {
$group->leave($user);
}
}
// remove optional membership requests
$this->removeMembershipRequests($user_guid);
// do we need to notify the user about this
if (elgg_is_logged_in() && $user_guid != elgg_get_logged_in_user_guid()) {
$admin = elgg_get_logged_in_user_entity();
$subject = elgg_echo("subsite_manager:subsite:remove_user:subject", array($this->name));
$message = elgg_echo("subsite_manager:subsite:remove_user:message", array($user->name, $admin->name, $this->name, $notify_message));
notify_user($user->getGUID(), $admin->getGUID(), $subject, $message, array(), "email");
}
}
}
return $result;
}
function process_group_leaves()
{
$leaves = elgg_get_config('granular_access_leaves');
if (!is_array($leaves)) {
return true;
}
foreach ($leaves as $params) {
$options = array('type' => 'object', 'subtype' => 'granular_access', 'metadata_name_value_pairs' => array('name' => 'access_list', 'value' => $params['group']), 'limit' => false);
// get granular access objects that pertain to this group
$batch = new ElggBatch('elgg_get_entities_from_metadata', $options);
foreach ($batch as $granular_access) {
if ($granular_access->single_group) {
// this uses the default group acl
continue;
}
// here's where it gets tricky, we want to remove them if there's no other reason to keep them
// that is they aren't explicitly mentioned, and they aren't in another group
$guids = (array) $granular_access->access_list;
if (in_array($params['user'], $guids)) {
// they are explicitly listed, so do nothing, they stay in the acl
continue;
}
// remove the guid of this group from the list, and count other groups where this user is a member
unset($guids[array_search($params['group'], $guids)]);
if ($guids) {
$ia = elgg_set_ignore_access(true);
// in case of hidden groups!
$count = elgg_get_entities_from_relationship(array('guids' => $guids, 'type' => 'group', 'relationship' => 'member', 'relationship_guid' => $params['user'], 'inverse_relationship' => false, 'count' => true));
elgg_set_ignore_access($ia);
if ($count) {
continue;
}
}
remove_user_from_access_collection($params['user'], $granular_access->acl_id);
}
}
elgg_set_config('granular_access_leaves', array());
}
*/
$group_guid = (int) get_input("group_guid");
$user_guid = (int) get_input("user_guid");
$group = get_entity($group_guid);
$user = get_user($user_guid);
if (!empty($group) && !empty($user)) {
if ($group instanceof ElggGroup && $group->canEdit() && $group->isMember($user) && $group->getOwnerGUID() != $user->getGUID()) {
if (!check_entity_relationship($user->getGUID(), "group_admin", $group->getGUID())) {
// user is admin, so remove
if (add_entity_relationship($user->getGUID(), "group_admin", $group->getGUID())) {
add_user_to_access_collection($user->guid, $group->group_admin_acl);
system_message(elgg_echo("group_tools:action:toggle_admin:success:add"));
} else {
register_error(elgg_echo("group_tools:action:toggle_admin:error:add"));
}
} else {
// user is not admin, so add
if (remove_entity_relationship($user->getGUID(), "group_admin", $group->getGUID())) {
remove_user_from_access_collection($user->guid, $group->group_admin_acl);
system_message(elgg_echo("group_tools:action:toggle_admin:success:remove"));
} else {
register_error(elgg_echo("group_tools:action:toggle_admin:error:remove"));
}
}
} else {
register_error(elgg_echo("group_tools:action:toggle_admin:error:group"));
}
} else {
register_error(elgg_echo("group_tools:action:error:input"));
}
forward(REFERER);
foreach ($annotations as $annotation) {
$annotation->delete();
}
}
// delete all access collections
$collections = get_user_access_collections($user->guid);
if (is_array($collections)) {
foreach ($collections as $collection) {
delete_access_collection($collection->id);
}
}
// remove from access collections
$access = get_access_array();
foreach ($access as $id) {
if (!in_array($id, array(ACCESS_PUBLIC, ACCESS_LOGGED_IN, ACCESS_FRIENDS, ACCESS_PRIVATE))) {
remove_user_from_access_collection($user->guid, $id);
}
}
// reset password to unusable password
$user->password = '';
$user->salt = '';
$user->password_hash = '';
$user->email = "anon{$user->guid}@" . get_site_domain();
// set our single piece of metadata that tells us this user has been deleted
$user->member_selfdelete = "anonymized";
$user->save();
logout();
session_regenerate_id(true);
system_message(elgg_echo('member_selfdelete:action:anonymized'));
break;
default:
$page_owner_guid = (int) get_input("guid");
$access_collection_guid = questions_get_workflow_access_collection();
if (!$access_collection_guid) {
register_error(elgg_echo("questions:workflow:noacl"));
forward(REFERER);
}
if (!empty($user_guid) && !empty($page_owner_guid)) {
$user = get_user($user_guid);
$page_owner = get_entity($page_owner_guid);
if (!empty($user) && !empty($page_owner) && (elgg_instanceof($page_owner, "site") || elgg_instanceof($page_owner, "group")) && $page_owner->canEdit()) {
// check if the user is an expert
if (check_entity_relationship($user->getGUID(), QUESTIONS_EXPERT_ROLE, $page_owner->getGUID())) {
// yes, so remove
remove_entity_relationship($user->getGUID(), QUESTIONS_EXPERT_ROLE, $page_owner->getGUID());
// @todo: only when workflow is enabled
remove_user_from_access_collection($user_guid, $access_collection_guid);
system_message(elgg_echo("questions:action:toggle_expert:success:remove", array($user->name, $page_owner->name)));
} else {
// no, so add
add_entity_relationship($user->getGUID(), QUESTIONS_EXPERT_ROLE, $page_owner->getGUID());
// @todo: only when workflow is enabled
add_user_to_access_collection($user_guid, $access_collection_guid);
system_message(elgg_echo("questions:action:toggle_expert:success:make", array($user->name, $page_owner->name)));
}
} else {
register_error(elgg_echo("InvalidParameterException:GUIDNotFound", array($page_owner_guid)));
}
} else {
register_error(elgg_echo("InvalidParameterException:MissingParameter"));
}
forward(REFERER);
/**
* Listens to a trip leave event and removes a user from the trip's access control
*
*/
function mytrips_user_leave_event_listener($event, $object_type, $object)
{
$trip = $object['trip'];
$user = $object['user'];
$acl = $trip->trip_acl;
remove_user_from_access_collection($user->guid, $acl);
return true;
}
