/**
  * @param array $data Parameters:
  *                    - view (int)
  *                    - oldusers (array of user IDs)
  */
 public function __construct($data, $cron = false)
 {
     parent::__construct($data, $cron);
     if (!($viewinfo = new View($this->view))) {
         if (!empty($this->cron)) {
             // probably deleted already
             return;
         }
         throw new ViewNotFoundException(get_string('viewnotfound', 'error', $this->view));
     }
     $this->url = $viewinfo->get_url(false);
     $this->users = array_diff_key(activity_get_viewaccess_users($this->view), $this->oldusers);
     if ($viewinfo->get_collection()) {
         $this->incollection = true;
         $this->title = $viewinfo->get_collection()->get('name');
         $this->add_urltext(array('key' => 'Collection', 'section' => 'collection'));
     } else {
         $this->title = $viewinfo->get('title');
         $this->add_urltext(array('key' => 'View', 'section' => 'view'));
     }
     $this->ownername = $viewinfo->formatted_owner();
 }
Esempio n. 2
0
 /**
 * Set the view access rules
 * @param  $accessdata     array  For each view access row
                                  Can contain id, type, startdate, stopdate, allowcomments, approvecomments
 * @param  $viewids        array  Contains ids of the views getting the access rules
 * @param  $allowcomments  bool   Holding the view wide allowcomments option
                                  Needed when changing this and saving page at same time
                                  as the views are not saved at this point.
 *
 * @return  $accessdata_added  array  The added access rows
 */
 public function set_access($accessdata, $viewids = null, $allowcomments = true)
 {
     global $USER;
     require_once 'activity.php';
     require_once 'group.php';
     require_once 'institution.php';
     $beforeusers = activity_get_viewaccess_users($this->get('id'));
     $select = 'view = ? AND visible = 1 AND token IS NULL';
     db_begin();
     delete_records_select('view_access', $select, array($this->id));
     // View access
     $accessdata_added = array();
     if ($accessdata) {
         /*
          * There should be a cleaner way to do this
          * $accessdata_added ensures that the same access is not granted twice because the profile page
          * gets very grumpy if there are duplicate access rules
          *
          * Additional rules:
          * - Don't insert records with stopdate in the past
          * - Remove startdates that are in the past
          * - If view allows comments, access record comment permissions, don't apply, so reset them.
          * @todo: merge overlapping date ranges.
          */
         $time = time();
         foreach ($accessdata as $item) {
             if (!empty($item['stopdate']) && $item['stopdate'] < $time) {
                 continue;
             }
             if (!empty($item['startdate']) && $item['startdate'] < $time) {
                 unset($item['startdate']);
             }
             if ($allowcomments) {
                 unset($item['allowcomments']);
                 unset($item['approvecomments']);
             }
             $accessrecord = (object) array('accesstype' => null, 'group' => null, 'role' => null, 'institution' => null, 'usr' => null, 'token' => null, 'startdate' => null, 'stopdate' => null, 'allowcomments' => 0, 'approvecomments' => 1, 'ctime' => db_format_timestamp(time()));
             switch ($item['type']) {
                 case 'user':
                     $accessrecord->usr = $item['id'];
                     break;
                 case 'group':
                     $accessrecord->group = $item['id'];
                     if (isset($item['role']) && strlen($item['role'])) {
                         // Don't insert a record for a role the group doesn't have
                         $roleinfo = group_get_role_info($item['id']);
                         if (!isset($roleinfo[$item['role']])) {
                             break;
                         }
                         $accessrecord->role = $item['role'];
                     }
                     break;
                 case 'institution':
                     $accessrecord->institution = $item['id'];
                     break;
                 case 'friends':
                     if (!$this->owner) {
                         continue;
                         // Don't add friend access to group, institution or system views
                     }
                 case 'public':
                 case 'loggedin':
                     $accessrecord->accesstype = $item['type'];
             }
             if (isset($item['allowcomments'])) {
                 $accessrecord->allowcomments = (int) (!empty($item['allowcomments']));
                 if ($accessrecord->allowcomments) {
                     $accessrecord->approvecomments = (int) (!empty($item['approvecomments']));
                 }
             }
             if (isset($item['startdate'])) {
                 $accessrecord->startdate = db_format_timestamp($item['startdate']);
             }
             if (isset($item['stopdate'])) {
                 $accessrecord->stopdate = db_format_timestamp($item['stopdate']);
             }
             if (array_search($accessrecord, $accessdata_added) === false) {
                 $accessrecord->view = $this->get('id');
                 insert_record('view_access', $accessrecord);
                 unset($accessrecord->view);
                 $accessdata_added[] = $accessrecord;
             }
         }
     }
     $data = new StdClass();
     $data->view = $this->get('id');
     $data->oldusers = $beforeusers;
     if (!empty($viewids) && sizeof($viewids) > 1) {
         $views = array();
         foreach ($viewids as $viewid) {
             $view = new View($viewid);
             $views[] = array('id' => $view->get('id'), 'title' => $view->get('title'));
         }
         $data->views = $views;
     }
     activity_occurred('viewaccess', $data);
     handle_event('saveview', $this->get('id'));
     db_commit();
     return $accessdata_added;
 }
 /**
  * @param array $data Parameters:
  *                    - owner (int)
  *                    - view (int)
  *                    - oldusers (array of user IDs)
  */
 public function __construct($data, $cron = false)
 {
     parent::__construct($data, $cron);
     if (!($viewinfo = get_record_sql('
         SELECT v.title, v.owner, v.group, v.institution,
             u.id, u.username, u.preferredname, u.firstname, u.lastname, u.staff, u.admin,
             g.name AS groupname, i.displayname AS institutionname
         FROM {view} v
             LEFT JOIN {usr} u ON v.owner = u.id
             LEFT JOIN {group} g ON v.group = g.id
             LEFT JOIN {institution} i ON v.institution = i.name
         WHERE v.id = ?', array($this->view)))) {
         if (!empty($this->cron)) {
             // probably deleted already
             return;
         }
         throw new ViewNotFoundException(get_string('viewnotfound', 'error', $this->view));
     }
     $this->url = get_config('wwwroot') . 'view/view.php?id=' . $this->view;
     $this->users = array_diff_key(activity_get_viewaccess_users($this->view, $this->owner, $this->get_id()), $this->oldusers);
     $this->title = $viewinfo->title;
     if ($this->users) {
         if ($viewinfo->group) {
             $this->ownername = $viewinfo->groupname;
         } else {
             if ($viewinfo->institution) {
                 $this->ownername = $viewinfo->institutionname;
             } else {
                 if ($viewinfo->owner) {
                     $this->ownername = display_name($viewinfo, null, true);
                 }
             }
         }
     }
     $this->add_urltext(array('key' => 'View', 'section' => 'view'));
 }
Esempio n. 4
0
 public function set_access($accessdata)
 {
     global $USER;
     require_once 'activity.php';
     // For users who are being removed from having access to this view, they
     // need to have the view and any attached artefacts removed from their
     // watchlist.
     $oldusers = array();
     foreach ($this->get_access() as $item) {
         if ($item['type'] == 'user') {
             $oldusers[] = $item;
         }
     }
     $newusers = array();
     if ($accessdata) {
         foreach ($accessdata as $item) {
             if ($item['type'] == 'user') {
                 $newusers[] = $item;
             }
         }
     }
     $userstodelete = array();
     foreach ($oldusers as $olduser) {
         foreach ($newusers as $newuser) {
             if ($olduser['id'] == $newuser['id']) {
                 continue 2;
             }
         }
         $userstodelete[] = $olduser;
     }
     if ($userstodelete) {
         $userids = array();
         foreach ($userstodelete as $user) {
             $userids[] = intval($user['id']);
         }
         $userids = implode(',', $userids);
         execute_sql('DELETE FROM {usr_watchlist_view}
             WHERE view = ' . $this->get('id') . '
             AND usr IN (' . $userids . ')');
     }
     $beforeusers = activity_get_viewaccess_users($this->get('id'), $USER->get('id'), 'viewaccess');
     // Procedure:
     // get list of current friends - this is available in global $data
     // compare with list of new friends
     // work out which friends are being removed
     // foreach friend
     //     // remove record from usr_watchlist_view where usr = ? and view = ?
     //     // remove records from usr_watchlist_artefact where usr = ? and view = ?
     // endforeach
     //
     db_begin();
     delete_records('view_access', 'view', $this->get('id'));
     delete_records('view_access_usr', 'view', $this->get('id'));
     delete_records('view_access_group', 'view', $this->get('id'));
     delete_records('view_access_token', 'view', $this->get('id'), 'visible', 1);
     $time = db_format_timestamp(time());
     // View access
     if ($accessdata) {
         foreach ($accessdata as $item) {
             $accessrecord = new StdClass();
             $accessrecord->view = $this->get('id');
             if (isset($item['startdate'])) {
                 $accessrecord->startdate = db_format_timestamp($item['startdate']);
             }
             if (isset($item['stopdate'])) {
                 $accessrecord->stopdate = db_format_timestamp($item['stopdate']);
             }
             switch ($item['type']) {
                 case 'public':
                 case 'loggedin':
                 case 'friends':
                     $accessrecord->accesstype = $item['type'];
                     insert_record('view_access', $accessrecord);
                     break;
                 case 'user':
                     $accessrecord->usr = $item['id'];
                     insert_record('view_access_usr', $accessrecord);
                     break;
                 case 'group':
                     $accessrecord->group = $item['id'];
                     if ($item['role']) {
                         // Don't insert a record for a role the group doesn't have
                         $roleinfo = group_get_role_info($item['id']);
                         if (!isset($roleinfo[$item['role']])) {
                             break;
                         }
                         $accessrecord->role = $item['role'];
                     }
                     insert_record('view_access_group', $accessrecord);
                     break;
                 case 'token':
                     $accessrecord->token = $item['id'];
                     insert_record('view_access_token', $accessrecord);
                     break;
             }
         }
     }
     $data = new StdClass();
     $data->view = $this->get('id');
     $data->owner = $USER->get('id');
     $data->oldusers = $beforeusers;
     activity_occurred('viewaccess', $data);
     handle_event('saveview', $this->get('id'));
     db_commit();
 }
Esempio n. 5
0
 public function __construct($data, $cron = false)
 {
     parent::__construct($data, $cron);
     if (!($this->viewinfo = get_record_sql('SELECT u.*, v.title FROM {usr} u
                                      JOIN {view} v ON v.owner = u.id
                                      WHERE v.id = ?', array($this->view)))) {
         if (!empty($this->cron)) {
             // probably deleted already
             return;
         }
         throw new ViewNotFoundException(get_string('viewnotfound', 'error', $this->view));
     }
     $this->url = get_config('wwwroot') . 'view/view.php?id=' . $this->view;
     $this->users = array_diff_key(activity_get_viewaccess_users($this->view, $this->owner, $this->get_id()), $this->oldusers);
 }