/** * Return a string of access_ids for $user_id appropriate for inserting into an SQL IN clause. * * @uses get_access_array * * @link http://docs.elgg.org/Access * @see get_access_array() * * @param int $user_id User ID; defaults to currently logged in user * @param int $site_id Site ID; defaults to current site * @param bool $flush If set to true, will refresh the access list from the * database rather than using this function's cache. * * @return string A list of access collections suitable for using in an SQL call * @access private */ function get_access_list($user_id = 0, $site_id = 0, $flush = false) { global $CONFIG, $init_finished; $cache = _elgg_get_access_cache(); if ($flush) { $cache->clear(); } if ($user_id == 0) { $user_id = elgg_get_logged_in_user_guid(); } if ($site_id == 0 && isset($CONFIG->site_id)) { $site_id = $CONFIG->site_id; } $user_id = (int) $user_id; $site_id = (int) $site_id; $hash = $user_id . $site_id . 'get_access_list'; if ($cache[$hash]) { return $cache[$hash]; } $access_array = get_access_array($user_id, $site_id, $flush); $access = "(" . implode(",", $access_array) . ")"; if ($init_finished) { $cache[$hash] = $access; } return $access; }
/** * Return a string of access_ids for $user_id appropriate for inserting into an SQL IN clause. * * @uses get_access_array * * @link http://docs.elgg.org/Access * @see get_access_array() * * @param int $user_id User ID; defaults to currently logged in user * @param int $site_id Site ID; defaults to current site * @param bool $flush If set to true, will refresh the access list from the * database rather than using this function's cache. * * @return string A list of access collections suitable for using in an SQL call * @access private */ function get_access_list($user_id = 0, $site_id = 0, $flush = false) { global $CONFIG, $init_finished; static $access_list; if (!isset($access_list)) { $access_list = array(); } if ($user_id == 0) { $user_id = elgg_get_logged_in_user_guid(); } if ($site_id == 0 && isset($CONFIG->site_id)) { $site_id = $CONFIG->site_id; } $user_id = (int) $user_id; $site_id = (int) $site_id; if (isset($access_list[$user_id]) && $flush == false) { return $access_list[$user_id]; } $access = "(" . implode(",", get_access_array($user_id, $site_id, $flush)) . ")"; // only cache if done with init and access is enabled (unless admin user) // session is loaded before init is finished, so don't need to check for user session if ($init_finished && (elgg_is_admin_logged_in() || !elgg_get_ignore_access())) { $access_list[$user_id] = $access; return $access_list[$user_id]; } else { return $access; } }
/** * Return a string of access_ids for $user_guid appropriate for inserting into an SQL IN clause. * * @uses get_access_array * * @see get_access_array() * * @param int $user_guid User ID; defaults to currently logged in user * @param int $site_guid Site ID; defaults to current site * @param bool $flush If set to true, will refresh the access list from the * database rather than using this function's cache. * * @return string A list of access collections suitable for using in an SQL call * @access private */ function getAccessList($user_guid = 0, $site_guid = 0, $flush = false) { global $init_finished; $cache = _elgg_services()->accessCache; if ($flush) { $cache->clear(); } if ($user_guid == 0) { $user_guid = _elgg_services()->session->getLoggedInUserGuid(); } if ($site_guid == 0 && $this->site_guid) { $site_guid = $this->site_guid; } $user_guid = (int) $user_guid; $site_guid = (int) $site_guid; $hash = $user_guid . $site_guid . 'get_access_list'; if ($cache[$hash]) { return $cache[$hash]; } $access_array = get_access_array($user_guid, $site_guid, $flush); $access = "(" . implode(",", $access_array) . ")"; if ($init_finished) { $cache[$hash] = $access; } return $access; }
function pleiofile_permissions_check($hook_name, $entity_type, $return_value, $parameters) { $user = $parameters['user']; $entity = $parameters['entity']; if (!$user | !$entity) { return $return_value; } if ($entity->getType() !== "object" | !in_array($entity->getSubtype(), array(PLEIOFILE_FILE_OBJECT, PLEIOFILE_FOLDER_OBJECT))) { return $return_value; } if ($return_value === true) { return true; } $write_permission = $entity->write_access_id; if (!$write_permission) { $write_permission = ACCESS_PRIVATE; } switch ($write_permission) { case ACCESS_PRIVATE: return; break; case ACCESS_FRIENDS: $owner = $params['entity']->getOwnerEntity(); if ($owner && $owner->isFriendsWith($user->guid)) { return true; } break; default: $list = get_access_array($user->guid); if (in_array($write_permission, $list)) { // user in the access collection return true; } break; } $container = $entity->getContainerEntity(); if (!$container instanceof ElggGroup) { return false; } $container = $entity->getContainerEntity(); if ($container->isMember($user) && $container->pleiofile_management_can_edit_enable === "yes") { return true; } else { return false; } }
public function __construct($index, $searchtype = SEARCH_DEFAULT) { $this->searchtype = $searchtype; $this->params['index'] = $index; $this->params['body'] = array(); $site = elgg_get_site_entity(); $this->params['body']['query']['bool']['must'][] = array('term' => array('site_guid' => $site->guid)); $user = elgg_get_logged_in_user_guid(); $ignore_access = elgg_check_access_overrides($user); if ($ignore_access != true && !elgg_is_admin_logged_in()) { $this->access_array = get_access_array(); $this->params['body']['query']['bool']['must'][] = array('terms' => array('access_id' => $this->access_array)); } //@todo: implement $sort and $order $this->params['body']['sort'] = array('time_updated' => 'desc'); $this->params['body']['facets'] = array(); $this->params['body']['facets']['type']['terms'] = array('field' => '_type'); $this->params['body']['facets']['subtype']['terms'] = array('field' => 'subtype'); }
/** * Get the list of access restrictions the given user is allowed to see on this site * * @uses get_access_array * @param int $user_id User ID; defaults to currently logged in user * @param int $site_id Site ID; defaults to current site * @param boolean $flush If set to true, will refresh the access list from the database * @return string A list of access collections suitable for injection in an SQL call */ function get_access_list($user_id = 0, $site_id = 0, $flush = false) { global $CONFIG, $init_finished, $SESSION; static $access_list; if (!isset($access_list) || !$init_finished) { $access_list = array(); } if ($user_id == 0) { $user_id = $SESSION['id']; } if ($site_id == 0 && isset($CONFIG->site_id)) { $site_id = $CONFIG->site_id; } $user_id = (int) $user_id; $site_id = (int) $site_id; if (isset($access_list[$user_id])) { return $access_list[$user_id]; } $access_list[$user_id] = "(" . implode(",", get_access_array($user_id, $site_id, $flush)) . ")"; return $access_list[$user_id]; }
function elgg_solr_get_access_query() { if (elgg_is_admin_logged_in() || elgg_get_ignore_access()) { return false; // no access limit } static $return; if ($return) { return $return; } $access = get_access_array(); // access filter query if ($access) { $access_list = implode(' ', $access); } if (elgg_is_logged_in()) { // get friends // @TODO - is there a better way? Not sure if there's a limit on solr if // someone has a whole lot of friends... $friends = elgg_get_entities_from_relationship(array('type' => 'user', 'relationship' => 'friend', 'relationship_guid' => elgg_get_logged_in_user_guid(), 'inverse_relationship' => true, 'limit' => false, 'callback' => false)); $friend_guids = array(); foreach ($friends as $friend) { $friend_guids[] = $friend->guid; } $friends_list = ''; if ($friend_guids) { $friends_list = elgg_solr_escape_special_chars(implode(' ', $friend_guids)); } } //$query->createFilterQuery('access')->setQuery("owner_guid: {guid} OR access_id:({$access_list}) OR (access_id:" . ACCESS_FRIENDS . " AND owner_guid:({$friends}))"); if (elgg_is_logged_in()) { $return = "owner_guid:" . elgg_get_logged_in_user_guid(); } else { $return = ''; } if ($access_list) { if ($return) { $return .= ' OR '; } $return .= "access_id:(" . elgg_solr_escape_special_chars($access_list) . ")"; } $fr_prefix = ''; $fr_suffix = ''; if ($return && $friends_list) { $return .= ' OR '; $fr_prefix = '('; $fr_suffix = ')'; } if ($friends_list) { $return .= $fr_prefix . 'access_id:' . elgg_solr_escape_special_chars(ACCESS_FRIENDS) . ' AND owner_guid:(' . $friends_list . ')' . $fr_suffix; } return $return; }
/** * Extend permissions checking to extend can-edit for write users. * * @param string $hook * @param string $entity_type * @param bool $returnvalue * @param array $params * * @return bool */ function pages_write_permission_check($hook, $entity_type, $returnvalue, $params) { if (!pages_is_page($params['entity'])) { return null; } $entity = $params['entity']; /* @var ElggObject $entity */ $write_permission = $entity->write_access_id; $user = $params['user']; if ($write_permission && $user) { switch ($write_permission) { case ACCESS_PRIVATE: // Elgg's default decision is what we want return null; break; case ACCESS_FRIENDS: $owner = $entity->getOwnerEntity(); if ($owner instanceof ElggUser && $owner->isFriendsWith($user->guid)) { return true; } break; default: $list = get_access_array($user->guid); if (in_array($write_permission, $list)) { // user in the access collection return true; } break; } } }
/** * Extend permissions checking to extend can-edit for write users. * * @param string $hook * @param string $entity_type * @param bool $returnvalue * @param array $params */ function pages_write_permission_check($hook, $entity_type, $returnvalue, $params) { if ($params['entity']->getSubtype() == 'page' || $params['entity']->getSubtype() == 'page_top') { $write_permission = $params['entity']->write_access_id; $user = $params['user']; if ($write_permission && $user) { switch ($write_permission) { case ACCESS_PRIVATE: // Elgg's default decision is what we want return; break; case ACCESS_FRIENDS: $owner = $params['entity']->getOwnerEntity(); if ($owner && $owner->isFriendsWith($user->guid)) { return true; } break; default: $list = get_access_array($user->guid); if (in_array($write_permission, $list)) { // user in the access collection return true; } break; } } } }
/** * Extend permissions checking to extend can-edit for write users. * * @param unknown_type $hook * @param unknown_type $entity_type * @param unknown_type $returnvalue * @param unknown_type $params */ function pages_write_permission_check($hook, $entity_type, $returnvalue, $params) { if ($params['entity']->getSubtype() == 'page' || $params['entity']->getSubtype() == 'page_top') { $write_permission = $params['entity']->write_access_id; $user = $params['user']; if ($write_permission && $user) { // $list = get_write_access_array($user->guid); $list = get_access_array($user->guid); // get_access_list($user->guid); if ($write_permission != 0 && in_array($write_permission, $list)) { return true; } } } }
public function addEntityAccessFilter($user_guid = 0) { $user_guid = sanitise_int($user_guid, false); if (empty($user_guid)) { $user_guid = elgg_get_logged_in_user_guid(); } if (elgg_check_access_overrides($user_guid)) { return; } $access_filter = []; if (!empty($user_guid)) { // check for owned content $access_filter[]['term']['owner_guid'] = $user_guid; // add friends check $friends = elgg_get_entities_from_relationship(['type' => 'user', 'relationship' => 'friend', 'relationship_guid' => $user_guid, 'inverse_relationship' => true, 'limit' => false, 'callback' => function ($row) { return $row->guid; }]); if (!empty($friends)) { $access_filter[] = ['bool' => ['must' => ['term' => ['owner_guid' => $friends], 'term' => ['access_id' => ACCESS_FRIENDS]]]]; } } // add acl filter $access_array = get_access_array($user_guid); if (!empty($access_array)) { $access_filter[]['terms']['access_id'] = $access_array; } if (empty($access_filter)) { return; } $filter['bool']['must'][]['bool']['should'] = $access_filter; $this->addFilter($filter); }
/** * Add user profile fields, group membership, and user friendships to the Solr index * * @param string $hook "elgg_solr:index" * @param string $type "user" * @param DocumentInterface $return Solr document * @param array $params Hook params * @return DocumentInterface */ function elgg_solr_index_user($hook, $type, $return, $params) { $entity = elgg_extract('entity', $params); if (!$entity instanceof ElggUser) { return; } // Add username to doc $return->username = $entity->username; // Add profile fields to additional fields $profile_fields = elgg_get_config('profile_fields'); if (is_array($profile_fields) && sizeof($profile_fields) > 0) { foreach ($profile_fields as $shortname => $valtype) { if (is_array($entity->{$shortname}) || $valtype == 'tags') { $key = 'profile_' . $shortname . '_ss'; } else { $key = 'profile_' . $shortname . '_s'; } $return->{$key} = $entity->{$shortname}; } } // Index group membership $group_guids = []; $groups_batch = new ElggBatch('elgg_get_entities_from_relationship', ['type' => 'group', 'relationship' => 'member', 'relationship_guid' => $entity->guid, 'limit' => 0, 'callback' => false]); foreach ($groups_batch as $group) { $group_guids[] = $group->guid; } $return->groups_is = $group_guids; $return->groups_count_i = count($group_guids); // Index friendships (people friended by this user) $friends_guids = []; $friends_batch = new ElggBatch('elgg_get_entities_from_relationship', ['type' => 'user', 'relationship' => 'friend', 'relationship_guid' => $entity->guid, 'limit' => 0, 'callback' => false]); foreach ($friends_batch as $friend) { $friends_guids[] = $friend->guid; } $return->friends_is = $friends_guids; $return->friends_count_i = count($friends_guids); // Index friendships (people that friended this user) $friends_of_guids = []; $friends_of_batch = new ElggBatch('elgg_get_entities_from_relationship', ['type' => 'user', 'relationship' => 'friend', 'relationship_guid' => $entity->guid, 'inverse_relationship' => true, 'limit' => 0, 'callback' => false]); foreach ($friends_of_batch as $friend_of) { $friends_of_guids[] = $friend_of->guid; } $return->friends_of_is = $friends_of_guids; $return->friends_of_count_i = count($friends_of_guids); $return->last_login_i = (int) $entity->last_login; $return->last_action_i = (int) $entity->last_action; $return->has_pic_b = (bool) $entity->icontime; $return->access_list_is = get_access_array($entity->guid, 0, true); return $return; }
// delete all annotations on the user $annotations = elgg_get_annotations(array('guids' => array($user->guid))); if (is_array($annotations)) { foreach ($annotations as $annotation) { $annotation->delete(); } } // delete all access collections $collections = get_user_access_collections($user->guid); if (is_array($collections)) { foreach ($collections as $collection) { delete_access_collection($collection->id); } } // remove from access collections $access = get_access_array(); foreach ($access as $id) { if (!in_array($id, array(ACCESS_PUBLIC, ACCESS_LOGGED_IN, ACCESS_FRIENDS, ACCESS_PRIVATE))) { remove_user_from_access_collection($user->guid, $id); } } // reset password to unusable password $user->password = ''; $user->salt = ''; $user->password_hash = ''; $user->email = "anon{$user->guid}@" . get_site_domain(); // set our single piece of metadata that tells us this user has been deleted $user->member_selfdelete = "anonymized"; $user->save(); logout(); session_regenerate_id(true);
/** * Extend permissions checking to extend can-edit for write users. * * @param unknown_type $hook * @param unknown_type $entity_type * @param unknown_type $returnvalue * @param unknown_type $params */ function markdown_wiki_write_permission_check($hook, $entity_type, $returnvalue, $params) { if ($params['entity']->getSubtype() == 'markdown_wiki') { $write_permission = $params['entity']->write_access_id; $user = $params['user']; if ($write_permission && $user) { $list_access = get_access_array($user->guid); if (can_write_to_container($user, $params['entity']->container_guid, 'object', 'markdown_wiki') || in_array($write_permission, $list_access)) { return true; } } } return $returnvalue; }