/**
* Sets or unsets the approved field
* @param array $nodeids
* @param boolean $approved - set or unset the approved field
* @throws vB_Exception_Api
* @return array - the nodeids that have the permission to be changed
*/
function setApproved($nodeids, $approved = true)
{
$nodeids = vB::getCleaner()->clean($nodeids, is_array($nodeids) ? vB_Cleaner::TYPE_ARRAY_UINT : vB_Cleaner::TYPE_UINT);
if (empty($nodeids)) {
return false;
}
$currentUserid = vB::getCurrentSession()->get('userid');
if (empty($currentUserid)) {
return false;
}
if (!is_array($nodeids)) {
$nodeids = array($nodeids);
}
$existing = vB_Library::instance('node')->getNodes($nodeids);
if (empty($existing)) {
return false;
}
// need to see if we require authentication
$userContext = vB::getUserContext();
$approveNodeIds = array();
//allow unapproving of VMs by the recipient that has canmanageownprofile
$need_auth = false;
$moderateInfo = vB::getUserContext()->getCanModerate();
$timeNow = vB::getRequest()->getTimeNow();
$result = false;
foreach ($existing as $node) {
//Two possibilities. It might be unapproved, in which case we need moderate permissions. Or it might be unpublished,
// in which case we need canpublish.
//if (($node['publishdate'] < $timeNow) OR ($node['unpublishdate'] > 0))
if (!$this->library->isPublished($node)) {
$this->inlinemodAuthCheck();
if ($userContext->getChannelPermission('forumpermissions2', 'canpublish', $node['nodeid'])) {
$this->setPublishDate($node['nodeid'], $timeNow);
$result = true;
}
}
$currentApproved = intval($node['approved']) > 0;
if ($approved != $currentApproved) {
//do we need to call setApproved? Not if we just have
$approve = 1;
$canModerateOwn = $userContext->getChannelPermission('forumpermissions2', 'canmanageownchannels', $node['nodeid']);
// check if this is the owner of a blog that needs to moderate the comments
if (!empty($moderateInfo['can']) or $canModerateOwn) {
// let's get the channel node
$channelid = vB_Library::instance('node')->getChannelId($node);
if ($channelid == $node['nodeid']) {
$channel = $node;
} else {
$channel = vB_Library::instance('node')->getNodeBare($channelid);
}
// this channel was created by the current user so we don't need the auth check
if (in_array($channelid, $moderateInfo['can']) or $canModerateOwn and $channel['userid'] == $currentUserid) {
$approveNodeIds[] = $node['nodeid'];
continue;
}
}
// don't check permissions if the user is the recipient of the VM
if (!empty($node['setfor']) and $node['setfor'] == $currentUserid and $userContext->hasPermission('visitormessagepermissions', 'canmanageownprofile')) {
$approveNodeIds[] = $node['nodeid'];
} else {
$this->inlinemodAuthCheck();
if ($userContext->getChannelPermission('moderatorpermissions', 'canmanagethreads', $node['nodeid'])) {
$approveNodeIds[] = $node['nodeid'];
}
}
}
}
if (empty($approveNodeIds)) {
return $result;
}
return $this->library->setApproved($approveNodeIds, $approved);
}
