function get_access_array($user_id, $site_id, $flush) { global $CONFIG, $init_finished; $cache = _elgg_get_access_cache(); if ($flush) { $cache->clear(); } if ($user_id == 0) { $user_id = elgg_get_logged_in_user_guid(); } if ($site_id == 0 && isset($CONFIG->site_guid)) { $site_id = $CONFIG->site_guid; } $user_id = (int) $user_id; $site_id = (int) $site_id; $hash = $user_id . $site_id . 'get_access_array'; if ($cache[$hash]) { $access_array = $cache[$hash]; } else { $access_array = array(ACCESS_PUBLIC); // The following can only return sensible data if the user is logged in. - @Matt - nope! if ($user_id) { $access_array[] = ACCESS_LOGGED_IN; // Get ACL memberships $query = "SELECT am.access_collection_id" . " FROM {$CONFIG->dbprefix}access_collection_membership am" . " LEFT JOIN {$CONFIG->dbprefix}access_collections ag ON ag.id = am.access_collection_id" . " WHERE am.user_guid = {$user_id} AND (ag.site_guid = {$site_id} OR ag.site_guid = 0)"; $collections = get_data($query); if ($collections) { foreach ($collections as $collection) { if (!empty($collection->access_collection_id)) { $access_array[] = (int) $collection->access_collection_id; } } } // Get ACLs owned. $query = "SELECT ag.id FROM {$CONFIG->dbprefix}access_collections ag "; $query .= "WHERE ag.owner_guid = {$user_id} AND (ag.site_guid = {$site_id} OR ag.site_guid = 0)"; $collections = get_data($query); if ($collections) { foreach ($collections as $collection) { if (!empty($collection->id)) { $access_array[] = (int) $collection->id; } } } $ignore_access = elgg_check_access_overrides($user_id); if ($ignore_access == true) { $access_array[] = ACCESS_PRIVATE; } } if ($init_finished) { $cache[$hash] = $access_array; } } $options = array('user_id' => $user_id, 'site_id' => $site_id); return elgg_trigger_plugin_hook('access:collections:read', 'user', $options, $access_array); }
/** * Set if entity access system should be ignored. * * The access system will not return entities in any getter * functions if the user doesn't have access. * * @internal For performance reasons this is done at the database access clause level. * * @tip Use this to access entities in automated scripts * when no user is logged in. * * @note This clears the access cache. * * @warning This will not show disabled entities. * Use {@link access_show_hidden_entities()} to access disabled entities. * * @param bool $ignore If true, disables all access checks. * * @return bool Previous ignore_access setting. * @since 1.7.0 * @see http://docs.elgg.org/Access/IgnoreAccess * @see elgg_get_ignore_access() */ function elgg_set_ignore_access($ignore = true) { $cache = _elgg_get_access_cache(); $cache->clear(); $elgg_access = elgg_get_access_object(); return $elgg_access->setIgnoreAccess($ignore); }
public function testAccessCaching() { // create a new user to check against $user = new ElggUser(); $user->username = '******'; $user->save(); foreach (array('get_access_list', 'get_access_array') as $func) { $cache = _elgg_get_access_cache(); $cache->clear(); // admin users run tests, so disable access elgg_set_ignore_access(true); $access = $func($user->getGUID()); elgg_set_ignore_access(false); $access2 = $func($user->getGUID()); $this->assertNotEqual($access, $access2, "Access test for {$func}"); } $user->delete(); }
/** * Returns an array of access permissions that the user is allowed to save content with. * Permissions returned are of the form (id => 'name'). * * Example return value in English: * array( * 0 => 'Private', * -2 => 'Friends', * 1 => 'Logged in users', * 2 => 'Public', * 34 => 'My favorite friends', * ); * * Plugin hook of 'access:collections:write', 'user' * * @warning this only returns access collections that the user owns plus the * standard access levels. It does not return access collections that the user * belongs to such as the access collection for a group. * * @param int $user_guid The user's GUID. * @param int $site_guid The current site. * @param bool $flush If this is set to true, this will ignore a cached access array * * @return array List of access permissions */ function get_write_access_array($user_guid = 0, $site_guid = 0, $flush = false) { global $CONFIG, $init_finished; $cache = _elgg_get_access_cache(); if ($flush) { $cache->clear(); } if ($user_guid == 0) { $user_guid = elgg_get_logged_in_user_guid(); } if ($site_guid == 0 && isset($CONFIG->site_id)) { $site_guid = $CONFIG->site_id; } $user_guid = (int) $user_guid; $site_guid = (int) $site_guid; $hash = $user_guid . $site_guid . 'get_write_access_array'; if ($cache[$hash]) { $access_array = $cache[$hash]; } else { // @todo is there such a thing as public write access? $access_array = array(ACCESS_PRIVATE => elgg_echo("PRIVATE"), ACCESS_FRIENDS => elgg_echo("access:friends:label"), ACCESS_LOGGED_IN => elgg_echo("LOGGED_IN"), ACCESS_PUBLIC => elgg_echo("PUBLIC")); $query = "SELECT ag.* FROM {$CONFIG->dbprefix}access_collections ag "; $query .= " WHERE (ag.site_guid = {$site_guid} OR ag.site_guid = 0)"; $query .= " AND (ag.owner_guid = {$user_guid})"; $collections = get_data($query); if ($collections) { foreach ($collections as $collection) { $access_array[$collection->id] = $collection->name; } } if ($init_finished) { $cache[$hash] = $access_array; } } $options = array('user_id' => $user_guid, 'site_id' => $site_guid); return elgg_trigger_plugin_hook('access:collections:write', 'user', $options, $access_array); }