/**
* Join a user to a group, add river event, clean-up invitations
*
* @param ElggGroup $group
* @param ElggUser $user
* @return bool
*/
function groups_join_group($group, $user)
{
// access ignore so user can be added to access collection of invisible group
$ia = elgg_set_ignore_access(TRUE);
$result = $group->join($user);
elgg_set_ignore_access($ia);
if ($result) {
// flush user's access info so the collection is added
get_access_list($user->guid, 0, true);
// Remove any invite or join request flags
remove_entity_relationship($group->guid, 'invited', $user->guid);
remove_entity_relationship($user->guid, 'membership_request', $group->guid);
elgg_create_river_item(array('view' => 'river/relationship/member/create', 'action_type' => 'join', 'subject_guid' => $user->guid, 'object_guid' => $group->guid));
return true;
}
return false;
}
/**
* Extend container permissions checking to extend can_write_to_container for write users.
*
* @param string $hook
* @param string $entity_type
* @param bool $returnvalue
* @param array $params
*
* @return bool
*/
function pages_container_permission_check($hook, $entity_type, $returnvalue, $params)
{
if (elgg_get_context() != "pages") {
return null;
}
if (elgg_get_page_owner_guid() && can_write_to_container(elgg_get_logged_in_user_guid(), elgg_get_page_owner_guid())) {
return true;
}
if ($page_guid = get_input('page_guid', 0)) {
$entity = get_entity($page_guid);
} elseif ($parent_guid = get_input('parent_guid', 0)) {
$entity = get_entity($parent_guid);
}
if (isset($entity) && pages_is_page($entity)) {
if (can_write_to_container(elgg_get_logged_in_user_guid(), $entity->container_guid) || in_array($entity->write_access_id, get_access_list())) {
return true;
}
}
}
/**
* Join a user to a group, add river event, clean-up invitations
*
* @param ElggGroup $group
* @param ElggUser $user
* @return bool
*/
function groups_join_group($group, $user)
{
global $NOTIFICATION_HANDLERS;
// access ignore so user can be added to access collection of invisible group
$ia = elgg_set_ignore_access(TRUE);
$result = $group->join($user);
elgg_set_ignore_access($ia);
if ($result) {
// flush user's access info so the collection is added
get_access_list($user->guid, 0, true);
// Remove any invite or join request flags
remove_entity_relationship($group->guid, 'invited', $user->guid);
remove_entity_relationship($user->guid, 'membership_request', $group->guid);
//check if notifications are turned off for the group
if ($group->notifications == "false") {
//turn users notifications off
foreach ($NOTIFICATION_HANDLERS as $method => $dummy) {
error_log("group" . $method);
remove_entity_relationship($user->getGUID(), "notify" . $method, $group->getGUID());
}
}
add_to_river('river/relationship/member/create', 'join', $user->guid, $group->guid);
return true;
}
return false;
}
/**
* Extend container permissions checking to extend can_write_to_container for write users.
*
* @param unknown_type $hook
* @param unknown_type $entity_type
* @param unknown_type $returnvalue
* @param unknown_type $params
*/
function tasks_container_permission_check($hook, $entity_type, $returnvalue, $params)
{
if (elgg_get_context() == "tasks") {
if (elgg_get_page_owner_guid()) {
if (can_write_to_container(elgg_get_logged_in_user_guid(), elgg_get_page_owner_guid())) {
return true;
}
}
if ($task_guid = get_input('task_guid', 0)) {
$entity = get_entity($task_guid);
} else {
if ($parent_guid = get_input('parent_guid', 0)) {
$entity = get_entity($parent_guid);
}
}
if ($entity instanceof ElggObject) {
if (can_write_to_container(elgg_get_logged_in_user_guid(), $entity->container_guid) || in_array($entity->write_access_id, get_access_list())) {
return true;
}
}
}
}
/**
* Returns the SQL where clause for a table with a access_id and enabled columns.
*
* This handles returning where clauses for ACCESS_FRIENDS and the currently
* unused block and filter lists in addition to using get_access_list() for
* access collections and the standard access levels.
*
* @param string $table_prefix Optional table. prefix for the access code.
* @param int $owner The guid to check access for. Defaults to logged in user.
*
* @return string The SQL for a where clause
* @access private
*/
function get_access_sql_suffix($table_prefix = '', $owner = null)
{
global $ENTITY_SHOW_HIDDEN_OVERRIDE, $CONFIG;
$sql = "";
$friends_bit = "";
$enemies_bit = "";
if ($table_prefix) {
$table_prefix = sanitise_string($table_prefix) . ".";
}
if (!isset($owner)) {
$owner = elgg_get_logged_in_user_guid();
}
if (!$owner) {
$owner = -1;
}
$ignore_access = elgg_check_access_overrides($owner);
$access = get_access_list($owner);
if ($ignore_access) {
$sql = " (1 = 1) ";
} else {
if ($owner != -1) {
// we have an entity's guid and auto check for friend relationships
$friends_bit = "{$table_prefix}access_id = " . ACCESS_FRIENDS . "\n\t\t\tAND {$table_prefix}owner_guid IN (\n\t\t\t\tSELECT guid_one FROM {$CONFIG->dbprefix}entity_relationships\n\t\t\t\tWHERE relationship='friend' AND guid_two={$owner}\n\t\t\t)";
$friends_bit = '(' . $friends_bit . ') OR ';
// @todo untested and unsupported at present
if (isset($CONFIG->user_block_and_filter_enabled) && $CONFIG->user_block_and_filter_enabled) {
// check to see if the user is in the entity owner's block list
// or if the entity owner is in the user's filter list
// if so, disallow access
$enemies_bit = get_access_restriction_sql('elgg_block_list', "{$table_prefix}owner_guid", $owner, false);
$enemies_bit = '(' . $enemies_bit . ' AND ' . get_access_restriction_sql('elgg_filter_list', $owner, "{$table_prefix}owner_guid", false) . ')';
}
}
}
if (empty($sql)) {
$sql = " {$friends_bit} ({$table_prefix}access_id IN {$access}\n\t\t\tOR ({$table_prefix}owner_guid = {$owner})\n\t\t\tOR (\n\t\t\t\t{$table_prefix}access_id = " . ACCESS_PRIVATE . "\n\t\t\t\tAND {$table_prefix}owner_guid = {$owner}\n\t\t\t)\n\t\t)";
}
if ($enemies_bit) {
$sql = "{$enemies_bit} AND ({$sql})";
}
if (!$ENTITY_SHOW_HIDDEN_OVERRIDE) {
$sql .= " and {$table_prefix}enabled='yes'";
}
return '(' . $sql . ')';
}
/**
* Returns the SQL where clause for enforcing read access to data.
*
* Note that if this code is executed in privileged mode it will return (1=1).
*
* Otherwise it returns a where clause to retrieve the data that a user has
* permission to read.
*
* Plugin authors can hook into the 'get_sql', 'access' plugin hook to modify,
* remove, or add to the where clauses. The plugin hook will pass an array with the current
* ors and ands to the function in the form:
* array(
* 'ors' => array(),
* 'ands' => array()
* )
*
* The results will be combined into an SQL where clause in the form:
* ((or1 OR or2 OR orN) AND (and1 AND and2 AND andN))
*
* @param array $options Array in format:
*
* table_alias => STR Optional table alias. This is based on the select and join clauses.
* Default is 'e'.
*
* user_guid => INT Optional GUID for the user that we are retrieving data for.
* Defaults to the logged in user.
*
* use_enabled_clause => BOOL Optional. Should we append the enabled clause? The default
* is set by access_show_hidden_entities().
*
* access_column => STR Optional access column name. Default is 'access_id'.
*
* owner_guid_column => STR Optional owner_guid column. Default is 'owner_guid'.
*
* guid_column => STR Optional guid_column. Default is 'guid'.
*
* @return string
* @access private
*/
function getWhereSql(array $options = array())
{
global $ENTITY_SHOW_HIDDEN_OVERRIDE;
$defaults = array('table_alias' => 'e', 'user_guid' => _elgg_services()->session->getLoggedInUserGuid(), 'use_enabled_clause' => !$ENTITY_SHOW_HIDDEN_OVERRIDE, 'access_column' => 'access_id', 'owner_guid_column' => 'owner_guid', 'guid_column' => 'guid');
$options = array_merge($defaults, $options);
// just in case someone passes a . at the end
$options['table_alias'] = rtrim($options['table_alias'], '.');
foreach (array('table_alias', 'access_column', 'owner_guid_column', 'guid_column') as $key) {
$options[$key] = sanitize_string($options[$key]);
}
$options['user_guid'] = sanitize_int($options['user_guid'], false);
// only add dot if we have an alias or table name
$table_alias = $options['table_alias'] ? $options['table_alias'] . '.' : '';
$options['ignore_access'] = elgg_check_access_overrides($options['user_guid']);
$clauses = array('ors' => array(), 'ands' => array());
$prefix = _elgg_services()->db->getTablePrefix();
if ($options['ignore_access']) {
$clauses['ors'][] = '1 = 1';
} else {
if ($options['user_guid']) {
// include content of user's friends
$clauses['ors'][] = "{$table_alias}{$options['access_column']} = " . ACCESS_FRIENDS . "\n\t\t\t\tAND {$table_alias}{$options['owner_guid_column']} IN (\n\t\t\t\t\tSELECT guid_one FROM {$prefix}entity_relationships\n\t\t\t\t\tWHERE relationship = 'friend' AND guid_two = {$options['user_guid']}\n\t\t\t\t)";
// include user's content
$clauses['ors'][] = "{$table_alias}{$options['owner_guid_column']} = {$options['user_guid']}";
}
}
// include standard accesses (public, logged in, access collections)
if (!$options['ignore_access']) {
$access_list = get_access_list($options['user_guid']);
$clauses['ors'][] = "{$table_alias}{$options['access_column']} IN {$access_list}";
}
if ($options['use_enabled_clause']) {
$clauses['ands'][] = "{$table_alias}enabled = 'yes'";
}
$clauses = _elgg_services()->hooks->trigger('get_sql', 'access', $options, $clauses);
$clauses_str = '';
if (is_array($clauses['ors']) && $clauses['ors']) {
$clauses_str = '(' . implode(' OR ', $clauses['ors']) . ')';
}
if (is_array($clauses['ands']) && $clauses['ands']) {
if ($clauses_str) {
$clauses_str .= ' AND ';
}
$clauses_str .= '(' . implode(' AND ', $clauses['ands']) . ')';
}
return "({$clauses_str})";
}
/**
* Add access restriction sql code to a given query.
*
* Note that if this code is executed in privileged mode it will return blank.
*
* TODO: DELETE once Query classes are fully integrated
*
* @param string $table_prefix Optional xxx. prefix for the access code.
*/
function get_access_sql_suffix($table_prefix = "", $owner = null)
{
global $ENTITY_SHOW_HIDDEN_OVERRIDE, $CONFIG;
$sql = "";
$friends_bit = "";
$enemies_bit = "";
if ($table_prefix) {
$table_prefix = sanitise_string($table_prefix) . ".";
}
$access = get_access_list();
if (!isset($owner)) {
$owner = get_loggedin_userid();
}
if (!$owner) {
$owner = -1;
}
global $is_admin;
if (isset($is_admin) && $is_admin == true) {
$sql = " (1 = 1) ";
} else {
if ($owner != -1) {
$friends_bit = $table_prefix . 'access_id = ' . ACCESS_FRIENDS . ' AND ';
$friends_bit .= "{$table_prefix}owner_guid IN (SELECT guid_one FROM {$CONFIG->dbprefix}entity_relationships WHERE relationship='friend' AND guid_two={$owner})";
$friends_bit = '(' . $friends_bit . ') OR ';
if (isset($CONFIG->user_block_and_filter_enabled) && $CONFIG->user_block_and_filter_enabled) {
// check to see if the user is in the entity owner's block list
// or if the entity owner is in the user's filter list
// if so, disallow access
$enemies_bit = get_annotation_sql('elgg_block_list', "{$table_prefix}owner_guid", $owner, false);
$enemies_bit = '(' . $enemies_bit . ' AND ' . get_annotation_sql('elgg_filter_list', $owner, "{$table_prefix}owner_guid", false) . ')';
}
}
}
if (empty($sql)) {
$sql = " {$friends_bit} ({$table_prefix}access_id in {$access} or ({$table_prefix}owner_guid = {$owner}) or ({$table_prefix}access_id = " . ACCESS_PRIVATE . " and {$table_prefix}owner_guid = {$owner}))";
}
if ($enemies_bit) {
$sql = "{$enemies_bit} AND ({$sql})";
}
if (!$ENTITY_SHOW_HIDDEN_OVERRIDE) {
$sql .= " and {$table_prefix}enabled='yes'";
}
return '(' . $sql . ')';
}
/**
* Extend container permissions checking to extend can_write_to_container for write users.
*
* @param string $hook
* @param string $entity_type
* @param bool $returnvalue
* @param array $params
*
* @return bool
*/
function pages_container_permission_check($hook, $entity_type, $returnvalue, $params)
{
$container = elgg_extract('container', $params);
$user = elgg_extract('user', $params);
$subtype = elgg_extract('subtype', $params);
// check type/subtype
if ($entity_type !== 'object' || !in_array($subtype, ['page', 'page_top'])) {
return null;
}
// OK if you can write to the container
if ($container && $container->canWriteToContainer($user->guid)) {
return true;
}
// look up a page object given via input
if ($page_guid = get_input('page_guid', 0)) {
$page = get_entity($page_guid);
} elseif ($parent_guid = get_input('parent_guid', 0)) {
$page = get_entity($parent_guid);
}
if (!pages_is_page($page)) {
return null;
}
// try the page's container
$page_container = $page->getContainerEntity();
if ($page_container && $page_container->canWriteToContainer($user->guid)) {
return true;
}
// I don't understand this but it's old - mrclay
if (in_array($page->write_access_id, get_access_list())) {
return true;
}
}
/**
* Returns the SQL where clause for a table with a access_id and enabled columns.
*
* This handles returning where clauses for ACCESS_FRIENDS and the currently
* unused block and filter lists in addition to using get_access_list() for
* access collections and the standard access levels.
*
* @param string $table_prefix Optional table. prefix for the access code.
* @param int $owner The guid to check access for. Defaults to logged in user.
*
* @return string The SQL for a where clause
* @access private
*/
function get_access_sql_suffix($table_prefix = '', $owner = null)
{
global $ENTITY_SHOW_HIDDEN_OVERRIDE, $CONFIG;
static $friends_cache;
$sql = "";
$friends_bit = "";
$enemies_bit = "";
if ($table_prefix) {
$table_prefix = sanitise_string($table_prefix) . ".";
}
if (!isset($owner)) {
$owner = elgg_get_logged_in_user_guid();
}
if (!$owner) {
$owner = -1;
}
$ignore_access = elgg_check_access_overrides($owner);
$access = get_access_list($owner);
if ($ignore_access) {
$sql = " (1 = 1) ";
} else {
if ($owner != -1) {
// we have an entity's guid and auto check for friend relationships
// $friends_bit = "{$table_prefix}access_id = " . ACCESS_FRIENDS . "
// AND {$table_prefix}owner_guid IN (
// SELECT guid_one FROM {$CONFIG->dbprefix}entity_relationships
// WHERE relationship='friend' AND guid_two=$owner
// )";
// $friends_bit = '(' . $friends_bit . ') OR ';
if (!isset($friends_cache)) {
$friends_cache = array();
}
if (!isset($friends_cache[$owner])) {
$friends_cache[$owner] = array();
$friends_query = "SELECT guid_one";
$friends_query .= " FROM {$CONFIG->dbprefix}entity_relationships";
$friends_query .= " WHERE relationship='friend'";
$friends_query .= " AND guid_two={$owner}";
if ($friends_result = get_data($friends_query, "elgg_row_to_array")) {
foreach ($friends_result as $friend_row) {
$friends_cache[$owner][] = $friend_row["guid_one"];
}
}
}
if (!empty($friends_cache[$owner])) {
$friends_bit = "{$table_prefix}access_id = " . ACCESS_FRIENDS . " AND {$table_prefix}owner_guid IN (" . implode(",", $friends_cache[$owner]) . ")";
$friends_bit = '(' . $friends_bit . ') OR ';
}
// @todo untested and unsupported at present
if (isset($CONFIG->user_block_and_filter_enabled) && $CONFIG->user_block_and_filter_enabled) {
// check to see if the user is in the entity owner's block list
// or if the entity owner is in the user's filter list
// if so, disallow access
$enemies_bit = get_access_restriction_sql('elgg_block_list', "{$table_prefix}owner_guid", $owner, false);
$enemies_bit = '(' . $enemies_bit . ' AND ' . get_access_restriction_sql('elgg_filter_list', $owner, "{$table_prefix}owner_guid", false) . ')';
}
}
}
if (empty($sql)) {
$sql = " {$friends_bit} ({$table_prefix}access_id IN {$access}\n\t\t\tOR ({$table_prefix}owner_guid = {$owner})\n\t\t\tOR (\n\t\t\t\t{$table_prefix}access_id = " . ACCESS_PRIVATE . "\n\t\t\t\tAND {$table_prefix}owner_guid = {$owner}\n\t\t\t)\n\t\t)";
// Subsite manager - extend access
$params = array("table_prefix" => $table_prefix, "owner" => $owner, "sql" => $sql, "ignore_access" => $ignore_access, "access" => $access);
$sql = elgg_trigger_plugin_hook("access:get_sql_suffix", "user", $params, $sql);
}
if ($enemies_bit) {
$sql = "{$enemies_bit} AND ({$sql})";
}
if (!$ENTITY_SHOW_HIDDEN_OVERRIDE) {
$sql .= " and {$table_prefix}enabled='yes'";
}
return '(' . $sql . ')';
}
/**
* Extend container permissions checking to extend can_write_to_container for write users.
*
* @param unknown_type $hook
* @param unknown_type $entity_type
* @param unknown_type $returnvalue
* @param unknown_type $params
*/
function pages_container_permission_check($hook, $entity_type, $returnvalue, $params)
{
if (get_context() == "pages") {
if (page_owner()) {
if (can_write_to_container($_SESSION['user']->guid, page_owner())) {
return true;
}
}
if ($page_guid = get_input('page_guid', 0)) {
$entity = get_entity($page_guid);
} else {
if ($parent_guid = get_input('parent_guid', 0)) {
$entity = get_entity($parent_guid);
}
}
if ($entity instanceof ElggObject) {
if (can_write_to_container($_SESSION['user']->guid, $entity->container_guid) || in_array($entity->write_access_id, get_access_list())) {
return true;
}
}
}
}
