コード例 #1
0
ファイル: access.php プロジェクト: jricher/Elgg
/**
 * Add access restriction sql code to a given query.
 * 
 * Note that if this code is executed in privileged mode it will return blank.
 * 
 * TODO: DELETE once Query classes are fully integrated
 * 
 * @param string $table_prefix Optional xxx. prefix for the access code.
 */
function get_access_sql_suffix($table_prefix = "", $owner = null)
{
    global $ENTITY_SHOW_HIDDEN_OVERRIDE, $CONFIG;
    $sql = "";
    $friends_bit = "";
    $enemies_bit = "";
    if ($table_prefix) {
        $table_prefix = sanitise_string($table_prefix) . ".";
    }
    $access = get_access_list();
    if (!isset($owner)) {
        $owner = get_loggedin_userid();
    }
    if (!$owner) {
        $owner = -1;
    }
    global $is_admin;
    if (isset($is_admin) && $is_admin == true) {
        $sql = " (1 = 1) ";
    } else {
        if ($owner != -1) {
            $friends_bit = $table_prefix . 'access_id = ' . ACCESS_FRIENDS . ' AND ';
            $friends_bit .= "{$table_prefix}owner_guid IN (SELECT guid_one FROM {$CONFIG->dbprefix}entity_relationships WHERE relationship='friend' AND guid_two={$owner})";
            $friends_bit = '(' . $friends_bit . ') OR ';
            if (isset($CONFIG->user_block_and_filter_enabled) && $CONFIG->user_block_and_filter_enabled) {
                // check to see if the user is in the entity owner's block list
                // or if the entity owner is in the user's filter list
                // if so, disallow access
                $enemies_bit = get_annotation_sql('elgg_block_list', "{$table_prefix}owner_guid", $owner, false);
                $enemies_bit = '(' . $enemies_bit . ' AND ' . get_annotation_sql('elgg_filter_list', $owner, "{$table_prefix}owner_guid", false) . ')';
            }
        }
    }
    if (empty($sql)) {
        $sql = " {$friends_bit} ({$table_prefix}access_id in {$access} or ({$table_prefix}owner_guid = {$owner}) or ({$table_prefix}access_id = " . ACCESS_PRIVATE . " and {$table_prefix}owner_guid = {$owner}))";
    }
    if ($enemies_bit) {
        $sql = "{$enemies_bit} AND ({$sql})";
    }
    if (!$ENTITY_SHOW_HIDDEN_OVERRIDE) {
        $sql .= " and {$table_prefix}enabled='yes'";
    }
    return '(' . $sql . ')';
}
コード例 #2
0
ファイル: river2.php プロジェクト: adamboardman/Elgg
/**
 * This function has been added here until we decide if it is going to roll into core or not
 * Add access restriction sql code to a given query.
 * Note that if this code is executed in privileged mode it will return blank.
 * @TODO: DELETE once Query classes are fully integrated
 *
 * @param string $table_prefix Optional table. prefix for the access code.
 * @param int $owner
 */
function get_access_sql_suffix_new($table_prefix_one = '', $table_prefix_two = '', $owner = null)
{
    global $ENTITY_SHOW_HIDDEN_OVERRIDE, $CONFIG;
    $sql = "";
    $friends_bit = "";
    $enemies_bit = "";
    if ($table_prefix_one) {
        $table_prefix_one = sanitise_string($table_prefix_one) . ".";
    }
    if ($table_prefix_two) {
        $table_prefix_two = sanitise_string($table_prefix_two) . ".";
    }
    if (!isset($owner)) {
        $owner = get_loggedin_userid();
    }
    if (!$owner) {
        $owner = -1;
    }
    $ignore_access = elgg_check_access_overrides($owner);
    $access = get_access_list($owner);
    if ($ignore_access) {
        $sql = " (1 = 1) ";
    } else {
        if ($owner != -1) {
            $friends_bit = "{$table_prefix_one}access_id = " . ACCESS_FRIENDS . "\n\t\t\tAND {$table_prefix_one}owner_guid IN (\n\t\t\t\tSELECT guid_one FROM {$CONFIG->dbprefix}entity_relationships\n\t\t\t\tWHERE relationship='friend' AND guid_two={$owner}\n\t\t\t)";
            $friends_bit = '(' . $friends_bit . ') OR ';
            if (isset($CONFIG->user_block_and_filter_enabled) && $CONFIG->user_block_and_filter_enabled) {
                // check to see if the user is in the entity owner's block list
                // or if the entity owner is in the user's filter list
                // if so, disallow access
                $enemies_bit = get_annotation_sql('elgg_block_list', "{$table_prefix_one}owner_guid", $owner, false);
                $enemies_bit = '(' . $enemies_bit . '	AND ' . get_annotation_sql('elgg_filter_list', $owner, "{$table_prefix_one}owner_guid", false) . ')';
            }
        }
    }
    if (empty($sql)) {
        $sql = " {$friends_bit} ({$table_prefix_one}access_id IN {$access}\n\t\t\tOR ({$table_prefix_one}owner_guid = {$owner})\n\t\t\tOR (\n\t\t\t\t{$table_prefix_one}access_id = " . ACCESS_PRIVATE . "\n\t\t\t\tAND {$table_prefix_one}owner_guid = {$owner}\n\t\t\t)\n\t\t)";
    }
    if ($enemies_bit) {
        $sql = "{$enemies_bit} AND ({$sql})";
    }
    if (!$ENTITY_SHOW_HIDDEN_OVERRIDE) {
        $sql .= " and {$table_prefix_two}enabled='yes'";
    }
    return '(' . $sql . ')';
}