function get_edit_access($resource,$status=-999,$metadata=false) { # For the provided resource and metadata, does the edit access does the current user have to this resource? # Checks the edit permissions (e0, e-1 etc.) and also the group edit filter which filters edit access based on resource metadata. global $userref,$usereditfilter; if ($status==-999) { # Status not provided. Calculate status $status=sql_value("select archive value from resource where ref='$resource'",0); } if ($resource==0-$userref) {return true;} # Can always edit their own user template. if (!checkperm("e" . $status)) {return false;} # Must have edit permission to this resource first and foremost, before checking the filter. $gotmatch=false; if (trim($usereditfilter)=="" || $status<0) # No filter set, or resource is still in a User Contributed state in which case the edit filter should not be applied. { $gotmatch = true; } else { # An edit filter has been set. Perform edit filter processing to establish if the user can edit this resource. # Always load metadata, because the provided metadata may be missing fields due to permissions. $metadata=get_resource_field_data($resource,false,false); for ($n=0;$n<count($metadata);$n++) { $name=$metadata[$n]["name"]; $value=$metadata[$n]["value"]; if ($name!="") { $match=filter_match($usereditfilter,$name,$value); if ($match==1) {return false;} # The match for this field was incorrect, always fail in this event. if ($match==2) {$gotmatch=true;} # The match for this field was correct. } } # Also check resource type, if specified. if (strpos($usereditfilter,"resource_type")!==false) { $resourcedata=get_resource_data($resource,true); $resource_type=$resourcedata['resource_type']; $match=filter_match($usereditfilter,"resource_type",$resource_type); if ($match==1) {return false;} # Resource type was specified but the value did not match. Disallow edit access. if ($match==2) {$gotmatch=true;} } } if ($gotmatch) { $gotmatch = !hook("denyafterusereditfilter"); } # Default after all filter operations, allow edit. return $gotmatch; }
function get_edit_access($resource, $status = -999, $metadata = false, &$resourcedata = "") { # For the provided resource and metadata, does the edit access does the current user have to this resource? # Checks the edit permissions (e0, e-1 etc.) and also the group edit filter which filters edit access based on resource metadata. global $userref, $usereditfilter, $edit_access_for_contributor; if (hook("customediteaccess")) { return true; } if (!is_array($resourcedata)) { $resourcedata = get_resource_data($resource); } if ($status == -999) { $status = $resourcedata["archive"]; } if ($resource == 0 - $userref) { return true; } # Can always edit their own user template. # If $edit_access_for_contributor is true in config then users can always edit their own resources. if ($edit_access_for_contributor && $userref == $resourcedata["created_by"]) { return true; } if (!checkperm("e" . $status)) { return false; } # Must have edit permission to this resource first and foremost, before checking the filter. if (checkperm("z" . $status) || $status < 0 && !(checkperm("t") || $resourcedata['created_by'] == $userref)) { return false; } # Cannot edit if z permission, or if other user uploads pending approval and not admin $gotmatch = false; if (trim($usereditfilter) == "" || $status < 0) { $gotmatch = true; } else { # An edit filter has been set. Perform edit filter processing to establish if the user can edit this resource. # Always load metadata, because the provided metadata may be missing fields due to permissions. $metadata = get_resource_field_data($resource, false, false); for ($n = 0; $n < count($metadata); $n++) { $name = $metadata[$n]["name"]; $value = $metadata[$n]["value"]; if ($name != "") { $match = filter_match($usereditfilter, $name, $value); if ($match == 1) { return false; } # The match for this field was incorrect, always fail in this event. if ($match == 2) { $gotmatch = true; } # The match for this field was correct. } } # Also check resource type, if specified. if (strpos($usereditfilter, "resource_type") !== false) { $resource_type = $resourcedata['resource_type']; $match = filter_match($usereditfilter, "resource_type", $resource_type); if ($match == 1) { return false; } # Resource type was specified but the value did not match. Disallow edit access. if ($match == 2) { $gotmatch = true; } } } if ($gotmatch) { $gotmatch = !hook("denyafterusereditfilter"); } # Default after all filter operations, allow edit. return $gotmatch; }