/** * Checks whether a user is allowed to leave a group. * * This checks things like if they're the owner and the group membership type * * @param mixed $group DB record or ID of group to check * @param int $userid (optional, will default to logged in user) */ function group_user_can_leave($group, $userid = null) { global $USER; static $result; $userid = optional_userid($userid); if (is_numeric($group)) { if (!($group = get_record('group', 'id', $group, 'deleted', 0))) { return false; } } // Return cached value if we have it if (isset($result[$group->id][$userid])) { return $result[$group->id][$userid]; } if ($group->jointype == 'controlled' && group_user_access($group->id, $USER->get('id')) != 'admin') { return $result[$group->id][$userid] = false; } if (group_is_only_admin($group->id, $userid)) { return $result[$group->id][$userid] = false; } return $result[$group->id][$userid] = true; }
/** * get the views that a user can see belonging * to the given users * * @param array $users users to fetch views owned by * @param int $userlooking (optional, defaults to logged in user) * @param int $limit grab this many views. (setting this null means get all) * * @return array Associative array keyed by userid, of arrays of view ids */ function get_views($users, $userlooking = null, $limit = 5, $type = null) { $userlooking = optional_userid($userlooking); if (is_int($users)) { $users = array($users); } $list = array(); if (count($users) == 0) { return $list; } $users = array_flip($users); $dbnow = db_format_timestamp(time()); if ($friends = get_records_sql_array('SELECT CASE WHEN usr1=? THEN usr2 ELSE usr1 END AS id FROM {usr_friend} f WHERE ( usr1=? AND usr2 IN (' . join(',', array_map('db_quote', array_keys($users))) . ') ) OR ( usr2=? AND usr1 IN (' . join(',', array_map('db_quote', array_keys($users))) . ') ) ', array($userlooking, $userlooking, $userlooking))) { foreach ($friends as $user_id) { $users[$user_id->id] = 'friend'; } } if (is_null($type)) { $typesql = "AND v.type != 'profile'"; } else { $typesql = 'AND v.type = ' . db_quote($type); } $data = array(); $done = false; // public, logged in, or friends' views if ($results = get_records_sql_assoc('SELECT v.*, ' . db_format_tsfield('atime') . ', ' . db_format_tsfield('mtime') . ', ' . db_format_tsfield('v.ctime', 'ctime') . ' FROM {view} v INNER JOIN {view_access} a ON v.id=a.view AND ( accesstype IN (\'public\',\'loggedin\') ' . (count(preg_grep('/^friend$/', $users)) > 0 ? 'OR ( accesstype = \'friends\' AND v.owner IN (' . join(',', array_map('db_quote', array_keys(preg_grep('/^friend$/', $users)))) . ') )' : '') . ' ) WHERE v.owner IN (' . join(',', array_map('db_quote', array_keys($users))) . ') AND ( v.startdate IS NULL OR v.startdate < ? ) AND ( v.stopdate IS NULL OR v.stopdate > ? ) ' . $typesql, array($dbnow, $dbnow))) { foreach ($results as $row) { $list[$row->owner][$row->id] = $row->id; } $data = $results; // bail if we've filled all users to the limit $done = _get_views_trim_list($list, $users, $limit, $data); } // check individual user access if (!$done && ($results = get_records_sql_assoc('SELECT v.*, ' . db_format_tsfield('atime') . ', ' . db_format_tsfield('mtime') . ', ' . db_format_tsfield('v.ctime', 'ctime') . ' FROM {view} v INNER JOIN {view_access} a ON v.id=a.view AND a.usr=? WHERE v.owner IN (' . join(',', array_map('db_quote', array_keys($users))) . ') AND ( v.startdate IS NULL OR v.startdate < ? ) AND ( v.stopdate IS NULL OR v.stopdate > ? ) ' . $typesql, array($userlooking, $dbnow, $dbnow)))) { foreach ($results as &$row) { $list[$row->owner][$row->id] = $row->id; } $data = array_merge($data, $results); // bail if we've filled all users to the limit $done = $done && _get_views_trim_list($list, $users, $limit, $data); } // check group access if (!$done && ($results = get_records_sql_assoc('SELECT v.*, ' . db_format_tsfield('v.atime', 'atime') . ', ' . db_format_tsfield('v.mtime', 'mtime') . ', ' . db_format_tsfield('v.ctime', 'ctime') . ' FROM {view} v INNER JOIN {view_access} a ON v.id=a.view INNER JOIN {group_member} m ON m.group=a.group AND m.member=? INNER JOIN {group} g ON (g.id = a.group AND g.deleted = ?) WHERE v.owner IN (' . join(',', array_map('db_quote', array_keys($users))) . ') AND ( v.startdate IS NULL OR v.startdate < ? ) AND ( v.stopdate IS NULL OR v.stopdate > ? ) ' . $typesql, array($userlooking, 0, $dbnow, $dbnow)))) { foreach ($results as &$row) { $list[$row->owner][$row->id] = $row->id; } $data = array_merge($data, $results); // bail if we've filled all users to the limit $done = $done && _get_views_trim_list($list, $users, $limit, $data); } require_once 'view.php'; View::get_extra_view_info($data, false, false); $list = array(); foreach ($data as $d) { $list[$d['owner']][$d['id']] = (object) $d; } return $list; }
/** * get the views that a user can see belonging * to the given users * * @param array $users users to fetch views owned by * @param int $userlooking (optional, defaults to logged in user) * @param int $limit grab this many views. (setting this null means get all) * @param string $type the type of views to return * * @return array Associative array keyed by userid, of arrays of view ids */ function get_views($users, $userlooking = null, $limit = 5, $type = 'portfolio') { $userlooking = optional_userid($userlooking); if (is_int($users)) { $users = array($users); } $list = array(); if (count($users) == 0) { return $list; } $users = array_flip($users); $dbnow = db_format_timestamp(time()); if ($friends = get_records_sql_array('SELECT CASE WHEN usr1=? THEN usr2 ELSE usr1 END AS id FROM {usr_friend} f WHERE ( usr1=? AND usr2 IN (' . join(',', array_map('db_quote', array_keys($users))) . ') ) OR ( usr2=? AND usr1 IN (' . join(',', array_map('db_quote', array_keys($users))) . ') ) ', array($userlooking, $userlooking, $userlooking))) { foreach ($friends as $user_id) { $users[$user_id->id] = 'friend'; } } $typesql = ''; if ($type != null) { $typesql = 'AND v.type = ' . db_quote($type); } // public, logged in, or friends' views if ($results = get_records_sql_array('SELECT v.*, ' . db_format_tsfield('atime') . ', ' . db_format_tsfield('mtime') . ', ' . db_format_tsfield('ctime') . ' FROM {view} v INNER JOIN {view_access} a ON v.id=a.view AND ( accesstype IN (\'public\',\'loggedin\') ' . (count(preg_grep('/^friend$/', $users)) > 0 ? 'OR ( accesstype = \'friends\' AND v.owner IN (' . join(',', array_map('db_quote', array_keys(preg_grep('/^friend$/', $users)))) . ') )' : '') . ' ) WHERE v.owner IN (' . join(',', array_map('db_quote', array_keys($users))) . ') AND ( v.startdate IS NULL OR v.startdate < ? ) AND ( v.stopdate IS NULL OR v.stopdate > ? ) ' . $typesql, array($dbnow, $dbnow))) { foreach ($results as &$row) { $list[$row->owner][$row->id] = $row; } } // bail if we've filled all users to the limit if (_get_views_trim_list($list, $users, $limit)) { return $list; } // check individual user access if ($results = get_records_sql_array('SELECT v.*, ' . db_format_tsfield('atime') . ', ' . db_format_tsfield('mtime') . ', ' . db_format_tsfield('ctime') . ' FROM {view} v INNER JOIN {view_access_usr} a ON v.id=a.view AND a.usr=? WHERE v.owner IN (' . join(',', array_map('db_quote', array_keys($users))) . ') AND ( v.startdate IS NULL OR v.startdate < ? ) AND ( v.stopdate IS NULL OR v.stopdate > ? ) ' . $typesql, array($userlooking, $dbnow, $dbnow))) { foreach ($results as &$row) { $list[$row->owner][$row->id] = $row; } } // bail if we've filled all users to the limit if (_get_views_trim_list($list, $users, $limit)) { return $list; } // check group access if ($results = get_records_sql_array('SELECT v.*, ' . db_format_tsfield('v.atime', 'atime') . ', ' . db_format_tsfield('v.mtime', 'mtime') . ', ' . db_format_tsfield('v.ctime', 'ctime') . ' FROM {view} v INNER JOIN {view_access_group} a ON v.id=a.view INNER JOIN {group_member} m ON m.group=a.group AND m.member=? INNER JOIN {group} g ON (g.id = a.group AND g.deleted = ?) WHERE v.owner IN (' . join(',', array_map('db_quote', array_keys($users))) . ') AND ( v.startdate IS NULL OR v.startdate < ? ) AND ( v.stopdate IS NULL OR v.stopdate > ? ) ' . $typesql, array($userlooking, 0, $dbnow, $dbnow))) { foreach ($results as &$row) { $list[$row->owner][$row->id] = $row; } } // bail if we've filled all users to the limit if (_get_views_trim_list($list, $users, $limit)) { return $list; } return $list; }