/** * https://github.com/Elgg/Elgg/pull/6393 * Hook handlers for 'access:collections:write','all' hook should respect * group's content access mode and container write permissions */ public function testWriteAccessArray() { $membersonly = ElggGroup::CONTENT_ACCESS_MODE_MEMBERS_ONLY; $unrestricted = ElggGroup::CONTENT_ACCESS_MODE_UNRESTRICTED; $original_page_owner = elgg_get_page_owner_entity(); elgg_set_page_owner_guid($this->group->guid); $ia = elgg_set_ignore_access(false); // User is not a member of the group // Member-only group $this->group->setContentAccessMode($membersonly); $write_access = get_write_access_array($this->user->guid, true); $this->assertFalse(array_key_exists($this->group->group_acl, $write_access)); // Unrestricted group $this->group->setContentAccessMode($unrestricted); $write_access = get_write_access_array($this->user->guid, true); $this->assertFalse(array_key_exists($this->group->group_acl, $write_access)); // User is a member (can write to container) $this->group->join($this->user); // Member-only group $this->group->setContentAccessMode($membersonly); $write_access = get_write_access_array($this->user->guid, true); $this->assertTrue(array_key_exists($this->group->group_acl, $write_access)); // Unrestricted group $this->group->setContentAccessMode($unrestricted); $write_access = get_write_access_array($this->user->guid, true); $this->assertTrue(array_key_exists($this->group->group_acl, $write_access)); elgg_set_ignore_access($ia); $this->group->leave($this->user); $original_page_owner_guid = elgg_instanceof($original_page_owner) ? $original_page_owner->guid : 0; elgg_set_page_owner_guid($original_page_owner_guid); }
public function testGroupItemVisibility() { $original_user = _elgg_services()->session->getLoggedInUser(); _elgg_services()->session->setLoggedInUser($this->user); $group_guid = $this->group->guid; // unrestricted: pass non-members $this->group->setContentAccessMode(ElggGroup::CONTENT_ACCESS_MODE_UNRESTRICTED); $vis = Elgg_GroupItemVisibility::factory($group_guid, false); $this->assertFalse($vis->shouldHideItems); // membersonly: non-members fail $this->group->setContentAccessMode(ElggGroup::CONTENT_ACCESS_MODE_MEMBERS_ONLY); $vis = Elgg_GroupItemVisibility::factory($group_guid, false); $this->assertTrue($vis->shouldHideItems); // members succeed $this->group->join($this->user); $vis = Elgg_GroupItemVisibility::factory($group_guid, false); $this->assertFalse($vis->shouldHideItems); // non-member admins succeed - assumes admin logged in _elgg_services()->session->setLoggedInUser($original_user); $vis = Elgg_GroupItemVisibility::factory($group_guid, false); $this->assertFalse($vis->shouldHideItems); }
register_error(elgg_echo("groups:notitle")); forward(REFERER); } // Set group tool options $tool_options = elgg_get_config('group_tool_options'); if ($tool_options) { foreach ($tool_options as $group_option) { $option_toggle_name = $group_option->name . "_enable"; $option_default = $group_option->default_on ? 'yes' : 'no'; $group->{$option_toggle_name} = get_input($option_toggle_name, $option_default); } } // Group membership - should these be treated with same constants as access permissions? $is_public_membership = get_input('membership') == ACCESS_PUBLIC; $group->membership = $is_public_membership ? ACCESS_PUBLIC : ACCESS_PRIVATE; $group->setContentAccessMode(get_input('content_access_mode')); if ($is_new_group) { $group->access_id = ACCESS_PUBLIC; } $old_owner_guid = $is_new_group ? 0 : $group->owner_guid; $new_owner_guid = (int) get_input('owner_guid'); $owner_has_changed = false; $old_icontime = null; if (!$is_new_group && $new_owner_guid && $new_owner_guid != $old_owner_guid) { // verify new owner is member and old owner/admin is logged in if ($group->isMember(get_user($new_owner_guid)) && ($old_owner_guid == $user->guid || $user->isAdmin())) { $group->owner_guid = $new_owner_guid; $group->container_guid = $new_owner_guid; $metadata = elgg_get_metadata(array('guid' => $group_guid, 'limit' => false)); if ($metadata) { foreach ($metadata as $md) {
register_error(elgg_echo("groups:notitle")); forward(REFERER); } // Set group tool options $tool_options = elgg_get_config('group_tool_options'); if ($tool_options) { foreach ($tool_options as $group_option) { $option_toggle_name = $group_option->name . "_enable"; $option_default = $group_option->default_on ? 'yes' : 'no'; $group->{$option_toggle_name} = get_input($option_toggle_name, $option_default); } } // Group membership - should these be treated with same constants as access permissions? $is_public_membership = get_input('membership') == ACCESS_PUBLIC; $group->membership = $is_public_membership ? ACCESS_PUBLIC : ACCESS_PRIVATE; $group->setContentAccessMode(get_input('content_access_mode')); if ($is_new_group) { $group->access_id = ACCESS_PUBLIC; } // default access $default_access = (int) get_input('group_default_access'); $group->setPrivateSetting("elgg_default_access", $default_access); if ($is_new_group) { // if new group, we need to save so group acl gets set in event handler $group->save(); } // Invisible group support // @todo this requires save to be called to create the acl for the group. This // is an odd requirement and should be removed. Either the acl creation happens // in the action or the visibility moves to a plugin hook if (elgg_get_plugin_setting('hidden_groups', 'groups') == 'yes') {