/**
* Adds limits to a db select query to only pull items the user
* has permissions to view
*
* Note that BEFORE this is called, the developer should check whether
* the user has ANY rights to edit items in the first place.
* In other words, if Current_User::allow('module', 'edit_permission') == false
* then they shouldn't even use this function. If it is used anyway, a forced negative
* will be added (i.e. where 1 = 0);
* If you wish to add other qualifications, use the $db->addWhere() group 'key_id'
* in your module code.
*
* @modified Eloi George
* @param object db : Database object to modify
* @param string module : Calling module
* @param string edit_permission : Name of the editing permission
* @param string source_table : (optional) Name of the main table being searched
* @param string key_id_column : (optional) Usually "key_id". Only use this if you allow edits where "key_id=0"
* @param string owner_id_column : (optional) Only use this if you allow edits on content created by the user
*/
public static function restrictEdit($db, $module, $edit_permission = null, $source_table = null, $key_id_column = null, $owner_id_column = null)
{
if (Current_User::isDeity()) {
return;
}
// if the user doesn't have rights for the module or subpermissions,
// then we just stymie the whole query
if (!Current_User::allow($module, $edit_permission)) {
$db->setQWhere('1=0');
return;
}
// If the current user has unrestricted rights to edit the item
// linked to this key, no further restrictions are necessary
if (Current_User::isUnrestricted($module)) {
return;
} else {
$db->setDistinct(1);
if (empty($source_table)) {
$source_table = $db->tables[0];
}
if (!empty($key_id_column)) {
$db->addWhere($source_table . '.' . $key_id_column, 0, null, 'or', 'key_1');
}
if (!empty($owner_id_column)) {
$db->addWhere($source_table . '.' . $owner_id_column, Current_User::getId(), null, 'or', 'key_1');
}
$groups = Current_User::getGroups();
if (!empty($groups)) {
$db->addJoin('left', $source_table, 'phpws_key_edit', 'key_id', 'key_id');
$db->addWhere('phpws_key_edit.group_id', $groups, 'in', 'or', 'key_1');
}
return;
}
}
public static function allowView()
{
if (Current_User::allow('blog')) {
return true;
}
// Only logged users may view and user is not logged in
if (PHPWS_Settings::get('blog', 'logged_users_only') && !Current_User::isLogged()) {
return false;
}
$view_groups = PHPWS_Settings::get('blog', 'view_only');
if (!empty($view_groups)) {
$allowed_groups = explode(':', $view_groups);
} else {
$allowed_groups = null;
}
// Allowed groups is set, check the user
if ($allowed_groups) {
// User isn't even logged in. Don't show blog
if (!Current_User::isLogged()) {
return false;
}
// get logged user's groups
$user_groups = Current_User::getGroups();
// check intersection
$intersect = array_intersect($user_groups, $allowed_groups);
//no intersection found, deny
if (empty($intersect)) {
return false;
}
}
return true;
}
