/** * Extend container permissions checking to extend can_write_to_container for write users. * * @param string $hook * @param string $entity_type * @param bool $returnvalue * @param array $params * * @return bool */ function pages_container_permission_check($hook, $entity_type, $returnvalue, $params) { if (elgg_get_context() != "pages") { return null; } if (elgg_get_page_owner_guid() && can_write_to_container(elgg_get_logged_in_user_guid(), elgg_get_page_owner_guid())) { return true; } if ($page_guid = get_input('page_guid', 0)) { $entity = get_entity($page_guid); } elseif ($parent_guid = get_input('parent_guid', 0)) { $entity = get_entity($parent_guid); } if (isset($entity) && pages_is_page($entity)) { if (can_write_to_container(elgg_get_logged_in_user_guid(), $entity->container_guid) || in_array($entity->write_access_id, get_access_list())) { return true; } } }
<?php /** * View a single page * * @package ElggPages */ $guid = elgg_extract('guid', $vars); elgg_entity_gatekeeper($guid, 'object'); $page = get_entity($guid); if (!pages_is_page($page)) { forward('', '404'); } elgg_set_page_owner_guid($page->getContainerGUID()); elgg_group_gatekeeper(); $container = elgg_get_page_owner_entity(); if (!$container) { forward(REFERER); } $title = $page->title; if (elgg_instanceof($container, 'group')) { elgg_push_breadcrumb($container->name, "pages/group/{$container->guid}/all"); } else { elgg_push_breadcrumb($container->name, "pages/owner/{$container->username}"); } pages_prepare_parent_breadcrumbs($page); elgg_push_breadcrumb($title); $content = elgg_view_entity($page, array('full_view' => true)); $content .= elgg_view_comments($page); // can add subpage if can edit this page and write to container (such as a group) if ($page->canEdit() && $container->canWriteToContainer(0, 'object', 'page')) {
<?php /** * Remove a page (revision) annotation * * @package ElggPages */ // Make sure we can get the annotations and entity in question $annotation_id = (int) get_input('annotation_id'); $annotation = elgg_get_annotation_from_id($annotation_id); if ($annotation) { $entity = get_entity($annotation->entity_guid); if (pages_is_page($entity) && $entity->canEdit() && $annotation->canEdit()) { $annotation->delete(); system_message(elgg_echo("pages:revision:delete:success")); forward("pages/history/{$annotation->entity_guid}"); } } register_error(elgg_echo("pages:revision:delete:failure")); forward(REFERER);
/** * Extend container permissions checking to extend can_write_to_container for write users. * * @param string $hook * @param string $entity_type * @param bool $returnvalue * @param array $params * * @return bool */ function pages_container_permission_check($hook, $entity_type, $returnvalue, $params) { $container = elgg_extract('container', $params); $user = elgg_extract('user', $params); $subtype = elgg_extract('subtype', $params); // check type/subtype if ($entity_type !== 'object' || !in_array($subtype, ['page', 'page_top'])) { return null; } // OK if you can write to the container if ($container && $container->canWriteToContainer($user->guid)) { return true; } // look up a page object given via input if ($page_guid = get_input('page_guid', 0)) { $page = get_entity($page_guid); } elseif ($parent_guid = get_input('parent_guid', 0)) { $page = get_entity($parent_guid); } if (!pages_is_page($page)) { return null; } // try the page's container $page_container = $page->getContainerEntity(); if ($page_container && $page_container->canWriteToContainer($user->guid)) { return true; } // I don't understand this but it's old - mrclay if (in_array($page->write_access_id, get_access_list())) { return true; } }
<?php /** * Remove a page * * Subpages are not deleted but are moved up a level in the tree * * @package ElggPages */ $guid = get_input('guid'); $page = get_entity($guid); if (pages_is_page($page)) { // only allow owners and admin to delete if (elgg_is_admin_logged_in() || elgg_get_logged_in_user_guid() == $page->getOwnerGuid()) { $container = get_entity($page->container_guid); // Bring all child elements forward $parent = $page->parent_guid; $children = elgg_get_entities_from_metadata(array('metadata_name' => 'parent_guid', 'metadata_value' => $page->getGUID())); if ($children) { $db_prefix = elgg_get_config('dbprefix'); $subtype_id = (int) get_subtype_id('object', 'page_top'); $newentity_cache = is_memcache_available() ? new ElggMemcache('new_entity_cache') : null; foreach ($children as $child) { if ($parent) { $child->parent_guid = $parent; } else { // If no parent, we need to transform $child to a page_top $child_guid = (int) $child->guid; update_data("UPDATE {$db_prefix}entities\n\t\t\t\t\t\tSET subtype = {$subtype_id} WHERE guid = {$child_guid}"); elgg_delete_metadata(array('guid' => $child_guid, 'metadata_name' => 'parent_guid')); _elgg_invalidate_cache_for_entity($child_guid);
if ($type == 'tags') { $input[$name] = string_to_tag_array($input[$name]); } } // Get guids $page_guid = (int) get_input('page_guid'); $container_guid = (int) get_input('container_guid'); $parent_guid = (int) get_input('parent_guid'); elgg_make_sticky_form('page'); if (!$input['title']) { register_error(elgg_echo('pages:error:no_title')); forward(REFERER); } if ($page_guid) { $page = get_entity($page_guid); if (!pages_is_page($page) || !$page->canEdit()) { register_error(elgg_echo('pages:cantedit')); forward(REFERER); } $new_page = false; } else { $page = new ElggObject(); if ($parent_guid) { $page->subtype = 'page'; } else { $page->subtype = 'page_top'; } $new_page = true; } if (sizeof($input) > 0) { // don't change access if not an owner/admin
<?php /** * Remove a page * * Subpages are not deleted but are moved up a level in the tree * * @package ElggPages */ $guid = get_input('guid'); $page = get_entity($guid); /* @var ElggObject $page */ elgg_load_library('elgg:pages'); if (!pages_is_page($page) || !pages_can_delete_page($page)) { register_error(elgg_echo('pages:delete:failure')); forward(REFERER); } $container = $page->getContainerEntity(); // Bring all child elements forward $parent = $page->parent_guid; $children = new ElggBatch('elgg_get_entities_from_metadata', ['metadata_name' => 'parent_guid', 'metadata_value' => $page->guid, 'limit' => 0]); $db_prefix = elgg_get_config('dbprefix'); $subtype_id = (int) get_subtype_id('object', 'page_top'); foreach ($children as $child) { if ($parent) { $child->parent_guid = $parent; continue; } // If no parent, we need to transform $child to a page_top $child_guid = (int) $child->guid; update_data("\n\t\tUPDATE {$db_prefix}entities\n\t\tSET subtype = {$subtype_id}\n\t\tWHERE guid = {$child_guid}\n\t");
/** * Can the user delete the page? * * @param ElggObject $page Page/page-top object * * @return bool */ function pages_can_delete_page($page) { if (!pages_is_page($page)) { return false; } /* @var ElggObject $page */ $user = elgg_get_logged_in_user_entity(); if ($user) { if ($user->guid == $page->owner_guid || $user->isAdmin()) { return true; } } $container = $page->getContainerEntity(); return $container ? $container->canEdit() : false; }