public function checkVideoAccess($videoid = null)
{
$mainframe = JFactory::getApplication();
$config = CFactory::getConfig();
$jinput = $mainframe->input;
$userId = $jinput->get('userid', 0, 'INT');
$my = CFactory::getUser();
$actor = CFactory::getuser($userId);
// check privacy
$allowed = true;
// verify video-level privacy setting
if ($videoid) {
if (!CPrivacy::isAccessAllowed($my->id, $actor->id, 'video', 'video', $videoid)) {
$allowed = false;
}
} else {
if (!CPrivacy::isAccessAllowed($my->id, $actor->id, 'privacyVideoView', 'privacyVideoView')) {
$allowed = false;
}
}
if (!$allowed) {
echo "<div class=\"cEmpty cAlert\">" . JText::_('COM_COMMUNITY_PRIVACY_ERROR_MSG') . "</div>";
return;
}
if (!$config->get('enablevideos')) {
$redirect = CRoute::_('index.php?option=com_community&view=frontpage', false);
$mainframe->redirect($redirect, JText::_('COM_COMMUNITY_VIDEOS_DISABLED'), 'warning');
}
return true;
}
public function checkPhotoAccess($albumid = null, $photoid = null)
{
$mainframe = JFactory::getApplication();
$jinput = $mainframe->input;
$config = CFactory::getConfig();
$userId = $jinput->get('userid');
$groupId = $jinput->get('groupid');
$my = CFactory::getUser();
if ($userId) {
$creator = CFactory::getuser($userId);
$creatorId = $creator->id;
}
if ($albumid) {
$album = JTable::getInstance('Album', 'CTable');
$album->load($albumid);
$creatorId = $album->creator;
}
if ($photoid) {
$photo = JTable::getINstance('Photo', 'CTable');
$photo->load($photoid);
$creatorId = $photo->creator;
}
// check privacy
$allowed = true;
// default privacy levels
if (isset($creatorId) && !$groupId) {
if (isset($album) && $album->permission <= 10) {
return true;
} else {
if (!CPrivacy::isAccessAllowed($my->id, $creatorId, 'privacyPhotoView', 'privacyPhotoView')) {
$allowed = false;
}
}
} elseif (isset($groupId) && $groupId) {
$group = JTable::getInstance('Group', 'CTable');
$group->load($group);
if ($group->approvals == 1 && !$group->isMember($my->id) && !COwnerHelper::isCommunityAdmin()) {
$allowed = false;
} else {
$allowed = true;
}
}
if (!$allowed) {
echo "<div class=\"cEmpty cAlert\">" . JText::_('COM_COMMUNITY_PRIVACY_ERROR_MSG') . "</div>";
return;
}
if (!$config->get('enablephotos')) {
$mainframe->enqueueMessage(JText::_('COM_COMMUNITY_PHOTOS_DISABLED'), '');
return false;
}
return true;
}
/**
* Return rows of activities
*/
function getActivities($userid = '', $friends = '', $afterDate = null, $maxEntries = 20, $respectPrivacy = true, $exclusions = null, $displayArchived = false)
{
$db =& $this->getDBO();
$my = CFactory::getuser();
$todayDate = new JDate();
// Oversampling, to cater for aggregated activities
$maxEntries = $maxEntries < 0 ? 0 : $maxEntries;
$maxEntries = $maxEntries * 8;
$orWhere = array();
$andWhere = array();
$onActor = '';
//default the 1st condition here so that if the date is null, it wont give sql error.
if (!$displayArchived) {
$andWhere[] = "`archived`=0";
}
if (!empty($userid)) {
$orWhere[] = "(a.`actor`=" . $db->Quote($userid) . ")";
$onActor = " AND (a.`actor`=" . $db->Quote($userid) . ")";
}
//
if (!empty($friends)) {
$orWhere[] = "(a.`actor` IN (" . implode(',', $friends) . ")" . ")";
}
if (!empty($userid)) {
$orWhere[] = "(a.`target`=" . $db->Quote($userid) . ")";
}
if (!empty($afterDate)) {
$andWhere[] = "(a.`created` between " . $db->Quote($afterDate->toMySQL()) . " and " . $db->Quote($todayDate->toMySQL()) . ")";
}
if (!is_null($exclusions)) {
$exclusionQuery = '(a.`id` NOT IN (';
for ($i = 0; $i < count($exclusions); $i++) {
$exclusion = $exclusions[$i];
$exclusionQuery .= $db->Quote($exclusion);
if ($i != count($exclusions) - 1) {
$exclusionQuery .= ',';
}
}
$exclusionQuery .= ') )';
$andWhere[] = $exclusionQuery;
}
if ($respectPrivacy) {
// Add friends limits, but admin should be able to see all
// @todo: should use global admin code check instead
if ($my->id == 0) {
// for guest, it is enough to just test access <= 0
$andWhere[] = "(a.`access` <= 10)";
} elseif (!($my->usertype == 'Super Administrator' || $my->usertype == 'Administrator' || $my->usertype == 'Manager')) {
$orWhere[] = "((a.`access` = 0) {$onActor})";
$orWhere[] = "((a.`access` = 10) {$onActor})";
$orWhere[] = "( (a.`access` = 20) AND ({$my->id} != 0) {$onActor})";
if ($my->id != 0) {
$orWhere[] = "( (a.access = 30) AND (a.actor = {$my->id}) {$onActor})";
$orWhere[] = "( (a.access = 30) AND (a.actor IN (SELECT c.`connect_to`\r\n\t\t\t\t\t\t\tFROM `#__community_connection` as c\r\n\t\t\t\t\t\t\tWHERE\r\n\t\t\t\t\t\t\t\tc.`connect_from` = {$my->id}\r\n\t\t\t\t\t\t\tAND\r\n\t\t\t\t\t\t\t\tc.`status` = 1) ) {$onActor} )";
}
}
}
if (!empty($userid)) {
//get the list of acitivity id in archieve table 1st.
$subQuery = 'SELECT b.`activity_id` FROM #__community_activities_hide as b WHERE b.`user_id` = ' . $db->Quote($userid);
$db->setQuery($subQuery);
$subResult = $db->loadResultArray();
$subString = implode(',', $subResult);
if (!empty($subString)) {
$andWhere[] = "a.`id` NOT IN ({$subString}) ";
}
}
$whereOr = implode(' OR ', $orWhere);
$whereAnd = implode(' AND ', $andWhere);
// Actors can also be your friends
// We load 100 activities to cater for aggregated content
$date = CTimeHelper::getDate();
//we need to compare where both date with offset so that the day diff correctly.
$sql = "SELECT a.*, TO_DAYS(" . $db->Quote($date->toMySQL(true)) . ") - TO_DAYS( DATE_ADD(a.`created`, INTERVAL " . $date->getOffset() . " HOUR ) ) as 'daydiff' " . " FROM #__community_activities as a " . " WHERE " . " ( {$whereOr} ) AND " . " {$whereAnd} ORDER BY a.`created` DESC LIMIT " . $maxEntries;
// Remove the bracket if it is not needed
$sql = JString::str_ireplace("WHERE ( ) AND", ' WHERE ', $sql);
// echo $sql;exit;
$db->setQuery($sql);
$result = $db->loadObjectList();
if ($db->getErrorNum()) {
JError::raiseError(500, $db->stderr());
}
// @todo: write a plugin that return the html part of the whole system
return $result;
}
