/** * @param array $data Parameters: * - view (int) * - oldusers (array of user IDs) */ public function __construct($data, $cron = false) { parent::__construct($data, $cron); if (!($viewinfo = new View($this->view))) { if (!empty($this->cron)) { // probably deleted already return; } throw new ViewNotFoundException(get_string('viewnotfound', 'error', $this->view)); } $this->url = $viewinfo->get_url(false); $this->users = array_diff_key(activity_get_viewaccess_users($this->view), $this->oldusers); if ($viewinfo->get_collection()) { $this->incollection = true; $this->title = $viewinfo->get_collection()->get('name'); $this->add_urltext(array('key' => 'Collection', 'section' => 'collection')); } else { $this->title = $viewinfo->get('title'); $this->add_urltext(array('key' => 'View', 'section' => 'view')); } $this->ownername = $viewinfo->formatted_owner(); }
/** * Set the view access rules * @param $accessdata array For each view access row Can contain id, type, startdate, stopdate, allowcomments, approvecomments * @param $viewids array Contains ids of the views getting the access rules * @param $allowcomments bool Holding the view wide allowcomments option Needed when changing this and saving page at same time as the views are not saved at this point. * * @return $accessdata_added array The added access rows */ public function set_access($accessdata, $viewids = null, $allowcomments = true) { global $USER; require_once 'activity.php'; require_once 'group.php'; require_once 'institution.php'; $beforeusers = activity_get_viewaccess_users($this->get('id')); $select = 'view = ? AND visible = 1 AND token IS NULL'; db_begin(); delete_records_select('view_access', $select, array($this->id)); // View access $accessdata_added = array(); if ($accessdata) { /* * There should be a cleaner way to do this * $accessdata_added ensures that the same access is not granted twice because the profile page * gets very grumpy if there are duplicate access rules * * Additional rules: * - Don't insert records with stopdate in the past * - Remove startdates that are in the past * - If view allows comments, access record comment permissions, don't apply, so reset them. * @todo: merge overlapping date ranges. */ $time = time(); foreach ($accessdata as $item) { if (!empty($item['stopdate']) && $item['stopdate'] < $time) { continue; } if (!empty($item['startdate']) && $item['startdate'] < $time) { unset($item['startdate']); } if ($allowcomments) { unset($item['allowcomments']); unset($item['approvecomments']); } $accessrecord = (object) array('accesstype' => null, 'group' => null, 'role' => null, 'institution' => null, 'usr' => null, 'token' => null, 'startdate' => null, 'stopdate' => null, 'allowcomments' => 0, 'approvecomments' => 1, 'ctime' => db_format_timestamp(time())); switch ($item['type']) { case 'user': $accessrecord->usr = $item['id']; break; case 'group': $accessrecord->group = $item['id']; if (isset($item['role']) && strlen($item['role'])) { // Don't insert a record for a role the group doesn't have $roleinfo = group_get_role_info($item['id']); if (!isset($roleinfo[$item['role']])) { break; } $accessrecord->role = $item['role']; } break; case 'institution': $accessrecord->institution = $item['id']; break; case 'friends': if (!$this->owner) { continue; // Don't add friend access to group, institution or system views } case 'public': case 'loggedin': $accessrecord->accesstype = $item['type']; } if (isset($item['allowcomments'])) { $accessrecord->allowcomments = (int) (!empty($item['allowcomments'])); if ($accessrecord->allowcomments) { $accessrecord->approvecomments = (int) (!empty($item['approvecomments'])); } } if (isset($item['startdate'])) { $accessrecord->startdate = db_format_timestamp($item['startdate']); } if (isset($item['stopdate'])) { $accessrecord->stopdate = db_format_timestamp($item['stopdate']); } if (array_search($accessrecord, $accessdata_added) === false) { $accessrecord->view = $this->get('id'); insert_record('view_access', $accessrecord); unset($accessrecord->view); $accessdata_added[] = $accessrecord; } } } $data = new StdClass(); $data->view = $this->get('id'); $data->oldusers = $beforeusers; if (!empty($viewids) && sizeof($viewids) > 1) { $views = array(); foreach ($viewids as $viewid) { $view = new View($viewid); $views[] = array('id' => $view->get('id'), 'title' => $view->get('title')); } $data->views = $views; } activity_occurred('viewaccess', $data); handle_event('saveview', $this->get('id')); db_commit(); return $accessdata_added; }
/** * @param array $data Parameters: * - owner (int) * - view (int) * - oldusers (array of user IDs) */ public function __construct($data, $cron = false) { parent::__construct($data, $cron); if (!($viewinfo = get_record_sql(' SELECT v.title, v.owner, v.group, v.institution, u.id, u.username, u.preferredname, u.firstname, u.lastname, u.staff, u.admin, g.name AS groupname, i.displayname AS institutionname FROM {view} v LEFT JOIN {usr} u ON v.owner = u.id LEFT JOIN {group} g ON v.group = g.id LEFT JOIN {institution} i ON v.institution = i.name WHERE v.id = ?', array($this->view)))) { if (!empty($this->cron)) { // probably deleted already return; } throw new ViewNotFoundException(get_string('viewnotfound', 'error', $this->view)); } $this->url = get_config('wwwroot') . 'view/view.php?id=' . $this->view; $this->users = array_diff_key(activity_get_viewaccess_users($this->view, $this->owner, $this->get_id()), $this->oldusers); $this->title = $viewinfo->title; if ($this->users) { if ($viewinfo->group) { $this->ownername = $viewinfo->groupname; } else { if ($viewinfo->institution) { $this->ownername = $viewinfo->institutionname; } else { if ($viewinfo->owner) { $this->ownername = display_name($viewinfo, null, true); } } } } $this->add_urltext(array('key' => 'View', 'section' => 'view')); }
public function set_access($accessdata) { global $USER; require_once 'activity.php'; // For users who are being removed from having access to this view, they // need to have the view and any attached artefacts removed from their // watchlist. $oldusers = array(); foreach ($this->get_access() as $item) { if ($item['type'] == 'user') { $oldusers[] = $item; } } $newusers = array(); if ($accessdata) { foreach ($accessdata as $item) { if ($item['type'] == 'user') { $newusers[] = $item; } } } $userstodelete = array(); foreach ($oldusers as $olduser) { foreach ($newusers as $newuser) { if ($olduser['id'] == $newuser['id']) { continue 2; } } $userstodelete[] = $olduser; } if ($userstodelete) { $userids = array(); foreach ($userstodelete as $user) { $userids[] = intval($user['id']); } $userids = implode(',', $userids); execute_sql('DELETE FROM {usr_watchlist_view} WHERE view = ' . $this->get('id') . ' AND usr IN (' . $userids . ')'); } $beforeusers = activity_get_viewaccess_users($this->get('id'), $USER->get('id'), 'viewaccess'); // Procedure: // get list of current friends - this is available in global $data // compare with list of new friends // work out which friends are being removed // foreach friend // // remove record from usr_watchlist_view where usr = ? and view = ? // // remove records from usr_watchlist_artefact where usr = ? and view = ? // endforeach // db_begin(); delete_records('view_access', 'view', $this->get('id')); delete_records('view_access_usr', 'view', $this->get('id')); delete_records('view_access_group', 'view', $this->get('id')); delete_records('view_access_token', 'view', $this->get('id'), 'visible', 1); $time = db_format_timestamp(time()); // View access if ($accessdata) { foreach ($accessdata as $item) { $accessrecord = new StdClass(); $accessrecord->view = $this->get('id'); if (isset($item['startdate'])) { $accessrecord->startdate = db_format_timestamp($item['startdate']); } if (isset($item['stopdate'])) { $accessrecord->stopdate = db_format_timestamp($item['stopdate']); } switch ($item['type']) { case 'public': case 'loggedin': case 'friends': $accessrecord->accesstype = $item['type']; insert_record('view_access', $accessrecord); break; case 'user': $accessrecord->usr = $item['id']; insert_record('view_access_usr', $accessrecord); break; case 'group': $accessrecord->group = $item['id']; if ($item['role']) { // Don't insert a record for a role the group doesn't have $roleinfo = group_get_role_info($item['id']); if (!isset($roleinfo[$item['role']])) { break; } $accessrecord->role = $item['role']; } insert_record('view_access_group', $accessrecord); break; case 'token': $accessrecord->token = $item['id']; insert_record('view_access_token', $accessrecord); break; } } } $data = new StdClass(); $data->view = $this->get('id'); $data->owner = $USER->get('id'); $data->oldusers = $beforeusers; activity_occurred('viewaccess', $data); handle_event('saveview', $this->get('id')); db_commit(); }
public function __construct($data, $cron = false) { parent::__construct($data, $cron); if (!($this->viewinfo = get_record_sql('SELECT u.*, v.title FROM {usr} u JOIN {view} v ON v.owner = u.id WHERE v.id = ?', array($this->view)))) { if (!empty($this->cron)) { // probably deleted already return; } throw new ViewNotFoundException(get_string('viewnotfound', 'error', $this->view)); } $this->url = get_config('wwwroot') . 'view/view.php?id=' . $this->view; $this->users = array_diff_key(activity_get_viewaccess_users($this->view, $this->owner, $this->get_id()), $this->oldusers); }