/** * Returns the SQL where clause for a table with a access_id and enabled columns. * * This handles returning where clauses for ACCESS_FRIENDS and the currently * unused block and filter lists in addition to using get_access_list() for * access collections and the standard access levels. * * @param string $table_prefix Optional table. prefix for the access code. * @param int $owner The guid to check access for. Defaults to logged in user. * * @return string The SQL for a where clause * @access private */ function get_access_sql_suffix($table_prefix = '', $owner = null) { global $ENTITY_SHOW_HIDDEN_OVERRIDE, $CONFIG; $sql = ""; $friends_bit = ""; $enemies_bit = ""; if ($table_prefix) { $table_prefix = sanitise_string($table_prefix) . "."; } if (!isset($owner)) { $owner = elgg_get_logged_in_user_guid(); } if (!$owner) { $owner = -1; } $ignore_access = elgg_check_access_overrides($owner); $access = get_access_list($owner); if ($ignore_access) { $sql = " (1 = 1) "; } else { if ($owner != -1) { // we have an entity's guid and auto check for friend relationships $friends_bit = "{$table_prefix}access_id = " . ACCESS_FRIENDS . "\n\t\t\tAND {$table_prefix}owner_guid IN (\n\t\t\t\tSELECT guid_one FROM {$CONFIG->dbprefix}entity_relationships\n\t\t\t\tWHERE relationship='friend' AND guid_two={$owner}\n\t\t\t)"; $friends_bit = '(' . $friends_bit . ') OR '; // @todo untested and unsupported at present if (isset($CONFIG->user_block_and_filter_enabled) && $CONFIG->user_block_and_filter_enabled) { // check to see if the user is in the entity owner's block list // or if the entity owner is in the user's filter list // if so, disallow access $enemies_bit = get_access_restriction_sql('elgg_block_list', "{$table_prefix}owner_guid", $owner, false); $enemies_bit = '(' . $enemies_bit . ' AND ' . get_access_restriction_sql('elgg_filter_list', $owner, "{$table_prefix}owner_guid", false) . ')'; } } } if (empty($sql)) { $sql = " {$friends_bit} ({$table_prefix}access_id IN {$access}\n\t\t\tOR ({$table_prefix}owner_guid = {$owner})\n\t\t\tOR (\n\t\t\t\t{$table_prefix}access_id = " . ACCESS_PRIVATE . "\n\t\t\t\tAND {$table_prefix}owner_guid = {$owner}\n\t\t\t)\n\t\t)"; } if ($enemies_bit) { $sql = "{$enemies_bit} AND ({$sql})"; } if (!$ENTITY_SHOW_HIDDEN_OVERRIDE) { $sql .= " and {$table_prefix}enabled='yes'"; } return '(' . $sql . ')'; }
/** * Returns the SQL where clause for a table with a access_id and enabled columns. * * This handles returning where clauses for ACCESS_FRIENDS and the currently * unused block and filter lists in addition to using get_access_list() for * access collections and the standard access levels. * * @param string $table_prefix Optional table. prefix for the access code. * @param int $owner The guid to check access for. Defaults to logged in user. * * @return string The SQL for a where clause * @access private */ function get_access_sql_suffix($table_prefix = '', $owner = null) { global $ENTITY_SHOW_HIDDEN_OVERRIDE, $CONFIG; static $friends_cache; $sql = ""; $friends_bit = ""; $enemies_bit = ""; if ($table_prefix) { $table_prefix = sanitise_string($table_prefix) . "."; } if (!isset($owner)) { $owner = elgg_get_logged_in_user_guid(); } if (!$owner) { $owner = -1; } $ignore_access = elgg_check_access_overrides($owner); $access = get_access_list($owner); if ($ignore_access) { $sql = " (1 = 1) "; } else { if ($owner != -1) { // we have an entity's guid and auto check for friend relationships // $friends_bit = "{$table_prefix}access_id = " . ACCESS_FRIENDS . " // AND {$table_prefix}owner_guid IN ( // SELECT guid_one FROM {$CONFIG->dbprefix}entity_relationships // WHERE relationship='friend' AND guid_two=$owner // )"; // $friends_bit = '(' . $friends_bit . ') OR '; if (!isset($friends_cache)) { $friends_cache = array(); } if (!isset($friends_cache[$owner])) { $friends_cache[$owner] = array(); $friends_query = "SELECT guid_one"; $friends_query .= " FROM {$CONFIG->dbprefix}entity_relationships"; $friends_query .= " WHERE relationship='friend'"; $friends_query .= " AND guid_two={$owner}"; if ($friends_result = get_data($friends_query, "elgg_row_to_array")) { foreach ($friends_result as $friend_row) { $friends_cache[$owner][] = $friend_row["guid_one"]; } } } if (!empty($friends_cache[$owner])) { $friends_bit = "{$table_prefix}access_id = " . ACCESS_FRIENDS . " AND {$table_prefix}owner_guid IN (" . implode(",", $friends_cache[$owner]) . ")"; $friends_bit = '(' . $friends_bit . ') OR '; } // @todo untested and unsupported at present if (isset($CONFIG->user_block_and_filter_enabled) && $CONFIG->user_block_and_filter_enabled) { // check to see if the user is in the entity owner's block list // or if the entity owner is in the user's filter list // if so, disallow access $enemies_bit = get_access_restriction_sql('elgg_block_list', "{$table_prefix}owner_guid", $owner, false); $enemies_bit = '(' . $enemies_bit . ' AND ' . get_access_restriction_sql('elgg_filter_list', $owner, "{$table_prefix}owner_guid", false) . ')'; } } } if (empty($sql)) { $sql = " {$friends_bit} ({$table_prefix}access_id IN {$access}\n\t\t\tOR ({$table_prefix}owner_guid = {$owner})\n\t\t\tOR (\n\t\t\t\t{$table_prefix}access_id = " . ACCESS_PRIVATE . "\n\t\t\t\tAND {$table_prefix}owner_guid = {$owner}\n\t\t\t)\n\t\t)"; // Subsite manager - extend access $params = array("table_prefix" => $table_prefix, "owner" => $owner, "sql" => $sql, "ignore_access" => $ignore_access, "access" => $access); $sql = elgg_trigger_plugin_hook("access:get_sql_suffix", "user", $params, $sql); } if ($enemies_bit) { $sql = "{$enemies_bit} AND ({$sql})"; } if (!$ENTITY_SHOW_HIDDEN_OVERRIDE) { $sql .= " and {$table_prefix}enabled='yes'"; } return '(' . $sql . ')'; }