protected function addConditionsForPrivateContent($CNF, $oProfileAuthor) { // add conditions for private content $oPrivacy = BxDolPrivacy::getObjectInstance($CNF['OBJECT_PRIVACY_VIEW']); $a = $oPrivacy ? $oPrivacy->getContentPublicAsCondition($oProfileAuthor ? $oProfileAuthor->id() : 0) : array(); if (isset($a['restriction'])) { $this->aCurrent['restriction'] = array_merge($this->aCurrent['restriction'], $a['restriction']); } if (isset($a['join'])) { $this->aCurrent['join'] = array_merge($this->aCurrent['join'], $a['join']); } $this->setProcessPrivateContent(false); }
protected function _getSqlPartsEventsList($aParams) { $sJoinClause = $sWhereClause = ""; if (isset($aParams['active'])) { $sWhereClause .= $this->prepare("AND `{$this->_sTable}`.`active`=? ", (int) $aParams['active']); } //--- Apply modules or handlers filter $sWhereModuleFilter = ''; if (!empty($aParams['modules']) && is_array($aParams['modules'])) { $sWhereModuleFilter = "AND `" . $this->_sTable . "`.`type` IN (" . $this->implode_escape($aParams['modules']) . ") "; } if ($sWhereModuleFilter == '') { $aHidden = $this->_oConfig->getHandlersHidden(); $sWhereModuleFilter = !empty($aHidden) && is_array($aHidden) ? "AND `" . $this->_sTableHandlers . "`.`id` NOT IN (" . $this->implode_escape($aHidden) . ") " : ""; } if ($sWhereModuleFilter != '') { $sWhereClause .= $sWhereModuleFilter; } //--- Check flag 'New' if (!empty($aParams['new']) && !empty($aParams['owner_id'])) { $sSql = $this->prepare("SELECT `event_id` FROM `" . $this->_sTableEvt2Usr . "` WHERE `user_id`=? LIMIT 1", (int) $aParams['owner_id']); $iId = (int) $this->getOne($sSql); $sWhereClause .= $this->prepare("AND `{$this->_sTable}`.`id`>? ", $iId); } //--- Apply privacy filter $oPrivacy = BxDolPrivacy::getObjectInstance($this->_oConfig->getObject('privacy_view')); $aQueryParts = $oPrivacy->getContentByGroupAsSQLPart(BX_DOL_PG_ALL); $sWhereClause .= $aQueryParts['where'] . " "; //--- Check type if (!empty($aParams['owner_id'])) { switch ($aParams['type']) { case BX_BASE_MOD_NTFS_TYPE_OWNER: $sWhereClause .= $this->prepare("AND `{$this->_sTable}`.`owner_id`=? ", $aParams['owner_id']); break; case BX_BASE_MOD_NTFS_TYPE_OBJECT_OWNER: $sWhereClause .= $this->prepare("AND `{$this->_sTable}`.`owner_id`<>`{$this->_sTable}`.`object_owner_id` AND `{$this->_sTable}`.`object_owner_id`=? ", $aParams['owner_id']); break; case BX_BASE_MOD_NTFS_TYPE_CONNECTIONS: $oConnection = BxDolConnection::getObjectInstance($this->_oConfig->getObject('conn_subscriptions')); $aQueryParts = $oConnection->getConnectedContentAsSQLParts($this->_sPrefix . "events", 'owner_id', $aParams['owner_id']); $sJoinClause .= ' ' . $aQueryParts['join']; break; } } return array($sJoinClause, $sWhereClause); }
/** * Get Select element with available groups. * * @param string $sObject privacy object name. * @param integer $iOwnerId object's owner ID. * @param array $aParams an array of custom selector's params (dynamic_groups - an array of arrays('key' => group_id, 'value' => group_title), title - the title to be used for generated field). * @return an array with Select element description. */ public static function getGroupChooser($sObject, $iOwnerId = 0, $aParams = array()) { $oPrivacy = BxDolPrivacy::getObjectInstance($sObject); if (empty($oPrivacy)) { return array(); } $sModule = $oPrivacy->_aObject['module']; $sAction = $oPrivacy->_aObject['action']; if ($iOwnerId == 0) { $iOwnerId = bx_get_logged_profile_id(); } $sValue = $oPrivacy->_oDb->getDefaultGroupByUser($sModule, $sAction, $iOwnerId); if (empty($sValue)) { $sValue = $oPrivacy->_oDb->getDefaultGroup($sModule, $sAction); } $aValues = array(); $aGroups = $oPrivacy->_oDb->getGroupsBy(array('type' => 'active')); foreach ($aGroups as $aGroup) { if ((int) $aGroup['active'] == 0) { continue; } $aValues[] = array('key' => $aGroup['id'], 'value' => _t($aGroup['title'])); } if (isset($aParams['dynamic_groups']) && is_array($aParams['dynamic_groups'])) { $aValues = array_merge($aValues, $aParams['dynamic_groups']); } $sName = self::getFieldName($sAction); $sTitle = isset($aParams['title']) && !empty($aParams['title']) ? $aParams['title'] : ''; if (empty($sTitle)) { $sTitle = $oPrivacy->_oDb->getTitle($sModule, $sAction); $sTitle = _t(!empty($sTitle) ? $sTitle : '_' . $sName); } return array('type' => 'select', 'name' => $sName, 'caption' => $sTitle, 'value' => $sValue, 'values' => $aValues, 'checker' => array('func' => 'avail', 'error' => _t('_ps_ferr_incorrect_select')), 'db' => array('pass' => 'Int')); }
function __construct($sMode = '', $aParams = array()) { parent::__construct($sMode, $aParams); $this->aCurrent = array('name' => 'bx_posts', 'object_metatags' => 'bx_posts', 'title' => _t('_bx_posts_page_title_browse'), 'table' => 'bx_posts_posts', 'ownFields' => array('id', 'title', 'text', 'thumb', 'author', 'added'), 'searchFields' => array('title', 'text'), 'restriction' => array('author' => array('value' => '', 'field' => 'author', 'operator' => '='), 'status' => array('value' => 'active', 'field' => 'status', 'operator' => '=')), 'paginate' => array('perPage' => getParam('bx_posts_per_page_browse'), 'start' => 0), 'sorting' => 'last', 'rss' => array('title' => '', 'link' => '', 'image' => '', 'profile' => 0, 'fields' => array('Guid' => 'link', 'Link' => 'link', 'Title' => 'title', 'DateTimeUTS' => 'added', 'Desc' => 'text')), 'ident' => 'id'); $this->sFilterName = 'bx_posts_filter'; $this->oModule = $this->getMain(); $oProfileAuthor = null; $CNF =& $this->oModule->_oConfig->CNF; switch ($sMode) { case 'author': bx_import('BxDolProfile'); $oProfileAuthor = BxDolProfile::getInstance((int) $aParams['author']); if (!$oProfileAuthor) { $this->isError = true; break; } $this->aCurrent['restriction']['author']['value'] = $oProfileAuthor->id(); $this->sBrowseUrl = 'page.php?i=' . $CNF['URI_AUTHOR_ENTRIES'] . '&profile_id={profile_id}'; $this->aCurrent['title'] = _t('_bx_posts_page_title_browse_by_author'); $this->aCurrent['rss']['link'] = 'modules/?r=posts/rss/' . $sMode . '/' . $oProfileAuthor->id(); break; case 'public': bx_import('BxDolPermalinks'); $this->sBrowseUrl = BxDolPermalinks::getInstance()->permalink($CNF['URL_HOME']); $this->aCurrent['title'] = _t('_bx_posts_page_title_browse_recent'); $this->aCurrent['rss']['link'] = 'modules/?r=posts/rss/' . $sMode; break; case 'popular': bx_import('BxDolPermalinks'); $this->sBrowseUrl = BxDolPermalinks::getInstance()->permalink($CNF['URL_POPULAR']); $this->aCurrent['title'] = _t('_bx_posts_page_title_browse_popular'); $this->aCurrent['rss']['link'] = 'modules/?r=posts/rss/' . $sMode; $this->aCurrent['sorting'] = 'popular'; break; case '': // search results $this->sBrowseUrl = BX_DOL_SEARCH_KEYWORD_PAGE; $this->aCurrent['title'] = _t('_bx_posts'); $this->aCurrent['paginate']['perPage'] = 3; unset($this->aCurrent['rss']); break; default: $sMode = ''; $this->isError = true; } // add replaceable markers and replace them if ($oProfileAuthor) { $this->addMarkers($oProfileAuthor->getInfo()); // profile info is replacable $this->addMarkers(array('profile_id' => $oProfileAuthor->id())); // profile id is replacable $this->addMarkers(array('display_name' => $oProfileAuthor->getDisplayName())); // profile display name is replacable } $this->sBrowseUrl = $this->_replaceMarkers($this->sBrowseUrl); $this->aCurrent['title'] = $this->_replaceMarkers($this->aCurrent['title']); // add conditions for private content bx_import('BxDolPrivacy'); $oPrivacy = BxDolPrivacy::getObjectInstance($CNF['OBJECT_PRIVACY_VIEW']); $a = $oPrivacy ? $oPrivacy->getContentPublicAsCondition($oProfileAuthor ? $oProfileAuthor->id() : 0) : array(); if (isset($a['restriction'])) { $this->aCurrent['restriction'] = array_merge($this->aCurrent['restriction'], $a['restriction']); } if (isset($a['join'])) { $this->aCurrent['join'] = array_merge($this->aCurrent['join'], $a['join']); } $this->setProcessPrivateContent(false); }
/** * @return CHECK_ACTION_RESULT_ALLOWED if access is granted or error message if access is forbidden. So make sure to make strict(===) checking. */ public function checkAllowedView($aDataEntry, $isPerformAction = false) { $CNF =& $this->_oConfig->CNF; // moderator and owner always have access if ($aDataEntry[$CNF['FIELD_AUTHOR']] == $this->_iProfileId || $this->_isModerator($isPerformAction)) { return CHECK_ACTION_RESULT_ALLOWED; } // check ACL $aCheck = checkActionModule($this->_iProfileId, 'view entry', $this->getName(), $isPerformAction); if ($aCheck[CHECK_ACTION_RESULT] !== CHECK_ACTION_RESULT_ALLOWED) { return $aCheck[CHECK_ACTION_MESSAGE]; } // check privacy if (!empty($CNF['OBJECT_PRIVACY_VIEW'])) { bx_import('BxDolPrivacy'); $oPrivacy = BxDolPrivacy::getObjectInstance($CNF['OBJECT_PRIVACY_VIEW']); if ($oPrivacy && !$oPrivacy->check($aDataEntry[$CNF['FIELD_ID']])) { return _t('_sys_access_denied_to_private_content'); } } return CHECK_ACTION_RESULT_ALLOWED; }
/** * Get database field name for action. * * @param string $sObject privacy object name. * @param string $sAction action name. * @return string with field name. */ public static function getFieldName($sObject, $sAction = '') { $oPrivacy = BxDolPrivacy::getObjectInstance($sObject); if (empty($oPrivacy)) { return ''; } if (empty($sAction)) { $sAction = $oPrivacy->_aObject['action']; } return $oPrivacy->convertActionToField($sAction); }
protected function _getSqlPartsEventsList($aParams) { $sJoinClause = ""; $sWhereClause = "AND `{$this->_sTable}`.`hidden`='0' "; if (isset($aParams['active'])) { $sWhereClause .= $this->prepare("AND `{$this->_sTable}`.`active`=? ", (int) $aParams['active']); } //--- Apply filter if (isset($aParams['filter'])) { $sWhereClause .= $this->_getFilterAddon($aParams['owner_id'], $aParams['filter']); } //--- Apply timeline if (isset($aParams['timeline']) && !empty($aParams['timeline'])) { $iYear = (int) $aParams['timeline']; $sWhereClause .= $this->prepare("AND `date`<=? ", mktime(23, 59, 59, 12, 31, $iYear)); } //--- Apply modules or handlers filter $sWhereModuleFilter = ''; if (!empty($aParams['modules']) && is_array($aParams['modules'])) { $sWhereModuleFilter = "AND `" . $this->_sTable . "`.`type` IN (" . $this->implode_escape($aParams['modules']) . ") "; } if ($sWhereModuleFilter == '') { $aHidden = $this->_oConfig->getHandlersHidden(); $sWhereModuleFilter = !empty($aHidden) && is_array($aHidden) ? "AND `" . $this->_sTableHandlers . "`.`id` NOT IN (" . $this->implode_escape($aHidden) . ") " : ""; } if ($sWhereModuleFilter != '') { $sWhereClause .= $sWhereModuleFilter; } //--- Apply privacy filter $oPrivacy = BxDolPrivacy::getObjectInstance($this->_oConfig->getObject('privacy_view')); $aQueryParts = $oPrivacy->getContentByGroupAsSQLPart(BX_DOL_PG_ALL); $sWhereClause .= $aQueryParts['where'] . " "; //--- Check type switch ($aParams['type']) { case BX_BASE_MOD_NTFS_TYPE_OWNER: if (empty($aParams['owner_id'])) { break; } $sWhereClause .= $this->prepare("AND `{$this->_sTable}`.`owner_id`=? ", $aParams['owner_id']); break; case BX_BASE_MOD_NTFS_TYPE_CONNECTIONS: if (empty($aParams['owner_id'])) { break; } $oConnection = BxDolConnection::getObjectInstance($this->_oConfig->getObject('conn_subscriptions')); $aQueryParts = $oConnection->getConnectedContentAsSQLParts($this->_sPrefix . "events", 'owner_id', $aParams['owner_id']); $sJoinClause .= ' ' . $aQueryParts['join']; $iUserId = bx_get_logged_profile_id(); $sCommonPostPrefix = $this->_oConfig->getPrefix('common_post'); $sWhereClause .= "AND IF(SUBSTRING(`{$this->_sTable}`.`type`, 1, " . strlen($sCommonPostPrefix) . ") = '" . $sCommonPostPrefix . "', `{$this->_sTable}`.`object_id` <> " . $iUserId . ", 1) "; break; case BX_BASE_MOD_NTFS_TYPE_PUBLIC: $sCommonPostPrefix = $this->_oConfig->getPrefix('common_post'); $sWhereClause .= "AND SUBSTRING(`{$this->_sTable}`.`type`, 1, " . strlen($sCommonPostPrefix) . ") <> '" . $sCommonPostPrefix . "' "; break; } return array($sJoinClause, $sWhereClause); }
function getComment($mixedCmt, $aBp = array(), $aDp = array()) { $iCmtId = is_array($mixedCmt) ? (int) $mixedCmt['cmt_id'] : (int) $mixedCmt; $oPrivacy = BxDolPrivacy::getObjectInstance('comments_view'); if (!$oPrivacy->check($iCmtId)) { return ''; } return parent::getComment($mixedCmt, $aBp, $aDp); }