private static function _build_query_base($q, $where = array()) { $q = Database::instance()->escape($q); if (!identity::active_user()->admin) { foreach (identity::group_ids_for_active_user() as $id) { $fields[] = "`view_{$id}` = TRUE"; // access::ALLOW } $access_sql = " AND (" . join(" OR ", $fields) . ")"; } else { $access_sql = ""; } return "SELECT SQL_CALC_FOUND_ROWS {items}.*, " . " MATCH({search_records}.`data`) AGAINST ('{$q}') AS `score` " . "FROM {items} JOIN {search_records} ON ({items}.`id` = {search_records}.`item_id`) " . "WHERE MATCH({search_records}.`data`) AGAINST ('{$q}' IN BOOLEAN MODE) " . (empty($where) ? "" : " AND " . join(" AND ", $where)) . $access_sql; }
static function search($q, $limit, $offset) { $db = Database::instance(); $q = $db->escape($q); if (!identity::active_user()->admin) { foreach (identity::group_ids_for_active_user() as $id) { $fields[] = "`view_{$id}` = TRUE"; // access::ALLOW } $access_sql = "AND (" . join(" OR ", $fields) . ")"; } else { $access_sql = ""; } $query = "SELECT SQL_CALC_FOUND_ROWS {items}.*, " . " MATCH({search_records}.`data`) AGAINST ('{$q}') AS `score` " . "FROM {items} JOIN {search_records} ON ({items}.`id` = {search_records}.`item_id`) " . "WHERE MATCH({search_records}.`data`) AGAINST ('{$q}' IN BOOLEAN MODE) " . $access_sql . "ORDER BY `score` DESC " . "LIMIT {$limit} OFFSET {$offset}"; $data = $db->query($query); $count = $db->query("SELECT FOUND_ROWS() as c")->current()->c; return array($count, new ORM_Iterator(ORM::factory("item"), $db->query($query))); }
static function baseItemQuery($db) { $fields = array('items.id', 'title', 'album_cover_item_id', 'description', 'height', 'width', 'left_ptr', 'right_ptr', 'level', 'mime_type', 'name', 'owner_id', 'parent_id', 'relative_path_cache', 'relative_url_cache', 'resize_dirty', 'slug', 'sort_column', 'sort_order', 'thumb_dirty', 'thumb_height', 'view_1', 'type', 'resize_height', 'resize_width', 'thumb_height', 'thumb_width', 'slug', 'name', 'relative_path_cache'); $permfields = array('view_', 'view_full_', 'edit_', 'add_'); foreach (identity::group_ids_for_active_user() as $album) { foreach ($permfields as $field) { $fields[] = $field . $album; } } return $db->select($fields)->from('items')->join('access_caches', 'access_caches.item_id', 'items.id'); /* return($db->select(array( 'id', 'title', 'album_cover_item_id', 'description', 'height', 'width', 'left_ptr', 'right_ptr', 'level', 'mime_type', 'name', 'owner_id', 'parent_id', 'relative_path_cache', 'relative_url_cache', 'resize_dirty', 'slug', 'sort_column', 'sort_order', 'thumb_dirty','thumb_height', 'view_1', 'type', 'resize_height', 'resize_width', 'thumb_height', 'thumb_width', 'slug', 'name', 'relative_path_cache' ))->from('items')); */ }
/** * Returns whether the active user can view hidden items. * * @return bool */ static function can_view_hidden_items() { if (identity::active_user()->admin) { return true; } $authorized_group = module::get_var("hide", "access_permissions"); if (in_array($authorized_group, identity::group_ids_for_active_user())) { return true; } return false; }
/** * Add a set of restrictions to any following queries to restrict access only to items * viewable by the active user. * @chainable */ static function viewable($model) { $view_restrictions = array(); if (!identity::active_user()->admin) { foreach (identity::group_ids_for_active_user() as $id) { $view_restrictions[] = array("items.view_{$id}", "=", access::ALLOW); } } if (count($view_restrictions)) { $model->and_open()->merge_or_where($view_restrictions)->close(); } return $model; }
/** * Add a set of restrictions to any following queries to restrict access only to items * viewable by the active user. * @chainable */ static function viewable($model) { $view_restrictions = array(); if (!identity::active_user()->admin) { foreach (identity::group_ids_for_active_user() as $id) { // Separate the first restriction from the rest to make it easier for us to formulate // our where clause below if (empty($view_restrictions)) { $view_restrictions[0] = "items.view_{$id}"; } else { $view_restrictions[1]["items.view_{$id}"] = access::ALLOW; } } } switch (count($view_restrictions)) { case 0: break; case 1: $model->where($view_restrictions[0], access::ALLOW); break; default: $model->open_paren(); $model->where($view_restrictions[0], access::ALLOW); $model->orwhere($view_restrictions[1]); $model->close_paren(); break; } return $model; }