private static function _build_query_base($q, $where = array())
{
$q = Database::instance()->escape($q);
if (!identity::active_user()->admin) {
foreach (identity::group_ids_for_active_user() as $id) {
$fields[] = "`view_{$id}` = TRUE";
// access::ALLOW
}
$access_sql = " AND (" . join(" OR ", $fields) . ")";
} else {
$access_sql = "";
}
return "SELECT SQL_CALC_FOUND_ROWS {items}.*, " . " MATCH({search_records}.`data`) AGAINST ('{$q}') AS `score` " . "FROM {items} JOIN {search_records} ON ({items}.`id` = {search_records}.`item_id`) " . "WHERE MATCH({search_records}.`data`) AGAINST ('{$q}' IN BOOLEAN MODE) " . (empty($where) ? "" : " AND " . join(" AND ", $where)) . $access_sql;
}
static function search($q, $limit, $offset)
{
$db = Database::instance();
$q = $db->escape($q);
if (!identity::active_user()->admin) {
foreach (identity::group_ids_for_active_user() as $id) {
$fields[] = "`view_{$id}` = TRUE";
// access::ALLOW
}
$access_sql = "AND (" . join(" OR ", $fields) . ")";
} else {
$access_sql = "";
}
$query = "SELECT SQL_CALC_FOUND_ROWS {items}.*, " . " MATCH({search_records}.`data`) AGAINST ('{$q}') AS `score` " . "FROM {items} JOIN {search_records} ON ({items}.`id` = {search_records}.`item_id`) " . "WHERE MATCH({search_records}.`data`) AGAINST ('{$q}' IN BOOLEAN MODE) " . $access_sql . "ORDER BY `score` DESC " . "LIMIT {$limit} OFFSET {$offset}";
$data = $db->query($query);
$count = $db->query("SELECT FOUND_ROWS() as c")->current()->c;
return array($count, new ORM_Iterator(ORM::factory("item"), $db->query($query)));
}
static function baseItemQuery($db)
{
$fields = array('items.id', 'title', 'album_cover_item_id', 'description', 'height', 'width', 'left_ptr', 'right_ptr', 'level', 'mime_type', 'name', 'owner_id', 'parent_id', 'relative_path_cache', 'relative_url_cache', 'resize_dirty', 'slug', 'sort_column', 'sort_order', 'thumb_dirty', 'thumb_height', 'view_1', 'type', 'resize_height', 'resize_width', 'thumb_height', 'thumb_width', 'slug', 'name', 'relative_path_cache');
$permfields = array('view_', 'view_full_', 'edit_', 'add_');
foreach (identity::group_ids_for_active_user() as $album) {
foreach ($permfields as $field) {
$fields[] = $field . $album;
}
}
return $db->select($fields)->from('items')->join('access_caches', 'access_caches.item_id', 'items.id');
/*
return($db->select(array(
'id', 'title', 'album_cover_item_id', 'description', 'height', 'width', 'left_ptr', 'right_ptr',
'level', 'mime_type', 'name', 'owner_id', 'parent_id', 'relative_path_cache', 'relative_url_cache',
'resize_dirty', 'slug', 'sort_column', 'sort_order', 'thumb_dirty','thumb_height', 'view_1', 'type',
'resize_height', 'resize_width', 'thumb_height', 'thumb_width', 'slug', 'name', 'relative_path_cache'
))->from('items'));
*/
}
/**
* Returns whether the active user can view hidden items.
*
* @return bool
*/
static function can_view_hidden_items()
{
if (identity::active_user()->admin) {
return true;
}
$authorized_group = module::get_var("hide", "access_permissions");
if (in_array($authorized_group, identity::group_ids_for_active_user())) {
return true;
}
return false;
}
/**
* Add a set of restrictions to any following queries to restrict access only to items
* viewable by the active user.
* @chainable
*/
static function viewable($model)
{
$view_restrictions = array();
if (!identity::active_user()->admin) {
foreach (identity::group_ids_for_active_user() as $id) {
$view_restrictions[] = array("items.view_{$id}", "=", access::ALLOW);
}
}
if (count($view_restrictions)) {
$model->and_open()->merge_or_where($view_restrictions)->close();
}
return $model;
}
/**
* Add a set of restrictions to any following queries to restrict access only to items
* viewable by the active user.
* @chainable
*/
static function viewable($model)
{
$view_restrictions = array();
if (!identity::active_user()->admin) {
foreach (identity::group_ids_for_active_user() as $id) {
// Separate the first restriction from the rest to make it easier for us to formulate
// our where clause below
if (empty($view_restrictions)) {
$view_restrictions[0] = "items.view_{$id}";
} else {
$view_restrictions[1]["items.view_{$id}"] = access::ALLOW;
}
}
}
switch (count($view_restrictions)) {
case 0:
break;
case 1:
$model->where($view_restrictions[0], access::ALLOW);
break;
default:
$model->open_paren();
$model->where($view_restrictions[0], access::ALLOW);
$model->orwhere($view_restrictions[1]);
$model->close_paren();
break;
}
return $model;
}
