/**
* Check if provided tag id can be modified by the provided user
* @param $tagid integer Tag id
* @param $user string Actual user; NULL pickup actual logged in user
* @return boolean TRUE if permission is valid, false otherwise
*/
public static function writeAllowed($tagid, $user = NULL)
{
// If owner is not set, assign the actual username
if ($user === NULL) {
$user = \OCP\User::getUser();
}
// If user is an administrator, write is allowed
if (\OC_User::isAdminUser(\OCP\User::getUser())) {
return TRUE;
}
// Query for actual tag's owner and permission
$sql = "SELECT `owner`, `permission` FROM `*PREFIX*oclife_tags` WHERE `id`=?";
$args = array($tagid);
$query = \OCP\DB::prepare($sql);
$resRsrc = $query->execute($args);
$owner = NULL;
$permission = NULL;
while ($row = $resRsrc->fetchRow()) {
// Legacy check on user and permission
$permission = \OCA\OCLife\hTags::getPermission($row['permission']);
$owner = isset($row['owner']) ? $row['owner'] : \OCP\User::getUser();
}
// Check if worldwide writeable
if (substr($permission, 5, 1) === 'w') {
return TRUE;
}
// Check for operating on owner's tag
if ($user === $owner) {
return substr($permission, 1, 1) === 'w' ? TRUE : FALSE;
}
// Check for tags owned by group where $user belongs to
if (substr($permission, 3, 1) === 'w') {
$userCompanion = \OCA\OCLife\utilities::getGroupCompanion($user);
$groupPos = array_search($owner, $userCompanion);
return $groupPos === FALSE ? FALSE : TRUE;
} else {
return FALSE;
}
}
