diff options
| author | Brett Profitt <brett.profitt@gmail.com> | 2011-07-06 21:08:03 -0400 |
|---|---|---|
| committer | Brett Profitt <brett.profitt@gmail.com> | 2011-07-06 21:08:03 -0400 |
| commit | 3e318bdeda941f78e9ae7b78bf337f67c4475849 (patch) | |
| tree | a4074ed7288ac8682c0bd3296f1d36f281c9f0f7 | |
| parent | f068068add8645dc359fdcb00b7745a918c1c81e (diff) | |
| download | elgg-3e318bdeda941f78e9ae7b78bf337f67c4475849.tar.gz elgg-3e318bdeda941f78e9ae7b78bf337f67c4475849.tar.bz2 | |
Revert "Merged ACL fixes from 1.7 branch."
This reverts commit de111da23258cd2b513c8f4ab84712ee50272b23. Reverted because of problems in how 1.8 populates the access dropdown.
| -rw-r--r-- | actions/friends/collections/add.php | 38 | ||||
| -rw-r--r-- | actions/friends/collections/delete.php | 34 | ||||
| -rw-r--r-- | actions/friends/collections/edit.php | 20 | ||||
| -rw-r--r-- | engine/lib/access.php | 167 | ||||
| -rw-r--r-- | languages/en.php | 2 |
5 files changed, 126 insertions, 135 deletions
diff --git a/actions/friends/collections/add.php b/actions/friends/collections/add.php index 8383e4db2..8ec6a085f 100644 --- a/actions/friends/collections/add.php +++ b/actions/friends/collections/add.php @@ -2,31 +2,35 @@ /** * Elgg collection add page * - * @package Elgg - * @subpackage Core + * @package Elgg.Core + * @subpackage Friends.Collections */ $collection_name = get_input('collection_name'); $friends = get_input('friends_collection'); -if (!$collection_name) { - register_error(elgg_echo("friends:nocollectionname")); - forward(REFERER); -} +//first check to make sure that a collection name has been set and create the new colection +if ($collection_name) { -$id = create_access_collection($collection_name); + //create the collection + $create_collection = create_access_collection($collection_name, elgg_get_logged_in_user_guid()); -if ($id) { - $result = update_access_collection($id, $friends); - if ($result) { - system_message(elgg_echo("friends:collectionadded")); - // go to the collections page - forward("pg/collections/" . get_loggedin_user()->username); - } else { - register_error(elgg_echo("friends:nocollectionname")); - forward(REFERER); + //if the collection was created and the user passed some friends from the form, add them + if ($create_collection && (!empty($friends))) { + //add friends to the collection + foreach ($friends as $friend) { + add_user_to_access_collection($friend, $create_collection); + } } + + // Success message + system_message(elgg_echo("friends:collectionadded")); + // Forward to the collections page + forward("collections/" . elgg_get_logged_in_user_entity()->username); + } else { register_error(elgg_echo("friends:nocollectionname")); - forward(REFERER); + + // Forward to the add collection page + forward("collections/add"); } diff --git a/actions/friends/collections/delete.php b/actions/friends/collections/delete.php index 5b0aa8e10..fe719d74b 100644 --- a/actions/friends/collections/delete.php +++ b/actions/friends/collections/delete.php @@ -1,24 +1,36 @@ <?php - /** * Elgg friends: delete collection action * - * @package Elgg - * @subpackage Core + * @package Elgg.Core + * @subpackage Friends.Collections */ $collection_id = (int) get_input('collection'); -// check the ACL exists and we can edit -if (!can_edit_access_collection($collection_id)) { - register_error(elgg_echo("friends:collectiondeletefailed")); - forward(REFERER); -} +// Check to see that the access collection exist and grab its owner +$get_collection = get_access_collection($collection_id); + +if ($get_collection) { + + if ($get_collection->owner_guid == elgg_get_logged_in_user_guid()) { + + $delete_collection = delete_access_collection($collection_id); -if (delete_access_collection($collection_id)) { - system_message(elgg_echo("friends:collectiondeleted")); + // Success message + if ($delete_collection) { + system_message(elgg_echo("friends:collectiondeleted")); + } else { + register_error(elgg_echo("friends:collectiondeletefailed")); + } + } else { + // Failure message + register_error(elgg_echo("friends:collectiondeletefailed")); + } } else { + // Failure message register_error(elgg_echo("friends:collectiondeletefailed")); } -forward(REFERER); +// Forward to the collections page +forward("collections/" . elgg_get_logged_in_user_entity()->username); diff --git a/actions/friends/collections/edit.php b/actions/friends/collections/edit.php index 581b21353..b7fb716f2 100644 --- a/actions/friends/collections/edit.php +++ b/actions/friends/collections/edit.php @@ -1,23 +1,15 @@ <?php /** - * Elgg collection add page + * Friends collection edit action * - * @package Elgg - * @subpackage Core + * @package Elgg.Core + * @subpackage Friends.Collections */ $collection_id = get_input('collection_id'); $friends = get_input('friend'); -// check it exists and we can edit -if (!can_edit_access_collection($collection_id)) { - system_message(elgg_echo('friends:collection:edit_failed')); -} +//chech the collection exists and the current user owners it +update_access_collection($collection_id, $friends); -if (update_access_collection($collection_id, $friends)) { - system_message(elgg_echo('friends:collections:edited')); -} else { - system_message(elgg_echo('friends:collection:edit_failed')); -} - -forward(REFERER);
\ No newline at end of file +exit; diff --git a/engine/lib/access.php b/engine/lib/access.php index 855d0d53c..cde3d256f 100644 --- a/engine/lib/access.php +++ b/engine/lib/access.php @@ -411,43 +411,7 @@ function get_write_access_array($user_id = 0, $site_id = 0, $flush = false) { } /** - * Can the user write to the access collection? - * - * Hook into the access:collections:write, user to change this. - * - * Respects access control disabling for admin users and {@see elgg_set_ignore_access()} - * - * @see get_write_access_array() - * - * @param int $collection_id The collection id - * @param mixed $user_guid The user GUID to check for. Defaults to logged in user. - * @return bool - */ -function can_edit_access_collection($collection_id, $user_guid = null) { - if ($user_guid) { - $user = get_entity((int) $user_guid); - } else { - $user = get_loggedin_user(); - } - - $collection = get_access_collection($collection_id); - - if (!($user instanceof ElggUser) || !$collection) { - return false; - } - - $write_access = get_write_access_array($user->getGUID(), null, true); - - // don't ignore access when checking users. - if ($user_guid) { - return array_key_exists($collection_id, $write_access); - } else { - return elgg_get_ignore_access() || array_key_exists($collection_id, $write_access); - } -} - -/** - * Creates a new access control collection owned by the specified user. + * Creates a new access collection. * * Access colletions allow plugins and users to create granular access * for entities. @@ -484,7 +448,6 @@ function create_access_collection($name, $owner_guid = 0, $site_guid = 0) { SET name = '{$name}', owner_guid = {$owner_guid}, site_guid = {$site_guid}"; - if (!$id = insert_data($q)) { return false; } @@ -520,31 +483,37 @@ function create_access_collection($name, $owner_guid = 0, $site_guid = 0) { function update_access_collection($collection_id, $members) { global $CONFIG; - $acl = get_access_collection($collection_id); + $collection_id = (int) $collection_id; + $members = (is_array($members)) ? $members : array(); - if (!$acl) { - return false; - } + $collections = get_write_access_array(); - $members = (is_array($members)) ? $members : array(); + if (array_key_exists($collection_id, $collections)) { + $cur_members = get_members_of_access_collection($collection_id, true); + $cur_members = (is_array($cur_members)) ? $cur_members : array(); - $cur_members = get_members_of_access_collection($collection_id, true); - $cur_members = (is_array($cur_members)) ? $cur_members : array(); + $remove_members = array_diff($cur_members, $members); + $add_members = array_diff($members, $cur_members); - $remove_members = array_diff($cur_members, $members); - $add_members = array_diff($members, $cur_members); + $params = array( + 'collection_id' => $collection_id, + 'members' => $members, + 'add_members' => $add_members, + 'remove_members' => $remove_members + ); - $result = true; + foreach ($add_members as $guid) { + add_user_to_access_collection($guid, $collection_id); + } - foreach ($add_members as $guid) { - $result = $result && add_user_to_access_collection($guid, $collection_id); - } + foreach ($remove_members as $guid) { + remove_user_from_access_collection($guid, $collection_id); + } - foreach ($remove_members as $guid) { - $result = $result && remove_user_from_access_collection($guid, $collection_id); + return true; } - return $result; + return false; } /** @@ -558,25 +527,27 @@ function update_access_collection($collection_id, $members) { * @see update_access_collection() */ function delete_access_collection($collection_id) { - global $CONFIG; - $collection_id = (int) $collection_id; + $collections = get_write_access_array(null, null, TRUE); $params = array('collection_id' => $collection_id); if (!elgg_trigger_plugin_hook('access:collections:deletecollection', 'collection', $params, true)) { return false; } - // Deleting membership doesn't affect result of deleting ACL. - $q = "DELETE FROM {$CONFIG->dbprefix}access_collection_membership - WHERE access_collection_id = {$collection_id}"; - delete_data($q); + if (array_key_exists($collection_id, $collections)) { + global $CONFIG; + $query = "delete from {$CONFIG->dbprefix}access_collection_membership" + . " where access_collection_id = {$collection_id}"; + delete_data($query); - $q = "DELETE FROM {$CONFIG->dbprefix}access_collections - WHERE id = {$collection_id}"; - $result = delete_data($q); + $query = "delete from {$CONFIG->dbprefix}access_collections where id = {$collection_id}"; + delete_data($query); + return true; + } else { + return false; + } - return $result; } /** @@ -613,33 +584,45 @@ function get_access_collection($collection_id) { * @see remove_user_from_access_collection() */ function add_user_to_access_collection($user_guid, $collection_id) { - global $CONFIG; - $collection_id = (int) $collection_id; $user_guid = (int) $user_guid; - $user = get_user($user_guid); + $collections = get_write_access_array(); - $collection = get_access_collection($collection_id); + if (!($collection = get_access_collection($collection_id))) { + return false; + } - if (!($user instanceof Elgguser) || !$collection) { + $user = get_user($user_guid); + if (!$user) { return false; } + // to add someone to a collection, the user must be a member of the collection or + // no one must own it + if ((array_key_exists($collection_id, $collections) || $collection->owner_guid == 0)) { + $result = true; + } else { + $result = false; + } + $params = array( 'collection_id' => $collection_id, + 'collection' => $collection, 'user_guid' => $user_guid ); - if (!elgg_trigger_plugin_hook('access:collections:add_user', 'collection', $params, true)) { + $result = elgg_trigger_plugin_hook('access:collections:add_user', 'collection', $params, $result); + if ($result == false) { return false; } try { - $q = "INSERT INTO {$CONFIG->dbprefix}access_collection_membership - SET access_collection_id = {$collection_id}, - user_guid = {$user_guid}"; - insert_data($q); + global $CONFIG; + $query = "insert into {$CONFIG->dbprefix}access_collection_membership" + . " set access_collection_id = {$collection_id}, user_guid = {$user_guid}"; + insert_data($query); } catch (DatabaseException $e) { + // nothing. return false; } @@ -657,32 +640,34 @@ function add_user_to_access_collection($user_guid, $collection_id) { * @return true|false Depending on success */ function remove_user_from_access_collection($user_guid, $collection_id) { - global $CONFIG; - $collection_id = (int) $collection_id; $user_guid = (int) $user_guid; - $user = get_user($user_guid); + $collections = get_write_access_array(); + $user = $user = get_user($user_guid); - $collection = get_access_collection($collection_id); - - if (!($user instanceof Elgguser) || !$collection) { + if (!($collection = get_access_collection($collection_id))) { return false; } - $params = array( - 'collection_id' => $collection_id, - 'user_guid' => $user_guid - ); + if ((array_key_exists($collection_id, $collections) || $collection->owner_guid == 0) && $user) { + global $CONFIG; + $params = array( + 'collection_id' => $collection_id, + 'user_guid' => $user_guid + ); - if (!elgg_trigger_plugin_hook('access:collections:remove_user', 'collection', $params, true)) { - return false; - } + if (!elgg_trigger_plugin_hook('access:collections:remove_user', 'collection', $params, true)) { + return false; + } - $q = "DELETE FROM {$CONFIG->dbprefix}access_collection_membership - WHERE access_collection_id = {$collection_id} - AND user_guid = {$user_guid}"; + delete_data("delete from {$CONFIG->dbprefix}access_collection_membership " + . "where access_collection_id = {$collection_id} and user_guid = {$user_guid}"); + + return true; - return delete_data($q); + } + + return false; } /** diff --git a/languages/en.php b/languages/en.php index b525a2043..c30a1bdd8 100644 --- a/languages/en.php +++ b/languages/en.php @@ -343,8 +343,6 @@ $english = array( 'friends:nocollectionname' => "You need to give your collection a name before it can be created.", 'friends:collections:members' => "Collection members", 'friends:collections:edit' => "Edit collection", - 'friends:collections:edited' => "Saved collection", - 'friends:collection:edit_failed' => 'Could not save collection.', 'friendspicker:chararray' => 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', |