aboutsummaryrefslogtreecommitdiff
path: root/engine/lib
diff options
context:
space:
mode:
authoricewing <icewing@36083f99-b078-4883-b0ff-0f9b5a30f544>2008-06-02 16:31:54 +0000
committericewing <icewing@36083f99-b078-4883-b0ff-0f9b5a30f544>2008-06-02 16:31:54 +0000
commit367616f979405241eb432250644e2b172f152075 (patch)
tree6f0a8d066b489305297dbe5b73521b4f1c85768b /engine/lib
parent820b106ef3ee47df69a21a0410adc0882f73cace (diff)
downloadelgg-367616f979405241eb432250644e2b172f152075.tar.gz
elgg-367616f979405241eb432250644e2b172f152075.tar.bz2
Marcus Povey <marcus@dushka.co.uk>
* Added access control shorthand function. REPLACE THIS WHEN QUERY OBJECT COMPLETE git-svn-id: https://code.elgg.org/elgg/trunk@776 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'engine/lib')
-rw-r--r--engine/lib/access.php26
1 files changed, 26 insertions, 0 deletions
diff --git a/engine/lib/access.php b/engine/lib/access.php
index e39a9f165..5205b7a55 100644
--- a/engine/lib/access.php
+++ b/engine/lib/access.php
@@ -86,6 +86,32 @@
return $access_array[$user_id];
+ }
+
+ /**
+ * Add access restriction sql code to a given query.
+ *
+ * Note that if this code is executed in privileged mode it will return blank.
+ *
+ * TODO: DELETE once Query classes are fully integrated
+ *
+ * @param string $table_prefix Optional xxx. prefix for the access code.
+ */
+ function get_access_sql_suffix($table_prefix = "")
+ {
+ $sql = "";
+
+ if (!is_privileged())
+ {
+ $access = get_access_list();
+
+ if ($table_prefix)
+ $table_prefix = sanitise_string($table_prefix) . ".";
+
+ $sql = " and ({$table_prefix}access_id in {$access} or ({$table_prefix}access_id = 0 and {$table_prefix}owner_guid = {$_SESSION['id']}))";
+ }
+
+ return $sql;
}
/**