aboutsummaryrefslogtreecommitdiff
path: root/engine
diff options
context:
space:
mode:
authorkevinjardine <kevinjardine@36083f99-b078-4883-b0ff-0f9b5a30f544>2009-02-26 11:19:42 +0000
committerkevinjardine <kevinjardine@36083f99-b078-4883-b0ff-0f9b5a30f544>2009-02-26 11:19:42 +0000
commit3702d3c283af3f48ec76ebca66f1885ec7bcd3ca (patch)
tree28f50e25adc0593c2e70cc8ea5fbcbbd80a1c366 /engine
parentae15dcc1afbf335f50f8c3011df9606f503a6ec3 (diff)
downloadelgg-3702d3c283af3f48ec76ebca66f1885ec7bcd3ca.tar.gz
elgg-3702d3c283af3f48ec76ebca66f1885ec7bcd3ca.tar.bz2
Added "enemies" code to get_access_sql_suffix. This implements two features: a. a user can prevent another user from seeing any of his content and b. a user can filter out all the content created by another user.
There is no interface for this yet, but adding one should be easy with this core support. git-svn-id: https://code.elgg.org/elgg/trunk@2959 36083f99-b078-4883-b0ff-0f9b5a30f544
Diffstat (limited to 'engine')
-rw-r--r--engine/lib/access.php49
1 files changed, 49 insertions, 0 deletions
diff --git a/engine/lib/access.php b/engine/lib/access.php
index df851e7cd..085e29d1a 100644
--- a/engine/lib/access.php
+++ b/engine/lib/access.php
@@ -168,6 +168,40 @@
}
/**
+ * Add annotation restriction
+ *
+ * Returns an SQL fragment that is true (or optionally false) if the given user has
+ * added an annotation with the given name to the given entity.
+ *
+ * TODO: This is fairly generic so perhaps it could be moved to annotations.php
+ *
+ * @param string $annotation_name name of the annotation
+ * @param string $entity_guid SQL string that evaluates to the GUID of the entity the annotation should be attached to
+ * @param string $owner_guid SQL string that evaluates to the GUID of the owner of the annotation *
+ * @param boolean $exists If set to true, will return true if the annotation exists, otherwise returns false
+ * @return string An SQL fragment suitable for inserting into a WHERE clause
+ */
+
+ function get_annotation_sql($annotation_name,$entity_guid,$owner_guid,$exists) {
+ global $CONFIG;
+
+ if ($exists) {
+ $not = '';
+ } else {
+ $not = 'NOT';
+ }
+
+ $sql = <<<END
+$not EXISTS (SELECT * FROM {$CONFIG->dbprefix}annotations a
+INNER JOIN {$CONFIG->dbprefix}metastrings ms ON (a.name_id = ms.id)
+WHERE ms.string = '$annotation_name'
+AND a.entity_guid = $entity_guid
+AND a.owner_guid = $owner_guid)
+END;
+ return $sql;
+ }
+
+ /**
* Add access restriction sql code to a given query.
*
* Note that if this code is executed in privileged mode it will return blank.
@@ -181,6 +215,8 @@
global $ENTITY_SHOW_HIDDEN_OVERRIDE, $CONFIG;
$sql = "";
+ $friends_bit = "";
+ $enemies_bit = "";
if ($table_prefix)
$table_prefix = sanitise_string($table_prefix) . ".";
@@ -198,10 +234,23 @@
$friends_bit = $table_prefix.'access_id = '.ACCESS_FRIENDS.' AND ';
$friends_bit .= "{$table_prefix}owner_guid IN (SELECT guid_one FROM {$CONFIG->dbprefix}entity_relationships WHERE relationship='friend' AND guid_two=$owner)";
$friends_bit = '('.$friends_bit.') OR ';
+
+ if ($CONFIG->user_block_and_filter_enabled) {
+ // check to see if the user is in the entity owner's block list
+ // or if the entity owner is in the user's filter list
+ // if so, disallow access
+
+ $enemies_bit = get_annotation_sql('elgg_block_list',"{$table_prefix}owner_guid",$owner,false);
+ $enemies_bit = '('.$enemies_bit. ' AND '.get_annotation_sql('elgg_filter_list',$owner,"{$table_prefix}owner_guid",false).')';
+ }
}
if (empty($sql))
$sql = " $friends_bit ({$table_prefix}access_id in {$access} or ({$table_prefix}access_id = " . ACCESS_PRIVATE . " and {$table_prefix}owner_guid = $owner))";
+
+ if ($enemies_bit) {
+ $sql = "$enemies_bit AND ($sql)";
+ }
if (!$ENTITY_SHOW_HIDDEN_OVERRIDE)
$sql .= " and {$table_prefix}enabled='yes'";