aboutsummaryrefslogtreecommitdiff
path: root/mod
diff options
context:
space:
mode:
authorSteve Clay <steve@mrclay.org>2012-06-24 00:09:17 -0400
committerSteve Clay <steve@mrclay.org>2012-06-24 00:09:17 -0400
commit4a3c49240140449ef4c91c4b999a91b11380db3c (patch)
tree3d1e92342473e2fd90059d9abcfe88e79def9a25 /mod
parentd71309056037adc869319566f9ec53313eb192d8 (diff)
downloadelgg-4a3c49240140449ef4c91c4b999a91b11380db3c.tar.gz
elgg-4a3c49240140449ef4c91c4b999a91b11380db3c.tar.bz2
Fixes #4138: Admin can edit any users' notifications
Diffstat (limited to 'mod')
-rw-r--r--mod/notifications/actions/groupsave.php29
-rw-r--r--mod/notifications/actions/save.php11
-rw-r--r--mod/notifications/groups.php21
-rw-r--r--mod/notifications/index.php21
-rw-r--r--mod/notifications/start.php22
-rw-r--r--mod/notifications/views/default/forms/notificationsettings/groupsave.php8
-rw-r--r--mod/notifications/views/default/forms/notificationsettings/save.php16
-rw-r--r--mod/notifications/views/default/notifications/subscriptions/collections.php14
-rw-r--r--mod/notifications/views/default/notifications/subscriptions/form.php9
-rw-r--r--mod/notifications/views/default/notifications/subscriptions/forminternals.php20
-rw-r--r--mod/notifications/views/default/notifications/subscriptions/personal.php8
11 files changed, 134 insertions, 45 deletions
diff --git a/mod/notifications/actions/groupsave.php b/mod/notifications/actions/groupsave.php
index c304cb856..7838f7e63 100644
--- a/mod/notifications/actions/groupsave.php
+++ b/mod/notifications/actions/groupsave.php
@@ -6,27 +6,42 @@
* @package ElggNotifications
*/
-// Load important global vars
-global $NOTIFICATION_HANDLERS;
+$current_user = elgg_get_logged_in_user_entity();
+
+$guid = (int) get_input('guid', 0);
+if (!$guid || !($user = get_entity($guid))) {
+ forward();
+}
+if (($user->guid != $current_user->guid) && !$current_user->isAdmin()) {
+ forward();
+}
// Get group memberships and condense them down to an array of guids
$groups = array();
-if ($groupmemberships = elgg_get_entities_from_relationship(array('relationship' => 'member', 'relationship_guid' => elgg_get_logged_in_user_guid(), 'types' => 'group', 'limit' => 9999))) {
+$options = array(
+ 'relationship' => 'member',
+ 'relationship_guid' => $user->guid,
+ 'types' => 'group',
+ 'limit' => 9999,
+);
+if ($groupmemberships = elgg_get_entities_from_relationship($options)) {
foreach($groupmemberships as $groupmembership) {
$groups[] = $groupmembership->guid;
}
-}
+}
+// Load important global vars
+global $NOTIFICATION_HANDLERS;
foreach($NOTIFICATION_HANDLERS as $method => $foo) {
$subscriptions[$method] = get_input($method.'subscriptions');
$personal[$method] = get_input($method.'personal');
$collections[$method] = get_input($method.'collections');
if (!empty($groups)) {
foreach($groups as $group) {
- if (in_array($group,$subscriptions[$method])) {
- add_entity_relationship(elgg_get_logged_in_user_guid(), 'notify'.$method, $group);
+ if (in_array($group, $subscriptions[$method])) {
+ add_entity_relationship($user->guid, 'notify'.$method, $group);
} else {
- remove_entity_relationship(elgg_get_logged_in_user_guid(), 'notify'.$method, $group);
+ remove_entity_relationship($user->guid, 'notify'.$method, $group);
}
}
}
diff --git a/mod/notifications/actions/save.php b/mod/notifications/actions/save.php
index 163b656aa..3fe0001a3 100644
--- a/mod/notifications/actions/save.php
+++ b/mod/notifications/actions/save.php
@@ -6,9 +6,18 @@
* @package ElggNotifications
*/
-$user = elgg_get_logged_in_user_entity();
+$current_user = elgg_get_logged_in_user_entity();
+
+$guid = (int) get_input('guid', 0);
+if (!$guid || !($user = get_entity($guid))) {
+ forward();
+}
+if (($user->guid != $current_user->guid) && !$current_user->isAdmin()) {
+ forward();
+}
global $NOTIFICATION_HANDLERS;
+$subscriptions = array();
foreach($NOTIFICATION_HANDLERS as $method => $foo) {
$subscriptions[$method] = get_input($method.'subscriptions');
$personal[$method] = get_input($method.'personal');
diff --git a/mod/notifications/groups.php b/mod/notifications/groups.php
index 45fb94e83..3e81e474a 100644
--- a/mod/notifications/groups.php
+++ b/mod/notifications/groups.php
@@ -3,16 +3,16 @@
* Elgg notifications plugin group index
*
* @package ElggNotifications
+ *
+ * @uses $user ElggUser
*/
-// Load Elgg framework
-require_once(dirname(dirname(dirname(__FILE__))) . '/engine/start.php');
-
-// Ensure only logged-in users can see this page
-gatekeeper();
+if (!isset($user) || !($user instanceof ElggUser)) {
+ $url = 'notifications/group/' . elgg_get_logged_in_user_entity()->username;
+ forward($url);
+}
-elgg_set_page_owner_guid(elgg_get_logged_in_user_guid());
-$user = elgg_get_page_owner_entity();
+elgg_set_page_owner_guid($user);
// Set the context to settings
elgg_set_context('settings');
@@ -27,12 +27,15 @@ $people = array();
$groupmemberships = elgg_get_entities_from_relationship(array(
'relationship' => 'member',
- 'relationship_guid' => elgg_get_logged_in_user_guid(),
+ 'relationship_guid' => $user->guid,
'types' => 'group',
'limit' => 9999,
));
-$body = elgg_view_form('notificationsettings/groupsave', array(), array('groups' => $groupmemberships));
+$body = elgg_view_form('notificationsettings/groupsave', array(), array(
+ 'groups' => $groupmemberships,
+ 'user' => $user,
+));
$params = array(
'content' => $body,
diff --git a/mod/notifications/index.php b/mod/notifications/index.php
index 882389fde..f4143f57b 100644
--- a/mod/notifications/index.php
+++ b/mod/notifications/index.php
@@ -3,16 +3,16 @@
* Elgg notifications plugin index
*
* @package ElggNotifications
+ *
+ * @uses $user ElggUser
*/
-// Load Elgg framework
-require_once(dirname(dirname(dirname(__FILE__))) . '/engine/start.php');
-
-// Ensure only logged-in users can see this page
-gatekeeper();
+if (!isset($user) || !($user instanceof ElggUser)) {
+ $url = 'notifications/personal/' . elgg_get_logged_in_user_entity()->username;
+ forward($url);
+}
-elgg_set_page_owner_guid(elgg_get_logged_in_user_guid());
-$user = elgg_get_page_owner_entity();
+elgg_set_page_owner_guid($user);
// Set the context to settings
elgg_set_context('settings');
@@ -26,7 +26,7 @@ elgg_push_breadcrumb($title);
$people = array();
if ($people_ents = elgg_get_entities_from_relationship(array(
'relationship' => 'notify',
- 'relationship_guid' => elgg_get_logged_in_user_guid(),
+ 'relationship_guid' => $user->guid,
'types' => 'user',
'limit' => 99999,
))) {
@@ -36,7 +36,10 @@ if ($people_ents = elgg_get_entities_from_relationship(array(
}
}
-$body = elgg_view('notifications/subscriptions/form', array('people' => $people));
+$body = elgg_view('notifications/subscriptions/form', array(
+ 'people' => $people,
+ 'user' => $user,
+));
$params = array(
'content' => $body,
diff --git a/mod/notifications/start.php b/mod/notifications/start.php
index 761f17e40..d5d418f0f 100644
--- a/mod/notifications/start.php
+++ b/mod/notifications/start.php
@@ -40,13 +40,25 @@ function notifications_plugin_init() {
*/
function notifications_page_handler($page) {
+ gatekeeper();
+ $current_user = elgg_get_logged_in_user_entity();
+
// default to personal notifications
if (!isset($page[0])) {
$page[0] = 'personal';
}
+ if (!isset($page[1])) {
+ forward("notifications/{$page[0]}/{$current_user->username}");
+ }
+
+ $user = get_user_by_username($page[1]);
+ if (($user->guid != $current_user->guid) && !$current_user->isAdmin()) {
+ forward();
+ }
$base = elgg_get_plugins_path() . 'notifications';
+ // note: $user passed in
switch ($page[0]) {
case 'group':
require "$base/groups.php";
@@ -66,12 +78,16 @@ function notifications_page_handler($page) {
*/
function notifications_plugin_pagesetup() {
if (elgg_get_context() == "settings" && elgg_get_logged_in_user_guid()) {
- $user = elgg_get_logged_in_user_entity();
+
+ $user = elgg_get_page_owner_entity();
+ if (!$user) {
+ $user = elgg_get_logged_in_user_entity();
+ }
$params = array(
'name' => '2_a_user_notify',
'text' => elgg_echo('notifications:subscriptions:changesettings'),
- 'href' => "notifications/personal",
+ 'href' => "notifications/personal/{$user->username}",
);
elgg_register_menu_item('page', $params);
@@ -79,7 +95,7 @@ function notifications_plugin_pagesetup() {
$params = array(
'name' => '2_group_notify',
'text' => elgg_echo('notifications:subscriptions:changesettings:groups'),
- 'href' => "notifications/group",
+ 'href' => "notifications/group/{$user->username}",
);
elgg_register_menu_item('page', $params);
}
diff --git a/mod/notifications/views/default/forms/notificationsettings/groupsave.php b/mod/notifications/views/default/forms/notificationsettings/groupsave.php
index 61b94ff8b..168639ab2 100644
--- a/mod/notifications/views/default/forms/notificationsettings/groupsave.php
+++ b/mod/notifications/views/default/forms/notificationsettings/groupsave.php
@@ -3,13 +3,18 @@
* Elgg notifications groups subscription form
*
* @package ElggNotifications
+ *
+ * @uses $vars['user'] ElggUser
*/
+/* @var ElggUser $user */
+$user = $vars['user'];
+
global $NOTIFICATION_HANDLERS;
foreach ($NOTIFICATION_HANDLERS as $method => $foo) {
$subsbig[$method] = elgg_get_entities_from_relationship(array(
'relationship' => 'notify' . $method,
- 'relationship_guid' => elgg_get_logged_in_user_guid(),
+ 'relationship_guid' => $user->guid,
'types' => 'group',
'limit' => 99999,
));
@@ -97,6 +102,7 @@ END;
<?php
}
echo '<div class="elgg-foot mtm">';
+ echo elgg_view('input/hidden', array('name' => 'guid', 'value' => $user->guid));
echo elgg_view('input/submit', array('value' => elgg_echo('save')));
echo '</div>';
diff --git a/mod/notifications/views/default/forms/notificationsettings/save.php b/mod/notifications/views/default/forms/notificationsettings/save.php
index ff32d8558..9470256ca 100644
--- a/mod/notifications/views/default/forms/notificationsettings/save.php
+++ b/mod/notifications/views/default/forms/notificationsettings/save.php
@@ -1,13 +1,21 @@
<?php
/**
* Personal notifications form body
+ *
+ * @uses $vars['user'] ElggUser
*/
-echo elgg_view('notifications/subscriptions/personal');
-echo elgg_view('notifications/subscriptions/collections');
-echo elgg_view('notifications/subscriptions/forminternals');
+/* @var ElggUser $user */
+$user = $vars['user'];
+
+echo elgg_view('notifications/subscriptions/personal', $vars);
+echo elgg_view('notifications/subscriptions/collections', $vars);
+echo elgg_view('notifications/subscriptions/forminternals', $vars);
?>
<div class="elgg-foot">
-<?php echo elgg_view('input/submit', array('value' => elgg_echo('save'))); ?>
+<?php
+echo elgg_view('input/hidden', array('name' => 'guid', 'value' => $user->guid));
+echo elgg_view('input/submit', array('value' => elgg_echo('save')));
+?>
</div>
diff --git a/mod/notifications/views/default/notifications/subscriptions/collections.php b/mod/notifications/views/default/notifications/subscriptions/collections.php
index 28d9fb5b8..b8787570d 100644
--- a/mod/notifications/views/default/notifications/subscriptions/collections.php
+++ b/mod/notifications/views/default/notifications/subscriptions/collections.php
@@ -1,4 +1,12 @@
-<?php //@todo JS 1.8: no ?>
+<?php
+/**
+ * @uses $vars['user'] ElggUser
+ */
+
+/* @var ElggUser $user */
+$user = $vars['user'];
+
+//@todo JS 1.8: no ?>
<script type="text/javascript">
function setCollection(members, method, id) {
@@ -42,7 +50,7 @@
</tr>
<?php
$members = array();
- if ($friends = get_user_friends(elgg_get_logged_in_user_guid(), '', 9999, 0)) {
+ if ($friends = get_user_friends($user->guid, '', 9999, 0)) {
foreach($friends as $friend) {
$members[] = $friend->guid;
}
@@ -63,7 +71,7 @@
$i = 0;
foreach($NOTIFICATION_HANDLERS as $method => $foo) {
$metaname = 'collections_notifications_preferences_' . $method;
- if ($collections_preferences = elgg_get_logged_in_user_entity()->$metaname) {
+ if ($collections_preferences = $user->$metaname) {
if (!empty($collections_preferences) && !is_array($collections_preferences)) {
$collections_preferences = array($collections_preferences);
}
diff --git a/mod/notifications/views/default/notifications/subscriptions/form.php b/mod/notifications/views/default/notifications/subscriptions/form.php
index f2f6238f9..8ae27f829 100644
--- a/mod/notifications/views/default/notifications/subscriptions/form.php
+++ b/mod/notifications/views/default/notifications/subscriptions/form.php
@@ -1,11 +1,16 @@
<?php
/**
* Elgg personal notifications
+ *
+ * @uses $vars['user'] ElggUser
*/
-echo elgg_view('subscriptions/form/additions',$vars);
+echo elgg_view('subscriptions/form/additions', $vars);
// Display a description
-echo elgg_view_form('notificationsettings/save', array('class' => 'elgg-form-alt'));
+echo elgg_view_form('notificationsettings/save', array(
+ 'class' => 'elgg-form-alt',
+ 'user' => $vars['user']
+));
diff --git a/mod/notifications/views/default/notifications/subscriptions/forminternals.php b/mod/notifications/views/default/notifications/subscriptions/forminternals.php
index e89ce02be..11f266303 100644
--- a/mod/notifications/views/default/notifications/subscriptions/forminternals.php
+++ b/mod/notifications/views/default/notifications/subscriptions/forminternals.php
@@ -1,8 +1,13 @@
<?php
/**
* Hacked up friends picker that needs to be replaced
+ *
+ * @uses $vars['user'] ElggUser
*/
+/* @var ElggUser $user */
+$user = $vars['user'];
+
elgg_load_js('elgg.friendspicker');
elgg_load_js('jquery.easing');
@@ -19,11 +24,16 @@ elgg_load_js('jquery.easing');
<?php
// Get friends and subscriptions
-$friends = get_user_friends(elgg_get_logged_in_user_guid(),'',9999,0);
+$friends = get_user_friends($user->guid, '', 9999, 0);
global $NOTIFICATION_HANDLERS;
foreach($NOTIFICATION_HANDLERS as $method => $foo) {
- $subsbig[$method] = elgg_get_entities_from_relationship(array('relationship' => 'notify' . $method, 'relationship_guid' => elgg_get_logged_in_user_guid(), 'types' => 'user', 'limit' => 99999));
+ $subsbig[$method] = elgg_get_entities_from_relationship(array(
+ 'relationship' => 'notify' . $method,
+ 'relationship_guid' => $user->guid,
+ 'types' => 'user',
+ 'limit' => 99999,
+ ));
}
$subs = array();
@@ -88,9 +98,9 @@ if (isset($vars['formtarget'])) {
// Sort users by letter
if (is_array($friends) && sizeof($friends)) {
- foreach($friends as $user) {
+ foreach($friends as $friend) {
- $letter = elgg_substr($user->name,0,1);
+ $letter = elgg_substr($friend->name,0,1);
$letter = elgg_strtoupper($letter);
if (!elgg_substr_count($chararray,$letter)) {
$letter = "*";
@@ -98,7 +108,7 @@ if (is_array($friends) && sizeof($friends)) {
if (!isset($users[$letter])) {
$users[$letter] = array();
}
- $users[$letter][$user->guid] = $user;
+ $users[$letter][$friend->guid] = $friend;
}
}
diff --git a/mod/notifications/views/default/notifications/subscriptions/personal.php b/mod/notifications/views/default/notifications/subscriptions/personal.php
index 7dac908fc..cf05426e2 100644
--- a/mod/notifications/views/default/notifications/subscriptions/personal.php
+++ b/mod/notifications/views/default/notifications/subscriptions/personal.php
@@ -1,4 +1,10 @@
<?php
+/**
+ * @uses $vars['user'] ElggUser
+ */
+
+/* @var ElggUser $user */
+$user = $vars['user'];
global $NOTIFICATION_HANDLERS;
@@ -40,7 +46,7 @@ foreach($NOTIFICATION_HANDLERS as $method => $foo) {
$fields = '';
$i = 0;
foreach($NOTIFICATION_HANDLERS as $method => $foo) {
- if ($notification_settings = get_user_notification_settings(elgg_get_logged_in_user_guid())) {
+ if ($notification_settings = get_user_notification_settings($user->guid)) {
if ($notification_settings->$method) {
$personalchecked[$method] = 'checked="checked"';
} else {