aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--engine/lib/access.php71
-rw-r--r--engine/lib/input.php146
2 files changed, 203 insertions, 14 deletions
diff --git a/engine/lib/access.php b/engine/lib/access.php
index 32b476a39..05fafd3d3 100644
--- a/engine/lib/access.php
+++ b/engine/lib/access.php
@@ -350,8 +350,19 @@ END;
if (($site_id == 0) && (isset($CONFIG->site_guid))) $site_id = $CONFIG->site_guid;
$name = sanitise_string($name);
- return insert_data("insert into {$CONFIG->dbprefix}access_collections set name = '{$name}', owner_guid = {$owner_guid}, site_guid = {$site_id}");
+ if (!$id = insert_data("insert into {$CONFIG->dbprefix}access_collections set name = '{$name}', owner_guid = {$owner_guid}, site_guid = {$site_id}")) {
+ return false;
+ }
+ $params = array(
+ 'collection_id' => $id
+ );
+
+ if (!trigger_plugin_hook('access:collections:addcollection', 'collection', $params, true)) {
+ return false;
+ }
+
+ return $id;
}
/**
@@ -365,22 +376,33 @@ END;
global $CONFIG;
$collection_id = (int) $collection_id;
+ $members = (is_array($members)) ? $members : array();
$collections = get_write_access_array();
if (array_key_exists($collection_id, $collections)) {
-
- delete_data("delete from {$CONFIG->dbprefix}access_collection_membership where access_collection_id = {$collection_id}");
+ $cur_members = get_members_of_access_collection($collection_id, true);
+ $cur_members = (is_array($cur_members)) ? $cur_members : array();
+
+ $remove_members = array_diff($cur_members, $members);
+ $add_members = array_diff($members, $cur_members);
- if (is_array($members) && sizeof($members) > 0) {
- foreach($members as $member) {
- $member = (int) $member;
- if (get_user($member))
- insert_data("insert into {$CONFIG->dbprefix}access_collection_membership set access_collection_id = {$collection_id}, user_guid = {$member}");
- }
- return true;
+ $params = array(
+ 'collection_id' => $collection_id,
+ 'members' => $members,
+ 'add_members' => $add_members,
+ 'remove_members' => $remove_members
+ );
+
+ foreach ($add_members as $guid) {
+ add_user_to_access_collection($guid, $collection_id);
}
-
+
+ foreach ($remove_members as $guid) {
+ remove_user_from_access_collection($guid, $collection_id);
+ }
+
+ return true;
}
return false;
@@ -396,6 +418,12 @@ END;
$collection_id = (int) $collection_id;
$collections = get_write_access_array();
+ $params = array('collection_id' => $collection_id);
+
+ if (!trigger_plugin_hook('access:collections:deletecollection', 'collection', $params, true)) {
+ return false;
+ }
+
if (array_key_exists($collection_id, $collections)) {
global $CONFIG;
delete_data("delete from {$CONFIG->dbprefix}access_collection_membership where access_collection_id = {$collection_id}");
@@ -441,8 +469,17 @@ END;
if ((array_key_exists($collection_id, $collections) || $collection->owner_guid == 0)
&& $user = get_user($user_guid)) {
-
global $CONFIG;
+
+ $params = array(
+ 'collection_id' => $collection_id,
+ 'user_guid' => $user_guid
+ );
+
+ if (!trigger_plugin_hook('access:collections:add_user', 'collection', $params, true)) {
+ return false;
+ }
+
try {
insert_data("insert into {$CONFIG->dbprefix}access_collection_membership set access_collection_id = {$collection_id}, user_guid = {$user_guid}");
} catch (DatabaseException $e) {}
@@ -471,8 +508,16 @@ END;
return false;
if ((array_key_exists($collection_id, $collections) || $collection->owner_guid == 0) && $user = get_user($user_guid)) {
-
global $CONFIG;
+ $params = array(
+ 'collection_id' => $collection_id,
+ 'user_guid' => $user_guid
+ );
+
+ if (!trigger_plugin_hook('access:collections:remove_user', 'collection', $params, true)) {
+ return false;
+ }
+
delete_data("delete from {$CONFIG->dbprefix}access_collection_membership where access_collection_id = {$collection_id} and user_guid = {$user_guid}");
return true;
diff --git a/engine/lib/input.php b/engine/lib/input.php
index 71abbb330..0ec93763b 100644
--- a/engine/lib/input.php
+++ b/engine/lib/input.php
@@ -160,9 +160,153 @@
return $pee;
}
-
+
+ /**
+ * Page handler for autocomplete endpoint.
+ *
+ * @param $page
+ * @return unknown_type
+ */
+ function input_autocomplete_page_handler($page) {
+ global $CONFIG;
+ // only return results to logged in users.
+ if (!$user = get_loggedin_user()) {
+ exit;
+ }
+
+ if (!$q = get_input('q')) {
+ exit;
+ }
+
+ $match_on = get_input('match_on', 'all');
+ if ($match_on == 'all' || $match_on[0] == 'all') {
+ $match_on = array('users', 'groups');
+ }
+
+ if (!is_array($match_on)) {
+ $match_on = array($match_on);
+ }
+
+ if (get_input('match_owner', false)) {
+ $owner_guid = $user->getGUID();
+ $owner_where = 'AND e.owner_guid = ' . $user->getGUID();
+ } else {
+ $owner_guid = null;
+ $owner_where = '';
+ }
+
+ $limit = get_input('limit', 10);
+
+ // grab a list of entities and send them in json.
+ $results = array();
+ foreach ($match_on as $type) {
+ switch ($type) {
+ case 'all':
+ // only need to pull up title from objects.
+
+ if (!$entities = get_entities(null, null, $owner_guid, null, $limit) AND is_array($entities)) {
+ $results = array_merge($results, $entities);
+ }
+ break;
+
+ case 'users':
+ $query = "SELECT * FROM {$CONFIG->dbprefix}users_entity as ue, {$CONFIG->dbprefix}entities as e
+ WHERE e.guid = ue.guid
+ AND e.enabled = 'yes'
+ AND ue.banned = 'no'
+ AND (ue.name LIKE '%$q%' OR ue.username LIKE '$q%')
+ LIMIT $limit
+ ";
+
+ if ($entities = get_data($query)) {
+ foreach ($entities as $entity) {
+ $json = json_encode(array(
+ 'type' => 'user',
+ 'name' => $entity->name,
+ 'desc' => $entity->username,
+ //'icon' => elgg_view('profile/icon', array('entity' => get_entity($entity->guid), 'size' => 'tiny', 'override' => 'true')),
+ 'icon' => '<img style="float: left;" src="' . get_entity($entity->guid)->getIcon('tiny') . '" />',
+ 'guid' => $entity->guid
+ ));
+ $results[$entity->name . rand(1,100)] = $json;
+ }
+ }
+ break;
+
+ case 'groups':
+ // don't return results if groups aren't enabled.
+ if (!is_plugin_enabled('groups')) {
+ continue;
+ }
+ $query = "SELECT * FROM {$CONFIG->dbprefix}groups_entity as ge, {$CONFIG->dbprefix}entities as e
+ WHERE e.guid = ge.guid
+ AND e.enabled = 'yes'
+ $owner_where
+ AND (ge.name LIKE '%$q%' OR ge.description LIKE '%$q%')
+ LIMIT $limit
+ ";
+ if ($entities = get_data($query)) {
+ foreach ($entities as $entity) {
+ $json = json_encode(array(
+ 'type' => 'group',
+ 'name' => $entity->name,
+ 'desc' => strip_tags($entity->description),
+ //'icon' => elgg_view('groups/icon', array('entity' => get_entity($entity->guid), 'size' => 'tiny', 'override' => 'true')),
+ 'icon' => '<img style="float: left;" src="' . get_entity($entity->guid)->getIcon('tiny') . '" />',
+ 'guid' => $entity->guid
+ ));
+ //$results[$entity->name . rand(1,100)] = "$json|{$entity->guid}";
+ $results[$entity->name . rand(1,100)] = $json;
+ }
+ }
+ break;
+
+ case 'friends':
+ $access = get_access_sql_suffix();
+ $query = "SELECT * FROM {$CONFIG->dbprefix}users_entity as ue, {$CONFIG->dbprefix}entity_relationships as er, {$CONFIG->dbprefix}entities as e
+ WHERE er.relationship = 'friend'
+ AND er.guid_one = {$user->getGUID()}
+ AND er.guid_two = ue.guid
+ AND e.guid = ue.guid
+ AND e.enabled = 'yes'
+ AND ue.banned = 'no'
+ AND (ue.name LIKE '%$q%' OR ue.username LIKE '$q%')
+ LIMIT $limit
+ ";
+
+ if ($entities = get_data($query)) {
+ foreach ($entities as $entity) {
+ $json = json_encode(array(
+ 'type' => 'user',
+ 'name' => $entity->name,
+ 'desc' => $entity->username,
+ //'icon' => elgg_view('profile/icon', array('entity' => get_entity($entity->guid), 'size' => 'tiny', 'override' => 'true')),
+ 'icon' => '<img style="float: left;" src="' . get_entity($entity->guid)->getIcon('tiny') . '" />',
+ 'guid' => $entity->guid
+ ));
+ $results[$entity->name . rand(1,100)] = $json;
+ }
+ }
+ break;
+
+ default:
+ // arbitrary subtype.
+ get_entities(null, $type, $owner_guid);
+ break;
+ }
+ }
+
+ ksort($results);
+ echo implode($results, "\n");
+ exit;
+ }
+
+
function input_init() {
+ // register an endpoint for live search / autocomplete.
+ register_page_handler('autocomplete', 'input_autocomplete_page_handler');
+
if (ini_get_bool('magic_quotes_gpc') ) {
//do keys as well, cos array_map ignores them
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-02 16:39:35 +0000