aboutsummaryrefslogtreecommitdiff
path: root/mod/groups/actions
diff options
context:
space:
mode:
Diffstat (limited to 'mod/groups/actions')
-rw-r--r--mod/groups/actions/discussion/reply/save.php6
-rw-r--r--mod/groups/actions/discussion/save.php4
-rw-r--r--mod/groups/actions/groups/edit.php195
-rw-r--r--mod/groups/actions/groups/membership/delete_invite.php4
-rw-r--r--mod/groups/actions/groups/membership/invite.php73
-rw-r--r--mod/groups/actions/groups/membership/leave.php2
6 files changed, 182 insertions, 102 deletions
diff --git a/mod/groups/actions/discussion/reply/save.php b/mod/groups/actions/discussion/reply/save.php
index a1ed036b6..f8be8aa2c 100644
--- a/mod/groups/actions/discussion/reply/save.php
+++ b/mod/groups/actions/discussion/reply/save.php
@@ -4,8 +4,6 @@
*
*/
-gatekeeper();
-
// Get input
$entity_guid = (int) get_input('entity_guid');
$text = get_input('group_topic_post');
@@ -23,10 +21,10 @@ if (!$topic) {
forward(REFERER);
}
-$user = get_loggedin_user();
+$user = elgg_get_logged_in_user_entity();
$group = $topic->getContainerEntity();
-if (!$group->canWriteToContainer($user)) {
+if (!$group->canWriteToContainer()) {
register_error(elgg_echo('groups:notmember'));
forward(REFERER);
}
diff --git a/mod/groups/actions/discussion/save.php b/mod/groups/actions/discussion/save.php
index a51775cd6..b3e9da654 100644
--- a/mod/groups/actions/discussion/save.php
+++ b/mod/groups/actions/discussion/save.php
@@ -4,7 +4,7 @@
*/
// Get variables
-$title = get_input("title");
+$title = htmlspecialchars(get_input('title', '', false), ENT_QUOTES, 'UTF-8');
$desc = get_input("description");
$status = get_input("status");
$access_id = (int) get_input("access_id");
@@ -21,7 +21,7 @@ if (!$title || !$desc) {
}
$container = get_entity($container_guid);
-if (!$container || !$container->canWriteToContainer()) {
+if (!$container || !$container->canWriteToContainer(0, 'object', 'groupforumtopic')) {
register_error(elgg_echo('discussion:error:permissions'));
forward(REFERER);
}
diff --git a/mod/groups/actions/groups/edit.php b/mod/groups/actions/groups/edit.php
index 27f6e0426..f19b90566 100644
--- a/mod/groups/actions/groups/edit.php
+++ b/mod/groups/actions/groups/edit.php
@@ -5,25 +5,25 @@
* @package ElggGroups
*/
-// Load configuration
-global $CONFIG;
+elgg_make_sticky_form('groups');
/**
* wrapper for recursive array walk decoding
*/
function profile_array_decoder(&$v) {
- $v = html_entity_decode($v, ENT_COMPAT, 'UTF-8');
+ $v = _elgg_html_decode($v);
}
// Get group fields
$input = array();
-foreach ($CONFIG->group as $shortname => $valuetype) {
- // another work around for Elgg's encoding problems: #561, #1963
+foreach (elgg_get_config('group') as $shortname => $valuetype) {
$input[$shortname] = get_input($shortname);
+
+ // @todo treat profile fields as unescaped: don't filter, encode on output
if (is_array($input[$shortname])) {
array_walk_recursive($input[$shortname], 'profile_array_decoder');
} else {
- $input[$shortname] = html_entity_decode($input[$shortname], ENT_COMPAT, 'UTF-8');
+ $input[$shortname] = _elgg_html_decode($input[$shortname]);
}
if ($valuetype == 'tags') {
@@ -31,24 +31,43 @@ foreach ($CONFIG->group as $shortname => $valuetype) {
}
}
-$input['name'] = get_input('name');
-$input['name'] = html_entity_decode($input['name'], ENT_COMPAT, 'UTF-8');
+$input['name'] = htmlspecialchars(get_input('name', '', false), ENT_QUOTES, 'UTF-8');
$user = elgg_get_logged_in_user_entity();
$group_guid = (int)get_input('group_guid');
-$new_group_flag = $group_guid == 0;
+$is_new_group = $group_guid == 0;
+
+if ($is_new_group
+ && (elgg_get_plugin_setting('limited_groups', 'groups') == 'yes')
+ && !$user->isAdmin()) {
+ register_error(elgg_echo("groups:cantcreate"));
+ forward(REFERER);
+}
$group = new ElggGroup($group_guid); // load if present, if not create a new group
-if (($group_guid) && (!$group->canEdit())) {
+if ($group_guid && !$group->canEdit()) {
register_error(elgg_echo("groups:cantedit"));
-
forward(REFERER);
}
// Assume we can edit or this is a new group
if (sizeof($input) > 0) {
foreach($input as $shortname => $value) {
+ // update access collection name if group name changes
+ if (!$is_new_group && $shortname == 'name' && $value != $group->name) {
+ $group_name = html_entity_decode($value, ENT_QUOTES, 'UTF-8');
+ $ac_name = sanitize_string(elgg_echo('groups:group') . ": " . $group_name);
+ $acl = get_access_collection($group->group_acl);
+ if ($acl) {
+ // @todo Elgg api does not support updating access collection name
+ $db_prefix = elgg_get_config('dbprefix');
+ $query = "UPDATE {$db_prefix}access_collections SET name = '$ac_name'
+ WHERE id = $group->group_acl";
+ update_data($query);
+ }
+ }
+
$group->$shortname = $value;
}
}
@@ -56,47 +75,66 @@ if (sizeof($input) > 0) {
// Validate create
if (!$group->name) {
register_error(elgg_echo("groups:notitle"));
-
forward(REFERER);
}
// Set group tool options
-if (isset($CONFIG->group_tool_options)) {
- foreach ($CONFIG->group_tool_options as $group_option) {
- $group_option_toggle_name = $group_option->name . "_enable";
- if ($group_option->default_on) {
- $group_option_default_value = 'yes';
- } else {
- $group_option_default_value = 'no';
- }
- $group->$group_option_toggle_name = get_input($group_option_toggle_name, $group_option_default_value);
+$tool_options = elgg_get_config('group_tool_options');
+if ($tool_options) {
+ foreach ($tool_options as $group_option) {
+ $option_toggle_name = $group_option->name . "_enable";
+ $option_default = $group_option->default_on ? 'yes' : 'no';
+ $group->$option_toggle_name = get_input($option_toggle_name, $option_default);
}
}
// Group membership - should these be treated with same constants as access permissions?
-switch (get_input('membership')) {
- case ACCESS_PUBLIC:
- $group->membership = ACCESS_PUBLIC;
- break;
- default:
- $group->membership = ACCESS_PRIVATE;
-}
+$is_public_membership = (get_input('membership') == ACCESS_PUBLIC);
+$group->membership = $is_public_membership ? ACCESS_PUBLIC : ACCESS_PRIVATE;
-if ($new_group_flag) {
+if ($is_new_group) {
$group->access_id = ACCESS_PUBLIC;
}
-$group->save();
+$old_owner_guid = $is_new_group ? 0 : $group->owner_guid;
+$new_owner_guid = (int) get_input('owner_guid');
+
+$owner_has_changed = false;
+$old_icontime = null;
+if (!$is_new_group && $new_owner_guid && $new_owner_guid != $old_owner_guid) {
+ // verify new owner is member and old owner/admin is logged in
+ if (is_group_member($group_guid, $new_owner_guid) && ($old_owner_guid == $user->guid || $user->isAdmin())) {
+ $group->owner_guid = $new_owner_guid;
+ $group->container_guid = $new_owner_guid;
+
+ $metadata = elgg_get_metadata(array(
+ 'guid' => $group_guid,
+ 'limit' => false,
+ ));
+ if ($metadata) {
+ foreach ($metadata as $md) {
+ if ($md->owner_guid == $old_owner_guid) {
+ $md->owner_guid = $new_owner_guid;
+ $md->save();
+ }
+ }
+ }
-// group creator needs to be member of new group and river entry created
-if ($new_group_flag) {
- set_page_owner($group->guid);
- $group->join($user);
- add_to_river('river/group/create', 'create', $user->guid, $group->guid);
+ // @todo Remove this when #4683 fixed
+ $owner_has_changed = true;
+ $old_icontime = $group->icontime;
+ }
}
+$must_move_icons = ($owner_has_changed && $old_icontime);
+
+$group->save();
+
// Invisible group support
+// @todo this requires save to be called to create the acl for the group. This
+// is an odd requirement and should be removed. Either the acl creation happens
+// in the action or the visibility moves to a plugin hook
if (elgg_get_plugin_setting('hidden_groups', 'groups') == 'yes') {
$visibility = (int)get_input('vis', '', false);
if ($visibility != ACCESS_PUBLIC && $visibility != ACCESS_LOGGED_IN) {
@@ -105,12 +143,27 @@ if (elgg_get_plugin_setting('hidden_groups', 'groups') == 'yes') {
if ($group->access_id != $visibility) {
$group->access_id = $visibility;
- $group->save();
}
}
-// Now see if we have a file icon
-if ((isset($_FILES['icon'])) && (substr_count($_FILES['icon']['type'],'image/'))) {
+$group->save();
+
+// group saved so clear sticky form
+elgg_clear_sticky_form('groups');
+
+// group creator needs to be member of new group and river entry created
+if ($is_new_group) {
+
+ // @todo this should not be necessary...
+ elgg_set_page_owner_guid($group->guid);
+
+ $group->join($user);
+ add_to_river('river/group/create', 'create', $user->guid, $group->guid, $group->access_id);
+}
+
+$has_uploaded_icon = (!empty($_FILES['icon']['type']) && substr_count($_FILES['icon']['type'], 'image/'));
+
+if ($has_uploaded_icon) {
$icon_sizes = elgg_get_config('icon_sizes');
@@ -122,38 +175,58 @@ if ((isset($_FILES['icon'])) && (substr_count($_FILES['icon']['type'],'image/'))
$filehandler->open("write");
$filehandler->write(get_uploaded_file('icon'));
$filehandler->close();
+ $filename = $filehandler->getFilenameOnFilestore();
+
+ $sizes = array('tiny', 'small', 'medium', 'large');
+
+ $thumbs = array();
+ foreach ($sizes as $size) {
+ $thumbs[$size] = get_resized_image_from_existing_file(
+ $filename,
+ $icon_sizes[$size]['w'],
+ $icon_sizes[$size]['h'],
+ $icon_sizes[$size]['square']
+ );
+ }
- $thumbtiny = get_resized_image_from_existing_file($filehandler->getFilenameOnFilestore(), $icon_sizes['tiny']['w'], $icon_sizes['tiny']['h'], $icon_sizes['tiny']['square']);
- $thumbsmall = get_resized_image_from_existing_file($filehandler->getFilenameOnFilestore(), $icon_sizes['small']['w'], $icon_sizes['small']['h'], $icon_sizes['small']['square']);
- $thumbmedium = get_resized_image_from_existing_file($filehandler->getFilenameOnFilestore(), $icon_sizes['medium']['w'], $icon_sizes['medium']['h'], $icon_sizes['medium']['square']);
- $thumblarge = get_resized_image_from_existing_file($filehandler->getFilenameOnFilestore(), $icon_sizes['large']['w'], $icon_sizes['large']['h'], $icon_sizes['large']['square']);
- if ($thumbtiny) {
-
+ if ($thumbs['tiny']) { // just checking if resize successful
$thumb = new ElggFile();
$thumb->owner_guid = $group->owner_guid;
$thumb->setMimeType('image/jpeg');
- $thumb->setFilename($prefix."tiny.jpg");
- $thumb->open("write");
- $thumb->write($thumbtiny);
- $thumb->close();
+ foreach ($sizes as $size) {
+ $thumb->setFilename("{$prefix}{$size}.jpg");
+ $thumb->open("write");
+ $thumb->write($thumbs[$size]);
+ $thumb->close();
+ }
+
+ $group->icontime = time();
+ }
+}
- $thumb->setFilename($prefix."small.jpg");
- $thumb->open("write");
- $thumb->write($thumbsmall);
- $thumb->close();
+// @todo Remove this when #4683 fixed
+if ($must_move_icons) {
+ $filehandler = new ElggFile();
+ $filehandler->setFilename('groups');
+ $filehandler->owner_guid = $old_owner_guid;
+ $old_path = $filehandler->getFilenameOnFilestore();
- $thumb->setFilename($prefix."medium.jpg");
- $thumb->open("write");
- $thumb->write($thumbmedium);
- $thumb->close();
+ $sizes = array('', 'tiny', 'small', 'medium', 'large');
- $thumb->setFilename($prefix."large.jpg");
- $thumb->open("write");
- $thumb->write($thumblarge);
- $thumb->close();
+ if ($has_uploaded_icon) {
+ // delete those under old owner
+ foreach ($sizes as $size) {
+ unlink("$old_path/{$group_guid}{$size}.jpg");
+ }
+ } else {
+ // move existing to new owner
+ $filehandler->owner_guid = $group->owner_guid;
+ $new_path = $filehandler->getFilenameOnFilestore();
- $group->icontime = time();
+ foreach ($sizes as $size) {
+ rename("$old_path/{$group_guid}{$size}.jpg", "$new_path/{$group_guid}{$size}.jpg");
+ }
}
}
diff --git a/mod/groups/actions/groups/membership/delete_invite.php b/mod/groups/actions/groups/membership/delete_invite.php
index 4b654f0b6..d21aa0309 100644
--- a/mod/groups/actions/groups/membership/delete_invite.php
+++ b/mod/groups/actions/groups/membership/delete_invite.php
@@ -9,7 +9,11 @@ $user_guid = get_input('user_guid', elgg_get_logged_in_user_guid());
$group_guid = get_input('group_guid');
$user = get_entity($user_guid);
+
+// invisible groups require overriding access to delete invite
+$old_access = elgg_set_ignore_access(true);
$group = get_entity($group_guid);
+elgg_set_ignore_access($old_access);
// If join request made
if (check_entity_relationship($group->guid, 'invited', $user->guid)) {
diff --git a/mod/groups/actions/groups/membership/invite.php b/mod/groups/actions/groups/membership/invite.php
index db90ecf3a..a96165b0e 100644
--- a/mod/groups/actions/groups/membership/invite.php
+++ b/mod/groups/actions/groups/membership/invite.php
@@ -7,43 +7,48 @@
$logged_in_user = elgg_get_logged_in_user_entity();
-$user_guid = get_input('user_guid');
-if (!is_array($user_guid)) {
- $user_guid = array($user_guid);
+$user_guids = get_input('user_guid');
+if (!is_array($user_guids)) {
+ $user_guids = array($user_guids);
}
$group_guid = get_input('group_guid');
+$group = get_entity($group_guid);
-if (sizeof($user_guid)) {
- foreach ($user_guid as $u_id) {
- $user = get_entity($u_id);
- $group = get_entity($group_guid);
-
- if ($user && $group && ($group instanceof ElggGroup) && $group->canEdit()) {
-
- if (!check_entity_relationship($group->guid, 'invited', $user->guid)) {
-
- // Create relationship
- add_entity_relationship($group->guid, 'invited', $user->guid);
-
- // Send email
- $url = elgg_normalize_url("groups/invitations/$user->username");
- $result = notify_user($user->getGUID(), $group->owner_guid,
- elgg_echo('groups:invite:subject', array($user->name, $group->name)),
- elgg_echo('groups:invite:body', array(
- $user->name,
- $logged_in_user->name,
- $group->name,
- $url,
- )),
- NULL);
- if ($result) {
- system_message(elgg_echo("groups:userinvited"));
- } else {
- register_error(elgg_echo("groups:usernotinvited"));
- }
- } else {
- register_error(elgg_echo("groups:useralreadyinvited"));
- }
+if (count($user_guids) > 0 && elgg_instanceof($group, 'group') && $group->canEdit()) {
+ foreach ($user_guids as $guid) {
+ $user = get_user($guid);
+ if (!$user) {
+ continue;
+ }
+
+ if (check_entity_relationship($group->guid, 'invited', $user->guid)) {
+ register_error(elgg_echo("groups:useralreadyinvited"));
+ continue;
+ }
+
+ if (check_entity_relationship($user->guid, 'member', $group->guid)) {
+ // @todo add error message
+ continue;
+ }
+
+ // Create relationship
+ add_entity_relationship($group->guid, 'invited', $user->guid);
+
+ // Send notification
+ $url = elgg_normalize_url("groups/invitations/$user->username");
+ $result = notify_user($user->getGUID(), $group->owner_guid,
+ elgg_echo('groups:invite:subject', array($user->name, $group->name)),
+ elgg_echo('groups:invite:body', array(
+ $user->name,
+ $logged_in_user->name,
+ $group->name,
+ $url,
+ )),
+ NULL);
+ if ($result) {
+ system_message(elgg_echo("groups:userinvited"));
+ } else {
+ register_error(elgg_echo("groups:usernotinvited"));
}
}
}
diff --git a/mod/groups/actions/groups/membership/leave.php b/mod/groups/actions/groups/membership/leave.php
index 390870df1..4f34c7dde 100644
--- a/mod/groups/actions/groups/membership/leave.php
+++ b/mod/groups/actions/groups/membership/leave.php
@@ -17,7 +17,7 @@ if (!$user_guid) {
$group = get_entity($group_guid);
-set_page_owner($group->guid);
+elgg_set_page_owner_guid($group->guid);
if (($user instanceof ElggUser) && ($group instanceof ElggGroup)) {
if ($group->getOwnerGUID() != elgg_get_logged_in_user_guid()) {
generated by cgit v1.2.3 (git 2.39.1) at 2025-12-10 00:13:15 +0000