From 8ed11a8881f65339446fccae64864e0d57dfff51 Mon Sep 17 00:00:00 2001 From: Cash Costello Date: Wed, 29 Jun 2011 06:46:51 -0400 Subject: Fixes #3630 using the plugin id for the css id --- actions/admin/plugins/activate.php | 3 ++- actions/admin/plugins/deactivate.php | 3 ++- actions/admin/plugins/set_priority.php | 5 ++--- 3 files changed, 6 insertions(+), 5 deletions(-) (limited to 'actions') diff --git a/actions/admin/plugins/activate.php b/actions/admin/plugins/activate.php index feb986b27..5a945e8eb 100644 --- a/actions/admin/plugins/activate.php +++ b/actions/admin/plugins/activate.php @@ -44,7 +44,8 @@ if (count($activated_guids) === 1) { if ($query) { $url .= "?$query"; } - forward($url . '#elgg-plugin-' . $plugin_guids[0]); + $plugin = get_entity($plugin_guids[0]); + forward("$url#{$plugin->getID()}"); } else { forward(REFERER); } \ No newline at end of file diff --git a/actions/admin/plugins/deactivate.php b/actions/admin/plugins/deactivate.php index 6c9a55c15..f5eca3aaa 100644 --- a/actions/admin/plugins/deactivate.php +++ b/actions/admin/plugins/deactivate.php @@ -43,7 +43,8 @@ if (count($plugin_guids) == 1) { if ($query) { $url .= "?$query"; } - forward($url . '#elgg-plugin-' . $plugin_guids[0]); + $plugin = get_entity($plugin_guids[0]); + forward("$url#{$plugin->getID()}"); } else { forward(REFERER); } diff --git a/actions/admin/plugins/set_priority.php b/actions/admin/plugins/set_priority.php index 702aae91b..1f8bc24af 100644 --- a/actions/admin/plugins/set_priority.php +++ b/actions/admin/plugins/set_priority.php @@ -6,9 +6,8 @@ * overriding as well as the order of view extensions. Plugins with higher * priority are loaded after and override plugins with lower priorities. * - * NOTE: When viewing the admin page (advanced plugin admin in >= 1.8) plugins - * LOWER on the page have HIGHER priority and will override views, etc - * from plugins above them. + * NOTE: When viewing the plugin admin page, plugins LOWER on the page + * have HIGHER priority and will override views, etc from plugins above them. * * @package Elgg.Core * @subpackage Administration.Plugins -- cgit v1.2.3 From de111da23258cd2b513c8f4ab84712ee50272b23 Mon Sep 17 00:00:00 2001 From: Brett Profitt Date: Sun, 3 Jul 2011 17:41:20 -0400 Subject: Merged ACL fixes from 1.7 branch. --- actions/friends/collections/add.php | 38 ++++--- actions/friends/collections/delete.php | 34 +++---- actions/friends/collections/edit.php | 20 ++-- engine/lib/access.php | 169 +++++++++++++++++--------------- engine/tests/api/access_collections.php | 100 ++++++++++++++++++- languages/en.php | 2 + 6 files changed, 231 insertions(+), 132 deletions(-) (limited to 'actions') diff --git a/actions/friends/collections/add.php b/actions/friends/collections/add.php index 8ec6a085f..8383e4db2 100644 --- a/actions/friends/collections/add.php +++ b/actions/friends/collections/add.php @@ -2,35 +2,31 @@ /** * Elgg collection add page * - * @package Elgg.Core - * @subpackage Friends.Collections + * @package Elgg + * @subpackage Core */ $collection_name = get_input('collection_name'); $friends = get_input('friends_collection'); -//first check to make sure that a collection name has been set and create the new colection -if ($collection_name) { +if (!$collection_name) { + register_error(elgg_echo("friends:nocollectionname")); + forward(REFERER); +} - //create the collection - $create_collection = create_access_collection($collection_name, elgg_get_logged_in_user_guid()); +$id = create_access_collection($collection_name); - //if the collection was created and the user passed some friends from the form, add them - if ($create_collection && (!empty($friends))) { - //add friends to the collection - foreach ($friends as $friend) { - add_user_to_access_collection($friend, $create_collection); - } +if ($id) { + $result = update_access_collection($id, $friends); + if ($result) { + system_message(elgg_echo("friends:collectionadded")); + // go to the collections page + forward("pg/collections/" . get_loggedin_user()->username); + } else { + register_error(elgg_echo("friends:nocollectionname")); + forward(REFERER); } - - // Success message - system_message(elgg_echo("friends:collectionadded")); - // Forward to the collections page - forward("collections/" . elgg_get_logged_in_user_entity()->username); - } else { register_error(elgg_echo("friends:nocollectionname")); - - // Forward to the add collection page - forward("collections/add"); + forward(REFERER); } diff --git a/actions/friends/collections/delete.php b/actions/friends/collections/delete.php index fe719d74b..5b0aa8e10 100644 --- a/actions/friends/collections/delete.php +++ b/actions/friends/collections/delete.php @@ -1,36 +1,24 @@ owner_guid == elgg_get_logged_in_user_guid()) { - - $delete_collection = delete_access_collection($collection_id); +// check the ACL exists and we can edit +if (!can_edit_access_collection($collection_id)) { + register_error(elgg_echo("friends:collectiondeletefailed")); + forward(REFERER); +} - // Success message - if ($delete_collection) { - system_message(elgg_echo("friends:collectiondeleted")); - } else { - register_error(elgg_echo("friends:collectiondeletefailed")); - } - } else { - // Failure message - register_error(elgg_echo("friends:collectiondeletefailed")); - } +if (delete_access_collection($collection_id)) { + system_message(elgg_echo("friends:collectiondeleted")); } else { - // Failure message register_error(elgg_echo("friends:collectiondeletefailed")); } -// Forward to the collections page -forward("collections/" . elgg_get_logged_in_user_entity()->username); +forward(REFERER); diff --git a/actions/friends/collections/edit.php b/actions/friends/collections/edit.php index b7fb716f2..581b21353 100644 --- a/actions/friends/collections/edit.php +++ b/actions/friends/collections/edit.php @@ -1,15 +1,23 @@ getGUID(), null, true); + + // don't ignore access when checking users. + if ($user_guid) { + return array_key_exists($collection_id, $write_access); + } else { + return elgg_get_ignore_access() || array_key_exists($collection_id, $write_access); + } +} + +/** + * Creates a new access control collection owned by the specified user. * * Access colletions allow plugins and users to create granular access * for entities. @@ -448,6 +484,7 @@ function create_access_collection($name, $owner_guid = 0, $site_guid = 0) { SET name = '{$name}', owner_guid = {$owner_guid}, site_guid = {$site_guid}"; + if (!$id = insert_data($q)) { return false; } @@ -483,37 +520,31 @@ function create_access_collection($name, $owner_guid = 0, $site_guid = 0) { function update_access_collection($collection_id, $members) { global $CONFIG; - $collection_id = (int) $collection_id; - $members = (is_array($members)) ? $members : array(); + $acl = get_access_collection($collection_id); - $collections = get_write_access_array(); + if (!$acl) { + return false; + } - if (array_key_exists($collection_id, $collections)) { - $cur_members = get_members_of_access_collection($collection_id, true); - $cur_members = (is_array($cur_members)) ? $cur_members : array(); + $members = (is_array($members)) ? $members : array(); - $remove_members = array_diff($cur_members, $members); - $add_members = array_diff($members, $cur_members); + $cur_members = get_members_of_access_collection($collection_id, true); + $cur_members = (is_array($cur_members)) ? $cur_members : array(); - $params = array( - 'collection_id' => $collection_id, - 'members' => $members, - 'add_members' => $add_members, - 'remove_members' => $remove_members - ); + $remove_members = array_diff($cur_members, $members); + $add_members = array_diff($members, $cur_members); - foreach ($add_members as $guid) { - add_user_to_access_collection($guid, $collection_id); - } + $result = true; - foreach ($remove_members as $guid) { - remove_user_from_access_collection($guid, $collection_id); - } + foreach ($add_members as $guid) { + $result = $result && add_user_to_access_collection($guid, $collection_id); + } - return true; + foreach ($remove_members as $guid) { + $result = $result && remove_user_from_access_collection($guid, $collection_id); } - return false; + return $result; } /** @@ -527,27 +558,25 @@ function update_access_collection($collection_id, $members) { * @see update_access_collection() */ function delete_access_collection($collection_id) { + global $CONFIG; + $collection_id = (int) $collection_id; - $collections = get_write_access_array(null, null, TRUE); $params = array('collection_id' => $collection_id); if (!elgg_trigger_plugin_hook('access:collections:deletecollection', 'collection', $params, true)) { return false; } - if (array_key_exists($collection_id, $collections)) { - global $CONFIG; - $query = "delete from {$CONFIG->dbprefix}access_collection_membership" - . " where access_collection_id = {$collection_id}"; - delete_data($query); + // Deleting membership doesn't affect result of deleting ACL. + $q = "DELETE FROM {$CONFIG->dbprefix}access_collection_membership + WHERE access_collection_id = {$collection_id}"; + delete_data($q); - $query = "delete from {$CONFIG->dbprefix}access_collections where id = {$collection_id}"; - delete_data($query); - return true; - } else { - return false; - } + $q = "DELETE FROM {$CONFIG->dbprefix}access_collections + WHERE id = {$collection_id}"; + $result = delete_data($q); + return $result; } /** @@ -584,45 +613,33 @@ function get_access_collection($collection_id) { * @see remove_user_from_access_collection() */ function add_user_to_access_collection($user_guid, $collection_id) { + global $CONFIG; + $collection_id = (int) $collection_id; $user_guid = (int) $user_guid; - $collections = get_write_access_array(); + $user = get_user($user_guid); - if (!($collection = get_access_collection($collection_id))) { - return false; - } + $collection = get_access_collection($collection_id); - $user = get_user($user_guid); - if (!$user) { + if (!($user instanceof Elgguser) || !$collection) { return false; } - // to add someone to a collection, the user must be a member of the collection or - // no one must own it - if ((array_key_exists($collection_id, $collections) || $collection->owner_guid == 0)) { - $result = true; - } else { - $result = false; - } - $params = array( 'collection_id' => $collection_id, - 'collection' => $collection, 'user_guid' => $user_guid ); - $result = elgg_trigger_plugin_hook('access:collections:add_user', 'collection', $params, $result); - if ($result == false) { + if (!elgg_trigger_plugin_hook('access:collections:add_user', 'collection', $params, true)) { return false; } try { - global $CONFIG; - $query = "insert into {$CONFIG->dbprefix}access_collection_membership" - . " set access_collection_id = {$collection_id}, user_guid = {$user_guid}"; - insert_data($query); + $q = "INSERT INTO {$CONFIG->dbprefix}access_collection_membership + SET access_collection_id = {$collection_id}, + user_guid = {$user_guid}"; + insert_data($q); } catch (DatabaseException $e) { - // nothing. return false; } @@ -640,34 +657,32 @@ function add_user_to_access_collection($user_guid, $collection_id) { * @return true|false Depending on success */ function remove_user_from_access_collection($user_guid, $collection_id) { + global $CONFIG; + $collection_id = (int) $collection_id; $user_guid = (int) $user_guid; - $collections = get_write_access_array(); - $user = $user = get_user($user_guid); + $user = get_user($user_guid); - if (!($collection = get_access_collection($collection_id))) { + $collection = get_access_collection($collection_id); + + if (!($user instanceof Elgguser) || !$collection) { return false; } - if ((array_key_exists($collection_id, $collections) || $collection->owner_guid == 0) && $user) { - global $CONFIG; - $params = array( - 'collection_id' => $collection_id, - 'user_guid' => $user_guid - ); - - if (!elgg_trigger_plugin_hook('access:collections:remove_user', 'collection', $params, true)) { - return false; - } - - delete_data("delete from {$CONFIG->dbprefix}access_collection_membership " - . "where access_collection_id = {$collection_id} and user_guid = {$user_guid}"); - - return true; + $params = array( + 'collection_id' => $collection_id, + 'user_guid' => $user_guid + ); + if (!elgg_trigger_plugin_hook('access:collections:remove_user', 'collection', $params, true)) { + return false; } - return false; + $q = "DELETE FROM {$CONFIG->dbprefix}access_collection_membership + WHERE access_collection_id = {$collection_id} + AND user_guid = {$user_guid}"; + + return delete_data($q); } /** @@ -972,4 +987,4 @@ elgg_register_event_handler('init', 'system', 'access_init', 9999); elgg_register_plugin_hook_handler('permissions_check', 'all', 'elgg_override_permissions_hook'); elgg_register_plugin_hook_handler('container_permissions_check', 'all', 'elgg_override_permissions_hook'); -elgg_register_plugin_hook('unit_test', 'system', 'access_test'); +elgg_register_plugin_hook_handler('unit_test', 'system', 'access_test'); diff --git a/engine/tests/api/access_collections.php b/engine/tests/api/access_collections.php index 060587d78..d81589cc1 100644 --- a/engine/tests/api/access_collections.php +++ b/engine/tests/api/access_collections.php @@ -151,20 +151,110 @@ class ElggCoreAccessCollectionsTest extends ElggCoreUnitTest { $user->delete(); } - // groups interface - public function testNewGroupCreateACL() { + public function testCanEditACL() { + $acl_id = create_access_collection('test acl', $this->user->guid); + + // should be true since it's the owner + $result = can_edit_access_collection($acl_id, $this->user->guid); + $this->assertTrue($result); + + // should be true since IA is on. + $ia = elgg_set_ignore_access(true); + $result = can_edit_access_collection($acl_id); + $this->assertTrue($result); + elgg_set_ignore_access($ia); + // should be false since IA is off + $ia = elgg_set_ignore_access(false); + $result = can_edit_access_collection($acl_id); + $this->assertFalse($result); + elgg_set_ignore_access($ia); + + delete_access_collection($acl_id); } - public function testDeleteGroupDeleteACL() { + public function testCanEditACLHook() { + // if only we supported closures! + global $acl_test_info; + + $acl_id = create_access_collection('test acl'); + + $acl_test_info = array( + 'acl_id' => $acl_id, + 'user' => $this->user + ); + + function test_acl_access_hook($hook, $type, $value, $params) { + global $acl_test_info; + if ($params['user_id'] == $acl_test_info['user']->guid) { + $acl = get_access_collection($acl_test_info['acl_id']); + $value[$acl->id] = $acl->name; + } + + return $value; + } + + register_plugin_hook('access:collections:write', 'all', 'test_acl_access_hook'); + + // enable security since we usually run as admin + $ia = elgg_set_ignore_access(false); + $result = can_edit_access_collection($acl_id, $this->user->guid); + $this->assertTrue($result); + $ia = elgg_set_ignore_access($ia); + unregister_plugin_hook('access:collections:write', 'all', 'test_acl_access_hook'); } - public function testJoinGroupJoinACL() { + // groups interface + // only runs if the groups plugin is enabled because implementation is split between + // core and the plugin. + public function testCreateDeleteGroupACL() { + if (!is_plugin_enabled('groups')) { + return; + } + + $group = new ElggGroup(); + $group->name = 'Test group'; + $group->save(); + $acl = get_access_collection($group->group_acl); + // ACLs are owned by groups + $this->assertEqual($acl->owner_guid, $group->guid); + + // removing group and acl + $this->assertTrue($group->delete()); + + $acl = get_access_collection($group->group_acl); + $this->assertFalse($acl); + + $group->delete(); } - public function testLeaveGroupLeaveACL() { + public function testJoinLeaveGroupACL() { + if (!is_plugin_enabled('groups')) { + return; + } + + $group = new ElggGroup(); + $group->name = 'Test group'; + $group->save(); + + $result = $group->join($this->user); + $this->assertTrue($result); + + if ($result) { + $can_edit = can_edit_access_collection($group->group_acl, $this->user->guid); + $this->assertTrue($can_edit); + } + + $result = $group->leave($this->user); + $this->assertTrue($result); + + if ($result) { + $can_edit = can_edit_access_collection($group->group_acl, $this->user->guid); + $this->assertFalse($can_edit); + } + $group->delete(); } } diff --git a/languages/en.php b/languages/en.php index c30a1bdd8..b525a2043 100644 --- a/languages/en.php +++ b/languages/en.php @@ -343,6 +343,8 @@ $english = array( 'friends:nocollectionname' => "You need to give your collection a name before it can be created.", 'friends:collections:members' => "Collection members", 'friends:collections:edit' => "Edit collection", + 'friends:collections:edited' => "Saved collection", + 'friends:collection:edit_failed' => 'Could not save collection.', 'friendspicker:chararray' => 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', -- cgit v1.2.3 From b4f9682d2dae28db4ee183909be3ae439be2a858 Mon Sep 17 00:00:00 2001 From: Cash Costello Date: Wed, 6 Jul 2011 07:51:51 -0400 Subject: Fixes #2204 standardized the hooks/overrides for plugin settings and usersettings --- actions/plugins/settings/save.php | 4 ++-- actions/plugins/usersettings/save.php | 4 ++-- engine/classes/ElggPlugin.php | 13 +++++++------ 3 files changed, 11 insertions(+), 10 deletions(-) (limited to 'actions') diff --git a/actions/plugins/settings/save.php b/actions/plugins/settings/save.php index 3b5694039..e94127f7c 100644 --- a/actions/plugins/settings/save.php +++ b/actions/plugins/settings/save.php @@ -26,8 +26,8 @@ $plugin_name = $plugin->getManifest()->getName(); $result = false; // allow a plugin to override the save action for their settings -if (elgg_action_exists("settings/$plugin_id/save")) { - action("settings/$plugin_id/save"); +if (elgg_action_exists("$plugin_id/settings/save")) { + action("$plugin_id/settings/save"); } else { foreach ($params as $k => $v) { $result = $plugin->setSetting($k, $v); diff --git a/actions/plugins/usersettings/save.php b/actions/plugins/usersettings/save.php index c6214f68d..71ad2ad7b 100644 --- a/actions/plugins/usersettings/save.php +++ b/actions/plugins/usersettings/save.php @@ -39,8 +39,8 @@ if (!$user->canEdit()) { $result = false; -if (elgg_action_exists("usersettings/$plugin_id/save")) { - action("usersettings/$plugin_id/save"); +if (elgg_action_exists("$plugin_id/usersettings/save")) { + action("$plugin_id/usersettings/save"); } else { foreach ($params as $k => $v) { // Save diff --git a/engine/classes/ElggPlugin.php b/engine/classes/ElggPlugin.php index e46ac4273..d837431fc 100644 --- a/engine/classes/ElggPlugin.php +++ b/engine/classes/ElggPlugin.php @@ -315,9 +315,9 @@ class ElggPlugin extends ElggObject { return false; } // Hook to validate setting - $value = elgg_trigger_plugin_hook('plugin:setting', 'plugin', array( - 'plugin' => $this->pluginID, - 'plugin_object' => $this, + $value = elgg_trigger_plugin_hook('setting', 'plugin', array( + 'plugin_id' => $this->pluginID, + 'plugin' => $this, 'name' => $name, 'value' => $value ), $value); @@ -454,10 +454,11 @@ class ElggPlugin extends ElggObject { } // Hook to validate setting - // note this doesn't pass the namespaced name! - $value = elgg_trigger_plugin_hook('plugin:usersetting', 'user', array( + // note: this doesn't pass the namespaced name + $value = elgg_trigger_plugin_hook('usersetting', 'plugin', array( 'user' => $user, - 'plugin' => $this->getID(), + 'plugin' => $this, + 'plugin_id' => $this->getID(), 'name' => $name, 'value' => $value ), $value); -- cgit v1.2.3 From 3e318bdeda941f78e9ae7b78bf337f67c4475849 Mon Sep 17 00:00:00 2001 From: Brett Profitt Date: Wed, 6 Jul 2011 21:08:03 -0400 Subject: Revert "Merged ACL fixes from 1.7 branch." This reverts commit de111da23258cd2b513c8f4ab84712ee50272b23. Reverted because of problems in how 1.8 populates the access dropdown. --- actions/friends/collections/add.php | 38 ++++---- actions/friends/collections/delete.php | 34 ++++--- actions/friends/collections/edit.php | 20 ++-- engine/lib/access.php | 167 +++++++++++++++------------------ languages/en.php | 2 - 5 files changed, 126 insertions(+), 135 deletions(-) (limited to 'actions') diff --git a/actions/friends/collections/add.php b/actions/friends/collections/add.php index 8383e4db2..8ec6a085f 100644 --- a/actions/friends/collections/add.php +++ b/actions/friends/collections/add.php @@ -2,31 +2,35 @@ /** * Elgg collection add page * - * @package Elgg - * @subpackage Core + * @package Elgg.Core + * @subpackage Friends.Collections */ $collection_name = get_input('collection_name'); $friends = get_input('friends_collection'); -if (!$collection_name) { - register_error(elgg_echo("friends:nocollectionname")); - forward(REFERER); -} +//first check to make sure that a collection name has been set and create the new colection +if ($collection_name) { -$id = create_access_collection($collection_name); + //create the collection + $create_collection = create_access_collection($collection_name, elgg_get_logged_in_user_guid()); -if ($id) { - $result = update_access_collection($id, $friends); - if ($result) { - system_message(elgg_echo("friends:collectionadded")); - // go to the collections page - forward("pg/collections/" . get_loggedin_user()->username); - } else { - register_error(elgg_echo("friends:nocollectionname")); - forward(REFERER); + //if the collection was created and the user passed some friends from the form, add them + if ($create_collection && (!empty($friends))) { + //add friends to the collection + foreach ($friends as $friend) { + add_user_to_access_collection($friend, $create_collection); + } } + + // Success message + system_message(elgg_echo("friends:collectionadded")); + // Forward to the collections page + forward("collections/" . elgg_get_logged_in_user_entity()->username); + } else { register_error(elgg_echo("friends:nocollectionname")); - forward(REFERER); + + // Forward to the add collection page + forward("collections/add"); } diff --git a/actions/friends/collections/delete.php b/actions/friends/collections/delete.php index 5b0aa8e10..fe719d74b 100644 --- a/actions/friends/collections/delete.php +++ b/actions/friends/collections/delete.php @@ -1,24 +1,36 @@ owner_guid == elgg_get_logged_in_user_guid()) { + + $delete_collection = delete_access_collection($collection_id); -if (delete_access_collection($collection_id)) { - system_message(elgg_echo("friends:collectiondeleted")); + // Success message + if ($delete_collection) { + system_message(elgg_echo("friends:collectiondeleted")); + } else { + register_error(elgg_echo("friends:collectiondeletefailed")); + } + } else { + // Failure message + register_error(elgg_echo("friends:collectiondeletefailed")); + } } else { + // Failure message register_error(elgg_echo("friends:collectiondeletefailed")); } -forward(REFERER); +// Forward to the collections page +forward("collections/" . elgg_get_logged_in_user_entity()->username); diff --git a/actions/friends/collections/edit.php b/actions/friends/collections/edit.php index 581b21353..b7fb716f2 100644 --- a/actions/friends/collections/edit.php +++ b/actions/friends/collections/edit.php @@ -1,23 +1,15 @@ getGUID(), null, true); - - // don't ignore access when checking users. - if ($user_guid) { - return array_key_exists($collection_id, $write_access); - } else { - return elgg_get_ignore_access() || array_key_exists($collection_id, $write_access); - } -} - -/** - * Creates a new access control collection owned by the specified user. + * Creates a new access collection. * * Access colletions allow plugins and users to create granular access * for entities. @@ -484,7 +448,6 @@ function create_access_collection($name, $owner_guid = 0, $site_guid = 0) { SET name = '{$name}', owner_guid = {$owner_guid}, site_guid = {$site_guid}"; - if (!$id = insert_data($q)) { return false; } @@ -520,31 +483,37 @@ function create_access_collection($name, $owner_guid = 0, $site_guid = 0) { function update_access_collection($collection_id, $members) { global $CONFIG; - $acl = get_access_collection($collection_id); + $collection_id = (int) $collection_id; + $members = (is_array($members)) ? $members : array(); - if (!$acl) { - return false; - } + $collections = get_write_access_array(); - $members = (is_array($members)) ? $members : array(); + if (array_key_exists($collection_id, $collections)) { + $cur_members = get_members_of_access_collection($collection_id, true); + $cur_members = (is_array($cur_members)) ? $cur_members : array(); - $cur_members = get_members_of_access_collection($collection_id, true); - $cur_members = (is_array($cur_members)) ? $cur_members : array(); + $remove_members = array_diff($cur_members, $members); + $add_members = array_diff($members, $cur_members); - $remove_members = array_diff($cur_members, $members); - $add_members = array_diff($members, $cur_members); + $params = array( + 'collection_id' => $collection_id, + 'members' => $members, + 'add_members' => $add_members, + 'remove_members' => $remove_members + ); - $result = true; + foreach ($add_members as $guid) { + add_user_to_access_collection($guid, $collection_id); + } - foreach ($add_members as $guid) { - $result = $result && add_user_to_access_collection($guid, $collection_id); - } + foreach ($remove_members as $guid) { + remove_user_from_access_collection($guid, $collection_id); + } - foreach ($remove_members as $guid) { - $result = $result && remove_user_from_access_collection($guid, $collection_id); + return true; } - return $result; + return false; } /** @@ -558,25 +527,27 @@ function update_access_collection($collection_id, $members) { * @see update_access_collection() */ function delete_access_collection($collection_id) { - global $CONFIG; - $collection_id = (int) $collection_id; + $collections = get_write_access_array(null, null, TRUE); $params = array('collection_id' => $collection_id); if (!elgg_trigger_plugin_hook('access:collections:deletecollection', 'collection', $params, true)) { return false; } - // Deleting membership doesn't affect result of deleting ACL. - $q = "DELETE FROM {$CONFIG->dbprefix}access_collection_membership - WHERE access_collection_id = {$collection_id}"; - delete_data($q); + if (array_key_exists($collection_id, $collections)) { + global $CONFIG; + $query = "delete from {$CONFIG->dbprefix}access_collection_membership" + . " where access_collection_id = {$collection_id}"; + delete_data($query); - $q = "DELETE FROM {$CONFIG->dbprefix}access_collections - WHERE id = {$collection_id}"; - $result = delete_data($q); + $query = "delete from {$CONFIG->dbprefix}access_collections where id = {$collection_id}"; + delete_data($query); + return true; + } else { + return false; + } - return $result; } /** @@ -613,33 +584,45 @@ function get_access_collection($collection_id) { * @see remove_user_from_access_collection() */ function add_user_to_access_collection($user_guid, $collection_id) { - global $CONFIG; - $collection_id = (int) $collection_id; $user_guid = (int) $user_guid; - $user = get_user($user_guid); + $collections = get_write_access_array(); - $collection = get_access_collection($collection_id); + if (!($collection = get_access_collection($collection_id))) { + return false; + } - if (!($user instanceof Elgguser) || !$collection) { + $user = get_user($user_guid); + if (!$user) { return false; } + // to add someone to a collection, the user must be a member of the collection or + // no one must own it + if ((array_key_exists($collection_id, $collections) || $collection->owner_guid == 0)) { + $result = true; + } else { + $result = false; + } + $params = array( 'collection_id' => $collection_id, + 'collection' => $collection, 'user_guid' => $user_guid ); - if (!elgg_trigger_plugin_hook('access:collections:add_user', 'collection', $params, true)) { + $result = elgg_trigger_plugin_hook('access:collections:add_user', 'collection', $params, $result); + if ($result == false) { return false; } try { - $q = "INSERT INTO {$CONFIG->dbprefix}access_collection_membership - SET access_collection_id = {$collection_id}, - user_guid = {$user_guid}"; - insert_data($q); + global $CONFIG; + $query = "insert into {$CONFIG->dbprefix}access_collection_membership" + . " set access_collection_id = {$collection_id}, user_guid = {$user_guid}"; + insert_data($query); } catch (DatabaseException $e) { + // nothing. return false; } @@ -657,32 +640,34 @@ function add_user_to_access_collection($user_guid, $collection_id) { * @return true|false Depending on success */ function remove_user_from_access_collection($user_guid, $collection_id) { - global $CONFIG; - $collection_id = (int) $collection_id; $user_guid = (int) $user_guid; - $user = get_user($user_guid); + $collections = get_write_access_array(); + $user = $user = get_user($user_guid); - $collection = get_access_collection($collection_id); - - if (!($user instanceof Elgguser) || !$collection) { + if (!($collection = get_access_collection($collection_id))) { return false; } - $params = array( - 'collection_id' => $collection_id, - 'user_guid' => $user_guid - ); + if ((array_key_exists($collection_id, $collections) || $collection->owner_guid == 0) && $user) { + global $CONFIG; + $params = array( + 'collection_id' => $collection_id, + 'user_guid' => $user_guid + ); - if (!elgg_trigger_plugin_hook('access:collections:remove_user', 'collection', $params, true)) { - return false; - } + if (!elgg_trigger_plugin_hook('access:collections:remove_user', 'collection', $params, true)) { + return false; + } - $q = "DELETE FROM {$CONFIG->dbprefix}access_collection_membership - WHERE access_collection_id = {$collection_id} - AND user_guid = {$user_guid}"; + delete_data("delete from {$CONFIG->dbprefix}access_collection_membership " + . "where access_collection_id = {$collection_id} and user_guid = {$user_guid}"); + + return true; - return delete_data($q); + } + + return false; } /** diff --git a/languages/en.php b/languages/en.php index b525a2043..c30a1bdd8 100644 --- a/languages/en.php +++ b/languages/en.php @@ -343,8 +343,6 @@ $english = array( 'friends:nocollectionname' => "You need to give your collection a name before it can be created.", 'friends:collections:members' => "Collection members", 'friends:collections:edit' => "Edit collection", - 'friends:collections:edited' => "Saved collection", - 'friends:collection:edit_failed' => 'Could not save collection.', 'friendspicker:chararray' => 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', -- cgit v1.2.3 From 9988fa588132704d7b54400e4ef1feeadbe0a390 Mon Sep 17 00:00:00 2001 From: Brett Profitt Date: Wed, 24 Aug 2011 15:34:24 -0700 Subject: Refs #3557: Upscaling small icons to 200x200. This doesn't fix the problem if someone uploads a 100x200 image. --- actions/avatar/upload.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'actions') diff --git a/actions/avatar/upload.php b/actions/avatar/upload.php index e21aa49c8..19976ea87 100644 --- a/actions/avatar/upload.php +++ b/actions/avatar/upload.php @@ -17,7 +17,7 @@ $icon_sizes = array( 'tiny' => array('w'=>25, 'h'=>25, 'square'=>TRUE, 'upscale'=>TRUE), 'small' => array('w'=>40, 'h'=>40, 'square'=>TRUE, 'upscale'=>TRUE), 'medium' => array('w'=>100, 'h'=>100, 'square'=>TRUE, 'upscale'=>TRUE), - 'large' => array('w'=>200, 'h'=>200, 'square'=>FALSE, 'upscale'=>FALSE), + 'large' => array('w'=>200, 'h'=>200, 'square'=>FALSE, 'upscale'=>TRUE), 'master' => array('w'=>550, 'h'=>550, 'square'=>FALSE, 'upscale'=>FALSE) ); -- cgit v1.2.3