From 367616f979405241eb432250644e2b172f152075 Mon Sep 17 00:00:00 2001
From: icewing <icewing@36083f99-b078-4883-b0ff-0f9b5a30f544>
Date: Mon, 2 Jun 2008 16:31:54 +0000
Subject: Marcus Povey <marcus@dushka.co.uk> * Added access control shorthand
 function. REPLACE THIS WHEN QUERY OBJECT COMPLETE

git-svn-id: https://code.elgg.org/elgg/trunk@776 36083f99-b078-4883-b0ff-0f9b5a30f544
---
 engine/lib/access.php | 26 ++++++++++++++++++++++++++
 1 file changed, 26 insertions(+)

(limited to 'engine/lib/access.php')

diff --git a/engine/lib/access.php b/engine/lib/access.php
index e39a9f165..5205b7a55 100644
--- a/engine/lib/access.php
+++ b/engine/lib/access.php
@@ -86,6 +86,32 @@
 			
 			return $access_array[$user_id];
 			
+		}
+		
+		/**
+		 * Add access restriction sql code to a given query.
+		 * 
+		 * Note that if this code is executed in privileged mode it will return blank.
+		 * 
+		 * TODO: DELETE once Query classes are fully integrated
+		 * 
+		 * @param string $table_prefix Optional xxx. prefix for the access code.
+		 */
+		function get_access_sql_suffix($table_prefix = "")
+		{
+			$sql = "";
+			
+			if (!is_privileged())
+			{
+				$access = get_access_list();
+				
+				if ($table_prefix)
+					$table_prefix = sanitise_string($table_prefix) . ".";
+					
+				$sql = " and ({$table_prefix}access_id in {$access} or ({$table_prefix}access_id = 0 and {$table_prefix}owner_guid = {$_SESSION['id']}))";
+			}
+			
+			return $sql;
 		}
 		
 		/**
-- 
cgit v1.2.3