From 9a53ddf57cdbf557b0d4f21d0fdf01b4b92569c4 Mon Sep 17 00:00:00 2001 From: Brett Profitt Date: Tue, 30 Aug 2011 20:52:12 -0700 Subject: Fixes #3543. Ported access collections fix to master. --- engine/lib/access.php | 190 ++++++++++++++++++++++++++++++-------------------- 1 file changed, 113 insertions(+), 77 deletions(-) (limited to 'engine/lib/access.php') diff --git a/engine/lib/access.php b/engine/lib/access.php index cde3d256f..1a4a22162 100644 --- a/engine/lib/access.php +++ b/engine/lib/access.php @@ -410,6 +410,43 @@ function get_write_access_array($user_id = 0, $site_id = 0, $flush = false) { return $tmp_access_array; } + +/** + * Can the user write to the access collection? + * + * Hook into the access:collections:write, user to change this. + * + * Respects access control disabling for admin users and {@see elgg_set_ignore_access()} + * + * @see get_write_access_array() + * + * @param int $collection_id The collection id + * @param mixed $user_guid The user GUID to check for. Defaults to logged in user. + * @return bool + */ +function can_edit_access_collection($collection_id, $user_guid = null) { + if ($user_guid) { + $user = get_entity((int) $user_guid); + } else { + $user = get_loggedin_user(); + } + + $collection = get_access_collection($collection_id); + + if (!($user instanceof ElggUser) || !$collection) { + return false; + } + + $write_access = get_write_access_array($user->getGUID(), null, true); + + // don't ignore access when checking users. + if ($user_guid) { + return array_key_exists($collection_id, $write_access); + } else { + return elgg_get_ignore_access() || array_key_exists($collection_id, $write_access); + } +} + /** * Creates a new access collection. * @@ -483,37 +520,30 @@ function create_access_collection($name, $owner_guid = 0, $site_guid = 0) { function update_access_collection($collection_id, $members) { global $CONFIG; - $collection_id = (int) $collection_id; - $members = (is_array($members)) ? $members : array(); + $acl = get_access_collection($collection_id); - $collections = get_write_access_array(); - - if (array_key_exists($collection_id, $collections)) { - $cur_members = get_members_of_access_collection($collection_id, true); - $cur_members = (is_array($cur_members)) ? $cur_members : array(); + if (!$acl) { + return false; + } + $members = (is_array($members)) ? $members : array(); - $remove_members = array_diff($cur_members, $members); - $add_members = array_diff($members, $cur_members); + $cur_members = get_members_of_access_collection($collection_id, true); + $cur_members = (is_array($cur_members)) ? $cur_members : array(); - $params = array( - 'collection_id' => $collection_id, - 'members' => $members, - 'add_members' => $add_members, - 'remove_members' => $remove_members - ); + $remove_members = array_diff($cur_members, $members); + $add_members = array_diff($members, $cur_members); - foreach ($add_members as $guid) { - add_user_to_access_collection($guid, $collection_id); - } + $result = true; - foreach ($remove_members as $guid) { - remove_user_from_access_collection($guid, $collection_id); - } + foreach ($add_members as $guid) { + $result = $result && add_user_to_access_collection($guid, $collection_id); + } - return true; + foreach ($remove_members as $guid) { + $result = $result && remove_user_from_access_collection($guid, $collection_id); } - return false; + return $result; } /** @@ -527,27 +557,26 @@ function update_access_collection($collection_id, $members) { * @see update_access_collection() */ function delete_access_collection($collection_id) { + global $CONFIG; + $collection_id = (int) $collection_id; - $collections = get_write_access_array(null, null, TRUE); $params = array('collection_id' => $collection_id); if (!elgg_trigger_plugin_hook('access:collections:deletecollection', 'collection', $params, true)) { return false; } - if (array_key_exists($collection_id, $collections)) { - global $CONFIG; - $query = "delete from {$CONFIG->dbprefix}access_collection_membership" - . " where access_collection_id = {$collection_id}"; - delete_data($query); + // Deleting membership doesn't affect result of deleting ACL. + $q = "DELETE FROM {$CONFIG->dbprefix}access_collection_membership + WHERE access_collection_id = {$collection_id}"; + delete_data($q); + + $q = "DELETE FROM {$CONFIG->dbprefix}access_collections + WHERE id = {$collection_id}"; + $result = delete_data($q); - $query = "delete from {$CONFIG->dbprefix}access_collections where id = {$collection_id}"; - delete_data($query); - return true; - } else { - return false; - } + return $result; } /** @@ -584,45 +613,34 @@ function get_access_collection($collection_id) { * @see remove_user_from_access_collection() */ function add_user_to_access_collection($user_guid, $collection_id) { + global $CONFIG; + $collection_id = (int) $collection_id; $user_guid = (int) $user_guid; - $collections = get_write_access_array(); + $user = get_user($user_guid); - if (!($collection = get_access_collection($collection_id))) { - return false; - } + $collection = get_access_collection($collection_id); - $user = get_user($user_guid); - if (!$user) { + if (!($user instanceof Elgguser) || !$collection) { return false; } - // to add someone to a collection, the user must be a member of the collection or - // no one must own it - if ((array_key_exists($collection_id, $collections) || $collection->owner_guid == 0)) { - $result = true; - } else { - $result = false; - } - $params = array( 'collection_id' => $collection_id, - 'collection' => $collection, 'user_guid' => $user_guid ); - $result = elgg_trigger_plugin_hook('access:collections:add_user', 'collection', $params, $result); + $result = elgg_trigger_plugin_hook('access:collections:add_user', 'collection', $params, true); if ($result == false) { return false; } try { - global $CONFIG; - $query = "insert into {$CONFIG->dbprefix}access_collection_membership" - . " set access_collection_id = {$collection_id}, user_guid = {$user_guid}"; - insert_data($query); + $q = "INSERT INTO {$CONFIG->dbprefix}access_collection_membership + SET access_collection_id = {$collection_id}, + user_guid = {$user_guid}"; + insert_data($q); } catch (DatabaseException $e) { - // nothing. return false; } @@ -640,34 +658,32 @@ function add_user_to_access_collection($user_guid, $collection_id) { * @return true|false Depending on success */ function remove_user_from_access_collection($user_guid, $collection_id) { + global $CONFIG; + $collection_id = (int) $collection_id; $user_guid = (int) $user_guid; - $collections = get_write_access_array(); - $user = $user = get_user($user_guid); + $user = get_user($user_guid); + + $collection = get_access_collection($collection_id); - if (!($collection = get_access_collection($collection_id))) { + if (!($user instanceof Elgguser) || !$collection) { return false; } - if ((array_key_exists($collection_id, $collections) || $collection->owner_guid == 0) && $user) { - global $CONFIG; - $params = array( - 'collection_id' => $collection_id, - 'user_guid' => $user_guid - ); - - if (!elgg_trigger_plugin_hook('access:collections:remove_user', 'collection', $params, true)) { - return false; - } - - delete_data("delete from {$CONFIG->dbprefix}access_collection_membership " - . "where access_collection_id = {$collection_id} and user_guid = {$user_guid}"); - - return true; + $params = array( + 'collection_id' => $collection_id, + 'user_guid' => $user_guid + ); + if (!elgg_trigger_plugin_hook('access:collections:remove_user', 'collection', $params, true)) { + return false; } - return false; + $q = "DELETE FROM {$CONFIG->dbprefix}access_collection_membership + WHERE access_collection_id = {$collection_id} + AND user_guid = {$user_guid}"; + + return delete_data($q); } /** @@ -939,8 +955,17 @@ function access_init() { * @since 1.7.0 * @elgg_event_handler permissions_check all */ -function elgg_override_permissions_hook() { - $user_guid = elgg_get_logged_in_user_guid(); +function elgg_override_permissions_hook($hook, $type, $value, $params) { + $user = elgg_extract('user', $params); + if (!$user) { + $user = elgg_get_logged_in_user(); + } + + if (!$user instanceof ElggUser) { + return false; + } + + $user_guid = $user->guid; // check for admin if ($user_guid && elgg_is_admin_user($user_guid)) { @@ -956,9 +981,20 @@ function elgg_override_permissions_hook() { return NULL; } +/** + * Runs unit tests for the entities object. + */ +function access_test($hook, $type, $value, $params) { + global $CONFIG; + $value[] = $CONFIG->path . 'engine/tests/api/access_collections.php'; + return $value; +} + // This function will let us know when 'init' has finished elgg_register_event_handler('init', 'system', 'access_init', 9999); // For overrided permissions elgg_register_plugin_hook_handler('permissions_check', 'all', 'elgg_override_permissions_hook'); elgg_register_plugin_hook_handler('container_permissions_check', 'all', 'elgg_override_permissions_hook'); + +elgg_register_plugin_hook_handler('unit_test', 'system', 'access_test'); \ No newline at end of file -- cgit v1.2.3 From 4d47ecbb311d556f155ad866bbce358fbfb51218 Mon Sep 17 00:00:00 2001 From: Brett Profitt Date: Sat, 3 Sep 2011 11:49:59 -0700 Subject: Fixed typo in call to function. --- engine/lib/access.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'engine/lib/access.php') diff --git a/engine/lib/access.php b/engine/lib/access.php index 1a4a22162..678c9e77b 100644 --- a/engine/lib/access.php +++ b/engine/lib/access.php @@ -958,7 +958,7 @@ function access_init() { function elgg_override_permissions_hook($hook, $type, $value, $params) { $user = elgg_extract('user', $params); if (!$user) { - $user = elgg_get_logged_in_user(); + $user = elgg_get_logged_in_user_entity(); } if (!$user instanceof ElggUser) { -- cgit v1.2.3 From 4144076f40185ff6fdb0f14441d88e6c700f1e85 Mon Sep 17 00:00:00 2001 From: Brett Profitt Date: Mon, 5 Sep 2011 21:32:36 -0700 Subject: Fixed a stupid problem I introduced in the installation and only just caught >:O --- CHANGES.txt | 3 +++ engine/lib/access.php | 7 ++++--- version.php | 2 +- 3 files changed, 8 insertions(+), 4 deletions(-) (limited to 'engine/lib/access.php') diff --git a/CHANGES.txt b/CHANGES.txt index cccd75d5e..2df4d2637 100644 --- a/CHANGES.txt +++ b/CHANGES.txt @@ -73,6 +73,9 @@ Version 1.8.0 (Jackie) core. The original dashboard can be restored by the new Dashboard plugin. * twitter_service - Replaced by Twitter API. + Elgg 1.8.0.1 was released immediately after 1.8.0 to correct a problem in + installation. + Previous and Merged Changes: diff --git a/engine/lib/access.php b/engine/lib/access.php index 678c9e77b..6da747463 100644 --- a/engine/lib/access.php +++ b/engine/lib/access.php @@ -961,9 +961,10 @@ function elgg_override_permissions_hook($hook, $type, $value, $params) { $user = elgg_get_logged_in_user_entity(); } - if (!$user instanceof ElggUser) { - return false; - } + // don't do this so ignore access still works. +// if (!$user instanceof ElggUser) { +// return false; +// } $user_guid = $user->guid; diff --git a/version.php b/version.php index 932d31961..5bc115d35 100644 --- a/version.php +++ b/version.php @@ -14,4 +14,4 @@ $version = 2011061200; // Human-friendly version name -$release = '1.8.0'; +$release = '1.8.0.1'; -- cgit v1.2.3