From 8916fcdca6a2950d210abd2db7e6fb104abec149 Mon Sep 17 00:00:00 2001
From: Steve Clay <steve@mrclay.org>
Date: Fri, 7 Sep 2012 01:38:03 -0400
Subject: Fixes #4789: group_gatekeeper() and river hide closed/invisible group
 content more reliably

---
 engine/lib/group.php | 56 +++++++++++++++++++++++-----------------------------
 1 file changed, 25 insertions(+), 31 deletions(-)

(limited to 'engine/lib/group.php')

diff --git a/engine/lib/group.php b/engine/lib/group.php
index feb1f1e7f..b81146e61 100644
--- a/engine/lib/group.php
+++ b/engine/lib/group.php
@@ -247,48 +247,42 @@ function get_users_membership($user_guid) {
 }
 
 /**
- * Checks access to a group.
+ * May the current user access item(s) on this page? If the page owner is a group,
+ * membership, visibility, and logged in status are taken into account.
  *
  * @param boolean $forward If set to true (default), will forward the page;
  *                         if set to false, will return true or false.
  *
- * @return true|false If $forward is set to false.
+ * @return bool If $forward is set to false.
  */
 function group_gatekeeper($forward = true) {
-	$allowed = true;
-	$url = '';
-
-	if ($group = elgg_get_page_owner_entity()) {
-		if ($group instanceof ElggGroup) {
-			$url = $group->getURL();
-			if (!$group->isPublicMembership()) {
-				// closed group so must be member or an admin
-
-				if (!elgg_is_logged_in()) {
-					$allowed = false;
-					if ($forward == true) {
-						$_SESSION['last_forward_from'] = current_page_url();
-						register_error(elgg_echo('loggedinrequired'));
-						forward('', 'login');
-					}
-				} else if (!$group->isMember(elgg_get_logged_in_user_entity())) {
-					$allowed = false;
-				}
 
-				// Admin override
-				if (elgg_is_admin_logged_in()) {
-					$allowed = true;
-				}
-			}
-		}
+	$page_owner_guid = elgg_get_page_owner_guid();
+	if (!$page_owner_guid) {
+		return true;
 	}
+	$visibility = ElggGroupItemVisibility::factory($page_owner_guid);
 
-	if ($forward && $allowed == false) {
-		register_error(elgg_echo('membershiprequired'));
-		forward($url, 'member');
+	if (!$visibility->shouldHideItems) {
+		return true;
 	}
+	if ($forward) {
+		// only forward to group if user can see it
+		$group = get_entity($page_owner_guid);
+		$forward_url = $group ? $group->getURL() : '';
+
+		if ($visibility->reasonHidden !== ElggGroupItemVisibility::REASON_MEMBERSHIP) {
+			$_SESSION['last_forward_from'] = current_page_url();
+			$forward_reason = 'login';
+		} else {
+			$forward_reason = 'member';
+		}
 
-	return $allowed;
+		register_error(elgg_echo($visibility->reasonHidden));
+		forward($forward_url, $forward_reason);
+	}
+
+	return false;
 }
 
 /**
-- 
cgit v1.2.3


From a0005033ac0d69ef462ff27394cd1c34d5dd5fab Mon Sep 17 00:00:00 2001
From: Steve Clay <steve@mrclay.org>
Date: Fri, 7 Sep 2012 02:20:56 -0400
Subject: Better logic for when to forward to login

---
 engine/classes/ElggGroupItemVisibility.php | 10 ++++++++++
 engine/lib/group.php                       |  2 +-
 2 files changed, 11 insertions(+), 1 deletion(-)

(limited to 'engine/lib/group.php')

diff --git a/engine/classes/ElggGroupItemVisibility.php b/engine/classes/ElggGroupItemVisibility.php
index 2c7e2abb4..743c935da 100644
--- a/engine/classes/ElggGroupItemVisibility.php
+++ b/engine/classes/ElggGroupItemVisibility.php
@@ -26,6 +26,11 @@ class ElggGroupItemVisibility {
 	 */
 	public $reasonHidden = '';
 
+	/**
+	 * @var bool
+	 */
+	public $requireLogin = false;
+
 	/**
 	 * Determine visibility of items within a container for the current user
 	 *
@@ -86,6 +91,11 @@ class ElggGroupItemVisibility {
 					$ret->reasonHidden = self::REASON_NOACCESS;
 				}
 			}
+
+			if ($ret->shouldHideItems && !$user) {
+				$ret->requireLogin = true;
+			}
+
 			$cache[$cache_key] = $ret;
 		}
 		return $cache[$cache_key];
diff --git a/engine/lib/group.php b/engine/lib/group.php
index b81146e61..b32c4bd48 100644
--- a/engine/lib/group.php
+++ b/engine/lib/group.php
@@ -271,7 +271,7 @@ function group_gatekeeper($forward = true) {
 		$group = get_entity($page_owner_guid);
 		$forward_url = $group ? $group->getURL() : '';
 
-		if ($visibility->reasonHidden !== ElggGroupItemVisibility::REASON_MEMBERSHIP) {
+		if (!elgg_is_logged_in()) {
 			$_SESSION['last_forward_from'] = current_page_url();
 			$forward_reason = 'login';
 		} else {
-- 
cgit v1.2.3


From f6cdb29d2ca93ac1a4aaafdf54fd2ed0e89291af Mon Sep 17 00:00:00 2001
From: cash <cash.costello@gmail.com>
Date: Sat, 8 Dec 2012 11:37:03 -0500
Subject: Fixes #4806 make the create_<subtype>_entity() functions private

---
 engine/lib/group.php   | 1 +
 engine/lib/objects.php | 1 +
 engine/lib/sites.php   | 1 +
 engine/lib/users.php   | 1 +
 4 files changed, 4 insertions(+)

(limited to 'engine/lib/group.php')

diff --git a/engine/lib/group.php b/engine/lib/group.php
index feb1f1e7f..852c08de9 100644
--- a/engine/lib/group.php
+++ b/engine/lib/group.php
@@ -33,6 +33,7 @@ function get_group_entity_as_row($guid) {
  * @param string $description Description
  *
  * @return bool
+ * @access private
  */
 function create_group_entity($guid, $name, $description) {
 	global $CONFIG;
diff --git a/engine/lib/objects.php b/engine/lib/objects.php
index f186c66cb..e5e8f67c4 100644
--- a/engine/lib/objects.php
+++ b/engine/lib/objects.php
@@ -31,6 +31,7 @@ function get_object_entity_as_row($guid) {
  * @param string $description The object's description
  *
  * @return bool
+ * @access private
  */
 function create_object_entity($guid, $title, $description) {
 	global $CONFIG;
diff --git a/engine/lib/sites.php b/engine/lib/sites.php
index 8b772668d..d9eb2d25e 100644
--- a/engine/lib/sites.php
+++ b/engine/lib/sites.php
@@ -58,6 +58,7 @@ function get_site_entity_as_row($guid) {
  * @param string $url         URL of the site
  *
  * @return bool
+ * @access private
  */
 function create_site_entity($guid, $name, $description, $url) {
 	global $CONFIG;
diff --git a/engine/lib/users.php b/engine/lib/users.php
index 527eff3cd..95ef9d176 100644
--- a/engine/lib/users.php
+++ b/engine/lib/users.php
@@ -44,6 +44,7 @@ function get_user_entity_as_row($guid) {
  * @param string $code     A code
  *
  * @return bool
+ * @access private
  */
 function create_user_entity($guid, $name, $username, $password, $salt, $email, $language, $code) {
 	global $CONFIG;
-- 
cgit v1.2.3