From abf321f2fb25d1750c96a67807bcda84a63ba497 Mon Sep 17 00:00:00 2001 From: ben Date: Mon, 23 Feb 2009 10:29:43 +0000 Subject: Added site default access permissions. Refs #744 git-svn-id: https://code.elgg.org/elgg/trunk@2885 36083f99-b078-4883-b0ff-0f9b5a30f544 --- engine/lib/access.php | 110 ++++++++++++++++++++++++++++--------------------- engine/lib/widgets.php | 8 +++- 2 files changed, 68 insertions(+), 50 deletions(-) (limited to 'engine') diff --git a/engine/lib/access.php b/engine/lib/access.php index 77f234dc9..eb00d7543 100644 --- a/engine/lib/access.php +++ b/engine/lib/access.php @@ -53,7 +53,7 @@ function get_access_array($user_id = 0, $site_id = 0, $flush = false) { global $CONFIG, $init_finished; - static $access_array, $acm, $ac; // Caches. $ac* flag whether we have executed a query previously, and stop it being run again if no data is returned. + static $access_array, $acm, $ac; // Caches. $ac* flag whether we have executed a query previously, and stop it being run again if no data is returned. if (!isset($access_array) || (!isset($init_finished)) || (!$init_finished)) $access_array = array(); @@ -72,23 +72,23 @@ $tmp_access_array = array(ACCESS_PUBLIC); if (isloggedin()) { - $tmp_access_array[] = ACCESS_LOGGED_IN; - - // The following can only return sensible data if the user is logged in. + $tmp_access_array[] = ACCESS_LOGGED_IN; + + // The following can only return sensible data if the user is logged in. if ($collections = get_data($query)) { foreach($collections as $collection) - if (!empty($collection->access_collection_id)) $tmp_access_array[] = $collection->access_collection_id; + if (!empty($collection->access_collection_id)) $tmp_access_array[] = $collection->access_collection_id; - } + } $query = "SELECT ag.id FROM {$CONFIG->dbprefix}access_collections ag "; $query .= " WHERE ag.owner_guid = {$user_id} AND (ag.site_guid = {$site_id} OR ag.site_guid = 0)"; - + if ($collections = get_data($query)) { foreach($collections as $collection) if (!empty($collection->id)) $tmp_access_array[] = $collection->id; - } + } global $is_admin; @@ -96,11 +96,11 @@ if (isset($is_admin) && $is_admin == true) { $tmp_access_array[] = ACCESS_PRIVATE; } - - $access_array[$user_id] = $tmp_access_array; + + $access_array[$user_id] = $tmp_access_array; } - else - return $tmp_access_array; // No user id logged in so we can only access public info + else + return $tmp_access_array; // No user id logged in so we can only access public info } else { @@ -110,34 +110,48 @@ return $access_array[$user_id]; } - - /** - * Override the default behaviour and allow results to show hidden entities as well. - * THIS IS A HACK. - * - * TODO: Replace this with query object! - */ - $ENTITY_SHOW_HIDDEN_OVERRIDE = false; - - /** - * This will be replaced. Do not use in plugins! - * - * @param bool $show - */ - function access_show_hidden_entities($show_hidden) - { - global $ENTITY_SHOW_HIDDEN_OVERRIDE; - $ENTITY_SHOW_HIDDEN_OVERRIDE = $show_hidden; - } - - /** - * This will be replaced. Do not use in plugins! - */ - function access_get_show_hidden_status() - { - global $ENTITY_SHOW_HIDDEN_OVERRIDE; - return $ENTITY_SHOW_HIDDEN_OVERRIDE; - } + + /** + * Gets the default access permission for new content + * + * @return int default access id (see ACCESS defines in elgglib.php) + */ + function get_default_access() + { + global $CONFIG; + + // future: if user has a default access set, override site default access + + return $CONFIG->default_access; + } + + /** + * Override the default behaviour and allow results to show hidden entities as well. + * THIS IS A HACK. + * + * TODO: Replace this with query object! + */ + $ENTITY_SHOW_HIDDEN_OVERRIDE = false; + + /** + * This will be replaced. Do not use in plugins! + * + * @param bool $show + */ + function access_show_hidden_entities($show_hidden) + { + global $ENTITY_SHOW_HIDDEN_OVERRIDE; + $ENTITY_SHOW_HIDDEN_OVERRIDE = $show_hidden; + } + + /** + * This will be replaced. Do not use in plugins! + */ + function access_get_show_hidden_status() + { + global $ENTITY_SHOW_HIDDEN_OVERRIDE; + return $ENTITY_SHOW_HIDDEN_OVERRIDE; + } /** * Add access restriction sql code to a given query. @@ -149,17 +163,17 @@ * @param string $table_prefix Optional xxx. prefix for the access code. */ function get_access_sql_suffix($table_prefix = "") - { - global $ENTITY_SHOW_HIDDEN_OVERRIDE; + { + global $ENTITY_SHOW_HIDDEN_OVERRIDE; $sql = ""; if ($table_prefix) $table_prefix = sanitise_string($table_prefix) . "."; - $access = get_access_list(); - - $owner = get_loggedin_userid(); + $access = get_access_list(); + + $owner = get_loggedin_userid(); if (!$owner) $owner = -1; global $is_admin; @@ -171,7 +185,7 @@ if (empty($sql)) $sql = " ({$table_prefix}access_id in {$access} or ({$table_prefix}access_id = " . ACCESS_PRIVATE . " and {$table_prefix}owner_guid = $owner))"; - if (!$ENTITY_SHOW_HIDDEN_OVERRIDE) + if (!$ENTITY_SHOW_HIDDEN_OVERRIDE) $sql .= " and {$table_prefix}enabled='yes'"; return $sql; @@ -332,9 +346,9 @@ if ((array_key_exists($collection_id, $collections) || $collection->owner_guid == 0) && $user = get_user($user_guid)) { - global $CONFIG; + global $CONFIG; try { - insert_data("insert into {$CONFIG->dbprefix}access_collection_membership set access_collection_id = {$collection_id}, user_guid = {$user_guid}"); + insert_data("insert into {$CONFIG->dbprefix}access_collection_membership set access_collection_id = {$collection_id}, user_guid = {$user_guid}"); } catch (DatabaseException $e) {} return true; diff --git a/engine/lib/widgets.php b/engine/lib/widgets.php index 2660cc240..a455f8068 100644 --- a/engine/lib/widgets.php +++ b/engine/lib/widgets.php @@ -232,8 +232,12 @@ $widget = new ElggWidget; $widget->owner_guid = $user_guid; - $widget->access_id = ACCESS_LOGGED_IN; - if (!$widget->save()) + $widget->access_id = get_default_access(); + // private widgets don't makes sense, correct? + if ($widget->access_id == ACCESS_PRIVATE) + $widget->access_id = ACCESS_LOGGED_IN; // change to ACCESS_FRIENDS when implemented + + if (!$widget->save()) return false; $widget->handler = $handler; -- cgit v1.2.3