From 1fd8bd6e296e2b1fc960fde1dd204b6c4e3e8aec Mon Sep 17 00:00:00 2001 From: Evan Winslow Date: Wed, 8 Jun 2011 02:31:30 -0700 Subject: River revamp for 1.8 --- languages/en.php | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'languages/en.php') diff --git a/languages/en.php b/languages/en.php index 46ac19a34..cbe229c26 100644 --- a/languages/en.php +++ b/languages/en.php @@ -344,7 +344,7 @@ $english = array( 'friends:collections:members' => "Collection members", 'friends:collections:edit' => "Edit collection", - 'friends:river:add' => "is now a friend with %s", + 'river:friend:user:default' => "%s is now a friend with %s", 'friendspicker:chararray' => 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', @@ -410,7 +410,7 @@ $english = array( 'river:posted:generic' => '%s posted', 'riveritem:single:user' => 'a user', 'riveritem:plural:user' => 'some users', - 'river:ingroup' => 'to the group %s', + 'river:ingroup' => 'in the group %s', 'river:none' => 'No activity', 'river:widget:title' => "Activity", -- cgit v1.2.3 From eb62ef75732c950ca31868a8d1240be98c95134d Mon Sep 17 00:00:00 2001 From: cash Date: Sun, 19 Jun 2011 20:25:19 -0400 Subject: fixed typo in edit profile fields instructions --- languages/en.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'languages/en.php') diff --git a/languages/en.php b/languages/en.php index dcba9abc3..2e76ee2e7 100644 --- a/languages/en.php +++ b/languages/en.php @@ -383,7 +383,7 @@ $english = array( 'profile:editdefault:delete:success' => 'Default profile item deleted!', 'profile:defaultprofile:reset' => 'Default system profile reset', 'profile:resetdefault' => 'Reset default profile', - 'profile:explainchangefields' => "You can replace the existing profile fields with your own using the form below. \n\n Give the new profile field a label, for example, 'Favorite team', then select the field type (eg. text, url, tags), and click the 'Add' button. To re-order the fields drag on the handle next to the field label. To edit a field label - click on the label's text to make it editable. \n\n At any time you can revert back to the default profile set up, but you will loose any information already entered into custom fields on profile pages.", + 'profile:explainchangefields' => "You can replace the existing profile fields with your own using the form below. \n\n Give the new profile field a label, for example, 'Favorite team', then select the field type (eg. text, url, tags), and click the 'Add' button. To re-order the fields drag on the handle next to the field label. To edit a field label - click on the label's text to make it editable. \n\n At any time you can revert back to the default profile set up, but you will lose any information already entered into custom fields on profile pages.", 'profile:editdefault:success' => 'Item successfully added to default profile', 'profile:editdefault:fail' => 'Default profile could not be saved', -- cgit v1.2.3 From 5e02fd697fd15ae857aa0c2969fd9ea92043a55a Mon Sep 17 00:00:00 2001 From: Cash Costello Date: Fri, 24 Jun 2011 07:21:33 -0400 Subject: fixed the previous commit for the conflict --- languages/en.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'languages/en.php') diff --git a/languages/en.php b/languages/en.php index 7649bcbc3..e7806be27 100644 --- a/languages/en.php +++ b/languages/en.php @@ -403,8 +403,7 @@ $english = array( * River */ 'river' => "River", - 'river:relationship:friend' => 'is now friends with', - 'friends:river:add' => "is now a friend with %s", + 'river:friend:user:default' => "%s is now a friend with %s", 'profile:river:iconupdate' => 'updated their profile icon', 'river:noaccess' => 'You do not have permission to view this item.', 'river:posted:generic' => '%s posted', -- cgit v1.2.3 From 1e12760590a763ec2af5988080b6a94b21a17f1a Mon Sep 17 00:00:00 2001 From: cash Date: Sat, 25 Jun 2011 12:04:58 -0400 Subject: updates the avatar update river view and closes pull request #48 --- languages/en.php | 2 +- views/default/river/user/default/profileiconupdate.php | 12 ++++++------ 2 files changed, 7 insertions(+), 7 deletions(-) (limited to 'languages/en.php') diff --git a/languages/en.php b/languages/en.php index e7806be27..eaf7f9084 100644 --- a/languages/en.php +++ b/languages/en.php @@ -404,7 +404,7 @@ $english = array( */ 'river' => "River", 'river:friend:user:default' => "%s is now a friend with %s", - 'profile:river:iconupdate' => 'updated their profile icon', + 'river:update:user:default' => '%s has a new avatar', 'river:noaccess' => 'You do not have permission to view this item.', 'river:posted:generic' => '%s posted', 'riveritem:single:user' => 'a user', diff --git a/views/default/river/user/default/profileiconupdate.php b/views/default/river/user/default/profileiconupdate.php index a723c5335..3237d7aad 100644 --- a/views/default/river/user/default/profileiconupdate.php +++ b/views/default/river/user/default/profileiconupdate.php @@ -2,12 +2,12 @@ /** * Update avatar river view */ -$subject = $vars['item']->getSubjectEntity(); -$subject_icon = elgg_view_entity_icon($subject, 'tiny'); -echo elgg_echo("profile:river:iconupdate"); +$subject = $vars['item']->getSubjectEntity(); + +echo elgg_view('river/item', array( + 'item' => $vars['item'], + 'attachments' => elgg_view_entity_icon($subject, 'tiny'), +)); -echo '
'; -echo $subject_icon; -echo '
'; -- cgit v1.2.3 From 5df3bcf4151d6731c32d71f758d7922d0c1c4932 Mon Sep 17 00:00:00 2001 From: cash Date: Sat, 25 Jun 2011 12:10:33 -0400 Subject: actually read Evan's comment on pull request #48 and fixed previous --- languages/en.php | 2 +- views/default/river/user/default/profileiconupdate.php | 10 +++++++++- 2 files changed, 10 insertions(+), 2 deletions(-) (limited to 'languages/en.php') diff --git a/languages/en.php b/languages/en.php index eaf7f9084..50cd08ac9 100644 --- a/languages/en.php +++ b/languages/en.php @@ -404,7 +404,7 @@ $english = array( */ 'river' => "River", 'river:friend:user:default' => "%s is now a friend with %s", - 'river:update:user:default' => '%s has a new avatar', + 'river:update:user:avatar' => '%s has a new avatar', 'river:noaccess' => 'You do not have permission to view this item.', 'river:posted:generic' => '%s posted', 'riveritem:single:user' => 'a user', diff --git a/views/default/river/user/default/profileiconupdate.php b/views/default/river/user/default/profileiconupdate.php index 3237d7aad..c7f691533 100644 --- a/views/default/river/user/default/profileiconupdate.php +++ b/views/default/river/user/default/profileiconupdate.php @@ -6,8 +6,16 @@ $subject = $vars['item']->getSubjectEntity(); +$subject_link = elgg_view('output/url', array( + 'href' => $subject->getURL(), + 'text' => $subject->name, + 'class' => 'elgg-river-subject', +)); + +$string = elgg_echo('river:update:user:avatar', array($subject_link)); + echo elgg_view('river/item', array( 'item' => $vars['item'], + 'summary' => $string, 'attachments' => elgg_view_entity_icon($subject, 'tiny'), )); - -- cgit v1.2.3 From 64ef3e8dd815ae471c97a34810fbc457e2ed22ae Mon Sep 17 00:00:00 2001 From: Cash Costello Date: Tue, 28 Jun 2011 07:07:37 -0400 Subject: Fixes #3505 define language string for menu:page:header:default --- languages/en.php | 1 + 1 file changed, 1 insertion(+) (limited to 'languages/en.php') diff --git a/languages/en.php b/languages/en.php index 50cd08ac9..118596342 100644 --- a/languages/en.php +++ b/languages/en.php @@ -523,6 +523,7 @@ $english = array( 'menu:page:header:administer' => 'Administer', 'menu:page:header:configure' => 'Configure', 'menu:page:header:develop' => 'Develop', + 'menu:page:header:default' => 'Other', 'admin:view_site' => 'View site', 'admin:loggedin' => 'Logged in as %s', -- cgit v1.2.3 From f2bc7dd672a0717bd388fee51c4e97e1cb46f312 Mon Sep 17 00:00:00 2001 From: Cash Costello Date: Tue, 28 Jun 2011 07:15:33 -0400 Subject: Fixes #3597 defined a language string for 'more' --- languages/en.php | 2 ++ views/default/widgets/content_stats/content.php | 4 +++- 2 files changed, 5 insertions(+), 1 deletion(-) (limited to 'languages/en.php') diff --git a/languages/en.php b/languages/en.php index 118596342..f1e070f06 100644 --- a/languages/en.php +++ b/languages/en.php @@ -812,6 +812,8 @@ $english = array( 'top' => 'Top', 'bottom' => 'Bottom', + 'more' => 'more', + 'invite' => "Invite", 'resetpassword' => "Reset password", diff --git a/views/default/widgets/content_stats/content.php b/views/default/widgets/content_stats/content.php index 7086e4b9e..6a652166c 100644 --- a/views/default/widgets/content_stats/content.php +++ b/views/default/widgets/content_stats/content.php @@ -19,7 +19,9 @@ foreach ($object_stats as $subtype => $num) { } echo ''; +echo '
'; echo elgg_view('output/url', array( 'href' => 'admin/statistics/overview', - 'text' => 'more', + 'text' => elgg_echo('more'), )); +echo '
'; -- cgit v1.2.3 From bdc0777d9de30d7e541b3bf3c4d86012e018afcf Mon Sep 17 00:00:00 2001 From: Cash Costello Date: Thu, 30 Jun 2011 06:27:53 -0400 Subject: Fixes #3636 added general language strings for sort and filter --- languages/en.php | 2 ++ 1 file changed, 2 insertions(+) (limited to 'languages/en.php') diff --git a/languages/en.php b/languages/en.php index f1e070f06..113585a12 100644 --- a/languages/en.php +++ b/languages/en.php @@ -802,6 +802,8 @@ $english = array( 'submit' => 'Submit', 'comment' => 'Comment', 'upgrade' => 'Upgrade', + 'sort' => 'Sort', + 'filter' => 'Filter', 'site' => 'Site', 'activity' => 'Activity', -- cgit v1.2.3 From 3b6e176b58655a6a5f46f3a93e4c70512eb6010e Mon Sep 17 00:00:00 2001 From: Cash Costello Date: Thu, 30 Jun 2011 06:33:50 -0400 Subject: Fixes #3635 added strings for activate and deactivate --- languages/en.php | 2 ++ views/default/object/plugin/advanced.php | 4 ++-- 2 files changed, 4 insertions(+), 2 deletions(-) (limited to 'languages/en.php') diff --git a/languages/en.php b/languages/en.php index 113585a12..72369c82f 100644 --- a/languages/en.php +++ b/languages/en.php @@ -634,6 +634,8 @@ $english = array( 'admin:plugins' => "Plugins", 'admin:plugins:activate_all' => 'Activate All', 'admin:plugins:deactivate_all' => 'Deactivate All', + 'admin:plugins:activate' => 'Activate', + 'admin:plugins:deactivate' => 'Deactivate', 'admin:plugins:description' => "This admin panel allows you to control and configure tools installed on your site.", 'admin:plugins:opt:linktext' => "Configure tools...", 'admin:plugins:opt:description' => "Configure the tools installed on the site. ", diff --git a/views/default/object/plugin/advanced.php b/views/default/object/plugin/advanced.php index 9fdbc99ee..08da89c01 100644 --- a/views/default/object/plugin/advanced.php +++ b/views/default/object/plugin/advanced.php @@ -98,7 +98,7 @@ $options = array( if ($active) { $active_class = 'elgg-state-active'; $action = 'deactivate'; - $options['text'] = elgg_echo('deactivate'); + $options['text'] = elgg_echo('admin:plugins:deactivate'); $options['class'] = "elgg-button elgg-button-cancel"; if (!$can_activate) { @@ -108,7 +108,7 @@ if ($active) { } else if ($can_activate) { $active_class = 'elgg-state-inactive'; $action = 'activate'; - $options['text'] = elgg_echo('activate'); + $options['text'] = elgg_echo('admin:plugins:activate'); $options['class'] = "elgg-button elgg-button-submit"; } else { $active_class = 'elgg-state-inactive'; -- cgit v1.2.3 From 84ffd10e88ad2cdf945965fbf15f771df8bf6ed7 Mon Sep 17 00:00:00 2001 From: cash Date: Sun, 3 Jul 2011 09:27:29 -0400 Subject: Fixes #3640 added 'none' as a language string --- languages/en.php | 1 + 1 file changed, 1 insertion(+) (limited to 'languages/en.php') diff --git a/languages/en.php b/languages/en.php index 72369c82f..c30a1bdd8 100644 --- a/languages/en.php +++ b/languages/en.php @@ -857,6 +857,7 @@ $english = array( 'mine' => "Mine", 'by' => 'by', + 'none' => 'none', 'annotations' => "Annotations", 'relationships' => "Relationships", -- cgit v1.2.3 From de111da23258cd2b513c8f4ab84712ee50272b23 Mon Sep 17 00:00:00 2001 From: Brett Profitt Date: Sun, 3 Jul 2011 17:41:20 -0400 Subject: Merged ACL fixes from 1.7 branch. --- actions/friends/collections/add.php | 38 ++++--- actions/friends/collections/delete.php | 34 +++---- actions/friends/collections/edit.php | 20 ++-- engine/lib/access.php | 169 +++++++++++++++++--------------- engine/tests/api/access_collections.php | 100 ++++++++++++++++++- languages/en.php | 2 + 6 files changed, 231 insertions(+), 132 deletions(-) (limited to 'languages/en.php') diff --git a/actions/friends/collections/add.php b/actions/friends/collections/add.php index 8ec6a085f..8383e4db2 100644 --- a/actions/friends/collections/add.php +++ b/actions/friends/collections/add.php @@ -2,35 +2,31 @@ /** * Elgg collection add page * - * @package Elgg.Core - * @subpackage Friends.Collections + * @package Elgg + * @subpackage Core */ $collection_name = get_input('collection_name'); $friends = get_input('friends_collection'); -//first check to make sure that a collection name has been set and create the new colection -if ($collection_name) { +if (!$collection_name) { + register_error(elgg_echo("friends:nocollectionname")); + forward(REFERER); +} - //create the collection - $create_collection = create_access_collection($collection_name, elgg_get_logged_in_user_guid()); +$id = create_access_collection($collection_name); - //if the collection was created and the user passed some friends from the form, add them - if ($create_collection && (!empty($friends))) { - //add friends to the collection - foreach ($friends as $friend) { - add_user_to_access_collection($friend, $create_collection); - } +if ($id) { + $result = update_access_collection($id, $friends); + if ($result) { + system_message(elgg_echo("friends:collectionadded")); + // go to the collections page + forward("pg/collections/" . get_loggedin_user()->username); + } else { + register_error(elgg_echo("friends:nocollectionname")); + forward(REFERER); } - - // Success message - system_message(elgg_echo("friends:collectionadded")); - // Forward to the collections page - forward("collections/" . elgg_get_logged_in_user_entity()->username); - } else { register_error(elgg_echo("friends:nocollectionname")); - - // Forward to the add collection page - forward("collections/add"); + forward(REFERER); } diff --git a/actions/friends/collections/delete.php b/actions/friends/collections/delete.php index fe719d74b..5b0aa8e10 100644 --- a/actions/friends/collections/delete.php +++ b/actions/friends/collections/delete.php @@ -1,36 +1,24 @@ owner_guid == elgg_get_logged_in_user_guid()) { - - $delete_collection = delete_access_collection($collection_id); +// check the ACL exists and we can edit +if (!can_edit_access_collection($collection_id)) { + register_error(elgg_echo("friends:collectiondeletefailed")); + forward(REFERER); +} - // Success message - if ($delete_collection) { - system_message(elgg_echo("friends:collectiondeleted")); - } else { - register_error(elgg_echo("friends:collectiondeletefailed")); - } - } else { - // Failure message - register_error(elgg_echo("friends:collectiondeletefailed")); - } +if (delete_access_collection($collection_id)) { + system_message(elgg_echo("friends:collectiondeleted")); } else { - // Failure message register_error(elgg_echo("friends:collectiondeletefailed")); } -// Forward to the collections page -forward("collections/" . elgg_get_logged_in_user_entity()->username); +forward(REFERER); diff --git a/actions/friends/collections/edit.php b/actions/friends/collections/edit.php index b7fb716f2..581b21353 100644 --- a/actions/friends/collections/edit.php +++ b/actions/friends/collections/edit.php @@ -1,15 +1,23 @@ getGUID(), null, true); + + // don't ignore access when checking users. + if ($user_guid) { + return array_key_exists($collection_id, $write_access); + } else { + return elgg_get_ignore_access() || array_key_exists($collection_id, $write_access); + } +} + +/** + * Creates a new access control collection owned by the specified user. * * Access colletions allow plugins and users to create granular access * for entities. @@ -448,6 +484,7 @@ function create_access_collection($name, $owner_guid = 0, $site_guid = 0) { SET name = '{$name}', owner_guid = {$owner_guid}, site_guid = {$site_guid}"; + if (!$id = insert_data($q)) { return false; } @@ -483,37 +520,31 @@ function create_access_collection($name, $owner_guid = 0, $site_guid = 0) { function update_access_collection($collection_id, $members) { global $CONFIG; - $collection_id = (int) $collection_id; - $members = (is_array($members)) ? $members : array(); + $acl = get_access_collection($collection_id); - $collections = get_write_access_array(); + if (!$acl) { + return false; + } - if (array_key_exists($collection_id, $collections)) { - $cur_members = get_members_of_access_collection($collection_id, true); - $cur_members = (is_array($cur_members)) ? $cur_members : array(); + $members = (is_array($members)) ? $members : array(); - $remove_members = array_diff($cur_members, $members); - $add_members = array_diff($members, $cur_members); + $cur_members = get_members_of_access_collection($collection_id, true); + $cur_members = (is_array($cur_members)) ? $cur_members : array(); - $params = array( - 'collection_id' => $collection_id, - 'members' => $members, - 'add_members' => $add_members, - 'remove_members' => $remove_members - ); + $remove_members = array_diff($cur_members, $members); + $add_members = array_diff($members, $cur_members); - foreach ($add_members as $guid) { - add_user_to_access_collection($guid, $collection_id); - } + $result = true; - foreach ($remove_members as $guid) { - remove_user_from_access_collection($guid, $collection_id); - } + foreach ($add_members as $guid) { + $result = $result && add_user_to_access_collection($guid, $collection_id); + } - return true; + foreach ($remove_members as $guid) { + $result = $result && remove_user_from_access_collection($guid, $collection_id); } - return false; + return $result; } /** @@ -527,27 +558,25 @@ function update_access_collection($collection_id, $members) { * @see update_access_collection() */ function delete_access_collection($collection_id) { + global $CONFIG; + $collection_id = (int) $collection_id; - $collections = get_write_access_array(null, null, TRUE); $params = array('collection_id' => $collection_id); if (!elgg_trigger_plugin_hook('access:collections:deletecollection', 'collection', $params, true)) { return false; } - if (array_key_exists($collection_id, $collections)) { - global $CONFIG; - $query = "delete from {$CONFIG->dbprefix}access_collection_membership" - . " where access_collection_id = {$collection_id}"; - delete_data($query); + // Deleting membership doesn't affect result of deleting ACL. + $q = "DELETE FROM {$CONFIG->dbprefix}access_collection_membership + WHERE access_collection_id = {$collection_id}"; + delete_data($q); - $query = "delete from {$CONFIG->dbprefix}access_collections where id = {$collection_id}"; - delete_data($query); - return true; - } else { - return false; - } + $q = "DELETE FROM {$CONFIG->dbprefix}access_collections + WHERE id = {$collection_id}"; + $result = delete_data($q); + return $result; } /** @@ -584,45 +613,33 @@ function get_access_collection($collection_id) { * @see remove_user_from_access_collection() */ function add_user_to_access_collection($user_guid, $collection_id) { + global $CONFIG; + $collection_id = (int) $collection_id; $user_guid = (int) $user_guid; - $collections = get_write_access_array(); + $user = get_user($user_guid); - if (!($collection = get_access_collection($collection_id))) { - return false; - } + $collection = get_access_collection($collection_id); - $user = get_user($user_guid); - if (!$user) { + if (!($user instanceof Elgguser) || !$collection) { return false; } - // to add someone to a collection, the user must be a member of the collection or - // no one must own it - if ((array_key_exists($collection_id, $collections) || $collection->owner_guid == 0)) { - $result = true; - } else { - $result = false; - } - $params = array( 'collection_id' => $collection_id, - 'collection' => $collection, 'user_guid' => $user_guid ); - $result = elgg_trigger_plugin_hook('access:collections:add_user', 'collection', $params, $result); - if ($result == false) { + if (!elgg_trigger_plugin_hook('access:collections:add_user', 'collection', $params, true)) { return false; } try { - global $CONFIG; - $query = "insert into {$CONFIG->dbprefix}access_collection_membership" - . " set access_collection_id = {$collection_id}, user_guid = {$user_guid}"; - insert_data($query); + $q = "INSERT INTO {$CONFIG->dbprefix}access_collection_membership + SET access_collection_id = {$collection_id}, + user_guid = {$user_guid}"; + insert_data($q); } catch (DatabaseException $e) { - // nothing. return false; } @@ -640,34 +657,32 @@ function add_user_to_access_collection($user_guid, $collection_id) { * @return true|false Depending on success */ function remove_user_from_access_collection($user_guid, $collection_id) { + global $CONFIG; + $collection_id = (int) $collection_id; $user_guid = (int) $user_guid; - $collections = get_write_access_array(); - $user = $user = get_user($user_guid); + $user = get_user($user_guid); - if (!($collection = get_access_collection($collection_id))) { + $collection = get_access_collection($collection_id); + + if (!($user instanceof Elgguser) || !$collection) { return false; } - if ((array_key_exists($collection_id, $collections) || $collection->owner_guid == 0) && $user) { - global $CONFIG; - $params = array( - 'collection_id' => $collection_id, - 'user_guid' => $user_guid - ); - - if (!elgg_trigger_plugin_hook('access:collections:remove_user', 'collection', $params, true)) { - return false; - } - - delete_data("delete from {$CONFIG->dbprefix}access_collection_membership " - . "where access_collection_id = {$collection_id} and user_guid = {$user_guid}"); - - return true; + $params = array( + 'collection_id' => $collection_id, + 'user_guid' => $user_guid + ); + if (!elgg_trigger_plugin_hook('access:collections:remove_user', 'collection', $params, true)) { + return false; } - return false; + $q = "DELETE FROM {$CONFIG->dbprefix}access_collection_membership + WHERE access_collection_id = {$collection_id} + AND user_guid = {$user_guid}"; + + return delete_data($q); } /** @@ -972,4 +987,4 @@ elgg_register_event_handler('init', 'system', 'access_init', 9999); elgg_register_plugin_hook_handler('permissions_check', 'all', 'elgg_override_permissions_hook'); elgg_register_plugin_hook_handler('container_permissions_check', 'all', 'elgg_override_permissions_hook'); -elgg_register_plugin_hook('unit_test', 'system', 'access_test'); +elgg_register_plugin_hook_handler('unit_test', 'system', 'access_test'); diff --git a/engine/tests/api/access_collections.php b/engine/tests/api/access_collections.php index 060587d78..d81589cc1 100644 --- a/engine/tests/api/access_collections.php +++ b/engine/tests/api/access_collections.php @@ -151,20 +151,110 @@ class ElggCoreAccessCollectionsTest extends ElggCoreUnitTest { $user->delete(); } - // groups interface - public function testNewGroupCreateACL() { + public function testCanEditACL() { + $acl_id = create_access_collection('test acl', $this->user->guid); + + // should be true since it's the owner + $result = can_edit_access_collection($acl_id, $this->user->guid); + $this->assertTrue($result); + + // should be true since IA is on. + $ia = elgg_set_ignore_access(true); + $result = can_edit_access_collection($acl_id); + $this->assertTrue($result); + elgg_set_ignore_access($ia); + // should be false since IA is off + $ia = elgg_set_ignore_access(false); + $result = can_edit_access_collection($acl_id); + $this->assertFalse($result); + elgg_set_ignore_access($ia); + + delete_access_collection($acl_id); } - public function testDeleteGroupDeleteACL() { + public function testCanEditACLHook() { + // if only we supported closures! + global $acl_test_info; + + $acl_id = create_access_collection('test acl'); + + $acl_test_info = array( + 'acl_id' => $acl_id, + 'user' => $this->user + ); + + function test_acl_access_hook($hook, $type, $value, $params) { + global $acl_test_info; + if ($params['user_id'] == $acl_test_info['user']->guid) { + $acl = get_access_collection($acl_test_info['acl_id']); + $value[$acl->id] = $acl->name; + } + + return $value; + } + + register_plugin_hook('access:collections:write', 'all', 'test_acl_access_hook'); + + // enable security since we usually run as admin + $ia = elgg_set_ignore_access(false); + $result = can_edit_access_collection($acl_id, $this->user->guid); + $this->assertTrue($result); + $ia = elgg_set_ignore_access($ia); + unregister_plugin_hook('access:collections:write', 'all', 'test_acl_access_hook'); } - public function testJoinGroupJoinACL() { + // groups interface + // only runs if the groups plugin is enabled because implementation is split between + // core and the plugin. + public function testCreateDeleteGroupACL() { + if (!is_plugin_enabled('groups')) { + return; + } + + $group = new ElggGroup(); + $group->name = 'Test group'; + $group->save(); + $acl = get_access_collection($group->group_acl); + // ACLs are owned by groups + $this->assertEqual($acl->owner_guid, $group->guid); + + // removing group and acl + $this->assertTrue($group->delete()); + + $acl = get_access_collection($group->group_acl); + $this->assertFalse($acl); + + $group->delete(); } - public function testLeaveGroupLeaveACL() { + public function testJoinLeaveGroupACL() { + if (!is_plugin_enabled('groups')) { + return; + } + + $group = new ElggGroup(); + $group->name = 'Test group'; + $group->save(); + + $result = $group->join($this->user); + $this->assertTrue($result); + + if ($result) { + $can_edit = can_edit_access_collection($group->group_acl, $this->user->guid); + $this->assertTrue($can_edit); + } + + $result = $group->leave($this->user); + $this->assertTrue($result); + + if ($result) { + $can_edit = can_edit_access_collection($group->group_acl, $this->user->guid); + $this->assertFalse($can_edit); + } + $group->delete(); } } diff --git a/languages/en.php b/languages/en.php index c30a1bdd8..b525a2043 100644 --- a/languages/en.php +++ b/languages/en.php @@ -343,6 +343,8 @@ $english = array( 'friends:nocollectionname' => "You need to give your collection a name before it can be created.", 'friends:collections:members' => "Collection members", 'friends:collections:edit' => "Edit collection", + 'friends:collections:edited' => "Saved collection", + 'friends:collection:edit_failed' => 'Could not save collection.', 'friendspicker:chararray' => 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', -- cgit v1.2.3 From 3e318bdeda941f78e9ae7b78bf337f67c4475849 Mon Sep 17 00:00:00 2001 From: Brett Profitt Date: Wed, 6 Jul 2011 21:08:03 -0400 Subject: Revert "Merged ACL fixes from 1.7 branch." This reverts commit de111da23258cd2b513c8f4ab84712ee50272b23. Reverted because of problems in how 1.8 populates the access dropdown. --- actions/friends/collections/add.php | 38 ++++---- actions/friends/collections/delete.php | 34 ++++--- actions/friends/collections/edit.php | 20 ++-- engine/lib/access.php | 167 +++++++++++++++------------------ languages/en.php | 2 - 5 files changed, 126 insertions(+), 135 deletions(-) (limited to 'languages/en.php') diff --git a/actions/friends/collections/add.php b/actions/friends/collections/add.php index 8383e4db2..8ec6a085f 100644 --- a/actions/friends/collections/add.php +++ b/actions/friends/collections/add.php @@ -2,31 +2,35 @@ /** * Elgg collection add page * - * @package Elgg - * @subpackage Core + * @package Elgg.Core + * @subpackage Friends.Collections */ $collection_name = get_input('collection_name'); $friends = get_input('friends_collection'); -if (!$collection_name) { - register_error(elgg_echo("friends:nocollectionname")); - forward(REFERER); -} +//first check to make sure that a collection name has been set and create the new colection +if ($collection_name) { -$id = create_access_collection($collection_name); + //create the collection + $create_collection = create_access_collection($collection_name, elgg_get_logged_in_user_guid()); -if ($id) { - $result = update_access_collection($id, $friends); - if ($result) { - system_message(elgg_echo("friends:collectionadded")); - // go to the collections page - forward("pg/collections/" . get_loggedin_user()->username); - } else { - register_error(elgg_echo("friends:nocollectionname")); - forward(REFERER); + //if the collection was created and the user passed some friends from the form, add them + if ($create_collection && (!empty($friends))) { + //add friends to the collection + foreach ($friends as $friend) { + add_user_to_access_collection($friend, $create_collection); + } } + + // Success message + system_message(elgg_echo("friends:collectionadded")); + // Forward to the collections page + forward("collections/" . elgg_get_logged_in_user_entity()->username); + } else { register_error(elgg_echo("friends:nocollectionname")); - forward(REFERER); + + // Forward to the add collection page + forward("collections/add"); } diff --git a/actions/friends/collections/delete.php b/actions/friends/collections/delete.php index 5b0aa8e10..fe719d74b 100644 --- a/actions/friends/collections/delete.php +++ b/actions/friends/collections/delete.php @@ -1,24 +1,36 @@ owner_guid == elgg_get_logged_in_user_guid()) { + + $delete_collection = delete_access_collection($collection_id); -if (delete_access_collection($collection_id)) { - system_message(elgg_echo("friends:collectiondeleted")); + // Success message + if ($delete_collection) { + system_message(elgg_echo("friends:collectiondeleted")); + } else { + register_error(elgg_echo("friends:collectiondeletefailed")); + } + } else { + // Failure message + register_error(elgg_echo("friends:collectiondeletefailed")); + } } else { + // Failure message register_error(elgg_echo("friends:collectiondeletefailed")); } -forward(REFERER); +// Forward to the collections page +forward("collections/" . elgg_get_logged_in_user_entity()->username); diff --git a/actions/friends/collections/edit.php b/actions/friends/collections/edit.php index 581b21353..b7fb716f2 100644 --- a/actions/friends/collections/edit.php +++ b/actions/friends/collections/edit.php @@ -1,23 +1,15 @@ getGUID(), null, true); - - // don't ignore access when checking users. - if ($user_guid) { - return array_key_exists($collection_id, $write_access); - } else { - return elgg_get_ignore_access() || array_key_exists($collection_id, $write_access); - } -} - -/** - * Creates a new access control collection owned by the specified user. + * Creates a new access collection. * * Access colletions allow plugins and users to create granular access * for entities. @@ -484,7 +448,6 @@ function create_access_collection($name, $owner_guid = 0, $site_guid = 0) { SET name = '{$name}', owner_guid = {$owner_guid}, site_guid = {$site_guid}"; - if (!$id = insert_data($q)) { return false; } @@ -520,31 +483,37 @@ function create_access_collection($name, $owner_guid = 0, $site_guid = 0) { function update_access_collection($collection_id, $members) { global $CONFIG; - $acl = get_access_collection($collection_id); + $collection_id = (int) $collection_id; + $members = (is_array($members)) ? $members : array(); - if (!$acl) { - return false; - } + $collections = get_write_access_array(); - $members = (is_array($members)) ? $members : array(); + if (array_key_exists($collection_id, $collections)) { + $cur_members = get_members_of_access_collection($collection_id, true); + $cur_members = (is_array($cur_members)) ? $cur_members : array(); - $cur_members = get_members_of_access_collection($collection_id, true); - $cur_members = (is_array($cur_members)) ? $cur_members : array(); + $remove_members = array_diff($cur_members, $members); + $add_members = array_diff($members, $cur_members); - $remove_members = array_diff($cur_members, $members); - $add_members = array_diff($members, $cur_members); + $params = array( + 'collection_id' => $collection_id, + 'members' => $members, + 'add_members' => $add_members, + 'remove_members' => $remove_members + ); - $result = true; + foreach ($add_members as $guid) { + add_user_to_access_collection($guid, $collection_id); + } - foreach ($add_members as $guid) { - $result = $result && add_user_to_access_collection($guid, $collection_id); - } + foreach ($remove_members as $guid) { + remove_user_from_access_collection($guid, $collection_id); + } - foreach ($remove_members as $guid) { - $result = $result && remove_user_from_access_collection($guid, $collection_id); + return true; } - return $result; + return false; } /** @@ -558,25 +527,27 @@ function update_access_collection($collection_id, $members) { * @see update_access_collection() */ function delete_access_collection($collection_id) { - global $CONFIG; - $collection_id = (int) $collection_id; + $collections = get_write_access_array(null, null, TRUE); $params = array('collection_id' => $collection_id); if (!elgg_trigger_plugin_hook('access:collections:deletecollection', 'collection', $params, true)) { return false; } - // Deleting membership doesn't affect result of deleting ACL. - $q = "DELETE FROM {$CONFIG->dbprefix}access_collection_membership - WHERE access_collection_id = {$collection_id}"; - delete_data($q); + if (array_key_exists($collection_id, $collections)) { + global $CONFIG; + $query = "delete from {$CONFIG->dbprefix}access_collection_membership" + . " where access_collection_id = {$collection_id}"; + delete_data($query); - $q = "DELETE FROM {$CONFIG->dbprefix}access_collections - WHERE id = {$collection_id}"; - $result = delete_data($q); + $query = "delete from {$CONFIG->dbprefix}access_collections where id = {$collection_id}"; + delete_data($query); + return true; + } else { + return false; + } - return $result; } /** @@ -613,33 +584,45 @@ function get_access_collection($collection_id) { * @see remove_user_from_access_collection() */ function add_user_to_access_collection($user_guid, $collection_id) { - global $CONFIG; - $collection_id = (int) $collection_id; $user_guid = (int) $user_guid; - $user = get_user($user_guid); + $collections = get_write_access_array(); - $collection = get_access_collection($collection_id); + if (!($collection = get_access_collection($collection_id))) { + return false; + } - if (!($user instanceof Elgguser) || !$collection) { + $user = get_user($user_guid); + if (!$user) { return false; } + // to add someone to a collection, the user must be a member of the collection or + // no one must own it + if ((array_key_exists($collection_id, $collections) || $collection->owner_guid == 0)) { + $result = true; + } else { + $result = false; + } + $params = array( 'collection_id' => $collection_id, + 'collection' => $collection, 'user_guid' => $user_guid ); - if (!elgg_trigger_plugin_hook('access:collections:add_user', 'collection', $params, true)) { + $result = elgg_trigger_plugin_hook('access:collections:add_user', 'collection', $params, $result); + if ($result == false) { return false; } try { - $q = "INSERT INTO {$CONFIG->dbprefix}access_collection_membership - SET access_collection_id = {$collection_id}, - user_guid = {$user_guid}"; - insert_data($q); + global $CONFIG; + $query = "insert into {$CONFIG->dbprefix}access_collection_membership" + . " set access_collection_id = {$collection_id}, user_guid = {$user_guid}"; + insert_data($query); } catch (DatabaseException $e) { + // nothing. return false; } @@ -657,32 +640,34 @@ function add_user_to_access_collection($user_guid, $collection_id) { * @return true|false Depending on success */ function remove_user_from_access_collection($user_guid, $collection_id) { - global $CONFIG; - $collection_id = (int) $collection_id; $user_guid = (int) $user_guid; - $user = get_user($user_guid); + $collections = get_write_access_array(); + $user = $user = get_user($user_guid); - $collection = get_access_collection($collection_id); - - if (!($user instanceof Elgguser) || !$collection) { + if (!($collection = get_access_collection($collection_id))) { return false; } - $params = array( - 'collection_id' => $collection_id, - 'user_guid' => $user_guid - ); + if ((array_key_exists($collection_id, $collections) || $collection->owner_guid == 0) && $user) { + global $CONFIG; + $params = array( + 'collection_id' => $collection_id, + 'user_guid' => $user_guid + ); - if (!elgg_trigger_plugin_hook('access:collections:remove_user', 'collection', $params, true)) { - return false; - } + if (!elgg_trigger_plugin_hook('access:collections:remove_user', 'collection', $params, true)) { + return false; + } - $q = "DELETE FROM {$CONFIG->dbprefix}access_collection_membership - WHERE access_collection_id = {$collection_id} - AND user_guid = {$user_guid}"; + delete_data("delete from {$CONFIG->dbprefix}access_collection_membership " + . "where access_collection_id = {$collection_id} and user_guid = {$user_guid}"); + + return true; - return delete_data($q); + } + + return false; } /** diff --git a/languages/en.php b/languages/en.php index b525a2043..c30a1bdd8 100644 --- a/languages/en.php +++ b/languages/en.php @@ -343,8 +343,6 @@ $english = array( 'friends:nocollectionname' => "You need to give your collection a name before it can be created.", 'friends:collections:members' => "Collection members", 'friends:collections:edit' => "Edit collection", - 'friends:collections:edited' => "Saved collection", - 'friends:collection:edit_failed' => 'Could not save collection.', 'friendspicker:chararray' => 'ABCDEFGHIJKLMNOPQRSTUVWXYZ', -- cgit v1.2.3