1
|
|
|
<?php |
2
|
|
|
/** |
3
|
|
|
* Functions for Elgg's access system for entities, metadata, and annotations. |
4
|
|
|
* |
5
|
|
|
* Access is generally saved in the database as access_id. This corresponds to |
6
|
|
|
* one of the ACCESS_* constants defined in {@link elgglib.php} or the ID of an |
7
|
|
|
* access collection. |
8
|
|
|
* |
9
|
|
|
* @package Elgg.Core |
10
|
|
|
* @subpackage Access |
11
|
|
|
*/ |
12
|
|
|
|
13
|
|
|
/** |
14
|
|
|
* Set if Elgg's access system should be ignored. |
15
|
|
|
* |
16
|
|
|
* The access system will not return entities in any getter functions if the |
17
|
|
|
* user doesn't have access. This removes this restriction. |
18
|
|
|
* |
19
|
|
|
* When the access system is being ignored, all checks for create, retrieve, |
20
|
|
|
* update, and delete should pass. This affects all the canEdit() and related |
21
|
|
|
* methods. |
22
|
|
|
* |
23
|
|
|
* @tip Use this to access entities in automated scripts |
24
|
|
|
* when no user is logged in. |
25
|
|
|
* |
26
|
|
|
* @warning This will not show disabled entities. |
27
|
|
|
* Use {@link access_show_hidden_entities()} to access disabled entities. |
28
|
|
|
* |
29
|
|
|
* @note Internal: The access override is checked in elgg_override_permissions(). It is |
30
|
|
|
* registered for the 'permissions_check' hooks to override the access system for |
31
|
|
|
* the canEdit() and canWriteToContainer() methods. |
32
|
|
|
* |
33
|
|
|
* @note Internal: This clears the access cache. |
34
|
|
|
* |
35
|
|
|
* @note Internal: For performance reasons this is done at the database access clause level. |
36
|
|
|
* |
37
|
|
|
* @param bool $ignore If true, disables all access checks. |
38
|
|
|
* |
39
|
|
|
* @return bool Previous ignore_access setting. |
40
|
|
|
* @since 1.7.0 |
41
|
|
|
* @see elgg_get_ignore_access() |
42
|
|
|
*/ |
43
|
|
|
function elgg_set_ignore_access($ignore = true) { |
44
|
4200 |
|
return _elgg_services()->session->setIgnoreAccess($ignore); |
45
|
|
|
} |
46
|
|
|
|
47
|
|
|
/** |
48
|
|
|
* Get current ignore access setting. |
49
|
|
|
* |
50
|
|
|
* @return bool |
51
|
|
|
* @since 1.7.0 |
52
|
|
|
* @see elgg_set_ignore_access() |
53
|
|
|
*/ |
54
|
|
|
function elgg_get_ignore_access() { |
55
|
5389 |
|
return _elgg_services()->session->getIgnoreAccess(); |
56
|
|
|
} |
57
|
|
|
|
58
|
|
|
/** |
59
|
|
|
* Return a string of access_ids for $user_guid appropriate for inserting into an SQL IN clause. |
60
|
|
|
* |
61
|
|
|
* @uses get_access_array |
62
|
|
|
* |
63
|
|
|
* @see get_access_array() |
64
|
|
|
* |
65
|
|
|
* @param int $user_guid User ID; defaults to currently logged in user |
66
|
|
|
* @param int $ignored Ignored parameter |
67
|
|
|
* @param bool $flush If set to true, will refresh the access list from the |
68
|
|
|
* database rather than using this function's cache. |
69
|
|
|
* |
70
|
|
|
* @return string A list of access collections suitable for using in an SQL call |
71
|
|
|
* @access private |
72
|
|
|
*/ |
73
|
|
|
function get_access_list($user_guid = 0, $ignored = 0, $flush = false) { |
|
|
|
|
74
|
1 |
|
return _elgg_services()->accessCollections->getAccessList($user_guid, $flush); |
75
|
|
|
} |
76
|
|
|
|
77
|
|
|
/** |
78
|
|
|
* Returns an array of access IDs a user is permitted to see. |
79
|
|
|
* |
80
|
|
|
* Can be overridden with the 'access:collections:read', 'user' plugin hook. |
81
|
|
|
* @warning A callback for that plugin hook needs to either not retrieve data |
82
|
|
|
* from the database that would use the access system (triggering the plugin again) |
83
|
|
|
* or ignore the second call. Otherwise, an infinite loop will be created. |
84
|
|
|
* |
85
|
|
|
* This returns a list of all the collection ids a user owns or belongs |
86
|
|
|
* to plus public and logged in access levels. If the user is an admin, it includes |
87
|
|
|
* the private access level. |
88
|
|
|
* |
89
|
|
|
* @note Internal: this is only used in core for creating the SQL where clause when |
90
|
|
|
* retrieving content from the database. The friends access level is handled by |
91
|
|
|
* {@link \Elgg\Database\Clauses\AccessWhereClause} |
92
|
|
|
* |
93
|
|
|
* @see get_write_access_array() for the access levels that a user can write to. |
94
|
|
|
* |
95
|
|
|
* @param int $user_guid User ID; defaults to currently logged in user |
96
|
|
|
* @param int $ignored Ignored parameter |
97
|
|
|
* @param bool $flush If set to true, will refresh the access ids from the |
98
|
|
|
* database rather than using this function's cache. |
99
|
|
|
* |
100
|
|
|
* @return array An array of access collections ids |
101
|
|
|
*/ |
102
|
|
|
function get_access_array($user_guid = 0, $ignored = 0, $flush = false) { |
|
|
|
|
103
|
3 |
|
return _elgg_services()->accessCollections->getAccessArray($user_guid, $flush); |
104
|
|
|
} |
105
|
|
|
|
106
|
|
|
/** |
107
|
|
|
* Gets the default access permission. |
108
|
|
|
* |
109
|
|
|
* This returns the default access level for the site or optionally of the user. |
110
|
|
|
* If want you to change the default access based on group of other information, |
111
|
|
|
* use the 'default', 'access' plugin hook. |
112
|
|
|
* |
113
|
|
|
* @param ElggUser $user The user for whom we're getting default access. Defaults to logged in user. |
114
|
|
|
* @param array $input_params Parameters passed into an input/access view |
115
|
|
|
* |
116
|
|
|
* @return int default access id (see ACCESS defines in elgglib.php) |
117
|
|
|
*/ |
118
|
|
|
function get_default_access(ElggUser $user = null, array $input_params = []) { |
119
|
|
|
// site default access |
120
|
7 |
|
$default_access = _elgg_config()->default_access; |
121
|
|
|
|
122
|
|
|
// user default access if enabled |
123
|
7 |
|
if (_elgg_config()->allow_user_default_access) { |
124
|
1 |
|
$user = $user ? $user : _elgg_services()->session->getLoggedInUser(); |
125
|
1 |
|
if ($user) { |
126
|
|
|
$user_access = $user->getPrivateSetting('elgg_default_access'); |
127
|
|
|
if ($user_access !== null) { |
128
|
|
|
$default_access = $user_access; |
129
|
|
|
} |
130
|
|
|
} |
131
|
|
|
} |
132
|
|
|
|
133
|
|
|
$params = [ |
134
|
7 |
|
'user' => $user, |
135
|
7 |
|
'default_access' => $default_access, |
136
|
7 |
|
'input_params' => $input_params, |
137
|
|
|
]; |
138
|
7 |
|
return _elgg_services()->hooks->trigger('default', 'access', $params, $default_access); |
|
|
|
|
139
|
|
|
} |
140
|
|
|
|
141
|
|
|
/** |
142
|
|
|
* Allow disabled entities and metadata to be returned by getter functions |
143
|
|
|
* |
144
|
|
|
* @todo Replace this with query object! |
145
|
|
|
* @global bool $ENTITY_SHOW_HIDDEN_OVERRIDE |
146
|
|
|
* @access private |
147
|
|
|
*/ |
148
|
|
|
$ENTITY_SHOW_HIDDEN_OVERRIDE = false; |
149
|
|
|
|
150
|
|
|
/** |
151
|
|
|
* Show or hide disabled entities. |
152
|
|
|
* |
153
|
|
|
* @param bool $show_hidden Show disabled entities. |
154
|
|
|
* @return bool |
155
|
|
|
*/ |
156
|
|
|
function access_show_hidden_entities($show_hidden) { |
157
|
5389 |
|
global $ENTITY_SHOW_HIDDEN_OVERRIDE; |
158
|
5389 |
|
$current_value = $ENTITY_SHOW_HIDDEN_OVERRIDE; |
159
|
5389 |
|
$ENTITY_SHOW_HIDDEN_OVERRIDE = $show_hidden; |
160
|
5389 |
|
return $current_value; |
161
|
|
|
} |
162
|
|
|
|
163
|
|
|
/** |
164
|
|
|
* Return current status of showing disabled entities. |
165
|
|
|
* |
166
|
|
|
* @return bool |
167
|
|
|
*/ |
168
|
|
|
function access_get_show_hidden_status() { |
169
|
5389 |
|
global $ENTITY_SHOW_HIDDEN_OVERRIDE; |
170
|
5389 |
|
return $ENTITY_SHOW_HIDDEN_OVERRIDE; |
171
|
|
|
} |
172
|
|
|
|
173
|
|
|
/** |
174
|
|
|
* Can a user access an entity. |
175
|
|
|
* |
176
|
|
|
* @warning If a logged in user doesn't have access to an entity, the |
177
|
|
|
* core engine will not load that entity. |
178
|
|
|
* |
179
|
|
|
* @tip This is mostly useful for checking if a user other than the logged in |
180
|
|
|
* user has access to an entity that is currently loaded. |
181
|
|
|
* |
182
|
|
|
* @todo This function would be much more useful if we could pass the guid of the |
183
|
|
|
* entity to test access for. We need to be able to tell whether the entity exists |
184
|
|
|
* and whether the user has access to the entity. |
185
|
|
|
* |
186
|
|
|
* @param \ElggEntity $entity The entity to check access for. |
187
|
|
|
* @param \ElggUser $user Optionally user to check access for. Defaults to |
188
|
|
|
* logged in user (which is a useless default). |
189
|
|
|
* |
190
|
|
|
* @return bool |
191
|
|
|
*/ |
192
|
|
|
function has_access_to_entity($entity, $user = null) { |
193
|
184 |
|
return _elgg_services()->accessCollections->hasAccessToEntity($entity, $user); |
194
|
|
|
} |
195
|
|
|
|
196
|
|
|
/** |
197
|
|
|
* Returns an array of access permissions that the user is allowed to save content with. |
198
|
|
|
* Permissions returned are of the form (id => 'name'). |
199
|
|
|
* |
200
|
|
|
* Example return value in English: |
201
|
|
|
* array( |
202
|
|
|
* 0 => 'Private', |
203
|
|
|
* -2 => 'Friends', |
204
|
|
|
* 1 => 'Logged in users', |
205
|
|
|
* 2 => 'Public', |
206
|
|
|
* 34 => 'My favorite friends', |
207
|
|
|
* ); |
208
|
|
|
* |
209
|
|
|
* Plugin hook of 'access:collections:write', 'user' |
210
|
|
|
* |
211
|
|
|
* @warning this only returns access collections that the user owns plus the |
212
|
|
|
* standard access levels. It does not return access collections that the user |
213
|
|
|
* belongs to such as the access collection for a group. |
214
|
|
|
* |
215
|
|
|
* @param int $user_guid The user's GUID. |
216
|
|
|
* @param int $ignored Ignored parameter |
217
|
|
|
* @param bool $flush If this is set to true, this will ignore a cached access array |
218
|
|
|
* @param array $input_params Some parameters passed into an input/access view |
219
|
|
|
* |
220
|
|
|
* @return array List of access permissions |
221
|
|
|
*/ |
222
|
|
|
function get_write_access_array($user_guid = 0, $ignored = 0, $flush = false, array $input_params = []) { |
|
|
|
|
223
|
3 |
|
return _elgg_services()->accessCollections->getWriteAccessArray($user_guid, $flush, $input_params); |
224
|
|
|
} |
225
|
|
|
|
226
|
|
|
/** |
227
|
|
|
* Can the user change this access collection? |
228
|
|
|
* |
229
|
|
|
* Use the plugin hook of 'access:collections:write', 'user' to change this. |
230
|
|
|
* @see get_write_access_array() for details on the hook. |
231
|
|
|
* |
232
|
|
|
* Respects access control disabling for admin users and {@link elgg_set_ignore_access()} |
233
|
|
|
* |
234
|
|
|
* @see get_write_access_array() |
235
|
|
|
* |
236
|
|
|
* @param int $collection_id The collection id |
237
|
|
|
* @param mixed $user_guid The user GUID to check for. Defaults to logged in user. |
238
|
|
|
* @return bool |
239
|
|
|
*/ |
240
|
|
|
function can_edit_access_collection($collection_id, $user_guid = null) { |
241
|
2 |
|
return _elgg_services()->accessCollections->canEdit($collection_id, $user_guid); |
242
|
|
|
} |
243
|
|
|
|
244
|
|
|
/** |
245
|
|
|
* Creates a new access collection. |
246
|
|
|
* |
247
|
|
|
* Access colletions allow plugins and users to create granular access |
248
|
|
|
* for entities. |
249
|
|
|
* |
250
|
|
|
* Triggers plugin hook 'access:collections:addcollection', 'collection' |
251
|
|
|
* |
252
|
|
|
* @note Internal: Access collections are stored in the access_collections table. |
253
|
|
|
* Memberships to collections are in access_collections_membership. |
254
|
|
|
* |
255
|
|
|
* @param string $name The name of the collection. |
256
|
|
|
* @param int $owner_guid The GUID of the owner (default: currently logged in user). |
257
|
|
|
* @param string $subtype The subtype indicates the usage of the acl |
258
|
|
|
* |
259
|
|
|
* @return int|false The collection ID if successful and false on failure. |
260
|
|
|
* @see update_access_collection() |
261
|
|
|
* @see delete_access_collection() |
262
|
|
|
*/ |
263
|
|
|
function create_access_collection($name, $owner_guid = 0, $subtype = null) { |
264
|
83 |
|
return _elgg_services()->accessCollections->create($name, $owner_guid, $subtype); |
265
|
|
|
} |
266
|
|
|
|
267
|
|
|
/** |
268
|
|
|
* Updates the membership in an access collection. |
269
|
|
|
* |
270
|
|
|
* @warning Expects a full list of all members that should |
271
|
|
|
* be part of the access collection |
272
|
|
|
* |
273
|
|
|
* @note This will run all hooks associated with adding or removing |
274
|
|
|
* members to access collections. |
275
|
|
|
* |
276
|
|
|
* @param int $collection_id The ID of the collection. |
277
|
|
|
* @param array $members Array of member GUIDs |
278
|
|
|
* |
279
|
|
|
* @return bool |
280
|
|
|
* @see add_user_to_access_collection() |
281
|
|
|
* @see remove_user_from_access_collection() |
282
|
|
|
*/ |
283
|
|
|
function update_access_collection($collection_id, $members) { |
284
|
1 |
|
return _elgg_services()->accessCollections->update($collection_id, $members); |
285
|
|
|
} |
286
|
|
|
|
287
|
|
|
/** |
288
|
|
|
* Deletes a specified access collection and its membership. |
289
|
|
|
* |
290
|
|
|
* @param int $collection_id The collection ID |
291
|
|
|
* |
292
|
|
|
* @return bool |
293
|
|
|
* @see create_access_collection() |
294
|
|
|
* @see update_access_collection() |
295
|
|
|
*/ |
296
|
|
|
function delete_access_collection($collection_id) { |
297
|
7 |
|
return _elgg_services()->accessCollections->delete($collection_id); |
298
|
|
|
} |
299
|
|
|
|
300
|
|
|
/** |
301
|
|
|
* Get a specified access collection |
302
|
|
|
* |
303
|
|
|
* @note This doesn't return the members of an access collection, |
304
|
|
|
* just the database row of the actual collection. |
305
|
|
|
* |
306
|
|
|
* @see get_members_of_access_collection() |
307
|
|
|
* |
308
|
|
|
* @param int $collection_id The collection ID |
309
|
|
|
* |
310
|
|
|
* @return ElggAccessCollection|false |
311
|
|
|
*/ |
312
|
|
|
function get_access_collection($collection_id) { |
313
|
17 |
|
return _elgg_services()->accessCollections->get($collection_id); |
314
|
|
|
} |
315
|
|
|
|
316
|
|
|
/** |
317
|
|
|
* Adds a user to an access collection. |
318
|
|
|
* |
319
|
|
|
* Triggers the 'access:collections:add_user', 'collection' plugin hook. |
320
|
|
|
* |
321
|
|
|
* @param int $user_guid The GUID of the user to add |
322
|
|
|
* @param int $collection_id The ID of the collection to add them to |
323
|
|
|
* |
324
|
|
|
* @return bool |
325
|
|
|
* @see update_access_collection() |
326
|
|
|
* @see remove_user_from_access_collection() |
327
|
|
|
*/ |
328
|
|
|
function add_user_to_access_collection($user_guid, $collection_id) { |
329
|
4 |
|
return _elgg_services()->accessCollections->addUser($user_guid, $collection_id); |
330
|
|
|
} |
331
|
|
|
|
332
|
|
|
/** |
333
|
|
|
* Removes a user from an access collection. |
334
|
|
|
* |
335
|
|
|
* Triggers the 'access:collections:remove_user', 'collection' plugin hook. |
336
|
|
|
* |
337
|
|
|
* @param int $user_guid The user GUID |
338
|
|
|
* @param int $collection_id The access collection ID |
339
|
|
|
* |
340
|
|
|
* @return bool |
341
|
|
|
* @see update_access_collection() |
342
|
|
|
* @see remove_user_from_access_collection() |
343
|
|
|
*/ |
344
|
|
|
function remove_user_from_access_collection($user_guid, $collection_id) { |
345
|
1 |
|
return _elgg_services()->accessCollections->removeUser($user_guid, $collection_id); |
346
|
|
|
} |
347
|
|
|
|
348
|
|
|
/** |
349
|
|
|
* Returns access collections |
350
|
|
|
* |
351
|
|
|
* @param array $options array of options to get access collections by |
352
|
|
|
* @return \ElggAccessCollection[] |
353
|
|
|
*/ |
354
|
|
|
function elgg_get_access_collections($options = []) { |
355
|
|
|
return _elgg_services()->accessCollections->getEntityCollections($options); |
356
|
|
|
} |
357
|
|
|
|
358
|
|
|
/** |
359
|
|
|
* Get all of members of an access collection |
360
|
|
|
* |
361
|
|
|
* @param int $collection_id The collection's ID |
362
|
|
|
* @param bool $guids_only If set to true, will only return the members' GUIDs (default: false) |
363
|
|
|
* @param array $options ege* options |
364
|
|
|
* |
365
|
|
|
* @return ElggUser[]|int[]|false guids or entities if successful, false if not |
366
|
|
|
* @see add_user_to_access_collection() |
367
|
|
|
*/ |
368
|
|
|
function get_members_of_access_collection($collection_id, $guids_only = false, array $options = []) { |
369
|
2 |
|
if (!isset($options['limit'])) { |
370
|
2 |
|
$options['limit'] = 0; |
371
|
|
|
} |
372
|
|
|
|
373
|
2 |
|
if (!$guids_only) { |
374
|
|
|
return _elgg_services()->accessCollections->getMembers($collection_id, $options); |
375
|
|
|
} |
376
|
|
|
|
377
|
2 |
|
$guids = []; |
378
|
2 |
|
$options['callback'] = false; |
379
|
2 |
|
$rows = _elgg_services()->accessCollections->getMembers($collection_id, $options); |
380
|
2 |
|
foreach ($rows as $row) { |
381
|
1 |
|
$guids[] = $row->guid; |
382
|
|
|
} |
383
|
2 |
|
return $guids; |
384
|
|
|
} |
385
|
|
|
/** |
386
|
|
|
* Return the name of an ACCESS_* constant or an access collection, |
387
|
|
|
* but only if the logged in user has write access to it. |
388
|
|
|
* Write access requirement prevents us from exposing names of access collections |
389
|
|
|
* that current user has been added to by other members and may contain |
390
|
|
|
* sensitive classification of the current user (e.g. close friends vs acquaintances). |
391
|
|
|
* |
392
|
|
|
* Returns a string in the language of the user for global access levels, e.g.'Public, 'Friends', 'Logged in', 'Public'; |
393
|
|
|
* or a name of the owned access collection, e.g. 'My work colleagues'; |
394
|
|
|
* or a name of the group or other access collection, e.g. 'Group: Elgg technical support'; |
395
|
|
|
* or 'Limited' if the user access is restricted to read-only, e.g. a friends collection the user was added to |
396
|
|
|
* |
397
|
|
|
* @param int $entity_access_id The entity's access id |
398
|
|
|
* @return string |
399
|
|
|
* @since 1.7.0 |
400
|
|
|
*/ |
401
|
|
|
function get_readable_access_level($entity_access_id) { |
402
|
|
|
return _elgg_services()->accessCollections->getReadableAccessLevel($entity_access_id); |
403
|
|
|
} |
404
|
|
|
|
405
|
|
|
/** |
406
|
|
|
* A quick and dirty way to make sure the access permissions have been correctly set up |
407
|
|
|
* |
408
|
|
|
* @elgg_event_handler init system |
409
|
|
|
* |
410
|
|
|
* @return void |
411
|
|
|
*/ |
412
|
|
|
function access_init() { |
413
|
18 |
|
_elgg_services()->accessCollections->markInitComplete(); |
414
|
18 |
|
} |
415
|
|
|
|
416
|
|
|
/** |
417
|
|
|
* Creates a Friends ACL for a user |
418
|
|
|
* |
419
|
|
|
* @elgg_event 'create', 'user' |
420
|
|
|
* |
421
|
|
|
* @param \Elgg\Event $event event |
422
|
|
|
* |
423
|
|
|
* @return void |
424
|
|
|
* |
425
|
|
|
* @since 3.0.0 |
426
|
|
|
* |
427
|
|
|
* @internal |
428
|
|
|
*/ |
429
|
|
|
function access_friends_acl_create(\Elgg\Event $event) { |
430
|
61 |
|
$user = $event->getObject(); |
431
|
61 |
|
if (!($user instanceof \ElggUser)) { |
432
|
|
|
return; |
433
|
|
|
} |
434
|
|
|
|
435
|
61 |
|
create_access_collection('friends', $user->guid, 'friends'); |
436
|
61 |
|
} |
437
|
|
|
|
438
|
|
|
/** |
439
|
|
|
* Adds the friend to the user friend ACL |
440
|
|
|
* |
441
|
|
|
* @elgg_event 'create', 'relationship' |
442
|
|
|
* |
443
|
|
|
* @param \Elgg\Event $event event |
444
|
|
|
* |
445
|
|
|
* @return void |
446
|
|
|
* |
447
|
|
|
* @since 3.0.0 |
448
|
|
|
* |
449
|
|
|
* @internal |
450
|
|
|
*/ |
451
|
|
|
function access_friends_acl_add_friend(\Elgg\Event $event) { |
452
|
24 |
|
$relationship_object = $event->getObject(); |
453
|
24 |
|
if (!($relationship_object instanceof \ElggRelationship)) { |
454
|
|
|
return; |
455
|
|
|
} |
456
|
|
|
|
457
|
24 |
|
if ($relationship_object->relationship !== 'friend') { |
458
|
24 |
|
return; |
459
|
|
|
} |
460
|
|
|
|
461
|
|
|
$user = get_user($relationship_object->guid_one); |
462
|
|
|
$friend = get_user($relationship_object->guid_two); |
463
|
|
|
|
464
|
|
|
if (!$user || !$friend) { |
465
|
|
|
return; |
466
|
|
|
} |
467
|
|
|
|
468
|
|
|
$acl = $user->getOwnedAccessCollection('friends'); |
469
|
|
|
if (empty($acl)) { |
470
|
|
|
return; |
471
|
|
|
} |
472
|
|
|
$acl->addMember($friend->guid); |
473
|
|
|
} |
474
|
|
|
|
475
|
|
|
/** |
476
|
|
|
* Add the friend to the user friends ACL |
477
|
|
|
* |
478
|
|
|
* @elgg_event 'delete', 'relationship' |
479
|
|
|
* |
480
|
|
|
* @param \Elgg\Event $event event |
481
|
|
|
* |
482
|
|
|
* @return void |
483
|
|
|
* |
484
|
|
|
* @since 3.0.0 |
485
|
|
|
* |
486
|
|
|
* @internal |
487
|
|
|
*/ |
488
|
|
|
function access_friends_acl_remove_friend(\Elgg\Event $event) { |
489
|
6 |
|
$relationship_object = $event->getObject(); |
490
|
6 |
|
if (!($relationship_object instanceof \ElggRelationship)) { |
491
|
|
|
return; |
492
|
|
|
} |
493
|
|
|
|
494
|
6 |
|
if ($relationship_object->relationship !== 'friend') { |
495
|
6 |
|
return; |
496
|
|
|
} |
497
|
|
|
|
498
|
|
|
$user = get_user($relationship_object->guid_one); |
499
|
|
|
$friend = get_user($relationship_object->guid_two); |
500
|
|
|
|
501
|
|
|
if (!$user || !$friend) { |
502
|
|
|
return; |
503
|
|
|
} |
504
|
|
|
|
505
|
|
|
$acl = $user->getOwnedAccessCollection('friends'); |
506
|
|
|
if (empty($acl)) { |
507
|
|
|
return; |
508
|
|
|
} |
509
|
|
|
|
510
|
|
|
$acl->removeMember($friend->guid); |
511
|
|
|
} |
512
|
|
|
|
513
|
|
|
/** |
514
|
|
|
* Return the name of a friends ACL |
515
|
|
|
* |
516
|
|
|
* @elgg_event 'access_collection:name', 'access_collection' |
517
|
|
|
* |
518
|
|
|
* @param \Elgg\Hook $hook hook |
519
|
|
|
* |
520
|
|
|
* @return string|void |
521
|
|
|
* |
522
|
|
|
* @since 3.0.0 |
523
|
|
|
* |
524
|
|
|
* @internal |
525
|
|
|
*/ |
526
|
|
|
function access_friends_acl_get_name(\Elgg\Hook $hook) { |
527
|
4 |
|
$access_collection = $hook->getParam('access_collection'); |
528
|
4 |
|
if (!($access_collection instanceof ElggAccessCollection)) { |
529
|
|
|
return; |
530
|
|
|
} |
531
|
|
|
|
532
|
4 |
|
if ($access_collection->getSubtype() !== 'friends') { |
533
|
4 |
|
return; |
534
|
|
|
} |
535
|
|
|
|
536
|
1 |
|
return elgg_echo('access:label:friends'); |
537
|
|
|
} |
538
|
|
|
|
539
|
|
|
/** |
540
|
|
|
* Runs unit tests for the access library |
541
|
|
|
* |
542
|
|
|
* @param string $hook 'unit_test' |
543
|
|
|
* @param string $type 'system' |
544
|
|
|
* @param array $value current return value |
545
|
|
|
* @param array $params supplied params |
546
|
|
|
* |
547
|
|
|
* @return array |
548
|
|
|
* |
549
|
|
|
* @access private |
550
|
|
|
* @codeCoverageIgnore |
551
|
|
|
*/ |
552
|
|
|
function access_test($hook, $type, $value, $params) { |
|
|
|
|
553
|
|
|
$value[] = ElggCoreAccessCollectionsTest::class; |
554
|
|
|
return $value; |
555
|
|
|
} |
556
|
|
|
|
557
|
|
|
/** |
558
|
|
|
* @see \Elgg\Application::loadCore Do not do work here. Just register for events. |
559
|
|
|
*/ |
560
|
|
|
return function(\Elgg\EventsService $events, \Elgg\HooksRegistrationService $hooks) { |
561
|
|
|
// Tell the access functions the system has booted, plugins are loaded, |
562
|
|
|
// and the user is logged in so it can start caching |
563
|
18 |
|
$events->registerHandler('ready', 'system', 'access_init'); |
564
|
|
|
|
565
|
|
|
// friends ACL events |
566
|
18 |
|
$events->registerHandler('create', 'user', 'access_friends_acl_create'); |
567
|
18 |
|
$events->registerHandler('create', 'relationship', 'access_friends_acl_add_friend'); |
568
|
18 |
|
$events->registerHandler('delete', 'relationship', 'access_friends_acl_remove_friend'); |
569
|
18 |
|
$hooks->registerHandler('access_collection:name', 'access_collection', 'access_friends_acl_get_name'); |
570
|
|
|
|
571
|
18 |
|
$hooks->registerHandler('unit_test', 'system', 'access_test'); |
572
|
|
|
}; |
573
|
|
|
|
This check looks for parameters that have been defined for a function or method, but which are not used in the method body.