1 | <?php |
||
2 | /** |
||
3 | * Elgg groups plugin edit action. |
||
4 | * |
||
5 | * If editing an existing group, only the "group_guid" must be submitted. All other form |
||
6 | * elements may be omitted and the corresponding data will be left as is. |
||
7 | * |
||
8 | * @package ElggGroups |
||
9 | */ |
||
10 | |||
11 | elgg_make_sticky_form('groups'); |
||
12 | |||
13 | // Get group fields |
||
14 | $input = []; |
||
15 | foreach (elgg_get_config('group') as $shortname => $valuetype) { |
||
16 | $value = get_input($shortname); |
||
17 | |||
18 | if ($value === null) { |
||
19 | // only submitted fields should be updated |
||
20 | continue; |
||
21 | } |
||
22 | |||
23 | $input[$shortname] = $value; |
||
24 | |||
25 | // @todo treat profile fields as unescaped: don't filter, encode on output |
||
26 | if (is_array($input[$shortname])) { |
||
27 | array_walk_recursive($input[$shortname], function (&$v) { |
||
28 | $v = elgg_html_decode($v); |
||
29 | }); |
||
30 | } else { |
||
31 | $input[$shortname] = elgg_html_decode($input[$shortname]); |
||
32 | } |
||
33 | |||
34 | if ($valuetype == 'tags') { |
||
35 | $input[$shortname] = string_to_tag_array($input[$shortname]); |
||
36 | } |
||
37 | } |
||
38 | |||
39 | // only set if submitted |
||
40 | $name = elgg_get_title_input('name', null); |
||
41 | if ($name !== null) { |
||
42 | $input['name'] = $name; |
||
43 | } |
||
44 | |||
45 | $user = elgg_get_logged_in_user_entity(); |
||
46 | |||
47 | $group_guid = (int) get_input('group_guid'); |
||
48 | |||
49 | if ($group_guid) { |
||
50 | $is_new_group = false; |
||
51 | $group = get_entity($group_guid); |
||
52 | if (!$group instanceof ElggGroup || !$group->canEdit()) { |
||
53 | $error = elgg_echo('groups:cantedit'); |
||
54 | return elgg_error_response($error); |
||
55 | } |
||
56 | } else { |
||
57 | if (elgg_get_plugin_setting('limited_groups', 'groups') == 'yes' && !$user->isAdmin()) { |
||
58 | $error = elgg_echo('groups:cantcreate'); |
||
59 | return elgg_error_response($error); |
||
60 | } |
||
61 | |||
62 | $container_guid = get_input('container_guid', $user->guid); |
||
63 | $container = get_entity($container_guid); |
||
64 | |||
65 | if (!$container || !$container->canWriteToContainer($user->guid, 'group')) { |
||
66 | $error = elgg_echo('groups:cantcreate'); |
||
67 | return elgg_error_response($error); |
||
68 | } |
||
69 | |||
70 | $is_new_group = true; |
||
71 | $group = new ElggGroup(); |
||
72 | $group->container_guid = $container->guid; |
||
73 | } |
||
74 | |||
75 | // Assume we can edit or this is a new group |
||
76 | foreach ($input as $shortname => $value) { |
||
77 | if ($value === '' && !in_array($shortname, ['name', 'description'])) { |
||
78 | // The group profile displays all profile fields that have a value. |
||
79 | // We don't want to display fields with empty string value, so we |
||
80 | // remove the metadata completely. |
||
81 | $group->deleteMetadata($shortname); |
||
82 | continue; |
||
83 | } |
||
84 | |||
85 | $group->$shortname = $value; |
||
86 | } |
||
87 | |||
88 | // Validate create |
||
89 | if (!$group->name) { |
||
90 | return elgg_error_response(elgg_echo('groups:notitle')); |
||
91 | } |
||
92 | |||
93 | // Set group tool options (only pass along saved entities) |
||
94 | $tool_entity = !$is_new_group ? $group : null; |
||
95 | $tool_options = elgg_get_group_tool_options($tool_entity); |
||
96 | if ($tool_options) { |
||
0 ignored issues
–
show
|
|||
97 | foreach ($tool_options as $group_option) { |
||
98 | $option_toggle_name = $group_option->name . "_enable"; |
||
99 | $value = get_input($option_toggle_name); |
||
100 | if ($value === null) { |
||
101 | continue; |
||
102 | } |
||
103 | |||
104 | if ($value === 'yes') { |
||
105 | $group->enableTool($group_option->name); |
||
106 | } else { |
||
107 | $group->disableTool($group_option->name); |
||
108 | } |
||
109 | } |
||
110 | } |
||
111 | |||
112 | // Group membership - should these be treated with same constants as access permissions? |
||
113 | $value = get_input('membership'); |
||
114 | if ($group->membership === null || $value !== null) { |
||
115 | $is_public_membership = ($value == ACCESS_PUBLIC); |
||
116 | $group->membership = $is_public_membership ? ACCESS_PUBLIC : ACCESS_PRIVATE; |
||
117 | } |
||
118 | |||
119 | $group->setContentAccessMode((string) get_input('content_access_mode')); |
||
120 | |||
121 | if ($is_new_group) { |
||
122 | $group->access_id = ACCESS_PUBLIC; |
||
123 | } |
||
124 | |||
125 | $old_owner_guid = $is_new_group ? 0 : $group->owner_guid; |
||
126 | |||
127 | $value = get_input('owner_guid'); |
||
128 | $new_owner_guid = ($value === null) ? $old_owner_guid : (int) $value; |
||
129 | |||
130 | if (!$is_new_group && $new_owner_guid && $new_owner_guid != $old_owner_guid) { |
||
131 | // verify new owner is member and old owner/admin is logged in |
||
132 | if ($group->isMember(get_user($new_owner_guid)) && ($old_owner_guid == $user->guid || $user->isAdmin())) { |
||
133 | $group->owner_guid = $new_owner_guid; |
||
134 | if ($group->container_guid == $old_owner_guid) { |
||
135 | // Even though this action defaults container_guid to the logged in user guid, |
||
136 | // the group may have initially been created with a custom script that assigned |
||
137 | // a different container entity. We want to make sure we preserve the original |
||
138 | // container if it the group is not contained by the original owner. |
||
139 | $group->container_guid = $new_owner_guid; |
||
140 | } |
||
141 | } |
||
142 | } |
||
143 | |||
144 | if ($is_new_group) { |
||
145 | // if new group, we need to save so group acl gets set in event handler |
||
146 | if (!$group->save()) { |
||
147 | return elgg_error_response(elgg_echo('groups:save_error')); |
||
148 | } |
||
149 | } |
||
150 | |||
151 | // Invisible group support |
||
152 | // @todo this requires save to be called to create the acl for the group. This |
||
153 | // is an odd requirement and should be removed. Either the acl creation happens |
||
154 | // in the action or the visibility moves to a plugin hook |
||
155 | if (elgg_get_plugin_setting('hidden_groups', 'groups') == 'yes') { |
||
156 | $value = get_input('vis'); |
||
157 | if ($is_new_group || $value !== null) { |
||
158 | $visibility = (int) $value; |
||
159 | |||
160 | if ($visibility == ACCESS_PRIVATE) { |
||
161 | // Make this group visible only to group members. We need to use |
||
162 | // ACCESS_PRIVATE on the form and convert it to group_acl here |
||
163 | // because new groups do not have acl until they have been saved once. |
||
164 | $acl = _groups_get_group_acl($group); |
||
165 | if ($acl) { |
||
166 | $visibility = $acl->id; |
||
167 | } |
||
168 | |||
169 | // Force all new group content to be available only to members |
||
170 | $group->setContentAccessMode(ElggGroup::CONTENT_ACCESS_MODE_MEMBERS_ONLY); |
||
171 | } |
||
172 | |||
173 | $group->access_id = $visibility; |
||
174 | } |
||
175 | } |
||
176 | |||
177 | if (!$group->save()) { |
||
178 | return elgg_error_response(elgg_echo('groups:save_error')); |
||
179 | } |
||
180 | |||
181 | // group saved so clear sticky form |
||
182 | elgg_clear_sticky_form('groups'); |
||
183 | |||
184 | // group creator needs to be member of new group and river entry created |
||
185 | if ($is_new_group) { |
||
186 | // @todo this should not be necessary... |
||
187 | elgg_set_page_owner_guid($group->guid); |
||
188 | |||
189 | $group->join($user); |
||
190 | elgg_create_river_item([ |
||
191 | 'view' => 'river/group/create', |
||
192 | 'action_type' => 'create', |
||
193 | 'object_guid' => $group->guid, |
||
194 | ]); |
||
195 | } |
||
196 | |||
197 | $group->saveIconFromUploadedFile('icon'); |
||
198 | |||
199 | $data = [ |
||
200 | 'entity' => $group, |
||
201 | ]; |
||
202 | return elgg_ok_response($data, elgg_echo('groups:saved'), $group->getURL()); |
||
203 |
This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent.
Consider making the comparison explicit by using
empty(..)
or! empty(...)
instead.