Passed
Push — master ( c0a3a7...3b84a4 )
by Jeroen
58:51
created

mod/groups/actions/groups/edit.php (2 issues)

1
<?php
2
/**
3
 * Elgg groups plugin edit action.
4
 *
5
 * If editing an existing group, only the "group_guid" must be submitted. All other form
6
 * elements may be omitted and the corresponding data will be left as is.
7
 *
8
 * @package ElggGroups
9
 */
10
11
elgg_make_sticky_form('groups');
12
13
// Get group fields
14
$input = [];
15
foreach (elgg_get_config('group') as $shortname => $valuetype) {
16
	$value = get_input($shortname);
17
18
	if ($value === null) {
19
		// only submitted fields should be updated
20
		continue;
21
	}
22
23
	$input[$shortname] = $value;
24
25
	// @todo treat profile fields as unescaped: don't filter, encode on output
26
	if (is_array($input[$shortname])) {
27
		array_walk_recursive($input[$shortname], function (&$v) {
28
			$v = elgg_html_decode($v);
29
		});
30
	} else {
31
		$input[$shortname] = elgg_html_decode($input[$shortname]);
32
	}
33
34
	if ($valuetype == 'tags') {
35
		$input[$shortname] = string_to_tag_array($input[$shortname]);
36
	}
37
}
38
39
// only set if submitted
40
$name = elgg_get_title_input('name', null);
41
if ($name !== null) {
42
	$input['name'] = $name;
43
}
44
45
$user = elgg_get_logged_in_user_entity();
46
47
$group_guid = (int) get_input('group_guid');
48
49
if ($group_guid) {
50
	$is_new_group = false;
51
	$group = get_entity($group_guid);
52
	if (!$group instanceof ElggGroup || !$group->canEdit()) {
53
		$error = elgg_echo('groups:cantedit');
54
		return elgg_error_response($error);
55
	}
56
} else {
57
	if (elgg_get_plugin_setting('limited_groups', 'groups') == 'yes' && !$user->isAdmin()) {
58
		$error = elgg_echo('groups:cantcreate');
59
		return elgg_error_response($error);
60
	}
61
	
62
	$container_guid = get_input('container_guid', $user->guid);
63
	$container = get_entity($container_guid);
0 ignored issues
show
It seems like $container_guid can also be of type string; however, parameter $guid of get_entity() does only seem to accept integer, maybe add an additional type check? ( Ignorable by Annotation )

If this is a false-positive, you can also ignore this issue in your code via the ignore-type  annotation

63
	$container = get_entity(/** @scrutinizer ignore-type */ $container_guid);
Loading history...
64
	
65
	if (!$container || !$container->canWriteToContainer($user->guid, 'group')) {
66
		$error = elgg_echo('groups:cantcreate');
67
		return elgg_error_response($error);
68
	}
69
	
70
	$is_new_group = true;
71
	$group = new ElggGroup();
72
	$group->container_guid = $container->guid;
73
}
74
75
// Assume we can edit or this is a new group
76
foreach ($input as $shortname => $value) {
77
	if ($value === '' && !in_array($shortname, ['name', 'description'])) {
78
		// The group profile displays all profile fields that have a value.
79
		// We don't want to display fields with empty string value, so we
80
		// remove the metadata completely.
81
		$group->deleteMetadata($shortname);
82
		continue;
83
	}
84
85
	$group->$shortname = $value;
86
}
87
88
// Validate create
89
if (!$group->name) {
90
	return elgg_error_response(elgg_echo('groups:notitle'));
91
}
92
93
// Set group tool options (only pass along saved entities)
94
$tool_entity = !$is_new_group ? $group : null;
95
$tool_options = elgg_get_group_tool_options($tool_entity);
96
if ($tool_options) {
0 ignored issues
show
Bug Best Practice introduced by
The expression $tool_options of type array is implicitly converted to a boolean; are you sure this is intended? If so, consider using ! empty($expr) instead to make it clear that you intend to check for an array without elements.

This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent.

Consider making the comparison explicit by using empty(..) or ! empty(...) instead.

Loading history...
97
	foreach ($tool_options as $group_option) {
98
		$option_toggle_name = $group_option->name . "_enable";
99
		$value = get_input($option_toggle_name);
100
		if ($value === null) {
101
			continue;
102
		}
103
		
104
		if ($value === 'yes') {
105
			$group->enableTool($group_option->name);
106
		} else {
107
			$group->disableTool($group_option->name);
108
		}
109
	}
110
}
111
112
// Group membership - should these be treated with same constants as access permissions?
113
$value = get_input('membership');
114
if ($group->membership === null || $value !== null) {
115
	$is_public_membership = ($value == ACCESS_PUBLIC);
116
	$group->membership = $is_public_membership ? ACCESS_PUBLIC : ACCESS_PRIVATE;
117
}
118
119
$group->setContentAccessMode((string) get_input('content_access_mode'));
120
121
if ($is_new_group) {
122
	$group->access_id = ACCESS_PUBLIC;
123
}
124
125
$old_owner_guid = $is_new_group ? 0 : $group->owner_guid;
126
127
$value = get_input('owner_guid');
128
$new_owner_guid = ($value === null) ? $old_owner_guid : (int) $value;
129
130
if (!$is_new_group && $new_owner_guid && $new_owner_guid != $old_owner_guid) {
131
	// verify new owner is member and old owner/admin is logged in
132
	if ($group->isMember(get_user($new_owner_guid)) && ($old_owner_guid == $user->guid || $user->isAdmin())) {
133
		$group->owner_guid = $new_owner_guid;
134
		if ($group->container_guid == $old_owner_guid) {
135
			// Even though this action defaults container_guid to the logged in user guid,
136
			// the group may have initially been created with a custom script that assigned
137
			// a different container entity. We want to make sure we preserve the original
138
			// container if it the group is not contained by the original owner.
139
			$group->container_guid = $new_owner_guid;
140
		}
141
	}
142
}
143
144
if ($is_new_group) {
145
	// if new group, we need to save so group acl gets set in event handler
146
	if (!$group->save()) {
147
		return elgg_error_response(elgg_echo('groups:save_error'));
148
	}
149
}
150
151
// Invisible group support
152
// @todo this requires save to be called to create the acl for the group. This
153
// is an odd requirement and should be removed. Either the acl creation happens
154
// in the action or the visibility moves to a plugin hook
155
if (elgg_get_plugin_setting('hidden_groups', 'groups') == 'yes') {
156
	$value = get_input('vis');
157
	if ($is_new_group || $value !== null) {
158
		$visibility = (int) $value;
159
160
		if ($visibility == ACCESS_PRIVATE) {
161
			// Make this group visible only to group members. We need to use
162
			// ACCESS_PRIVATE on the form and convert it to group_acl here
163
			// because new groups do not have acl until they have been saved once.
164
			$acl = _groups_get_group_acl($group);
165
			if ($acl) {
166
				$visibility = $acl->id;
167
			}
168
			
169
			// Force all new group content to be available only to members
170
			$group->setContentAccessMode(ElggGroup::CONTENT_ACCESS_MODE_MEMBERS_ONLY);
171
		}
172
173
		$group->access_id = $visibility;
174
	}
175
}
176
177
if (!$group->save()) {
178
	return elgg_error_response(elgg_echo('groups:save_error'));
179
}
180
181
// group saved so clear sticky form
182
elgg_clear_sticky_form('groups');
183
184
// group creator needs to be member of new group and river entry created
185
if ($is_new_group) {
186
	// @todo this should not be necessary...
187
	elgg_set_page_owner_guid($group->guid);
188
189
	$group->join($user);
190
	elgg_create_river_item([
191
		'view' => 'river/group/create',
192
		'action_type' => 'create',
193
		'object_guid' => $group->guid,
194
	]);
195
}
196
197
$group->saveIconFromUploadedFile('icon');
198
199
$data = [
200
	'entity' => $group,
201
];
202
return elgg_ok_response($data, elgg_echo('groups:saved'), $group->getURL());
203