/**
* Elgg collection add page
*
- * @package Elgg
- * @subpackage Core
+ * @package Elgg.Core
+ * @subpackage Friends.Collections
*/
$collection_name = get_input('collection_name');
$friends = get_input('friends_collection');
-if (!$collection_name) {
- register_error(elgg_echo("friends:nocollectionname"));
- forward(REFERER);
-}
+//first check to make sure that a collection name has been set and create the new colection
+if ($collection_name) {
-$id = create_access_collection($collection_name);
+ //create the collection
+ $create_collection = create_access_collection($collection_name, elgg_get_logged_in_user_guid());
-if ($id) {
- $result = update_access_collection($id, $friends);
- if ($result) {
- system_message(elgg_echo("friends:collectionadded"));
- // go to the collections page
- forward("pg/collections/" . get_loggedin_user()->username);
- } else {
- register_error(elgg_echo("friends:nocollectionname"));
- forward(REFERER);
+ //if the collection was created and the user passed some friends from the form, add them
+ if ($create_collection && (!empty($friends))) {
+ //add friends to the collection
+ foreach ($friends as $friend) {
+ add_user_to_access_collection($friend, $create_collection);
+ }
}
+
+ // Success message
+ system_message(elgg_echo("friends:collectionadded"));
+ // Forward to the collections page
+ forward("collections/" . elgg_get_logged_in_user_entity()->username);
+
} else {
register_error(elgg_echo("friends:nocollectionname"));
- forward(REFERER);
+
+ // Forward to the add collection page
+ forward("collections/add");
}
}
/**
- * Can the user write to the access collection?
- *
- * Hook into the access:collections:write, user to change this.
- *
- * Respects access control disabling for admin users and {@see elgg_set_ignore_access()}
- *
- * @see get_write_access_array()
- *
- * @param int $collection_id The collection id
- * @param mixed $user_guid The user GUID to check for. Defaults to logged in user.
- * @return bool
- */
-function can_edit_access_collection($collection_id, $user_guid = null) {
- if ($user_guid) {
- $user = get_entity((int) $user_guid);
- } else {
- $user = get_loggedin_user();
- }
-
- $collection = get_access_collection($collection_id);
-
- if (!($user instanceof ElggUser) || !$collection) {
- return false;
- }
-
- $write_access = get_write_access_array($user->getGUID(), null, true);
-
- // don't ignore access when checking users.
- if ($user_guid) {
- return array_key_exists($collection_id, $write_access);
- } else {
- return elgg_get_ignore_access() || array_key_exists($collection_id, $write_access);
- }
-}
-
-/**
- * Creates a new access control collection owned by the specified user.
+ * Creates a new access collection.
*
* Access colletions allow plugins and users to create granular access
* for entities.
SET name = '{$name}',
owner_guid = {$owner_guid},
site_guid = {$site_guid}";
-
if (!$id = insert_data($q)) {
return false;
}
function update_access_collection($collection_id, $members) {
global $CONFIG;
- $acl = get_access_collection($collection_id);
+ $collection_id = (int) $collection_id;
+ $members = (is_array($members)) ? $members : array();
- if (!$acl) {
- return false;
- }
+ $collections = get_write_access_array();
- $members = (is_array($members)) ? $members : array();
+ if (array_key_exists($collection_id, $collections)) {
+ $cur_members = get_members_of_access_collection($collection_id, true);
+ $cur_members = (is_array($cur_members)) ? $cur_members : array();
- $cur_members = get_members_of_access_collection($collection_id, true);
- $cur_members = (is_array($cur_members)) ? $cur_members : array();
+ $remove_members = array_diff($cur_members, $members);
+ $add_members = array_diff($members, $cur_members);
- $remove_members = array_diff($cur_members, $members);
- $add_members = array_diff($members, $cur_members);
+ $params = array(
+ 'collection_id' => $collection_id,
+ 'members' => $members,
+ 'add_members' => $add_members,
+ 'remove_members' => $remove_members
+ );
- $result = true;
+ foreach ($add_members as $guid) {
+ add_user_to_access_collection($guid, $collection_id);
+ }
- foreach ($add_members as $guid) {
- $result = $result && add_user_to_access_collection($guid, $collection_id);
- }
+ foreach ($remove_members as $guid) {
+ remove_user_from_access_collection($guid, $collection_id);
+ }
- foreach ($remove_members as $guid) {
- $result = $result && remove_user_from_access_collection($guid, $collection_id);
+ return true;
}
- return $result;
+ return false;
}
/**
* @see update_access_collection()
*/
function delete_access_collection($collection_id) {
- global $CONFIG;
-
$collection_id = (int) $collection_id;
+ $collections = get_write_access_array(null, null, TRUE);
$params = array('collection_id' => $collection_id);
if (!elgg_trigger_plugin_hook('access:collections:deletecollection', 'collection', $params, true)) {
return false;
}
- // Deleting membership doesn't affect result of deleting ACL.
- $q = "DELETE FROM {$CONFIG->dbprefix}access_collection_membership
- WHERE access_collection_id = {$collection_id}";
- delete_data($q);
+ if (array_key_exists($collection_id, $collections)) {
+ global $CONFIG;
+ $query = "delete from {$CONFIG->dbprefix}access_collection_membership"
+ . " where access_collection_id = {$collection_id}";
+ delete_data($query);
- $q = "DELETE FROM {$CONFIG->dbprefix}access_collections
- WHERE id = {$collection_id}";
- $result = delete_data($q);
+ $query = "delete from {$CONFIG->dbprefix}access_collections where id = {$collection_id}";
+ delete_data($query);
+ return true;
+ } else {
+ return false;
+ }
- return $result;
}
/**
* @see remove_user_from_access_collection()
*/
function add_user_to_access_collection($user_guid, $collection_id) {
- global $CONFIG;
-
$collection_id = (int) $collection_id;
$user_guid = (int) $user_guid;
- $user = get_user($user_guid);
+ $collections = get_write_access_array();
- $collection = get_access_collection($collection_id);
+ if (!($collection = get_access_collection($collection_id))) {
+ return false;
+ }
- if (!($user instanceof Elgguser) || !$collection) {
+ $user = get_user($user_guid);
+ if (!$user) {
return false;
}
+ // to add someone to a collection, the user must be a member of the collection or
+ // no one must own it
+ if ((array_key_exists($collection_id, $collections) || $collection->owner_guid == 0)) {
+ $result = true;
+ } else {
+ $result = false;
+ }
+
$params = array(
'collection_id' => $collection_id,
+ 'collection' => $collection,
'user_guid' => $user_guid
);
- if (!elgg_trigger_plugin_hook('access:collections:add_user', 'collection', $params, true)) {
+ $result = elgg_trigger_plugin_hook('access:collections:add_user', 'collection', $params, $result);
+ if ($result == false) {
return false;
}
try {
- $q = "INSERT INTO {$CONFIG->dbprefix}access_collection_membership
- SET access_collection_id = {$collection_id},
- user_guid = {$user_guid}";
- insert_data($q);
+ global $CONFIG;
+ $query = "insert into {$CONFIG->dbprefix}access_collection_membership"
+ . " set access_collection_id = {$collection_id}, user_guid = {$user_guid}";
+ insert_data($query);
} catch (DatabaseException $e) {
+ // nothing.
return false;
}
* @return true|false Depending on success
*/
function remove_user_from_access_collection($user_guid, $collection_id) {
- global $CONFIG;
-
$collection_id = (int) $collection_id;
$user_guid = (int) $user_guid;
- $user = get_user($user_guid);
+ $collections = get_write_access_array();
+ $user = $user = get_user($user_guid);
- $collection = get_access_collection($collection_id);
-
- if (!($user instanceof Elgguser) || !$collection) {
+ if (!($collection = get_access_collection($collection_id))) {
return false;
}
- $params = array(
- 'collection_id' => $collection_id,
- 'user_guid' => $user_guid
- );
+ if ((array_key_exists($collection_id, $collections) || $collection->owner_guid == 0) && $user) {
+ global $CONFIG;
+ $params = array(
+ 'collection_id' => $collection_id,
+ 'user_guid' => $user_guid
+ );
- if (!elgg_trigger_plugin_hook('access:collections:remove_user', 'collection', $params, true)) {
- return false;
- }
+ if (!elgg_trigger_plugin_hook('access:collections:remove_user', 'collection', $params, true)) {
+ return false;
+ }
- $q = "DELETE FROM {$CONFIG->dbprefix}access_collection_membership
- WHERE access_collection_id = {$collection_id}
- AND user_guid = {$user_guid}";
+ delete_data("delete from {$CONFIG->dbprefix}access_collection_membership "
+ . "where access_collection_id = {$collection_id} and user_guid = {$user_guid}");
+
+ return true;
- return delete_data($q);
+ }
+
+ return false;
}
/**
projects / lorea / elgg.git / commitdiff