if (!isset($owner)) {
$owner = get_loggedin_userid();
}
- if (!$owner) $owner = -1;
- $access = get_access_list($owner);
-
- // do NOT use $is_admin global user here, since that only checks against
+ // do NOT use $is_admin global here, since that only checks against
// the current logged in user.
+ // Can't use metadata here because because of recursion.
+ // (get_entity, get_*() calls this function.)
+ if (!$owner) {
+ $owner = -1;
+ $admin = false;
+ } else {
+ $admin = is_admin_user($owner);
+ }
+
+ $access = get_access_list($owner);
- if ($owner->admin == 'yes') {
+ if ($admin) {
$sql = " (1 = 1) ";
} else if ($owner != -1) {
$friends_bit = $table_prefix.'access_id = '.ACCESS_FRIENDS.' AND ';
// This function will let us know when 'init' has finished
register_elgg_event_handler('init','system','access_init',9999);
-?>
\ No newline at end of file
+?>
return false;
}
+ /**
+ * Check if the given user is an admin.
+ *
+ * @param $user_guid
+ * @return bool
+ */
+ function is_admin_user($user_guid) {
+ global $CONFIG;
+
+ // caching is done at the db level so no need to here.
+ $query = "SELECT * FROM {$CONFIG->dbprefix}users_entity as e, {$CONFIG->dbprefix}metastrings as ms1, {$CONFIG->dbprefix}metastrings as ms2, {$CONFIG->dbprefix}metadata as md
+ WHERE (
+ ms1.string = 'admin' AND ms2.string = 'yes'
+ AND md.name_id = ms1.id AND md.value_id = ms2.id
+ AND e.guid = md.entity_guid
+ AND e.guid = {$user_guid}
+ AND e.banned = 'no'
+ )
+ OR (
+ ms1.string = 'admin' AND ms2.string = '1'
+ AND md.name_id = ms1.id AND md.value_id = ms2.id
+ AND e.guid = md.entity_guid
+ AND e.guid = {$user_guid}
+ AND e.banned = 'no'
+ )";
+
+ // normalizing the results from get_data()
+ // See #1242
+ $info = get_data($query);
+ if (!((is_array($info) && count($info) < 1) || $info === false)) {
+ return true;
+ }
+ return false;
+ }
+
/**
* Perform standard authentication with a given username and password.
* Returns an ElggUser object for use with login.
projects / lorea / elgg.git / commitdiff