Collections functions
Encryption functions
General functions
Theme permission functions
Resource functions

collection_writeable()

Description

Is the collection $collection writable by the current user?
Returns true if the current user has write access to the given collection.

Parameters

ColumnTypeDefaultDescription
$collection integer

Return

boolean

Location

include/collections_functions.php lines 384 to 428

Definition

 
function collection_writeable($collection)
    {
    
$collectiondata=get_collection($collection);
    global 
$userref,$usergroup;
    global 
$allow_smart_collections;
    if (
$allow_smart_collections && !isset($userref))
        { 
        if (isset(
$collectiondata['savedsearch'])&&$collectiondata['savedsearch']!=null)
            {
            return 
false// so "you cannot modify this collection"
            
}
        }
    
    
# Load a list of attached users
    
$attached=sql_array("select user value from user_collection where collection='" escape_check($collection) . "'");
    
$attached_groups=sql_array("select usergroup value from usergroup_collection where collection='" escape_check($collection) . "'");
    
    
// Can edit if 
    // - The user owns the collection (if we are anonymous user and are using session collections then this must also have the same session id )
    // - The user has system setup access (needs to be able to sort out user issues)
    // - Collection changes are allowed and :-
    //    a) User is attached to the collection or
    //    b) Collection is public or a theme and the user either has the 'h' permission or the collection is editable
        
        
    
global $usercollection,$username,$anonymous_login,$anonymous_user_session_collection$rs_session;
    
debug("collection session : " $collectiondata["session_id"]);
    
debug("collection user : " $collectiondata["user"]);
    
debug("anonymous_login : " $anonymous_login);
    
debug("userref : " $userref);
    
debug("username : " $username);
    
debug("anonymous_user_session_collection : " . (($anonymous_user_session_collection)?"TRUE":"FALSE"));
        
    
$writable=
        
// User either owns collection AND is not the anonymous user, or is the anonymous user with a matching/no session
        
($userref==$collectiondata["user"] && (!isset($anonymous_login) || $username!=$anonymous_login || !$anonymous_user_session_collection || $collectiondata["session_id"]==$rs_session))
        
// Collection is public AND either they have the 'h' permission OR allow_changes has been set
        
|| ((checkperm("h") || $collectiondata["allow_changes"]==1) && $collectiondata["public"]==1)
        
// Collection has been shared but is not public AND user is either attached or in attached group
        
|| ($collectiondata["allow_changes"]==&& $collectiondata["public"]==&& (in_array($userref,$attached) || in_array($usergroup,$attached_groups)))
        
// System admin
        
|| checkperm("a");
    return 
$writable;
    
    }

This article was last updated 12th July 2020 01:35 Europe/London time based on the source file dated 9th July 2020 17:22 Europe/London time.