Coding standards
Security in ResourceSpace
Developer reference
Database
Action functions
Admin functions
Ajax functions
Annotation functions
API functions
Collections functions
Comment functions
Config functions
CSV export functions
Dash functions
Debug functions
Encryption functions
Facial recognition functions
File functions
General functions
Language functions
Log functions
Login functions
Message functions
Migration functions
Node functions
PDF functions
Plugin functions
Render functions
Reporting functions
Request functions
Research functions
Slideshow functions
Theme permission functions
User functions
Video functions
Database functions
Metadata functions
Resource functions
Search functions
Map functions
Job functions
Tab functions
Test functions

featured_collections_permissions_filter_sql()

Description

Build appropriate SQL (for WHERE clause) to filter out featured collections for the user. The function will use either an
IN or NOT IN depending which list is smaller to increase performance of the search

this is part of.

Parameters

ColumnTypeDefaultDescription
$prefix string SQL WHERE clause element. Mostly should be either WHERE, AND -or- OR depending on the SQL statement
$column string SQL column on which to apply the filter for
$returnstring bool false (temporary) Will return the legacy string version until do_search() and others are migrated to use prepared statements. This can be removed once all functions use prepared statements

Return

array|string Returns "" if user should see all featured collections or a SQL filter (e.g AND ref IN("32", "34") ) with the placholders as the first element and the collection IDs as params for the second - for use in e.g. ps_query(), ps_value()

Location

include/collections_functions.php lines 5586 to 5640

Definition

 
function featured_collections_permissions_filter_sql(string $prefixstring $columnbool $returnstring =false)
    {
    global 
$CACHE_FC_PERMS_FILTER_SQL;
    
$CACHE_FC_PERMS_FILTER_SQL = (!is_null($CACHE_FC_PERMS_FILTER_SQL) && is_array($CACHE_FC_PERMS_FILTER_SQL) ? $CACHE_FC_PERMS_FILTER_SQL : array());
    
$cache_id md5("{$prefix}-{$column}");
    if ((isset(
$CACHE_FC_PERMS_FILTER_SQL[$cache_id]) 
            && 
is_string($CACHE_FC_PERMS_FILTER_SQL[$cache_id]) 
            && 
$returnstring)
        || (isset(
$CACHE_FC_PERMS_FILTER_SQL[$cache_id]) 
            && 
is_array($CACHE_FC_PERMS_FILTER_SQL[$cache_id]))
    )
        {
        return 
$CACHE_FC_PERMS_FILTER_SQL[$cache_id];
        }

    
// $prefix & $column are used to generate the right SQL (e.g AND ref IN(list of IDs)). If developer/code, passes empty strings,
    // that's not this functions' responsibility. We could error here but the code will error anyway because of the bad SQL so
    // we might as well fix the problem at its root (ie. where we call this function with bad input arguments).
    
$prefix " " trim($prefix);
    
$column trim($column);

    
$computed_fcs compute_featured_collections_access_control();

    if(
$computed_fcs === true)
        {
        
$return ""# No access control needed! User should see all featured collections
        
}
    elseif(
is_array($computed_fcs))
        {
        if(
$returnstring)
            {
            
$fcs_list "'" join("', '"$computed_fcs) . "'";
            
$return "{$prefix} {$column} IN ({$fcs_list})";
            }
        else
            {
            
$return = array("{$prefix} {$column} IN (" ps_param_insert(count($computed_fcs)) . ")",ps_param_fill($computed_fcs,"i"));
            }
        }
    else
        {
        
// User is not allowed to see any of the available FCs if($returnstring)
        
if($returnstring)
            {
            
$return "{$prefix} 1 = 0";
            }
        else
            {
            
$return = [$prefix " 1 = 0",[]];
            }
        }

    
$CACHE_FC_PERMS_FILTER_SQL[$cache_id] = $return;
    return 
$return;
    }

This article was last updated 11th December 2024 19:05 Europe/London time based on the source file dated 11th December 2024 15:55 Europe/London time.