Collections functions
General functions
Node functions
Render functions
Theme permission functions
User functions
Resource functions

get_edit_access()

Description

Check if current user has edit access to a resource. Checks the edit permissions (e0, e-1 etc.) and also the group
edit filter which filters edit access based on resource metadata.

Parameters

ColumnTypeDefaultDescription
$resource int Resource ID
$status int Archive status ID. Use -999 to use the one from resourcedata argument
&$resourcedata array []: bool { global $userref
$usergroup
$usereditfilter
$edit_access_for_contributor
$userpermissions
$lang
$baseurl
$userdata
$resourcedata;
''
array$resource
$resourcedata array

Location

include/resource_functions.php lines 5540 to 5659

Definition

 
function get_edit_access($resourceint $status=-999, array &$resourcedata = []): bool
    
{
    global 
$userref,$usergroup$usereditfilter,$edit_access_for_contributor,
    
$userpermissions$lang$baseurl$userdata$edit_only_own_contributions;

    
$plugincustomeditaccess hook('customediteaccess','',array($resource,$status,$resourcedata));
    if(
$plugincustomeditaccess)
        {
        return 
'false' === $plugincustomeditaccess false true;
        }

    if (
$resourcedata === [])
        {
        
$resourcedata=get_resource_data($resource);
        }

    if(
$resourcedata === [] || $resourcedata === false)
        {
        return 
false;
        }
    if (
$status==-999# Archive status may not be passed
        
{$status=$resourcedata["archive"];}

    if (
$resource == 0-(int)$userref) {return true;} # Can always edit their own user template.

    # If $edit_access_for_contributor is true in config then users can always edit their own resources.
    
if ($edit_access_for_contributor && $userref==$resourcedata["created_by"]) {return true;}

    if(
$edit_only_own_contributions && $userref != $resourcedata["created_by"])
        {
        return 
false;
        }

    
# Must have edit permission to this resource first and foremost, before checking the filter.
    
if ((!checkperm("e" $status) && !checkperm("ert" $resourcedata['resource_type']))
        ||
        (
checkperm("XE" $resourcedata['resource_type']))
        ||
        (
checkperm("XE") && !checkperm("XE-" $resourcedata['resource_type']))
        )
        {
        return 
false;
        }

    
# Cannot edit if z permission
    
if (checkperm("z" $status)) {return false;}

    
# Cannot edit if accessing upload share and resource not in the collection associated witrh their session
    
$external_upload upload_share_active();
    if(
$external_upload && !in_array($resource,get_collection_resources($external_upload)))
        {
        return 
false;
        }

    
# Cannot edit if pending status (<0) and neither admin ('t') nor created by currentuser
    #             and does not have force edit access to the resource type
    
if (    $status<&& !( checkperm("t") || $resourcedata['created_by'] == $userref )
         && !
checkperm("ert" $resourcedata['resource_type'])
       )
        {
        return 
false;
        }

    
$gotmatch=false;

    if(
strlen(trim((string) $usereditfilter)) > 0
        
&& !is_numeric($usereditfilter)
        && 
trim($userdata[0]["edit_filter"]) != ""
        
&& $userdata[0]["edit_filter_id"] != -1
        
)
        {
        
// Migrate unless marked not to due to failure (flag will be reset if group is edited)
        
$migrateeditfilter edit_filter_to_restype_permission($usereditfilter$usergroup$userpermissionstrue);
        if(
trim($usereditfilter) !== "")
            {
            
$migrateresult migrate_filter($migrateeditfilter);
            }
        else
            {
            
$migrateresult 0// filter was only for resource type, not failed but no need to migrate again
            
}

        
$notification_users get_notification_users();
        if(
is_numeric($migrateresult))
            {
            
// Successfully migrated - now use the new filter
            
ps_query("UPDATE usergroup SET edit_filter_id=? WHERE ref=?",array("i",$migrateresult,"i",$usergroup));
            
debug("FILTER MIGRATION: Migrated edit filter - '" $usereditfilter "' filter id#" $migrateresult);
            
$usereditfilter $migrateresult;
            }
        elseif(
is_array($migrateresult))
            {
            
debug("FILTER MIGRATION: Error migrating filter: '" $usereditfilter "' - " implode('\n' ,$migrateresult));
            
// Error - set flag so as not to reattempt migration and notify admins of failure
            
ps_query("UPDATE usergroup SET edit_filter_id='0' WHERE ref=?",array("i",$usergroup));
            
message_add(array_column($notification_users,"ref"), $lang["filter_migration"] . " - " $lang["filter_migrate_error"] . ": <br/>" implode('\n' ,$migrateresult),generateURL($baseurl "/pages/admin/admin_group_management_edit.php",array("ref"=>$usergroup)));
            }
        }

    if (
trim((string) $usereditfilter)=="" || ($status<&& $resourcedata['created_by'] == $userref)) # No filter set, or resource was contributed by user and is still in a User Contributed state in which case the edit filter should not be applied.
        
{
        
$gotmatch true;
        }
    elseif(
is_int_loose($usereditfilter) && $usereditfilter 0)
        {
        
$gotmatch filter_check($usereditfilterget_resource_nodes($resource));
        }

    if (
$gotmatch)
        {
        
$gotmatch = !hook("denyafterusereditfilter");
        }

    if(
checkperm("ert" $resourcedata['resource_type']))
        {
        return 
true;
        }

    return 
$gotmatch;
    }

This article was last updated 19th March 2024 07:05 Europe/London time based on the source file dated 11th March 2024 14:25 Europe/London time.