Collections functions
General functions
Render functions
Theme permission functions
Resource functions

search_filter()

Parameters

ColumnTypeDefaultDescription
$search
$archive
$restypes
$recent_search_daylimit
$access_override
$return_disk_usage
$editable_only false
$access null
$smartsearch false

Location

include/search_functions.php lines 776 to 1180

Definition

 
function search_filter($search,$archive,$restypes,$recent_search_daylimit,$access_override,$return_disk_usage,$editable_only=false$access null$smartsearch false)
    {
    
debug_function_call("search_filter"func_get_args());

    global 
$userref,$userpermissions,$resource_created_by_filter,$uploader_view_override,$edit_access_for_contributor,$additional_archive_states,$heightmin,
    
$geo_search_restrict,$pending_review_visible_to_all,$search_all_workflow_states,$pending_submission_searchable_to_all,$collections_omit_archived,$k,$collection_allow_not_approved_share,$archive_standard;
    
    if (
hook("modifyuserpermissions")){$userpermissions=hook("modifyuserpermissions");}
    
$userpermissions = (isset($userpermissions)) ? $userpermissions : array();
    
    
# Convert the provided search parameters into appropriate SQL, ready for inclusion in the do_search() search query.
    
if(!is_array($archive)){$archive=explode(",",$archive);}
    
$archive array_filter($archive,function($state){return (string)(int)$state==(string)$state;}); // remove non-numeric values

    
$sql_filter = new PreparedStatementQuery();

    
# Apply resource types
    
if (($restypes!="")&&(substr($restypes,0,6)!="Global") && substr($search011) != '!collection')
        {
        if (
$sql_filter->sql != "")
            {
            
$sql_filter->sql.=" AND ";
            }
        
$restypes_x=explode(",",$restypes);
        
$sql_filter->sql.="resource_type IN (" ps_param_insert(count($restypes_x)) . ")";
        
$sql_filter->parameters array_merge($sql_filter->parametersps_param_fill($restypes_x,"i"));
        }

    
# Apply day limit
    
if('' != $recent_search_daylimit && is_numeric($recent_search_daylimit))
        {
        if(
'' != $sql_filter->sql)
            {
            
$sql_filter->sql .= ' AND ';
            }

        
$sql_filter->sql.= "creation_date > (curdate() - interval ? DAY)";
        
$sql_filter->parameters array_merge($sql_filter->parameters,["i",$recent_search_daylimit]);
        }

    
# The ability to restrict access by the user that created the resource.
    
if (isset($resource_created_by_filter) && count($resource_created_by_filter)>0)
        {
        
$created_filter="";
        
$created_filter_params = [];
        foreach (
$resource_created_by_filter as $filter_user)
            {
            if (
$filter_user==-1) {$filter_user=$userref;} # '-1' can be used as an alias to the current user. I.e. they can only see their own resources in search results.
            
if ($created_filter!="")
                {
                
$created_filter.=" OR ";
                } 
            
$created_filter .= "created_by = ?";
            
$created_filter_params[] = "i";
            
$created_filter_params[] = $filter_user;
            }
        if (
$created_filter!="")
            {
            if (
$sql_filter->sql!="") {$sql_filter->sql.=" AND ";}
            
$sql_filter->sql .= "(" $created_filter ")";
            
$sql_filter->parameters array_merge($sql_filter->parameters,$created_filter_params);
            }
        }


    
# Geo zone exclusion
    # A list of upper/lower long/lat bounds, defining areas that will be excluded from geo search results.
    # Areas are defined as southwest lat, southwest long, northeast lat, northeast long
    
if (count($geo_search_restrict)>&& substr($search,0,4)=="!geo")
        {
        foreach (
$geo_search_restrict as $zone)
            {
            if (
$sql_filter->sql!="") {$sql_filter->sql.=" AND ";}
            
$sql_filter->sql.= "(geo_lat IS null OR geo_long IS null OR not(geo_lat >= ? AND geo_lat<= ?";
            
$sql_filter->sql.= " AND geo_long >= ? AND geo_long<= ?))";
            
// Note the order below is not in ascending order
            
$sql_filter->parameters array_merge($sql_filter->parameters,$zone[0],$zone[2],$zone[1],$zone[3]);
            }
        }

    
# append resource type restrictions based on 'T' permission 
    # look for all 'T' permissions and append to the SQL filter.
    
$rtfilter=array();
    
    for (
$n=0;$n<count($userpermissions);$n++)
        {
        if (
substr($userpermissions[$n],0,1)=="T")
            {
            
$rt=substr($userpermissions[$n],1);
            if (
is_numeric($rt)&&!$access_override) {$rtfilter[]=$rt;}
            }
        }
    if (
count($rtfilter)>0)
        {
        if (
$sql_filter->sql!="") {$sql_filter->sql.=" AND ";}
        
$sql_filter->sql.="resource_type NOT IN (" ps_param_insert(count($rtfilter)) . ")";
        
$sql_filter->parameters array_merge($sql_filter->parameters,ps_param_fill($rtfilter,"i"));
        }

    
# append "use" access rights, do not show confidential resources unless admin
    
if (!checkperm("v")&&!$access_override)
        {
        if (
$sql_filter->sql!="") {$sql_filter->sql.=" AND ";}
        
# Check both the resource access, but if confidential is returned, also look at the joined user-specific or group-specific custom access for rows.
        
$sql_filter->sql .= "(r.access<>'2' OR (r.access=2 AND ((rca.access IS NOT null AND rca.access<>2) OR (rca2.access IS NOT null AND rca2.access<>2))))";
        }
        
    
# append standard archive searching criteria. Updated Jan 2016 to apply to collections as resources in a pending state that are in a shared collection could bypass approval process
    
if (!$access_override)
        {
        if(
substr($search,0,11)=="!collection" || substr($search,0,5)=="!list" || substr($search,0,15)=="!archivepending" || substr($search,0,12)=="!userpending")
            {
            
# Resources in a collection or list may be in any archive state
            # Other special searches define the archive state in search_special()
            
if(substr($search,0,11)=="!collection" && $collections_omit_archived && !checkperm("e2"))
                {
                
$sql_filter->sql.= (($sql_filter->sql!="")?" AND ":"") . "archive<>2";
                }
            }
        elseif (
$search_all_workflow_states || substr($search,0,8)=="!related" || substr($search,0,8)=="!hasdata" || strpos($search,"integrityfail") !== false)
            {
            
hook("search_all_workflow_states_filter","",[$sql_filter]);
            }   
        elseif (
count($archive) == || $archive_standard && !$smartsearch)
            {
            
# If no archive specified add in default archive states (set by config options or as set in rse_workflow plugin)
            # Defaults are not used if searching smartsearch collection, actual values will be used instead
            
if ($sql_filter->sql!="") {$sql_filter->sql.=" AND ";}
            
$defaultsearchstates get_default_search_states();
            if(
count($defaultsearchstates) == 0)
                {
                
// Make sure we have at least one state - system has been misconfigured
                
$defaultsearchstates[] = 0;
                }
            
$sql_filter->sql.="archive IN (" ps_param_insert(count($defaultsearchstates)) . ")";
            
$sql_filter->parameters array_merge($sql_filter->parameters,ps_param_fill($defaultsearchstates,"i"));
            }
        else
            {
            
# Append normal filtering - extended as advanced search now allows searching by archive state
            
if($sql_filter->sql!="")
                {
                
$sql_filter->sql.=" AND ";
                }
            
$sql_filter->sql.="archive IN (" ps_param_insert(count($archive)) . ")";
            
$sql_filter->parameters array_merge($sql_filter->parameters,ps_param_fill($archive,"i"));
            }
        if (!
checkperm("v") && !(substr($search,0,11)=="!collection" && $k!='' && $collection_allow_not_approved_share)) 
            {
            
$pending_states_visible_to_all_sql      "";
            
$pending_states_visible_to_all_params   = [];
            
# Append standard filtering to hide resources in a pending state, whatever the search
            
if (!$pending_submission_searchable_to_all)
                {
                
$pending_states_visible_to_all_sql.= "(r.archive<>-2 OR r.created_by = ?)";
                
$pending_states_visible_to_all_params = ["i",$userref];
                }
            if (!
$pending_review_visible_to_all)
                {
                
$pending_states_visible_to_all_sql .= (($pending_states_visible_to_all_sql!="")?" AND ":"") . "(r.archive<>-1 OR r.created_by = ?)";
                
array_push($pending_states_visible_to_all_params,"i",$userref);
                }

            if (
$pending_states_visible_to_all_sql != "")
                {
                
#Except when the resource is type that the user has ert permission for
                
$rtexclusions "";
                
$rtexclusions_params = [];
                for (
$n=0;$n<count($userpermissions);$n++)
                    {
                    if (
substr($userpermissions[$n],0,3)=="ert")
                        {
                        
$rt=substr($userpermissions[$n],3);
                        if (
is_int_loose($rt))
                            {
                            
$rtexclusions .= " OR (resource_type = ?)";
                            
array_push($rtexclusions_params,"i",$rt);
                            }
                        }
                    }
                
$sql_filter->sql .= " AND ((" $pending_states_visible_to_all_sql ") " $rtexclusions ")";
                
$sql_filter->parameters array_merge($sql_filter->parameters,$pending_states_visible_to_all_params,$rtexclusions_params);
                unset(
$rtexclusions);
                }
            }
        }
    
# Add code to filter out resoures in archive states that the user does not have access to due to a 'z' permission
    
$filterblockstates          = [];
    for (
$n=-2;$n<=3;$n++)
        {
        if(
checkperm("z" $n) && !$access_override)
            {
            
$filterblockstates[] = $n;
            }
        }

    foreach (
$additional_archive_states as $additional_archive_state)
        {
        if(
checkperm("z" $additional_archive_state))
            {
            
$filterblockstates[] = $additional_archive_state;
            }
        }
    if (
count($filterblockstates) > && !$access_override)
        {
        if (
$uploader_view_override)
            {
            if (
$sql_filter->sql != "")
                {
                
$sql_filter->sql .= " AND ";
                }
            
$sql_filter->sql .= "(archive NOT IN (" ps_param_insert(count($filterblockstates)) . ") OR created_by = ?)";
            
$sql_filter->parameters array_merge($sql_filter->parameters,ps_param_fill($filterblockstates,"i"));
            
$sql_filter->parameters[] = "i";
            
$sql_filter->parameters[] = $userref;
            }
        else
            {
            if (
$sql_filter->sql != "") {$sql_filter->sql .= " AND ";}
            
$sql_filter->sql.="archive NOT IN (" ps_param_insert(count(