Coding standards
Security in ResourceSpace
Developer reference
Database
Action functions
Admin functions
Ajax functions
Annotation functions
API functions
Collections functions
Comment functions
Config functions
CSV export functions
Dash functions
Debug functions
Encryption functions
Facial recognition functions
File functions
General functions
Language functions
Log functions
Login functions
Message functions
Migration functions
Node functions
PDF functions
Plugin functions
Render functions
Reporting functions
Request functions
Research functions
Slideshow functions
Theme permission functions
User functions
Video functions
Database functions
Metadata functions
Resource functions
Search functions
Map functions
Job functions
Tab functions
Test functions

collection_writeable()

Parameters

ColumnTypeDefaultDescription
$collection

Location

include/collections_functions.php lines 650 to 721

Definition

 
function collection_writeable($collection)
    {
    $collectiondata get_collection($collection);
    if($collectiondata===false)
        {
        return false;
        }

    global $userref,$usergroup$allow_smart_collections;
    if (
        $allow_smart_collections && !isset($userref)
        && isset($collectiondata['savedsearch'])&&$collectiondata['savedsearch'] != null
        ) { 
            return false// so "you cannot modify this collection"
        }
    if($collectiondata['type']==COLLECTION_TYPE_REQUEST && !checkperm('R'))
        {
        return false;
        }

    # Load a list of attached users
    $attached ps_array("SELECT user value FROM user_collection WHERE collection = ?",["i",$collection]);
    $attached_groups ps_array("SELECT usergroup value FROM usergroup_collection WHERE collection = ?",["i",$collection]);

    // Can edit if 
    // - The user owns the collection (if we are anonymous user and are using session collections then this must also have the same session id )
    // - The user has system setup access (needs to be able to sort out user issues)
    // - Collection changes are allowed and :-
    //    a) User is attached to the collection or
    //    b) Collection is public or a theme and the user either has the 'h' permission or the collection is editable

    global $usercollection,$username,$anonymous_login,$anonymous_user_session_collection$rs_session;
    debug("collection session : " $collectiondata["session_id"]);
    debug("collection user : " $collectiondata["user"]);
    debug("anonymous_login : " . isset($anonymous_login) && is_string($anonymous_login) ? $anonymous_login "(no)");
    debug("userref : " $userref);
    debug("username : " $username);
    debug("anonymous_user_session_collection : " . (($anonymous_user_session_collection)?"TRUE":"FALSE"));

    $writable=
        // User either owns collection AND is not the anonymous user, or is the anonymous user with a matching/no session
        ($userref==$collectiondata["user"] && (!isset($anonymous_login) || $username!=$anonymous_login || !$anonymous_user_session_collection || $collectiondata["session_id"]==$rs_session))
        // Collection is public AND either they have the 'h' permission OR allow_changes has been set
        || ((checkperm("h") || $collectiondata["allow_changes"]==1) && $collectiondata["public"]==1)
        // Collection has been shared but is not public AND user is either attached or in attached group
        || ($collectiondata["allow_changes"]==&& $collectiondata["public"]==&& (in_array($userref,$attached) || in_array($usergroup,$attached_groups)))
        // System admin
        || checkperm("a")
        // Adding to active upload_share
        || upload_share_active() == $collection
        // This is a request collection and user is an admin user who can approve requests
        || (checkperm("R") && $collectiondata['type'] == COLLECTION_TYPE_REQUEST && checkperm("t"));

    // Check if user has permission to manage research requests. If they do and the collection is research request allow writable.
    if ($writable === false && checkperm("r"))
        {
        include_once 'research_functions.php';
        $research_requests get_research_requests();
        $collections = array();
        foreach ($research_requests as $research_request)
            {
            $collections[] = $research_request["collection"];
            }
        if (in_array($collection,$collections))
            {
            $writable true;
            }
        }
        
    return $writable;

    }

This article was last updated 17th November 2024 15:35 Europe/London time based on the source file dated 13th November 2024 15:50 Europe/London time.