Coding standards
Security in ResourceSpace
Developer reference
Database
Action functions
Admin functions
Ajax functions
Annotation functions
API functions
Collections functions
Comment functions
Config functions
CSV export functions
Dash functions
Debug functions
Encryption functions
Facial recognition functions
File functions
General functions
Language functions
Log functions
Login functions
Message functions
Migration functions
Node functions
PDF functions
Plugin functions
Render functions
Reporting functions
Request functions
Research functions
Slideshow functions
Theme permission functions
User functions
Video functions
Database functions
Metadata functions
Resource functions
Search functions
Map functions
Job functions
Tab functions
Test functions

featured_collection_check_access_control()

Description

Access control function used to determine if a featured collection should be accessed by the user

Parameters

ColumnTypeDefaultDescription
$c_ref integer Collection ref to be tested

Return

boolean Returns TRUE if user should have access to the featured collection (no parent category prevents this), FALSE otherwise

Location

include/collections_functions.php lines 5644 to 5719

Definition

 
function featured_collection_check_access_control(int $c_ref)
    {
    if(checkperm("-j" $c_ref))
        {
        return false;
        }
    elseif(checkperm("j*") || checkperm("j" $c_ref))
        {
        return true;
        }
    else
        {        
        // Get all parents. Query varies according to MySQL cte support
        $mysql_version ps_query('SELECT LEFT(VERSION(), 3) AS ver');
        if(version_compare($mysql_version[0]['ver'], '8.0''>=')) 
            {
            $allparents ps_query("
                WITH RECURSIVE cte(ref,parent, level) AS
                        (
                        SELECT  ref,
                                parent,
                                1 AS level
                          FROM  collection
                         WHERE  ref= ?
                     UNION ALL
                        SELECT  c.ref,
                                c.parent,
                                level+1 AS LEVEL
                          FROM  collection c
                    INNER JOIN  cte
                            ON  c.ref = cte.parent
                        )
                SELECT ref,
                       parent,
                       level
                  FROM cte
              ORDER BY level DESC;", ['i'$c_ref], 
            "featured_collections",
            -1,
            true,
            0);
            }
        else
            {
            $allparents ps_query("
                    SELECT  C2.ref, C2.parent
                    FROM  (SELECT @r AS p_ref,
                            (SELECT @r := parent FROM collection WHERE ref = p_ref) AS parent,
                            @l := @l + 1 AS lvl
                    FROM  (SELECT @r := ?, @l := 0) vars,
                            collection c
                    WHERE  @r <> 0) C1
                    JOIN  collection C2
                        ON  C1.p_ref = C2.ref
                ORDER BY  C1.lvl DESC", ['i'$c_ref],
                    "featured_collections",
                    -1,
                    true,
                    0);
            }

          foreach($allparents as $parent)
                {
                if(checkperm("-j" $parent["ref"]))
                    {
                    // Denied access to parent
                    return false;
                    }
                elseif(checkperm("j" $parent["ref"]))
                    {
                    return true;
                    }
                }
        return false// No explicit permission given and user doesn't have f*
        }
    }

This article was last updated 17th November 2024 15:35 Europe/London time based on the source file dated 13th November 2024 15:50 Europe/London time.