Coding standards
Security in ResourceSpace
Developer reference
Database
Action functions
Admin functions
Ajax functions
Annotation functions
API functions
Collections functions
Comment functions
Config functions
CSV export functions
Dash functions
Debug functions
Encryption functions
Facial recognition functions
File functions
General functions
Language functions
Log functions
Login functions
Message functions
Migration functions
Node functions
PDF functions
Plugin functions
Render functions
Reporting functions
Request functions
Research functions
Slideshow functions
Theme permission functions
User functions
Video functions
Database functions
Metadata functions
Resource functions
Search functions
Map functions
Job functions
Tab functions
Test functions

get_edit_access()

Description

Check if current user has edit access to a resource. Checks the edit permissions (e0, e-1 etc.) and also the group
edit filter which filters edit access based on resource metadata.

Parameters

ColumnTypeDefaultDescription
$resource int Resource ID
$status int Archive status ID. Use -999 to use the one from resourcedata argument
&$resourcedata array []: bool { global $userref
$usergroup
$usereditfilter
$edit_access_for_contributor
$userpermissions
$lang
$baseurl
$userdata
$resourcedata;
''
array$resource
$resourcedata array

Location

include/resource_functions.php lines 5739 to 5858

Definition

 
function get_edit_access($resourceint $status=-999, array &$resourcedata = []): bool
    
{
    global 
$userref,$usergroup$usereditfilter,$edit_access_for_contributor,
    
$userpermissions$lang$baseurl$userdata$edit_only_own_contributions;

    
$plugincustomeditaccess hook('customediteaccess','',array($resource,$status,$resourcedata));
    if(
$plugincustomeditaccess)
        {
        return 
'false' === $plugincustomeditaccess false true;
        }

    if (
$resourcedata === [])
        {
        
$resourcedata=get_resource_data($resource);
        }

    if(
$resourcedata === [] || $resourcedata === false)
        {
        return 
false;
        }
    if (
$status==-999# Archive status may not be passed
        
{$status=$resourcedata["archive"];}

    if (
$resource == 0-(int)$userref) {return true;} # Can always edit their own user template.

    # If $edit_access_for_contributor is true in config then users can always edit their own resources.
    
if ($edit_access_for_contributor && $userref==$resourcedata["created_by"]) {return true;}

    if(
$edit_only_own_contributions && $userref != $resourcedata["created_by"])
        {
        return 
false;
        }

    
# Must have edit permission to this resource first and foremost, before checking the filter.
    
if ((!checkperm("e" $status) && !checkperm("ert" $resourcedata['resource_type']))
        ||
        (
checkperm("XE" $resourcedata['resource_type']))
        ||
        (
checkperm("XE") && !checkperm("XE-" $resourcedata['resource_type']))
        )
        {
        return 
false;
        }

    
# Cannot edit if z permission
    
if (checkperm("z" $status)) {return false;}

    
# Cannot edit if accessing upload share and resource not in the collection associated witrh their session
    
$external_upload upload_share_active();
    if(
$external_upload && !in_array($resource,get_collection_resources($external_upload)))
        {
        return 
false;
        }

    
# Cannot edit if pending status (<0) and neither admin ('t') nor created by currentuser
    #             and does not have force edit access to the resource type
    
if (    $status<&& !( checkperm("t") || $resourcedata['created_by'] == $userref )
         && !
checkperm("ert" $resourcedata['resource_type'])
       )
        {
        return 
false;
        }

    
$gotmatch=false;

    if(
strlen(trim((string) $usereditfilter)) > 0
        
&& !is_numeric($usereditfilter)
        && 
trim($userdata[0]["edit_filter"]) != ""
        
&& $userdata[0]["edit_filter_id"] != -1
        
)
        {
        
// Migrate unless marked not to due to failure (flag will be reset if group is edited)
        
$migrateeditfilter edit_filter_to_restype_permission($usereditfilter$usergroup$userpermissionstrue);
        if(
trim($usereditfilter) !== "")
            {
            
$migrateresult migrate_filter($migrateeditfilter);
            }
        else
            {
            
$migrateresult 0// filter was only for resource type, not failed but no need to migrate again
            
}

        
$notification_users get_notification_users();
        if(
is_numeric($migrateresult))
            {
            
// Successfully migrated - now use the new filter
            
ps_query("UPDATE usergroup SET edit_filter_id=? WHERE ref=?",array("i",$migrateresult,"i",$usergroup));
            
debug("FILTER MIGRATION: Migrated edit filter - '" $usereditfilter "' filter id#" $migrateresult);
            
$usereditfilter $migrateresult;
            }
        elseif(
is_array($migrateresult))
            {
            
debug("FILTER MIGRATION: Error migrating filter: '" $usereditfilter "' - " implode('\n' ,$migrateresult));
            
// Error - set flag so as not to reattempt migration and notify admins of failure
            
ps_query("UPDATE usergroup SET edit_filter_id='0' WHERE ref=?",array("i",$usergroup));
            
message_add(array_column($notification_users,"ref"), $lang["filter_migration"] . " - " $lang["filter_migrate_error"] . ": <br/>" implode('\n' ,$migrateresult),generateURL($baseurl "/pages/admin/admin_group_management_edit.php",array("ref"=>$usergroup)));
            }
        }

    if (
trim((string) $usereditfilter)=="" || ($status<&& $resourcedata['created_by'] == $userref)) # No filter set, or resource was contributed by user and is still in a User Contributed state in which case the edit filter should not be applied.
        
{
        
$gotmatch true;
        }
    elseif(
is_int_loose($usereditfilter) && $usereditfilter 0)
        {
        
$gotmatch filter_check($usereditfilterget_resource_nodes($resource));
        }

    if (
$gotmatch)
        {
        
$gotmatch = !hook("denyafterusereditfilter");
        }

    if(
checkperm("ert" $resourcedata['resource_type']))
        {
        return 
true;
        }

    return 
$gotmatch;
    }

This article was last updated 4th December 2024 08:35 Europe/London time based on the source file dated 28th November 2024 12:10 Europe/London time.