Coding standards
Security in ResourceSpace
Developer reference
Database
Action functions
Admin functions
Ajax functions
Annotation functions
API functions
Collections functions
Comment functions
Config functions
CSV export functions
Dash functions
Debug functions
Encryption functions
Facial recognition functions
File functions
General functions
Language functions
Log functions
Login functions
Message functions
Migration functions
Node functions
PDF functions
Plugin functions
Render functions
Reporting functions
Request functions
Research functions
Slideshow functions
Theme permission functions
User functions
Video functions
Database functions
Metadata functions
Resource functions
Search functions
Map functions
Job functions
Tab functions
Test functions

get_filter_sql()

Description

Get the required search filter sql for the given filter for use in do_search()

Parameters

ColumnTypeDefaultDescription
$filterid

Return

PreparedStatementQuery

Location

include/search_functions.php lines 2161 to 2244

Definition

 
function get_filter_sql($filterid)
    {
    global 
$userref$access_override$custom_access_overrides_search_filter$open_access_for_contributor;

    
$filter         get_filter($filterid);
    if (!
$filter)
        {
        return 
false;
        }
    
$filterrules    get_filter_rules($filterid);

    
$modfilterrules=hook("modifysearchfilterrules");
    if (
$modfilterrules)
        {
        
$filterrules $modfilterrules;
        }

    
$filtercondition $filter["filter_condition"];
    
$filters = array();
    
$filter_ors = array(); // Allow filters to be overridden in certain cases
    
$filter_ors_params = array();
    foreach(
$filterrules as $filterrule)
        {
        
$filtersql = new PreparedStatementQuery();
        if(
count($filterrule["nodes_on"]) > 0)
            {
            
$filtersql->sql .= "r.ref " . ($filtercondition == RS_FILTER_NONE " NOT " "") . " IN (SELECT rn.resource FROM resource_node rn WHERE rn.node IN (" ps_param_insert(count($filterrule["nodes_on"])) . ")) ";
            
$filtersql->parameters array_merge($filtersql->parameters,ps_param_fill($filterrule["nodes_on"],"i"));
            }

        if(
count($filterrule["nodes_off"]) > 0)
            {
            if(
$filtersql->sql != "")
                {
                
$filtersql->sql .= " OR ";
                }
            
$filtersql->sql .= "r.ref " . ($filtercondition == RS_FILTER_NONE "" " NOT") . " IN (SELECT rn.resource FROM resource_node rn WHERE rn.node IN (" ps_param_insert(count($filterrule["nodes_off"])) . ")) ";
            
$filtersql->parameters array_merge($filtersql->parameters,ps_param_fill($filterrule["nodes_off"],"i"));
            }
        
$filters[] = $filtersql;
        }

    if (
count($filters) > 0)
        {
        if(
$filtercondition == RS_FILTER_ALL || $filtercondition == RS_FILTER_NONE)
            {
            
$glue " AND ";
            }
        else
            {
            
// This is an OR filter
            
$glue " OR ";
            }

        
$filter_add =  new PreparedStatementQuery();
        
// Bracket the filters to ensure that there is no hanging OR to create an unintentional disjunct
        
$filter_add->sql "(" implode($gluearray_column($filters,"sql")) . ")";
        foreach(
$filters as $filter)
            {
            
$filter_add->parameters array_merge($filter_add->parameters,$filter->parameters);
            }

        
# If custom access has been granted for the user or group, nullify the search filter, effectively selecting "true".
        
if (!checkperm("v") && !$access_override && $custom_access_overrides_search_filter# only for those without 'v' (which grants access to all resources)
            
{
            
$filter_ors[] = "(rca.access IS NOT null AND rca.access<>2) OR (rca2.access IS NOT null AND rca2.access<>2)";
            }

        if(
$open_access_for_contributor)
            {
            
$filter_ors[] = "(r.created_by = ?)";
            
array_push($filter_ors_params,"i",$userref);
            }

        if(
count($filter_ors) > 0)
            {
            
$filter_add->sql "((" $filter_add->sql ") OR (" implode(") OR (",$filter_ors) . "))";
            
$filter_add->parameters array_merge($filter_add->parameters,$filter_ors_params);
            }

        return 
$filter_add;
        }
    return 
false;
    }

This article was last updated 4th December 2024 08:35 Europe/London time based on the source file dated 27th November 2024 09:40 Europe/London time.