summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorSimon Rettberg2020-05-18 18:39:59 +0200
committerSimon Rettberg2020-05-18 18:39:59 +0200
commit55c1e9bdec8b0872354b221e39b9562fe847ea03 (patch)
tree4b6a98e1ef2745f543e34a61a6cab06a9984e21d
parent[remoteaccess] Fix DB query to add rooms to groups (diff)
downloadslx-admin-55c1e9bdec8b0872354b221e39b9562fe847ea03.tar.gz
slx-admin-55c1e9bdec8b0872354b221e39b9562fe847ea03.tar.xz
slx-admin-55c1e9bdec8b0872354b221e39b9562fe847ea03.zip
[inc/Permission] add mergeWithDisallowed
-rw-r--r--inc/permission.inc.php24
1 files changed, 24 insertions, 0 deletions
diff --git a/inc/permission.inc.php b/inc/permission.inc.php
index 7dd011bb..cd9cc43c 100644
--- a/inc/permission.inc.php
+++ b/inc/permission.inc.php
@@ -54,5 +54,29 @@ class Permission
return file_exists('modules/' . $moduleId . '/permissions/permissions.json');
}
+ /**
+ * Takes a list of locations, removes any locations from it where the user doesn't have permission,
+ * and then re-adds locations resulting from the given query. The given query should return only
+ * one column per row, which is a location id.
+ * @param $passedLocations
+ * @param $permission
+ * @param $query
+ * @param $params
+ * @return array
+ */
+ public static function mergeWithDisallowed($passedLocations, $permission, $query, $params)
+ {
+ $allowed = User::getAllowedLocations($permission);
+ if (in_array(0, $allowed))
+ return $passedLocations;
+ $passedLocations = array_intersect($passedLocations, $allowed);
+ $oldSet = Database::queryColumnArray($query, $params);
+ $oldSet = array_diff($oldSet, $allowed);
+ if (!empty($oldSet)) {
+ $passedLocations = array_unique(array_merge($passedLocations, $oldSet));
+ }
+ return $passedLocations;
+ }
+
}