2 /****************************************************************/
4 /****************************************************************/
5 /* Copyright (c) 2002-2009 */
6 /* Adaptive Technology Resource Centre / University of Toronto */
9 /* This program is free software. You can redistribute it and/or*/
10 /* modify it under the terms of the GNU General Public License */
11 /* as published by the Free Software Foundation. */
12 /****************************************************************/
14 include_once(AT_SOCIAL_INCLUDE.'classes/SocialGroups/SocialGroups.class.php');
17 * Class PrivacyController
19 class PrivacyController{
21 function PrivacyController(){
25 * Validate user privacy preference against SESSION's, if empty, fetch from DB.
26 * @param int The field index that should be validated against, check lib/constnats.inc.php
27 * @param int Relationship between SESSION[member] and the current user's
28 * @param mixed The prefs array in respect to the field_id, for instance, if this is validating against profile,
29 * then the pref should be the profile preferences. ([array]=>preference[profile, basic_profile, photo, ...])
30 * @return boolean True if access granted, false otherwise.
32 function validatePrivacy($field_id, $relationship, $pref){
33 //if this is the owner, return true without question
34 if ($relationship==AT_SOCIAL_OWNER_VISIBILITY){
38 $pref_string = $pref[$field_id];
39 // debug($pref_string, $field_id);
41 //I have take this out so that in the settings, "Eveyerone" permission has to be switched on for everyone to see
42 //if AT_SOCIAL_EVERYONE_VISIBILITY is set, relationship flag will no longer matters.
43 // if ($relationship==AT_SOCIAL_EVERYONE_VISIBILITY){
47 //all values are 1 or 0, match the key to the field_id
48 if (is_array($pref_string) && !empty($pref_string)){
49 return (isset($pref_string[$relationship]) && $pref_string[$relationship]==1);
56 * Get the relationship between Session[member_id] and the given id.
57 * Relationship can be friends, friends of friends, network, family, aquaintance, etc.
58 * TODO: Confirm that the order of checks is not important. Draw a control flow diagram to check this.
59 * For now, Friends of friends > Groups
60 * @param int the member that we want to find the relationship to the session[member]
61 * @return relationship status
63 function getRelationship($id){
66 //if id = self, always true (cause i should be able to see my own profile)
67 if ($id == $_SESSION['member_id']){
68 return AT_SOCIAL_OWNER_VISIBILITY;
71 //is friend of friend?
72 if (isFriendOfFriend($id, $_SESSION['member_id'])==true){
73 return AT_SOCIAL_FRIENDS_OF_FRIENDS_VISIBILITY;
76 //is in some of the groups together?
77 $social_groups = new SocialGroups();
78 $my_group = $social_groups->getMemberGroups($_SESSION['member_id']);
79 $person_group = $social_groups->getMemberGroups($id);
80 $groups_intersection = array_intersect($my_group, $person_group); //groups intersection
82 //If it is not empty or not null, then these 2 people share a group
83 if (!empty($groups_intersection) > 0){
84 return AT_SOCIAL_GROUPS_VISIBILITY;
87 $sql = 'SELECT relationship FROM '.TABLE_PREFIX."social_friends WHERE (member_id=$id AND friend_id=$_SESSION[member_id]) OR (member_id=$_SESSION[member_id] AND friend_id=$id)";
88 $result = mysql_query($sql, $db);
91 list($relationship) = mysql_fetch_row($result);
94 //If the relationship is not set, this implies that it's not in the table,
95 //implying that the user has never set its privacy settings, meaning a default is needed
96 if (!isset($relationship)){
97 return AT_SOCIAL_NETWORK_VISIBILITY;
100 return $relationship;
104 * Get user privacy perference
106 * @Precondition: include('PrivacyObject.class.php');
108 function getPrivacyObject($member_id){
110 $member_id = intval($member_id);
112 //TODO: Check if this object exists in _SESSION, if so, don't pull it from db again
113 $sql = 'SELECT preferences FROM '.TABLE_PREFIX.'social_privacy_preferences WHERE member_id='.$member_id;
114 $result = mysql_query($sql, $db);
115 if (mysql_numrows($result) > 0){
116 list($prefs) = mysql_fetch_row($result);
117 $privacy_obj = unserialize($prefs);
119 //Should we checked if this is an actual object before returning it?
120 return($privacy_obj);
123 return new PrivacyObject();
127 * Update privacy preference for a single user
130 * @param mixed preferences object
131 * @return true if update was successful, false otherwise
133 function updatePrivacyPreference($member_id, $prefs){
134 global $db, $addslashes;
136 $member_id = intval($member_id);
137 $prefs = $addslashes(serialize($prefs));
139 //TODO: Change it back to update
140 $sql = 'REPLACE '.TABLE_PREFIX."social_privacy_preferences SET member_id=$member_id, preferences='$prefs'";
142 $result = mysql_query($sql, $db);
147 * Returns an array of the user permission levels
148 * Check constants.inc.php
150 function getPermissionLevels(){
152 //checkboxes don't need to have none and everyone
153 // -1 => _AT('none'),
154 AT_SOCIAL_EVERYONE_VISIBILITY => _AT('world_network'),
155 AT_SOCIAL_FRIENDS_VISIBILITY => _AT('friends'),
156 AT_SOCIAL_FRIENDS_OF_FRIENDS_VISIBILITY => _AT('friends_of_friends'),
157 AT_SOCIAL_NETWORK_VISIBILITY => _AT('local_network'),
158 AT_SOCIAL_GROUPS_VISIBILITY => _AT('groups')