public function get_user_watchable_users($user)
{
$userID = MySQL::SQLValue($user['userID'], MySQL::SQLVALUE_NUMBER);
$p = $this->kga['server_prefix'];
$that = $this;
if ($this->global_role_allows($user['globalRoleID'], 'core-user-otherGroup-view')) {
// If user may see other groups we need to filter out groups he's part of but has no permission to see users in.
$forbidden_groups = array_filter($user['groups'], function ($groupID) use($userID, $that) {
$roleID = $that->user_get_membership_role($userID, $groupID);
return !$that->membership_role_allows($roleID, 'core-user-view');
});
$group_filter = "";
if (count($forbidden_groups) > 0) {
$group_filter = " AND count(SELECT * FROM {$p}groups_users AS p WHERE u.`userID` = p.`userID` AND `groupID` NOT IN (" . implode(', ', $forbidden_groups) . ")) > 0";
}
$query = "SELECT * FROM {$p}users AS u WHERE trash=0 {$group_filter} ORDER BY name";
$result = $this->conn->Query($query);
return $this->conn->RecordsArray(MYSQLI_ASSOC);
}
$allowed_groups = array_filter($user['groups'], function ($groupID) use($userID, $that) {
$roleID = $that->user_get_membership_role($userID, $groupID);
return $that->membership_role_allows($roleID, 'core-user-view');
});
// user is not allowed to see users of different groups, so he only gets to see himself
if (empty($allowed_groups)) {
return array($user);
}
// otherwise return the list of all active users within the allowed groups
return $this->get_users(0, $allowed_groups);
}