public function getWhereSql(array $options = array())
{
global $ENTITY_SHOW_HIDDEN_OVERRIDE;
$defaults = array('table_alias' => 'e', 'user_guid' => $this->session->getLoggedInUserGuid(), 'use_enabled_clause' => !$ENTITY_SHOW_HIDDEN_OVERRIDE, 'access_column' => 'access_id', 'owner_guid_column' => 'owner_guid', 'guid_column' => 'guid');
foreach ($options as $key => $value) {
if (is_null($value)) {
// remove null values so we don't loose defaults in array_merge
unset($options[$key]);
}
}
$options = array_merge($defaults, $options);
// just in case someone passes a . at the end
$options['table_alias'] = rtrim($options['table_alias'], '.');
foreach (array('table_alias', 'access_column', 'owner_guid_column', 'guid_column') as $key) {
$options[$key] = sanitize_string($options[$key]);
}
$options['user_guid'] = sanitize_int($options['user_guid'], false);
// only add dot if we have an alias or table name
$table_alias = $options['table_alias'] ? $options['table_alias'] . '.' : '';
if (!isset($options['ignore_access'])) {
$options['ignore_access'] = elgg_check_access_overrides($options['user_guid']);
}
$clauses = array('ors' => array(), 'ands' => array());
$prefix = $this->db->prefix;
if ($options['ignore_access']) {
$clauses['ors']['ignore_access'] = '1 = 1';
} else {
if ($options['user_guid']) {
// include content of user's friends
$clauses['ors']['friends_access'] = "{$table_alias}{$options['access_column']} = " . ACCESS_FRIENDS . "\n\t\t\t\tAND {$table_alias}{$options['owner_guid_column']} IN (\n\t\t\t\t\tSELECT guid_one FROM {$prefix}entity_relationships\n\t\t\t\t\tWHERE relationship = 'friend' AND guid_two = {$options['user_guid']}\n\t\t\t\t)";
// include user's content
$clauses['ors']['owner_access'] = "{$table_alias}{$options['owner_guid_column']} = {$options['user_guid']}";
}
}
// include standard accesses (public, logged in, access collections)
if (!$options['ignore_access']) {
$access_list = $this->getAccessList($options['user_guid']);
$clauses['ors']['acl_access'] = "{$table_alias}{$options['access_column']} IN {$access_list}";
}
if ($options['use_enabled_clause']) {
$clauses['ands']['use_enabled'] = "{$table_alias}enabled = 'yes'";
}
$clauses = $this->hooks->trigger('get_sql', 'access', $options, $clauses);
$clauses_str = '';
if (is_array($clauses['ors']) && $clauses['ors']) {
$clauses_str = '(' . implode(' OR ', $clauses['ors']) . ')';
}
if (is_array($clauses['ands']) && $clauses['ands']) {
if ($clauses_str) {
$clauses_str .= ' AND ';
}
$clauses_str .= '(' . implode(' AND ', $clauses['ands']) . ')';
}
return "({$clauses_str})";
}