pm_block_user.module in Privatemsg 6.2

<?php

/**
 * @file
 * Allows users to block other users from sending them any messages
 */

/**
 * Disallow blocking private messages from a user.
 */
define('PM_BLOCK_USER_DISALLOW_BLOCKING', 0);

/**
 * Disallow sending private messages to a user.
 */
define('PM_BLOCK_USER_DISALLOW_SENDING', 1);

/**
 * Implements hook_help().
 */
function pm_block_user_help($path, $arg) {
  switch ($path) {
    case 'admin/settings/messages/block':
      return '<p>' . t('This area is used to define user blocking rules for the Privatemsg module. Rules allow control of who may block messages from whom. By default all users are allowed to block messages from anyone else. However, a site may have groups of users that need to contact or get information to others, for example: the site may have administrative staff or be a forum with moderators. Groups of users are defined by roles, which can be managed on the <a href="@roles">roles configuration page</a>.', array(
        '@roles' => url('admin/user/roles'),
      )) . '</p>';
  }
}

/**
 * Implements hook_menu().
 */
function pm_block_user_menu() {
  $url_prefix = variable_get('privatemsg_url_prefix', 'messages');
  $items['messages/block/%user'] = array(
    'title' => 'Block user messages',
    'page callback' => 'drupal_get_form',
    'page arguments' => array(
      'pm_block_user_form',
      2,
    ),
    'file' => 'pm_block_user.pages.inc',
    'access callback' => '_pm_block_user_access',
    'access arguments' => array(
      2,
    ),
    'type' => MENU_CALLBACK,
    'weight' => -10,
  );
  $items[$url_prefix . '/blocked'] = array(
    'title' => 'Blocked users',
    'page callback' => 'drupal_get_form',
    'page arguments' => array(
      'pm_block_user_list',
    ),
    'file' => 'pm_block_user.pages.inc',
    'access callback' => 'privatemsg_menu_access',
    'access arguments' => array(
      'read privatemsg',
      TRUE,
    ),
    'type' => MENU_LOCAL_TASK,
    'weight' => 10,
  );
  $items['admin/settings/messages/block'] = array(
    'title' => 'User blocking rules',
    'description' => 'Configure rules for which users may block each other.',
    'page callback' => 'drupal_get_form',
    'page arguments' => array(
      'pm_block_user_settings',
    ),
    'file' => 'pm_block_user.admin.inc',
    'access arguments' => array(
      'administer privatemsg settings',
    ),
    'type' => MENU_LOCAL_TASK,
  );
  $items['messages/block/js'] = array(
    'title' => 'Javascript block actions form',
    'page callback' => 'pm_block_user_js',
    'file' => 'pm_block_user.admin.inc',
    'access arguments' => array(
      'administer privatemsg settings',
    ),
    'type' => MENU_CALLBACK,
  );
  $items['messages/user/autocomplete'] = array(
    'page callback' => 'privatemsg_autocomplete',
    'file' => 'privatemsg.pages.inc',
    'file path' => drupal_get_path('module', 'privatemsg'),
    'access callback' => 'privatemsg_user_access',
    'access arguments' => array(
      'write privatemsg',
    ),
    'type' => MENU_CALLBACK,
  );
  return $items;
}

/**
 * Implements hook_theme().
 */
function pm_block_user_theme() {
  return array(
    'pm_block_user_list' => array(
      'arguments' => array(
        'form' => NULL,
      ),
      'file' => 'pm_block_user.pages.inc',
    ),
    'pm_block_user_actions' => array(
      'arguments' => array(
        'form' => NULL,
      ),
      'file' => 'pm_block_user.admin.inc',
    ),
  );
}
function pm_block_user_privatemsg_autocomplete_alter(&$matches, $names, $fragment) {

  // Remove all types other than user if accessed through
  // messages/user/autocomplete.
  if (arg(1) == 'user') {
    foreach ($matches as $id => $match) {
      if ($match->type != 'user') {
        unset($matches[$id]);
      }
    }
  }
}

/**
 * Provides access argument for blocking user menu item.
 *
 * @param $account
 *   User object representing the account the menu item will block private
 *   messages from.
 *
 * @return
 *   TRUE if the user is allowed to block $account, or FALSE if not.
 */
function _pm_block_user_access($account) {
  global $user;
  if (!privatemsg_user_access('read privatemsg', $user)) {
    return FALSE;
  }

  // Allow to unblock users that are already blocked but the user is now not
  // allowed to block anymore.
  if (_pm_block_user_rule_exists($account, $user, PM_BLOCK_USER_DISALLOW_BLOCKING) && !pm_block_user_has_blocked($account, $user)) {
    return FALSE;
  }
  return TRUE;
}

/**
 * Checks if author is blocked by the recipient.
 *
 * @param $author
 *   The user that would send a message.
 * @param $recipient
 *   The user that would receive the message.
 * @return
 *   TRUE if the recipient has blocked the author.
 */
function pm_block_user_has_blocked($author, $recipient) {
  return db_result(db_query('SELECT 1 FROM {pm_block_user} WHERE author = %d AND recipient = %d', $author->uid, $recipient->uid));
}

/**
 * Checks whether a rule exists for a given author, recipient and action.
 *
 * For example: if this is passed User A (who has the admin role), User B (who
 * has the authenticated user role) and PM_BLOCK_USER_DISALLOW_BLOCKING
 * parameters, and a rule is configured that disallows authenticated users
 * blocking admins then this function will return TRUE.
 *
 * @param $author
 *   Author user object to check.
 * @param $recipient
 *   Receiver user object to check.
 * @param $action
 *   The action to be taken, defaults to PM_BLOCK_USER_DISALLOW_BLOCKING.
 *
 * @return
 *   TRUE if a rule exists for the combination of author recipient and action.
 */
function _pm_block_user_rule_exists($author, $recipient, $action = PM_BLOCK_USER_DISALLOW_BLOCKING) {
  $block_actions = variable_get('pm_block_user_actions', array());
  foreach ($block_actions as $delta => $details) {

    // If this rule doesn't relate to $action, or it's disabled
    // ignore it and go to next loop iteration.
    if ($details['action'] != $action || !$details['enabled']) {
      continue;
    }

    // There are no rules governing user one, but user one may have roles that
    // affect other users, so these exceptions are narrow in scope.
    // Disallow sending affects private message authors.
    if ($author->uid == 1 && $action == PM_BLOCK_USER_DISALLOW_SENDING) {
      continue;
    }

    // Disallow blocking affects private message recipients.
    if ($recipient->uid == 1 && $action == PM_BLOCK_USER_DISALLOW_BLOCKING) {
      continue;
    }

    // The author has a role matching the rule and so does the recipient.
    if (isset($author->roles[$details['author']]) && isset($recipient->roles[$details['recipient']])) {
      return TRUE;
    }
  }
  return FALSE;
}

/**
 * Implements hook_privatemsg_block_message().
 */
function pm_block_user_privatemsg_block_message($author, $recipients, $context = array()) {
  $blocked = array();

  // Loop through each recipient and ensure there is no rule blocking this
  // author from sending them private messages. Use a reference, so when
  // privatemsg_user_load() is needed here the array is updated, negating the
  // need for further calls to privatemsg_user_load() later in the code.
  foreach (array_keys($recipients) as $id) {

    // Only recipients of type user are currently supported.
    if (isset($recipients[$id]->type) && $recipients[$id]->type != 'user') {
      continue;
    }

    // Ensure we have a recipient user object which includes roles.
    if (!isset($recipients[$id]->roles)) {
      $uid = str_replace('user_', '', $id);
      $recipients[$id] = privatemsg_user_load($uid);
    }

    // Note: this is checks whether the author may send the message (see third
    // parameter). Further below is a check whether the recipient may block it.
    if (_pm_block_user_rule_exists($author, $recipients[$id], PM_BLOCK_USER_DISALLOW_SENDING)) {
      $blocked[] = array(
        'recipient' => $id,
        'message' => t('You are not permitted to send messages to !user.', array(
          '!user' => privatemsg_recipient_format($recipients[$id]),
        )),
      );
    }
  }

  // Only user recipients are supported for now, remove others.
  $user_recipients = array();
  foreach ($recipients as $key => $recipient) {
    if (empty($recipient->type)) {
      $recipient->type = 'user';
      $recipient->recipient = $recipient->uid;
    }
    if ($recipient->type == 'user') {
      $user_recipients[$recipient->recipient] = $recipient;
    }
  }
  if (empty($user_recipients)) {
    return $blocked;
  }
  $args = array_merge(array(
    $author->uid,
  ), array_keys($user_recipients));

  // Remove 'user_' prefix.
  $result = db_query('SELECT recipient FROM {pm_block_user} WHERE author = %d AND recipient IN (' . db_placeholders(array_keys($user_recipients)) . ') GROUP BY recipient', $args);
  while ($row = db_fetch_object($result)) {
    $recipient = $user_recipients[$row->recipient];

    // If there's a rule disallowing blocking of this message, send it anyway.
    if (_pm_block_user_rule_exists($author, $recipient, PM_BLOCK_USER_DISALLOW_BLOCKING)) {
      continue;
    }
    $blocked[] = array(
      'recipient' => privatemsg_recipient_key($recipient),
      'message' => t('%name has chosen to block messages from you.', array(
        '%name' => privatemsg_recipient_format($recipient, array(
          'plain' => TRUE,
        )),
      )),
    );
  }
  return $blocked;
}
function pm_block_user_privatemsg_sql_load_alter(&$fragments, $pmid, $uid) {
  $fragments['select'][] = 'pmbu.recipient AS is_blocked';
  $fragments['inner_join'][] = "LEFT JOIN {pm_block_user} pmbu ON (pm.author = pmbu.author AND pmi.recipient = pmbu.recipient AND pmi.type = 'user')";
}

/**
 * Implements hook_privatemsg_message_view_alter().
 */
function pm_block_user_privatemsg_message_view_alter(&$vars) {
  global $user;
  $author = $vars['message']['author'];
  if (_pm_block_user_rule_exists($author, $user, PM_BLOCK_USER_DISALLOW_BLOCKING)) {
    return;
  }
  if (!isset($vars['message']['thread_id'])) {

    // No thread id, this is probably only a preview
    return;
  }
  $thread_id = $vars['message']['thread_id'];
  if ($user->uid != $author->uid) {
    if ($vars['message']['is_blocked']) {
      $vars['message_actions']['unblock_author'] = array(
        'title' => t('Unblock'),
        'href' => 'messages/block/' . $author->uid,
        'query' => array(
          'destination' => privatemsg_get_dynamic_url_prefix() . '/view/' . $thread_id,
        ),
      );
    }
    else {
      $vars['message_actions']['block_author'] = array(
        'title' => t('Block'),
        'href' => 'messages/block/' . $author->uid,
        'query' => array(
          'destination' => privatemsg_get_dynamic_url_prefix() . '/view/' . $thread_id,
        ),
      );
    }
  }
}

/**
 * Implement hook_user().
 */
function pm_block_user_user($op, &$edit, &$account, $category = NULL) {
  switch ($op) {
    case 'delete':

      // Delete blocking rules which involve this user.
      db_query("DELETE FROM {pm_block_user} WHERE author = %d OR recipient = %d", $account->uid, $account->uid);
      break;
  }
}

/**
 * Implememts hook_privatemsg_sql_autocomplete_alter().
 *
 * Remove blocked users.
 */
function pm_block_user_privatemsg_sql_autocomplete_alter(&$fragments) {
  global $user;

  // Assume the users don't have blocked more than a few dozen other users
  // but there can be hundreds of thousends of users and make the subquery
  // unrelated.
  // Create a subquery that gets all users which have blocked the current user.
  $subquery = 'SELECT pmbu.recipient FROM {pm_block_user} pmbu WHERE pmbu.author = %d';

  // Exclude these from the possible recipients.
  $fragments['where'][] = 'u.uid NOT IN (' . $subquery . ')';
  $fragments['query_args']['where'][] = $user->uid;

  // Block role configurations.
  if ($user->uid != 1) {
    $rids = array();
    $block_actions = variable_get('pm_block_user_actions', array());
    foreach ($block_actions as $delta => $details) {

      // Only continue if the rule is enabled and is a disallow sending rule.
      if ($details['action'] != PM_BLOCK_USER_DISALLOW_SENDING || !$details['enabled']) {
        continue;
      }

      // The author (current user) does have a matching role.
      if (isset($user->roles[$details['author']])) {

        // authenticated user role is not stored in the database but all users
        // have it so there can be no valid recipients. Add a condition that is
        // always false and bail out because no other rules need to be checked.
        if ($details['recipient'] == DRUPAL_AUTHENTICATED_RID) {
          $fragments['where'][] = '1 = 0';
          return;
        }

        // Keep role id, will be added to the query later on.
        $rids[] = $details['recipient'];
      }
    }

    // If there are any, add role limitation to the query.
    if (!empty($rids)) {
      $fragments['inner_join'][] = 'LEFT JOIN {users_roles} ur ON (u.uid = ur.uid)';
      $fragments['where'][] = 'ur.rid NOT IN (' . db_placeholders($rids) . ') OR ur.rid IS NULL';
      $fragments['query_args']['where'] = array_merge($fragments['query_args']['where'], $rids);
    }
  }
}