public function checkVideoAccess($videoid = null) { $mainframe = JFactory::getApplication(); $config = CFactory::getConfig(); $jinput = $mainframe->input; $userId = $jinput->get('userid', 0, 'INT'); $my = CFactory::getUser(); $actor = CFactory::getuser($userId); // check privacy $allowed = true; // verify video-level privacy setting if ($videoid) { if (!CPrivacy::isAccessAllowed($my->id, $actor->id, 'video', 'video', $videoid)) { $allowed = false; } } else { if (!CPrivacy::isAccessAllowed($my->id, $actor->id, 'privacyVideoView', 'privacyVideoView')) { $allowed = false; } } if (!$allowed) { echo "<div class=\"cEmpty cAlert\">" . JText::_('COM_COMMUNITY_PRIVACY_ERROR_MSG') . "</div>"; return; } if (!$config->get('enablevideos')) { $redirect = CRoute::_('index.php?option=com_community&view=frontpage', false); $mainframe->redirect($redirect, JText::_('COM_COMMUNITY_VIDEOS_DISABLED'), 'warning'); } return true; }
public function checkPhotoAccess($albumid = null, $photoid = null) { $mainframe = JFactory::getApplication(); $jinput = $mainframe->input; $config = CFactory::getConfig(); $userId = $jinput->get('userid'); $groupId = $jinput->get('groupid'); $my = CFactory::getUser(); if ($userId) { $creator = CFactory::getuser($userId); $creatorId = $creator->id; } if ($albumid) { $album = JTable::getInstance('Album', 'CTable'); $album->load($albumid); $creatorId = $album->creator; } if ($photoid) { $photo = JTable::getINstance('Photo', 'CTable'); $photo->load($photoid); $creatorId = $photo->creator; } // check privacy $allowed = true; // default privacy levels if (isset($creatorId) && !$groupId) { if (isset($album) && $album->permission <= 10) { return true; } else { if (!CPrivacy::isAccessAllowed($my->id, $creatorId, 'privacyPhotoView', 'privacyPhotoView')) { $allowed = false; } } } elseif (isset($groupId) && $groupId) { $group = JTable::getInstance('Group', 'CTable'); $group->load($group); if ($group->approvals == 1 && !$group->isMember($my->id) && !COwnerHelper::isCommunityAdmin()) { $allowed = false; } else { $allowed = true; } } if (!$allowed) { echo "<div class=\"cEmpty cAlert\">" . JText::_('COM_COMMUNITY_PRIVACY_ERROR_MSG') . "</div>"; return; } if (!$config->get('enablephotos')) { $mainframe->enqueueMessage(JText::_('COM_COMMUNITY_PHOTOS_DISABLED'), ''); return false; } return true; }
/** * Return rows of activities */ function getActivities($userid = '', $friends = '', $afterDate = null, $maxEntries = 20, $respectPrivacy = true, $exclusions = null, $displayArchived = false) { $db =& $this->getDBO(); $my = CFactory::getuser(); $todayDate = new JDate(); // Oversampling, to cater for aggregated activities $maxEntries = $maxEntries < 0 ? 0 : $maxEntries; $maxEntries = $maxEntries * 8; $orWhere = array(); $andWhere = array(); $onActor = ''; //default the 1st condition here so that if the date is null, it wont give sql error. if (!$displayArchived) { $andWhere[] = "`archived`=0"; } if (!empty($userid)) { $orWhere[] = "(a.`actor`=" . $db->Quote($userid) . ")"; $onActor = " AND (a.`actor`=" . $db->Quote($userid) . ")"; } // if (!empty($friends)) { $orWhere[] = "(a.`actor` IN (" . implode(',', $friends) . ")" . ")"; } if (!empty($userid)) { $orWhere[] = "(a.`target`=" . $db->Quote($userid) . ")"; } if (!empty($afterDate)) { $andWhere[] = "(a.`created` between " . $db->Quote($afterDate->toMySQL()) . " and " . $db->Quote($todayDate->toMySQL()) . ")"; } if (!is_null($exclusions)) { $exclusionQuery = '(a.`id` NOT IN ('; for ($i = 0; $i < count($exclusions); $i++) { $exclusion = $exclusions[$i]; $exclusionQuery .= $db->Quote($exclusion); if ($i != count($exclusions) - 1) { $exclusionQuery .= ','; } } $exclusionQuery .= ') )'; $andWhere[] = $exclusionQuery; } if ($respectPrivacy) { // Add friends limits, but admin should be able to see all // @todo: should use global admin code check instead if ($my->id == 0) { // for guest, it is enough to just test access <= 0 $andWhere[] = "(a.`access` <= 10)"; } elseif (!($my->usertype == 'Super Administrator' || $my->usertype == 'Administrator' || $my->usertype == 'Manager')) { $orWhere[] = "((a.`access` = 0) {$onActor})"; $orWhere[] = "((a.`access` = 10) {$onActor})"; $orWhere[] = "( (a.`access` = 20) AND ({$my->id} != 0) {$onActor})"; if ($my->id != 0) { $orWhere[] = "( (a.access = 30) AND (a.actor = {$my->id}) {$onActor})"; $orWhere[] = "( (a.access = 30) AND (a.actor IN (SELECT c.`connect_to`\r\n\t\t\t\t\t\t\tFROM `#__community_connection` as c\r\n\t\t\t\t\t\t\tWHERE\r\n\t\t\t\t\t\t\t\tc.`connect_from` = {$my->id}\r\n\t\t\t\t\t\t\tAND\r\n\t\t\t\t\t\t\t\tc.`status` = 1) ) {$onActor} )"; } } } if (!empty($userid)) { //get the list of acitivity id in archieve table 1st. $subQuery = 'SELECT b.`activity_id` FROM #__community_activities_hide as b WHERE b.`user_id` = ' . $db->Quote($userid); $db->setQuery($subQuery); $subResult = $db->loadResultArray(); $subString = implode(',', $subResult); if (!empty($subString)) { $andWhere[] = "a.`id` NOT IN ({$subString}) "; } } $whereOr = implode(' OR ', $orWhere); $whereAnd = implode(' AND ', $andWhere); // Actors can also be your friends // We load 100 activities to cater for aggregated content $date = CTimeHelper::getDate(); //we need to compare where both date with offset so that the day diff correctly. $sql = "SELECT a.*, TO_DAYS(" . $db->Quote($date->toMySQL(true)) . ") - TO_DAYS( DATE_ADD(a.`created`, INTERVAL " . $date->getOffset() . " HOUR ) ) as 'daydiff' " . " FROM #__community_activities as a " . " WHERE " . " ( {$whereOr} ) AND " . " {$whereAnd} ORDER BY a.`created` DESC LIMIT " . $maxEntries; // Remove the bracket if it is not needed $sql = JString::str_ireplace("WHERE ( ) AND", ' WHERE ', $sql); // echo $sql;exit; $db->setQuery($sql); $result = $db->loadObjectList(); if ($db->getErrorNum()) { JError::raiseError(500, $db->stderr()); } // @todo: write a plugin that return the html part of the whole system return $result; }