/**
* Authorization check
* Checks if the group is a system group and the user has super admin access
*
* @param object $group \Hubzero\User\Group
* @return boolean True if authorized, false if not.
*/
protected function authorize($task, $group = null)
{
// get users actions
$canDo = Permissions::getActions('group');
// build task name
$taskName = 'core.' . $task;
// can user perform task
if (!$canDo->get($taskName) || !$canDo->get('core.admin') && $task == 'edit' && $group->get('type') == 0) {
// No access - redirect to main listing
App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller, false), Lang::txt('COM_GROUPS_NOT_AUTH'), 'error');
return false;
}
return true;
}
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
* THE SOFTWARE.
*
* HUBzero is a registered trademark of Purdue University.
*
* @package hubzero-cms
* @copyright Copyright 2005-2015 HUBzero Foundation, LLC.
* @license http://opensource.org/licenses/MIT MIT
*/
// No direct access
defined('_HZEXEC_') or die;
$tmpl = Request::getVar('tmpl', '');
$canDo = \Components\Groups\Helpers\Permissions::getActions('group');
Toolbar::title(Lang::txt('COM_GROUPS') . ': ' . Lang::txt('COM_GROUPS_ROLES'), 'groups.png');
if ($canDo->get('core.create')) {
Toolbar::addNew();
}
if ($canDo->get('core.edit')) {
Toolbar::editList();
}
if ($canDo->get('core.delete')) {
Toolbar::deleteList('COM_GROUPS_DELETE_CONFIRM', 'delete');
}
Toolbar::spacer();
Toolbar::help('groups');
Html::behavior('tooltip');
?>
<script type="text/javascript">
">
<?php
echo Lang::txt('TPL_SYSTEM_GROUP_EDIT');
?>
<span><?php
echo Lang::txt('TPL_SYSTEM_GROUP_EDIT_DESC');
?>
</span>
</a>
</li>
<?php
}
?>
<?php
if ($isManager || \Components\Groups\Helpers\Permissions::userHasPermissionForGroupAction($group, 'group.pages')) {
?>
<li>
<a class="pages" href="<?php
echo Route::url('index.php?option=com_groups&cn=' . $group->get('cn') . '&task=pages');
?>
">
<?php
echo Lang::txt('TPL_SYSTEM_GROUP_PAGES');
?>
<span><?php
echo Lang::txt('TPL_SYSTEM_GROUP_PAGES_DESC');
?>
</span>
</a>
</li>
/**
* Check if user has role with permission to perform task
*
* @param string $task Task to be performed
* @return boolean
*/
public function _authorizedForTask($task)
{
$group = Group::getInstance($this->cn);
if (!is_object($group)) {
return false;
}
// check if user has permissions
return Permissions::userHasPermissionForGroupAction($group, $task);
}
/**
* Display Group Page
*
* @param Object $group \Hubzero\User\Group Object
* @param Object $page \Components\Groups\Models\Page Object
* @return String
*/
public static function displayPage($group, $page, $markHit = true)
{
// create view object
$view = new \Hubzero\Component\View(array('name' => 'pages', 'layout' => '_view'));
// if super group add super group folder
// to available paths
if ($group->isSuperGroup()) {
$base = $group->getBasePath();
$view->addTemplatePath(PATH_APP . $base . DS . 'template' . DS . 'pages');
}
// get needed vars
$database = \App::get('db');
$authorized = \Components\Groups\Helpers\View::authorize($group);
$version = $page ? $page->approvedVersion() : null;
// stops from displaying pages that dont exist
if ($page === null) {
App::abort(404, Lang::txt('Group Page Not Found'));
return;
}
// stops from displaying unpublished pages
// make sure we have approved version to display
if ($page->get('state') == $page::APP_STATE_UNPUBLISHED || $version === null) {
// determine which layout to use
$layout = $version === null ? '_view_notapproved' : '_view_unpublished';
// show unpublished or no version layout
if ($authorized == 'manager' || Permissions::userHasPermissionForGroupAction($group, 'group.pages')) {
$view->setLayout($layout);
$view->group = $group;
$view->page = $page;
$view->version = $version;
return $view->loadTemplate();
}
// show 404
App::abort(404, Lang::txt('Group Page Not Found'));
return;
}
// build page hit object
// mark page hit
if ($markHit) {
$groupsTablePageHit = new PageHit($database);
$pageHit = new stdClass();
$pageHit->gidNumber = $group->get('gidNumber');
$pageHit->pageid = $page->get('id');
$pageHit->userid = User::get('id');
$pageHit->date = date('Y-m-d H:i:s');
$pageHit->ip = $_SERVER['REMOTE_ADDR'];
$groupsTablePageHit->save($pageHit);
}
// parse old wiki content
//$content = self::parseWiki($group, $version->get('content'), $fullparse = true);
$content = $version->get('content', '<p class="warning">' . Lang::txt('COM_GROUPS_PAGES_PAGE_NO_CONTENT') . '</p>');
// parse php tags and modules
$content = self::parse($group, $page, $content);
// set content
$version->set('content', trim($content));
// set vars to view
$view->user = User::getInstance();
$view->group = $group;
$view->page = $page;
$view->version = $version;
$view->authorized = $authorized;
$view->config = Component::params('com_groups');
// return rendered template
return $view->loadTemplate();
}
/**
* Authorization check
* Checks if the group is a system group and the user has super admin access
*
* @param object $group \Hubzero\User\Group
* @return boolean True if authorized, false if not.
*/
protected function authorize($task, $group = null)
{
// get users actions
$canDo = Permissions::getActions('group');
// build task name
$taskName = 'core.' . $task;
// can user perform task
if (!$canDo->get($taskName) || !$canDo->get('core.admin') && $task == 'edit' && $group->get('type') == 0) {
// No access
return false;
}
return true;
}
