function plgAuthenticationCommunity_ACL(&$subject, $config) { parent::__construct($subject, $config); $db =& JFactory::getDBO(); $config = new CACL_config($db); $config->load(); $this->_caclConfig = $config; }
function check_component($option) { $user =& JFactory::getUser(); if ($user->get('gid') == 25) { return true; } $db =& JFactory::getDBO(); $config = new CACL_config($db); $config->load(); $user_access = cacl_get_user_access($config); $groups = $user_access['groups']; $roles = $user_access['roles']; $functions = $user_access['functions']; $query = "SELECT COUNT(*) FROM `#__components` WHERE `parent` = 0 AND `option` = '{$option}' "; $db->setQuery($query); /* // Kobby updated to check for specific managers - Catgory, Section and Frontpage Managers if(( $option == 'com_categories' || $option == 'com_sections' || $option == 'com_frontpage' )){ //Continue... }else{ if ((int)$db->loadResult() < 1 ) return true; } */ $query = "SELECT * FROM `#__community_acl_access` WHERE `option` = '{$option}' AND `name` = '###' AND `isbackend` = 1 AND ( `group_id` IN ( '" . implode("','", $groups) . "') OR `role_id` IN ( '" . implode("','", $roles) . "') )"; $db->setQuery($query); $access = $db->loadObjectList(); /*if($option == 'com_categories'){ //echo $db->getQuery().'<br>';die(); }*/ $query = "SELECT `value` FROM `#__community_acl_config` WHERE `name` = 'default_action' "; $db->setQuery($query); $default_action = $db->loadResult(); if ($default_action == null) { $default_action = 'deny'; } if (is_array($access) && count($access) > 0) { return $default_action == 'deny' ? true : false; } return $default_action == 'deny' ? false : true; }
/** * Load published modules * * @access private * @return array */ function &_load() { global $mainframe, $Itemid; static $modules; if (isset($modules)) { return $modules; } $user =& JFactory::getUser(); $db =& JFactory::getDBO(); $aid = $user->get('aid', 0); $modules = array(); $wheremenu = isset($Itemid) ? ' AND ( mm.menuid = ' . (int) $Itemid . ' OR mm.menuid = 0 )' : ''; $query = 'SELECT id, title, module, position, content, showtitle, control, params' . ' FROM #__modules AS m' . ' LEFT JOIN #__modules_menu AS mm ON mm.moduleid = m.id' . ' WHERE m.published = 1' . ' AND m.access <= ' . (int) $aid . ' AND m.client_id = ' . (int) $mainframe->getClientId() . $wheremenu . ' ORDER BY position, ordering'; $db->setQuery($query); if (null === ($modules = $db->loadObjectList())) { JError::raiseWarning('SOME_ERROR_CODE', JText::_('Error Loading Modules') . $db->getErrorMsg()); return false; } // cACL module check if (class_exists('CACL_config')) { $config = new CACL_config($db); $config->load(); //$this->_caclConfig = $config; self::$_caclConfig = $config; $app =& JFactory::getApplication(); if (FALSE !== strpos(self::$_caclConfig->activate, $app->getName())) { check_modules($modules); } } $total = count($modules); for ($i = 0; $i < $total; $i++) { //determine if this is a custom module $file = $modules[$i]->module; $custom = substr($file, 0, 4) == 'mod_' ? 0 : 1; $modules[$i]->user = $custom; // CHECK: custom module name is given by the title field, otherwise it's just 'om' ?? $modules[$i]->name = $custom ? $modules[$i]->title : substr($file, 4); $modules[$i]->style = null; $modules[$i]->position = strtolower($modules[$i]->position); } return $modules; }
function onAfterRoute() { //adding cACL Activate $app =& JFactory::getApplication(); if (FALSE === strpos($this->_caclConfig->activate, $app->getName())) { return; } global $mainframe; if (!file_exists(JPATH_SITE . '/administrator/components/com_community_acl/community_acl.class.php')) { return; } $back_end = false; if ($app->getName() != 'site') { $back_end = true; } /** * This will return ajax calls from jomsocial popups. */ if ('community' == strtolower(JRequest::getVar('option')) && 'azrul_ajax' == strtolower(JRequest::getVar('task'))) { return; } if ($back_end) { $option = strtolower(JRequest::getVar('option', '', 'default', 'cmd')); } else { $option = strtolower(JRequest::getVar('option', 'com_content', 'default', 'cmd')); } $task = strtolower(JRequest::getCmd('task')); $user =& JFactory::getUser(); if ($back_end && $option == 'com_cbcontact' && $task == '') { $this->_syncCBContact(); } if ($user->get('gid') == 25) { return; } $db =& JFactory::getDBO(); require_once JPATH_SITE . '/administrator/components/com_community_acl/community_acl.class.php'; require_once JPATH_SITE . '/administrator/components/com_community_acl/community_acl.functions.php'; $config = new CACL_config($db); $config->load(); if ($back_end) { $redirect_url = $config->admin_redirect_url; } else { $redirect_url = $config->redirect_url; } //check to not go in redirect loop if ($_SERVER['REQUEST_METHOD'] != 'POST') { if (!$back_end && $_SERVER['REQUEST_URI'] == '/' || $_SERVER['REQUEST_URI'] == '/index.php' || $_SERVER['REQUEST_URI'] == '/' . $redirect_url || substr_replace(JURI::root(), '', -1, 1) . $_SERVER['REQUEST_URI'] == $redirect_url) { return; } if ($back_end && $_SERVER['REQUEST_URI'] == '/administrator/' || $_SERVER['REQUEST_URI'] == '/administrator/index.php' || $_SERVER['REQUEST_URI'] == $redirect_url || $_SERVER['REQUEST_URI'] == '/administrator/' . $redirect_url || substr_replace(JURI::root(), '', -1, 1) . $_SERVER['REQUEST_URI'] == $redirect_url) { return; } } $user_access = cacl_get_user_access($config); $groups = $user_access['groups']; $roles = $user_access['roles']; $functions = $user_access['functions']; $id = intval(JRequest::getInt('id')); if (!isset($_REQUEST['id']) || $_REQUEST['id'] == '') { $id = -1; } $cid = JRequest::getVar('cid', array(-1), '', 'array'); JArrayHelper::toInteger($cid, array(-1)); if ($id == -1 && isset($_REQUEST['cid'][0]) && $_REQUEST['cid'][0] != '') { $id = $cid[0]; } $view = strtolower(JRequest::getCmd('view')); $layout = strtolower(JRequest::getCmd('layout')); if ($back_end) { $option = strtolower(JRequest::getVar('option', '', 'default', 'cmd')); } else { $option = strtolower(JRequest::getVar('option', 'com_content', 'default', 'cmd')); } $task = strtolower(JRequest::getCmd('task')); $catid = -1; $sectionid = -1; if ($back_end && $option == 'com_content' || !$back_end && $option == 'com_content' && $view == 'article' && $id > 0) { if ($id > 0) { $cid[] = $id; $query = "SELECT `catid`, `sectionid` FROM `#__content` WHERE `id` IN ('" . implode("','", $cid) . "')"; $db->setQuery($query); $tmp = $db->loadAssoc(); $catid = $tmp['catid']; $sectionid = $tmp['sectionid']; } } elseif ($back_end && $option == 'com_categories' || !$back_end && $option == 'com_content' && $view == 'category' && $id > 0) { if ($id > 0) { $cid[] = $id; $query = "SELECT `section` FROM `#__categories` WHERE `id` IN ('" . implode("','", $cid) . "')"; $db->setQuery($query); $sectionid = $db->loadResult(); $catid = $id; } } elseif (!$back_end && $option == 'com_content' && $view == 'section' && $id > 0) { $sectionid = $id; } $catid_r = intval(JRequest::getInt('catid')); if (!isset($_REQUEST['catid'])) { $catid_r = -1; } $sectionid_r = intval(JRequest::getInt('sectionid')); if (!isset($_REQUEST['sectionid'])) { $sectionid_r = -1; } $lang =& JFactory::getLanguage(); $lang->load('plg_system_community_acl'); if (!$back_end && ($task == 'save' || $task == 'apply') && $option == 'com_content' && $id == '0') { $this->_emailPublisher($sectionid_r, $catid_r, $config->default_action); } //no groups/roles/functions for user if (!(count($groups) > 1 && count($roles) > 1)) { return; } if ($back_end && $option == 'com_login' && ($task == 'login' || $task == 'logout')) { return; } if ($option == 'com_sections' || $option == 'com_categories' || $option == 'com_content') { $query = "SELECT * FROM `#__community_acl_access` WHERE `option` IN ('menu', 'com_sections', 'com_categories', 'com_content' ) AND " . ($back_end ? ' `isbackend` = 1 ' : ' `isfrontend` = 1 ') . " AND ( `group_id` IN ( '" . implode("','", $groups) . "') OR `role_id` IN ( '" . implode("','", $roles) . "') )"; } else { $query = "SELECT * FROM `#__community_acl_access` WHERE `option` IN ( 'menu', '{$option}') AND " . ($back_end ? ' `isbackend` = 1 ' : ' `isfrontend` = 1 ') . " AND ( `group_id` IN ( '" . implode("','", $groups) . "') OR `role_id` IN ( '" . implode("','", $roles) . "') )"; } $db->setQuery($query); $access = $db->loadObjectList(); //What is a frole and fgroup??? $froles = array(); $fgroups = array(); if (is_array($access) && count($access) > 0) { foreach ($access as $item) { //forbidden components //echo $item->name .', $option = '.$option. ' $item->role_id=' .$item->role_id; die(); /** * Functions are not singling out articles * Attempting to trigger the logic to run checking functions for articles. * —BUR 8/2/2011 */ if ('###' === $item->name && 'com_content' === $item->option && 'com_content' === $option && !empty($cid) && in_array($task, array('unarchive', 'archive', 'publish', 'unpublish', 'movesect', 'copy', 'remove', 'edit', 'add', 'apply', 'save', 'cancel'))) { if ($item->role_id == '0') { $fgroups[] = $item->group_id; } else { $froles[] = $item->role_id; } } /** * end */ if ($item->name == '###' && $option == $item->option && ($option != 'com_content' && !($option == 'com_login' && $task == 'logout'))) { if ($item->role_id == '0') { $fgroups[] = $item->group_id; } else { $froles[] = $item->role_id; } } elseif ($item->name == '###' && $item->option == 'menu') { if (check_menu($item->value, $_REQUEST['Itemid'])) { if ($config->default_action == 'allow') { $_SESSION['cacl_redirect_url'] = $_SERVER['REQUEST_URI']; $mainframe->redirect($redirect_url, JText::_('ALERTNOTAUTH')); } } } elseif ($item->name != '###') { //forbidden content, sections, categiries if ($back_end) { if ('com_content' === $item->option && $option == 'com_content' && ($id == $item->value || in_array($item->value, $cid))) { if ($item->role_id == '0') { $fgroups[] = $item->group_id; } else { $froles[] = $item->role_id; } } elseif ($option == 'com_content' && ($item->option == 'com_sections' && $sectionid == $item->value || $item->option == 'com_categories' && $catid == $item->value)) { if ($item->role_id == '0') { $fgroups[] = $item->group_id; } else { $froles[] = $item->role_id; } } elseif ($option == 'com_sections' && ($id == $item->value || in_array($item->value, $cid))) { if ($item->role_id == '0') { $fgroups[] = $item->group_id; } else { $froles[] = $item->role_id; } } elseif ($option == 'com_categories' && ($id == $item->value || in_array($item->value, $cid))) { if ($item->role_id == '0') { $fgroups[] = $item->group_id; } else { $froles[] = $item->role_id; } } /* * This doesn't seem to do what it intended. -BUR 10/5/2010 if ($option == 'com_content' && $id == - 1) { if ($item->role_id == '0') $fgroups [] = $item->group_id; else $froles [] = $item->role_id; } if ($option == 'com_categories' && $id == - 1) { if ($item->role_id == '0') $fgroups [] = $item->group_id; else $froles [] = $item->role_id; } if ($option == 'com_sections' && $id == - 1) { if ($item->role_id == '0') $fgroups [] = $item->group_id; else $froles [] = $item->role_id; } if ($option == 'com_menus' && $id == - 1) { if ($item->role_id == '0') $fgroups [] = $item->group_id; else $froles [] = $item->role_id; }*/ } else { if ($option == 'com_content' && $view == 'section' && $item->option == 'com_sections' && $id == $item->value) { if ($item->role_id == '0') { $fgroups[] = $item->group_id; } else { $froles[] = $item->role_id; } } if ($option == 'com_content' && $view == 'category' && $item->option == 'com_categories' && $id == $item->value) { if ($item->role_id == '0') { $fgroups[] = $item->group_id; } else { $froles[] = $item->role_id; } } if ($option == 'com_content' && $view == 'article' && $item->option == 'com_content' && $id == $item->value) { if ($item->role_id == '0') { $fgroups[] = $item->group_id; } else { $froles[] = $item->role_id; } } if ($option == 'com_content' && $view == 'category' && $item->option == 'com_sections' && $sectionid == $item->value) { if ($item->role_id == '0') { $fgroups[] = $item->group_id; } else { $froles[] = $item->role_id; } } if ($option == 'com_content' && $view == 'article' && ($item->option == 'com_sections' && $sectionid == $item->value || $item->option == 'com_categories' && $catid == $item->value)) { if ($item->role_id == '0') { $fgroups[] = $item->group_id; } else { $froles[] = $item->role_id; } } if ($option == 'com_content' && $task == 'edit' && ($id == $item->value || in_array($item->value, $cid))) { if ($item->role_id == '0') { $fgroups[] = $item->group_id; } else { $froles[] = $item->role_id; } } if ($option == 'com_content' && $task == 'new' && ($item->option == 'com_sections' && $sectionid_r == $item->value)) { if ($item->role_id == '0') { $fgroups[] = $item->group_id; } else { $froles[] = $item->role_id; } } if ($option == 'com_content' && $task == 'save' && ($item->option == 'com_sections' && $sectionid_r == $item->value) || $item->option == 'com_categories' && $catid_r == $item->value) { if ($item->role_id == '0') { $fgroups[] = $item->group_id; } else { $froles[] = $item->role_id; } } if ($option == 'com_content' && $view == 'article' && $layout == 'form' && $id == -1 && $config->default_action != 'allow') { if ($item->role_id == '0') { $fgroups[] = $item->group_id; } else { $froles[] = $item->role_id; } } if ($option == 'com_content' && $view == 'frontpage' && $id == -1 && $config->default_action != 'allow') { if ($item->role_id == '0') { $fgroups[] = $item->group_id; } else { $froles[] = $item->role_id; } } } } } } $rows = $groups; $rls = $roles; if ($config->default_action == 'allow') { if (is_array($rows) && count($rows) > 0) { foreach ($rows as $i => $group) { $ind = array_search($group, $groups); if (in_array($group, $fgroups) && $ind !== false) { unset($groups[$ind]); unset($roles[$ind]); unset($functions[$ind]); } $ind = array_search($rls[$i], $roles); if (in_array($rls[$i], $froles) && $ind !== false) { unset($groups[$ind]); unset($roles[$ind]); unset($functions[$ind]); } } } if (!(count($groups) > 1 && count($roles) > 1)) { //Kobby corrected the redirect issue right here. $_SESSION['cacl_redirect_url'] = $_SERVER['REQUEST_URI']; $mainframe->redirect($redirect_url, JText::_('ALERTNOTAUTH')); /* * / if(!isset($_REQUEST['load'])) $mainframe->redirect( $redirect_url.'?load=once', JText::_( 'ALERTNOTAUTH' )); /* */ } } else { // What is going on here? Seriously. —BUR 8/2/2011 if (is_array($rows) && count($rows) > 0) { foreach ($rows as $i => $group) { $ind = array_search($group, $groups); if (!in_array($group, $fgroups) && $ind !== false) { $groups[$ind] = -1; if (!in_array($roles[$ind], $froles)) { $roles[$ind] = -1; $functions[$ind] = -1; } } $ind = array_search($rls[$i], $roles); if (!in_array($rls[$i], $froles) && $ind !== false) { $roles[$ind] = -1; if (!in_array($groups[$ind], $fgroups)) { $groups[$ind] = -1; $functions[$ind] = -1; } } } } $groups = array_unique($groups); $roles = array_unique($roles); $functions = array_unique($functions); $restricted = true; if (count($groups) == 1 && count($roles) == 1) { //triggered bug BUT fixed now if (JRequest::getVar('option') != 'com_content' && !$back_end) { $_SESSION['cacl_redirect_url'] = $_SERVER['REQUEST_URI']; $query = "SELECT * FROM `#__community_acl_function_access` WHERE `option` = '{$option}' AND " . ($back_end ? ' `isbackend` = 1 ' : ' `isfrontend` = 1 ') . " AND `name` <> 'option' ORDER BY `grouping`"; $db->setQuery($query); $f_access = $db->loadObjectList(); $Itemid = JRequest::getInt('Itemid'); $task = JRequest::getVar('task', ''); $view = JRequest::getVar('view', ''); foreach ($f_access as $access) { if ($access->value == $Itemid) { $restricted = false; } elseif ($access->value == $task) { $restricted = false; } elseif ($access->value == $view) { $restricted = false; } } if ($task == '' && $view == '') { $restricted = true; } //Do not restrict JomComment Component if ($option == 'jomcomment') { $restricted = false; } if ($restricted) { $mainframe->redirect($redirect_url, JText::_('ALERTNOTAUTH')); } } } } $query = "SELECT COUNT(*) FROM `#__community_acl_content_actions` WHERE `func_id` IN ( '" . implode("','", $functions) . "') "; $db->setQuery($query); $count = (int) $db->loadResult(); $content_all = 0; if ($option == 'com_content') { $query = "SELECT COUNT(*) FROM `#__community_acl_function_access` WHERE `option` = 'com_content' AND `name` = '#any_key#' AND `value` = '#any_value#' AND " . ($back_end ? ' `isbackend` = 1 ' : ' `isfrontend` = 1 ') . " AND `func_id` IN ( '" . implode("','", $functions) . "')"; $db->setQuery($query); $content_all = (int) $db->loadResult(); $count = $count && !$content_all; } if ($count && ($task == '' || $task == 'save' || $task == 'apply' || $task == 'new' || $task == 'add' || $task == 'remove' || $task == 'copyselect' || $task == 'moveselect' || $task == 'edit' || $task == 'publish' || $task == 'unpublish' || $task == 'copy' || $task == 'movesect' || $task == 'archive' || $task == 'unarchive')) { $acl =& JFactory::getACL(); $publish_array = array('com_content', 'publish', 'users', strtolower($user->get('usertype')), 'content', 'all', NULL); $publish_index = array_search($publish_array, $acl->acl); $edit_array = array('com_content', 'edit', 'users', strtolower($user->get('usertype')), 'content', 'all', NULL); $edit_index = array_search($edit_array, $acl->acl); /* * / echo '<div style="background-color:white">'; echo 'FILE: '.__FILE__.' LINE: '.__LINE__; echo '<pre style="white-space:pre">', var_dump($publish_array), var_dump($publish_index), var_dump($edit_array), var_dump($edit_index), var_dump($option), var_dump(JRequest::getCMD('option')), '</pre></div>'; exit; /* */ if ($option == 'com_sections' && ($sectionid > -1 || $sectionid_r > -1)) { $query = "SELECT * FROM `#__community_acl_content_actions` WHERE `item_type` = 'section' AND `func_id` IN ( '" . implode("','", $functions) . "') "; $db->setQuery($query); $function_access = $db->loadObjectList(); $bingo = false; $bingo_publish = false; if (is_array($function_access) && count($function_access) > 0) { foreach ($function_access as $item) { if (($task == 'add' || $task == 'remove' || $task == 'copyselect') && $item->action == 'add' && ($id == $item->item_id || in_array($item->item_id, $cid))) { $bingo = true; } if ($task == 'new' && $item->action == 'add' && $sectionid_r == $item->item_id) { $bingo = true; } if ($task == 'edit' && $item->action == 'edit' && ($id == $item->item_id || in_array($item->item_id, $cid))) { $bingo = true; } if (($task == 'publish' || $task == 'unpublish') && $item->action == 'publish' && ($id == $item->item_id || in_array($item->item_id, $cid))) { $bingo = true; } if ($task == 'edit' && $item->action == 'publish' && ($id == $item->item_id || in_array($item->item_id, $cid))) { $bingo_publish = true; } } } if ($bingo_publish) { if ($config->default_action == 'allow') { unset($acl->acl[$publish_index]); $acl->acl_count--; } } elseif ($config->default_action == 'deny') { unset($acl->acl[$publish_index]); $acl->acl_count--; } if ($bingo) { if ($config->default_action == 'allow') { $_SESSION['cacl_redirect_url'] = $_SERVER['REQUEST_URI']; $mainframe->redirect($redirect_url, JText::_('ALERTNOTAUTH')); } } elseif ($config->default_action == 'deny') { $_SESSION['cacl_redirect_url'] = $_SERVER['REQUEST_URI']; $mainframe->redirect($redirect_url, JText::_('ALERTNOTAUTH')); } } if ($option == 'com_categories' && ($catid > -1 || $catid_r > -1)) { $query = "SELECT * FROM `#__community_acl_content_actions` WHERE `item_type` IN ('section', 'category') AND `func_id` IN ( '" . implode("','", $functions) . "') "; $db->setQuery($query); $function_access = $db->loadObjectList(); $bingo = false; $bingo_publish = false; //echo "$sectionid, $sectionid_r, $catid, $catid_r";die; if (is_array($function_access) && count($function_access) > 0) { foreach ($function_access as $item) { if ($item->item_type == 'section') { if (($task == 'add' || $task == 'remove' || $task == 'copyselect' || $task == 'moveselect') && $item->action == 'add' && $sectionid == $item->item_id) { $bingo = true; } if ($task == 'new' && $item->action == 'add' && $sectionid_r == $item->item_id) { $bingo = true; } if ($task == 'edit' && $item->action == 'edit' && $sectionid == $item->item_id) { $bingo = true; } if (($task == 'publish' || $task == 'unpublish') && $item->action == 'publish' && $sectionid == $item->item_id) { $bingo = true; } if ($task == 'edit' && $item->action == 'publish' && $sectionid == $item->item_id) { $bingo_publish = true; } } if ($item->item_type == 'category') { if (($task == 'add' || $task == 'remove' || $task == 'copyselect' || $task == 'moveselect') && $item->action == 'add' && ($id == $item->item_id || in_array($item->item_id, $cid))) { $bingo = true; } if ($task == 'new' && $item->action == 'add' && $catid_r == $item->item_id) { $bingo = true; } if ($task == 'edit' && $item->action == 'edit' && ($id == $item->item_id || in_array($item->item_id, $cid))) { $bingo = true; } if (($task == 'publish' || $task == 'unpublish') && $item->action == 'publish' && ($id == $item->item_id || in_array($item->item_id, $cid))) { $bingo = true; } if ($task == 'edit' && $item->action == 'publish' && ($id == $item->item_id || in_array($item->item_id, $cid))) { $bingo_publish = true; } } } } if ($bingo_publish) { if ($config->default_action == 'allow') { unset($acl->acl[$publish_index]); $acl->acl_count--; } } elseif ($config->default_action == 'deny') { unset($acl->acl[$publish_index]); $acl->acl_count--; } if ($bingo) { if ($config->default_action == 'allow') { $_SESSION['cacl_redirect_url'] = $_SERVER['REQUEST_URI']; $mainframe->redirect($redirect_url, JText::_('ALERTNOTAUTH')); } } elseif ($config->default_action == 'deny') { $_SESSION['cacl_redirect_url'] = $_SERVER['REQUEST_URI']; $mainframe->redirect($redirect_url, JText::_('ALERTNOTAUTH')); } } if ($option == 'com_content') { /* * / echo '<div style="background-color:white">'; echo 'FILE: '.__FILE__.' LINE: '.__LINE__; echo '<pre style="white-space:pre">', var_dump($option), '</pre></div>'; exit; /* */ $query = "SELECT * FROM `#__community_acl_content_actions` WHERE `item_type` IN ('section', 'category', 'content') AND `func_id` IN ( '" . implode("','", $functions) . "') "; $db->setQuery($query); $function_access = $db->loadObjectList(); /* * / echo '<div style="background-color:white">'; echo 'FILE: '.__FILE__.' LINE: '.__LINE__; echo '<pre style="white-space:pre">', var_dump($function_access), var_dump($task), '</pre></div>'; exit; /* */ $bingo = false; $bingo_edit = false; $bingo_publish = false; if (is_array($function_access) && count($function_access) > 0) { foreach ($function_access as $item) { if ($item->item_type == 'section') { if (($task == 'add' || $task == 'remove' || $task == 'copyselect' || $task == 'moveselect') && $item->action == 'add' && $sectionid == $item->item_id) { $bingo = true; } if (($task == 'new' || $task == 'add' || $view == 'article' && $layout == 'form') && $item->action == 'add') { //only in deny mode if ($config->default_action == 'deny') { $bingo = true; $bingo_edit = true; } } if (($task == 'save' || $task == 'apply') && ($item->action == 'add' || $item->action == 'edit') && $sectionid_r == $item->item_id) { # - Kobby enhancement - Exception Catch : User is denied access to edit or publish but can add /*if($item_type != 'add'){ $bingo = false; }else{ $bingo = true; }*/ $bingo = true; $bingo_edit = true; $bingo_publish = true; } if ($task == '' && $item->action == 'edit' && $sectionid == $item->item_id) { $bingo_edit = true; } if ($task == 'edit' && $item->action == 'edit' && $sectionid == $item->item_id) { $bingo_edit = true; $bingo = true; } if (($task == 'publish' || $task == 'unpublish') && $item->action == 'publish' && $sectionid == $item->item_id) { $bingo = true; } if (($task == 'edit' || $task == '') && $item->action == 'publish' && $sectionid == $item->item_id) { $bingo_publish = true; } } elseif ($item->item_type == 'category') { if (($task == 'new' || $task == 'add' || $task == 'remove' || $task == 'copyselect' || $task == 'moveselect') && $item->action == 'add' && $catid == $item->item_id) { $bingo = true; } if (($task == 'new' || $task == 'add' || $view == 'article' && $layout == 'form') && $item->action == 'add') { //only in deny mode if ($config->default_action == 'deny') { $bingo = true; $bingo_edit = true; } } if (($task == 'save' || $task == 'apply') && ($item->action == 'add' || $item->action == 'edit') && $catid_r == $item->item_id) { $bingo = true; $bingo_edit = true; $bingo_publish = true; } if ($task == '' && $item->action == 'edit' && $catid == $item->item_id) { $bingo_edit = true; } if ($task == 'edit' && $item->action == 'edit' && $catid == $item->item_id) { $bingo = true; $bingo_edit = true; } if (($task == 'publish' || $task == 'unpublish') && $item->action == 'publish' && $catid == $item->item_id) { $bingo = true; } if (($task == 'edit' || $task == '') && $item->action == 'publish' && $catid == $item->item_id) { $bingo_publish = true; } } elseif ($item->item_type == 'content') { if (($task == 'edit' || $task == 'archive' || $task == 'unarchive') && $item->action == 'edit' && ($id == $item->item_id || in_array($item->item_id, $cid))) { $bingo = true; } if (($task == 'publish' || $task == 'unpublish') && $item->action == 'publish' && ($id == $item->item_id || in_array($item->item_id, $cid))) { $bingo = true; } if ($task == 'edit' && $item->action == 'publish' && ($id == $item->item_id || in_array($item->item_id, $cid))) { $bingo_publish = true; } } } } /* * / echo '<div style="background-color:white">'; echo 'FILE: '.__FILE__.' LINE: '.__LINE__; echo '<pre style="white-space:pre">', var_dump($bingo), var_dump($bingo_edit), var_dump($bingo_publish), var_dump($publish_index), var_dump($edit_index), var_dump($config->default_action), var_dump($acl->acl), '</pre></div>'; //exit; /* */ # - Kobby needs to fix this bug for the Edit/Pub if ($bingo_edit && $publish_index === 0) { if ($config->default_action == 'allow') { unset($acl->acl[$edit_index]); $acl->acl_count--; } } elseif ($config->default_action == 'deny' && $publish_index === 0) { unset($acl->acl[$edit_index]); $acl->acl_count--; //die('bingo_edit'); } if ($bingo_publish) { if ($config->default_action == 'allow' && $publish_index === 0) { unset($acl->acl[$publish_index]); $acl->acl_count--; } } elseif ($config->default_action == 'deny' && $publish_index === 0) { unset($acl->acl[$publish_index]); $acl->acl_count--; //die('bingo_publish'); } if ($bingo) { if ($config->default_action == 'allow') { $_SESSION['cacl_redirect_url'] = $_SERVER['REQUEST_URI']; $mainframe->redirect($redirect_url, JText::_('ALERTNOTAUTH')); } } elseif ($config->default_action == 'deny' && ($task != '' || $view == 'article' && $layout == 'form')) { $_SESSION['cacl_redirect_url'] = $_SERVER['REQUEST_URI']; if ($task != 'save') { $mainframe->redirect($redirect_url, JText::_('ALERTNOTAUTH')); } } } } elseif ($config->default_action == 'deny') { //This section modifies wether or not the edit article button is displayed on the front end. -BUR //This is running on the back-end too —BUR 8/3/2011 if (!$content_all) { $acl =& JFactory::getACL(); $publish_array = array('com_content', 'publish', 'users', strtolower($user->get('usertype')), 'content', 'all', NULL); $publish_index = array_search($publish_array, $acl->acl); $edit_array = array('com_content', 'edit', 'users', strtolower($user->get('usertype')), 'content', 'all', NULL); $edit_index = array_search($edit_array, $acl->acl); unset($acl->acl[$publish_index]); $acl->acl_count--; unset($acl->acl[$edit_index]); $acl->acl_count--; if ($task == 'save' || $task == 'apply' || $task == 'new' || $task == 'add' || $task == 'remove' || $task == 'copyselect' || $task == 'moveselect' || $task == 'edit' || $task == 'publish' || $task == 'unpublish' || $task == 'copy' || $task == 'movesect' || $task == 'archive' || $task == 'unarchive' || $view == 'article' && $layout == 'form') { $_SESSION['cacl_redirect_url'] = $_SERVER['REQUEST_URI']; //$mainframe->redirect( $redirect_url,JText::_( 'ALERTNOTAUTH' )); } } } $query = "SELECT * FROM `#__community_acl_function_access` WHERE `option` = '{$option}' AND " . ($back_end ? ' `isbackend` = 1 ' : ' `isfrontend` = 1 ') . " AND `func_id` IN ( '" . implode("','", $functions) . "') AND `name` <> 'option' ORDER BY `grouping`"; $db->setQuery($query); $function_access = $db->loadObjectList(); // (isset($_REQUEST['searchword']) || isset($_REQUEST['action']) || isset($_REQUEST['view']) || isset($_REQUEST['task']) || isset($_REQUEST['id']) || isset($_REQUEST['cid']) || isset($_REQUEST['mode'])) && if (is_array($function_access) && count($function_access) > 0) { $query = "SELECT `grouping` FROM `#__community_acl_function_access` WHERE `option` = '{$option}' AND " . ($back_end ? ' `isbackend` = 1 ' : ' `isfrontend` = 1 ') . " AND `func_id` IN ( '" . implode("','", $functions) . "') AND `name` <> 'option' GROUP BY `grouping` ORDER BY `grouping`"; $db->setQuery($query); $groupings = $db->loadObjectList(); $allow_pass = false; if (is_array($groupings) && count($groupings) > 0) { foreach ($groupings as $g) { $allow_pass = false; if (is_array($function_access) && count($function_access) > 0) { foreach ($function_access as $item) { if ($item->grouping != $g->grouping) { continue; } //Kobby modification to fix the function issue if ($_REQUEST['option'] == $item->option && !isset($_REQUEST[$item->name]) && $config->default_action == 'deny') { $allow_pass = true; } //End if ($item->name == '#any_key#') { $allow_pass = false; continue; } if (!isset($_REQUEST[$item->name]) && $config->default_action == 'allow') { $allow_pass = true; continue; } if (!isset($_REQUEST[$item->name]) && $config->default_action == 'deny') { continue; } if ($item->name == 'id') { if (((int) $_REQUEST[$item->name] != $item->value && $item->value && $item->extra != '1' || (int) $_REQUEST[$item->name] == $item->value && $item->extra == '1') && $item->value != '#any_value#') { //echo 1;die; $allow_pass = true; continue; } } elseif (is_array($_REQUEST[$item->name])) { if ((!in_array($item->value, $_REQUEST[$item->name]) && $item->value && $item->extra != '1' || in_array($item->value, $_REQUEST[$item->name]) && $item->extra == '1') && $item->value != '#any_value#') { //echo 2;die; $allow_pass = true; continue; } } else { if (($_REQUEST[$item->name] != $item->value && $item->value && $item->extra != '1' || $_REQUEST[$item->name] == $item->value && $item->extra == '1') && $item->value != '#any_value#') { //echo 3;die; $allow_pass = true; continue; } } } } if ($config->default_action == 'allow') { if (!$allow_pass) { $_SESSION['cacl_redirect_url'] = $_SERVER['REQUEST_URI']; $mainframe->redirect($redirect_url, JText::_('ALERTNOTAUTH')); } } else { if (!$allow_pass) { return; } } } } } else { // Backend user has nothing defined in group/role/function and site set to deny all... why is it still allowed? —BUR 8/3/2011 return; } if ($config->default_action == 'deny') { $_SESSION['cacl_redirect_url'] = $_SERVER['REQUEST_URI']; $mainframe->redirect($redirect_url, JText::_('ALERTNOTAUTH')); } }
function onAfterRoute() { $app = JFactory::getApplication(); $db = JFactory::getDBO(); $config = new CACL_config($db); $config->load(); $user_access = cacl_get_user_access($config); $component = JRequest::getCmd('option'); if (!$app->isSite() || 'com_docman' != $component) { return; } $catId = JSite::getMenu()->getParams(JRequest::getInt('Itemid'))->get('cat_id'); $catId = JRequest::getInt('gid', $catId); $documentId = JRequest::getInt('bid', null); //get the right parent category id from db if ('doc_download' == JRequest::getCmd('task')) { //maybe it's the docman document id $sql = "\n \tSELECT cat.id FROM #__docman AS doc\n \tLEFT JOIN #__categories AS cat\n \t ON doc.catid=cat.id\n \tWHERE doc.id={$catId}\n "; $db->setQuery($sql); $catId = $db->loadResult(); } $nodes = $this->_getNodes($db, $catId); if (!empty($nodes)) { while (!empty($nodes[0]->subnodes)) { $nodes = $nodes[0]->subnodes; } $catId = $nodes[0]->id; } // cat_id is the category ID in #__docman.catid === #__categories.id // gid is either #__docman.catid or #__docman.id. version 1.5 // bid is #__docman.id. tells docman which file to send for download. version 1.4 unset($user_access['groups'][0]); unset($user_access['roles'][0]); if (empty($user_access['groups']) && empty($user_access['roles'])) { return; } $groups = implode(',', $user_access['groups']); $roles = implode(',', $user_access['roles']); $not = 'allow' == $config->default_action ? '' : 'NOT'; $sql = "\n \tSELECT *\n \tFROM `#__community_acl_access`\n \tWHERE `option`='com_docman' && (group_id IN ({$groups}) || role_id IN ({$roles}))\n "; $db->setQuery($sql); $res = $db->loadAssocList('value'); // Is access allowed to this category? if ('allow' == $config->default_action) { if (array_key_exists($catId, $res)) { $app->redirect($config->redirect_url, JText::_('ALERTNOTAUTH')); exit; } } else { if (!array_key_exists($catId, $res)) { $app->redirect($config->redirect_url, JText::_('ALERTNOTAUTH')); exit; } } // DOCman 1.4 // Somebody is trying to download. Is access allowed to this document? if ($documentId !== null && $documentId > 0) { $sql = "SELECT catid FROM #__docman WHERE id={$documentId}"; $db->setQuery($sql); $catId = $db->loadResult(); if ('allow' == $config->default_action) { if (array_key_exists($catId, $res)) { $app->redirect($config->redirect_url, JText::_('ALERTNOTAUTH')); exit; } } else { if (!array_key_exists($catId, $res)) { $app->redirect($config->redirect_url, JText::_('ALERTNOTAUTH')); exit; } } } }
function check_module($id = 0) { $user =& JFactory::getUser(); if ($user->get('gid') == 25) { return true; } $db =& JFactory::getDBO(); require_once JPATH_SITE . '/administrator/components/com_community_acl/community_acl.class.php'; $config = new CACL_config($db); $config->load(); $user_access = cacl_get_user_access($config); $groups = $user_access['groups']; $roles = $user_access['roles']; $functions = $user_access['functions']; $default_action = $config->default_action; $query = "SELECT `client_id` FROM `#__modules` WHERE `id` = '{$id}'"; $db->setQuery($query); if ((int) $db->loadResult() > 0) { return true; } $query = "SELECT COUNT(*) FROM `#__community_acl_access` WHERE ( group_id IN ( '" . implode("','", $groups) . "') OR role_id IN ( '" . implode("','", $roles) . "') ) AND `option` = 'module' AND `name` = '@@@' AND `value` = '{$id}'"; $db->setQuery($query); if ((int) $db->loadResult() > 0) { return $default_action == 'deny' ? true : false; } return $default_action == 'deny' ? false : true; }
function getAccessList() { $db =& JFactory::getDBO(); $config = new CACL_config($db); $config->load(); $user_access = cacl_get_user_access($config); $groups = $user_access['groups']; $roles = $user_access['roles']; $menuList = $this->getMenuList(); $query = "SELECT value FROM `#__community_acl_access` AS a\n\n\t\t\t\t\t\t\tWHERE a.option = 'jsmenu'\n\n\t\t\t\t\t\t\t\tAND ( a.group_id IN ( '" . implode("','", $groups) . "')\n\t\t\t\t\t\t\t\t\tOR a.role_id IN ( '" . implode("','", $roles) . "') )"; $db->setQuery($query); $items = $db->loadAssocList(); $itemsPrepped = array(); foreach ($items as $item) { $itemsPrepped[$item['value']] = true; } return $itemsPrepped; }
$task = 'list_sites'; break; } $mainframe->redirect('index.php?option=com_community_acl&task=' . $task); } function deleteItem($table, $cid) { global $mainframe; // Check for request forgeries JRequest::checkToken() or die('Invalid Token'); // Initialize variables $db =& JFactory::getDBO(); JArrayHelper::toInteger($cid); if (count($cid) < 1) { JError::raiseError(500, JText::_('Select a item to delete', true)); } if (count($cid)) { $cids = implode(',', $cid); $query = 'DELETE FROM `' . $table . '`' . ' WHERE `id` IN ( ' . $cids . ' )'; $db->setQuery($query); if (!$db->query()) { JError::raiseError(500, $db->stderr()); return false; } switch ($table) { case '#__community_acl_groups': $query = 'SELECT `id` FROM `#__community_acl_roles`' . ' WHERE `group_id` IN ( ' . $cids . ' )'; $db->setQuery($query); $rid = $db->loadResultArray(); $query = 'DELETE FROM `#__community_acl_roles`' . ' WHERE `group_id` IN ( ' . $cids . ' )'; $db->setQuery($query); if (!$db->query()) { JError::raiseError(500, $db->stderr()); return false; } $query = 'DELETE FROM `#__community_acl_access`' . ' WHERE `group_id` IN ( ' . $cids . ' ) ' . (count($rid) > 0 ? ' OR `role_id` IN ( ' . implode(',', $rid) . ' )' : ''); $db->setQuery($query); if (!$db->query()) { JError::raiseError(500, $db->stderr()); return false; } $query = 'DELETE FROM `#__community_acl_users`' . ' WHERE `group_id` IN ( ' . $cids . ' ) ' . (count($rid) > 0 ? ' OR `role_id` IN ( ' . implode(',', $rid) . ' )' : ''); $db->setQuery($query); if (!$db->query()) { JError::raiseError(500, $db->stderr()); return false; } $query = "SELECT `id` FROM `#__community_acl_sites` WHERE `is_main` = '1'"; $db->setQuery($query); $sid = (int) $db->loadResult(); if ($sid > 0) { $main = new CACL_site($db); $main->load($sid); $config = new CACL_config($main->_site_db); $config->load(); if ($config->synchronize && $config->cacl_grf) { $sync = new CACL_syncronize($main); foreach ($cid as $tid) { $sync->syncronize($tid, 'cacl_group_delete'); } } } break; case '#__community_acl_roles': $query = 'DELETE FROM `#__community_acl_access`' . ' WHERE `role_id` IN ( ' . $cids . ' ) '; $db->setQuery($query); if (!$db->query()) { JError::raiseError(500, $db->stderr()); return false; } $query = 'DELETE FROM `#__community_acl_users`' . ' WHERE `role_id` IN ( ' . $cids . ' ) '; $db->setQuery($query); if (!$db->query()) { JError::raiseError(500, $db->stderr()); return false; } $query = "SELECT `id` FROM `#__community_acl_sites` WHERE `is_main` = '1'"; $db->setQuery($query); $sid = (int) $db->loadResult(); if ($sid > 0) { $main = new CACL_site($db); $main->load($sid); $config = new CACL_config($main->_site_db); $config->load(); if ($config->synchronize && $config->cacl_grf) { $sync = new CACL_syncronize($main); foreach ($cid as $tid) { $sync->syncronize($tid, 'cacl_role_delete'); } } } break; case '#__community_acl_functions': $query = 'DELETE FROM `#__community_acl_function_access`' . ' WHERE `func_id` IN ( ' . $cids . ' ) '; $db->setQuery($query); if (!$db->query()) { JError::raiseError(500, $db->stderr()); return false; } $query = 'DELETE FROM `#__community_acl_users`' . ' WHERE `function_id` IN ( ' . $cids . ' ) '; $db->setQuery($query); if (!$db->query()) { JError::raiseError(500, $db->stderr()); return false; } $query = "SELECT `id` FROM `#__community_acl_sites` WHERE `is_main` = '1'"; $db->setQuery($query); $sid = (int) $db->loadResult(); if ($sid > 0) { $main = new CACL_site($db); $main->load($sid); $config = new CACL_config($main->_site_db); $config->load(); if ($config->synchronize && $config->cacl_grf) { $sync = new CACL_syncronize($main); foreach ($cid as $tid) { $sync->syncronize($tid, 'cacl_func_delete'); } } } break; case '#__community_acl_sites': $task = 'list_sites'; break; } } $task = ''; switch ($table) { case '#__community_acl_groups': $task = 'list_groups'; break; case '#__community_acl_roles': $task = 'list_roles'; break; case '#__community_acl_functions': $task = 'list_functions'; break; case '#__community_acl_sites':
function synchronize() { global $option; $db =& JFactory::getDBO(); $config = new CACL_config($db); $config->load(); left_menu_header(); ?> <script language="javascript" type="text/javascript"> function submitbutton(pressbutton) { <?php if (!$config->synchronize) { ?> alert('Synchronization is not enabled in configuration!') <?php } else { ?> jQuery('div#message').get(0).style.display = 'none'; jQuery('div#image').get(0).style.display = ''; submitform(pressbutton); <?php } ?> } </script> <form action="index.php" method="post" name="adminForm"> <table class="adminlist"> <tr><th class="title">Synchonization</th></tr> <tr><td><br /> <div id="message" style="width:100%; text-align:left;"> <?php if (!$config->synchronize) { ?> <strong>Synchronization is not enabled in configuration!</strong> <?php } else { ?> <strong>Items to synchronize (defined in configuration):</strong> <table> <tr><td>Joomla! users and CB users fields:</td><td><img border="0" alt="Published" src="images/<?php echo $config->users_and_cb ? 'tick.png' : 'publish_x.png'; ?> " /> </td></tr> <tr><td>CB Contact component:</td><td><img border="0" alt="Published" src="images/<?php echo $config->cb_contact ? 'tick.png' : 'publish_x.png'; ?> " /> </td></tr> <tr><td>Community ACL Groups, Roles, Functions and access restrictions:</td><td><img border="0" alt="Published" src="images/<?php echo $config->cacl_grf ? 'tick.png' : 'publish_x.png'; ?> " /> </td></tr> </table><br /> <strong><?php echo JText::_('Press `Synchronize` button to begin.'); ?> </strong> <?php } ?> </div> <div id="image" style="width:100%; text-align:left; display:none;"> <img src="<?php echo substr_replace(JURI::root(), '', -1, 1); ?> /administrator/components/<?php echo $option; ?> /images/progress.gif" alt="Synchonization in progress" title="" border="" /><br /> <?php echo JText::_('Synchonization in progress. Please wait, it may take some time.'); ?> </div> </td> </tr> </table> <input type="hidden" name="option" value="com_community_acl" /> <input type="hidden" name="task" value="" /> </form> <?php left_menu_footer(); }
/** * Disables the user account */ function block() { // Check for request forgeries JRequest::checkToken() or die('Invalid Token'); $db =& JFactory::getDBO(); $acl =& JFactory::getACL(); $currentUser =& JFactory::getUser(); $cid = JRequest::getVar('cid', array(), '', 'array'); $block = $this->getTask() == 'block' ? 1 : 0; JArrayHelper::toInteger($cid); if (count($cid) < 1) { JError::raiseError(500, JText::_('Select a User to ' . $this->getTask(), true)); } foreach ($cid as $id) { // check for a super admin ... can't delete them $objectID = $acl->get_object_id('users', $id, 'ARO'); $groups = $acl->get_object_groups($objectID, 'ARO'); $this_group = strtolower($acl->get_group_name($groups[0], 'ARO')); $success = false; if ($this_group == 'super administrator') { $msg = JText::_('You cannot block a Super Administrator'); } else { if ($id == $currentUser->get('id')) { $msg = JText::_('You cannot block Yourself!'); } else { if ($this_group == 'administrator' && $currentUser->get('gid') == 24) { $msg = JText::_('WARNBLOCK'); } else { $user =& JUser::getInstance((int) $id); $count = 2; if ($user->get('gid') == 25) { // count number of active super admins $query = 'SELECT COUNT( id )' . ' FROM #__users' . ' WHERE gid = 25' . ' AND block = 0'; $db->setQuery($query); $count = $db->loadResult(); } if ($count <= 1 && $user->get('gid') == 25) { // cannot delete Super Admin where it is the only one that exists $msg = "You cannot block this Super Administrator as it is the only active Super Administrator for your site"; } else { $user =& JUser::getInstance((int) $id); $user->block = $block; $user->save(); if ($block) { JRequest::setVar('task', 'block'); JRequest::setVar('cid', array($id)); $query = "SELECT `id` FROM `#__community_acl_sites` WHERE `is_main` = '1'"; $db->setQuery($query); $sid = (int) $db->loadResult(); if ($sid > 0) { $main = new CACL_site($db); $main->load($sid); $config = new CACL_config($main->_site_db); $config->load(); if ($config->synchronize && $config->users_and_cb) { $sync = new CACL_syncronize($main); $sync->syncronize($user->get('id'), 'user'); } } // delete user acounts active sessions $this->logout(); } } } } } } $this->setRedirect('index.php?option=com_community_acl&mode=manage_users', $msg); }
function onAfterRoute() { global $mainframe; if (!file_exists(JPATH_SITE . '/administrator/components/com_community_acl/community_acl.class.php')) { return; } $app =& JFactory::getApplication(); $back_end = false; if ($app->getName() != 'site') { $back_end = true; } if ($back_end) { $option = strtolower(JRequest::getVar('option', '', 'default', 'cmd')); } else { $option = strtolower(JRequest::getVar('option', 'com_content', 'default', 'cmd')); } $task = strtolower(JRequest::getCmd('task')); $user =& JFactory::getUser(); if ($back_end && $option == 'com_cbcontact' && $task == '') { $this->_syncCBContact(); } if ($user->get('gid') == 25) { return; } $db =& JFactory::getDBO(); require_once JPATH_SITE . '/administrator/components/com_community_acl/community_acl.class.php'; require_once JPATH_SITE . '/administrator/components/com_community_acl/community_acl.functions.php'; $config = new CACL_config($db); $config->load(); if ($back_end) { $redirect_url = $config->admin_redirect_url; } else { $redirect_url = $config->redirect_url; } //check to not go in redirect loop if ($_SERVER['REQUEST_METHOD'] != 'POST') { if (!$back_end && $_SERVER['REQUEST_URI'] == '/' || $_SERVER['REQUEST_URI'] == '/index.php' || $_SERVER['REQUEST_URI'] == '/' . $redirect_url || substr_replace(JURI::root(), '', -1, 1) . $_SERVER['REQUEST_URI'] == $redirect_url) { return; } if ($back_end && $_SERVER['REQUEST_URI'] == '/administrator/' || $_SERVER['REQUEST_URI'] == '/administrator/index.php' || $_SERVER['REQUEST_URI'] == $redirect_url || $_SERVER['REQUEST_URI'] == '/administrator/' . $redirect_url || substr_replace(JURI::root(), '', -1, 1) . $_SERVER['REQUEST_URI'] == $redirect_url) { return; } } $user_access = cacl_get_user_access($config); $groups = $user_access['groups']; $roles = $user_access['roles']; $functions = $user_access['functions']; $id = intval(JRequest::getInt('id')); if (!isset($_REQUEST['id']) || $_REQUEST['id'] == '') { $id = -1; } $cid = JRequest::getVar('cid', array(-1), '', 'array'); JArrayHelper::toInteger($cid, array(-1)); if ($id == -1 && isset($_REQUEST['cid'][0]) && $_REQUEST['cid'][0] != '') { $id = $cid[0]; } $view = strtolower(JRequest::getCmd('view')); $layout = strtolower(JRequest::getCmd('layout')); if ($back_end) { $option = strtolower(JRequest::getVar('option', '', 'default', 'cmd')); } else { $option = strtolower(JRequest::getVar('option', 'com_content', 'default', 'cmd')); } $task = strtolower(JRequest::getCmd('task')); $catid = -1; $sectionid = -1; if ($back_end && $option == 'com_content' || !$back_end && $option == 'com_content' && $view == 'article' && $id > 0) { if ($id > 0) { $cid[] = $id; $query = "SELECT `catid`, `sectionid` FROM `#__content` WHERE `id` IN ('" . implode("','", $cid) . "')"; $db->setQuery($query); $tmp = $db->loadAssoc(); $catid = $tmp['catid']; $sectionid = $tmp['sectionid']; } } elseif ($back_end && $option == 'com_categories' || !$back_end && $option == 'com_content' && $view == 'category' && $id > 0) { if ($id > 0) { $cid[] = $id; $query = "SELECT `section` FROM `#__categories` WHERE `id` IN ('" . implode("','", $cid) . "')"; $db->setQuery($query); $sectionid = $db->loadResult(); $catid = $id; } } elseif (!$back_end && $option == 'com_content' && $view == 'section' && $id > 0) { $sectionid = $id; } $catid_r = intval(JRequest::getInt('catid')); if (!isset($_REQUEST['catid'])) { $catid_r = -1; } $sectionid_r = intval(JRequest::getInt('sectionid')); if (!isset($_REQUEST['sectionid'])) { $sectionid_r = -1; } $lang =& JFactory::getLanguage(); $lang->load('plg_system_community_acl'); if (!$back_end && ($task == 'save' || $task == 'apply') && $option == 'com_content' && $id == '0') { $this->_emailPublisher($sectionid_r, $catid_r, $config->default_action); } //no groups/roles/functions for user if (!(count($groups) > 1 && count($roles) > 1)) { return; } if ($back_end && $option == 'com_login' && ($task == 'login' || $task == 'logout')) { return; } if ($option == 'com_sections' || $option == 'com_categories' || $option == 'com_content') { $query = "SELECT * FROM `#__community_acl_access` WHERE `option` IN ('menu', 'com_sections', 'com_categories', 'com_content' ) AND " . ($back_end ? ' `isbackend` = 1 ' : ' `isfrontend` = 1 ') . " AND ( `group_id` IN ( '" . implode("','", $groups) . "') OR `role_id` IN ( '" . implode("','", $roles) . "') )"; } else { $query = "SELECT * FROM `#__community_acl_access` WHERE `option` IN ( 'menu', '{$option}') AND " . ($back_end ? ' `isbackend` = 1 ' : ' `isfrontend` = 1 ') . " AND ( `group_id` IN ( '" . implode("','", $groups) . "') OR `role_id` IN ( '" . implode("','", $roles) . "') )"; } $db->setQuery($query); $access = $db->loadObjectList(); $froles = array(); $fgroups = array(); if (is_array($access) && count($access) > 0) { foreach ($access as $item) { //forbidden components //echo $item->name .', $option = '.$option. ' $item->role_id=' .$item->role_id; die(); if ($item->name == '###' && $option == $item->option && ($option != 'com_content' && !($option == 'com_login' && $task == 'logout'))) { if ($item->role_id == '0') { $fgroups[] = $item->group_id; } else { $froles[] = $item->role_id; } } elseif ($item->name == '###' && $item->option == 'menu') { if (check_menu($item->value, $_REQUEST)) { if ($config->default_action == 'allow') { //$_SESSION['cacl_redirect_url'] = $_SERVER['REQUEST_URI']; //$mainframe->redirect( $redirect_url, JText::_( 'ALERTNOTAUTH' )); } } } elseif ($item->name != '###') { //forbidden content, sections, categiries if ($back_end) { if ($option == 'com_content' && ($id == $item->value || in_array($item->value, $cid))) { if ($item->role_id == '0') { $fgroups[] = $item->group_id; } else { $froles[] = $item->role_id; } } elseif ($option == 'com_content' && ($item->option == 'com_sections' && $sectionid == $item->value || $item->option == 'com_categories' && $catid == $item->value)) { if ($item->role_id == '0') { $fgroups[] = $item->group_id; } else { $froles[] = $item->role_id; } } elseif ($option == 'com_sections' && ($id == $item->value || in_array($item->value, $cid))) { if ($item->role_id == '0') { $fgroups[] = $item->group_id; } else { $froles[] = $item->role_id; } } elseif ($option == 'com_categories' && ($id == $item->value || in_array($item->value, $cid))) { if ($item->role_id == '0') { $fgroups[] = $item->group_id; } else { $froles[] = $item->role_id; } } if ($option == 'com_content' && $id == -1) { if ($item->role_id == '0') { $fgroups[] = $item->group_id; } else { $froles[] = $item->role_id; } } if ($option == 'com_categories' && $id == -1) { if ($item->role_id == '0') { $fgroups[] = $item->group_id; } else { $froles[] = $item->role_id; } } if ($option == 'com_sections' && $id == -1) { if ($item->role_id == '0') { $fgroups[] = $item->group_id; } else { $froles[] = $item->role_id; } } if ($option == 'com_menus' && $id == -1) { if ($item->role_id == '0') { $fgroups[] = $item->group_id; } else { $froles[] = $item->role_id; } } } else { if ($option == 'com_content' && $view == 'section' && $item->option == 'com_sections' && $id == $item->value) { if ($item->role_id == '0') { $fgroups[] = $item->group_id; } else { $froles[] = $item->role_id; } } if ($option == 'com_content' && $view == 'category' && $item->option == 'com_categories' && $id == $item->value) { if ($item->role_id == '0') { $fgroups[] = $item->group_id; } else { $froles[] = $item->role_id; } } if ($option == 'com_content' && $view == 'article' && $item->option == 'com_content' && $id == $item->value) { if ($item->role_id == '0') { $fgroups[] = $item->group_id; } else { $froles[] = $item->role_id; } } if ($option == 'com_content' && $view == 'category' && $item->option == 'com_sections' && $sectionid == $item->value) { if ($item->role_id == '0') { $fgroups[] = $item->group_id; } else { $froles[] = $item->role_id; } } if ($option == 'com_content' && $view == 'article' && ($item->option == 'com_sections' && $sectionid == $item->value || $item->option == 'com_categories' && $catid == $item->value)) { if ($item->role_id == '0') { $fgroups[] = $item->group_id; } else { $froles[] = $item->role_id; } } if ($option == 'com_content' && $task == 'edit' && ($id == $item->value || in_array($item->value, $cid))) { if ($item->role_id == '0') { $fgroups[] = $item->group_id; } else { $froles[] = $item->role_id; } } if ($option == 'com_content' && $task == 'new' && ($item->option == 'com_sections' && $sectionid_r == $item->value)) { if ($item->role_id == '0') { $fgroups[] = $item->group_id; } else { $froles[] = $item->role_id; } } if ($option == 'com_content' && $task == 'save' && ($item->option == 'com_sections' && $sectionid_r == $item->value) || $item->option == 'com_categories' && $catid_r == $item->value) { if ($item->role_id == '0') { $fgroups[] = $item->group_id; } else { $froles[] = $item->role_id; } } if ($option == 'com_content' && $view == 'article' && $layout == 'form' && $id == -1 && $config->default_action != 'allow') { if ($item->role_id == '0') { $fgroups[] = $item->group_id; } else { $froles[] = $item->role_id; } } if ($option == 'com_content' && $view == 'frontpage' && $id == -1 && $config->default_action != 'allow') { if ($item->role_id == '0') { $fgroups[] = $item->group_id; } else { $froles[] = $item->role_id; } } } } } } $rows = $groups; $rls = $roles; if ($config->default_action == 'allow') { if (is_array($rows) && count($rows) > 0) { foreach ($rows as $i => $group) { $ind = array_search($group, $groups); if (in_array($group, $fgroups) && $ind !== false) { unset($groups[$ind]); unset($roles[$ind]); unset($functions[$ind]); } $ind = array_search($rls[$i], $roles); if (in_array($rls[$i], $froles) && $ind !== false) { unset($groups[$ind]); unset($roles[$ind]); unset($functions[$ind]); } } } if (!(count($groups) > 1 && count($roles) > 1)) { //Kobby corrected the redirect issue right here. $_SESSION['cacl_redirect_url'] = $_SERVER['REQUEST_URI']; //$mainframe->redirect( $redirect_url, JText::_( 'ALERTNOTAUTH' )); /* * / if(!isset($_REQUEST['load'])) $mainframe->redirect( $redirect_url.'?load=once', JText::_( 'ALERTNOTAUTH' )); /* */ } } else { if (is_array($rows) && count($rows) > 0) { foreach ($rows as $i => $group) { $ind = array_search($group, $groups); if (!in_array($group, $fgroups) && $ind !== false) { $groups[$ind] = -1; if (!in_array($roles[$ind], $froles)) { $roles[$ind] = -1; $functions[$ind] = -1; } } $ind = array_search($rls[$i], $roles); if (!in_array($rls[$i], $froles) && $ind !== false) { $roles[$ind] = -1; if (!in_array($groups[$ind], $fgroups)) { $groups[$ind] = -1; $functions[$ind] = -1; } } } } $groups = array_unique($groups); $roles = array_unique($roles); $functions = array_unique($functions); if (count($groups) == 1 && count($roles) == 1) { //$_SESSION['cacl_redirect_url'] = $_SERVER['REQUEST_URI']; //$mainframe->redirect( $redirect_url, JText::_( 'ALERTNOTAUTH' )); } } $query = "SELECT COUNT(*) FROM `#__community_acl_content_actions` WHERE `func_id` IN ( '" . implode("','", $functions) . "') "; $db->setQuery($query); $count = (int) $db->loadResult(); $content_all = 0; if ($option == 'com_content') { $query = "SELECT COUNT(*) FROM `#__community_acl_function_access` WHERE `option` = 'com_content' AND `name` = '#any_key#' AND `value` = '#any_value#' AND " . ($back_end ? ' `isbackend` = 1 ' : ' `isfrontend` = 1 ') . " AND `func_id` IN ( '" . implode("','", $functions) . "')"; $db->setQuery($query); $content_all = (int) $db->loadResult(); $count = $count && !$content_all; } if ($count && ($task == '' || $task == 'save' || $task == 'apply' || $task == 'new' || $task == 'add' || $task == 'remove' || $task == 'copyselect' || $task == 'moveselect' || $task == 'edit' || $task == 'publish' || $task == 'unpublish' || $task == 'copy' || $task == 'movesect' || $task == 'archive' || $task == 'unarchive')) { $acl =& JFactory::getACL(); $publish_array = array('com_content', 'publish', 'users', strtolower($user->get('usertype')), 'content', 'all', NULL); $publish_index = array_search($publish_array, $acl->acl); $edit_array = array('com_content', 'edit', 'users', strtolower($user->get('usertype')), 'content', 'all', NULL); $edit_index = array_search($edit_array, $acl->acl); if ($option == 'com_sections' && ($sectionid > -1 || $sectionid_r > -1)) { $query = "SELECT * FROM `#__community_acl_content_actions` WHERE `item_type` = 'section' AND `func_id` IN ( '" . implode("','", $functions) . "') "; $db->setQuery($query); $function_access = $db->loadObjectList(); $bingo = false; $bingo_publish = false; if (is_array($function_access) && count($function_access) > 0) { foreach ($function_access as $item) { if (($task == 'add' || $task == 'remove' || $task == 'copyselect') && $item->action == 'add' && ($id == $item->item_id || in_array($item->item_id, $cid))) { $bingo = true; } if ($task == 'new' && $item->action == 'add' && $sectionid_r == $item->item_id) { $bingo = true; } if ($task == 'edit' && $item->action == 'edit' && ($id == $item->item_id || in_array($item->item_id, $cid))) { $bingo = true; } if (($task == 'publish' || $task == 'unpublish') && $item->action == 'publish' && ($id == $item->item_id || in_array($item->item_id, $cid))) { $bingo = true; } if ($task == 'edit' && $item->action == 'publish' && ($id == $item->item_id || in_array($item->item_id, $cid))) { $bingo_publish = true; } } } if ($bingo_publish) { if ($config->default_action == 'allow') { unset($acl->acl[$publish_index]); $acl->acl_count--; } } elseif ($config->default_action == 'deny') { unset($acl->acl[$publish_index]); $acl->acl_count--; } if ($bingo) { if ($config->default_action == 'allow') { //$_SESSION['cacl_redirect_url'] = $_SERVER['REQUEST_URI']; //$mainframe->redirect( $redirect_url,JText::_( 'ALERTNOTAUTH' )); } } elseif ($config->default_action == 'deny') { //$_SESSION['cacl_redirect_url'] = $_SERVER['REQUEST_URI']; //$mainframe->redirect( $redirect_url,JText::_( 'ALERTNOTAUTH' )); } } if ($option == 'com_categories' && ($catid > -1 || $catid_r > -1)) { $query = "SELECT * FROM `#__community_acl_content_actions` WHERE `item_type` IN ('section', 'category') AND `func_id` IN ( '" . implode("','", $functions) . "') "; $db->setQuery($query); $function_access = $db->loadObjectList(); $bingo = false; $bingo_publish = false; //echo "$sectionid, $sectionid_r, $catid, $catid_r";die; if (is_array($function_access) && count($function_access) > 0) { foreach ($function_access as $item) { if ($item->item_type == 'section') { if (($task == 'add' || $task == 'remove' || $task == 'copyselect' || $task == 'moveselect') && $item->action == 'add' && $sectionid == $item->item_id) { $bingo = true; } if ($task == 'new' && $item->action == 'add' && $sectionid_r == $item->item_id) { $bingo = true; } if ($task == 'edit' && $item->action == 'edit' && $sectionid == $item->item_id) { $bingo = true; } if (($task == 'publish' || $task == 'unpublish') && $item->action == 'publish' && $sectionid == $item->item_id) { $bingo = true; } if ($task == 'edit' && $item->action == 'publish' && $sectionid == $item->item_id) { $bingo_publish = true; } } if ($item->item_type == 'category') { if (($task == 'add' || $task == 'remove' || $task == 'copyselect' || $task == 'moveselect') && $item->action == 'add' && ($id == $item->item_id || in_array($item->item_id, $cid))) { $bingo = true; } if ($task == 'new' && $item->action == 'add' && $catid_r == $item->item_id) { $bingo = true; } if ($task == 'edit' && $item->action == 'edit' && ($id == $item->item_id || in_array($item->item_id, $cid))) { $bingo = true; } if (($task == 'publish' || $task == 'unpublish') && $item->action == 'publish' && ($id == $item->item_id || in_array($item->item_id, $cid))) { $bingo = true; } if ($task == 'edit' && $item->action == 'publish' && ($id == $item->item_id || in_array($item->item_id, $cid))) { $bingo_publish = true; } } } } if ($bingo_publish) { if ($config->default_action == 'allow') { unset($acl->acl[$publish_index]); $acl->acl_count--; } } elseif ($config->default_action == 'deny') { unset($acl->acl[$publish_index]); $acl->acl_count--; } if ($bingo) { if ($config->default_action == 'allow') { $_SESSION['cacl_redirect_url'] = $_SERVER['REQUEST_URI']; $mainframe->redirect($redirect_url, JText::_('ALERTNOTAUTH')); } } elseif ($config->default_action == 'deny') { $_SESSION['cacl_redirect_url'] = $_SERVER['REQUEST_URI']; $mainframe->redirect($redirect_url, JText::_('ALERTNOTAUTH')); } } if ($option == 'com_content') { $query = "SELECT * FROM `#__community_acl_content_actions` WHERE `item_type` IN ('section', 'category', 'content') AND `func_id` IN ( '" . implode("','", $functions) . "') "; $db->setQuery($query); $function_access = $db->loadObjectList(); $bingo = false; $bingo_edit = false; $bingo_publish = false; if (is_array($function_access) && count($function_access) > 0) { foreach ($function_access as $item) { if ($item->item_type == 'section') { if (($task == 'add' || $task == 'remove' || $task == 'copyselect' || $task == 'moveselect') && $item->action == 'add' && $sectionid == $item->item_id) { $bingo = true; } if (($task == 'new' || $task == 'add' || $view == 'article' && $layout == 'form') && $item->action == 'add') { //only in deny mode if ($config->default_action == 'deny') { $bingo = true; $bingo_edit = true; } } if (($task == 'save' || $task == 'apply') && ($item->action == 'add' || $item->action == 'edit') && $sectionid_r == $item->item_id) { # - Kobby enhancement - Exception Catch : User is denied access to edit or publish but can add if ($item_type != 'add') { $bingo = false; } else { $bingo = true; } $bingo_edit = true; $bingo_publish = true; } if ($task == '' && $item->action == 'edit' && $sectionid == $item->item_id) { $bingo_edit = true; } if ($task == 'edit' && $item->action == 'edit' && $sectionid == $item->item_id) { $bingo_edit = true; $bingo = true; } if (($task == 'publish' || $task == 'unpublish') && $item->action == 'publish' && $sectionid == $item->item_id) { $bingo = true; } if (($task == 'edit' || $task == '') && $item->action == 'publish' && $sectionid == $item->item_id) { $bingo_publish = true; } } elseif ($item->item_type == 'category') { if (($task == 'new' || $task == 'add' || $task == 'remove' || $task == 'copyselect' || $task == 'moveselect') && $item->action == 'add' && $catid == $item->item_id) { $bingo = true; } if (($task == 'new' || $task == 'add' || $view == 'article' && $layout == 'form') && $item->action == 'add') { //only in deny mode if ($config->default_action == 'deny') { $bingo = true; $bingo_edit = true; } } if (($task == 'save' || $task == 'apply') && ($item->action == 'add' || $item->action == 'edit') && $catid_r == $item->item_id) { $bingo = true; $bingo_edit = true; $bingo_publish = true; } if ($task == '' && $item->action == 'edit' && $catid == $item->item_id) { $bingo_edit = true; } if ($task == 'edit' && $item->action == 'edit' && $catid == $item->item_id) { $bingo = true; $bingo_edit = true; } if (($task == 'publish' || $task == 'unpublish') && $item->action == 'publish' && $catid == $item->item_id) { $bingo = true; } if (($task == 'edit' || $task == '') && $item->action == 'publish' && $catid == $item->item_id) { $bingo_publish = true; } } elseif ($item->item_type == 'content') { if (($task == 'edit' || $task == 'archive' || $task == 'unarchive') && $item->action == 'edit' && ($id == $item->item_id || in_array($item->item_id, $cid))) { $bingo = true; } if (($task == 'publish' || $task == 'unpublish') && $item->action == 'publish' && ($id == $item->item_id || in_array($item->item_id, $cid))) { $bingo = true; } if ($task == 'edit' && $item->action == 'publish' && ($id == $item->item_id || in_array($item->item_id, $cid))) { $bingo_publish = true; } } } } # - Kobby needs to fix this bug for the Edit/Pub if ($bingo_edit && $publish_index == 0) { if ($config->default_action == 'allow') { unset($acl->acl[$edit_index]); $acl->acl_count--; } } elseif ($config->default_action == 'deny' && $publish_index == 0) { unset($acl->acl[$edit_index]); $acl->acl_count--; //die('bingo_edit'); } if ($bingo_publish) { if ($config->default_action == 'allow' && $publish_index == 0) { unset($acl->acl[$publish_index]); $acl->acl_count--; } } elseif ($config->default_action == 'deny' && $publish_index == 0) { unset($acl->acl[$publish_index]); $acl->acl_count--; //die('bingo_publish'); } if ($bingo) { if ($config->default_action == 'allow') { $_SESSION['cacl_redirect_url'] = $_SERVER['REQUEST_URI']; $mainframe->redirect($redirect_url, JText::_('ALERTNOTAUTH')); } } elseif ($config->default_action == 'deny' && ($task != '' || $view == 'article' && $layout == 'form')) { $_SESSION['cacl_redirect_url'] = $_SERVER['REQUEST_URI']; $mainframe->redirect($redirect_url, JText::_('ALERTNOTAUTH')); } } } elseif ($config->default_action == 'deny') { if (!$content_all) { $acl =& JFactory::getACL(); $publish_array = array('com_content', 'publish', 'users', strtolower($user->get('usertype')), 'content', 'all', NULL); $publish_index = array_search($publish_array, $acl->acl); $edit_array = array('com_content', 'edit', 'users', strtolower($user->get('usertype')), 'content', 'all', NULL); $edit_index = array_search($edit_array, $acl->acl); unset($acl->acl[$publish_index]); $acl->acl_count--; unset($acl->acl[$edit_index]); $acl->acl_count--; if ($task == 'save' || $task == 'apply' || $task == 'new' || $task == 'add' || $task == 'remove' || $task == 'copyselect' || $task == 'moveselect' || $task == 'edit' || $task == 'publish' || $task == 'unpublish' || $task == 'copy' || $task == 'movesect' || $task == 'archive' || $task == 'unarchive' || $view == 'article' && $layout == 'form') { $_SESSION['cacl_redirect_url'] = $_SERVER['REQUEST_URI']; $mainframe->redirect($redirect_url, JText::_('ALERTNOTAUTH')); } } } $query = "SELECT * FROM `#__community_acl_function_access` WHERE `option` = '{$option}' AND " . ($back_end ? ' `isbackend` = 1 ' : ' `isfrontend` = 1 ') . " AND `func_id` IN ( '" . implode("','", $functions) . "') AND `name` <> 'option' ORDER BY `grouping`"; $db->setQuery($query); $function_access = $db->loadObjectList(); // (isset($_REQUEST['searchword']) || isset($_REQUEST['action']) || isset($_REQUEST['view']) || isset($_REQUEST['task']) || isset($_REQUEST['id']) || isset($_REQUEST['cid']) || isset($_REQUEST['mode'])) && if (is_array($function_access) && count($function_access) > 0) { $query = "SELECT `grouping` FROM `#__community_acl_function_access` WHERE `option` = '{$option}' AND " . ($back_end ? ' `isbackend` = 1 ' : ' `isfrontend` = 1 ') . " AND `func_id` IN ( '" . implode("','", $functions) . "') AND `name` <> 'option' GROUP BY `grouping` ORDER BY `grouping`"; $db->setQuery($query); $groupings = $db->loadObjectList(); $allow_pass = false; if (is_array($groupings) && count($groupings) > 0) { foreach ($groupings as $g) { $allow_pass = false; if (is_array($function_access) && count($function_access) > 0) { foreach ($function_access as $item) { if ($item->grouping != $g->grouping) { continue; } if ($item->name == '#any_key#') { $allow_pass = false; continue; } if (!isset($_REQUEST[$item->name]) && $config->default_action == 'allow') { $allow_pass = true; continue; } if (!isset($_REQUEST[$item->name]) && $config->default_action == 'deny') { continue; } if ($item->name == 'id') { if (((int) $_REQUEST[$item->name] != $item->value && $item->value && $item->extra != '1' || (int) $_REQUEST[$item->name] == $item->value && $item->extra == '1') && $item->value != '#any_value#') { //echo 1;die; $allow_pass = true; continue; } } elseif (is_array($_REQUEST[$item->name])) { if ((!in_array($item->value, $_REQUEST[$item->name]) && $item->value && $item->extra != '1' || in_array($item->value, $_REQUEST[$item->name]) && $item->extra == '1') && $item->value != '#any_value#') { //echo 2;die; $allow_pass = true; continue; } } else { if (($_REQUEST[$item->name] != $item->value && $item->value && $item->extra != '1' || $_REQUEST[$item->name] == $item->value && $item->extra == '1') && $item->value != '#any_value#') { //echo 3;die; $allow_pass = true; continue; } } } } if ($config->default_action == 'allow') { if (!$allow_pass) { $_SESSION['cacl_redirect_url'] = $_SERVER['REQUEST_URI']; $mainframe->redirect($redirect_url, JText::_('ALERTNOTAUTH')); } } else { if (!$allow_pass) { return; } } } } } else { return; } if ($config->default_action == 'deny') { $_SESSION['cacl_redirect_url'] = $_SERVER['REQUEST_URI']; $mainframe->redirect($redirect_url, JText::_('ALERTNOTAUTH')); } }