/**
* Method override to check if you can edit an existing record.
*
* @param array $data An array of input data.
* @param string $key The name of the key for the primary key.
*
* @return boolean
*
* @since 1.6
*/
protected function allowEdit($data = array(), $key = 'id')
{
// get user object.
$user = JFactory::getUser();
// get record id.
$recordId = (int) isset($data[$key]) ? $data[$key] : 0;
if (!$user->authorise('core.options', 'com_costbenefitprojection')) {
// make absolutely sure that this health data can be edited
$is = CostbenefitprojectionHelper::userIs($user->id);
$countries = CostbenefitprojectionHelper::hisCountries($user->id);
$country = CostbenefitprojectionHelper::getId('health_data', $recordId, 'id', 'country');
if (3 != $is || !CostbenefitprojectionHelper::checkArray($countries) || !in_array($country, $countries)) {
return false;
}
}
// Access check.
$access = $user->authorise('health_data.access', 'com_costbenefitprojection.health_data.' . (int) $recordId) && $user->authorise('health_data.access', 'com_costbenefitprojection');
if (!$access) {
return false;
}
if ($recordId) {
// The record has been set. Check the record permissions.
$permission = $user->authorise('health_data.edit', 'com_costbenefitprojection.health_data.' . (int) $recordId);
if (!$permission && !is_null($permission)) {
if ($user->authorise('health_data.edit.own', 'com_costbenefitprojection.health_data.' . $recordId)) {
// Now test the owner is the user.
$ownerId = (int) isset($data['created_by']) ? $data['created_by'] : 0;
if (empty($ownerId)) {
// Need to do a lookup from the model.
$record = $this->getModel()->getItem($recordId);
if (empty($record)) {
return false;
}
$ownerId = $record->created_by;
}
// If the owner matches 'me' then allow.
if ($ownerId == $user->id) {
if ($user->authorise('health_data.edit.own', 'com_costbenefitprojection')) {
return true;
}
}
}
return false;
}
}
// Since there is no permission, revert to the component permissions.
return $user->authorise('health_data.edit', $this->option);
}
/**
* Batch move items to a new category
*
* @param integer $value The new category ID.
* @param array $pks An array of row IDs.
* @param array $contexts An array of item contexts.
*
* @return boolean True if successful, false otherwise and internal error is set.
*
* @since 12.2
*/
protected function batchMove($values, $pks, $contexts)
{
if (empty($this->batchSet)) {
// Set some needed variables.
$this->user = JFactory::getUser();
$this->table = $this->getTable();
$this->tableClassName = get_class($this->table);
$this->contentType = new JUcmType();
$this->type = $this->contentType->getTypeByTable($this->tableClassName);
$this->canDo = CostbenefitprojectionHelper::getActions('country');
}
if (!$this->canDo->get('country.edit') && !$this->canDo->get('country.batch')) {
$this->setError(JText::_('JLIB_APPLICATION_ERROR_BATCH_CANNOT_EDIT'));
return false;
}
if (!$this->user->authorise('core.options', 'com_costbenefitprojection')) {
// make absolutely sure that this country can be moved
$is = CostbenefitprojectionHelper::userIs($user->id);
$countries = CostbenefitprojectionHelper::hisCountries($this->user->id);
if (3 == $is && CostbenefitprojectionHelper::checkArray($countries)) {
foreach ($pks as $nr => $pk) {
if (!in_array($pk, $countries)) {
unset($pks[$nr]);
}
}
if (empty($pks)) {
$this->setError(JText::sprintf('JLIB_APPLICATION_ERROR_BATCH_MOVE_ROW_NOT_FOUND', 0));
return false;
}
} else {
$this->setError(JText::sprintf('JLIB_APPLICATION_ERROR_BATCH_MOVE_ROW_NOT_FOUND', 0));
return false;
}
}
// make sure published only updates if user has the permission.
if (isset($values['published']) && !$this->canDo->get('country.edit.state')) {
unset($values['published']);
}
// remove move_copy from array
unset($values['move_copy']);
// Parent exists so we proceed
foreach ($pks as $pk) {
if (!$this->user->authorise('country.edit', $contexts[$pk])) {
$this->setError(JText::_('JLIB_APPLICATION_ERROR_BATCH_CANNOT_EDIT'));
return false;
}
// Check that the row actually exists
if (!$this->table->load($pk)) {
if ($error = $this->table->getError()) {
// Fatal error
$this->setError($error);
return false;
} else {
// Not fatal error
$this->setError(JText::sprintf('JLIB_APPLICATION_ERROR_BATCH_MOVE_ROW_NOT_FOUND', $pk));
continue;
}
}
// insert all set values.
if (CostbenefitprojectionHelper::checkArray($values)) {
foreach ($values as $key => $value) {
// Do special action for access.
if ('access' == $key && strlen($value) > 0) {
$this->table->{$key} = $value;
} elseif (strlen($value) > 0 && isset($this->table->{$key})) {
$this->table->{$key} = $value;
}
}
}
// Check the row.
if (!$this->table->check()) {
$this->setError($this->table->getError());
return false;
}
if (!empty($this->type)) {
$this->createTagsHelper($this->tagsObserver, $this->type, $pk, $this->typeAlias, $this->table);
}
// Store the row.
if (!$this->table->store()) {
$this->setError($this->table->getError());
return false;
}
}
// Clean the cache
$this->cleanCache();
return true;
}
/**
* Method to get a list of options for a list input.
*
* @return array An array of JHtml options.
*/
public function getOptions()
{
// get the input from url
$jinput = JFactory::getApplication()->input;
// get the view name & id
$interId = $jinput->getInt('id', 0);
// Get the user object.
$user = JFactory::getUser();
$userIs = CostbenefitprojectionHelper::userIs($user->id);
$db = JFactory::getDBO();
$query = $db->getQuery(true);
$query->select($db->quoteName(array('a.id', 'a.name', 'a.company', 'a.share'), array('id', 'interventions_name', 'company', 'share')));
$query->from($db->quoteName('#__costbenefitprojection_intervention', 'a'));
$query->where($db->quoteName('a.published') . ' = 1');
$query->where($db->quoteName('a.id') . ' != ' . $interId);
if (!$user->authorise('core.admin')) {
$companies = CostbenefitprojectionHelper::hisCompanies($user->id);
if (CostbenefitprojectionHelper::checkArray($companies)) {
$companies = implode(',', $companies);
// only load this users companies
$query->where('a.company IN (' . $companies . ')');
} else {
// dont allow user to see any companies
$query->where('a.company = -4');
}
}
$query->order('a.name ASC');
$db->setQuery((string) $query);
$items = $db->loadObjectList();
$options = array();
if ($items) {
foreach ($items as $item) {
if (!CostbenefitprojectionHelper::checkIntervetionAccess($item->id, $item->share, $item->company)) {
continue;
}
if (1 == $userIs) {
$options[] = JHtml::_('select.option', $item->id, $item->interventions_name);
} else {
$compName = CostbenefitprojectionHelper::getId('company', $item->company, 'id', 'name');
$options[] = JHtml::_('select.option', $item->id, $item->interventions_name . ' (' . $compName . ')');
}
}
}
return $options;
}
/**
* Function that allows child controller access to model data
* after the data has been saved.
*
* @param JModel &$model The data model object.
* @param array $validData The validated data.
*
* @return void
*
* @since 11.1
*/
protected function postSaveHook(JModelLegacy $model, $validData = array())
{
if ($validData['id'] >= 0) {
// get user object
$user = JFactory::getUser();
// if id is 0 get id
if (0 >= (int) $validData['id']) {
// Get the created by id
$created_by = isset($validData['created_by']) && $validData['created_by'] > 0 ? $validData['created_by'] : $user->id;
// Get a db connection.
$db = JFactory::getDbo();
// Create a new query object.
$query = $db->getQuery(true);
// Select id of this company
$query->select($db->quoteName(array('id')));
$query->from($db->quoteName('#__costbenefitprojection_company'));
$query->where($db->quoteName('name') . ' = ' . $db->quote($validData['name']));
$query->where($db->quoteName('email') . ' = ' . $db->quote($validData['email']));
$query->where($db->quoteName('country') . ' = ' . (int) $validData['country']);
$query->where($db->quoteName('service_provider') . ' = ' . (int) $validData['service_provider']);
$query->where($db->quoteName('created_by') . ' = ' . (int) $created_by);
if (isset($validData['created'])) {
$query->where($db->quoteName('created') . ' = ' . $db->quote($validData['created']));
}
$db->setQuery($query);
$db->execute();
if ($db->getNumRows()) {
$validData['id'] = $db->loadResult();
} else {
return;
}
}
// user setup if not set
if (0 >= (int) $validData['user'] && (int) $validData['id'] > 0) {
$userIs = CostbenefitprojectionHelper::userIs($user->id);
if (1 == $userIs) {
// this is a company so just use its id
$userId = $user->id;
// add this user id to this company
$validData['user'] = $userId;
$model->save($validData);
} else {
// setup config array
$newUser = array('name' => $validData['name'], 'email' => $validData['email']);
$userId = CostbenefitprojectionHelper::createUser($newUser);
if (!is_int($userId)) {
$this->setMessage($userId, 'error');
} else {
// add this user id to this company
$validData['user'] = $userId;
$model->save($validData);
}
}
}
// only continue if we have a company id
if ((int) $validData['id'] > 0) {
// get params
$params = JComponentHelper::getParams('com_costbenefitprojection');
// get all this users companies
$hisCompanies = CostbenefitprojectionHelper::hisCompanies($validData['user']);
if (CostbenefitprojectionHelper::checkArray($hisCompanies)) {
// set the user group based on the overall status of its companies
$departments = CostbenefitprojectionHelper::getVars('company', $hisCompanies, 'id', 'department');
if (in_array(2, $departments)) {
$memberGroups = $params->get('advancedmembergroup');
} else {
$memberGroups = $params->get('memberbasicgroup');
}
} else {
// first company so act simply on this company department status
if (2 == $validData['department']) {
$memberGroups = $params->get('advancedmembergroup');
} else {
$memberGroups = $params->get('memberbasicgroup');
}
}
// update the user groups
JUserHelper::setUserGroups((int) $validData['user'], (array) $memberGroups);
// Get a db connection.
$db = JFactory::getDbo();
// Create a new query object.
$query = $db->getQuery(true);
// Select all records in scaling factors the belong to this company
$query->select($db->quoteName(array('id', 'causerisk', 'published')));
$query->from($db->quoteName('#__costbenefitprojection_scaling_factor'));
$query->where($db->quoteName('company') . ' = ' . (int) $validData['id']);
$db->setQuery($query);
$db->execute();
if ($db->getNumRows()) {
// load the scaling factors already set
$already = $db->loadObjectList();
$publish = array();
$archive = array();
$bucket = array();
foreach ($already as $scale) {
if (CostbenefitprojectionHelper::checkArray($validData['causesrisks'])) {
if (in_array($scale->causerisk, $validData['causesrisks']) && $scale->published != 1) {
// publish the scaling factor (update)
$publish[$scale->id] = $scale->id;
} elseif (!in_array($scale->causerisk, $validData['causesrisks'])) {
// archive the scaling factor (update)
$archive[$scale->id] = $scale->id;
}
$bucket[] = $scale->causerisk;
} else {
// archive the scaling factor (update)
$archive[$scale->id] = $scale->id;
}
}
// update the needed records
$types = array('publish' => 1, 'archive' => 2);
foreach ($types as $type => $int) {
if (CostbenefitprojectionHelper::checkArray(${$type})) {
foreach (${$type} as $id) {
$query = $db->getQuery(true);
// Fields to update.
$fields = array($db->quoteName('published') . ' = ' . (int) $int);
// Conditions for which records should be updated.
$conditions = array($db->quoteName('id') . ' = ' . (int) $id);
$query->update($db->quoteName('#__costbenefitprojection_scaling_factor'))->set($fields)->where($conditions);
$db->setQuery($query);
$db->execute();
}
}
}
}
if (CostbenefitprojectionHelper::checkArray($validData['causesrisks'])) {
// remove those already set from the saved list of causesrisks
if (CostbenefitprojectionHelper::checkArray($bucket)) {
$insert = array();
foreach ($validData['causesrisks'] as $causerisk) {
if (!in_array($causerisk, $bucket)) {
$insert[] = $causerisk;
}
}
} else {
$insert = $validData['causesrisks'];
}
}
// insert the new records
if (CostbenefitprojectionHelper::checkArray($insert)) {
$created = $db->quote(JFactory::getDate()->toSql());
$created_by = JFactory::getUser()->get('id');
$company = $validData['id'];
// Create a new query object.
$query = $db->getQuery(true);
// Insert columns.
$columns = array('causerisk', 'company', 'mortality_scaling_factor_females', 'mortality_scaling_factor_males', 'presenteeism_scaling_factor_females', 'presenteeism_scaling_factor_males', 'yld_scaling_factor_females', 'yld_scaling_factor_males', 'published', 'created_by', 'created');
// setup the values
$values = array();
foreach ($insert as $new) {
$array = array($new, $company, 1, 1, 1, 1, 1, 1, 1, $created_by, $created);
$values[] = implode(',', $array);
}
// Prepare the insert query.
$query->insert($db->quoteName('#__costbenefitprojection_scaling_factor'))->columns($db->quoteName($columns))->values(implode('), (', $values));
// Set the query using our newly populated query object and execute it.
$db->setQuery($query);
$done = $db->execute();
if ($done) {
// we must set the assets
foreach ($insert as $causerisk) {
// get all the ids. Create a new query object.
$query = $db->getQuery(true);
$query->select($db->quoteName(array('id')));
$query->from($db->quoteName('#__costbenefitprojection_scaling_factor'));
$query->where($db->quoteName('causerisk') . ' = ' . (int) $causerisk);
$query->where($db->quoteName('company') . ' = ' . (int) $company);
$db->setQuery($query);
$db->execute();
if ($db->getNumRows()) {
$aId = $db->loadResult();
// make sure the access of asset is set
CostbenefitprojectionHelper::setAsset($aId, 'scaling_factor');
}
}
}
}
}
}
return;
}
/**
* Method to get list export data.
*
* @return mixed An array of data items on success, false on failure.
*/
public function getExportData($pks)
{
// setup the query
if (CostbenefitprojectionHelper::checkArray($pks)) {
// Set a value to know this is exporting method.
$_export = true;
// Get the user object.
$user = JFactory::getUser();
// Create a new query object.
$db = JFactory::getDBO();
$query = $db->getQuery(true);
// Select some fields
$query->select('a.*');
// From the costbenefitprojection_health_data table
$query->from($db->quoteName('#__costbenefitprojection_health_data', 'a'));
$query->where('a.id IN (' . implode(',', $pks) . ')');
// Filter by countries (admin sees all)
if (!$user->authorise('core.options', 'com_costbenefitprojection')) {
$is = CostbenefitprojectionHelper::userIs($user->id);
$countries = CostbenefitprojectionHelper::hisCountries($user->id);
if (3 == $is && CostbenefitprojectionHelper::checkArray($countries)) {
$countries = implode(',', $countries);
// only load this users health data
$query->where('a.country IN (' . $countries . ')');
} else {
// dont allow user to see any health data
$query->where('a.country = -4');
}
}
// Implement View Level Access
if (!$user->authorise('core.options', 'com_costbenefitprojection')) {
$groups = implode(',', $user->getAuthorisedViewLevels());
$query->where('a.access IN (' . $groups . ')');
}
// Order the results by ordering
$query->order('a.ordering ASC');
// Load the items
$db->setQuery($query);
$db->execute();
if ($db->getNumRows()) {
$items = $db->loadObjectList();
// set values to display correctly.
if (CostbenefitprojectionHelper::checkArray($items)) {
// get user object.
$user = JFactory::getUser();
foreach ($items as $nr => &$item) {
$access = $user->authorise('health_data.access', 'com_costbenefitprojection.health_data.' . (int) $item->id) && $user->authorise('health_data.access', 'com_costbenefitprojection');
if (!$access) {
unset($items[$nr]);
continue;
}
// unset the values we don't want exported.
unset($item->asset_id);
unset($item->checked_out);
unset($item->checked_out_time);
}
}
// Add headers to items array.
$headers = $this->getExImPortHeaders();
if (CostbenefitprojectionHelper::checkObject($headers)) {
array_unshift($items, $headers);
}
return $items;
}
}
return false;
}
/**
* Method to get a list of options for a list input.
*
* @return array An array of JHtml options.
*/
public function getOptions()
{
// Get the user object.
$user = JFactory::getUser();
// Create a new query object.
$db = JFactory::getDBO();
$query = $db->getQuery(true);
$query->select($db->quoteName(array('a.id', 'a.name'), array('id', 'company_name')));
$query->from($db->quoteName('#__costbenefitprojection_company', 'a'));
$query->where($db->quoteName('a.published') . ' = 1');
if (!$user->authorise('core.options', 'com_costbenefitprojection')) {
$companies = CostbenefitprojectionHelper::hisCompanies($user->id);
if (CostbenefitprojectionHelper::checkArray($companies)) {
$companies = implode(',', $companies);
// only load this users companies
$query->where('a.id IN (' . $companies . ')');
} else {
// dont allow user to see any companies
$query->where('a.id = -4');
}
}
$query->order('a.name ASC');
$db->setQuery((string) $query);
$items = $db->loadObjectList();
$options = array();
if ($items) {
$userIs = CostbenefitprojectionHelper::userIs($user->id);
if (3 == $userIs || $user->authorise('core.options', 'com_costbenefitprojection')) {
$options[] = JHtml::_('select.option', 0, '-- ' . JText::_('A Country') . ' --');
}
foreach ($items as $item) {
$options[] = JHtml::_('select.option', $item->id, $item->company_name);
}
}
return $options;
}
/**
* Method override to check if you can edit an existing record.
*
* @param array $data An array of input data.
* @param string $key The name of the key for the primary key.
*
* @return boolean
* @since 2.5
*/
protected function allowEdit($data = array(), $key = 'id')
{
// Check specific edit permission then general edit permission.
$user = JFactory::getUser();
$recordId = (int) isset($data[$key]) ? $data[$key] : 0;
if (!$user->authorise('core.options', 'com_costbenefitprojection')) {
// make absolutely sure that this company can be edited
$companies = CostbenefitprojectionHelper::hisCompanies($user->id);
if (!CostbenefitprojectionHelper::checkArray($companies) || !in_array($recordId, $companies)) {
return false;
}
}
// ensure lockdown
$userIs = CostbenefitprojectionHelper::userIs($user->id);
if (1 != $userIs && !CostbenefitprojectionHelper::accessCompany($recordId)) {
// this company is locked
return false;
}
return $user->authorise('company.edit', 'com_costbenefitprojection.company.' . ((int) isset($data[$key]) ? $data[$key] : 0)) or $user->authorise('company.edit', 'com_costbenefitprojection');
}
@build 16th August, 2016
@created 15th June, 2012
@package Cost Benefit Projection
@subpackage default.php
@author Llewellyn van der Merwe <http://www.vdm.io>
@owner Deutsche Gesellschaft für International Zusammenarbeit (GIZ) Gmb
@copyright Copyright (C) 2015. All Rights Reserved
@license GNU/GPL Version 2 or later - http://www.gnu.org/licenses/gpl-2.0.html
/-------------------------------------------------------------------------------------------------------/
Cost Benefit Projection Tool.
/------------------------------------------------------------------------------------------------------*/
// No direct access to this file
defined('_JEXEC') or die('Restricted access');
// get user type
$useris = CostbenefitprojectionHelper::userIs($this->user->id);
$usergroup = CostbenefitprojectionHelper::setGroupNames($this->user->get('groups'));
// load modules if public
$login_cp = false;
$public_cp = false;
$top_cp = array();
if (!$useris) {
$login_cp = $this->getModules('login-cp', 'div', 'uk-panel');
$public_cp = $this->getModules('public-cp', 'div', 'uk-panel');
$top_cp = $this->getModules('top_cp', 'array');
}
// quick header fix function
function setHeaderString($n)
{
return CostbenefitprojectionHelper::safeString($n, 'Ww');
}
