/**
* Method to check JMenu object authorization against an access control
* object and optionally an access extension object
*
* @param integer $id The menu id
*
* @return boolean True if authorised
*
* @since 1.5
*/
public function authorise($id)
{
$menu = $this->getItem($id);
if ($menu) {
return in_array((int) $menu->access, $this->user->getAuthorisedViewLevels());
}
return true;
}
public function onCCK_Field_LivePrepareForm(&$field, &$value = '', &$config = array())
{
if (self::$type != $field->live) {
return;
}
// Init
$live = '';
$options = parent::g_getLive($field->live_options);
// Prepare
$default = $options->get('default_value', '');
$excluded = $options->get('excluded');
$property = $options->get('property');
if ($property) {
$user = JCck::getUser();
if ($user->id > 0 && $user->guest == 1) {
if (!($property == 'ip' || $property == 'session_id')) {
$user = new JUser(0);
}
}
if ($property == 'access') {
$viewlevels = $user->getAuthorisedViewLevels();
if ($excluded != '') {
$excluded = explode(',', $excluded);
$viewlevels = array_diff($viewlevels, $excluded);
}
if (empty($viewlevels)) {
$live = $default;
} else {
$live = implode(',', $viewlevels);
}
} elseif (isset($user->{$property})) {
$live = $user->{$property};
if (is_array($live)) {
if ($excluded != '') {
$excluded = explode(',', $excluded);
$live = array_diff($live, $excluded);
}
if (empty($live)) {
$live = $default;
} else {
$live = implode(',', $live);
}
} elseif ($live == '') {
$live = $default;
}
} else {
$live = $default;
}
}
// Set
$value = (string) $live;
}
/**
* Method to check whether the user can view the object.
*
* @return mixed True if allowed, false for an explicit deny, null for an implicit deny.
*
* @since 12.1
* @throws LogicException
* @throws RuntimeException
*/
public function canView()
{
// Assert the object is loaded.
$this->assertIsLoaded();
// Check if an access level is set.
if (isset($this->access)) {
// Get the user's authorised view levels.
$levels = $this->user->getAuthorisedViewLevels();
// Check if the user has access.
return in_array($this->access, $levels);
}
return null;
}
/**
* Gets an array of the authorised access levels for the user
*
* @return int[]
*/
public function getAuthorisedViewLevels()
{
return array_unique(Get::arrayToIntegers($this->cmsOwnUser->getAuthorisedViewLevels()));
}
/**
* Gets the users allowed event categories
*
* @param JUser $user - The user
*
* @return array - List of categories
*/
public static function getUserACLCategories($user)
{
$db = JFactory::getDbo();
// Check category ACL rights
$groups = implode(',', $user->getAuthorisedViewLevels());
$query = $db->getQuery(true);
$query->select("id, access")->from("#__categories")->where(array("extension = " . $db->quote("com_matukio"), "published = 1", "access in (" . $groups . ")"));
$db->setQuery($query);
$cats = $db->loadObjectList();
$allowedcat = array();
foreach ((array) $cats as $cat) {
$allowedcat[] = $cat->id;
}
return $allowedcat;
}
/**
* Run the pre-filter sql and replace any placeholders in the subsequent pre-filter
*
* @param mixed $selValue string/array pre-filter value
*
* @return mixed string/array pre-filter value
*/
protected function prefilterParse($selValue)
{
$isstring = false;
if (is_string($selValue)) {
$isstring = true;
$selValue = array($selValue);
}
$preSQL = htmlspecialchars_decode($this->getParams()->get('prefilter_query'), ENT_QUOTES);
if (trim($preSQL) != '') {
$db = FabrikWorker::getDbo();
$w = new FabrikWorker();
$w->replaceRequest($preSQL);
$preSQL = $w->parseMessageForPlaceHolder($preSQL);
$db->setQuery($preSQL);
$q = $db->loadObjectList();
if (!$q) {
// Try the table's connection db for the query
$thisDb = $this->getDb();
$thisDb->setQuery($preSQL);
$q = $thisDb->loadObjectList();
}
if (!empty($q)) {
$q = $q[0];
}
}
if (isset($q)) {
foreach ($q as $key => $val) {
if (substr($key, 0, 1) != '_') {
$found = false;
for ($i = 0; $i < count($selValue); $i++) {
if (strstr($selValue[$i], '{$q->' . $key)) {
$found = true;
$pattern = '{$q->' . $key . "}";
}
if (strstr($selValue[$i], '{$q->' . $key)) {
$found = true;
$pattern = '{$q->' . $key . "}";
}
if ($found) {
$selValue[$i] = str_replace($pattern, $val, $selValue[$i]);
}
}
}
}
} else {
/* Parse for default values only
* $$$ hugh - this pattern is being greedy, so for example ...
* foo {$my->id} bar {$my->id} bosh
* ... matches everything from first to last brace, like ...
* {$my->id} bar {$my->id}
*$pattern = "/({[^}]+}).*}?/s";
*/
$pattern = "/({[^}]+})/";
for ($i = 0; $i < count($selValue); $i++) {
$ok = preg_match($pattern, $selValue[$i], $matches);
foreach ($matches as $match) {
$matchX = JString::substr($match, 1, JString::strlen($match) - 2);
// A default option was set so lets use that
if (strstr($matchX, '|')) {
$bits = explode('|', $matchX);
$selValue[$i] = str_replace($match, $bits[1], $selValue[$i]);
}
}
}
}
$selValue = $isstring ? $selValue[0] : $selValue;
// Replace {authorisedViewLevels} with array of view levels the user can access
if (is_array($selValue)) {
foreach ($selValue as &$v) {
if (strstr($v, '{authorisedViewLevels}')) {
$v = $this->user->getAuthorisedViewLevels();
}
}
} else {
if (strstr($selValue, '{authorisedViewLevels}')) {
$selValue = $this->user->getAuthorisedViewLevels();
}
}
return $selValue;
}
/**
* Checks if a user is allowed to edit a certain issue.
*
* @param JUser $user The user whose permissions should be checked.
* @param int $id ID of the relevant issue. If left empty or set to 0,
* the permission to create a new issue is checked.
*
* @return bool True, if the user is allowed to edit the issue, false if not.
*/
public function canEdit($user, $id = 0)
{
$id = (int) $id;
// If ID is 0, we create a new issue.
if ($id == 0) {
return $user->authorise('issue.create', 'com_monitor');
}
// If user is not allowed to edit...
if (!$user->authorise('issue.edit', 'com_monitor')) {
if (!$user->authorise('issue.edit.own', 'com_monitor')) {
return false;
}
// ...but to edit own issue...
$infoQuery = $this->db->getQuery(true)->select('author_id, classification')->from('#__monitor_issues')->where('id = ' . $id);
$this->db->setQuery($infoQuery);
$this->db->execute();
$result = $this->db->loadObject();
// ...check if the issue belongs to the user.
if ($result->author_id != $user->id) {
return false;
}
}
// Check if the user has access to the issue according to its classification.
if (!isset($result)) {
$infoQuery = $this->db->getQuery(true)->select('author_id, classification')->from('#__monitor_issues')->where('id = ' . $id);
$this->db->setQuery($infoQuery);
$this->db->execute();
$result = $this->db->loadObject();
}
if (!in_array($result->classification, $user->getAuthorisedViewLevels())) {
// Users can edit their own classifications, regardless of the classification.
if ($result->author_id != $user->id) {
return false;
}
}
return true;
}
