function save($key = NULL, $urlVar = NULL) { parent::save(); if (JRequest::getVar('fc_doajax_submit')) { JFactory::getApplication()->enqueueMessage(JText::_('FLEXI_ITEM_SAVED'), 'message'); echo flexicontent_html::get_system_messages_html(); exit; // Ajax submit, do not rerender the view } }
/** * Logic to save an item * * @access public * @return void * @since 1.0 */ function save() { // Check for request forgeries JRequest::checkToken() or jexit('Invalid Token'); //echo '<html> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <body>'; // Initialize variables $app = JFactory::getApplication(); $db = JFactory::getDBO(); $user = JFactory::getUser(); $config = JFactory::getConfig(); $session = JFactory::getSession(); $task = JRequest::getVar('task'); $ctrl_task = 'task=items.'; // ********************* // Get data from request // ********************* // Retrieve form data these are subject to basic filtering $data = JRequest::getVar('jform', array(), 'post', 'array'); // Core Fields and and item Parameters $custom = JRequest::getVar('custom', array(), 'post', 'array'); // Custom Fields $jfdata = JRequest::getVar('jfdata', array(), 'post', 'array'); // Joomfish Data // Set into model: id (needed for loading correct item), and type id (e.g. needed for getting correct type parameters for new items) $data_id = (int) $data['id']; $isnew = $data_id == 0; // If new make sure that type id is set too, before creating the model if ($isnew) { $typeid = JRequest::setvar('typeid', (int) @$data['type_id']); } // Get the model $model = $this->getModel('item'); $model->setId($data_id); // Make sure id is correct // Get some flags this will also trigger item loading if not already loaded $isOwner = $model->get('created_by') == $user->get('id'); // Get merged parameters: component, type, menu (FE) $params = new JRegistry(); $model_params = $model->getComponentTypeParams(); $params->merge($model_params); // Unique id for new items, needed by some fields for temporary data $unique_tmp_itemid = JRequest::getVar('unique_tmp_itemid'); // Auto title for some content types if ($params->get('auto_title', 0)) { $data['title'] = (int) $data['id']; } // item id or ZERO for new items // ************************************* // ENFORCE can change category ACL perms // ************************************* $perms = FlexicontentHelperPerm::getPerm(); // Per content type change category permissions $current_type_id = $isnew || !$model->get('type_id') ? (int) @$data['type_id'] : $model->get('type_id'); // GET current (existing/old) item TYPE ID $CanChangeFeatCat = $user->authorise('flexicontent.change.cat.feat', 'com_flexicontent.type.' . $current_type_id); $CanChangeSecCat = $user->authorise('flexicontent.change.cat.sec', 'com_flexicontent.type.' . $current_type_id); $CanChangeCat = $user->authorise('flexicontent.change.cat', 'com_flexicontent.type.' . $current_type_id); $AutoApproveChanges = $perms->AutoApproveChanges; $enable_featured_cid_selector = $perms->MultiCat && $CanChangeFeatCat; $enable_cid_selector = $perms->MultiCat && $CanChangeSecCat; $enable_catid_selector = $isnew && !$params->get('catid_default') || !$isnew && !$model->get('catid') || $CanChangeCat; // Enforce maintaining featured categories $featured_cats_parent = $params->get('featured_cats_parent', 0); $featured_cats = array(); if ($featured_cats_parent && !$enable_featured_cid_selector) { $featured_tree = flexicontent_cats::getCategoriesTree($published_only = 1, $parent_id = $featured_cats_parent, $depth_limit = 0); $disabled_cats = $params->get('featured_cats_parent_disable', 1) ? array($featured_cats_parent) : array(); $featured_cid = array(); if (!$isnew) { foreach ($model->get('categories') as $item_cat) { if (isset($featured_tree[$item_cat]) && !isset($disabled_cats[$item_cat])) { $featured_cid[] = $item_cat; } } } $data['featured_cid'] = $featured_cid; } // Enforce maintaining secondary categories if (!$enable_cid_selector) { if ($isnew) { $data['cid'] = $params->get('cid_default'); } else { if (isset($featured_cid)) { $featured_cid_arr = array_flip($featured_cid); $sec_cid = array(); foreach ($model->get('cats') as $item_cat) { if (!isset($featured_cid_arr[$item_cat])) { $sec_cid[] = $item_cat; } } $data['cid'] = $sec_cid; } else { $data['cid'] = $model->get('cats'); } } } if (!$enable_catid_selector) { if ($isnew && $params->get('catid_default')) { $data['catid'] = $params->get('catid_default'); } else { if ($model->get('catid')) { $data['catid'] = $model->get('catid'); } } } // ************************** // Basic Form data validation // ************************** // Get the JForm object, but do not pass any data we only want the form object, // in order to validate the data and not create a filled-in form $form = $model->getForm(); // Validate Form data for core fields and for parameters $post = $model->validate($form, $data); // Check for validation error if (!$post) { // Get the validation messages and push up to three validation messages out to the user $errors = $form->getErrors(); for ($i = 0, $n = count($errors); $i < $n && $i < 3; $i++) { $app->enqueueMessage($errors[$i] instanceof Exception ? $errors[$i]->getMessage() : $errors[$i], 'error'); } // Set POST form date into the session, so that they get reloaded $app->setUserState($form->option . '.edit.' . $form->context . '.data', $data); // Save the jform data in the session $app->setUserState($form->option . '.edit.' . $form->context . '.custom', $custom); // Save the custom fields data in the session $app->setUserState($form->option . '.edit.' . $form->context . '.jfdata', $jfdata); // Save the falang translations into the session $app->setUserState($form->option . '.edit.' . $form->context . '.unique_tmp_itemid', $unique_tmp_itemid); // Save temporary unique item id into the session // Redirect back to the item form $this->setRedirect($_SERVER['HTTP_REFERER']); if (JRequest::getVar('fc_doajax_submit')) { echo flexicontent_html::get_system_messages_html(); exit; // Ajax submit, do not rerender the view } return false; //die('error'); } // Some values need to be assigned after validation $post['attribs'] = @$data['attribs']; // Workaround for item's template parameters being clear by validation since they are not present in item.xml $post['custom'] =& $custom; // Assign array of custom field values, they are in the 'custom' form array instead of jform $post['jfdata'] =& $jfdata; // Assign array of Joomfish field values, they are in the 'jfdata' form array instead of jform // Assign template parameters of the select ilayout as an sub-array (the DB model will handle the merging of parameters) $ilayout = $data['attribs']['ilayout']; if (!empty($data['layouts'][$ilayout])) { //echo "<pre>"; print_r($post['attribs']); //$post['attribs'] = array_merge($post['attribs'], $data['layouts'][$ilayout]); $post['attribs']['layouts'] = $data['layouts']; //echo "<pre>"; print_r($post['attribs']); exit; } // USEFULL FOR DEBUGING for J2.5 (do not remove commented code) //$diff_arr = array_diff_assoc ( $data, $post); //echo "<pre>"; print_r($diff_arr); jexit(); // Make sure Content ID in the REQUEST is set, this is needed in BACKEND, needed in some cases // NOTE this is not the same as jform['cid'] which is the category IDs of the Content Item JRequest::setVar('cid', array($model->getId()), 'post', 'array'); // ******************************************************************************** // PERFORM ACCESS CHECKS, NOTE: we need to check access again, despite having // checked them on edit form load, because user may have tampered with the form ... // ******************************************************************************** $itemAccess = $model->getItemAccess(); $canAdd = $itemAccess->get('access-create'); // includes check of creating in at least one category $canEdit = $itemAccess->get('access-edit'); // includes privileges edit and edit-own $type_id = (int) @$post['type_id']; // Typecast to int, (already done for J2.5 via validating) if (!$isnew && $model->get('type_id') == $type_id) { // Existing item with Type not being ALTERED, content type can be maintained regardless of privilege $canCreateType = true; } else { // New item or existing item with Type is being ALTERED, check privilege to create items of this type $canCreateType = $model->canCreateType(array($type_id), true, $types); } // ***************************************************************** // Calculate user's CREATE / EDIT privileges on current content item // ***************************************************************** $hasCoupon = false; // Normally used in frontend only if (!$isnew) { // If no edit privilege, check if item is editable till logoff if (!$canEdit) { if ($session->has('rendered_uneditable', 'flexicontent')) { $rendered_uneditable = $session->get('rendered_uneditable', array(), 'flexicontent'); $canEdit = isset($rendered_uneditable[$model->get('id')]) && $rendered_uneditable[$model->get('id')]; $hasCoupon = isset($rendered_uneditable[$model->get('id')]) && $rendered_uneditable[$model->get('id')] == 2; // editable via coupon } } } else { // No special CREATE allowing case for backend } // New item: check if user can create in at least one category if ($isnew && !$canAdd) { JError::raiseWarning(403, JText::_('FLEXI_NO_ACCESS_CREATE')); $this->setRedirect($_SERVER['HTTP_REFERER']); if (JRequest::getVar('fc_doajax_submit')) { echo flexicontent_html::get_system_messages_html(); exit; // Ajax submit, do not rerender the view } return; } // Existing item: Check if user can edit current item if (!$isnew && !$canEdit) { JError::raiseWarning(403, JText::_('FLEXI_NO_ACCESS_EDIT')); $this->setRedirect($_SERVER['HTTP_REFERER']); if (JRequest::getVar('fc_doajax_submit')) { echo flexicontent_html::get_system_messages_html(); exit; // Ajax submit, do not rerender the view } return; } if (!$canCreateType) { $msg = isset($types[$type_id]) ? JText::sprintf('FLEXI_NO_ACCESS_CREATE_CONTENT_OF_TYPE', JText::_($types[$type_id]->name)) : ' Content Type ' . $type_id . ' was not found OR is not published'; JError::raiseWarning(403, $msg); $this->setRedirect($_SERVER['HTTP_REFERER']); if (JRequest::getVar('fc_doajax_submit')) { echo flexicontent_html::get_system_messages_html(); exit; // Ajax submit, do not rerender the view } return; } // Get "BEFORE SAVE" categories for information mail $before_cats = array(); if (!$isnew) { $query = 'SELECT DISTINCT c.id, c.title FROM #__categories AS c' . ' JOIN #__flexicontent_cats_item_relations AS rel ON rel.catid = c.id' . ' WHERE rel.itemid = ' . (int) $model->get('id'); $db->setQuery($query); $before_cats = $db->loadObjectList('id'); $before_maincat = $model->get('catid'); $original_item = $model->getItem($post['id'], $check_view_access = false, $no_cache = true, $force_version = 0); } // **************************************** // Try to store the form data into the item // **************************************** if (!$model->store($post)) { // Set error message about saving failed, and also the reason (=model's error message) $msg = JText::_('FLEXI_ERROR_STORING_ITEM'); JError::raiseWarning(500, $msg . ": " . $model->getError()); // Set POST form date into the session, so that they get reloaded $app->setUserState($form->option . '.edit.' . $form->context . '.data', $data); // Save the jform data in the session $app->setUserState($form->option . '.edit.' . $form->context . '.custom', $custom); // Save the custom fields data in the session $app->setUserState($form->option . '.edit.' . $form->context . '.jfdata', $jfdata); // Save the falang translations into the session $app->setUserState($form->option . '.edit.' . $form->context . '.unique_tmp_itemid', $unique_tmp_itemid); // Save temporary unique item id into the session // Saving has failed check-in and redirect back to the item form, // redirect back to the item form reloading the posted data $model->checkin(); $this->setRedirect($_SERVER['HTTP_REFERER']); if (JRequest::getVar('fc_doajax_submit')) { echo flexicontent_html::get_system_messages_html(); exit; // Ajax submit, do not rerender the view } return; //die('save error'); } // ************************************************** // Check in model and get item id in case of new item // ************************************************** $model->checkin(); $post['id'] = $isnew ? (int) $model->get('id') : $post['id']; // Get items marked as newly submitted $newly_submitted = $session->get('newly_submitted', array(), 'flexicontent'); if ($isnew) { // Mark item as newly submitted, to allow to a proper "THANKS" message after final save & close operation (since user may have clicked add instead of add & close) $newly_submitted[$model->get('id')] = 1; $session->set('newly_submitted', $newly_submitted, 'flexicontent'); } $newly_submitted_item = @$newly_submitted[$model->get('id')]; // *********************************************************************************************************** // Get newly saved -latest- version (store task gets latest) of the item, and also calculate publish privelege // *********************************************************************************************************** $item = $model->getItem($post['id'], $check_view_access = false, $no_cache = true, $force_version = -1); $canPublish = $model->canEditState($item, $check_cat_perm = true) || $hasCoupon; // ******************************************************************************************** // Use session to detect multiple item saves to avoid sending notification EMAIL multiple times // ******************************************************************************************** $is_first_save = true; if ($session->has('saved_fcitems', 'flexicontent')) { $saved_fcitems = $session->get('saved_fcitems', array(), 'flexicontent'); $is_first_save = $isnew ? true : !isset($saved_fcitems[$model->get('id')]); } // Add item to saved items of the corresponding session array $saved_fcitems[$model->get('id')] = $timestamp = time(); // Current time as seconds since Unix epoc; $session->set('saved_fcitems', $saved_fcitems, 'flexicontent'); // ******************************************** // Get categories added / removed from the item // ******************************************** $query = 'SELECT DISTINCT c.id, c.title FROM #__categories AS c' . ' JOIN #__flexicontent_cats_item_relations AS rel ON rel.catid = c.id' . ' WHERE rel.itemid = ' . (int) $model->get('id'); $db->setQuery($query); $after_cats = $db->loadObjectList('id'); if (!$isnew) { $cats_added_ids = array_diff(array_keys($after_cats), array_keys($before_cats)); foreach ($cats_added_ids as $cats_added_id) { $cats_added_titles[] = $after_cats[$cats_added_id]->title; } $cats_removed_ids = array_diff(array_keys($before_cats), array_keys($after_cats)); foreach ($cats_removed_ids as $cats_removed_id) { $cats_removed_titles[] = $before_cats[$cats_removed_id]->title; } $cats_altered = count($cats_added_ids) + count($cats_removed_ids); $after_maincat = $model->get('catid'); } // ******************************************************************************************************************* // We need to get emails to notify, from Global/item's Content Type parameters -AND- from item's categories parameters // ******************************************************************************************************************* $notify_emails = array(); if ($is_first_save || $cats_altered || $params->get('nf_enable_debug', 0)) { // Get needed flags regarding the saved items $approve_version = 2; $pending_approval_state = -3; $draft_state = -4; $current_version = FLEXIUtilities::getCurrentVersions($item->id, true); // Get current item version $last_version = FLEXIUtilities::getLastVersions($item->id, true); // Get last version (=latest one saved, highest version id), // $post variables vstate & state may have been (a) tampered in the form, and/or (b) altered by save procedure so better not use them $needs_version_reviewal = !$isnew && $last_version > $current_version && !$canPublish && !$AutoApproveChanges; $needs_publication_approval = $isnew && $item->state == $pending_approval_state && !$canPublish; $draft_from_non_publisher = $item->state == $draft_state && !$canPublish; if ($draft_from_non_publisher) { // Suppress notifications for draft-state items (new or existing ones), for these each author will publication approval manually via a button $nConf = false; } else { // Get notifications configuration and select appropriate emails for current saving case $nConf = $model->getNotificationsConf($params); //echo "<pre>"; print_r($nConf); "</pre>"; } if ($nConf) { $states_notify_new = $params->get('states_notify_new', array(1, 0, FLEXI_J16GE ? 2 : -1, -3, -4, -5)); if (empty($states_notify_new)) { $states_notify_new = array(); } else { if (!is_array($states_notify_new)) { $states_notify_new = !FLEXI_J16GE ? array($states_notify_new) : explode("|", $states_notify_new); } } $states_notify_existing = $params->get('states_notify_existing', array(1, 0, FLEXI_J16GE ? 2 : -1, -3, -4, -5)); if (empty($states_notify_existing)) { $states_notify_existing = array(); } else { if (!is_array($states_notify_existing)) { $states_notify_existing = !FLEXI_J16GE ? array($states_notify_existing) : explode("|", $states_notify_existing); } } $n_state_ok = in_array($item->state, $states_notify_new); $e_state_ok = in_array($item->state, $states_notify_existing); if ($needs_publication_approval) { $notify_emails = $nConf->emails->notify_new_pending; } else { if ($isnew && $n_state_ok) { $notify_emails = $nConf->emails->notify_new; } else { if ($isnew) { $notify_emails = array(); } else { if ($needs_version_reviewal) { $notify_emails = $nConf->emails->notify_existing_reviewal; } else { if (!$isnew && $e_state_ok) { $notify_emails = $nConf->emails->notify_existing; } else { if (!$isnew) { $notify_emails = array(); } } } } } } if ($needs_publication_approval) { $notify_text = $params->get('text_notify_new_pending'); } else { if ($isnew) { $notify_text = $params->get('text_notify_new'); } else { if ($needs_version_reviewal) { $notify_text = $params->get('text_notify_existing_reviewal'); } else { if (!$isnew) { $notify_text = $params->get('text_notify_existing'); } } } } //print_r($notify_emails); jexit(); } } // ********************************************************************************************************************* // If there are emails to notify for current saving case, then send the notifications emails, but // ********************************************************************************************************************* if (!empty($notify_emails) && count($notify_emails)) { $notify_vars = new stdClass(); $notify_vars->needs_version_reviewal = $needs_version_reviewal; $notify_vars->needs_publication_approval = $needs_publication_approval; $notify_vars->isnew = $isnew; $notify_vars->notify_emails = $notify_emails; $notify_vars->notify_text = $notify_text; $notify_vars->before_cats = $before_cats; $notify_vars->after_cats = $after_cats; $notify_vars->original_item = @$original_item; $model->sendNotificationEmails($notify_vars, $params, $manual_approval_request = 0); } // *************************************************** // CLEAN THE CACHE so that our changes appear realtime // *************************************************** $cache = FLEXIUtilities::getCache($group = '', 0); $cache->clean('com_flexicontent_items'); $cache->clean('com_flexicontent_filters'); $cache = FLEXIUtilities::getCache($group = '', 1); $cache->clean('com_flexicontent_items'); $cache->clean('com_flexicontent_filters'); // **************************************************************************************************************************** // Recalculate EDIT PRIVILEGE of new item. Reason for needing to do this is because we can have create permission in a category // and thus being able to set this category as item's main category, but then have no edit/editown permission for this category // **************************************************************************************************************************** $asset = 'com_content.article.' . $model->get('id'); $canEdit = $user->authorise('core.edit', $asset) || $user->authorise('core.edit.own', $asset) && $isOwner; // ALTERNATIVE 1 //$canEdit = $model->getItemAccess()->get('access-edit'); // includes privileges edit and edit-own // ALTERNATIVE 2 //$rights = FlexicontentHelperPerm::checkAllItemAccess($user->get('id'), 'item', $model->get('id')); //$canEdit = in_array('edit', $rights) || (in_array('edit.own', $rights) && $isOwner) ; // ******************************************************************************************************* // Check if user can not edit item further (due to changed main category, without edit/editown permission) // ******************************************************************************************************* if (!$canEdit) { if ($task == 'apply' || $task == 'apply_type') { // APPLY TASK: Temporarily set item to be editable till closing it and not through all session // (we will/should clear this flag when item is closed, since we have another flag to indicate new items $rendered_uneditable = $session->get('rendered_uneditable', array(), 'flexicontent'); $rendered_uneditable[$model->get('id')] = -1; $session->set('rendered_uneditable', $rendered_uneditable, 'flexicontent'); $canEdit = 1; } else { if ($newly_submitted_item) { // NEW ITEM: Do not use editable till logoff behaviour // ALSO: Clear editable FLAG set in the case that 'apply' button was used during new item creation if (!$params->get('items_session_editable', 0)) { $rendered_uneditable = $session->get('rendered_uneditable', array(), 'flexicontent'); if (isset($rendered_uneditable[$model->get('id')])) { unset($rendered_uneditable[$model->get('id')]); $session->set('rendered_uneditable', $rendered_uneditable, 'flexicontent'); } } } else { // EXISTING ITEM: (if enabled) Use the editable till logoff behaviour if ($params->get('items_session_editable', 0)) { // Set notice for existing item being editable till logoff JError::raiseNotice(403, JText::_('FLEXI_CANNOT_EDIT_AFTER_LOGOFF')); // Allow item to be editable till logoff $rendered_uneditable = $session->get('rendered_uneditable', array(), 'flexicontent'); $rendered_uneditable[$model->get('id')] = 1; $session->set('rendered_uneditable', $rendered_uneditable, 'flexicontent'); $canEdit = 1; } } } // Set notice about saving an item that cannot be changed further if (!$canEdit) { $app->enqueueMessage(JText::_('FLEXI_CANNOT_MAKE_FURTHER_CHANGES_TO_CONTENT'), 'message'); } } // **************************************************************** // Check for new Content Item is being closed, and clear some flags // **************************************************************** if ($task != 'apply' && $task != 'apply_type' && $newly_submitted_item) { // Clear item from being marked as newly submitted unset($newly_submitted[$model->get('id')]); $session->set('newly_submitted', $newly_submitted, 'flexicontent'); // The 'apply' task may set 'editable till logoff' FLAG ... // CLEAR IT, since NEW content this is meant to be used temporarily if (!$params->get('items_session_editable', 0)) { $rendered_uneditable = $session->get('rendered_uneditable', array(), 'flexicontent'); if (isset($rendered_uneditable[$model->get('id')])) { unset($rendered_uneditable[$model->get('id')]); $session->set('rendered_uneditable', $rendered_uneditable, 'flexicontent'); } } } // **************************************** // Saving is done, decide where to redirect // **************************************** switch ($task) { case 'apply': case 'apply_type': $link = 'index.php?option=com_flexicontent&' . $ctrl_task . 'edit&cid=' . (int) $model->get('id'); break; case 'saveandnew': $link = $type_id ? 'index.php?option=com_flexicontent&view=item&typeid=' . $type_id : 'index.php?option=com_flexicontent&view=item'; break; default: $link = 'index.php?option=com_flexicontent&view=items'; break; } $msg = JText::_('FLEXI_ITEM_SAVED'); $this->setRedirect($link, $msg); if (JRequest::getVar('fc_doajax_submit')) { JFactory::getApplication()->enqueueMessage($msg, 'message'); echo flexicontent_html::get_system_messages_html(); exit; // Ajax submit, do not rerender the view } }
function savelayoutfile() { jimport('joomla.filesystem.file'); $app = JFactory::getApplication(); $user = JFactory::getUser(); $var['sysmssg'] = ''; $var['content'] = ''; // Check for request forgeries if (!JRequest::checkToken()) { $app->enqueueMessage('Invalid Token', 'error'); $var['sysmssg'] = flexicontent_html::get_system_messages_html(); echo json_encode($var); exit; } //get vars $file_contents = $_POST['file_contents']; $layout_name = JRequest::getVar('layout_name', 'default'); $file_subpath = JRequest::getVar('file_subpath', ''); $layout_name = preg_replace("/\\.\\.\\//", "", $layout_name); $file_subpath = preg_replace("/\\.\\.\\//", "", $file_subpath); if (!$layout_name) { $app->enqueueMessage('Layout name is empty / invalid', 'warning'); } if (!$file_subpath) { $app->enqueueMessage('File path is empty / invalid', 'warning'); } if (!$layout_name || !$file_subpath) { $var['sysmssg'] = flexicontent_html::get_system_messages_html(); echo json_encode($var); exit; } $path = JPath::clean(JPATH_ROOT . DS . 'components' . DS . 'com_flexicontent' . DS . 'templates' . DS . $layout_name); if (!is_dir($path)) { $app->enqueueMessage('Layout: ' . $layout_name . ' was not found', 'warning'); $var['sysmssg'] = flexicontent_html::get_system_messages_html(); echo json_encode($var); exit; } $file_path = JPath::clean($path . DS . $file_subpath); if (!file_exists($file_path)) { $app->enqueueMessage('Layout: ' . $layout_name . ' was not found', 'warning'); $var['sysmssg'] = flexicontent_html::get_system_messages_html(); echo json_encode($var); exit; } if (file_put_contents($file_path, $file_contents)) { $app->enqueueMessage('File: ' . $file_path . ' was saved ', 'message'); if (preg_match('#\\.xml#', $file_path)) { $tmplcache = JFactory::getCache('com_flexicontent_tmpl'); $tmplcache->clean(); } } else { $app->enqueueMessage('Failed to save file: ' . $layout_name, 'warning'); } $var['sysmssg'] = flexicontent_html::get_system_messages_html(); $var['content'] = file_get_contents($file_path); echo json_encode($var); }