Ejemplo n.º 1
0
 /**
  * Display a list of all categories
  *
  * @return  void
  */
 public function displayTask()
 {
     // Get filters
     $this->view->filters = array('sort' => Request::getState($this->_option . '.' . $this->_controller . '.sort', 'filter_order', 'title'), 'sort_Dir' => Request::getState($this->_option . '.' . $this->_controller . '.sortdir', 'filter_order_Dir', 'ASC'), 'limit' => Request::getState($this->_option . '.' . $this->_controller . '.limit', 'limit', Config::get('list_limit'), 'int'), 'start' => Request::getState($this->_option . '.' . $this->_controller . '.limitstart', 'limitstart', 0, 'int'));
     $obj = new Archive();
     // Get record count
     $this->view->total = $obj->products('count', $this->view->filters);
     // Get records
     $this->view->rows = $obj->products('list', $this->view->filters);
     // For all records here get SKUs
     $skus = new \stdClass();
     $warehouse = new Warehouse();
     foreach ($this->view->rows as $r) {
         $key = $r->pId;
         $allSkus = $warehouse->getProductSkus($r->pId, 'all', false);
         // Count how many active and how many inactive SKUs there are
         $skuCounter = new \stdClass();
         $skuCounter->active = 0;
         $skuCounter->inactive = 0;
         foreach ($allSkus as $skuInfo) {
             if ($skuInfo->sActive) {
                 $skuCounter->active++;
             } else {
                 $skuCounter->inactive++;
             }
         }
         $skus->{$key} = $skuCounter;
     }
     $this->view->skus = $skus;
     // access groups
     $accessGroups = array();
     if ($this->config->get('productAccess')) {
         $ag = \Hubzero\Access\Group::all()->rows();
         $accessGroups[0] = 'None';
         foreach ($ag as $obj) {
             $accessGroups[$obj->get('id')] = $obj->get('title');
         }
     } else {
         $ag = Access::assetgroups();
         $accessGroups[0] = 'All';
         foreach ($ag as $obj) {
             $accessGroups[$obj->value] = $obj->text;
         }
     }
     $this->view->ag = $accessGroups;
     // Output the HTML
     $this->view->set('config', $this->config)->display();
 }
Ejemplo n.º 2
0
 /**
  * Debug permissions
  *
  * @return  void
  */
 public function debugTask()
 {
     include_once dirname(dirname(__DIR__)) . DS . 'helpers' . DS . 'debug.php';
     // Get filters
     $filters = array('search' => urldecode(Request::getState($this->_option . '.' . $this->_controller . '.search', 'search', '')), 'sort' => Request::getState($this->_option . '.' . $this->_controller . '.sort', 'filter_order', 'lft'), 'sort_Dir' => Request::getState($this->_option . '.' . $this->_controller . '.sortdir', 'filter_order_Dir', 'ASC'), 'level_start' => Request::getState($this->_option . '.' . $this->_controller . '.filter_level_start', 'filter_level_start', 0, 'int'), 'level_end' => Request::getState($this->_option . '.' . $this->_controller . '.filter_level_end', 'filter_level_end', 0, 'int'), 'component' => Request::getState($this->_option . '.' . $this->_controller . '.filter_component', 'filter_component', ''));
     if ($filters['level_end'] > 0 && $filters['level_end'] < $filters['level_start']) {
         $filters['level_end'] = $filters['level_start'];
     }
     $id = Request::getInt('id', 0);
     // Load access group
     $accessgroup = Accessgroup::oneOrFail($id);
     // Select the required fields from the table.
     $entries = \Hubzero\Access\Asset::all();
     if ($filters['search']) {
         $entries->whereLike('name', $filters['search'], 1)->orWhereLike('title', $filters['search'], 1)->resetDepth();
     }
     if ($filters['level_start'] > 0) {
         $entries->where('level', '>=', $filters['level_start']);
     }
     if ($filters['level_end'] > 0) {
         $entries->where('level', '<=', $filters['level_end']);
     }
     // Filter the items over the component if set.
     if ($filters['component']) {
         $entries->whereEquals('name', $filters['component'], 1)->orWhereLike('name', $filters['component'], 1)->resetDepth();
     }
     $assets = $entries->order($filters['sort'], $filters['sort_Dir'])->paginated()->rows();
     $actions = \Components\Members\Helpers\Debug::getActions($filters['component']);
     $data = $assets->raw();
     $assets->clear();
     foreach ($data as $key => $asset) {
         $checks = array();
         foreach ($actions as $action) {
             $name = $action[0];
             $level = $action[1];
             // Check that we check this action for the level of the asset.
             if ($action[1] === null || $action[1] >= $asset->get('level')) {
                 // We need to test this action.
                 $checks[$name] = \JAccess::checkGroup($id, $action[0], $asset->get('name'));
             } else {
                 // We ignore this action.
                 $checks[$name] = 'skip';
             }
         }
         $asset->set('checks', $checks);
         $assets->push($asset);
     }
     $levels = \Components\Members\Helpers\Debug::getLevelsOptions();
     $components = \Components\Members\Helpers\Debug::getComponents();
     // Output the HTML
     $this->view->set('group', $accessgroup)->set('filters', $filters)->set('assets', $assets)->set('actions', $actions)->set('levels', $levels)->set('components', $components)->display();
 }
Ejemplo n.º 3
0
 /**
  * Edit an entry
  *
  * @param   object  $row
  * @return  void
  */
 public function editTask($row = null)
 {
     Request::setVar('hidemainmenu', 1);
     if (!$row) {
         // Incoming
         $id = Request::getVar('id', array());
         // Get the single ID we're working with
         if (is_array($id)) {
             $id = !empty($id) ? $id[0] : 0;
         }
         $row = Viewlevel::oneOrNew($id);
     }
     $row->set('rules', json_decode($row->get('rules')));
     $groups = Accessgroup::all()->order('lft', 'asc')->rows();
     // Output the HTML
     $this->view->set('row', $row)->set('groups', $groups)->setErrors($this->getErrors())->setLayout('edit')->display();
 }
Ejemplo n.º 4
0
 /**
  * Gets the parent groups that a leaf group belongs to in its branch back to the root of the tree
  * (including the leaf group id).
  *
  * @param   mixed  $groupId  An integer or array of integers representing the identities to check.
  * @return  mixed  True if allowed, false for an explicit deny, null for an implicit deny.
  */
 protected static function getGroupPath($groupId)
 {
     // Preload all groups
     if (empty(self::$userGroups)) {
         self::$userGroups = Group::all()->order('lft', 'asc')->rows();
     }
     // Make sure groupId is valid
     if (!array_key_exists($groupId, self::$userGroups)) {
         return array();
     }
     // Get parent groups and leaf group
     if (!isset(self::$userGroupPaths[$groupId])) {
         self::$userGroupPaths[$groupId] = array();
         foreach (self::$userGroups as $group) {
             if ($group->get('lft') <= self::$userGroups[$groupId]->get('lft') && $group->get('rgt') >= self::$userGroups[$groupId]->get('rgt')) {
                 self::$userGroupPaths[$groupId][] = $group->get('id');
             }
         }
     }
     return self::$userGroupPaths[$groupId];
 }
Ejemplo n.º 5
0
 /**
  * Serve the file
  *
  * @param		$pId
  * @return     	void
  */
 public function displayTask()
 {
     // Get the transaction ID
     $tId = Request::getInt('task', '');
     // Get the SKU ID
     $sId = Request::getVar('p0');
     // Get the landing page flag
     $direct = Request::getVar('p1');
     // Check if the transaction is complete and belongs to the user and is active and the SKU requested is valid
     $transaction = Cart::getTransactionFacts($tId);
     $transactionExistingItems = $transaction->items;
     $transaction = $transaction->info;
     $transactionItems = unserialize($transaction->tiItems);
     $tStatus = $transaction->tStatus;
     $crtId = $transaction->crtId;
     // get cart user
     $cartUser = Cart::getCartUser($crtId);
     $currentUser = $this->juser->id;
     // Error if needed
     if ($tStatus !== 'completed') {
         $messages = array(array(Lang::txt('COM_CART_DOWNLOAD_TRANSACTION_NOT_COMPLETED'), 'error'));
         $this->messageTask($messages);
         return;
     } elseif ($cartUser != $currentUser) {
         $messages = array(array(Lang::txt('COM_CART_DOWNLOAD_NOT_AUTHORIZED'), 'error'));
         $this->messageTask($messages);
         return;
     } elseif (!array_key_exists($sId, $transactionItems)) {
         $messages = array(array(Lang::txt('COM_CART_DOWNLOAD_NOT_AUTHORIZED'), 'error'));
         $this->messageTask($messages);
         return;
     }
     // Check if the product is valid and downloadable; find the file
     $warehouse = new Warehouse();
     $sku = $warehouse->getSkuInfo($sId);
     $productType = $warehouse->getProductTypeInfo($sku['info']->ptId);
     $downloadFile = $sku['meta']['downloadFile'];
     // Error if needed
     if ($productType['ptName'] != 'Software Download' || empty($downloadFile)) {
         $messages = array(array(Lang::txt('COM_CART_DOWNLOAD_FILE_NOT_DOWNLOADABLE'), 'error'));
         $this->messageTask($messages);
         return;
     }
     $db = \App::get('db');
     // Check if there is a limit on how many times the product can be downloaded
     // Get the number of downloads allowed
     if (isset($sku['meta']['downloadLimit']) && $sku['meta']['downloadLimit'] && is_numeric($sku['meta']['downloadLimit'])) {
         $sql = "SELECT COUNT(`dId`) FROM `#__cart_downloads` WHERE `uId` = {$currentUser} AND `sId` = {$sId} AND `dStatus` > 0";
         $db->setQuery($sql);
         $downloadsCount = $db->loadResult();
         if ($downloadsCount >= $sku['meta']['downloadLimit']) {
             $messages = array(array('Download limit exceeded', 'error'));
             $this->messageTask($messages);
             return;
         }
     }
     // Path and file name
     $storefrontConfig = Component::params('com_storefront');
     $dir = $storefrontConfig->get('downloadFolder', '/site/protected/storefront/software');
     $file = PATH_APP . $dir . DS . $downloadFile;
     if (!file_exists($file)) {
         $messages = array(array(Lang::txt('COM_CART_DOWNLOAD_FILE_NOT_FOUND'), 'error'));
         $this->messageTask($messages);
         return;
     }
     if (!$direct) {
         $this->landingTask($tId, $sId);
         return;
     }
     // Log the download
     $sql = "INSERT INTO `#__cart_downloads` SET\n\t\t\t\t`uId` = " . $currentUser . ",\n\t\t\t\t`sId` = " . $sId . ",\n\t\t\t\t`dIp` = INET_ATON(" . $db->quote(Request::ip()) . "),\n\t\t\t\t`dDownloaded` = NOW()";
     $db->setQuery($sql);
     $db->query();
     $dId = $db->insertid();
     // Save the meta data
     $userGroups = User::getAuthorisedGroups();
     $meta = array();
     $ignoreGroups = array('public', 'registered');
     foreach ($userGroups as $groupId) {
         $group = Accessgroup::one($groupId);
         if (!in_array(strtolower($group->get('title')), $ignoreGroups)) {
             $meta[$groupId] = $group->get('title');
         }
     }
     if ($mta = User::getState('metadata')) {
         $meta = array_merge($meta, $mta);
     }
     $sql = "INSERT INTO `#__cart_meta` SET\n\t\t\t\t`scope_id` = " . $dId . ",\n\t\t\t\t`scope` = 'download',\n\t\t\t\t`mtKey` = 'userInfo',\n\t\t\t\t`mtValue` = '" . serialize($meta) . "'";
     $db->setQuery($sql);
     $db->query();
     // Figure out if the EULA was accepted
     $itemTransactionInfoMeta = $transactionExistingItems[$sId]['transactionInfo']->tiMeta;
     $eulaAccepted = $itemTransactionInfoMeta && property_exists($itemTransactionInfoMeta, 'eulaAccepted') && $itemTransactionInfoMeta->eulaAccepted ? true : false;
     if ($eulaAccepted) {
         $sql = "INSERT INTO `#__cart_meta` SET\n\t\t\t\t\t`scope_id` = " . $dId . ",\n\t\t\t\t\t`scope` = 'download',\n\t\t\t\t\t`mtKey` = 'eulaAccepted',\n\t\t\t\t\t`mtValue` = '" . $eulaAccepted . "'";
         $db->setQuery($sql);
         $db->query();
     }
     // Serve up the file
     $xserver = new \Hubzero\Content\Server();
     $xserver->filename($file);
     $xserver->serve_attachment($file);
     // Firefox and Chrome fail if served inline
     exit;
 }
Ejemplo n.º 6
0
 /**
  * Save an entry and return to main listing
  *
  * @return  void
  */
 public function saveTask()
 {
     // Check for request forgeries
     Request::checkToken();
     if (!User::authorise('core.manage', $this->_option) && !User::authorise('core.admin', $this->_option) && !User::authorise('core.create', $this->_option) && !User::authorise('core.edit', $this->_option)) {
         App::abort(403, Lang::txt('JERROR_ALERTNOAUTHOR'));
     }
     // Incoming profile edits
     $fields = Request::getVar('fields', array(), 'post', 'none', 2);
     // Load the profile
     $user = Member::oneOrNew($fields['id']);
     // Get the user before changes so we can
     // compare how data changed later on
     $prev = clone $user;
     // Set the incoming data
     $user->set($fields);
     if ($user->isNew()) {
         $newUsertype = $this->config->get('new_usertype');
         if (!$newUsertype) {
             $newUsertype = Accessgroup::oneByTitle('Registered')->get('id');
         }
         $user->set('accessgroups', array($newUsertype));
         // Check that username is filled
         if (!Validate::username($user->get('username'))) {
             Notify::error(Lang::txt('COM_MEMBERS_MEMBER_USERNAME_INVALID'));
             return $this->editTask($user);
         }
         // Check email is valid
         if (!Validate::email($user->get('email'))) {
             Notify::error(Lang::txt('COM_MEMBERS_MEMBER_EMAIL_INVALID'));
             return $this->editTask($user);
         }
         // Set home directory
         $hubHomeDir = rtrim($this->config->get('homedir'), '/');
         if (!$hubHomeDir) {
             // try to deduce a viable home directory based on sitename or live_site
             $sitename = strtolower(Config::get('sitename'));
             $sitename = preg_replace('/^http[s]{0,1}:\\/\\//', '', $sitename, 1);
             $sitename = trim($sitename, '/ ');
             $sitename_e = explode('.', $sitename, 2);
             if (isset($sitename_e[1])) {
                 $sitename = $sitename_e[0];
             }
             if (!preg_match("/^[a-zA-Z]+[\\-_0-9a-zA-Z\\.]+\$/i", $sitename)) {
                 $sitename = '';
             }
             if (empty($sitename)) {
                 $sitename = strtolower(Request::base());
                 $sitename = preg_replace('/^http[s]{0,1}:\\/\\//', '', $sitename, 1);
                 $sitename = trim($sitename, '/ ');
                 $sitename_e = explode('.', $sitename, 2);
                 if (isset($sitename_e[1])) {
                     $sitename = $sitename_e[0];
                 }
                 if (!preg_match("/^[a-zA-Z]+[\\-_0-9a-zA-Z\\.]+\$/i", $sitename)) {
                     $sitename = '';
                 }
             }
             $hubHomeDir = DS . 'home';
             if (!empty($sitename)) {
                 $hubHomeDir .= DS . $sitename;
             }
         }
         $user->set('homeDirectory', $hubHomeDir . DS . $user->get('username'));
         $user->set('loginShell', '/bin/bash');
         $user->set('ftpShell', '/usr/lib/sftp-server');
         $user->set('registerDate', Date::toSql());
     }
     // Set the new info
     $user->set('givenName', preg_replace('/\\s+/', ' ', trim($fields['givenName'])));
     $user->set('middleName', preg_replace('/\\s+/', ' ', trim($fields['middleName'])));
     $user->set('surname', preg_replace('/\\s+/', ' ', trim($fields['surname'])));
     $name = array($user->get('givenName'), $user->get('middleName'), $user->get('surname'));
     $name = implode(' ', $name);
     $name = preg_replace('/\\s+/', ' ', $name);
     $user->set('name', $name);
     $user->set('modifiedDate', Date::toSql());
     if ($ec = Request::getInt('activation', 0, 'post')) {
         $user->set('activation', $ec);
     } else {
         $user->set('activation', Helpers\Utility::genemailconfirm());
     }
     // Can't block yourself
     if ($user->get('block') && $user->get('id') == User::get('id') && !User::get('block')) {
         Notify::error(Lang::txt('COM_USERS_USERS_ERROR_CANNOT_BLOCK_SELF'));
         return $this->editTask($user);
     }
     // Make sure that we are not removing ourself from Super Admin group
     $iAmSuperAdmin = User::authorise('core.admin');
     if ($iAmSuperAdmin && User::get('id') == $user->get('id')) {
         // Check that at least one of our new groups is Super Admin
         $stillSuperAdmin = false;
         foreach ($fields['accessgroups'] as $group) {
             $stillSuperAdmin = $stillSuperAdmin ? $stillSuperAdmin : \JAccess::checkGroup($group, 'core.admin');
         }
         if (!$stillSuperAdmin) {
             Notify::error(Lang::txt('COM_USERS_USERS_ERROR_CANNOT_DEMOTE_SELF'));
             return $this->editTask($user);
         }
     }
     // Save the changes
     if (!$user->save()) {
         Notify::error($user->getError());
         return $this->editTask($user);
     }
     // Save profile data
     $profile = Request::getVar('profile', array(), 'post', 'none', 2);
     $access = Request::getVar('profileaccess', array(), 'post', 'none', 2);
     foreach ($profile as $key => $data) {
         if (isset($profile[$key]) && is_array($profile[$key])) {
             $profile[$key] = array_filter($profile[$key]);
         }
         if (isset($profile[$key . '_other']) && trim($profile[$key . '_other'])) {
             if (is_array($profile[$key])) {
                 $profile[$key][] = $profile[$key . '_other'];
             } else {
                 $profile[$key] = $profile[$key . '_other'];
             }
             unset($profile[$key . '_other']);
         }
     }
     if (!$user->saveProfile($profile, $access)) {
         Notify::error($user->getError());
         return $this->editTask($user);
     }
     // Do we have a new pass?
     $newpass = trim(Request::getVar('newpass', '', 'post'));
     if ($newpass) {
         // Get password rules and validate
         $password_rules = \Hubzero\Password\Rule::all()->whereEquals('enabled', 1)->rows();
         $validated = \Hubzero\Password\Rule::verify($newpass, $password_rules, $user->get('id'));
         if (!empty($validated)) {
             // Set error
             Notify::error(Lang::txt('COM_MEMBERS_PASSWORD_DOES_NOT_MEET_REQUIREMENTS'));
             $this->validated = $validated;
             $this->_task = 'apply';
         } else {
             // Save password
             \Hubzero\User\Password::changePassword($user->get('username'), $newpass);
         }
     }
     $passinfo = \Hubzero\User\Password::getInstance($user->get('id'));
     if (is_object($passinfo)) {
         // Do we have shadow info to change?
         $shadowMax = Request::getInt('shadowMax', false, 'post');
         $shadowWarning = Request::getInt('shadowWarning', false, 'post');
         $shadowExpire = Request::getVar('shadowExpire', '', 'post');
         if ($shadowMax || $shadowWarning || !is_null($passinfo->get('shadowExpire')) && empty($shadowExpire)) {
             if ($shadowMax) {
                 $passinfo->set('shadowMax', $shadowMax);
             }
             if ($shadowExpire || !is_null($passinfo->get('shadowExpire')) && empty($shadowExpire)) {
                 if (preg_match("/[0-9]{4}-[0-9]{2}-[0-9]{2}/", $shadowExpire)) {
                     $shadowExpire = strtotime($shadowExpire) / 86400;
                     $passinfo->set('shadowExpire', $shadowExpire);
                 } elseif (preg_match("/[0-9]+/", $shadowExpire)) {
                     $passinfo->set('shadowExpire', $shadowExpire);
                 } elseif (empty($shadowExpire)) {
                     $passinfo->set('shadowExpire', NULL);
                 }
             }
             if ($shadowWarning) {
                 $passinfo->set('shadowWarning', $shadowWarning);
             }
             $passinfo->update();
         }
     }
     // Check for spam count
     $reputation = Request::getVar('spam_count', null, 'post');
     if (!is_null($reputation)) {
         $user->reputation->set('spam_count', $reputation);
         $user->reputation->save();
     }
     // Email the user that their account has been approved
     if (!$prev->get('approved') && $this->config->get('useractivation_email')) {
         if (!$this->emailApprovedUser($user)) {
             Notify::error(Lang::txt('COM_MEMBERS_ERROR_EMAIL_FAILED'));
         }
     }
     // Set success message
     Notify::success(Lang::txt('COM_MEMBERS_MEMBER_SAVED'));
     // Drop through to edit form?
     if ($this->getTask() == 'apply') {
         return $this->editTask($user);
     }
     // Redirect
     $this->cancelTask();
 }