/**
* Test various ACL action permissions for com_attachments for various users
*
* @dataProvider provider
*
* @param string $username The name of ther user (for error outputs)
* @param int $admin correct 'core.admin' permission (0/1 interpreted as bool)
* @param int $manage correct 'core.manage' permission (0/1 interpreted as bool)
* @param int $create correct 'core.create' permission (0/1 interpreted as bool)
* @param int $delete correct 'core.delete' permission (0/1 interpreted as bool)
* @param int $edit_state correct 'core.edit.state' permission (0/1 interpreted as bool)
* @param int $edit correct 'core.edit' permission (0/1 interpreted as bool)
* @param int $edit_own correct 'core.edit.own' permission (0/1 interpreted as bool)
* @param int $delete_own correct 'attachments.delete.own' permission (0/1 interpreted as bool)
*/
public function testActions($username, $admin, $manage, $create, $delete, $edit_state, $edit, $edit_own, $delete_own)
{
$user_id = JUserHelper::getUserId($username);
$errmsg = "ERROR: ========> USERNAME={$username} does not exist!";
$this->assertNotEquals((int) $user_id, 0, $errmsg);
$canDo = AttachmentsPermissions::getActions((int) $user_id);
$errmsg = "----> Failed test for {$username} core.admin for com_attachments, " . " expected {$admin}, got " . $canDo->get('core.admin') . " for " . $username;
$this->assertEquals($canDo->get('core.admin'), (bool) $admin, $errmsg);
$errmsg = "----> Failed test for {$username} core.manage for com_attachments, " . " expected {$manage}, got " . $canDo->get('core.manage') . " for " . $username;
$this->assertEquals($canDo->get('core.manage'), (bool) $manage, $errmsg);
$errmsg = "----> Failed test for {$username} core.create for com_attachments, " . " expected {$create}, got " . $canDo->get('core.create') . " for " . $username;
$this->assertEquals($canDo->get('core.create'), (bool) $create, $errmsg);
$errmsg = "----> Failed test for {$username} core.delete for com_attachments, " . " expected {$delete}, got " . $canDo->get('core.delete') . " for " . $username;
$this->assertEquals($canDo->get('core.delete'), (bool) $delete, $errmsg);
$errmsg = "----> Failed test for {$username} core.edit.state for com_attachments, " . " expected {$edit_state}, got " . $canDo->get('core.edit.state') . " for " . $username;
$this->assertEquals($canDo->get('core.edit.state'), (bool) $edit_state, $errmsg);
$errmsg = "----> Failed test for {$username} core.edit for com_attachments, " . " expected {$edit}, got " . $canDo->get('core.edit') . " for " . $username;
$this->assertEquals($canDo->get('core.edit'), (bool) $edit, $errmsg);
$errmsg = "----> Failed test for {$username} core.edit.own for com_attachments, " . " expected {$edit_own}, got " . $canDo->get('core.edit.own') . " for " . $username;
$this->assertEquals($canDo->get('core.edit.own'), (bool) $edit_own, $errmsg);
$errmsg = "----> Failed test for {$username} attachments.delete.own for com_attachments, " . " expected {$delete_own}, got " . $canDo->get('attachments.delete.own') . " for " . $username;
$this->assertEquals($canDo->get('attachments.delete.own'), (bool) $delete_own, $errmsg);
}
/**
* Return true if this user may change the state of this attachment
*
* (Note that all of the arguments are assumed to be valid; no sanity checking is done.
* It is up to the caller to validate the arguments before calling this function.)
*
* @param int $parent_id the ID for the parent object
* @param string $parent_entity the type of entity for this parent type
* @param int $attachment_creator_id the ID of the creator of the attachment
* @param object $user_id the user_id to check (optional, primarily for testing)
*
* @return true if this user may change the state of this attachment
*/
public function userMayChangeAttachmentState($parent_id, $parent_entity, $attachment_creator_id, $user_id = null)
{
// If the user generally has permissions to edit all content, they
// may change this attachment state (editor, publisher, admin, etc)
$user = JFactory::getUser($user_id);
if ($user->authorise('com_content', 'edit', 'content', 'all')) {
return true;
}
require_once JPATH_ADMINISTRATOR . '/components/com_attachments/permissions.php';
// Handle each entity type
switch ($parent_entity) {
case 'category':
// ?? Deal with parents being created (parent_id == 0)
// First, determine if the user can edit this category
if (!AttachmentsPermissions::userMayEditCategory($parent_id)) {
return false;
}
// See if the user can change the state of any attachment
if ($user->authorise('core.edit.state', 'com_attachments')) {
return true;
}
// See if the user has permissions to change the state of their own attachments
if ($user->authorise('attachments.edit.state.own', 'com_attachments') && (int) $user->id == (int) $attachment_creator_id) {
return true;
}
// See if the user has permission to change the state of any attachments for categories they created
if ($user->authorise('attachments.edit.state.ownparent', 'com_attachments')) {
$category_creator_id = $this->getParentCreatorId($parent_id, 'category');
return (int) $user->id == (int) $category_creator_id;
}
break;
default:
// Articles
// ?? Deal with parents being created (parent_id == 0)
// First, determine if the user can edit this article
if (!AttachmentsPermissions::userMayEditArticle($parent_id)) {
return false;
}
// See if the user can change the state of any attachment
if ($user->authorise('core.edit.state', 'com_attachments')) {
return true;
}
// See if the user has permissions to change the state of their own attachments
if ($user->authorise('attachments.edit.state.own', 'com_attachments') && (int) $user->id == (int) $attachment_creator_id) {
return true;
}
// See if the user has permission to edit the state of any attachments for articles they created
if ($user->authorise('attachments.edit.state.ownparent', 'com_attachments')) {
$article_creator_id = $this->getParentCreatorId($parent_id, 'article');
return (int) $user->id == (int) $article_creator_id;
}
}
return false;
}
function addAttachments(&$row, &$params, $page = 0)
{
// Only display attachments for content (articles)
global $option;
if ($option != 'com_content') {
return;
}
// Apparently this is called before articles are displayed (ignore those calls)
if (!isset($row->id)) {
return;
}
// Get the component parameters
jimport('joomla.application.component.helper');
$attachParams = JComponentHelper::getParams('com_attachments');
// Get some of the options
$user =& JFactory::getUser();
$logged_in = $user->get('username') != '';
$user_type = $user->get('usertype', false);
// Load the language files from the backend
$lang =& JFactory::getLanguage();
$lang->load('plg_frontend_attachments', JPATH_ADMINISTRATOR);
// See whether we can display the links to add attachments
require_once JPATH_SITE . DS . 'components' . DS . 'com_attachments' . DS . 'permissions.php';
if (AttachmentsPermissions::attachments_hidden_for_article($row->id, $attachParams)) {
return;
}
$user_can_add = AttachmentsPermissions::user_may_add_attachment($user, $row->id);
// Determine where we are
global $option;
$from = JRequest::getVar('view', false);
$Itemid = JRequest::getVar('Itemid', false);
if (is_numeric($Itemid)) {
$Itemid = intval($Itemid);
} else {
$Itemid = 1;
}
// Show the attachment list (if appropriate)
$who_can_see = $attachParams->get('who_can_see', 'logged_in');
if ($who_can_see == 'anyone' || $who_can_see == 'logged_in' && $logged_in) {
$row->text .= attachments_attachmentListHtml($row->id, $user_can_add, $Itemid, $from);
}
if ($user_can_add) {
$row->text .= attachments_attachmentButtonsHTML($row->id, $Itemid, $from);
}
}
function add_permissions(&$attachments, $user, $article_id)
{
// Make sure we have a valid article ID
if ($article_id == null || $article_id == '' || !is_numeric($article_id)) {
$errmsg = JText::_('ERROR BAD ARTICLE ID');
JError::raiseError(500, $errmsg);
}
// If there are no attachments, don't do anything
if (count($attachments) == 0) {
return false;
}
// Get the component parameters
jimport('joomla.application.component.helper');
$params = JComponentHelper::getParams('com_attachments');
// Process each attachment
$logged_in = $user->get('username') != '';
$who_can_add = $params->get('who_can_add');
$some_visible = false;
for ($i = 0, $n = count($attachments); $i < $n; $i++) {
$attach =& $attachments[$i];
$attach->user_may_see = false;
$attach->user_may_modify = false;
// Determine if the user may modify this attachment
// (Nobody may modify attachments without being logged in)
if ($logged_in) {
$attach->user_may_modify = AttachmentsPermissions::user_may_modify_attachment($user, $attach, $article_id, $params);
}
// Determine if the user may see the attachment
$who_can_see = $params->get('who_can_see', 'logged_in');
if ($who_can_see == 'anyone' || $who_can_see == 'logged_in' && $logged_in) {
$attach->user_may_see = true;
$some_visible = true;
}
}
return $some_visible;
}
function attachmentsTableHTML($article_id, $title, $show_file_links, $allow_modify, $from)
{
global $mainframe;
// Load the language files from the backend
$lang =& JFactory::getLanguage();
$lang->load('plg_frontend_attachments', JPATH_ADMINISTRATOR);
// Get the component parameters
jimport('joomla.application.component.helper');
$params = JComponentHelper::getParams('com_attachments');
// Set up to list the attachments for this artticle
$sort_order = $params->get('sort_order', 'filename');
if ($sort_order == 'filename') {
$order_by = "filename";
} else {
if ($sort_order == 'file_size') {
$order_by = "file_size";
} else {
if ($sort_order == 'file_size_desc') {
$order_by = "file_size DESC";
} else {
if ($sort_order == 'description') {
$order_by = "description";
} else {
if ($sort_order == 'create_date') {
$order_by = "create_date";
} else {
if ($sort_order == 'create_date_desc') {
$order_by = "create_date DESC";
} else {
if ($sort_order == 'modification_date') {
$order_by = "modification_date";
} else {
if ($sort_order == 'modification_date_desc') {
$order_by = "modification_date DESC";
} else {
if ($sort_order == 'user_field_1') {
$order_by = "user_field_1";
} else {
if ($sort_order == 'user_field_2') {
$order_by = "user_field_2";
} else {
if ($sort_order == 'user_field_3') {
$order_by = "user_field_3";
} else {
if ($sort_order == 'id') {
$order_by = "id";
} else {
$order_by = "filename";
}
}
}
}
}
}
}
}
}
}
}
}
$db =& JFactory::getDBO();
$query = "SELECT * FROM #__attachments WHERE article_id='{$article_id}' AND published='1' ORDER BY {$order_by}";
$db->setQuery($query);
$rows = $db->loadObjectList();
if (count($rows) == 0) {
return '';
}
// Load the permissions functions
require_once JPATH_SITE . DS . 'components' . DS . 'com_attachments' . DS . 'permissions.php';
// Get the permissions for the attachments for this article
$user =& JFactory::getUser();
if (!AttachmentsPermissions::add_permissions($rows, $user, $article_id)) {
return '';
}
// Scan through the results and see if any of them may be modified
$some_attachments_modifiable = false;
if ($allow_modify) {
foreach ($rows as $row) {
if ($row->user_may_modify) {
$some_attachments_modifiable = true;
break;
}
}
}
// If modifiable, add necessary Javascript for iframe
if ($some_attachments_modifiable) {
$document =& JFactory::getDocument();
$document->addScript(JURI::root(true) . '/media/system/js/modal.js');
JHTML::_('behavior.modal', 'a.modal-button');
}
// Get the plugin options
$style = $params->get('attachments_table_style', 'attachmentsList');
$secure = $params->get('secure', false);
$show_column_titles = $params->get('show_column_titles', false);
$show_description = $params->get('show_description', true);
$show_file_size = $params->get('show_file_size', true);
$show_downloads = $params->get('show_downloads', false);
$show_mod_date = $params->get('show_modification_date', false);
$file_link_open_mode = $params->get('file_link_open_mode', 'in_same_window');
if ($show_mod_date) {
$mod_date_format = $params->get('mod_date_format', 'M-j-Y g:ia');
}
// Construct the title first
$rtitle_str = $params->get('attachments_titles', '');
if (!$title || strlen($title) == 0) {
$title = 'ATTACHMENTS TITLE';
}
if ($rtitle_str != '') {
$rtitle_list = split("[\n|\r]", $rtitle_str);
foreach ($rtitle_list as $rtitle) {
$rchunks = split(' ', $rtitle, 2);
if ($rtitle == '') {
continue;
}
if (count($rchunks) == 1) {
$title = $rtitle;
} else {
if (is_numeric($rchunks[0])) {
if (intval($rchunks[0]) == intval($article_id)) {
$title = trim($rchunks[1]);
break;
}
} else {
$title = $rtitle;
}
}
}
}
$title = JText::_($title);
// Massage some of the attachments info
if ($mainframe->isAdmin()) {
$base_url = $mainframe->getSiteURL();
} else {
$base_url = JURI::Base();
}
$icon_url_base = $base_url . 'components/com_attachments/media/icons/';
// Construct the starting HTML
$html = "\n<div class=\"{$style}\">\n";
$html .= "<table>\n";
$html .= "<caption>{$title}</caption>\n";
// Add the column titles, if requested
if ($show_column_titles) {
$html .= "<thead>\n<tr>";
$html .= "<th class=\"at_filename\">" . JText::_('FILE') . "</th>";
if ($show_description) {
$html .= "<th class=\"at_description\">" . JText::_('DESCRIPTION') . "</th>";
}
if ($params->get('user_field_1_name', '') != '') {
$html .= "<th class=\"at_user_field\">" . $params->get('user_field_1_name', '') . "</th>";
}
if ($params->get('user_field_2_name', '') != '') {
$html .= "<th class=\"at_user_field\">" . $params->get('user_field_2_name', '') . "</th>";
}
if ($params->get('user_field_3_name', '') != '') {
$html .= "<th class=\"at_user_field\">" . $params->get('user_field_3_name', '') . "</th>";
}
if ($show_file_size) {
$html .= "<th class=\"at_file_size\">" . JText::_('FILE SIZE') . "</th>";
}
if ($secure && $show_downloads) {
$html .= "<th class=\"at_downloads\">" . JText::_('DOWNLOADS') . "</th>";
}
if ($show_mod_date) {
$html .= "<th class=\"at_mod_date\">" . JText::_('LAST MODIFIED') . "</th>";
}
if ($some_attachments_modifiable) {
$html .= "<th class=\"at_modify\"> </th>";
}
$html .= "</tr>\n</thead>\n";
}
$html .= "<tbody>\n";
// Construct the lines for the attachments
$row_num = 0;
for ($i = 0, $n = count($rows); $i < $n; $i++) {
$row =& $rows[$i];
// Skip this one if it should not be visible
if (!$row->user_may_see) {
continue;
}
$row_num++;
if ($row_num & 1 == 1) {
$html .= '<tr class="odd">';
} else {
$html .= '<tr class="even">';
}
// Construct some display items
if (strlen($row->icon_filename) > 0) {
$icon_url = $icon_url_base . $row->icon_filename;
} else {
$icon_url = $icon_url_base . 'generic.gif';
}
if ($show_file_size) {
$file_size = intval($row->file_size / 1024.0);
}
if ($show_mod_date) {
jimport('joomla.utilities.date');
$date = new JDate($row->modification_date, -$mainframe->getCfg('offset'));
$last_modified = $date->toFormat($mod_date_format);
}
// Add the filename
$target = '';
if ($file_link_open_mode == 'new_window') {
$target = ' target="_blank"';
}
$html .= '<td class="at_filename">';
if (strlen($row->display_filename) == 0) {
$filename = $row->filename;
} else {
$filename = $row->display_filename;
}
if ($show_file_links) {
if ($secure) {
$url = "index.php?option=com_attachments&task=download&id=" . $row->id;
$url = JRoute::_($url);
} else {
$url = $base_url . $row->url;
}
$tooltip = JText::_('DOWNLOAD THIS FILE') . ' (' . $row->filename . ')';
$html .= "<a class=\"at_icon\" href=\"{$url}\"{$target} title=\"{$tooltip}\"><img src=\"{$icon_url}\" alt=\"{$tooltip}\" /></a>";
$html .= "<a class=\"at_url\" href=\"{$url}\"{$target} title=\"{$tooltip}\">{$filename}</a>";
} else {
$tooltip = JText::_('DOWNLOAD THIS FILE') . ' (' . $row->filename . ')';
$html .= "<img src=\"{$icon_url}\" alt=\"{$tooltip}\" /> ";
$html .= $filename;
}
$html .= "</td>";
// Add description (maybe)
if ($show_description) {
$description = $row->description;
if (strlen($description) == 0) {
$description = ' ';
}
if ($show_column_titles) {
$html .= "<td class=\"at_description\">{$description}</td>";
} else {
$html .= "<td class=\"at_description\">[{$description}]</td>";
}
}
// Show the USER DEFINED FIELDs (maybe)
if ($params->get('user_field_1_name', '') != '') {
$user_field = $row->user_field_1;
if (strlen($user_field) == 0) {
$user_field = ' ';
}
if ($show_column_titles) {
$html .= "<td class=\"at_user_field\">" . $user_field . "</td>";
} else {
$html .= "<td class=\"at_user_field\">[" . $user_field . "]</td>";
}
}
if ($params->get('user_field_2_name', '') != '') {
$user_field = $row->user_field_2;
if (strlen($user_field) == 0) {
$user_field = ' ';
}
if ($show_column_titles) {
$html .= "<td class=\"at_user_field\">" . $user_field . "</td>";
} else {
$html .= "<td class=\"at_user_field\">[" . $user_field . "]</td>";
}
}
if ($params->get('user_field_3_name', '') != '') {
$user_field = $row->user_field_3;
if (strlen($user_field) == 0) {
$user_field = ' ';
}
if ($show_column_titles) {
$html .= "<td class=\"at_user_field\">" . $user_field . "</td>";
} else {
$html .= "<td class=\"at_user_field\">[" . $user_field . "]</td>";
}
}
// Add file size (maybe)
if ($show_file_size) {
$html .= "<td class=\"at_file_size\">{$file_size} Kb</td>";
}
// Show number of downloads (maybe)
if ($secure && $show_downloads) {
$num_downloads = intval($row->download_count);
$label = '';
if (!$show_column_titles) {
if ($num_downloads == 1) {
$label = ' ' . JText::_('DOWNLOAD NOUN');
} else {
$label = ' ' . JText::_('DOWNLOADS');
}
}
$html .= '<td class="at_downloads">' . $num_downloads . $label . '</td>';
}
// Add the modification date (maybe)
if ($show_mod_date) {
$html .= "<td class=\"at_mod_date\">{$last_modified}</td>";
}
// Add the link to delete the article, if requested
if ($some_attachments_modifiable && $row->user_may_modify) {
// Create the delete link
$url = "index.php?option=com_attachments&task=update&id={$row->id}";
$url .= "&from=closeme&tmpl=component";
$url = JRoute::_($url);
$update_img = $base_url . 'components/com_attachments/media/pencil.gif';
$tooltip = JText::_('UPDATE THIS FILE') . ' (' . $row->filename . ')';
$update_link = '<a class="modal-button" type="button" href="' . $url . '"';
$update_link .= " rel=\"{handler: 'iframe', size: {x: 800, y: 530}}\"";
$update_link .= " title=\"{$tooltip}\"><img src=\"{$update_img}\" alt=\"{$tooltip}\" /></a>";
// Create the delete link
$url = "index.php?option=com_attachments&task=delete_warning&id={$row->id}&artid={$article_id}";
if ($from) {
// Add a var to give a hint of where to return to
$url .= "&from={$from}";
} else {
$url .= "&from=closeme";
}
$url .= "&tmpl=component";
$url = JRoute::_($url);
$delete_img = $base_url . 'components/com_attachments/media/delete.gif';
$tooltip = JText::_('DELETE THIS FILE') . ' (' . $row->filename . ')';
$del_link = '<a class="modal-button" type="button" href="' . $url . '"';
$del_link .= " rel=\"{handler: 'iframe', size: {x: 600, y: 300}}\"";
$del_link .= " title=\"{$tooltip}\"><img src=\"{$delete_img}\" alt=\"{$tooltip}\" /></a>";
$html .= "<td class=\"at_modify\">{$update_link} {$del_link}</td>";
}
$html .= "</tr>\n";
}
// Close the HTML
$html .= "</tbody></table></div>\n";
return $html;
}
function plgSearchAttachments($text, $phrase = '', $ordering = '', $areas = null)
{
$db =& JFactory::getDBO();
$user =& JFactory::getUser();
// Exit if the search does not include attachments
if (is_array($areas)) {
if (!array_intersect($areas, array_keys(plgSearchAttachmentAreas()))) {
return array();
}
}
// Make sure we have something to search for
$text = trim($text);
if ($text == '') {
return array();
}
// load plugin params info
$plugin =& JPluginHelper::getPlugin('search', 'attachments');
$pluginParams = new JParameter($plugin->params);
$limit = $pluginParams->def('search_limit', 50);
// Get the component parameters
jimport('joomla.application.component.helper');
$attachParams = JComponentHelper::getParams('com_attachments');
$secure = $attachParams->get('secure', false);
$user_field_1 = false;
if (strlen($attachParams->get('user_field_1_name', '')) > 0) {
$user_field_1 = true;
$user_field_1_name = $attachParams->get('user_field_1_name');
}
$user_field_2 = false;
if (strlen($attachParams->get('user_field_2_name', '')) > 0) {
$user_field_2 = true;
$user_field_2_name = $attachParams->get('user_field_2_name');
}
$user_field_3 = false;
if (strlen($attachParams->get('user_field_3_name', '')) > 0) {
$user_field_3 = true;
$user_field_3_name = $attachParams->get('user_field_3_name');
}
$wheres = array();
switch ($phrase) {
case 'exact':
$text = $db->Quote('%' . $db->getEscaped($text, true) . '%', false);
$user_fields_sql = '';
if ($user_field_1) {
$user_fields_sql .= " OR (LOWER(a.user_field_1) LIKE {$text})";
}
if ($user_field_2) {
$user_fields_sql .= " OR (LOWER(a.user_field_2) LIKE {$text})";
}
if ($user_field_3) {
$user_fields_sql .= " OR (LOWER(a.user_field_3) LIKE {$text})";
}
$where = "((LOWER(a.filename) LIKE {$text})" . " OR (LOWER(a.display_filename) LIKE {$text})" . $user_fields_sql . " OR (LOWER(a.description) LIKE {$text}))";
break;
default:
$words = explode(' ', $text);
$wheres = array();
foreach ($words as $word) {
$word = $db->Quote('%' . $db->getEscaped($word, true) . '%', false);
$wheres2 = array();
$wheres2[] = "LOWER(a.filename) LIKE {$word}";
$wheres2[] = "LOWER(a.display_filename) LIKE {$word}";
if ($user_field_1) {
$wheres2[] = "LOWER(a.user_field_1) LIKE {$word}";
}
if ($user_field_2) {
$wheres2[] = "LOWER(a.user_field_2) LIKE {$word}";
}
if ($user_field_3) {
$wheres2[] = "LOWER(a.user_field_3) LIKE {$word}";
}
$wheres2[] = "LOWER(a.description) LIKE {$word}";
$wheres[] = implode(' OR ', $wheres2);
}
$where = '(' . implode($phrase == 'all' ? ') AND (' : ') OR (', $wheres) . ')';
break;
}
// Set up the sorting
switch ($ordering) {
case 'oldest':
$order = 'a.create_date ASC';
break;
case 'newest':
$order = 'a.create_date DESC';
break;
case 'alpha':
default:
$order = 'a.filename DESC';
}
// Load the permissions functions
require_once JPATH_SITE . DS . 'components' . DS . 'com_attachments' . DS . 'permissions.php';
$user =& JFactory::getUser();
// Construct and execute the query
$query = 'SELECT *, a.id as attachment_id, c.title as article_title' . ' FROM #__attachments AS a' . ' LEFT JOIN #__content as c ON a.article_id = c.id' . ' WHERE (' . $where . ')' . ' AND a.published = 1' . ' ORDER BY ' . $order;
$db->setQuery($query, 0, $limit);
$rows = $db->loadObjectList();
$count = count($rows);
$k = 0;
$results = array();
for ($i = 0; $i < $count; $i++) {
// Do not add the attachment if the user may not access it
if (!AttachmentsPermissions::user_may_access_attachment($user, $rows[$i]->id)) {
continue;
}
// Construct the download URL if necessary
if ($secure) {
$rows[$i]->href = JRoute::_("index.php?option=com_attachments&task=download&id=" . $rows[$i]->attachment_id);
} else {
$rows[$i]->href = $rows[$i]->url;
}
if ($rows[$i]->display_filename && strlen($rows[$i]->display_filename) > 0) {
$rows[$i]->title = $rows[$i]->display_filename;
} else {
$rows[$i]->title = $rows[$i]->filename;
}
// Set the text to the string containing the search target
if (strlen($rows[$i]->display_filename) > 0) {
$text = $rows[$i]->display_filename . " (" . JText::_('FILENAME COLON') . " " . $rows[$i]->filename . ") ";
} else {
$text = JText::_('FILENAME COLON') . " " . $rows[$i]->filename;
}
if (strlen($rows[$i]->description) > 0) {
$text .= " | " . JText::_('DESCRIPTION COLON') . $rows[$i]->description;
}
if ($user_field_1 && strlen($rows[$i]->user_field_1) > 0) {
$text .= " | " . $user_field_1_name . ": " . $rows[$i]->user_field_1;
}
if ($user_field_2 && strlen($rows[$i]->user_field_2) > 0) {
$text .= " | " . $user_field_2_name . ": " . $rows[$i]->user_field_2;
}
if ($user_field_3 && strlen($rows[$i]->user_field_3) > 0) {
$text .= " | " . $user_field_3_name . ": " . $rows[$i]->user_field_3;
}
$rows[$i]->text = $text;
$rows[$i]->created = $rows[$i]->create_date;
$rows[$i]->browsernav = 2;
$rows[$i]->section = JText::_('ATTACHED TO ARTICLE') . ": " . $rows[$i]->article_title;
$results[$k] = $rows[$i];
$k++;
}
return $results;
}
function saveNew()
{
// Check for request forgeries
JRequest::checkToken() or die('Invalid Token');
// Make sure we have a user
$user =& JFactory::getUser();
if ($user->get('username') == '') {
$errmsg = JText::_('ERROR MUST BE LOGGED IN TO UPLOAD ATTACHMENT');
JError::raiseError(500, $errmsg);
}
// Make sure we have a valid article ID
require_once JPATH_BASE . DS . '..' . DS . 'components' . DS . 'com_attachments' . DS . 'helper.php';
$article_id = AttachmentsHelper::valid_article_id($_POST['article_id']);
if ($article_id == -1) {
// Save the warning message for the pop-up window
// ???
// echo "<script>SqueezeBox.fromElement('<a href=\"index.php\"></a>')</script>";
// echo "<script>document.getElementById('sbox-window').open()</script>";
// require_once(JPATH_BASE.DS.'..'.DS.'components'.DS.'com_attachments'.DS.'helper.php');
// $msg = JText::_('ERROR MUST SELECT ARTICLE');
// AttachmentsHelper::save_warning_message($msg);
// $button->set('options', "{handler: 'iframe', size: {x: 400, y: 300}}");
// $link = "index.php?option=com_attachments&task=warning&tmpl=component";
$errmsg = JText::_('ERROR MUST SELECT ARTICLE');
echo "<script> alert('{$errmsg}'); window.history.go(-1); </script>\n";
// exit();
}
// Make sure this user has permission to upload (should never fail with admin?)
require_once JPATH_COMPONENT_SITE . DS . 'permissions.php';
if (!AttachmentsPermissions::user_may_add_attachment($user, $article_id)) {
$errmsg = JText::_('ERROR NO PERMISSION TO UPLOAD');
JError::raiseError(500, $errmsg);
exit;
}
// Set up the new record
$row =& JTable::getInstance('Attachments', 'Table');
if (!$row->bind(JRequest::get('post'))) {
JError::raiseError(500, $row->getError());
}
$row->uploader_id = $user->get('id');
$row->article_id = $article_id;
// Handle 'from' clause
$from = JRequest::getVar('from', ' (no from)');
$msg = AttachmentsHelper::upload_file($row, $article_id);
// See where to go to next
global $option;
switch ($this->_task) {
case 'applyNew':
$link = 'index.php?option=' . $option . '&task=edit&cid[]=' . $row->id;
break;
case 'saveNew':
default:
$link = 'index.php?option=' . $option;
break;
}
// If called from the editor, go back to it
if ($from == 'editor') {
$link = 'index.php?option=com_content&task=edit&cid[]=' . $article_id;
}
// If we are supposed to close this iframe, do it now.
if ($from == 'closeme') {
echo "<script language=\"javascript\" type=\"text/javascript\">window.parent.document.getElementById('sbox-window').close()</script>";
exit;
}
$this->setRedirect($link, $msg);
}
function update()
{
require_once JPATH_COMPONENT_SITE . DS . 'helper.php';
// Call with: index.php?option=com_attachments&task=update&id=1&tmpl=component
// or: component/attachments/update/id/1/tmpl/component
// Make sure we have a valid attachment ID
$id = JRequest::getVar('id');
if (is_numeric($id)) {
$id = intval($id);
} else {
$errmsg = JText::_('ERROR INVALID ATTACHMENT ID') . " ({$id})";
JError::raiseError(500, $errmsg);
exit;
}
// Get the attachment record
$attachment =& JTable::getInstance('attachments', 'Table');
if (!$attachment->load($id)) {
$errmsg = JText::_('ERROR CANNOT UPDATE ATTACHMENT INVALID ID') . " ({$id})";
JError::raiseError(500, $errmsg);
exit;
}
// Get the component parameters
jimport('joomla.application.component.helper');
$params = JComponentHelper::getParams('com_attachments');
// Verify that this user may add attachments to this article
$user =& JFactory::getUser();
$article_id = $attachment->article_id;
$article_title = AttachmentsHelper::get_article_title($article_id);
require_once JPATH_COMPONENT_SITE . DS . 'permissions.php';
if (!AttachmentsPermissions::user_may_modify_attachment($user, $attachment, $article_id, $params)) {
$errmsg = JText::_('ERROR NO PERMISSION TO UPLOAD');
JError::raiseError(500, $errmsg);
exit;
}
// Make sure the attachments directory exists
$upload_subdir = $params->get('attachments_subdir', 'attachments');
if ($upload_subdir == '') {
$upload_subdir = 'attachments';
}
$upload_dir = JPATH_BASE . DS . $upload_subdir;
$secure = $params->get('secure', false);
if (!AttachmentsHelper::setup_upload_directory($upload_dir, $secure)) {
$errmsg = JText::_('ERROR UNABLE TO SETUP UPLOAD DIR');
JError::raiseError(500, $errmsg);
}
// Set up the view
require_once JPATH_COMPONENT_SITE . DS . 'views' . DS . 'update' . DS . 'view.php';
$view = new AttachmentsViewUpdate();
$view->assign('update_file', JRequest::getVar('change', false));
$view->assign('save_url', "index.php?option=com_attachments&task=save&tmpl=component");
$view->assign('attachment_id', $id);
$view->assign('article_id', $article_id);
$view->assign('article_title', $article_title);
$view->assign('filename', $attachment->filename);
$view->assign('description', $attachment->description);
$view->assign('display_filename', $attachment->display_filename);
$view->assign('user_field_1', $attachment->user_field_1);
$view->assign('user_field_2', $attachment->user_field_2);
$view->assign('user_field_3', $attachment->user_field_3);
$view->assign('from', JRequest::getVar('from', 'closeme'));
$view->assign('Itemid', JRequest::getVar('Itemid', 1));
$view->assignRef('params', $params);
$view->display(null, false, false, false);
}
/**
* Test to see whether a user may edit a specified category
*
* @dataProvider provider
*
* @param int $user_id the id of the user to test
* @param string $username the username (for error printouts)
* @param int $cat_id the id of the category to test
* @param int $may_edit the expected result of the test
*/
public function testCategoryEdit($user_id, $username, $cat_id, $may_edit)
{
$result = AttachmentsPermissions::userMayEditCategory((int) $cat_id, (int) $user_id);
$errmsg = "----> Failed test for {$username} edit category {$cat_id}, expected {$may_edit}, got {$result}";
$this->assertEquals($result, (bool) $may_edit, $errmsg);
}
/**
* Setting the toolbar
*/
protected function addToolBar()
{
require_once JPATH_COMPONENT_ADMINISTRATOR . '/permissions.php';
$canDo = AttachmentsPermissions::getActions();
$toolbar = JToolBar::getInstance('toolbar');
JToolBarHelper::title(JText::_('ATTACH_ATTACHMENTS'), 'attachments.png');
if ($canDo->get('core.create')) {
JToolBarHelper::addNew('attachment.add');
}
if ($canDo->get('core.edit') or $canDo->get('core.edit.own')) {
JToolBarHelper::editList('attachment.edit');
}
if ($canDo->get('core.edit.state') or $canDo->get('attachments.edit.state.own')) {
JToolBarHelper::divider();
JToolBarHelper::publishList('attachments.publish');
JToolBarHelper::unpublishList('attachments.unpublish');
}
if ($canDo->get('core.delete') or $canDo->get('attachments.delete.own')) {
JToolBarHelper::divider();
JToolBarHelper::deleteList('', 'attachments.delete');
}
if ($canDo->get('core.admin')) {
JToolBarHelper::divider();
JToolBarHelper::custom('params.edit', 'options', 'options', 'JTOOLBAR_OPTIONS', false);
$icon_name = 'adminUtils';
if (version_compare(JVERSION, '3.0', 'ge')) {
$icon_name = 'wrench';
}
// Add a button for extra admin commands
$toolbar->appendButton('Popup', $icon_name, 'ATTACH_UTILITIES', 'index.php?option=com_attachments&task=adminUtils&tmpl=component', 800, 500);
}
JToolBarHelper::divider();
// Manually add a help button for the help view
$url = 'index.php?option=com_attachments&task=help&tmpl=component';
$help = ' ' . JText::_('JTOOLBAR_HELP') . ' ';
if (version_compare(JVERSION, '3.0', 'ge')) {
$link = "<button class=\"btn btn-small\" rel=\"help\" href=\"#\" ";
$link .= "onclick=\"Joomla.popupWindow('{$url}', 'Help', 800, 650, 1)\"> ";
$link .= "<i class=\"icon-question-sign\"></i>{$help}</button>";
} else {
$link = '<a class="toolbar" rel="help" href="#" ';
$link .= "onclick=\"Joomla.popupWindow('{$url}', 'Help', 800, 650, 1)\"> ";
$link .= "<span class=\"icon-32-help\"> </span>{$help}</a>";
}
$toolbar->appendButton('Custom', $link, 'toolbar-help');
}
