Example #1
0
 /**
  * Method override to check if you can edit an existing record.
  *
  * @param   array   $data  An array of input data.
  * @param   string  $key   The name of the key for the primary key.
  *
  * @return  boolean
  *
  * @since   1.6
  */
 protected function allowEdit($data = array(), $key = 'id')
 {
     // get user object.
     $user = JFactory::getUser();
     // get record id.
     $recordId = (int) isset($data[$key]) ? $data[$key] : 0;
     if (!$user->authorise('core.options', 'com_costbenefitprojection')) {
         // make absolutely sure that this company can be edited
         $companies = CostbenefitprojectionHelper::hisCompanies($user->id);
         if (!CostbenefitprojectionHelper::checkArray($companies) || !in_array($recordId, $companies)) {
             return false;
         }
     }
     // ensure lockdown
     $userIs = CostbenefitprojectionHelper::userIs($user->id);
     if (1 != $userIs && !CostbenefitprojectionHelper::accessCompany($recordId)) {
         // this company is locked
         return false;
     }
     // Access check.
     $access = $user->authorise('company.access', 'com_costbenefitprojection.company.' . (int) $recordId) && $user->authorise('company.access', 'com_costbenefitprojection');
     if (!$access) {
         return false;
     }
     if ($recordId) {
         // The record has been set. Check the record permissions.
         $permission = $user->authorise('company.edit', 'com_costbenefitprojection.company.' . (int) $recordId);
         if (!$permission && !is_null($permission)) {
             if ($user->authorise('company.edit.own', 'com_costbenefitprojection.company.' . $recordId)) {
                 // Now test the owner is the user.
                 $ownerId = (int) isset($data['created_by']) ? $data['created_by'] : 0;
                 if (empty($ownerId)) {
                     // Need to do a lookup from the model.
                     $record = $this->getModel()->getItem($recordId);
                     if (empty($record)) {
                         return false;
                     }
                     $ownerId = $record->created_by;
                 }
                 // If the owner matches 'me' then allow.
                 if ($ownerId == $user->id) {
                     if ($user->authorise('company.edit.own', 'com_costbenefitprojection')) {
                         return true;
                     }
                 }
             }
             return false;
         }
     }
     // Since there is no permission, revert to the component permissions.
     return $user->authorise('company.edit', $this->option);
 }
Example #2
0
 /**
  * Method override to check if you can edit an existing record.
  *
  * @param	array	$data	An array of input data.
  * @param	string	$key	The name of the key for the primary key.
  *
  * @return	boolean
  * @since	2.5
  */
 protected function allowEdit($data = array(), $key = 'id')
 {
     // Check specific edit permission then general edit permission.
     $user = JFactory::getUser();
     $recordId = (int) isset($data[$key]) ? $data[$key] : 0;
     if (!$user->authorise('core.options', 'com_costbenefitprojection')) {
         // make absolutely sure that this company can be edited
         $companies = CostbenefitprojectionHelper::hisCompanies($user->id);
         if (!CostbenefitprojectionHelper::checkArray($companies) || !in_array($recordId, $companies)) {
             return false;
         }
     }
     // ensure lockdown
     $userIs = CostbenefitprojectionHelper::userIs($user->id);
     if (1 != $userIs && !CostbenefitprojectionHelper::accessCompany($recordId)) {
         // this company is locked
         return false;
     }
     return $user->authorise('company.edit', 'com_costbenefitprojection.company.' . ((int) isset($data[$key]) ? $data[$key] : 0)) or $user->authorise('company.edit', 'com_costbenefitprojection');
 }