/** * Checks if the user is allowed to edit an item * * * @param int $allowowner * @param int $ownerid * @param int $recurse * @param int $level * @return boolean True on success */ static function editaccess($allowowner, $ownerid, $recurse, $level) { $user = JFactory::getUser(); $generalaccess = JEMUser::validate_user($recurse, $level); if ($allowowner == 1 && ($user->get('id') == $ownerid && $ownerid != 0)) { return true; } elseif ($generalaccess == 1) { return true; } return false; }
/** * logic to get the categories * * @return void */ public function getCategories() { $user = JFactory::getUser(); $jemsettings = JEMHelper::config(); $userid = (int) $user->get('id'); $superuser = JEMUser::superuser(); $db = JFactory::getDbo(); $query = $db->getQuery(true); $query->select(array('c.*')); $query->from($db->quoteName('#__jem_categories') . ' AS c'); $query->where(array('c.published = 1 ')); $query->order(array('c.parent_id', 'c.ordering')); $db->setQuery($query); $mitems = $db->loadObjectList(); # Check for a database error. if ($db->getErrorNum()) { JError::raiseNotice(500, $db->getErrorMsg()); } if (!$mitems) { $mitems = array(); $children = array(); $parentid = $mitems; } else { $mitems_temp = $mitems; $children = array(); # First pass - collect children foreach ($mitems as $v) { $pt = $v->parent_id; $list = @$children[$pt] ? $children[$pt] : array(); array_push($list, $v); $children[$pt] = $list; } $parentid = intval($mitems[0]->parent_id); } # get list of the items $list = JemCategories::treerecurse($parentid, '', array(), $children, 9999, 0, 0); return $list; }
protected function getOptions() { // Initialise variables. $options = array(); $published = $this->element['published'] ? $this->element['published'] : array(0, 1); $name = (string) $this->element['name']; $action = (string) $this->element['action']; $frontedit = $this->element['frontedit']; $jinput = JFactory::getApplication()->input; $db = JFactory::getDbo(); $a_id = $jinput->get('a_id', null); // retrieve data if ($frontedit) { $user = JFactory::getUser(); $jemsettings = JEMHelper::config(); $userid = (int) $user->get('id'); $superuser = JEMUser::superuser(); $levels = $user->getAuthorisedViewLevels(); $settings = JemHelper::globalattribs(); $guestcat = $settings->get('guest_category', '0'); $jinput = JFactory::getApplication()->input; $valguest = JEMUser::validate_guest(); $name = (string) $this->element['name']; $db = JFactory::getDbo(); $auth_joomlagr = $user->getAuthorisedGroups(); $oldCat = 0; $query = $db->getQuery(true)->select('a.id AS value, a.catname AS text, a.level, a.published')->from('#__jem_categories AS a')->join('LEFT', $db->quoteName('#__jem_categories') . ' AS b ON a.lft > b.lft AND a.rgt < b.rgt'); if (is_numeric($published)) { $query->where('a.published = ' . (int) $published); } elseif (is_array($published)) { JArrayHelper::toInteger($published); $query->where('a.published IN (' . implode(',', $published) . ')'); } // specific code if (!$valguest) { $validated = false; if ($superuser) { // no need to restrict to category's $validated = true; } if (!$validated) { // in this case it's going to be difficult // catch the groupnumber of the user+add rights $query2 = $db->getQuery(true); $query2->select(array('gr.id')); $query2->from($db->quoteName('#__jem_groups') . ' AS gr'); $query2->join('LEFT', '#__jem_groupmembers AS g ON g.group_id = gr.id'); $query2->where(array('g.member = ' . (int) $user->get('id'), $db->quoteName('gr.addevent') . ' =1', 'g.member NOT LIKE 0')); $db->setQuery($query2); $groupnumber = $db->loadColumn(); // is the user member of a group with edit rights? if ($groupnumber) { // restrict submission into maintained categories only $query->where(array('a.groupid IN (' . implode(',', $groupnumber) . ')')); } else { return false; } } } else { // $specified guest category $query->where(array('a.id = ' . $guestcat)); } $query->group('a.id, a.catname, a.level, a.lft, a.rgt, a.parent_id, a.published')->order('a.lft ASC'); $db->setQuery($query); } try { $options = $db->loadObjectList(); } catch (RuntimeException $e) { JError::raiseWarning(500, $e->getMessage); } // Pad the option text with spaces using depth level as a multiplier. for ($i = 0, $n = count($options); $i < $n; $i++) { // remove root if ($this->element['removeroot'] == true) { if ($options[$i]->level == 0) { unset($options[$i]); continue; } $options[$i]->level = $options[$i]->level - 1; } if ($options[$i]->published == 1) { $options[$i]->text = str_repeat('- ', $options[$i]->level) . $options[$i]->text; } else { $options[$i]->text = str_repeat('- ', $options[$i]->level) . '[' . $options[$i]->text . ']'; } } // Merge any additional options in the XML definition. $options = array_merge(parent::getOptions(), $options); return $options; }
static function statuslabel($published = false) { # @todo check function $user = JFactory::getUser(); $app = JFactory::getApplication(); $userId = $user->get('id'); $admin = JEMUser::superuser(); $status = ''; if ($published != 1 && $published != 2 && $admin) { # determine the type and set variables switch ($published) { case '1': $status = 'JPUBLISHED'; break; case '0': $status = 'JUNPUBLISHED'; break; case '2': $status = 'JARCHIVED'; break; case '-2': $status = 'JTRASHED'; break; } return '<span class="label">' . JText::_($status) . '</span>'; } }
/** * Method to get the record form. * * @param array $data Data for the form. * @param boolean $loadData True if the form is to load its own data (default case), false if not. * @return mixed A JForm object on success, false on failure * */ public function getForm($data = array(), $loadData = true) { // Get the form. $form = $this->loadForm('com_jem.event', 'event', array('control' => 'jform', 'load_data' => $loadData)); if (empty($form)) { return false; } $jemsettings = JemHelper::config(); $app = JFactory::getApplication(); if ($app->isAdmin()) { $backend = true; } else { $backend = false; } if ($this->getState('event.id')) { // existing event $pk = $this->getState('event.id'); $item = $this->getItem($pk); if ($item->recurrence_group) { # the event is part of a recurrence_group # # we can disable the dates if needed /* $form->setFieldAttribute('dates', 'disabled', 'true'); */ /* $form->setFieldAttribute('enddates', 'disabled', 'true'); */ } if ($item->recurrence_groupcheck) { # disable recurrence fields $form->removeField('recurrence_count'); $form->removeField('recurrence_exdates'); $form->removeField('recurrence_freq'); $form->removeField('recurrence_interval'); $form->removeField('recurrence_until'); $form->removeField('recurrence_weekday'); } if (!empty($item->meta_keywords)) { $meta_keywords = $item->meta_keywords; } else { $meta_keywords = $jemsettings->meta_keywords; } $form->setFieldAttribute('meta_keywords', 'default', $meta_keywords); if (!empty($item->meta_description)) { $meta_description = $item->meta_description; } else { $meta_description = $jemsettings->meta_description; } $form->setFieldAttribute('meta_description', 'default', $meta_description); } else { // new event // specific backend settings if ($backend) { $settings = JemHelper::globalattribs(); $registering = $settings->get('registering_b'); $form->setFieldAttribute('registra', 'default', $registering); $unregistering = $settings->get('unregistering_b'); $form->setFieldAttribute('unregistra', 'default', $unregistering); } else { $veditevent = JemHelper::viewSettings('veditevent'); $registering = $veditevent->get('registering'); $form->setFieldAttribute('registra', 'default', $registering); $unregistering = $veditevent->get('unregistering'); $form->setFieldAttribute('unregistra', 'default', $unregistering); } $meta_keywords = $jemsettings->meta_keywords; $form->setFieldAttribute('meta_keywords', 'default', $meta_keywords); $meta_description = $jemsettings->meta_description; $form->setFieldAttribute('meta_description', 'default', $meta_description); } $settings = JemHelper::globalattribs(); $valguest = JEMUser::validate_guest(); $asCaptcha = $settings->get('guest_as_captcha', '0'); $asMath = $settings->get('guest_as_math', '0'); if (!$valguest) { $form->removeField('captcha'); $form->removeField('mathquiz'); $form->removeField('mathquiz_answer'); $form->removeField('timeout'); } if ($valguest && !$asMath) { $form->removeField('mathquiz'); $form->removeField('mathquiz_answer'); $form->setFieldAttribute('articletext', 'buttons', 'false'); } if ($valguest && !$asCaptcha) { $form->removeField('captcha'); $form->setFieldAttribute('articletext', 'buttons', 'false'); } return $form; }
/** * Method override to check if you can edit an existing record. * @todo: check if the user is allowed to edit/save * * @param array $data An array of input data. * @param string $key The name of the key for the primary key. * * @return boolean */ protected function allowEdit($data = array(), $key = 'id') { // Initialise variables. $recordId = (int) isset($data[$key]) ? $data[$key] : 0; $user = JFactory::getUser(); $userId = $user->get('id'); $asset = 'com_jem.event.' . $recordId; // Check general edit permission first. if ($user->authorise('core.edit', $asset)) { return true; } // Fallback on edit.own. // First test if the permission is available. if ($user->authorise('core.edit.own', $asset)) { // Now test the owner is the user. $ownerId = (int) isset($data['created_by']) ? $data['created_by'] : 0; if (empty($ownerId) && $recordId) { // Need to do a lookup from the model. $record = $this->getModel()->getItem($recordId); if (empty($record)) { return false; } $ownerId = $record->created_by; } // If the owner matches 'me' then do the test. if ($ownerId == $userId) { return true; } } $record = $this->getModel()->getItem($recordId); $jemsettings = JEMHelper::config(); $editaccess = JEMUser::editaccess($jemsettings->eventowner, $record->created_by, $jemsettings->eventeditrec, $jemsettings->eventedit); $maintainer = JEMUser::ismaintainer('edit', $record->id); if ($maintainer || $editaccess) { return true; } // Since there is no asset tracking, revert to the component permissions. return parent::allowEdit($data, $key); }
/** * Store */ public function store($updateNulls = true) { $date = JFactory::getDate(); $user = JFactory::getUser(); $jinput = JFactory::getApplication()->input; $app = JFactory::getApplication(); $jemsettings = JEMHelper::config(); $settings = JemHelper::globalattribs(); $valguest = JEMUser::validate_guest(); $guest_fldstatus = $settings->get('guest_fldstatus', '0'); // Check if we're in the front or back if ($app->isAdmin()) { $backend = true; } else { $backend = false; } if ($this->id) { // Existing event $this->modified = $date->toSql(); $this->modified_by = $user->get('id'); } else { // New event if (!intval($this->created)) { $this->created = $date->toSql(); } if (empty($this->created_by)) { $this->created_by = $user->get('id'); } } // Check if image was selected jimport('joomla.filesystem.file'); $image_dir = JPATH_SITE . '/images/jem/events/'; $allowable = array('gif', 'jpg', 'png'); $image_to_delete = false; // get image (frontend) - allow "removal on save" (Hoffi, 2014-06-07) if (!$backend) { if ($jemsettings->imageenabled == 2 || $jemsettings->imageenabled == 1) { $file = JFactory::getApplication()->input->files->get('userfile', '', 'array'); $removeimage = JFactory::getApplication()->input->get('removeimage', '', 'int'); if (!empty($file['name'])) { //check the image $check = JEMImage::check($file, $jemsettings); if ($check !== false) { //sanitize the image filename $filename = JemHelper::sanitize($image_dir, $file['name']); $filepath = $image_dir . $filename; if (JFile::upload($file['tmp_name'], $filepath)) { $image_to_delete = $this->datimage; // delete previous image $this->datimage = $filename; } } } elseif (!empty($removeimage)) { // if removeimage is non-zero remove image from event // (file will be deleted later (e.g. housekeeping) if unused) $image_to_delete = $this->datimage; $this->datimage = ''; } } // end image if } // if (!backend) $format = JFile::getExt($image_dir . $this->datimage); if (!in_array($format, $allowable)) { $this->datimage = ''; } if (!$backend) { /* check if the user has the required rank for autopublish */ $maintainer = JEMUser::ismaintainer('publish'); $autopubev = JEMUser::validate_user($jemsettings->evpubrec, $jemsettings->autopubl); if (!($autopubev || $maintainer || $user->authorise('core.edit', 'com_jem'))) { if ($valguest) { $this->published = $guest_fldstatus; } else { $this->published = 0; } } } ################ ## RECURRENCE ## ################ # check if recurrence_groupcheck is true $rec_groupcheck = $jinput->getInt('recurrence_check'); if ($rec_groupcheck) { # the check returned true, so it's considered as an edit # Retrieve id of current event from recurrence_table # as the check was true we can skip the groupid=groupid_ref from the where statement # but to be sure it's added here too $db = JFactory::getDbo(); $query = $db->getQuery(true); $query->select('id'); $query->from($db->quoteName('#__jem_recurrence')); $query->where(array('groupid = groupid_ref ', 'itemid= ' . $this->id)); $db->setQuery($query); $recurrenceid = $db->loadResult(); if ($recurrenceid) { # Retrieve recurrence-table $recurrence_table = JTable::getInstance('Recurrence', 'JEMTable'); # Load row-data $recurrence_table->load($recurrenceid); # We want to skip this event from Ical output /* $recurrence_table->exdate = $this->dates.'T'.$this->times; */ # it's a delete of the set so groupid_ref will be blanked /* $recurrence_table->groupid_ref = ""; */ # it's an edit and not a delete so groupid_ref won't be adjusted # but we will set the recurrence_id field, as this event has been adjusted and contains # info that's not inline with original recurrence-info $var2 = $recurrence_table->startdate_org; $var3 = new JDate($var2); $var4 = $var3->format('Ymd\\THis\\Z'); $recurrence_table->recurrence_id = $var4; # Store fields $recurrence_table->store(); } } # check if the field recurrence_group is filled and if the recurrence_type has been set # if the type has been set then it's part of recurrence and we should have a recurrence_group number if (empty($this->recurrence_group) && $this->recurrence_freq) { $this->recurrence_group = mt_rand(0, 9999); } ## END RECURRENCE ## return parent::store($updateNulls); }
/** * Creates the Simple List View */ function display($tpl = null) { // initialize variables $state = $this->get('State'); $document = JFactory::getDocument(); $app = JFactory::getApplication(); $jinput = $app->input; $jemsettings = JemHelper::config(); $settings = JemHelper::globalattribs(); $menu = $app->getMenu(); $menuitem = $menu->getActive(); $params = $state->params; $uri = JFactory::getURI(); $db = JFactory::getDBO(); $user = JFactory::getUser(); $itemid = $jinput->getInt('id', 0) . ':' . $jinput->getInt('Itemid', 0); $print = $jinput->getBool('print'); $admin = JEMUser::superuser(); $task = $jinput->getCmd('task'); $template = $app->getTemplate(); // Load css JemHelper::loadCss('jem'); JemHelper::loadCustomCss(); JemHelper::loadCustomTag(); if ($print) { JemHelper::loadCss('print'); $document->setMetaData('robots', 'noindex, nofollow'); } // userstate variables $filter_order = $app->getUserStateFromRequest('com_jem.eventslist.' . $itemid . '.filter_order', 'filter_order', 'a.dates', 'cmd'); $filter_order_DirDefault = 'ASC'; // Reverse default order for dates in archive mode if ($task == 'archive' && $filter_order == 'a.dates') { $filter_order_DirDefault = 'DESC'; } $filter_order_Dir = $app->getUserStateFromRequest('com_jem.eventslist.' . $itemid . '.filter_order_Dir', 'filter_order_Dir', $filter_order_DirDefault, 'word'); $filter_type = $app->getUserStateFromRequest('com_jem.eventslist.' . $itemid . '.filter_type', 'filter_type', '', 'int'); $search = $app->getUserStateFromRequest('com_jem.eventslist.' . $itemid . '.filter_search', 'filter_search', '', 'string'); $search = $db->escape(trim(JString::strtolower($search))); // table ordering $lists['order_Dir'] = $filter_order_Dir; $lists['order'] = $filter_order; // get data from model $rows = $this->get('Items'); // are events available? if (!$rows) { $noevents = 1; } else { $noevents = 0; } # print-link if ($task == 'archive') { $print_link = JRoute::_('index.php?view=eventslist&task=archive&tmpl=component&print=1'); } else { $print_link = JRoute::_('index.php?view=eventslist&tmpl=component&print=1'); } // Check if the user has access to the form $maintainer = JemUser::ismaintainer('add'); $genaccess = JemUser::validate_user($jemsettings->evdelrec, $jemsettings->delivereventsyes); if ($maintainer || $genaccess || $user->authorise('core.create', 'com_jem')) { $dellink = 1; } else { $dellink = 0; } # Check if the user has access to the add-venueform $maintainer2 = JemUser::venuegroups('add'); $genaccess2 = JemUser::validate_user($jemsettings->locdelrec, $jemsettings->deliverlocsyes); if ($maintainer2 || $genaccess2) { $addvenuelink = 1; } else { $addvenuelink = 0; } // search filter $filters = array(); $filters[] = JHtml::_('select.option', '0', '— ' . JText::_('COM_JEM_GLOBAL_SELECT_FILTER') . ' —'); if ($jemsettings->showtitle == 1) { $filters[] = JHtml::_('select.option', '1', JText::_('COM_JEM_TITLE')); } if ($jemsettings->showlocate == 1) { $filters[] = JHtml::_('select.option', '2', JText::_('COM_JEM_VENUE')); } if ($jemsettings->showcity == 1) { $filters[] = JHtml::_('select.option', '3', JText::_('COM_JEM_CITY')); } if ($jemsettings->showcat == 1) { $filters[] = JHtml::_('select.option', '4', JText::_('COM_JEM_CATEGORY')); } $lists['filter'] = JHtml::_('select.genericlist', $filters, 'filter_type', array('size' => '1', 'class' => 'inputbox input-medium'), 'value', 'text', $filter_type); $lists['search'] = $search; $this->pageclass_sfx = htmlspecialchars($params->get('pageclass_sfx')); $this->pagination = $this->get('Pagination'); $this->lists = $lists; $this->action = $uri->toString(); $this->rows = $rows; $this->task = $task; $this->noevents = $noevents; $this->params = $params; $this->addvenuelink = $addvenuelink; $this->dellink = $dellink; $this->jemsettings = $jemsettings; $this->settings = $settings; $this->print = $print; $this->print_link = $print_link; $this->admin = $admin; $this->_prepareDocument(); parent::display($tpl); }
public function display($tpl = null) { if ($this->getLayout() == 'choosevenue') { $this->_displaychoosevenue($tpl); return; } if ($this->getLayout() == 'choosecontact') { $this->_displaychoosecontact($tpl); return; } // Initialise variables. $jemsettings = JEMHelper::config(); $app = JFactory::getApplication(); $user = JFactory::getUser(); $valguest = JEMUser::validate_guest(); $document = JFactory::getDocument(); $model = $this->getModel(); $menu = $app->getMenu(); $menuitem = $menu->getActive(); $pathway = $app->getPathway(); $url = JUri::root(); $template = $app->getTemplate(); $settings = JemHelper::globalattribs(); $vsettings = JemHelper::viewSettings('veditevent'); $this->vsettings = $vsettings; $this->settings = $settings; $this->valguest = $valguest; // Get model data. $this->state = $this->get('State'); $this->item = $this->get('Item'); $this->params = $this->state->get('params'); // Create a shortcut for $item and params. $item = $this->item; $params = $this->params; $this->form = $this->get('Form'); $this->return_page = $this->get('ReturnPage'); if ($valguest == false) { // check for guest if (!$user || $user->id == 0) { $app->enqueueMessage(JText::_('JERROR_ALERTNOAUTHOR'), 'error'); return false; } } if (empty($this->item->id)) { // Check if the user has access to the form $maintainer = JemUser::ismaintainer('add'); $genaccess = JemUser::validate_user($jemsettings->evdelrec, $jemsettings->delivereventsyes); if ($maintainer || $genaccess) { $dellink = true; } else { $dellink = false; } $valguest = JEMUser::validate_guest(); $authorised = $user->authorise('core.create', 'com_jem') || (count($user->getAuthorisedCategories('com_jem', 'core.create')) || $valguest || $dellink); } else { // Check if user can edit $maintainer5 = JemUser::ismaintainer('edit', $this->item->id); $genaccess5 = JemUser::editaccess($jemsettings->eventowner, $this->item->created_by, $jemsettings->eventeditrec, $jemsettings->eventedit); if ($maintainer5 || $genaccess5) { $allowedtoeditevent = true; } else { $allowedtoeditevent = false; } $authorised = $this->item->params->get('access-edit') || $allowedtoeditevent; } if ($authorised !== true) { $app->enqueueMessage(JText::_('JERROR_ALERTNOAUTHOR'), 'error'); return false; } // Decide which parameters should take priority $useMenuItemParams = $menuitem && $menuitem->query['option'] == 'com_jem' && $menuitem->query['view'] == 'editevent' && 0 == $item->id; // menu item is always for new event $title = $item->id == 0 ? JText::_('COM_JEM_EDITEVENT_ADD_EVENT') : JText::sprintf('COM_JEM_EDITEVENT_EDIT_EVENT', $item->title); if ($useMenuItemParams) { $pagetitle = $menuitem->title ? $menuitem->title : $title; $params->def('page_title', $pagetitle); $params->def('page_heading', $pagetitle); $pathway->setItemName(1, $pagetitle); // Load layout from menu item if one is set else from event if there is one set if (isset($menuitem->query['layout'])) { $this->setLayout($menuitem->query['layout']); } elseif ($layout = $item->params->get('event_layout')) { $this->setLayout($layout); } $item->params->merge($params); } else { $pagetitle = $title; $params->set('page_title', $pagetitle); $params->set('page_heading', $pagetitle); $params->set('show_page_heading', 1); // ensure page heading is shown $params->set('introtext', ''); // there is definitely no introtext. $params->set('show_introtext', 0); $pathway->addItem($pagetitle, ''); // link not required here so '' is ok // Check for alternative layouts (since we are not in a edit-event menu item) // Load layout from event if one is set if ($layout = $item->params->get('event_layout')) { $this->setLayout($layout); } $temp = clone $params; $temp->merge($item->params); $item->params = $temp; } if (!empty($this->item) && isset($this->item->id)) { // $this->item->images = json_decode($this->item->images); // $this->item->urls = json_decode($this->item->urls); $tmp = new stdClass(); // check for recurrence if ($this->item->recurrence_type != 0 || $this->item->recurrence_first_id != 0) { $tmp->recurrence_type = 0; $tmp->recurrence_first_id = 0; } // $tmp->images = $this->item->images; // $tmp->urls = $this->item->urls; $this->form->bind($tmp); } // Check for errors. if (count($errors = $this->get('Errors'))) { JError::raiseWarning(500, implode("\n", $errors)); return false; } $access2 = JEMHelper::getAccesslevelOptions(); $this->access = $access2; // add css file JemHelper::loadCss('jem'); JemHelper::loadCustomCss(); # Load scripts JHtml::_('bootstrap.framework'); if ($vsettings->get('editevent_show_attachmentstab', 1)) { JHtml::_('script', 'com_jem/attachments.js', false, true); } if ($vsettings->get('editevent_show_othertab', 1)) { JHtml::_('script', 'com_jem/other.js', false, true); JHtml::_('script', 'com_jem/recurrence.js', false, true); } JHtml::_('script', 'com_jem/seo.js', false, true); if (JEMUser::validate_guest()) { JHtml::_('script', 'com_jem/antispam.js', false, true); } JHtml::_('behavior.tabstate'); // Escape strings for HTML output $this->pageclass_sfx = htmlspecialchars($item->params->get('pageclass_sfx')); $this->dimage = JemImage::flyercreator($this->item->datimage, 'event'); $this->jemsettings = $jemsettings; $this->infoimage = JHtml::_('image', 'com_jem/icon-16-hint.png', JText::_('COM_JEM_NOTES'), NULL, true); $this->user = $user; if ($params->get('enable_category') == 1) { $this->form->setFieldAttribute('catid', 'default', $params->get('catid', 1)); $this->form->setFieldAttribute('catid', 'readonly', 'true'); } $this->_prepareDocument(); parent::display($tpl); }