/** * Method override to check if you can edit an existing record. * @todo: check if the user is allowed to edit/save * * @param array $data An array of input data. * @param string $key The name of the key for the primary key. * * @return boolean */ protected function allowEdit($data = array(), $key = 'id') { // Initialise variables. $recordId = (int) isset($data[$key]) ? $data[$key] : 0; $user = JFactory::getUser(); $userId = $user->get('id'); $asset = 'com_jem.event.' . $recordId; // Check general edit permission first. if ($user->authorise('core.edit', $asset)) { return true; } // Fallback on edit.own. // First test if the permission is available. if ($user->authorise('core.edit.own', $asset)) { // Now test the owner is the user. $ownerId = (int) isset($data['created_by']) ? $data['created_by'] : 0; if (empty($ownerId) && $recordId) { // Need to do a lookup from the model. $record = $this->getModel()->getItem($recordId); if (empty($record)) { return false; } $ownerId = $record->created_by; } // If the owner matches 'me' then do the test. if ($ownerId == $userId) { return true; } } $record = $this->getModel()->getItem($recordId); $jemsettings = JEMHelper::config(); $editaccess = JEMUser::editaccess($jemsettings->eventowner, $record->created_by, $jemsettings->eventeditrec, $jemsettings->eventedit); $maintainer = JEMUser::ismaintainer('edit', $record->id); if ($maintainer || $editaccess) { return true; } // Since there is no asset tracking, revert to the component permissions. return parent::allowEdit($data, $key); }
/** * Store */ public function store($updateNulls = true) { $date = JFactory::getDate(); $user = JFactory::getUser(); $jinput = JFactory::getApplication()->input; $app = JFactory::getApplication(); $jemsettings = JEMHelper::config(); $settings = JemHelper::globalattribs(); $valguest = JEMUser::validate_guest(); $guest_fldstatus = $settings->get('guest_fldstatus', '0'); // Check if we're in the front or back if ($app->isAdmin()) { $backend = true; } else { $backend = false; } if ($this->id) { // Existing event $this->modified = $date->toSql(); $this->modified_by = $user->get('id'); } else { // New event if (!intval($this->created)) { $this->created = $date->toSql(); } if (empty($this->created_by)) { $this->created_by = $user->get('id'); } } // Check if image was selected jimport('joomla.filesystem.file'); $image_dir = JPATH_SITE . '/images/jem/events/'; $allowable = array('gif', 'jpg', 'png'); $image_to_delete = false; // get image (frontend) - allow "removal on save" (Hoffi, 2014-06-07) if (!$backend) { if ($jemsettings->imageenabled == 2 || $jemsettings->imageenabled == 1) { $file = JFactory::getApplication()->input->files->get('userfile', '', 'array'); $removeimage = JFactory::getApplication()->input->get('removeimage', '', 'int'); if (!empty($file['name'])) { //check the image $check = JEMImage::check($file, $jemsettings); if ($check !== false) { //sanitize the image filename $filename = JemHelper::sanitize($image_dir, $file['name']); $filepath = $image_dir . $filename; if (JFile::upload($file['tmp_name'], $filepath)) { $image_to_delete = $this->datimage; // delete previous image $this->datimage = $filename; } } } elseif (!empty($removeimage)) { // if removeimage is non-zero remove image from event // (file will be deleted later (e.g. housekeeping) if unused) $image_to_delete = $this->datimage; $this->datimage = ''; } } // end image if } // if (!backend) $format = JFile::getExt($image_dir . $this->datimage); if (!in_array($format, $allowable)) { $this->datimage = ''; } if (!$backend) { /* check if the user has the required rank for autopublish */ $maintainer = JEMUser::ismaintainer('publish'); $autopubev = JEMUser::validate_user($jemsettings->evpubrec, $jemsettings->autopubl); if (!($autopubev || $maintainer || $user->authorise('core.edit', 'com_jem'))) { if ($valguest) { $this->published = $guest_fldstatus; } else { $this->published = 0; } } } ################ ## RECURRENCE ## ################ # check if recurrence_groupcheck is true $rec_groupcheck = $jinput->getInt('recurrence_check'); if ($rec_groupcheck) { # the check returned true, so it's considered as an edit # Retrieve id of current event from recurrence_table # as the check was true we can skip the groupid=groupid_ref from the where statement # but to be sure it's added here too $db = JFactory::getDbo(); $query = $db->getQuery(true); $query->select('id'); $query->from($db->quoteName('#__jem_recurrence')); $query->where(array('groupid = groupid_ref ', 'itemid= ' . $this->id)); $db->setQuery($query); $recurrenceid = $db->loadResult(); if ($recurrenceid) { # Retrieve recurrence-table $recurrence_table = JTable::getInstance('Recurrence', 'JEMTable'); # Load row-data $recurrence_table->load($recurrenceid); # We want to skip this event from Ical output /* $recurrence_table->exdate = $this->dates.'T'.$this->times; */ # it's a delete of the set so groupid_ref will be blanked /* $recurrence_table->groupid_ref = ""; */ # it's an edit and not a delete so groupid_ref won't be adjusted # but we will set the recurrence_id field, as this event has been adjusted and contains # info that's not inline with original recurrence-info $var2 = $recurrence_table->startdate_org; $var3 = new JDate($var2); $var4 = $var3->format('Ymd\\THis\\Z'); $recurrence_table->recurrence_id = $var4; # Store fields $recurrence_table->store(); } } # check if the field recurrence_group is filled and if the recurrence_type has been set # if the type has been set then it's part of recurrence and we should have a recurrence_group number if (empty($this->recurrence_group) && $this->recurrence_freq) { $this->recurrence_group = mt_rand(0, 9999); } ## END RECURRENCE ## return parent::store($updateNulls); }