Example #1
0
 /**
  * Method override to check if you can edit an existing record.
  *
  * @param   array   $data  An array of input data.
  * @param   string  $key   The name of the key for the primary key.
  *
  * @return  boolean
  *
  * @since   1.6
  */
 protected function allowEdit($data = array(), $key = 'id')
 {
     // Initialise variables.
     $recordId = (int) isset($data[$key]) ? $data[$key] : 0;
     $userId = User::get('id');
     // Check general edit permission first.
     if (User::authorise('core.edit', 'com_content.article.' . $recordId)) {
         return true;
     }
     // Fallback on edit.own.
     // First test if the permission is available.
     if (User::authorise('core.edit.own', 'com_content.article.' . $recordId)) {
         // Now test the owner is the user.
         $ownerId = (int) isset($data['created_by']) ? $data['created_by'] : 0;
         if (empty($ownerId) && $recordId) {
             // Need to do a lookup from the model.
             $record = $this->getModel()->getItem($recordId);
             if (empty($record)) {
                 return false;
             }
             $ownerId = $record->created_by;
         }
         // If the owner matches 'me' then do the test.
         if ($ownerId == $userId) {
             return true;
         }
     }
     // Since there is no asset tracking, revert to the component permissions.
     return parent::allowEdit($data, $key);
 }
Example #2
0
 /**
  * Method to generate html code for a list of buttons
  *
  * @param   array|object   $button  Button properties
  * @return  string
  */
 public static function button($button)
 {
     if (!empty($button['access'])) {
         if (is_bool($button['access'])) {
             if ($button['access'] == false) {
                 return '';
             }
         } else {
             // Take each pair of permission, context values.
             for ($i = 0, $n = count($button['access']); $i < $n; $i += 2) {
                 if (!\User::authorise($button['access'][$i], $button['access'][$i + 1])) {
                     return '';
                 }
             }
         }
     }
     $html[] = '<div class="icon-wrapper"' . (empty($button['id']) ? '' : ' id="' . $button['id'] . '"') . '>';
     $html[] = '<div class="icon">';
     $html[] = '<a href="' . $button['link'] . '"';
     $html[] = empty($button['target']) ? '' : ' target="' . $button['target'] . '"';
     $html[] = empty($button['onclick']) ? '' : ' onclick="' . $button['onclick'] . '"';
     $html[] = empty($button['title']) ? '' : ' title="' . htmlspecialchars($button['title']) . '"';
     $html[] = '>';
     if (isset($button['image']) && $button['image']) {
         $html[] = \Html::asset('image', empty($button['image']) ? '' : $button['image'], empty($button['alt']) ? null : htmlspecialchars($button['alt']), null, true);
     }
     $html[] = empty($button['text']) ? '' : '<span>' . $button['text'] . '</span>';
     $html[] = '</a>';
     $html[] = '</div>';
     $html[] = '</div>';
     return implode($html);
 }
Example #3
0
 /**
  * Method to check if you can edit a record.
  *
  * @param   array   $data  An array of input data.
  * @param   string  $key   The name of the key for the primary key.
  *
  * @return  boolean
  *
  * @since   1.6
  */
 protected function allowEdit($data = array(), $key = 'parent_id')
 {
     // Initialise variables.
     $recordId = (int) isset($data[$key]) ? $data[$key] : 0;
     $userId = User::get('id');
     // Check general edit permission first.
     if (User::authorise('core.edit', $this->extension)) {
         return true;
     }
     // Check specific edit permission.
     if (User::authorise('core.edit', $this->extension . '.category.' . $recordId)) {
         return true;
     }
     // Fallback on edit.own.
     // First test if the permission is available.
     if (User::authorise('core.edit.own', $this->extension . '.category.' . $recordId) || User::authorise('core.edit.own', $this->extension)) {
         // Now test the owner is the user.
         $ownerId = (int) isset($data['created_user_id']) ? $data['created_user_id'] : 0;
         if (empty($ownerId) && $recordId) {
             // Need to do a lookup from the model.
             $record = $this->getModel()->getItem($recordId);
             if (empty($record)) {
                 return false;
             }
             $ownerId = $record->created_user_id;
         }
         // If the owner matches 'me' then do the test.
         if ($ownerId == $userId) {
             return true;
         }
     }
     return false;
 }
Example #4
0
 /**
  * Removes an item
  */
 function delete()
 {
     // Check for request forgeries
     Session::checkToken() or exit(Lang::txt('JINVALID_TOKEN'));
     // Initialise variables.
     $ids = Request::getVar('cid', array(), '', 'array');
     // Access checks.
     foreach ($ids as $i => $id) {
         if (!User::authorise('core.delete', 'com_content.article.' . (int) $id)) {
             // Prune items that you can't delete.
             unset($ids[$i]);
             Notify::warning(Lang::txt('JERROR_CORE_DELETE_NOT_PERMITTED'));
         }
     }
     if (empty($ids)) {
         Notify::error(Lang::txt('JERROR_NO_ITEMS_SELECTED'));
     } else {
         // Get the model.
         $model = $this->getModel();
         // Remove the items.
         if (!$model->featured($ids, 0)) {
             throw new Exception($model->getError(), 500);
         }
     }
     $this->setRedirect('index.php?option=com_content&view=featured');
 }
Example #5
0
 /**
  * Gets a list of the actions that can be performed.
  *
  * @return	Object
  */
 public static function getActions()
 {
     $result = new \Hubzero\Base\Object();
     $actions = JAccess::getActions('com_templates');
     foreach ($actions as $action) {
         $result->set($action->name, User::authorise($action->name, 'com_templates'));
     }
     return $result;
 }
Example #6
0
 /**
  * Gets a list of the actions that can be performed.
  *
  * @return	Object
  */
 public static function getActions()
 {
     $result = new \Hubzero\Base\Object();
     $assetName = 'com_languages';
     $actions = JAccess::getActions($assetName);
     foreach ($actions as $action) {
         $result->set($action->name, User::authorise($action->name, $assetName));
     }
     return $result;
 }
Example #7
0
 /**
  * Gets a list of the actions that can be performed.
  *
  * @return  Object
  *
  * @since   1.6
  * @todo    Refactor to work with notes
  */
 public static function getActions()
 {
     if (empty(self::$actions)) {
         self::$actions = new \Hubzero\Base\Object();
         $actions = JAccess::getActions('com_users');
         foreach ($actions as $action) {
             self::$actions->set($action->name, User::authorise($action->name, 'com_users'));
         }
     }
     return self::$actions;
 }
Example #8
0
 /**
  * Overrides JControllerForm::allowEdit
  *
  * Checks that non-Super Admins are not editing Super Admins.
  *
  * @param   array   $data  An array of input data.
  * @param   string  $key   The name of the key for the primary key.
  *
  * @return  boolean  True if allowed, false otherwise.
  *
  * @since   1.6
  */
 protected function allowEdit($data = array(), $key = 'id')
 {
     // Check if this person is a Super Admin
     if (JAccess::check($data[$key], 'core.admin')) {
         // If I'm not a Super Admin, then disallow the edit.
         if (!User::authorise('core.admin')) {
             return false;
         }
     }
     return parent::allowEdit($data, $key);
 }
 /**
  * This method is called when the Quick Icons module is constructing its set
  * of icons. You can return an array which defines a single icon and it will
  * be rendered right after the stock Quick Icons.
  *
  * @param   $context  The calling context
  * @return  array     A list of icon definition associative arrays, consisting of the
  *                    keys link, image, text and access.
  */
 public function onGetIcons($context)
 {
     if ($context != $this->params->get('context', 'mod_quickicon') || !User::authorise('core.manage', 'com_installer')) {
         return;
     }
     $cur_template = App::get('template')->template;
     $ajax_url = Request::base() . 'index.php?option=com_installer&view=update&task=update.ajax';
     $script = "\n\t\t\tvar plg_quickicon_joomlaupdate_ajax_url = '{$ajax_url}';\n\t\t\tvar plg_quickicon_jupdatecheck_jversion = '" . JVERSION . "';\n\t\t\tvar plg_quickicon_joomlaupdate_text = {\n\t\t\t\t'UPTODATE' : '" . Lang::txt('PLG_QUICKICON_JOOMLAUPDATE_UPTODATE', true) . "',\n\t\t\t\t'UPDATEFOUND' : '" . Lang::txt('PLG_QUICKICON_JOOMLAUPDATE_UPDATEFOUND', true) . "',\n\t\t\t\t'ERROR' : '" . Lang::txt('PLG_QUICKICON_JOOMLAUPDATE_ERROR', true) . "'\n\t\t\t};\n\t\t\tvar plg_quickicon_joomlaupdate_img = {\n\t\t\t\t'UPTODATE' : '" . Request::base(true) . '/templates/' . $cur_template . '/images/header/icon-48-jupdate-uptodate.png' . "',\n\t\t\t\t'ERROR': '" . Request::base(true) . '/templates/' . $cur_template . '/images/header/icon-48-deny.png' . "',\n\t\t\t\t'UPDATEFOUND': '" . Request::base(true) . '/templates/' . $cur_template . '/images/header/icon-48-jupdate-updatefound.png' . "'\n\t\t\t};";
     $this->js($script);
     $this->js('jupdatecheck.js');
     return array(array('link' => 'index.php?option=com_joomlaupdate', 'image' => 'header/icon-48-download.png', 'text' => Lang::txt('PLG_QUICKICON_JOOMLAUPDATE_CHECKING'), 'id' => 'plg_quickicon_joomlaupdate'));
 }
Example #10
0
 /**
  * Retrieve records for items tagged with specific tags
  *
  * @param      array   $tags       Tags to match records against
  * @param      mixed   $limit      SQL record limit
  * @param      integer $limitstart SQL record limit start
  * @param      string  $sort       The field to sort records by
  * @param      mixed   $areas      An array or string of areas that should retrieve records
  * @return     mixed Returns integer when counting records, array when retrieving records
  */
 public function onTagView($tags, $limit = 0, $limitstart = 0, $sort = '', $areas = null)
 {
     $response = array('name' => $this->_name, 'title' => Lang::txt('PLG_TAGS_FORUM'), 'total' => 0, 'results' => null, 'sql' => '');
     $database = App::get('db');
     $ids = array();
     foreach ($tags as $tag) {
         $ids[] = $tag->get('id');
     }
     $ids = implode(',', $ids);
     $addtl_where = array();
     $gids = $this->_getGroupIds(User::get('id'));
     if (!User::authorise('core.view', 'com_forum')) {
         $addtl_where[] = 'e.scope_id IN (0' . ($gids ? ',' . join(',', $gids) : '') . ')';
     } else {
         $viewlevels = '0,' . implode(',', User::getAuthorisedViewLevels());
         if ($gids) {
             $addtl_where[] = '(e.access IN (' . $viewlevels . ') OR ((e.access = 4 OR e.access = 5) AND e.scope_id IN (0,' . join(',', $gids) . ')))';
         } else {
             $addtl_where[] = '(e.access IN (' . $viewlevels . '))';
         }
     }
     // Build the query
     $e_count = "SELECT COUNT(f.id) FROM (SELECT e.id, COUNT(DISTINCT t.tagid) AS uniques";
     $e_fields = "SELECT e.id, e.title, e.id AS alias, e.comment AS itext, e.comment AS ftext, e.state, e.created, e.created_by, e.modified, e.created AS publish_up, NULL AS publish_down,\n\t\t\t\t\t(CASE WHEN e.scope_id > 0 AND e.scope='group' THEN\n\t\t\t\t\t\tconcat('/groups/', g.cn, concat('/forum/', coalesce(concat(s.alias, '/', coalesce(concat(c.alias, '/'), ''))), CASE WHEN e.parent > 0 THEN e.parent ELSE e.id END))\n\t\t\t\t\tELSE\n\t\t\t\t\t\tconcat('/forum/', coalesce(concat(s.alias, '/', coalesce(concat(c.alias, '/'), ''))), CASE WHEN e.parent > 0 THEN e.parent ELSE e.id END)\n\t\t\t\t\tEND) AS href,\n\t\t\t\t\t'forum' AS section, COUNT(DISTINCT t.tagid) AS uniques, CONCAT(e.thread, ':', e.parent) AS params, e.scope AS rcount, c.alias AS data1, s.alias AS data2, e.scope_id AS data3 ";
     //e.last_activity AS rcount, c.alias AS data1, s.alias AS data2, g.cn AS data3
     $e_from = " FROM #__forum_posts AS e\n\t\t \t\t\tLEFT JOIN #__forum_categories c ON c.id = e.category_id\n\t\t\t\t\tLEFT JOIN #__forum_sections s ON s.id = c.section_id\n\t\t\t\t\tLEFT JOIN #__xgroups g ON g.gidNumber = e.scope_id\n\t\t\t\t\tLEFT JOIN #__tags_object AS t ON t.objectid=e.id AND t.tbl='forum' AND t.tagid IN ({$ids})";
     $e_where = " WHERE e.state=1 AND e.parent=0" . ($addtl_where ? ' AND ' . join(' AND ', $addtl_where) : '');
     $e_where .= " GROUP BY e.id HAVING uniques=" . count($tags);
     $order_by = " ORDER BY ";
     switch ($sort) {
         case 'title':
             $order_by .= 'title ASC, created';
             break;
         case 'id':
             $order_by .= "id DESC";
             break;
         case 'date':
         default:
             $order_by .= 'created DESC, title';
             break;
     }
     $order_by .= $limit != 'all' ? " LIMIT {$limitstart},{$limit}" : "";
     $database->setQuery($e_count . $e_from . $e_where . ") AS f");
     $response['total'] = $database->loadResult();
     if ($areas && $areas == $response['name']) {
         $database->setQuery($e_fields . $e_from . $e_where . $order_by);
         $response['results'] = $database->loadObjectList();
     } else {
         $response['sql'] = $e_fields . $e_from . $e_where;
     }
     return $response;
 }
 /**
  * Returns an icon definition for an icon which looks for extensions updates
  * via AJAX and displays a notification when such updates are found.
  *
  * @param  $context  The calling context
  *
  * @return array A list of icon definition associative arrays, consisting of the
  *				 keys link, image, text and access.
  *
  * @since       2.5
  */
 public function onGetIcons($context)
 {
     if ($context != $this->params->get('context', 'mod_quickicon') || !User::authorise('core.manage', 'com_installer')) {
         return;
     }
     $cur_template = App::get('template')->template;
     $ajax_url = Request::base() . 'index.php?option=com_installer&view=update&task=update.ajax';
     $script = "var plg_quickicon_extensionupdate_ajax_url = '{$ajax_url}';\n";
     $script .= 'var plg_quickicon_extensionupdate_text = {"UPTODATE" : "' . Lang::txt('PLG_QUICKICON_EXTENSIONUPDATE_UPTODATE', true) . '", "UPDATEFOUND": "' . Lang::txt('PLG_QUICKICON_EXTENSIONUPDATE_UPDATEFOUND', true) . '", "ERROR": "' . Lang::txt('PLG_QUICKICON_EXTENSIONUPDATE_ERROR', true) . "\"};\n";
     $this->js($script);
     $this->js('extensionupdatecheck.js');
     return array(array('link' => 'index.php?option=com_installer&view=update', 'image' => 'header/icon-48-extension.png', 'text' => Lang::txt('PLG_QUICKICON_EXTENSIONUPDATE_CHECKING'), 'id' => 'plg_quickicon_extensionupdate'));
 }
Example #12
0
 /**
  * Retrieve records for items tagged with specific tags
  *
  * @param      array   $tags       Tags to match records against
  * @param      mixed   $limit      SQL record limit
  * @param      integer $limitstart SQL record limit start
  * @param      string  $sort       The field to sort records by
  * @param      mixed   $areas      An array or string of areas that should retrieve records
  * @return     mixed Returns integer when counting records, array when retrieving records
  */
 public function onTagView($tags, $limit = 0, $limitstart = 0, $sort = '', $areas = null)
 {
     $response = array('name' => $this->_name, 'title' => Lang::txt('PLG_TAGS_GROUPS'), 'total' => 0, 'results' => null, 'sql' => '');
     if (empty($tags)) {
         return $response;
     }
     $database = App::get('db');
     $ids = array();
     foreach ($tags as $tag) {
         $ids[] = $tag->get('id');
     }
     $ids = implode(',', $ids);
     $from = '';
     if (!User::authorise('core.view', 'com_groups')) {
         $from = " JOIN #__xgroups_members AS m ON m.gidNumber=a.gidNumber AND m.uidNumber=" . User::get('id');
     }
     // Build the query
     $f_count = "SELECT COUNT(f.gidNumber) FROM (SELECT a.gidNumber, COUNT(DISTINCT t.tagid) AS uniques ";
     $f_fields = "SELECT a.gidNumber AS id, a.description AS title, a.cn AS alias, NULL AS itext, a.public_desc AS ftext, a.type AS state, a.created,\n\t\t\t\t\ta.created_by, NULL AS modified, NULL AS publish_up,\n\t\t\t\t\tNULL AS publish_down, CONCAT('index.php?option=com_groups&cn=', a.cn) AS href, 'groups' AS section, COUNT(DISTINCT t.tagid) AS uniques,\n\t\t\t\t\ta.params, NULL AS rcount, NULL AS data1, NULL AS data2, NULL AS data3 ";
     $f_from = " FROM #__xgroups AS a {$from}\n\t\t\t\t\tJOIN #__tags_object AS t\n\t\t\t\t\tWHERE a.type=1 AND a.discoverability=0\n\t\t\t\t\tAND a.gidNumber=t.objectid\n\t\t\t\t\tAND t.tbl='groups'\n\t\t\t\t\tAND t.tagid IN ({$ids})";
     $f_from .= " GROUP BY a.gidNumber HAVING uniques=" . count($tags);
     $order_by = " ORDER BY ";
     switch ($sort) {
         case 'title':
             $order_by .= 'title ASC, publish_up';
             break;
         case 'id':
             $order_by .= "id DESC";
             break;
         case 'date':
         default:
             $order_by .= 'publish_up DESC, title';
             break;
     }
     $order_by .= $limit != 'all' ? " LIMIT {$limitstart},{$limit}" : "";
     $database->setQuery($f_count . $f_from . ") AS f");
     $response['total'] = $database->loadResult();
     if ($areas && $areas == $response['name']) {
         $database->setQuery($f_fields . $f_from . $order_by);
         $response['results'] = $database->loadObjectList();
         if ($response['results']) {
             // Loop through the results and set each item's HREF
             foreach ($response['results'] as $key => $row) {
                 $response['results'][$key]->href = Route::url('index.php?option=com_groups&cn=' . $row->alias);
             }
         }
     } else {
         $response['sql'] = $f_fields . $f_from;
     }
     return $response;
 }
Example #13
0
 /**
  * Gets a list of the actions that can be performed.
  *
  * @param	int		The menu ID.
  *
  * @return	Object
  * @since	1.6
  */
 public static function getActions($parentId = 0)
 {
     $result = new \Hubzero\Base\Object();
     if (empty($parentId)) {
         $assetName = 'com_menus';
     } else {
         $assetName = 'com_menus.item.' . (int) $parentId;
     }
     $actions = JAccess::getActions('com_menus');
     foreach ($actions as $action) {
         $result->set($action->name, User::authorise($action->name, $assetName));
     }
     return $result;
 }
Example #14
0
 /**
  * Build search query and add it to the $results
  *
  * @param      object $request  \Components\Search\Models\Basic\Request
  * @param      object &$results \Components\Search\Models\Basic\Result\Set
  * @param      object $authz    \Components\Search\Models\Basic\Authorization
  * @return     void
  */
 public static function onSearch($request, &$results, $authz)
 {
     $terms = $request->get_term_ar();
     $weight = "match(f.title, f.comment) against ('" . join(' ', $terms['stemmed']) . "')";
     $addtl_where = array();
     foreach ($terms['mandatory'] as $mand) {
         $addtl_where[] = "(f.title LIKE '%{$mand}%' OR f.comment LIKE '%{$mand}%')";
     }
     foreach ($terms['forbidden'] as $forb) {
         $addtl_where[] = "(f.title NOT LIKE '%{$forb}%' AND f.comment NOT LIKE '%{$forb}%')";
     }
     $gids = $authz->get_group_ids();
     if (!User::authorise('core.view', 'com_groups')) {
         $addtl_where[] = 'f.scope_id IN (0' . ($gids ? ',' . join(',', $gids) : '') . ')';
     } else {
         $viewlevels = implode(',', User::getAuthorisedViewLevels());
         if ($gids) {
             $addtl_where[] = '(f.access IN (0,' . $viewlevels . ') OR ((f.access = 4 OR f.access = 5) AND f.scope_id IN (0,' . join(',', $gids) . ')))';
         } else {
             $addtl_where[] = '(f.access IN (0,' . $viewlevels . '))';
         }
     }
     // fml
     $groupAuth = array();
     if ($authz->is_super_admin()) {
         $groupAuth[] = '1';
     } else {
         $groupAuth[] = "g.plugins LIKE '%forum=anyone%'";
         if (!$authz->is_guest()) {
             $groupAuth[] = "g.plugins LIKE '%forum=registered%'";
             if ($gids) {
                 $groupAuth[] = "(g.plugins LIKE '%wiki=members%' AND g.gidNumber IN (" . join(',', $gids) . "))";
             }
         }
     }
     $rows = new \Components\Search\Models\Basic\Result\Sql("SELECT\n\t\t\t\tf.title,\n\t\t\t\tcoalesce(f.comment, '') AS description, f.scope_id, s.alias as sect, c.alias as cat, CASE WHEN f.parent > 0 THEN f.parent ELSE f.id END as `thread`,\n\t\t\t\t(CASE\n\t\t\t\t\tWHEN f.scope_id > 0 AND f.scope='group' THEN concat('index.php?option=com_groups&cn=', g.cn, '&active=forum')\n\t\t\t\t\tELSE concat('index.php?option=com_forum&section=', coalesce(concat(s.alias, '&category=', coalesce(concat(c.alias, '&thread='), ''))), CASE WHEN f.parent > 0 THEN f.parent ELSE f.id END)\n\t\t\t\tEND) AS `link`,\n\t\t\t\t{$weight} AS `weight`,\n\t\t\t\tf.created AS `date`,\n\t\t\t\tconcat(s.alias, ', ', c.alias) AS `section`\n\t\t\tFROM `#__forum_posts` f\n\t\t\tLEFT JOIN `#__forum_categories` AS c\n\t\t\t\tON c.id = f.category_id\n\t\t\tLEFT JOIN `#__forum_sections` AS s\n\t\t\t\tON s.id = c.section_id\n\t\t\tLEFT JOIN `#__xgroups` AS g\n\t\t\t\tON g.gidNumber = f.scope_id AND f.scope='group'\n\t\t\tWHERE\n\t\t\t\tf.state = 1 AND\n\t\t\t\tf.scope != 'course' AND\n\t\t\t\t{$weight} > 0" . ($addtl_where ? ' AND ' . join(' AND ', $addtl_where) : '') . " AND (g.gidNumber IS NULL OR (" . implode(' OR ', $groupAuth) . "))\n\t\t\tORDER BY {$weight} DESC");
     foreach ($rows->to_associative() as $row) {
         if (!$row) {
             continue;
         }
         if ($row->scope_id) {
             $row->link .= '/' . ($row->sect ? $row->sect : 'defaultsection') . '/';
             $row->link .= ($row->cat ? $row->cat : 'discussion') . '/';
             $row->link .= $row->thread;
         }
         $results->add($row);
     }
 }
Example #15
0
 /**
  * Display the view
  */
 function display($tpl = null)
 {
     // Access check.
     if (!User::authorise('core.admin')) {
         return App::abort(404, Lang::txt('JERROR_ALERTNOAUTHOR'));
     }
     // Initialise variables.
     $this->php_settings = $this->get('PhpSettings');
     $this->config = $this->get('config');
     $this->info = $this->get('info');
     $this->php_info = $this->get('PhpInfo');
     $this->directory = $this->get('directory');
     $this->addToolbar();
     $this->_setSubMenu();
     parent::display($tpl);
 }
Example #16
0
 /**
  * Gets a list of the actions that can be performed.
  *
  * @param	int		The category ID.
  *
  * @return	Object
  */
 public static function getActions($categoryId = 0, $newsfeedId = 0)
 {
     $result = new \Hubzero\Base\Object();
     if (empty($categoryId)) {
         $assetName = 'com_newsfeeds';
         $level = 'component';
     } else {
         $assetName = 'com_newsfeeds.category.' . (int) $categoryId;
         $level = 'category';
     }
     $actions = JAccess::getActions('com_newsfeeds', $level);
     foreach ($actions as $action) {
         $result->set($action->name, User::authorise($action->name, $assetName));
     }
     return $result;
 }
Example #17
0
 /**
  * Method to auto-populate the model state.
  *
  * Note. Calling getState in this method will result in recursion.
  *
  * @return	void
  * @since	1.6
  */
 protected function populateState()
 {
     $app = JFactory::getApplication('site');
     // Load state from the request.
     $pk = Request::getInt('id');
     $this->setState('newsfeed.id', $pk);
     $offset = Request::getUInt('limitstart', 0);
     $this->setState('list.offset', $offset);
     // Load the parameters.
     $params = $app->getParams();
     $this->setState('params', $params);
     if (!User::authorise('core.edit.state', 'com_newsfeeds') && !User::authorise('core.edit', 'com_newsfeeds')) {
         $this->setState('filter.published', 1);
         $this->setState('filter.archived', 2);
     }
 }
Example #18
0
 /**
  * Method to check if you can edit a record.
  *
  * @param   array   $data  An array of input data.
  * @param   string  $key   The name of the key for the primary key.
  *
  * @return  boolean
  *
  * @since   1.6
  */
 protected function allowEdit($data = array(), $key = 'id')
 {
     // Initialise variables.
     $recordId = (int) isset($data[$key]) ? $data[$key] : 0;
     $categoryId = 0;
     if ($recordId) {
         $categoryId = (int) $this->getModel()->getItem($recordId)->catid;
     }
     if ($categoryId) {
         // The category has been set. Check the category permissions.
         return User::authorise('core.edit', $this->option . '.category.' . $categoryId);
     } else {
         // Since there is no asset tracking, revert to the component permissions.
         return parent::allowEdit($data, $key);
     }
 }
Example #19
0
 /**
  * Check if user can perform a given action
  *
  * @param string $action - action to perform
  * @param string $type   - type of item to check
  * @param int    $id     - id of item to check
  *
  * @return bool
  */
 public function can($action, $type = 'hubs', $id = 0)
 {
     // Group authorization overrides all (for now)
     if ($this->authorize()) {
         return true;
     }
     $name = $this->option;
     if ($id) {
         $name .= '.' . $type . '.' . (int) $id;
     }
     $key = $name . '.' . $action;
     if (!isset($this->permissions[$key])) {
         $this->permissions[$key] = User::authorise($action, $name);
     }
     return $this->permissions[$key];
 }
Example #20
0
 /**
  * Build search query and add it to the $results
  *
  * @param      object $request  \Components\Search\Models\Basic\Request
  * @param      object &$results \Components\Search\Models\Basic\Result\Set
  * @param      object $authz    \Components\Search\Models\Basic\Authorization
  * @return     void
  */
 public static function onSearch($request, &$results, $authz)
 {
     $terms = $request->get_term_ar();
     $weight = 'match(p.alias, p.title, p.about) AGAINST (\'' . join(' ', $terms['stemmed']) . '\')';
     $from = '';
     if (!User::authorise('core.view', 'com_groups')) {
         $from = " JOIN #__xgroups_members AS m ON m.gidNumber=p.owned_by_group AND m.uidNumber=" . User::get('id');
     }
     $addtl_where = array();
     foreach ($terms['mandatory'] as $mand) {
         $addtl_where[] = "(p.alias LIKE '%{$mand}%' OR p.title LIKE '%{$mand}%' OR p.about LIKE '%{$mand}%')";
     }
     foreach ($terms['forbidden'] as $forb) {
         $addtl_where[] = "(p.alias NOT LIKE '%{$forb}%' AND p.title NOT LIKE '%{$forb}%' AND p.about NOT LIKE '%{$forb}%')";
     }
     $results->add(new \Components\Search\Models\Basic\Result\Sql("SELECT\n\t\t\t\tp.title,\n\t\t\t\tp.about AS `description`,\n\t\t\t\tconcat('index.php?option=com_projects&alias=', p.alias) AS `link`,\n\t\t\t\t{$weight} AS `weight`,\n\t\t\t\tNULL AS `date`,\n\t\t\t\t'Projects' AS `section`\n\t\t\tFROM `#__projects` AS p {$from}\n\t\t\tWHERE\n\t\t\t\tp.state!=2 AND p.private=0 AND {$weight} > 0" . ($addtl_where ? ' AND ' . join(' AND ', $addtl_where) : '') . " ORDER BY {$weight} DESC"));
 }
Example #21
0
 /**
  * Gets a list of the actions that can be performed.
  *
  * @param	int		The category ID.
  * @param	int		The article ID.
  *
  * @return	Object
  * @since	1.6
  */
 public static function getActions($categoryId = 0, $articleId = 0)
 {
     // Reverted a change for version 2.5.6
     $result = new \Hubzero\Base\Object();
     if (empty($articleId) && empty($categoryId)) {
         $assetName = 'com_content';
     } elseif (empty($articleId)) {
         $assetName = 'com_content.category.' . (int) $categoryId;
     } else {
         $assetName = 'com_content.article.' . (int) $articleId;
     }
     $actions = array('core.admin', 'core.manage', 'core.create', 'core.edit', 'core.edit.own', 'core.edit.state', 'core.delete');
     foreach ($actions as $action) {
         $result->set($action, User::authorise($action, $assetName));
     }
     return $result;
 }
Example #22
0
 /**
  * Build search query and add it to the $results
  *
  * @param      object $request  \Components\Search\Models\Basic\Request
  * @param      object &$results \Components\Search\Models\Basic\Result\Set
  * @param      object $authz    \Components\Search\Models\Basic\Authorization
  * @return     void
  */
 public static function onSearch($request, &$results, $authz)
 {
     $terms = $request->get_term_ar();
     $weight = 'match(g.cn, g.description, g.public_desc) AGAINST (\'' . join(' ', $terms['stemmed']) . '\')';
     $from = '';
     if (!User::isGuest() && !User::authorise('core.view', 'com_groups')) {
         $from = " JOIN `#__xgroups_members` AS m ON m.gidNumber=g.gidNumber AND m.uidNumber=" . User::get('id');
     }
     $addtl_where = array();
     foreach ($terms['mandatory'] as $mand) {
         $addtl_where[] = "(g.cn LIKE '%{$mand}%' OR g.description LIKE '%{$mand}%' OR g.public_desc LIKE '%{$mand}%')";
     }
     foreach ($terms['forbidden'] as $forb) {
         $addtl_where[] = "(g.cn NOT LIKE '%{$forb}%' AND g.description NOT LIKE '%{$forb}%' AND g.public_desc NOT LIKE '%{$forb}%')";
     }
     $results->add(new \Components\Search\Models\Basic\Result\Sql("SELECT\n\t\t\t\tg.description AS title,\n\t\t\t\tcoalesce(g.public_desc, '') AS description,\n\t\t\t\tconcat('index.php?option=com_groups&cn=', g.cn) AS link,\n\t\t\t\t{$weight} AS weight,\n\t\t\t\tNULL AS date,\n\t\t\t\t'Groups' AS section\n\t\t\tFROM `#__xgroups` g {$from}\n\t\t\tWHERE\n\t\t\t\t(g.type = 1 OR g.type = 3) AND g.published=1 AND g.approved=1 AND g.discoverability = 0 AND {$weight} > 0" . ($addtl_where ? ' AND ' . join(' AND ', $addtl_where) : '') . " ORDER BY {$weight} DESC"));
 }
Example #23
0
 /**
  * Gets a list of the actions that can be performed.
  *
  * @param	string	$extension	The extension.
  * @param	int		$categoryId	The category ID.
  * @return	Object
  * @since	1.6
  */
 public static function getActions($extension, $categoryId = 0)
 {
     $result = new \Hubzero\Base\Object();
     $parts = explode('.', $extension);
     $component = $parts[0];
     if (empty($categoryId)) {
         $assetName = $component;
         $level = 'component';
     } else {
         $assetName = $component . '.category.' . (int) $categoryId;
         $level = 'category';
     }
     $actions = JAccess::getActions($component, $level);
     foreach ($actions as $action) {
         $result->set($action->name, User::authorise($action->name, $assetName));
     }
     return $result;
 }
Example #24
0
 /**
  * Add the page title and toolbar.
  *
  * @since	1.6
  */
 protected function addToolbar()
 {
     // Set the titlebar text
     Toolbar::title(Lang::txt('COM_MEDIA'), 'mediamanager.png');
     // Add a delete button
     if (User::authorise('core.delete', 'com_media')) {
         $title = Lang::txt('JTOOLBAR_DELETE');
         $dhtml = "<a href=\"#\" onclick=\"MediaManager.submit('folder.delete')\" data-title=\"{$title}\">\n\t\t\t\t\t\t<span class=\"icon-32-delete\">{$title}</span>\n\t\t\t\t\t</a>";
         Toolbar::appendButton('Custom', $dhtml, 'delete');
         Toolbar::divider();
     }
     // Add a delete button
     if (User::authorise('core.admin', 'com_media')) {
         Toolbar::preferences('com_media', 450, 800, 'JToolbar_Options', '', 'window.location.reload()');
         Toolbar::divider();
     }
     Toolbar::help('media');
 }
Example #25
0
 public function display($tpl = null)
 {
     // Initialise variables.
     $app = JFactory::getApplication();
     // Get model data.
     $this->state = $this->get('State');
     $this->item = $this->get('Item');
     $this->form = $this->get('Form');
     $this->return_page = $this->get('ReturnPage');
     if (empty($this->item->id)) {
         $authorised = User::authorise('core.create', 'com_content') || count(User::getAuthorisedCategories('com_content', 'core.create'));
     } else {
         $authorised = $this->item->params->get('access-edit');
     }
     if ($authorised !== true) {
         App::abort(403, Lang::txt('JERROR_ALERTNOAUTHOR'));
         return false;
     }
     if (!empty($this->item) && isset($this->item->id)) {
         $this->item->images = json_decode($this->item->images);
         $this->item->urls = json_decode($this->item->urls);
         $tmp = new stdClass();
         $tmp->images = $this->item->images;
         $tmp->urls = $this->item->urls;
         $this->form->bind($tmp);
     }
     // Check for errors.
     if (count($errors = $this->get('Errors'))) {
         throw new Exception(implode("\n", $errors), 500);
         return false;
     }
     // Create a shortcut to the parameters.
     $params =& $this->state->params;
     //Escape strings for HTML output
     $this->pageclass_sfx = htmlspecialchars($params->get('pageclass_sfx'));
     $this->params = $params;
     $this->user = User::getRoot();
     if ($params->get('enable_category') == 1) {
         $this->form->setFieldAttribute('catid', 'default', $params->get('catid', 1));
         $this->form->setFieldAttribute('catid', 'readonly', 'true');
     }
     $this->_prepareDocument();
     parent::display($tpl);
 }
Example #26
0
 /**
  * Display the button
  *
  * @param   string   $name
  * @param   string   $asset
  * @param   integer  $author
  * @return  array    A two element array of (imageName, textToInsert)
  */
 public function onDisplay($name, $asset, $author)
 {
     $params = Component::params('com_media');
     $extension = Request::getCmd('option');
     if ($asset == '') {
         $asset = $extension;
     }
     if (User::authorise('core.edit', $asset) || User::authorise('core.create', $asset) || count(User::getAuthorisedCategories($asset, 'core.create')) > 0 || User::authorise('core.edit.own', $asset) && $author == User::get('id') || count(User::getAuthorisedCategories($extension, 'core.edit')) > 0 || count(User::getAuthorisedCategories($extension, 'core.edit.own')) > 0 && $author == User::get('id')) {
         $link = 'index.php?option=com_media&amp;view=images&amp;tmpl=component&amp;e_name=' . $name . '&amp;asset=' . $asset . '&amp;author=' . $author;
         Html::behavior('modal');
         $button = new \Hubzero\Base\Object();
         $button->set('modal', true);
         $button->set('link', $link);
         $button->set('text', Lang::txt('PLG_IMAGE_BUTTON_IMAGE'));
         $button->set('name', 'image');
         $button->set('options', "{handler: 'iframe', size: {x: 800, y: 500}}");
         return $button;
     }
     return false;
 }
Example #27
0
 /**
  * Display the view
  */
 public function display($tpl = null)
 {
     // Access check.
     if (!User::authorise('core.manage', 'com_users') || !Config::get('debug')) {
         throw new Exception(Lang::txt('JERROR_ALERTNOAUTHOR'), 404);
     }
     $this->actions = $this->get('DebugActions');
     $this->items = $this->get('Items');
     $this->pagination = $this->get('Pagination');
     $this->state = $this->get('State');
     $this->user = $this->get('User');
     $this->levels = UsersHelperDebug::getLevelsOptions();
     $this->components = UsersHelperDebug::getComponents();
     // Check for errors.
     if (count($errors = $this->get('Errors'))) {
         throw new Exception(implode("\n", $errors), 500);
         return false;
     }
     $this->addToolbar();
     parent::display($tpl);
 }
Example #28
0
 /**
  * Method to remove a record.
  */
 public function delete()
 {
     // Check for request forgeries.
     Session::checkToken() or exit(Lang::txt('JInvalid_Token'));
     // Initialise variables.
     $ids = Request::getVar('cid', array(), '', 'array');
     if (!User::authorise('core.admin', $this->option)) {
         throw new Exception(Lang::txt('JERROR_ALERTNOAUTHOR'), 403);
     } elseif (empty($ids)) {
         throw new Exception(Lang::txt('COM_USERS_NO_LEVELS_SELECTED'), 500);
     } else {
         // Get the model.
         $model = $this->getModel();
         \Hubzero\Utility\Arr::toInteger($ids);
         // Remove the items.
         if (!$model->delete($ids)) {
             throw new Exception($model->getError(), 500);
         } else {
             $this->setMessage(Lang::txts('COM_USERS_N_LEVELS_DELETED', count($ids)));
         }
     }
     $this->setRedirect('index.php?option=com_users&view=levels');
 }
Example #29
0
 /**
  * Method to auto-populate the model state.
  *
  * Note. Calling getState in this method will result in recursion.
  *
  * @since	1.6
  */
 protected function populateState($ordering = null, $direction = null)
 {
     parent::populateState($ordering, $direction);
     // List state information
     $limitstart = Request::getUInt('limitstart', 0);
     $this->setState('list.start', $limitstart);
     $params = $this->state->params;
     $limit = $params->get('num_leading_articles') + $params->get('num_intro_articles') + $params->get('num_links');
     $this->setState('list.limit', $limit);
     $this->setState('list.links', $params->get('num_links'));
     $this->setState('filter.frontpage', true);
     if (!User::authorise('core.edit.state', 'com_content') && !User::authorise('core.edit', 'com_content')) {
         // filter on published for those who do not have edit or edit.state rights.
         $this->setState('filter.published', 1);
     } else {
         $this->setState('filter.published', array(0, 1, 2));
     }
     // check for category selection
     if ($params->get('featured_categories') && implode(',', $params->get('featured_categories')) == true) {
         $featuredCategories = $params->get('featured_categories');
         $this->setState('filter.frontpage.categories', $featuredCategories);
     }
 }
Example #30
0
<?php

/**
 * @package		Joomla.Administrator
 * @subpackage	com_messages
 * @copyright	Copyright (C) 2005 - 2014 Open Source Matters, Inc. All rights reserved.
 * @license		GNU General Public License version 2 or later; see LICENSE.txt
 */
defined('_HZEXEC_') or die;
// Access check.
if (!User::authorise('core.manage', 'com_messages')) {
    return App::abort(404, Lang::txt('JERROR_ALERTNOAUTHOR'));
}
$controller = JControllerLegacy::getInstance('Messages');
$controller->execute(Request::getCmd('task'));
$controller->redirect();