/**
* Method override to check if you can edit an existing record.
*
* @param array $data An array of input data.
* @param string $key The name of the key for the primary key.
*
* @return boolean
*
* @since 1.6
*/
protected function allowEdit($data = array(), $key = 'id')
{
// Initialise variables.
$recordId = (int) isset($data[$key]) ? $data[$key] : 0;
$userId = User::get('id');
// Check general edit permission first.
if (User::authorise('core.edit', 'com_content.article.' . $recordId)) {
return true;
}
// Fallback on edit.own.
// First test if the permission is available.
if (User::authorise('core.edit.own', 'com_content.article.' . $recordId)) {
// Now test the owner is the user.
$ownerId = (int) isset($data['created_by']) ? $data['created_by'] : 0;
if (empty($ownerId) && $recordId) {
// Need to do a lookup from the model.
$record = $this->getModel()->getItem($recordId);
if (empty($record)) {
return false;
}
$ownerId = $record->created_by;
}
// If the owner matches 'me' then do the test.
if ($ownerId == $userId) {
return true;
}
}
// Since there is no asset tracking, revert to the component permissions.
return parent::allowEdit($data, $key);
}
/**
* Method to generate html code for a list of buttons
*
* @param array|object $button Button properties
* @return string
*/
public static function button($button)
{
if (!empty($button['access'])) {
if (is_bool($button['access'])) {
if ($button['access'] == false) {
return '';
}
} else {
// Take each pair of permission, context values.
for ($i = 0, $n = count($button['access']); $i < $n; $i += 2) {
if (!\User::authorise($button['access'][$i], $button['access'][$i + 1])) {
return '';
}
}
}
}
$html[] = '<div class="icon-wrapper"' . (empty($button['id']) ? '' : ' id="' . $button['id'] . '"') . '>';
$html[] = '<div class="icon">';
$html[] = '<a href="' . $button['link'] . '"';
$html[] = empty($button['target']) ? '' : ' target="' . $button['target'] . '"';
$html[] = empty($button['onclick']) ? '' : ' onclick="' . $button['onclick'] . '"';
$html[] = empty($button['title']) ? '' : ' title="' . htmlspecialchars($button['title']) . '"';
$html[] = '>';
if (isset($button['image']) && $button['image']) {
$html[] = \Html::asset('image', empty($button['image']) ? '' : $button['image'], empty($button['alt']) ? null : htmlspecialchars($button['alt']), null, true);
}
$html[] = empty($button['text']) ? '' : '<span>' . $button['text'] . '</span>';
$html[] = '</a>';
$html[] = '</div>';
$html[] = '</div>';
return implode($html);
}
/**
* Method to check if you can edit a record.
*
* @param array $data An array of input data.
* @param string $key The name of the key for the primary key.
*
* @return boolean
*
* @since 1.6
*/
protected function allowEdit($data = array(), $key = 'parent_id')
{
// Initialise variables.
$recordId = (int) isset($data[$key]) ? $data[$key] : 0;
$userId = User::get('id');
// Check general edit permission first.
if (User::authorise('core.edit', $this->extension)) {
return true;
}
// Check specific edit permission.
if (User::authorise('core.edit', $this->extension . '.category.' . $recordId)) {
return true;
}
// Fallback on edit.own.
// First test if the permission is available.
if (User::authorise('core.edit.own', $this->extension . '.category.' . $recordId) || User::authorise('core.edit.own', $this->extension)) {
// Now test the owner is the user.
$ownerId = (int) isset($data['created_user_id']) ? $data['created_user_id'] : 0;
if (empty($ownerId) && $recordId) {
// Need to do a lookup from the model.
$record = $this->getModel()->getItem($recordId);
if (empty($record)) {
return false;
}
$ownerId = $record->created_user_id;
}
// If the owner matches 'me' then do the test.
if ($ownerId == $userId) {
return true;
}
}
return false;
}
/**
* Removes an item
*/
function delete()
{
// Check for request forgeries
Session::checkToken() or exit(Lang::txt('JINVALID_TOKEN'));
// Initialise variables.
$ids = Request::getVar('cid', array(), '', 'array');
// Access checks.
foreach ($ids as $i => $id) {
if (!User::authorise('core.delete', 'com_content.article.' . (int) $id)) {
// Prune items that you can't delete.
unset($ids[$i]);
Notify::warning(Lang::txt('JERROR_CORE_DELETE_NOT_PERMITTED'));
}
}
if (empty($ids)) {
Notify::error(Lang::txt('JERROR_NO_ITEMS_SELECTED'));
} else {
// Get the model.
$model = $this->getModel();
// Remove the items.
if (!$model->featured($ids, 0)) {
throw new Exception($model->getError(), 500);
}
}
$this->setRedirect('index.php?option=com_content&view=featured');
}
/**
* Gets a list of the actions that can be performed.
*
* @return Object
*/
public static function getActions()
{
$result = new \Hubzero\Base\Object();
$actions = JAccess::getActions('com_templates');
foreach ($actions as $action) {
$result->set($action->name, User::authorise($action->name, 'com_templates'));
}
return $result;
}
/**
* Gets a list of the actions that can be performed.
*
* @return Object
*/
public static function getActions()
{
$result = new \Hubzero\Base\Object();
$assetName = 'com_languages';
$actions = JAccess::getActions($assetName);
foreach ($actions as $action) {
$result->set($action->name, User::authorise($action->name, $assetName));
}
return $result;
}
/**
* Gets a list of the actions that can be performed.
*
* @return Object
*
* @since 1.6
* @todo Refactor to work with notes
*/
public static function getActions()
{
if (empty(self::$actions)) {
self::$actions = new \Hubzero\Base\Object();
$actions = JAccess::getActions('com_users');
foreach ($actions as $action) {
self::$actions->set($action->name, User::authorise($action->name, 'com_users'));
}
}
return self::$actions;
}
/**
* Overrides JControllerForm::allowEdit
*
* Checks that non-Super Admins are not editing Super Admins.
*
* @param array $data An array of input data.
* @param string $key The name of the key for the primary key.
*
* @return boolean True if allowed, false otherwise.
*
* @since 1.6
*/
protected function allowEdit($data = array(), $key = 'id')
{
// Check if this person is a Super Admin
if (JAccess::check($data[$key], 'core.admin')) {
// If I'm not a Super Admin, then disallow the edit.
if (!User::authorise('core.admin')) {
return false;
}
}
return parent::allowEdit($data, $key);
}
/**
* This method is called when the Quick Icons module is constructing its set
* of icons. You can return an array which defines a single icon and it will
* be rendered right after the stock Quick Icons.
*
* @param $context The calling context
* @return array A list of icon definition associative arrays, consisting of the
* keys link, image, text and access.
*/
public function onGetIcons($context)
{
if ($context != $this->params->get('context', 'mod_quickicon') || !User::authorise('core.manage', 'com_installer')) {
return;
}
$cur_template = App::get('template')->template;
$ajax_url = Request::base() . 'index.php?option=com_installer&view=update&task=update.ajax';
$script = "\n\t\t\tvar plg_quickicon_joomlaupdate_ajax_url = '{$ajax_url}';\n\t\t\tvar plg_quickicon_jupdatecheck_jversion = '" . JVERSION . "';\n\t\t\tvar plg_quickicon_joomlaupdate_text = {\n\t\t\t\t'UPTODATE' : '" . Lang::txt('PLG_QUICKICON_JOOMLAUPDATE_UPTODATE', true) . "',\n\t\t\t\t'UPDATEFOUND' : '" . Lang::txt('PLG_QUICKICON_JOOMLAUPDATE_UPDATEFOUND', true) . "',\n\t\t\t\t'ERROR' : '" . Lang::txt('PLG_QUICKICON_JOOMLAUPDATE_ERROR', true) . "'\n\t\t\t};\n\t\t\tvar plg_quickicon_joomlaupdate_img = {\n\t\t\t\t'UPTODATE' : '" . Request::base(true) . '/templates/' . $cur_template . '/images/header/icon-48-jupdate-uptodate.png' . "',\n\t\t\t\t'ERROR': '" . Request::base(true) . '/templates/' . $cur_template . '/images/header/icon-48-deny.png' . "',\n\t\t\t\t'UPDATEFOUND': '" . Request::base(true) . '/templates/' . $cur_template . '/images/header/icon-48-jupdate-updatefound.png' . "'\n\t\t\t};";
$this->js($script);
$this->js('jupdatecheck.js');
return array(array('link' => 'index.php?option=com_joomlaupdate', 'image' => 'header/icon-48-download.png', 'text' => Lang::txt('PLG_QUICKICON_JOOMLAUPDATE_CHECKING'), 'id' => 'plg_quickicon_joomlaupdate'));
}
/**
* Retrieve records for items tagged with specific tags
*
* @param array $tags Tags to match records against
* @param mixed $limit SQL record limit
* @param integer $limitstart SQL record limit start
* @param string $sort The field to sort records by
* @param mixed $areas An array or string of areas that should retrieve records
* @return mixed Returns integer when counting records, array when retrieving records
*/
public function onTagView($tags, $limit = 0, $limitstart = 0, $sort = '', $areas = null)
{
$response = array('name' => $this->_name, 'title' => Lang::txt('PLG_TAGS_FORUM'), 'total' => 0, 'results' => null, 'sql' => '');
$database = App::get('db');
$ids = array();
foreach ($tags as $tag) {
$ids[] = $tag->get('id');
}
$ids = implode(',', $ids);
$addtl_where = array();
$gids = $this->_getGroupIds(User::get('id'));
if (!User::authorise('core.view', 'com_forum')) {
$addtl_where[] = 'e.scope_id IN (0' . ($gids ? ',' . join(',', $gids) : '') . ')';
} else {
$viewlevels = '0,' . implode(',', User::getAuthorisedViewLevels());
if ($gids) {
$addtl_where[] = '(e.access IN (' . $viewlevels . ') OR ((e.access = 4 OR e.access = 5) AND e.scope_id IN (0,' . join(',', $gids) . ')))';
} else {
$addtl_where[] = '(e.access IN (' . $viewlevels . '))';
}
}
// Build the query
$e_count = "SELECT COUNT(f.id) FROM (SELECT e.id, COUNT(DISTINCT t.tagid) AS uniques";
$e_fields = "SELECT e.id, e.title, e.id AS alias, e.comment AS itext, e.comment AS ftext, e.state, e.created, e.created_by, e.modified, e.created AS publish_up, NULL AS publish_down,\n\t\t\t\t\t(CASE WHEN e.scope_id > 0 AND e.scope='group' THEN\n\t\t\t\t\t\tconcat('/groups/', g.cn, concat('/forum/', coalesce(concat(s.alias, '/', coalesce(concat(c.alias, '/'), ''))), CASE WHEN e.parent > 0 THEN e.parent ELSE e.id END))\n\t\t\t\t\tELSE\n\t\t\t\t\t\tconcat('/forum/', coalesce(concat(s.alias, '/', coalesce(concat(c.alias, '/'), ''))), CASE WHEN e.parent > 0 THEN e.parent ELSE e.id END)\n\t\t\t\t\tEND) AS href,\n\t\t\t\t\t'forum' AS section, COUNT(DISTINCT t.tagid) AS uniques, CONCAT(e.thread, ':', e.parent) AS params, e.scope AS rcount, c.alias AS data1, s.alias AS data2, e.scope_id AS data3 ";
//e.last_activity AS rcount, c.alias AS data1, s.alias AS data2, g.cn AS data3
$e_from = " FROM #__forum_posts AS e\n\t\t \t\t\tLEFT JOIN #__forum_categories c ON c.id = e.category_id\n\t\t\t\t\tLEFT JOIN #__forum_sections s ON s.id = c.section_id\n\t\t\t\t\tLEFT JOIN #__xgroups g ON g.gidNumber = e.scope_id\n\t\t\t\t\tLEFT JOIN #__tags_object AS t ON t.objectid=e.id AND t.tbl='forum' AND t.tagid IN ({$ids})";
$e_where = " WHERE e.state=1 AND e.parent=0" . ($addtl_where ? ' AND ' . join(' AND ', $addtl_where) : '');
$e_where .= " GROUP BY e.id HAVING uniques=" . count($tags);
$order_by = " ORDER BY ";
switch ($sort) {
case 'title':
$order_by .= 'title ASC, created';
break;
case 'id':
$order_by .= "id DESC";
break;
case 'date':
default:
$order_by .= 'created DESC, title';
break;
}
$order_by .= $limit != 'all' ? " LIMIT {$limitstart},{$limit}" : "";
$database->setQuery($e_count . $e_from . $e_where . ") AS f");
$response['total'] = $database->loadResult();
if ($areas && $areas == $response['name']) {
$database->setQuery($e_fields . $e_from . $e_where . $order_by);
$response['results'] = $database->loadObjectList();
} else {
$response['sql'] = $e_fields . $e_from . $e_where;
}
return $response;
}
/**
* Returns an icon definition for an icon which looks for extensions updates
* via AJAX and displays a notification when such updates are found.
*
* @param $context The calling context
*
* @return array A list of icon definition associative arrays, consisting of the
* keys link, image, text and access.
*
* @since 2.5
*/
public function onGetIcons($context)
{
if ($context != $this->params->get('context', 'mod_quickicon') || !User::authorise('core.manage', 'com_installer')) {
return;
}
$cur_template = App::get('template')->template;
$ajax_url = Request::base() . 'index.php?option=com_installer&view=update&task=update.ajax';
$script = "var plg_quickicon_extensionupdate_ajax_url = '{$ajax_url}';\n";
$script .= 'var plg_quickicon_extensionupdate_text = {"UPTODATE" : "' . Lang::txt('PLG_QUICKICON_EXTENSIONUPDATE_UPTODATE', true) . '", "UPDATEFOUND": "' . Lang::txt('PLG_QUICKICON_EXTENSIONUPDATE_UPDATEFOUND', true) . '", "ERROR": "' . Lang::txt('PLG_QUICKICON_EXTENSIONUPDATE_ERROR', true) . "\"};\n";
$this->js($script);
$this->js('extensionupdatecheck.js');
return array(array('link' => 'index.php?option=com_installer&view=update', 'image' => 'header/icon-48-extension.png', 'text' => Lang::txt('PLG_QUICKICON_EXTENSIONUPDATE_CHECKING'), 'id' => 'plg_quickicon_extensionupdate'));
}
/**
* Retrieve records for items tagged with specific tags
*
* @param array $tags Tags to match records against
* @param mixed $limit SQL record limit
* @param integer $limitstart SQL record limit start
* @param string $sort The field to sort records by
* @param mixed $areas An array or string of areas that should retrieve records
* @return mixed Returns integer when counting records, array when retrieving records
*/
public function onTagView($tags, $limit = 0, $limitstart = 0, $sort = '', $areas = null)
{
$response = array('name' => $this->_name, 'title' => Lang::txt('PLG_TAGS_GROUPS'), 'total' => 0, 'results' => null, 'sql' => '');
if (empty($tags)) {
return $response;
}
$database = App::get('db');
$ids = array();
foreach ($tags as $tag) {
$ids[] = $tag->get('id');
}
$ids = implode(',', $ids);
$from = '';
if (!User::authorise('core.view', 'com_groups')) {
$from = " JOIN #__xgroups_members AS m ON m.gidNumber=a.gidNumber AND m.uidNumber=" . User::get('id');
}
// Build the query
$f_count = "SELECT COUNT(f.gidNumber) FROM (SELECT a.gidNumber, COUNT(DISTINCT t.tagid) AS uniques ";
$f_fields = "SELECT a.gidNumber AS id, a.description AS title, a.cn AS alias, NULL AS itext, a.public_desc AS ftext, a.type AS state, a.created,\n\t\t\t\t\ta.created_by, NULL AS modified, NULL AS publish_up,\n\t\t\t\t\tNULL AS publish_down, CONCAT('index.php?option=com_groups&cn=', a.cn) AS href, 'groups' AS section, COUNT(DISTINCT t.tagid) AS uniques,\n\t\t\t\t\ta.params, NULL AS rcount, NULL AS data1, NULL AS data2, NULL AS data3 ";
$f_from = " FROM #__xgroups AS a {$from}\n\t\t\t\t\tJOIN #__tags_object AS t\n\t\t\t\t\tWHERE a.type=1 AND a.discoverability=0\n\t\t\t\t\tAND a.gidNumber=t.objectid\n\t\t\t\t\tAND t.tbl='groups'\n\t\t\t\t\tAND t.tagid IN ({$ids})";
$f_from .= " GROUP BY a.gidNumber HAVING uniques=" . count($tags);
$order_by = " ORDER BY ";
switch ($sort) {
case 'title':
$order_by .= 'title ASC, publish_up';
break;
case 'id':
$order_by .= "id DESC";
break;
case 'date':
default:
$order_by .= 'publish_up DESC, title';
break;
}
$order_by .= $limit != 'all' ? " LIMIT {$limitstart},{$limit}" : "";
$database->setQuery($f_count . $f_from . ") AS f");
$response['total'] = $database->loadResult();
if ($areas && $areas == $response['name']) {
$database->setQuery($f_fields . $f_from . $order_by);
$response['results'] = $database->loadObjectList();
if ($response['results']) {
// Loop through the results and set each item's HREF
foreach ($response['results'] as $key => $row) {
$response['results'][$key]->href = Route::url('index.php?option=com_groups&cn=' . $row->alias);
}
}
} else {
$response['sql'] = $f_fields . $f_from;
}
return $response;
}
/**
* Gets a list of the actions that can be performed.
*
* @param int The menu ID.
*
* @return Object
* @since 1.6
*/
public static function getActions($parentId = 0)
{
$result = new \Hubzero\Base\Object();
if (empty($parentId)) {
$assetName = 'com_menus';
} else {
$assetName = 'com_menus.item.' . (int) $parentId;
}
$actions = JAccess::getActions('com_menus');
foreach ($actions as $action) {
$result->set($action->name, User::authorise($action->name, $assetName));
}
return $result;
}
/**
* Build search query and add it to the $results
*
* @param object $request \Components\Search\Models\Basic\Request
* @param object &$results \Components\Search\Models\Basic\Result\Set
* @param object $authz \Components\Search\Models\Basic\Authorization
* @return void
*/
public static function onSearch($request, &$results, $authz)
{
$terms = $request->get_term_ar();
$weight = "match(f.title, f.comment) against ('" . join(' ', $terms['stemmed']) . "')";
$addtl_where = array();
foreach ($terms['mandatory'] as $mand) {
$addtl_where[] = "(f.title LIKE '%{$mand}%' OR f.comment LIKE '%{$mand}%')";
}
foreach ($terms['forbidden'] as $forb) {
$addtl_where[] = "(f.title NOT LIKE '%{$forb}%' AND f.comment NOT LIKE '%{$forb}%')";
}
$gids = $authz->get_group_ids();
if (!User::authorise('core.view', 'com_groups')) {
$addtl_where[] = 'f.scope_id IN (0' . ($gids ? ',' . join(',', $gids) : '') . ')';
} else {
$viewlevels = implode(',', User::getAuthorisedViewLevels());
if ($gids) {
$addtl_where[] = '(f.access IN (0,' . $viewlevels . ') OR ((f.access = 4 OR f.access = 5) AND f.scope_id IN (0,' . join(',', $gids) . ')))';
} else {
$addtl_where[] = '(f.access IN (0,' . $viewlevels . '))';
}
}
// fml
$groupAuth = array();
if ($authz->is_super_admin()) {
$groupAuth[] = '1';
} else {
$groupAuth[] = "g.plugins LIKE '%forum=anyone%'";
if (!$authz->is_guest()) {
$groupAuth[] = "g.plugins LIKE '%forum=registered%'";
if ($gids) {
$groupAuth[] = "(g.plugins LIKE '%wiki=members%' AND g.gidNumber IN (" . join(',', $gids) . "))";
}
}
}
$rows = new \Components\Search\Models\Basic\Result\Sql("SELECT\n\t\t\t\tf.title,\n\t\t\t\tcoalesce(f.comment, '') AS description, f.scope_id, s.alias as sect, c.alias as cat, CASE WHEN f.parent > 0 THEN f.parent ELSE f.id END as `thread`,\n\t\t\t\t(CASE\n\t\t\t\t\tWHEN f.scope_id > 0 AND f.scope='group' THEN concat('index.php?option=com_groups&cn=', g.cn, '&active=forum')\n\t\t\t\t\tELSE concat('index.php?option=com_forum§ion=', coalesce(concat(s.alias, '&category=', coalesce(concat(c.alias, '&thread='), ''))), CASE WHEN f.parent > 0 THEN f.parent ELSE f.id END)\n\t\t\t\tEND) AS `link`,\n\t\t\t\t{$weight} AS `weight`,\n\t\t\t\tf.created AS `date`,\n\t\t\t\tconcat(s.alias, ', ', c.alias) AS `section`\n\t\t\tFROM `#__forum_posts` f\n\t\t\tLEFT JOIN `#__forum_categories` AS c\n\t\t\t\tON c.id = f.category_id\n\t\t\tLEFT JOIN `#__forum_sections` AS s\n\t\t\t\tON s.id = c.section_id\n\t\t\tLEFT JOIN `#__xgroups` AS g\n\t\t\t\tON g.gidNumber = f.scope_id AND f.scope='group'\n\t\t\tWHERE\n\t\t\t\tf.state = 1 AND\n\t\t\t\tf.scope != 'course' AND\n\t\t\t\t{$weight} > 0" . ($addtl_where ? ' AND ' . join(' AND ', $addtl_where) : '') . " AND (g.gidNumber IS NULL OR (" . implode(' OR ', $groupAuth) . "))\n\t\t\tORDER BY {$weight} DESC");
foreach ($rows->to_associative() as $row) {
if (!$row) {
continue;
}
if ($row->scope_id) {
$row->link .= '/' . ($row->sect ? $row->sect : 'defaultsection') . '/';
$row->link .= ($row->cat ? $row->cat : 'discussion') . '/';
$row->link .= $row->thread;
}
$results->add($row);
}
}
/**
* Display the view
*/
function display($tpl = null)
{
// Access check.
if (!User::authorise('core.admin')) {
return App::abort(404, Lang::txt('JERROR_ALERTNOAUTHOR'));
}
// Initialise variables.
$this->php_settings = $this->get('PhpSettings');
$this->config = $this->get('config');
$this->info = $this->get('info');
$this->php_info = $this->get('PhpInfo');
$this->directory = $this->get('directory');
$this->addToolbar();
$this->_setSubMenu();
parent::display($tpl);
}
/**
* Gets a list of the actions that can be performed.
*
* @param int The category ID.
*
* @return Object
*/
public static function getActions($categoryId = 0, $newsfeedId = 0)
{
$result = new \Hubzero\Base\Object();
if (empty($categoryId)) {
$assetName = 'com_newsfeeds';
$level = 'component';
} else {
$assetName = 'com_newsfeeds.category.' . (int) $categoryId;
$level = 'category';
}
$actions = JAccess::getActions('com_newsfeeds', $level);
foreach ($actions as $action) {
$result->set($action->name, User::authorise($action->name, $assetName));
}
return $result;
}
/**
* Method to auto-populate the model state.
*
* Note. Calling getState in this method will result in recursion.
*
* @return void
* @since 1.6
*/
protected function populateState()
{
$app = JFactory::getApplication('site');
// Load state from the request.
$pk = Request::getInt('id');
$this->setState('newsfeed.id', $pk);
$offset = Request::getUInt('limitstart', 0);
$this->setState('list.offset', $offset);
// Load the parameters.
$params = $app->getParams();
$this->setState('params', $params);
if (!User::authorise('core.edit.state', 'com_newsfeeds') && !User::authorise('core.edit', 'com_newsfeeds')) {
$this->setState('filter.published', 1);
$this->setState('filter.archived', 2);
}
}
/**
* Method to check if you can edit a record.
*
* @param array $data An array of input data.
* @param string $key The name of the key for the primary key.
*
* @return boolean
*
* @since 1.6
*/
protected function allowEdit($data = array(), $key = 'id')
{
// Initialise variables.
$recordId = (int) isset($data[$key]) ? $data[$key] : 0;
$categoryId = 0;
if ($recordId) {
$categoryId = (int) $this->getModel()->getItem($recordId)->catid;
}
if ($categoryId) {
// The category has been set. Check the category permissions.
return User::authorise('core.edit', $this->option . '.category.' . $categoryId);
} else {
// Since there is no asset tracking, revert to the component permissions.
return parent::allowEdit($data, $key);
}
}
/**
* Check if user can perform a given action
*
* @param string $action - action to perform
* @param string $type - type of item to check
* @param int $id - id of item to check
*
* @return bool
*/
public function can($action, $type = 'hubs', $id = 0)
{
// Group authorization overrides all (for now)
if ($this->authorize()) {
return true;
}
$name = $this->option;
if ($id) {
$name .= '.' . $type . '.' . (int) $id;
}
$key = $name . '.' . $action;
if (!isset($this->permissions[$key])) {
$this->permissions[$key] = User::authorise($action, $name);
}
return $this->permissions[$key];
}
/**
* Build search query and add it to the $results
*
* @param object $request \Components\Search\Models\Basic\Request
* @param object &$results \Components\Search\Models\Basic\Result\Set
* @param object $authz \Components\Search\Models\Basic\Authorization
* @return void
*/
public static function onSearch($request, &$results, $authz)
{
$terms = $request->get_term_ar();
$weight = 'match(p.alias, p.title, p.about) AGAINST (\'' . join(' ', $terms['stemmed']) . '\')';
$from = '';
if (!User::authorise('core.view', 'com_groups')) {
$from = " JOIN #__xgroups_members AS m ON m.gidNumber=p.owned_by_group AND m.uidNumber=" . User::get('id');
}
$addtl_where = array();
foreach ($terms['mandatory'] as $mand) {
$addtl_where[] = "(p.alias LIKE '%{$mand}%' OR p.title LIKE '%{$mand}%' OR p.about LIKE '%{$mand}%')";
}
foreach ($terms['forbidden'] as $forb) {
$addtl_where[] = "(p.alias NOT LIKE '%{$forb}%' AND p.title NOT LIKE '%{$forb}%' AND p.about NOT LIKE '%{$forb}%')";
}
$results->add(new \Components\Search\Models\Basic\Result\Sql("SELECT\n\t\t\t\tp.title,\n\t\t\t\tp.about AS `description`,\n\t\t\t\tconcat('index.php?option=com_projects&alias=', p.alias) AS `link`,\n\t\t\t\t{$weight} AS `weight`,\n\t\t\t\tNULL AS `date`,\n\t\t\t\t'Projects' AS `section`\n\t\t\tFROM `#__projects` AS p {$from}\n\t\t\tWHERE\n\t\t\t\tp.state!=2 AND p.private=0 AND {$weight} > 0" . ($addtl_where ? ' AND ' . join(' AND ', $addtl_where) : '') . " ORDER BY {$weight} DESC"));
}
/**
* Gets a list of the actions that can be performed.
*
* @param int The category ID.
* @param int The article ID.
*
* @return Object
* @since 1.6
*/
public static function getActions($categoryId = 0, $articleId = 0)
{
// Reverted a change for version 2.5.6
$result = new \Hubzero\Base\Object();
if (empty($articleId) && empty($categoryId)) {
$assetName = 'com_content';
} elseif (empty($articleId)) {
$assetName = 'com_content.category.' . (int) $categoryId;
} else {
$assetName = 'com_content.article.' . (int) $articleId;
}
$actions = array('core.admin', 'core.manage', 'core.create', 'core.edit', 'core.edit.own', 'core.edit.state', 'core.delete');
foreach ($actions as $action) {
$result->set($action, User::authorise($action, $assetName));
}
return $result;
}
/**
* Build search query and add it to the $results
*
* @param object $request \Components\Search\Models\Basic\Request
* @param object &$results \Components\Search\Models\Basic\Result\Set
* @param object $authz \Components\Search\Models\Basic\Authorization
* @return void
*/
public static function onSearch($request, &$results, $authz)
{
$terms = $request->get_term_ar();
$weight = 'match(g.cn, g.description, g.public_desc) AGAINST (\'' . join(' ', $terms['stemmed']) . '\')';
$from = '';
if (!User::isGuest() && !User::authorise('core.view', 'com_groups')) {
$from = " JOIN `#__xgroups_members` AS m ON m.gidNumber=g.gidNumber AND m.uidNumber=" . User::get('id');
}
$addtl_where = array();
foreach ($terms['mandatory'] as $mand) {
$addtl_where[] = "(g.cn LIKE '%{$mand}%' OR g.description LIKE '%{$mand}%' OR g.public_desc LIKE '%{$mand}%')";
}
foreach ($terms['forbidden'] as $forb) {
$addtl_where[] = "(g.cn NOT LIKE '%{$forb}%' AND g.description NOT LIKE '%{$forb}%' AND g.public_desc NOT LIKE '%{$forb}%')";
}
$results->add(new \Components\Search\Models\Basic\Result\Sql("SELECT\n\t\t\t\tg.description AS title,\n\t\t\t\tcoalesce(g.public_desc, '') AS description,\n\t\t\t\tconcat('index.php?option=com_groups&cn=', g.cn) AS link,\n\t\t\t\t{$weight} AS weight,\n\t\t\t\tNULL AS date,\n\t\t\t\t'Groups' AS section\n\t\t\tFROM `#__xgroups` g {$from}\n\t\t\tWHERE\n\t\t\t\t(g.type = 1 OR g.type = 3) AND g.published=1 AND g.approved=1 AND g.discoverability = 0 AND {$weight} > 0" . ($addtl_where ? ' AND ' . join(' AND ', $addtl_where) : '') . " ORDER BY {$weight} DESC"));
}
/**
* Gets a list of the actions that can be performed.
*
* @param string $extension The extension.
* @param int $categoryId The category ID.
* @return Object
* @since 1.6
*/
public static function getActions($extension, $categoryId = 0)
{
$result = new \Hubzero\Base\Object();
$parts = explode('.', $extension);
$component = $parts[0];
if (empty($categoryId)) {
$assetName = $component;
$level = 'component';
} else {
$assetName = $component . '.category.' . (int) $categoryId;
$level = 'category';
}
$actions = JAccess::getActions($component, $level);
foreach ($actions as $action) {
$result->set($action->name, User::authorise($action->name, $assetName));
}
return $result;
}
/**
* Add the page title and toolbar.
*
* @since 1.6
*/
protected function addToolbar()
{
// Set the titlebar text
Toolbar::title(Lang::txt('COM_MEDIA'), 'mediamanager.png');
// Add a delete button
if (User::authorise('core.delete', 'com_media')) {
$title = Lang::txt('JTOOLBAR_DELETE');
$dhtml = "<a href=\"#\" onclick=\"MediaManager.submit('folder.delete')\" data-title=\"{$title}\">\n\t\t\t\t\t\t<span class=\"icon-32-delete\">{$title}</span>\n\t\t\t\t\t</a>";
Toolbar::appendButton('Custom', $dhtml, 'delete');
Toolbar::divider();
}
// Add a delete button
if (User::authorise('core.admin', 'com_media')) {
Toolbar::preferences('com_media', 450, 800, 'JToolbar_Options', '', 'window.location.reload()');
Toolbar::divider();
}
Toolbar::help('media');
}
public function display($tpl = null)
{
// Initialise variables.
$app = JFactory::getApplication();
// Get model data.
$this->state = $this->get('State');
$this->item = $this->get('Item');
$this->form = $this->get('Form');
$this->return_page = $this->get('ReturnPage');
if (empty($this->item->id)) {
$authorised = User::authorise('core.create', 'com_content') || count(User::getAuthorisedCategories('com_content', 'core.create'));
} else {
$authorised = $this->item->params->get('access-edit');
}
if ($authorised !== true) {
App::abort(403, Lang::txt('JERROR_ALERTNOAUTHOR'));
return false;
}
if (!empty($this->item) && isset($this->item->id)) {
$this->item->images = json_decode($this->item->images);
$this->item->urls = json_decode($this->item->urls);
$tmp = new stdClass();
$tmp->images = $this->item->images;
$tmp->urls = $this->item->urls;
$this->form->bind($tmp);
}
// Check for errors.
if (count($errors = $this->get('Errors'))) {
throw new Exception(implode("\n", $errors), 500);
return false;
}
// Create a shortcut to the parameters.
$params =& $this->state->params;
//Escape strings for HTML output
$this->pageclass_sfx = htmlspecialchars($params->get('pageclass_sfx'));
$this->params = $params;
$this->user = User::getRoot();
if ($params->get('enable_category') == 1) {
$this->form->setFieldAttribute('catid', 'default', $params->get('catid', 1));
$this->form->setFieldAttribute('catid', 'readonly', 'true');
}
$this->_prepareDocument();
parent::display($tpl);
}
/**
* Display the button
*
* @param string $name
* @param string $asset
* @param integer $author
* @return array A two element array of (imageName, textToInsert)
*/
public function onDisplay($name, $asset, $author)
{
$params = Component::params('com_media');
$extension = Request::getCmd('option');
if ($asset == '') {
$asset = $extension;
}
if (User::authorise('core.edit', $asset) || User::authorise('core.create', $asset) || count(User::getAuthorisedCategories($asset, 'core.create')) > 0 || User::authorise('core.edit.own', $asset) && $author == User::get('id') || count(User::getAuthorisedCategories($extension, 'core.edit')) > 0 || count(User::getAuthorisedCategories($extension, 'core.edit.own')) > 0 && $author == User::get('id')) {
$link = 'index.php?option=com_media&view=images&tmpl=component&e_name=' . $name . '&asset=' . $asset . '&author=' . $author;
Html::behavior('modal');
$button = new \Hubzero\Base\Object();
$button->set('modal', true);
$button->set('link', $link);
$button->set('text', Lang::txt('PLG_IMAGE_BUTTON_IMAGE'));
$button->set('name', 'image');
$button->set('options', "{handler: 'iframe', size: {x: 800, y: 500}}");
return $button;
}
return false;
}
/**
* Display the view
*/
public function display($tpl = null)
{
// Access check.
if (!User::authorise('core.manage', 'com_users') || !Config::get('debug')) {
throw new Exception(Lang::txt('JERROR_ALERTNOAUTHOR'), 404);
}
$this->actions = $this->get('DebugActions');
$this->items = $this->get('Items');
$this->pagination = $this->get('Pagination');
$this->state = $this->get('State');
$this->user = $this->get('User');
$this->levels = UsersHelperDebug::getLevelsOptions();
$this->components = UsersHelperDebug::getComponents();
// Check for errors.
if (count($errors = $this->get('Errors'))) {
throw new Exception(implode("\n", $errors), 500);
return false;
}
$this->addToolbar();
parent::display($tpl);
}
/**
* Method to remove a record.
*/
public function delete()
{
// Check for request forgeries.
Session::checkToken() or exit(Lang::txt('JInvalid_Token'));
// Initialise variables.
$ids = Request::getVar('cid', array(), '', 'array');
if (!User::authorise('core.admin', $this->option)) {
throw new Exception(Lang::txt('JERROR_ALERTNOAUTHOR'), 403);
} elseif (empty($ids)) {
throw new Exception(Lang::txt('COM_USERS_NO_LEVELS_SELECTED'), 500);
} else {
// Get the model.
$model = $this->getModel();
\Hubzero\Utility\Arr::toInteger($ids);
// Remove the items.
if (!$model->delete($ids)) {
throw new Exception($model->getError(), 500);
} else {
$this->setMessage(Lang::txts('COM_USERS_N_LEVELS_DELETED', count($ids)));
}
}
$this->setRedirect('index.php?option=com_users&view=levels');
}
/**
* Method to auto-populate the model state.
*
* Note. Calling getState in this method will result in recursion.
*
* @since 1.6
*/
protected function populateState($ordering = null, $direction = null)
{
parent::populateState($ordering, $direction);
// List state information
$limitstart = Request::getUInt('limitstart', 0);
$this->setState('list.start', $limitstart);
$params = $this->state->params;
$limit = $params->get('num_leading_articles') + $params->get('num_intro_articles') + $params->get('num_links');
$this->setState('list.limit', $limit);
$this->setState('list.links', $params->get('num_links'));
$this->setState('filter.frontpage', true);
if (!User::authorise('core.edit.state', 'com_content') && !User::authorise('core.edit', 'com_content')) {
// filter on published for those who do not have edit or edit.state rights.
$this->setState('filter.published', 1);
} else {
$this->setState('filter.published', array(0, 1, 2));
}
// check for category selection
if ($params->get('featured_categories') && implode(',', $params->get('featured_categories')) == true) {
$featuredCategories = $params->get('featured_categories');
$this->setState('filter.frontpage.categories', $featuredCategories);
}
}
<?php
/**
* @package Joomla.Administrator
* @subpackage com_messages
* @copyright Copyright (C) 2005 - 2014 Open Source Matters, Inc. All rights reserved.
* @license GNU General Public License version 2 or later; see LICENSE.txt
*/
defined('_HZEXEC_') or die;
// Access check.
if (!User::authorise('core.manage', 'com_messages')) {
return App::abort(404, Lang::txt('JERROR_ALERTNOAUTHOR'));
}
$controller = JControllerLegacy::getInstance('Messages');
$controller->execute(Request::getCmd('task'));
$controller->redirect();