public function isJoomlaAdmin() { $user = $this->getJoomlaUser(); return UserHelper::isJoomlaAdmin($user); }
public function save() { // check for request forgeries YRequest::checkToken() or jexit('Invalid Token'); // init vars $post = JRequest::get('post'); $db = YDatabase::getInstance(); $tzoffset = JFactory::getConfig()->getValue('config.offset'); $now = JFactory::getDate(); $now->setOffset($tzoffset); $msg = ''; try { $this->_init(); // is this an item edit? $edit = (int) $this->item->id; // is current user the item owner and does the user have sufficient user rights if ($edit && (!$this->item->canAccess($this->user) || $this->item->created_by != $this->user->id)) { throw new YControllerException('You are not allowed to make changes to this item.'); } // get default category - only in none trusted mode $categories = array(); if (!$this->submission->isInTrustedMode() && ($category = $this->submission->getForm($this->type->id)->get('category'))) { $categories[] = $category; } // get element data from post if (isset($post['elements'])) { // filter element data if (!$this->submission->isInTrustedMode() && !UserHelper::isJoomlaAdmin($this->user)) { JRequest::setVar('elements', SubmissionHelper::filterData($post['elements'])); $post = JRequest::get('post'); } // merge elements into post $post = array_merge($post, $post['elements']); } // fix publishing dates in trusted mode if ($this->submission->isInTrustedMode()) { // set publish up date if (isset($post['publish_up'])) { if (empty($post['publish_up'])) { $post['publish_up'] = $now->toMySQL(true); } } // set publish down date if (isset($post['publish_down'])) { if (trim($post['publish_down']) == JText::_('Never') || trim($post['publish_down']) == '') { $post['publish_down'] = $db->getNullDate(); } } } // sanatize tags if (!isset($post['tags'])) { $post['tags'] = array(); } // build new item form and bind it with post data $form = new ItemForm(array('submission' => $this->submission, 'item' => $this->item, 'elements_config' => $this->elements_config)); $form->bind($post); // save item if form is valid if ($form->isValid()) { // set name $this->item->name = $form->getValue('name'); // bind elements foreach ($this->elements_config as $data) { if (($element = $this->item->getElement($data->element)) && ($field = $form->getFormField($data->element))) { if ($field_data = $field->hasError() ? $field->getTaintedValue() : $field->getValue()) { $element->bindData($field_data); } else { $element->bindData(); } // perform submission uploads if ($element instanceof iSubmissionUpload) { $element->doUpload(); } } } // set alias $this->item->alias = ItemHelper::getUniqueAlias($this->item->id, YString::sluggify($this->item->name)); // set modified $this->item->modified = $now->toMySQL(); $this->item->modified_by = $this->user->get('id'); // creating new item if (!$edit) { // set state $this->item->state = 0; // set created date $this->item->created = $now->toMySQL(); $this->item->created_by = $this->user->get('id'); $this->item->created_by_alias = ''; // set publish up - publish down $this->item->publish_up = $now->toMySQL(); $this->item->publish_down = $db->getNullDate(); // set access $this->item->access = 0; // set searchable $this->item->searchable = 1; } if ($this->submission->isInTrustedMode()) { // set state $this->item->state = $form->getValue('state'); // set publish up if (($publish_up = $form->getValue('publish_up')) && !empty($publish_up)) { $date = JFactory::getDate($publish_up, $tzoffset); $publish_up = $date->toMySQL(); } $this->item->publish_up = $publish_up; // set publish down if (($publish_down = $form->getValue('publish_down')) && !empty($publish_down) && !($publish_down == $db->getNullDate())) { $date = JFactory::getDate($publish_down, $tzoffset); $publish_down = $date->toMySQL(); } $this->item->publish_down = $publish_down; // set searchable $this->item->searchable = $form->getValue('searchable'); // set comments enabled $this->item->params = $this->item->getParams()->set('config.enable_comments', $form->getValue('enable_comments'))->toString(); // set frontpage if ($form->getValue('frontpage')) { $categories[] = 0; } // set categories $tmp_categories = $form->getValue('categories'); if (!empty($tmp_categories)) { foreach ($form->getValue('categories') as $category) { $categories[] = $category; } } // set tags $tags = $form->hasError('tags') ? $form->getTaintedValue('tags') : $form->getValue('tags'); $this->item->setTags($tags); } else { // spam protection - user may only submit items every SubmissionController::TIME_BETWEEN_PUBLIC_SUBMISSIONS seconds if (!$edit) { $timestamp = $this->session->get('ZOO_LAST_SUBMISSION_TIMESTAMP'); $now = time(); if ($now < $timestamp + SubmissionController::TIME_BETWEEN_PUBLIC_SUBMISSIONS) { throw new SubmissionControllerException('You are submitting to fast, please try again in a few moments.'); } $this->session->set('ZOO_LAST_SUBMISSION_TIMESTAMP', $now); } } // save item YTable::getInstance('item')->save($this->item); // save category relations - only if editing in trusted mode if (!$edit || $this->submission->isInTrustedMode()) { CategoryHelper::saveCategoryItemRelations($this->item->id, $categories); } // set redirect message $msg = $this->submission->isInTrustedMode() ? JText::_('Thanks for your submission.') : JText::_('Thanks for your submission. It will be reviewed before being posted on the site.'); // add form to session if form is not valid } else { $this->addFormToSession($form); } } catch (SubmissionControllerException $e) { // raise warning on exception JError::raiseWarning(0, (string) $e); } catch (YException $e) { // raise warning on exception JError::raiseWarning(0, JText::_('There was an error saving your submission, please try again later.')); // add exception details, for super administrators only if ($this->user->superadmin) { JError::raiseWarning(0, (string) $e); } } // redirect to mysubmissions if ($this->redirect == 'mysubmissions' && $form && $form->isValid()) { $link = RouteHelper::getMySubmissionsRoute($this->submission); // redirect to edit form } else { $link = RouteHelper::getSubmissionRoute($this->submission, $this->type->id, $this->hash, $this->item_id, $this->redirect); } $link = JRoute::_($link, false); $this->setRedirect($link, $msg); }