Example #1
0
 /**
  * Authorization check
  * Checks if the group is a system group and the user has super admin access
  *
  * @param     object $group \Hubzero\User\Group
  * @return    boolean True if authorized, false if not.
  */
 protected function authorize($task, $group = null)
 {
     // get users actions
     $canDo = Permissions::getActions('group');
     // build task name
     $taskName = 'core.' . $task;
     // can user perform task
     if (!$canDo->get($taskName) || !$canDo->get('core.admin') && $task == 'edit' && $group->get('type') == 0) {
         // No access - redirect to main listing
         App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller, false), Lang::txt('COM_GROUPS_NOT_AUTH'), 'error');
         return false;
     }
     return true;
 }
Example #2
0
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 * THE SOFTWARE.
 *
 * HUBzero is a registered trademark of Purdue University.
 *
 * @package   hubzero-cms
 * @copyright Copyright 2005-2015 HUBzero Foundation, LLC.
 * @license   http://opensource.org/licenses/MIT MIT
 */
// No direct access
defined('_HZEXEC_') or die;
$tmpl = Request::getVar('tmpl', '');
$canDo = \Components\Groups\Helpers\Permissions::getActions('group');
Toolbar::title(Lang::txt('COM_GROUPS') . ': ' . Lang::txt('COM_GROUPS_ROLES'), 'groups.png');
if ($canDo->get('core.create')) {
    Toolbar::addNew();
}
if ($canDo->get('core.edit')) {
    Toolbar::editList();
}
if ($canDo->get('core.delete')) {
    Toolbar::deleteList('COM_GROUPS_DELETE_CONFIRM', 'delete');
}
Toolbar::spacer();
Toolbar::help('groups');
Html::behavior('tooltip');
?>
<script type="text/javascript">
Example #3
0
">
							<?php 
    echo Lang::txt('TPL_SYSTEM_GROUP_EDIT');
    ?>
							<span><?php 
    echo Lang::txt('TPL_SYSTEM_GROUP_EDIT_DESC');
    ?>
</span>
						</a>
					</li>
				<?php 
}
?>

				<?php 
if ($isManager || \Components\Groups\Helpers\Permissions::userHasPermissionForGroupAction($group, 'group.pages')) {
    ?>
					<li>
						<a class="pages" href="<?php 
    echo Route::url('index.php?option=com_groups&cn=' . $group->get('cn') . '&task=pages');
    ?>
">
							<?php 
    echo Lang::txt('TPL_SYSTEM_GROUP_PAGES');
    ?>
							<span><?php 
    echo Lang::txt('TPL_SYSTEM_GROUP_PAGES_DESC');
    ?>
</span>
						</a>
					</li>
Example #4
0
 /**
  * Check if user has role with permission to perform task
  *
  * @param   string   $task  Task to be performed
  * @return  boolean
  */
 public function _authorizedForTask($task)
 {
     $group = Group::getInstance($this->cn);
     if (!is_object($group)) {
         return false;
     }
     // check if user has permissions
     return Permissions::userHasPermissionForGroupAction($group, $task);
 }
Example #5
0
 /**
  * Display Group Page
  *
  * @param    Object    $group    \Hubzero\User\Group Object
  * @param    Object    $page     \Components\Groups\Models\Page Object
  * @return   String
  */
 public static function displayPage($group, $page, $markHit = true)
 {
     // create view object
     $view = new \Hubzero\Component\View(array('name' => 'pages', 'layout' => '_view'));
     // if super group add super group folder
     // to available paths
     if ($group->isSuperGroup()) {
         $base = $group->getBasePath();
         $view->addTemplatePath(PATH_APP . $base . DS . 'template' . DS . 'pages');
     }
     // get needed vars
     $database = \App::get('db');
     $authorized = \Components\Groups\Helpers\View::authorize($group);
     $version = $page ? $page->approvedVersion() : null;
     // stops from displaying pages that dont exist
     if ($page === null) {
         App::abort(404, Lang::txt('Group Page Not Found'));
         return;
     }
     // stops from displaying unpublished pages
     // make sure we have approved version to display
     if ($page->get('state') == $page::APP_STATE_UNPUBLISHED || $version === null) {
         // determine which layout to use
         $layout = $version === null ? '_view_notapproved' : '_view_unpublished';
         // show unpublished or no version layout
         if ($authorized == 'manager' || Permissions::userHasPermissionForGroupAction($group, 'group.pages')) {
             $view->setLayout($layout);
             $view->group = $group;
             $view->page = $page;
             $view->version = $version;
             return $view->loadTemplate();
         }
         // show 404
         App::abort(404, Lang::txt('Group Page Not Found'));
         return;
     }
     // build page hit object
     // mark page hit
     if ($markHit) {
         $groupsTablePageHit = new PageHit($database);
         $pageHit = new stdClass();
         $pageHit->gidNumber = $group->get('gidNumber');
         $pageHit->pageid = $page->get('id');
         $pageHit->userid = User::get('id');
         $pageHit->date = date('Y-m-d H:i:s');
         $pageHit->ip = $_SERVER['REMOTE_ADDR'];
         $groupsTablePageHit->save($pageHit);
     }
     // parse old wiki content
     //$content = self::parseWiki($group, $version->get('content'), $fullparse = true);
     $content = $version->get('content', '<p class="warning">' . Lang::txt('COM_GROUPS_PAGES_PAGE_NO_CONTENT') . '</p>');
     // parse php tags and modules
     $content = self::parse($group, $page, $content);
     // set content
     $version->set('content', trim($content));
     // set vars to view
     $view->user = User::getInstance();
     $view->group = $group;
     $view->page = $page;
     $view->version = $version;
     $view->authorized = $authorized;
     $view->config = Component::params('com_groups');
     // return rendered template
     return $view->loadTemplate();
 }
Example #6
0
 /**
  * Authorization check
  * Checks if the group is a system group and the user has super admin access
  *
  * @param   object   $group  \Hubzero\User\Group
  * @return  boolean  True if authorized, false if not.
  */
 protected function authorize($task, $group = null)
 {
     // get users actions
     $canDo = Permissions::getActions('group');
     // build task name
     $taskName = 'core.' . $task;
     // can user perform task
     if (!$canDo->get($taskName) || !$canDo->get('core.admin') && $task == 'edit' && $group->get('type') == 0) {
         // No access
         return false;
     }
     return true;
 }