/** * Method override to check if you can edit an existing record. * * @param array $data An array of input data. * @param string $key The name of the key for the primary key. * * @return boolean * * @since 1.6 */ protected function allowEdit($data = array(), $key = 'id') { // get user object. $user = JFactory::getUser(); // get record id. $recordId = (int) isset($data[$key]) ? $data[$key] : 0; if (!$user->authorise('core.options', 'com_costbenefitprojection')) { // make absolutely sure that this health data can be edited $is = CostbenefitprojectionHelper::userIs($user->id); $countries = CostbenefitprojectionHelper::hisCountries($user->id); $country = CostbenefitprojectionHelper::getId('health_data', $recordId, 'id', 'country'); if (3 != $is || !CostbenefitprojectionHelper::checkArray($countries) || !in_array($country, $countries)) { return false; } } // Access check. $access = $user->authorise('health_data.access', 'com_costbenefitprojection.health_data.' . (int) $recordId) && $user->authorise('health_data.access', 'com_costbenefitprojection'); if (!$access) { return false; } if ($recordId) { // The record has been set. Check the record permissions. $permission = $user->authorise('health_data.edit', 'com_costbenefitprojection.health_data.' . (int) $recordId); if (!$permission && !is_null($permission)) { if ($user->authorise('health_data.edit.own', 'com_costbenefitprojection.health_data.' . $recordId)) { // Now test the owner is the user. $ownerId = (int) isset($data['created_by']) ? $data['created_by'] : 0; if (empty($ownerId)) { // Need to do a lookup from the model. $record = $this->getModel()->getItem($recordId); if (empty($record)) { return false; } $ownerId = $record->created_by; } // If the owner matches 'me' then allow. if ($ownerId == $user->id) { if ($user->authorise('health_data.edit.own', 'com_costbenefitprojection')) { return true; } } } return false; } } // Since there is no permission, revert to the component permissions. return $user->authorise('health_data.edit', $this->option); }
/** * Batch move items to a new category * * @param integer $value The new category ID. * @param array $pks An array of row IDs. * @param array $contexts An array of item contexts. * * @return boolean True if successful, false otherwise and internal error is set. * * @since 12.2 */ protected function batchMove($values, $pks, $contexts) { if (empty($this->batchSet)) { // Set some needed variables. $this->user = JFactory::getUser(); $this->table = $this->getTable(); $this->tableClassName = get_class($this->table); $this->contentType = new JUcmType(); $this->type = $this->contentType->getTypeByTable($this->tableClassName); $this->canDo = CostbenefitprojectionHelper::getActions('country'); } if (!$this->canDo->get('country.edit') && !$this->canDo->get('country.batch')) { $this->setError(JText::_('JLIB_APPLICATION_ERROR_BATCH_CANNOT_EDIT')); return false; } if (!$this->user->authorise('core.options', 'com_costbenefitprojection')) { // make absolutely sure that this country can be moved $is = CostbenefitprojectionHelper::userIs($user->id); $countries = CostbenefitprojectionHelper::hisCountries($this->user->id); if (3 == $is && CostbenefitprojectionHelper::checkArray($countries)) { foreach ($pks as $nr => $pk) { if (!in_array($pk, $countries)) { unset($pks[$nr]); } } if (empty($pks)) { $this->setError(JText::sprintf('JLIB_APPLICATION_ERROR_BATCH_MOVE_ROW_NOT_FOUND', 0)); return false; } } else { $this->setError(JText::sprintf('JLIB_APPLICATION_ERROR_BATCH_MOVE_ROW_NOT_FOUND', 0)); return false; } } // make sure published only updates if user has the permission. if (isset($values['published']) && !$this->canDo->get('country.edit.state')) { unset($values['published']); } // remove move_copy from array unset($values['move_copy']); // Parent exists so we proceed foreach ($pks as $pk) { if (!$this->user->authorise('country.edit', $contexts[$pk])) { $this->setError(JText::_('JLIB_APPLICATION_ERROR_BATCH_CANNOT_EDIT')); return false; } // Check that the row actually exists if (!$this->table->load($pk)) { if ($error = $this->table->getError()) { // Fatal error $this->setError($error); return false; } else { // Not fatal error $this->setError(JText::sprintf('JLIB_APPLICATION_ERROR_BATCH_MOVE_ROW_NOT_FOUND', $pk)); continue; } } // insert all set values. if (CostbenefitprojectionHelper::checkArray($values)) { foreach ($values as $key => $value) { // Do special action for access. if ('access' == $key && strlen($value) > 0) { $this->table->{$key} = $value; } elseif (strlen($value) > 0 && isset($this->table->{$key})) { $this->table->{$key} = $value; } } } // Check the row. if (!$this->table->check()) { $this->setError($this->table->getError()); return false; } if (!empty($this->type)) { $this->createTagsHelper($this->tagsObserver, $this->type, $pk, $this->typeAlias, $this->table); } // Store the row. if (!$this->table->store()) { $this->setError($this->table->getError()); return false; } } // Clean the cache $this->cleanCache(); return true; }
/** * Method to get a list of options for a list input. * * @return array An array of JHtml options. */ public function getOptions() { // get the input from url $jinput = JFactory::getApplication()->input; // get the view name & id $interId = $jinput->getInt('id', 0); // Get the user object. $user = JFactory::getUser(); $userIs = CostbenefitprojectionHelper::userIs($user->id); $db = JFactory::getDBO(); $query = $db->getQuery(true); $query->select($db->quoteName(array('a.id', 'a.name', 'a.company', 'a.share'), array('id', 'interventions_name', 'company', 'share'))); $query->from($db->quoteName('#__costbenefitprojection_intervention', 'a')); $query->where($db->quoteName('a.published') . ' = 1'); $query->where($db->quoteName('a.id') . ' != ' . $interId); if (!$user->authorise('core.admin')) { $companies = CostbenefitprojectionHelper::hisCompanies($user->id); if (CostbenefitprojectionHelper::checkArray($companies)) { $companies = implode(',', $companies); // only load this users companies $query->where('a.company IN (' . $companies . ')'); } else { // dont allow user to see any companies $query->where('a.company = -4'); } } $query->order('a.name ASC'); $db->setQuery((string) $query); $items = $db->loadObjectList(); $options = array(); if ($items) { foreach ($items as $item) { if (!CostbenefitprojectionHelper::checkIntervetionAccess($item->id, $item->share, $item->company)) { continue; } if (1 == $userIs) { $options[] = JHtml::_('select.option', $item->id, $item->interventions_name); } else { $compName = CostbenefitprojectionHelper::getId('company', $item->company, 'id', 'name'); $options[] = JHtml::_('select.option', $item->id, $item->interventions_name . ' (' . $compName . ')'); } } } return $options; }
/** * Function that allows child controller access to model data * after the data has been saved. * * @param JModel &$model The data model object. * @param array $validData The validated data. * * @return void * * @since 11.1 */ protected function postSaveHook(JModelLegacy $model, $validData = array()) { if ($validData['id'] >= 0) { // get user object $user = JFactory::getUser(); // if id is 0 get id if (0 >= (int) $validData['id']) { // Get the created by id $created_by = isset($validData['created_by']) && $validData['created_by'] > 0 ? $validData['created_by'] : $user->id; // Get a db connection. $db = JFactory::getDbo(); // Create a new query object. $query = $db->getQuery(true); // Select id of this company $query->select($db->quoteName(array('id'))); $query->from($db->quoteName('#__costbenefitprojection_company')); $query->where($db->quoteName('name') . ' = ' . $db->quote($validData['name'])); $query->where($db->quoteName('email') . ' = ' . $db->quote($validData['email'])); $query->where($db->quoteName('country') . ' = ' . (int) $validData['country']); $query->where($db->quoteName('service_provider') . ' = ' . (int) $validData['service_provider']); $query->where($db->quoteName('created_by') . ' = ' . (int) $created_by); if (isset($validData['created'])) { $query->where($db->quoteName('created') . ' = ' . $db->quote($validData['created'])); } $db->setQuery($query); $db->execute(); if ($db->getNumRows()) { $validData['id'] = $db->loadResult(); } else { return; } } // user setup if not set if (0 >= (int) $validData['user'] && (int) $validData['id'] > 0) { $userIs = CostbenefitprojectionHelper::userIs($user->id); if (1 == $userIs) { // this is a company so just use its id $userId = $user->id; // add this user id to this company $validData['user'] = $userId; $model->save($validData); } else { // setup config array $newUser = array('name' => $validData['name'], 'email' => $validData['email']); $userId = CostbenefitprojectionHelper::createUser($newUser); if (!is_int($userId)) { $this->setMessage($userId, 'error'); } else { // add this user id to this company $validData['user'] = $userId; $model->save($validData); } } } // only continue if we have a company id if ((int) $validData['id'] > 0) { // get params $params = JComponentHelper::getParams('com_costbenefitprojection'); // get all this users companies $hisCompanies = CostbenefitprojectionHelper::hisCompanies($validData['user']); if (CostbenefitprojectionHelper::checkArray($hisCompanies)) { // set the user group based on the overall status of its companies $departments = CostbenefitprojectionHelper::getVars('company', $hisCompanies, 'id', 'department'); if (in_array(2, $departments)) { $memberGroups = $params->get('advancedmembergroup'); } else { $memberGroups = $params->get('memberbasicgroup'); } } else { // first company so act simply on this company department status if (2 == $validData['department']) { $memberGroups = $params->get('advancedmembergroup'); } else { $memberGroups = $params->get('memberbasicgroup'); } } // update the user groups JUserHelper::setUserGroups((int) $validData['user'], (array) $memberGroups); // Get a db connection. $db = JFactory::getDbo(); // Create a new query object. $query = $db->getQuery(true); // Select all records in scaling factors the belong to this company $query->select($db->quoteName(array('id', 'causerisk', 'published'))); $query->from($db->quoteName('#__costbenefitprojection_scaling_factor')); $query->where($db->quoteName('company') . ' = ' . (int) $validData['id']); $db->setQuery($query); $db->execute(); if ($db->getNumRows()) { // load the scaling factors already set $already = $db->loadObjectList(); $publish = array(); $archive = array(); $bucket = array(); foreach ($already as $scale) { if (CostbenefitprojectionHelper::checkArray($validData['causesrisks'])) { if (in_array($scale->causerisk, $validData['causesrisks']) && $scale->published != 1) { // publish the scaling factor (update) $publish[$scale->id] = $scale->id; } elseif (!in_array($scale->causerisk, $validData['causesrisks'])) { // archive the scaling factor (update) $archive[$scale->id] = $scale->id; } $bucket[] = $scale->causerisk; } else { // archive the scaling factor (update) $archive[$scale->id] = $scale->id; } } // update the needed records $types = array('publish' => 1, 'archive' => 2); foreach ($types as $type => $int) { if (CostbenefitprojectionHelper::checkArray(${$type})) { foreach (${$type} as $id) { $query = $db->getQuery(true); // Fields to update. $fields = array($db->quoteName('published') . ' = ' . (int) $int); // Conditions for which records should be updated. $conditions = array($db->quoteName('id') . ' = ' . (int) $id); $query->update($db->quoteName('#__costbenefitprojection_scaling_factor'))->set($fields)->where($conditions); $db->setQuery($query); $db->execute(); } } } } if (CostbenefitprojectionHelper::checkArray($validData['causesrisks'])) { // remove those already set from the saved list of causesrisks if (CostbenefitprojectionHelper::checkArray($bucket)) { $insert = array(); foreach ($validData['causesrisks'] as $causerisk) { if (!in_array($causerisk, $bucket)) { $insert[] = $causerisk; } } } else { $insert = $validData['causesrisks']; } } // insert the new records if (CostbenefitprojectionHelper::checkArray($insert)) { $created = $db->quote(JFactory::getDate()->toSql()); $created_by = JFactory::getUser()->get('id'); $company = $validData['id']; // Create a new query object. $query = $db->getQuery(true); // Insert columns. $columns = array('causerisk', 'company', 'mortality_scaling_factor_females', 'mortality_scaling_factor_males', 'presenteeism_scaling_factor_females', 'presenteeism_scaling_factor_males', 'yld_scaling_factor_females', 'yld_scaling_factor_males', 'published', 'created_by', 'created'); // setup the values $values = array(); foreach ($insert as $new) { $array = array($new, $company, 1, 1, 1, 1, 1, 1, 1, $created_by, $created); $values[] = implode(',', $array); } // Prepare the insert query. $query->insert($db->quoteName('#__costbenefitprojection_scaling_factor'))->columns($db->quoteName($columns))->values(implode('), (', $values)); // Set the query using our newly populated query object and execute it. $db->setQuery($query); $done = $db->execute(); if ($done) { // we must set the assets foreach ($insert as $causerisk) { // get all the ids. Create a new query object. $query = $db->getQuery(true); $query->select($db->quoteName(array('id'))); $query->from($db->quoteName('#__costbenefitprojection_scaling_factor')); $query->where($db->quoteName('causerisk') . ' = ' . (int) $causerisk); $query->where($db->quoteName('company') . ' = ' . (int) $company); $db->setQuery($query); $db->execute(); if ($db->getNumRows()) { $aId = $db->loadResult(); // make sure the access of asset is set CostbenefitprojectionHelper::setAsset($aId, 'scaling_factor'); } } } } } } return; }
/** * Method to get list export data. * * @return mixed An array of data items on success, false on failure. */ public function getExportData($pks) { // setup the query if (CostbenefitprojectionHelper::checkArray($pks)) { // Set a value to know this is exporting method. $_export = true; // Get the user object. $user = JFactory::getUser(); // Create a new query object. $db = JFactory::getDBO(); $query = $db->getQuery(true); // Select some fields $query->select('a.*'); // From the costbenefitprojection_health_data table $query->from($db->quoteName('#__costbenefitprojection_health_data', 'a')); $query->where('a.id IN (' . implode(',', $pks) . ')'); // Filter by countries (admin sees all) if (!$user->authorise('core.options', 'com_costbenefitprojection')) { $is = CostbenefitprojectionHelper::userIs($user->id); $countries = CostbenefitprojectionHelper::hisCountries($user->id); if (3 == $is && CostbenefitprojectionHelper::checkArray($countries)) { $countries = implode(',', $countries); // only load this users health data $query->where('a.country IN (' . $countries . ')'); } else { // dont allow user to see any health data $query->where('a.country = -4'); } } // Implement View Level Access if (!$user->authorise('core.options', 'com_costbenefitprojection')) { $groups = implode(',', $user->getAuthorisedViewLevels()); $query->where('a.access IN (' . $groups . ')'); } // Order the results by ordering $query->order('a.ordering ASC'); // Load the items $db->setQuery($query); $db->execute(); if ($db->getNumRows()) { $items = $db->loadObjectList(); // set values to display correctly. if (CostbenefitprojectionHelper::checkArray($items)) { // get user object. $user = JFactory::getUser(); foreach ($items as $nr => &$item) { $access = $user->authorise('health_data.access', 'com_costbenefitprojection.health_data.' . (int) $item->id) && $user->authorise('health_data.access', 'com_costbenefitprojection'); if (!$access) { unset($items[$nr]); continue; } // unset the values we don't want exported. unset($item->asset_id); unset($item->checked_out); unset($item->checked_out_time); } } // Add headers to items array. $headers = $this->getExImPortHeaders(); if (CostbenefitprojectionHelper::checkObject($headers)) { array_unshift($items, $headers); } return $items; } } return false; }
/** * Method to get a list of options for a list input. * * @return array An array of JHtml options. */ public function getOptions() { // Get the user object. $user = JFactory::getUser(); // Create a new query object. $db = JFactory::getDBO(); $query = $db->getQuery(true); $query->select($db->quoteName(array('a.id', 'a.name'), array('id', 'company_name'))); $query->from($db->quoteName('#__costbenefitprojection_company', 'a')); $query->where($db->quoteName('a.published') . ' = 1'); if (!$user->authorise('core.options', 'com_costbenefitprojection')) { $companies = CostbenefitprojectionHelper::hisCompanies($user->id); if (CostbenefitprojectionHelper::checkArray($companies)) { $companies = implode(',', $companies); // only load this users companies $query->where('a.id IN (' . $companies . ')'); } else { // dont allow user to see any companies $query->where('a.id = -4'); } } $query->order('a.name ASC'); $db->setQuery((string) $query); $items = $db->loadObjectList(); $options = array(); if ($items) { $userIs = CostbenefitprojectionHelper::userIs($user->id); if (3 == $userIs || $user->authorise('core.options', 'com_costbenefitprojection')) { $options[] = JHtml::_('select.option', 0, '-- ' . JText::_('A Country') . ' --'); } foreach ($items as $item) { $options[] = JHtml::_('select.option', $item->id, $item->company_name); } } return $options; }
/** * Method override to check if you can edit an existing record. * * @param array $data An array of input data. * @param string $key The name of the key for the primary key. * * @return boolean * @since 2.5 */ protected function allowEdit($data = array(), $key = 'id') { // Check specific edit permission then general edit permission. $user = JFactory::getUser(); $recordId = (int) isset($data[$key]) ? $data[$key] : 0; if (!$user->authorise('core.options', 'com_costbenefitprojection')) { // make absolutely sure that this company can be edited $companies = CostbenefitprojectionHelper::hisCompanies($user->id); if (!CostbenefitprojectionHelper::checkArray($companies) || !in_array($recordId, $companies)) { return false; } } // ensure lockdown $userIs = CostbenefitprojectionHelper::userIs($user->id); if (1 != $userIs && !CostbenefitprojectionHelper::accessCompany($recordId)) { // this company is locked return false; } return $user->authorise('company.edit', 'com_costbenefitprojection.company.' . ((int) isset($data[$key]) ? $data[$key] : 0)) or $user->authorise('company.edit', 'com_costbenefitprojection'); }
@build 16th August, 2016 @created 15th June, 2012 @package Cost Benefit Projection @subpackage default.php @author Llewellyn van der Merwe <http://www.vdm.io> @owner Deutsche Gesellschaft für International Zusammenarbeit (GIZ) Gmb @copyright Copyright (C) 2015. All Rights Reserved @license GNU/GPL Version 2 or later - http://www.gnu.org/licenses/gpl-2.0.html /-------------------------------------------------------------------------------------------------------/ Cost Benefit Projection Tool. /------------------------------------------------------------------------------------------------------*/ // No direct access to this file defined('_JEXEC') or die('Restricted access'); // get user type $useris = CostbenefitprojectionHelper::userIs($this->user->id); $usergroup = CostbenefitprojectionHelper::setGroupNames($this->user->get('groups')); // load modules if public $login_cp = false; $public_cp = false; $top_cp = array(); if (!$useris) { $login_cp = $this->getModules('login-cp', 'div', 'uk-panel'); $public_cp = $this->getModules('public-cp', 'div', 'uk-panel'); $top_cp = $this->getModules('top_cp', 'array'); } // quick header fix function function setHeaderString($n) { return CostbenefitprojectionHelper::safeString($n, 'Ww'); }