/** * Overloaded bind function to pre-process the params. * * @param array Named array * * @return null|string null is operation was satisfactory, otherwise returns an error * @see JTable:bind * @since 1.5 */ public function bind($array, $ignore = '') { if (isset($array['params']) && is_array($array['params'])) { $registry = new JRegistry(); $registry->loadArray($array['params']); $array['params'] = (string) $registry; } if (isset($array['metadata']) && is_array($array['metadata'])) { $registry = new JRegistry(); $registry->loadArray($array['metadata']); $array['metadata'] = (string) $registry; } if (!JFactory::getUser()->authorise('core.admin', 'com_mapa.mapadevenezuela.' . $array['id'])) { $actions = JAccess::getActionsFromFile(JPATH_ADMINISTRATOR . '/components/com_mapa/access.xml', "/access/section[@name='mapadevenezuela']/"); $default_actions = JAccess::getAssetRules('com_mapa.mapadevenezuela.' . $array['id'])->getData(); $array_jaccess = array(); foreach ($actions as $action) { $array_jaccess[$action->name] = $default_actions[$action->name]; } $array['rules'] = $this->JAccessRulestoArray($array_jaccess); } //Bind the rules for ACL where supported. if (isset($array['rules']) && is_array($array['rules'])) { $this->setRules($array['rules']); } return parent::bind($array, $ignore); }
/** * Gets a list of the actions that can be performed. * * @param \JUser $user The user object. * @param string $component The component access file path, component base path or option name. * @param string $assetName The asset name * @param integer $categoryId The category ID. * @param integer $id The item ID. * * @return Object */ public static function getActions(\JUser $user, $component, $assetName, $categoryId = 0, $id = 0) { $result = new Object(); // New rules: If path is access file $path = $component; if (!is_file($path)) { // New rules: If path is component base path $path = $path . '/access.xml'; } if (!is_file($path)) { $path = PathHelper::getAdmin($component) . '/etc/access.xml'; } if (!is_file($path)) { $path = PathHelper::getAdmin($component) . '/access.xml'; } if (!$id && !$categoryId) { $section = 'component'; } elseif (!$id && $categoryId) { $section = 'category'; $assetName .= '.category.' . $categoryId; } elseif ($id && !$categoryId) { $section = $assetName; $assetName .= '.' . $assetName . '.' . $id; } else { $section = $assetName; $assetName .= '.' . $assetName; } $actions = \JAccess::getActionsFromFile($path, "/access/section[@name='" . $section . "']/"); foreach ($actions as $action) { $result->set($action->name, $user->authorise($action->name, $assetName)); } return $result; }
/** * Overloaded bind function to pre-process the params. * * @param array $array Named array * @param mixed $ignore Optional array or list of parameters to ignore * * @return null|string null is operation was satisfactory, otherwise returns an error * * @see JTable:bind * @since 1.5 */ public function bind($array, $ignore = '') { $input = JFactory::getApplication()->input; $task = $input->getString('task', ''); if (($task == 'save' || $task == 'apply') && (!JFactory::getUser()->authorise('core.edit.state', 'com_autofilter') && $array['state'] == 1)) { $array['state'] = 0; } if ($array['id'] == 0) { $array['created_by'] = JFactory::getUser()->id; } if (isset($array['params']) && is_array($array['params'])) { $registry = new JRegistry(); $registry->loadArray($array['params']); $array['params'] = (string) $registry; } if (isset($array['metadata']) && is_array($array['metadata'])) { $registry = new JRegistry(); $registry->loadArray($array['metadata']); $array['metadata'] = (string) $registry; } if (!JFactory::getUser()->authorise('core.admin', 'com_autofilter.categorie.' . $array['id'])) { $actions = JAccess::getActionsFromFile(JPATH_ADMINISTRATOR . '/components/com_autofilter/access.xml', "/access/section[@name='categorie']/"); $default_actions = JAccess::getAssetRules('com_autofilter.categorie.' . $array['id'])->getData(); $array_jaccess = array(); foreach ($actions as $action) { $array_jaccess[$action->name] = $default_actions[$action->name]; } $array['rules'] = $this->JAccessRulestoArray($array_jaccess); } // Bind the rules for ACL where supported. if (isset($array['rules']) && is_array($array['rules'])) { $this->setRules($array['rules']); } return parent::bind($array, $ignore); }
/** * Получаем доступы для действий. * * @param int $categoryId Id категории. * @param int $messageId Id сообщения. * * @return object */ public static function getActions($categoryId = 0, $messageId = 0) { // Определяем имя ассета (ресурса). if (empty($messageId) && empty($categoryId)) { $assetName = 'com_helloworld'; $section = 'component'; } elseif (empty($messageId)) { $assetName = 'com_helloworld.category.' . (int) $categoryId; $section = 'category'; } else { $assetName = 'com_helloworld.message.' . (int) $messageId; $section = 'message'; } if (empty(self::$actions)) { // Получаем список доступных действий для компонента. $accessFile = JPATH_ADMINISTRATOR . '/components/com_helloworld/access.xml'; $actions = JAccess::getActionsFromFile($accessFile, "/access/section[@name='" . $section . "']/"); // Для сообщения и категорий добавляем действие core.admin. if ($section == 'category' || $section == 'message') { $adminAction = new stdClass(); $adminAction->name = 'core.admin'; array_push($actions, $adminAction); } self::$actions = new JObject(); foreach ($actions as $action) { // Устанавливаем доступы пользователя для действий. self::$actions->set($action->name, JFactory::getUser()->authorise($action->name, $assetName)); } } return self::$actions; }
/** * Overloaded bind function to pre-process the params. * * @param array $array Named array * @param mixed $ignore Optional array or list of parameters to ignore * * @return null|string null is operation was satisfactory, otherwise returns an error * * @see JTable:bind * @since 1.5 */ public function bind($array, $ignore = '') { // Support for multiple or not foreign key field: ingredients_id if (!empty($array['ingredients_id'])) { if (is_array($array['ingredients_id'])) { $array['ingredients_id'] = implode(',', $array['ingredients_id']); } else { if (strrpos($array['ingredients_id'], ',') != false) { $array['ingredients_id'] = explode(',', $array['ingredients_id']); } } } else { $array['ingredients_id'] = ''; } // Support for multiple or not foreign key field: recipe_id if (!empty($array['recipe_id'])) { if (is_array($array['recipe_id'])) { $array['recipe_id'] = implode(',', $array['recipe_id']); } else { if (strrpos($array['recipe_id'], ',') != false) { $array['recipe_id'] = explode(',', $array['recipe_id']); } } } else { $array['recipe_id'] = ''; } $input = JFactory::getApplication()->input; $task = $input->getString('task', ''); if (($task == 'save' || $task == 'apply') && (!JFactory::getUser()->authorise('core.edit.state', 'com_akrecipes') && $array['state'] == 1)) { $array['state'] = 0; } if ($array['id'] == 0) { $array['created_by'] = JFactory::getUser()->id; } if (isset($array['params']) && is_array($array['params'])) { $registry = new JRegistry(); $registry->loadArray($array['params']); $array['params'] = (string) $registry; } if (isset($array['metadata']) && is_array($array['metadata'])) { $registry = new JRegistry(); $registry->loadArray($array['metadata']); $array['metadata'] = (string) $registry; } if (!JFactory::getUser()->authorise('core.admin', 'com_akrecipes.ingredient997479.' . $array['id'])) { $actions = JAccess::getActionsFromFile(JPATH_ADMINISTRATOR . '/components/com_akrecipes/access.xml', "/access/section[@name='ingredient997479']/"); $default_actions = JAccess::getAssetRules('com_akrecipes.ingredient997479.' . $array['id'])->getData(); $array_jaccess = array(); foreach ($actions as $action) { $array_jaccess[$action->name] = $default_actions[$action->name]; } $array['rules'] = $this->JAccessRulestoArray($array_jaccess); } // Bind the rules for ACL where supported. if (isset($array['rules']) && is_array($array['rules'])) { $this->setRules($array['rules']); } return parent::bind($array, $ignore); }
/** * Gets a list of the actions that can be performed. * * @return JObject */ public static function getActions() { $user = JFactory::getUser(); $result = new JObject(); $actions = JAccess::getActionsFromFile('com_modules'); foreach ($actions as $action) { $result->set($action->name, $user->authorise($action->name, 'com_modules')); } return $result; }
/** * Get the actions for ACL */ public static function getActions() { $user = JFactory::getUser(); $result = new JObject(); $actions = JAccess::getActionsFromFile(JPATH_ADMINISTRATOR . '/components/com_sichtweiten/access.xml', "/access/section[@name='component']/"); foreach ($actions as $action) { $result->set($action->name, $user->authorise($action->name, 'com_sichtweiten')); } return $result; }
/** * Gets a list of the actions that can be performed. * * @return JObject */ public static function getActions() { $result = new JObject(); $actions = JAccess::getActionsFromFile(JPATH_COMPONENT_ADMINISTRATOR . '/access.xml'); if ($actions !== false) { $user = JFactory::getUser(); foreach ($actions as $action) { $result->set($action->name, $user->authorise($action->name, 'com_proofreader')); } } return $result; }
/** * Gets a list of the actions that can be performed. * * @param integer The module ID. * * @return JObject */ public static function getActions($moduleId = 0) { $user = JFactory::getUser(); $result = new JObject(); if (empty($moduleId)) { $assetName = 'com_modules'; } else { $assetName = 'com_modules.module.' . (int) $moduleId; } $actions = JAccess::getActionsFromFile(JPATH_ADMINISTRATOR . '/components/com_modules/access.xml', "/access/section[@name='component']/"); foreach ($actions as $action) { $result->set($action->name, $user->authorise($action->name, $assetName)); } return $result; }
/** * Gets a list of the actions that can be performed. * * @param string $component The component name. * @param string $section The access section name. * @param integer $id The item ID. * * @return JObject * * @since 3.2 */ public static function getActions($component = '', $section = '', $id = 0) { $user = JFactory::getUser(); $result = new JObject(); $path = JPATH_ADMINISTRATOR . '/components/' . $component . '/access.xml'; if ($section && $id) { $assetName = $component . '.' . $section . '.' . (int) $id; } else { $assetName = $component; } $actions = JAccess::getActionsFromFile($path, "/access/section[@name='component']/"); foreach ($actions as $action) { $result->set($action->name, $user->authorise($action->name, $assetName)); } return $result; }
public static function getActions() { $user = JFactory::getUser(); $result = new JObject(); $assetName = 'com_jcomments'; $actions = JAccess::getActionsFromFile(JPATH_COMPONENT_ADMINISTRATOR . '/access.xml'); if (is_array($actions)) { foreach ($actions as $action) { $result->set($action->name, $user->authorise($action->name, $assetName)); } } else { $actions = array('core.admin', 'core.manage', 'core.create', 'core.delete', 'core.edit', 'core.edit.state'); foreach ($actions as $action) { $result->set($action, $user->authorise($action, $assetName)); } } return $result; }
/** * Gets a list of the actions that can be performed. * * @param int The category ID. * @param int The article ID. * * @return JObject * @since 1.6 */ public static function getActions($formId = 0, $fieldId = 0) { $user = JFactory::getUser(); $result = new JObject(); if (empty($formId) && empty($fieldId)) { $assetName = 'com_visforms'; } else { if (empty($fieldId)) { $assetName = 'com_visforms.visform.' . (int) $formId; } else { $assetName = 'com_visforms.visform.' . (int) $formId . '.visfield.' . (int) $fieldId; } } $actions = JAccess::getActionsFromFile(JPath::clean(JPATH_ADMINISTRATOR . '/components/com_visforms/access.xml'), "/access/section[@name='component']/"); foreach ($actions as $action) { $result->set($action->name, $user->authorise($action->name, $assetName)); } return $result; }
/** * Overloaded bind function to pre-process the params. * * @param array $array Named array * @param mixed $ignore Optional array or list of parameters to ignore * * @return null|string null is operation was satisfactory, otherwise returns an error * * @see JTable:bind * @since 1.5 */ public function bind($array, $ignore = '') { $input = JFactory::getApplication()->input; $task = $input->getString('task', ''); if ($array['id'] == 0) { $array['created_by'] = JFactory::getUser()->id; } if ($array['id'] == 0) { $array['modified_by'] = JFactory::getUser()->id; } // Support for alias field: alias if (empty($array['alias'])) { if (empty($array['brand_name'])) { $array['alias'] = JFilterOutput::stringURLSafe(date('Y-m-d H:i:s')); } else { $array['alias'] = JFilterOutput::stringURLSafe(trim($array['brand_name'])); } } if (isset($array['params']) && is_array($array['params'])) { $registry = new JRegistry(); $registry->loadArray($array['params']); $array['params'] = (string) $registry; } if (isset($array['metadata']) && is_array($array['metadata'])) { $registry = new JRegistry(); $registry->loadArray($array['metadata']); $array['metadata'] = (string) $registry; } if (!JFactory::getUser()->authorise('core.admin', 'com_akrecipes.brand.' . $array['id'])) { $actions = JAccess::getActionsFromFile(JPATH_ADMINISTRATOR . '/components/com_akrecipes/access.xml', "/access/section[@name='brand']/"); $default_actions = JAccess::getAssetRules('com_akrecipes.brand.' . $array['id'])->getData(); $array_jaccess = array(); foreach ($actions as $action) { $array_jaccess[$action->name] = $default_actions[$action->name]; } $array['rules'] = $this->JAccessRulestoArray($array_jaccess); } // Bind the rules for ACL where supported. if (isset($array['rules']) && is_array($array['rules'])) { $this->setRules($array['rules']); } return parent::bind($array, $ignore); }
/** * Method to get the list of possible permission action names for the form field. * * @param SimpleXMLElement $element The SimpleXMLElement object representing the <field /> tag for the * form field object. * * @return array A list of permission action names from the form field element definition. * * @since 11.1 */ protected function getFieldActions(SimpleXMLElement $element) { $actions = array(); // Initialise some field attributes. $section = $element['section'] ? (string) $element['section'] : ''; $component = $element['component'] ? (string) $element['component'] : ''; // Get the asset actions for the element. $elActions = JAccess::getActionsFromFile(JPATH_ADMINISTRATOR . '/components/' . $component . '/access.xml', "/access/section[@name='" . $section . "']/"); // Iterate over the asset actions and add to the actions. foreach ($elActions as $item) { $actions[] = $item->name; } // Iterate over the children and add to the actions. foreach ($element->children() as $el) { if ($el->getName() == 'action') { $actions[] = (string) $el['name']; } } return $actions; }
public static function getActions($component = '', $section = '', $id = 0) { if (is_int($component) || is_null($component) || (empty($section) || $section == 'component')) { $result = JHelperContent::getActions($component, $section, $id); return $result; } $user = JFactory::getUser(); $result = new JObject(); $path = JPATH_ADMINISTRATOR . '/components/' . $component . '/access.xml'; if ($section && $id) { $assetName = $component . '.' . $section . '.' . (int) $id; } else { $assetName = $component; } $actions = JAccess::getActionsFromFile($path, "/access/section[@name='" . $section . "']/"); //linha modificada em relacao a funcao original foreach ($actions as $action) { $result->set($action->name, $user->authorise($action->name, $assetName)); } return $result; }
/** * Gets a list of the actions that can be performed. * * @param integer $categoryId The category ID. * @param integer $id The item ID. * @param string $assetName The asset name * * @return JObject * * @since 3.1 */ public static function getActions($categoryId = 0, $id = 0, $assetName = '') { // Reverted a change for version 2.5.6 $user = JFactory::getUser(); $result = new JObject(); $path = JPATH_ADMINISTRATOR . '/components/' . $assetName . '/access.xml'; if (empty($id) && empty($categoryId)) { $section = 'component'; } elseif (empty($id)) { $section = 'category'; $assetName .= '.category.' . (int) $categoryId; } else { // Used only in com_content $section = 'article'; $assetName .= '.article.' . (int) $id; } $actions = JAccess::getActionsFromFile($path, "/access/section[@name='" . $section . "']/"); foreach ($actions as $action) { $result->set($action->name, $user->authorise($action->name, $assetName)); } return $result; }
/** * Overloaded bind function to pre-process the params. * * @param array Named array * * @return null|string null is operation was satisfactory, otherwise returns an error * @see JTable:bind * @since 1.5 */ public function bind($array, $ignore = '') { //Support for alias field: alias if (empty($array['alias'])) { if (empty($array['name'])) { $array['alias'] = JFilterOutput::stringURLSafe(date('Y-m-d H:i:s')); } else { $array['alias'] = JFilterOutput::stringURLSafe(trim($array['name'])); } } //Support for file field: filename $input = JFactory::getApplication()->input; $files = $input->files->get('jform'); if (!empty($files['filename'])) { jimport('joomla.filesystem.file'); $file = $files['filename']; //Check if the server found any error. $fileError = $file['error']; $message = ''; if ($fileError > 0 && $fileError != 4) { switch ($fileError) { case 1: $message = JText::_('File size exceeds allowed by the server'); break; case 2: $message = JText::_('File size exceeds allowed by the html form'); break; case 3: $message = JText::_('Partial upload error'); break; } if ($message != '') { JError::raiseWarning(500, $message); return false; } } else { if ($fileError == 4) { if (isset($array['filename_hidden'])) { $array['filename'] = $array['filename_hidden']; } } else { //Replace any special characters in the filename $filename = explode('.', $file['name']); $filename[0] = preg_replace("/[^A-Za-z0-9]/i", "-", $filename[0]); //Add Timestamp MD5 to avoid overwriting $filename = md5(time()) . '-' . implode('.', $filename); $uploadPath = JPATH_ADMINISTRATOR . '/components/com_db8download/com_db8download/' . $filename; $fileTemp = $file['tmp_name']; if (!JFile::exists($uploadPath)) { if (!JFile::upload($fileTemp, $uploadPath)) { JError::raiseWarning(500, 'Error moving file'); return false; } } $array['filename'] = $filename; } } } $input = JFactory::getApplication()->input; $task = $input->getString('task', ''); if (($task == 'save' || $task == 'apply') && (!JFactory::getUser()->authorise('core.edit.state', 'com_db8download') && $array['state'] == 1)) { $array['state'] = 0; } if ($array['id'] == 0) { $array['created'] = JFactory::getDate()->toSql(); } if ($array['id'] == 0) { $array['created_by'] = JFactory::getUser()->id; } if (isset($array['params']) && is_array($array['params'])) { $registry = new JRegistry(); $registry->loadArray($array['params']); $array['params'] = (string) $registry; } if (isset($array['metadata']) && is_array($array['metadata'])) { $registry = new JRegistry(); $registry->loadArray($array['metadata']); $array['metadata'] = (string) $registry; } if (!JFactory::getUser()->authorise('core.admin', 'com_db8download.file.' . $array['id'])) { $actions = JAccess::getActionsFromFile(JPATH_ADMINISTRATOR . '/components/com_db8download/access.xml', "/access/section[@name='file']/"); $default_actions = JAccess::getAssetRules('com_db8download.file.' . $array['id'])->getData(); $array_jaccess = array(); foreach ($actions as $action) { $array_jaccess[$action->name] = $default_actions[$action->name]; } $array['rules'] = $this->JAccessRulestoArray($array_jaccess); } //Bind the rules for ACL where supported. if (isset($array['rules']) && is_array($array['rules'])) { $this->setRules($array['rules']); } return parent::bind($array, $ignore); }
/** * Tests the JAccess::getActionsFromFile method. * * @return void * * @since 12.1 */ public function testGetActionsFromFile() { $this->assertThat(JAccess::getActionsFromFile('/path/to/unexisting/file'), $this->equalTo(false), 'Line:' . __LINE__ . ' Getting actions from an unexisting file must return false'); file_put_contents(JPATH_TESTS . '/tmp/access/access.xml', '<access component="com_banners"> <section name="component"> <action name="core.admin" title="JACTION_ADMIN" description="JACTION_ADMIN_COMPONENT_DESC" /> <action name="core.manage" title="JACTION_MANAGE" description="JACTION_MANAGE_COMPONENT_DESC" /> <action name="core.create" title="JACTION_CREATE" description="JACTION_CREATE_COMPONENT_DESC" /> <action name="core.delete" title="JACTION_DELETE" description="JACTION_DELETE_COMPONENT_DESC" /> <action name="core.edit" title="JACTION_EDIT" description="JACTION_EDIT_COMPONENT_DESC" /> <action name="core.edit.state" title="JACTION_EDITSTATE" description="JACTION_EDITSTATE_COMPONENT_DESC" /> </section> <section name="category"> <action name="core.create" title="JACTION_CREATE" description="COM_CATEGORIES_ACCESS_CREATE_DESC" /> <action name="core.delete" title="JACTION_DELETE" description="COM_CATEGORIES_ACCESS_DELETE_DESC" /> <action name="core.edit" title="JACTION_EDIT" description="COM_CATEGORIES_ACCESS_EDIT_DESC" /> <action name="core.edit.state" title="JACTION_EDITSTATE" description="COM_CATEGORIES_ACCESS_EDITSTATE_DESC" /> </section> </access>'); $this->assertThat(JAccess::getActionsFromFile(JPATH_TESTS . '/tmp/access/access.xml'), $this->equalTo(array((object) array('name' => "core.admin", 'title' => "JACTION_ADMIN", 'description' => "JACTION_ADMIN_COMPONENT_DESC"), (object) array('name' => "core.manage", 'title' => "JACTION_MANAGE", 'description' => "JACTION_MANAGE_COMPONENT_DESC"), (object) array('name' => "core.create", 'title' => "JACTION_CREATE", 'description' => "JACTION_CREATE_COMPONENT_DESC"), (object) array('name' => "core.delete", 'title' => "JACTION_DELETE", 'description' => "JACTION_DELETE_COMPONENT_DESC"), (object) array('name' => "core.edit", 'title' => "JACTION_EDIT", 'description' => "JACTION_EDIT_COMPONENT_DESC"), (object) array('name' => "core.edit.state", 'title' => "JACTION_EDITSTATE", 'description' => "JACTION_EDITSTATE_COMPONENT_DESC"))), 'Line:' . __LINE__ . ' Getting actions from an xml file must return correct array.'); }
/** * Overloaded bind function to pre-process the params. * * @param array $array Named array * @param mixed $ignore Optional array or list of parameters to ignore * * @return null|string null is operation was satisfactory, otherwise returns an error * * @see JTable:bind * @since 1.5 */ public function bind($array, $ignore = '') { // Support for multiple or not foreign key field: subject if (!empty($array['subject'])) { if (is_array($array['subject'])) { $array['subject'] = implode(',', $array['subject']); } else { if (strrpos($array['subject'], ',') != false) { $array['subject'] = explode(',', $array['subject']); } } } else { $array['subject'] = ''; } // Support for multiple or not foreign key field: category if (!empty($array['category'])) { if (is_array($array['category'])) { $array['category'] = implode(',', $array['category']); } else { if (strrpos($array['category'], ',') != false) { $array['category'] = explode(',', $array['category']); } } } else { $array['category'] = ''; } // Support for checkbox field: keyness if (!isset($array['keyness'])) { $array['keyness'] = 0; } // Support for multiple or not foreign key field: frequency if (!empty($array['frequency'])) { if (is_array($array['frequency'])) { $array['frequency'] = implode(',', $array['frequency']); } else { if (strrpos($array['frequency'], ',') != false) { $array['frequency'] = explode(',', $array['frequency']); } } } else { $array['frequency'] = ''; } // Support for multiple or not foreign key field: pos if (!empty($array['pos'])) { if (is_array($array['pos'])) { $array['pos'] = implode(',', $array['pos']); } else { if (strrpos($array['pos'], ',') != false) { $array['pos'] = explode(',', $array['pos']); } } } else { $array['pos'] = ''; } $input = JFactory::getApplication()->input; $task = $input->getString('task', ''); if ($array['id'] == 0) { $array['created_by'] = JFactory::getUser()->id; } if (isset($array['params']) && is_array($array['params'])) { $registry = new JRegistry(); $registry->loadArray($array['params']); $array['params'] = (string) $registry; } if (isset($array['metadata']) && is_array($array['metadata'])) { $registry = new JRegistry(); $registry->loadArray($array['metadata']); $array['metadata'] = (string) $registry; } if (!JFactory::getUser()->authorise('core.admin', 'com_vocab.content.' . $array['id'])) { $actions = JAccess::getActionsFromFile(JPATH_ADMINISTRATOR . '/components/com_vocab/access.xml', "/access/section[@name='content']/"); $default_actions = JAccess::getAssetRules('com_vocab.content.' . $array['id'])->getData(); $array_jaccess = array(); foreach ($actions as $action) { $array_jaccess[$action->name] = $default_actions[$action->name]; } $array['rules'] = $this->JAccessRulestoArray($array_jaccess); } // Bind the rules for ACL where supported. if (isset($array['rules']) && is_array($array['rules'])) { $this->setRules($array['rules']); } return parent::bind($array, $ignore); }
* the Free Software Foundation, either version 3 of the License, or * (at your option) any later version. * * JMFramework is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with JMFramework. If not, see <http://www.gnu.org/licenses/>. * */ defined('_JEXEC') or die('Restricted access'); $user = JFactory::getUser(); $result = new JObject(); $actions = JAccess::getActionsFromFile(JPATH_ADMINISTRATOR . '/components/com_templates/access.xml', "/access/section[@name='component']/"); foreach ($actions as $action) { $result->set($action->name, $user->authorise($action->name, 'com_templates')); } $hasAccess = false; $isLoggedIn = $user->guest ? false : true; if ($result->get('core.edit')) { $hasAccess = true; } $display_login_form = JFactory::getApplication()->input->getInt('jmthemerlogin', 0); ?> <span id="jmtheme-logo">Theme Customizer</span> <div class="inside" id="jmtheme-inside"> <form name="jmtheme" id="jmtheme" action="" method="post"> <?php foreach ($fieldSets as $fieldset) {
/** * Overloaded bind function to pre-process the params. * * @param array $array Named array * @param mixed $ignore Optional array or list of parameters to ignore * * @return null|string null is operation was satisfactory, otherwise returns an error * * @see JTable:bind * @since 1.5 */ public function bind($array, $ignore = '') { //error_log("AKRecipesTable::bind array = " . print_r($array,true)); //Support for alias field: alias if (empty($array['alias'])) { if (empty($array['recipe_name'])) { $array['alias'] = JFilterOutput::stringURLSafe(date('Y-m-d H:i:s')); } else { $array['alias'] = JFilterOutput::stringURLSafe(trim($array['recipe_name'])); } } if (!empty($array['ingredients_list']) && is_array($array['ingredients_list'])) { $ingredients_list_string = json_encode($array['ingredients_list']); $array['ingredients_list'] = $ingredients_list_string; } $social_media_images = array(); if (!empty($array['facebook_image'])) { $social_media_images['facebook_image'] = $array['facebook_image']; } if (!empty($array['twitter_image'])) { $social_media_images['twitter_image'] = $array['twitter_image']; } if (!empty($array['pinterest_image'])) { $social_media_images['pinterest_image'] = $array['pinterest_image']; } if (count($social_media_images) > 0) { $array['social_media_image'] = json_encode($social_media_images); } /* if ( isset($array['tags']) && !empty($array['tags']) ) { // Load the tags helper. require_once JPATH_ADMINISTRATOR . '/components/com_tags/helpers/tags.php'; // Get the allowed actions for the user $canDo = TagsHelper::getActions('com_tags'); // The helper get the user and the component name itself // Load the tags model. require_once JPATH_ADMINISTRATOR . '/components/com_tags/models/tag.php'; JTable::addIncludePath(JPATH_ADMINISTRATOR . '/components/com_tags/tables'); // Get an instance of the table for insertion the new tags $tagsModel = TagsModelTag::getInstance('Tag','TagsModel'); $tags = array(); // Initialization of the tag container must be processed // If tags is an array, store-mode if ( is_array($array['tags']) ) { // "Allow user creation" mode must be activated (default) in the component creation field // Save the tags does not exist into the table tags and get its id for save the entire Item with the proper data foreach ($array['tags'] as $singleTag) { // If there is any new tag... create it to get the id and save into the table #__COMPONENT_NAME_TABLE_NAME if ( strpos($singleTag, "#new#") !== FALSE ) { $user = JFactory::getUser(); $userId = $user->id; // For writting permissions $tagName = str_replace("#new#", "", $singleTag); $tagAlias = $tagPath = preg_replace('/[\s\W\.]+/', '-', $tagName); // Tags alias filter $tagMetadata = array( "author"=>"" , "robots"=>"" , "tags"=>null ); // The data tag field row $data = array( "parent_id" => 0 , "path" => $tagPath , "title" => $tagName , "alias" => $tagAlias , "created_by_alias" => $user , "created_user_id" => $userId , "published" => 1 , "checked_out"=> 0 , "metadata" => json_encode($tagMetadata) ); // Finally, store the tag if the user is granted for that if ( $canDo->get('core.create') ) { $table = $tagsModel->getTable(); $table->bind($data) ? $table->store($data) : exit; $tags[] = $table->id; // And store the insert_id } } // NOT new Tag (already exists) // $singleTag is the tag id else $tags[] = intval($singleTag); } // Overrride the tags array, because we should need to change the id before field saving // The field in database will look like "299,345,567,567" $array['tags'] = implode(',',$tags); } } else { $array['tags'] = ''; } */ // Support for multiple or not foreign key field: cuisines_id if (!empty($array['cuisines_id'])) { if (is_array($array['cuisines_id'])) { $array['cuisines_id'] = implode(',', $array['cuisines_id']); } else { if (strrpos($array['cuisines_id'], ',') != false) { $array['cuisines_id'] = explode(',', $array['cuisines_id']); } } } else { $array['cuisines_id'] = ''; } // Support for multiple or not foreign key field: meal_course_id if (!empty($array['meal_course_id'])) { if (is_array($array['meal_course_id'])) { $array['meal_course_id'] = implode(',', $array['meal_course_id']); } else { if (strrpos($array['meal_course_id'], ',') != false) { $array['meal_course_id'] = explode(',', $array['meal_course_id']); } } } else { $array['meal_course_id'] = ''; } //error_log("Saving product_ids " . print_r($array['product_id'],true)); // one to many support for products if (!empty($array['product_id'])) { if (is_array($array['product_id'])) { $array['product_id'] = implode(',', $array['product_id']); } else { if (strrpos($array['product_id'], ',') != false) { $array['product_id'] = explode(',', $array['product_id']); } } } else { $array['product_id'] = ''; } // Support for multiple or not foreign key field: diet_id if (!empty($array['diet_id'])) { if (is_array($array['diet_id'])) { $array['diet_id'] = implode(',', $array['diet_id']); } else { if (strrpos($array['diet_id'], ',') != false) { $array['diet_id'] = explode(',', $array['diet_id']); } } } else { $array['diet_id'] = ''; } $input = JFactory::getApplication()->input; $task = $input->getString('task', ''); if (($task == 'save' || $task == 'apply') && (!JFactory::getUser()->authorise('core.edit.state', 'com_akrecipes') && $array['state'] == 1)) { $array['state'] = 0; } if ($array['id'] == 0 && empty($array['created_by'])) { $array['created_by'] = JFactory::getUser()->id; } if ($array['id'] == 0 && empty($array['modified_by'])) { $array['modified_by'] = JFactory::getUser()->id; } // Support for checkbox field: sponsored if (!isset($array['sponsored'])) { $array['sponsored'] = 0; } // Support for checkbox field: featured if (!isset($array['featured'])) { $array['featured'] = 0; } // // Support for checkbox field: featured // if (!isset($array['show_brand'])) // { // $array['show_brand'] = 0; // } // if ( !isset($array['params'])) { // $array['params'] = array(); // } // $array['params']['show_brand'] = $array['show_brand']; if (isset($array['params']) && is_array($array['params'])) { $registry = new JRegistry(); $registry->loadArray($array['params']); $array['params'] = (string) $registry; } if (isset($array['metadata']) && is_array($array['metadata'])) { $registry = new JRegistry(); $registry->loadArray($array['metadata']); $array['metadata'] = (string) $registry; } if (!JFactory::getUser()->authorise('core.admin', 'com_akrecipes.recipe.' . $array['id'])) { $actions = JAccess::getActionsFromFile(JPATH_ADMINISTRATOR . '/components/com_akrecipes/access.xml', "/access/section[@name='recipe']/"); $default_actions = JAccess::getAssetRules('com_akrecipes.recipe.' . $array['id'])->getData(); $array_jaccess = array(); foreach ($actions as $action) { $array_jaccess[$action->name] = $default_actions[$action->name]; } $array['rules'] = $this->JAccessRulestoArray($array_jaccess); } // Bind the rules for ACL where supported. if (isset($array['rules']) && is_array($array['rules'])) { $this->setRules($array['rules']); } return parent::bind($array, $ignore); }
/** * Returns a UL list of actions with check boxes * * @param string $name The name of the checkbox controls array * @param array $selected An array of the checked boxes * @param string $component The component the permissions apply to * @param string $section The section (within a component) the permissions apply to * * @return string * * @see JAccess * @since 1.6 */ public static function actions($name, $selected, $component, $section = 'global') { static $count; $count++; $actions = JAccess::getActionsFromFile(JPATH_ADMINISTRATOR . '/components/' . $component . '/access.xml', "/access/section[@name='" . $section . "']/"); $html = array(); $html[] = '<ul class="checklist access-actions">'; for ($i = 0, $n = count($actions); $i < $n; $i++) { $item =& $actions[$i]; // Setup the variable attributes. $eid = $count . 'action_' . $item->id; $checked = in_array($item->id, $selected) ? ' checked="checked"' : ''; // Build the HTML for the item. $html[] = ' <li>'; $html[] = ' <input type="checkbox" name="' . $name . '[]" value="' . $item->id . '" id="' . $eid . '"'; $html[] = ' ' . $checked . ' />'; $html[] = ' <label for="' . $eid . '">'; $html[] = ' ' . JText::_($item->title); $html[] = ' </label>'; $html[] = ' </li>'; } $html[] = '</ul>'; return implode("\n", $html); }
/** * Method to get the field input markup for Access Control Lists. * Optionally can be associated with a specific component and section. * * TODO: Add access check. * * @return string The field input markup. * * @since 11.1 */ protected function getInput() { JHtml::_('behavior.tooltip'); // Initialise some field attributes. $section = $this->element['section'] ? (string) $this->element['section'] : ''; $component = $this->element['component'] ? (string) $this->element['component'] : ''; $assetField = $this->element['asset_field'] ? (string) $this->element['asset_field'] : 'asset_id'; // Get the actions for the asset. $actions = JAccess::getActionsFromFile(JPATH_ADMINISTRATOR . '/components/' . $component . '/access.xml', "/access/section[@name='" . $section . "']/"); // Iterate over the children and add to the actions. foreach ($this->element->children() as $el) { if ($el->getName() == 'action') { $actions[] = (object) array('name' => (string) $el['name'], 'title' => (string) $el['title'], 'description' => (string) $el['description']); } } // Get the explicit rules for this asset. if ($section == 'component') { // Need to find the asset id by the name of the component. $db = JFactory::getDbo(); $query = $db->getQuery(true); $query->select($db->quoteName('id')); $query->from($db->quoteName('#__assets')); $query->where($db->quoteName('name') . ' = ' . $db->quote($component)); $db->setQuery($query); $assetId = (int) $db->loadResult(); } else { // Find the asset id of the content. // Note that for global configuration, com_config injects asset_id = 1 into the form. $assetId = $this->form->getValue($assetField); } // Use the compact form for the content rules (deprecated). /* @todo remove code: if (!empty($component) && $section != 'component') { return JHtml::_('rules.assetFormWidget', $actions, $assetId, $assetId ? null : $component, $this->name, $this->id); } */ // Full width format. // Get the rules for just this asset (non-recursive). $assetRules = JAccess::getAssetRules($assetId); // Get the available user groups. $groups = $this->getUserGroups(); // Build the form control. $curLevel = 0; // Prepare output $html = array(); $html[] = '<div id="permissions-sliders" class="pane-sliders">'; $html[] = '<p class="rule-desc">' . JText::_('JLIB_RULES_SETTINGS_DESC') . '</p>'; $html[] = '<ul id="rules">'; // Start a row for each user group. foreach ($groups as $group) { $difLevel = $group->level - $curLevel; if ($difLevel > 0) { $html[] = '<li><ul>'; } elseif ($difLevel < 0) { $html[] = str_repeat('</ul></li>', -$difLevel); } $html[] = '<li>'; $html[] = '<div class="panel">'; $html[] = '<h3 class="pane-toggler title"><a href="javascript:void(0);"><span>'; $html[] = str_repeat('<span class="level">|–</span> ', $curLevel = $group->level) . $group->text; $html[] = '</span></a></h3>'; $html[] = '<div class="pane-slider content pane-hide">'; $html[] = '<div class="mypanel">'; $html[] = '<table class="group-rules">'; $html[] = '<thead>'; $html[] = '<tr>'; $html[] = '<th class="actions" id="actions-th' . $group->value . '">'; $html[] = '<span class="acl-action">' . JText::_('JLIB_RULES_ACTION') . '</span>'; $html[] = '</th>'; $html[] = '<th class="settings" id="settings-th' . $group->value . '">'; $html[] = '<span class="acl-action">' . JText::_('JLIB_RULES_SELECT_SETTING') . '</span>'; $html[] = '</th>'; // The calculated setting is not shown for the root group of global configuration. $canCalculateSettings = $group->parent_id || !empty($component); if ($canCalculateSettings) { $html[] = '<th id="aclactionth' . $group->value . '">'; $html[] = '<span class="acl-action">' . JText::_('JLIB_RULES_CALCULATED_SETTING') . '</span>'; $html[] = '</th>'; } $html[] = '</tr>'; $html[] = '</thead>'; $html[] = '<tbody>'; foreach ($actions as $action) { $html[] = '<tr>'; $html[] = '<td headers="actions-th' . $group->value . '">'; $html[] = '<label class="hasTip" for="' . $this->id . '_' . $action->name . '_' . $group->value . '" title="' . htmlspecialchars(JText::_($action->title) . '::' . JText::_($action->description), ENT_COMPAT, 'UTF-8') . '">'; $html[] = JText::_($action->title); $html[] = '</label>'; $html[] = '</td>'; $html[] = '<td headers="settings-th' . $group->value . '">'; $html[] = '<select name="' . $this->name . '[' . $action->name . '][' . $group->value . ']" id="' . $this->id . '_' . $action->name . '_' . $group->value . '" title="' . JText::sprintf('JLIB_RULES_SELECT_ALLOW_DENY_GROUP', JText::_($action->title), trim($group->text)) . '">'; $inheritedRule = JAccess::checkGroup($group->value, $action->name, $assetId); // Get the actual setting for the action for this group. $assetRule = $assetRules->allow($action->name, $group->value); // Build the dropdowns for the permissions sliders // The parent group has "Not Set", all children can rightly "Inherit" from that. $html[] = '<option value=""' . ($assetRule === null ? ' selected="selected"' : '') . '>' . JText::_(empty($group->parent_id) && empty($component) ? 'JLIB_RULES_NOT_SET' : 'JLIB_RULES_INHERITED') . '</option>'; $html[] = '<option value="1"' . ($assetRule === true ? ' selected="selected"' : '') . '>' . JText::_('JLIB_RULES_ALLOWED') . '</option>'; $html[] = '<option value="0"' . ($assetRule === false ? ' selected="selected"' : '') . '>' . JText::_('JLIB_RULES_DENIED') . '</option>'; $html[] = '</select>  '; // If this asset's rule is allowed, but the inherited rule is deny, we have a conflict. if ($assetRule === true && $inheritedRule === false) { $html[] = JText::_('JLIB_RULES_CONFLICT'); } $html[] = '</td>'; // Build the Calculated Settings column. // The inherited settings column is not displayed for the root group in global configuration. if ($canCalculateSettings) { $html[] = '<td headers="aclactionth' . $group->value . '">'; // This is where we show the current effective settings considering currrent group, path and cascade. // Check whether this is a component or global. Change the text slightly. if (JAccess::checkGroup($group->value, 'core.admin', $assetId) !== true) { if ($inheritedRule === null) { $html[] = '<span class="icon-16-unset">' . JText::_('JLIB_RULES_NOT_ALLOWED') . '</span>'; } elseif ($inheritedRule === true) { $html[] = '<span class="icon-16-allowed">' . JText::_('JLIB_RULES_ALLOWED') . '</span>'; } elseif ($inheritedRule === false) { if ($assetRule === false) { $html[] = '<span class="icon-16-denied">' . JText::_('JLIB_RULES_NOT_ALLOWED') . '</span>'; } else { $html[] = '<span class="icon-16-denied"><span class="icon-16-locked">' . JText::_('JLIB_RULES_NOT_ALLOWED_LOCKED') . '</span></span>'; } } } elseif (!empty($component)) { $html[] = '<span class="icon-16-allowed"><span class="icon-16-locked">' . JText::_('JLIB_RULES_ALLOWED_ADMIN') . '</span></span>'; } else { // Special handling for groups that have global admin because they can't be denied. // The admin rights can be changed. if ($action->name === 'core.admin') { $html[] = '<span class="icon-16-allowed">' . JText::_('JLIB_RULES_ALLOWED') . '</span>'; } elseif ($inheritedRule === false) { // Other actions cannot be changed. $html[] = '<span class="icon-16-denied"><span class="icon-16-locked">' . JText::_('JLIB_RULES_NOT_ALLOWED_ADMIN_CONFLICT') . '</span></span>'; } else { $html[] = '<span class="icon-16-allowed"><span class="icon-16-locked">' . JText::_('JLIB_RULES_ALLOWED_ADMIN') . '</span></span>'; } } $html[] = '</td>'; } $html[] = '</tr>'; } $html[] = '</tbody>'; $html[] = '</table></div>'; $html[] = '</div></div>'; $html[] = '</li>'; } $html[] = str_repeat('</ul></li>', $curLevel); $html[] = '</ul><div class="rule-notes">'; if ($section == 'component' || $section == null) { $html[] = JText::_('JLIB_RULES_SETTING_NOTES'); } else { $html[] = JText::_('JLIB_RULES_SETTING_NOTES_ITEM'); } $html[] = '</div></div>'; // Get the JInput object $input = JFactory::getApplication()->input; $js = "window.addEvent('domready', function(){ new Fx.Accordion(\$\$('div#permissions-sliders.pane-sliders .panel h3.pane-toggler')," . "\$\$('div#permissions-sliders.pane-sliders .panel div.pane-slider'), {onActive: function(toggler, i) {toggler.addClass('pane-toggler-down');" . "toggler.removeClass('pane-toggler');i.addClass('pane-down');i.removeClass('pane-hide');Cookie.write('jpanesliders_permissions-sliders" . $component . "',\$\$('div#permissions-sliders.pane-sliders .panel h3').indexOf(toggler));}," . "onBackground: function(toggler, i) {toggler.addClass('pane-toggler');toggler.removeClass('pane-toggler-down');i.addClass('pane-hide');" . "i.removeClass('pane-down');}, duration: 300, display: " . $input->cookie->get('jpanesliders_permissions-sliders' . $component, 0, 'integer') . ", show: " . $input->cookie->get('jpanesliders_permissions-sliders' . $component, 0, 'integer') . ", alwaysHide:true, opacity: false}); });"; JFactory::getDocument()->addScriptDeclaration($js); return implode("\n", $html); }
public static function getActions($component = 'com_judirectory', $section = '', $id = 0) { if (!$component) { $component = 'com_judirectory'; } $user = JFactory::getUser(); $result = new JObject(); $path = JPATH_ADMINISTRATOR . '/components/' . $component . '/access.xml'; switch ($section) { case 'component': $actionsComponent = JAccess::getActionsFromFile($path, "/access/section[@name='component']/"); $actionsCategory = JAccess::getActionsFromFile($path, "/access/section[@name='component_category']/"); $actionsListing = JAccess::getActionsFromFile($path, "/access/section[@name='component_listing']/"); $actionsComment = JAccess::getActionsFromFile($path, "/access/section[@name='component_comment']/"); $actionsSingleRating = JAccess::getActionsFromFile($path, "/access/section[@name='component_single_rating']/"); $actionsFieldValue = JAccess::getActionsFromFile($path, "/access/section[@name='component_field_value']/"); $actionsModerator = JAccess::getActionsFromFile($path, "/access/section[@name='component_moderator']/"); $actionsCriteria = JAccess::getActionsFromFile($path, "/access/section[@name='component_criteria']/"); $actions = array_merge($actionsComponent, $actionsCategory, $actionsListing, $actionsComment, $actionsSingleRating, $actionsFieldValue, $actionsModerator, $actionsCriteria); break; case 'category': case 'listing': $actionsComponent = JAccess::getActionsFromFile($path, "/access/section[@name='component']/"); $actionsCategory = JAccess::getActionsFromFile($path, "/access/section[@name='component_category']/"); $actionsListing = JAccess::getActionsFromFile($path, "/access/section[@name='component_listing']/"); $actionsComment = JAccess::getActionsFromFile($path, "/access/section[@name='component_comment']/"); $actionsSingleRating = JAccess::getActionsFromFile($path, "/access/section[@name='component_single_rating']/"); $actions = array_merge($actionsComponent, $actionsCategory, $actionsListing, $actionsComment, $actionsSingleRating); break; case 'fieldgroup': case 'field': $actionsComponent = JAccess::getActionsFromFile($path, "/access/section[@name='component']/"); $actionsFieldValue = JAccess::getActionsFromFile($path, "/access/section[@name='component_field_value']/"); $actions = array_merge($actionsComponent, $actionsFieldValue); break; case 'moderator': $actionsComponent = JAccess::getActionsFromFile($path, "/access/section[@name='component']/"); $actionsModerator = JAccess::getActionsFromFile($path, "/access/section[@name='component_moderator']/"); $actions = array_merge($actionsComponent, $actionsModerator); break; case 'criteriagroup': $actionsComponent = JAccess::getActionsFromFile($path, "/access/section[@name='component']/"); $actionsCriteria = JAccess::getActionsFromFile($path, "/access/section[@name='component_criteria']/"); $actions = array_merge($actionsComponent, $actionsCriteria); break; default: $actionsComponent = JAccess::getActionsFromFile($path, "/access/section[@name='component']/"); $actionsCategory = JAccess::getActionsFromFile($path, "/access/section[@name='component_category']/"); $actionsListing = JAccess::getActionsFromFile($path, "/access/section[@name='component_listing']/"); $actionsComment = JAccess::getActionsFromFile($path, "/access/section[@name='component_comment']/"); $actionsSingleRating = JAccess::getActionsFromFile($path, "/access/section[@name='component_single_rating']/"); $actionsFieldValue = JAccess::getActionsFromFile($path, "/access/section[@name='component_field_value']/"); $actionsModerator = JAccess::getActionsFromFile($path, "/access/section[@name='component_moderator']/"); $actionsCriteria = JAccess::getActionsFromFile($path, "/access/section[@name='component_criteria']/"); $actions = array_merge($actionsComponent, $actionsCategory, $actionsListing, $actionsComment, $actionsSingleRating, $actionsFieldValue, $actionsModerator, $actionsCriteria); } if ($section && $id) { $assetName = $component . '.' . $section . '.' . (int) $id; } else { $assetName = $component; } foreach ($actions as $action) { $result->set($action->name, $user->authorise($action->name, $assetName)); } return $result; }
/** * Overloaded bind function to pre-process the params. * * @param array $array Named array * @param mixed $ignore Optional array or list of parameters to ignore * * @return null|string null is operation was satisfactory, otherwise returns an error * * @see JTable:bind * @since 1.5 */ public function bind($array, $ignore = '') { $input = JFactory::getApplication()->input; $task = $input->getString('task', ''); if ($array['id'] == 0) { $array['created_by'] = JFactory::getUser()->id; } // Support for multiple or not foreign key field: gender if (!empty($array['gender'])) { if (is_array($array['gender'])) { $array['gender'] = implode(',', $array['gender']); } else { if (strrpos($array['gender'], ',') != false) { $array['gender'] = explode(',', $array['gender']); } } } else { $array['gender'] = ''; } // Support for multiple or not foreign key field: event if (!empty($array['event'])) { if (is_array($array['event'])) { $array['event'] = implode(',', $array['event']); } else { if (strrpos($array['event'], ',') != false) { $array['event'] = explode(',', $array['event']); } } } else { $array['event'] = ''; } // Support for multiple or not foreign key field: tshirt if (!empty($array['tshirt'])) { if (is_array($array['tshirt'])) { $array['tshirt'] = implode(',', $array['tshirt']); } else { if (strrpos($array['tshirt'], ',') != false) { $array['tshirt'] = explode(',', $array['tshirt']); } } } else { $array['tshirt'] = ''; } // Support for multiple or not foreign key field: blood_type if (!empty($array['blood_type'])) { if (is_array($array['blood_type'])) { $array['blood_type'] = implode(',', $array['blood_type']); } else { if (strrpos($array['blood_type'], ',') != false) { $array['blood_type'] = explode(',', $array['blood_type']); } } } else { $array['blood_type'] = ''; } if (isset($array['params']) && is_array($array['params'])) { $registry = new JRegistry(); $registry->loadArray($array['params']); $array['params'] = (string) $registry; } if (isset($array['metadata']) && is_array($array['metadata'])) { $registry = new JRegistry(); $registry->loadArray($array['metadata']); $array['metadata'] = (string) $registry; } if (!JFactory::getUser()->authorise('core.admin', 'com_mundial_cozumel_2016.inscription.' . $array['id'])) { $actions = JAccess::getActionsFromFile(JPATH_ADMINISTRATOR . '/components/com_mundial_cozumel_2016/access.xml', "/access/section[@name='inscription']/"); $default_actions = JAccess::getAssetRules('com_mundial_cozumel_2016.inscription.' . $array['id'])->getData(); $array_jaccess = array(); foreach ($actions as $action) { $array_jaccess[$action->name] = $default_actions[$action->name]; } $array['rules'] = $this->JAccessRulestoArray($array_jaccess); } // Bind the rules for ACL where supported. if (isset($array['rules']) && is_array($array['rules'])) { $this->setRules($array['rules']); } return parent::bind($array, $ignore); }
/** * Stores configuration created with Theme Customiser. Not for template developers. * @param (bool) If true, configuration will be stored in JSON file. If not - in the database. */ public function saveThemerConfig($save_to_file = true) { $app = JFactory::getApplication(); $input = $app->input; $db = JFactory::getDbo(); $user = JFactory::getUser(); $result = new JObject(); $actions = JAccess::getActionsFromFile(JPATH_ADMINISTRATOR . '/components/com_templates/access.xml', "/access/section[@name='component']/"); foreach ($actions as $action) { $result->set($action->name, $user->authorise($action->name, 'com_templates')); } $hasAccess = false; $isLoggedIn = $user->guest ? false : true; if ($result->get('core.edit')) { $hasAccess = true; } if (!$isLoggedIn) { $msg = JText::_('PLG_SYSTEM_JMFRAMEWORK_THEME_LOGIN_ERROR'); throw new Exception($msg, 403); return false; } else { if (!$hasAccess) { $msg = JText::_('PLG_SYSTEM_JMFRAMEWORK_THEME_ACCESS_ERROR'); throw new Exception($msg, 401); return false; } } $style_id = $input->getInt('jmstyleid', 0); if (!$style_id) { $msg = JText::_('PLG_SYSTEM_JMFRAMEWORK_THEME_BAD_REQUEST_ERROR'); throw new Exception($msg, 400); return false; } $data = $input->get('jmvars', array(), 'array'); if (empty($data)) { return false; } $db->setQuery('SELECT params FROM #__template_styles WHERE id=' . (int) $style_id . ' LIMIT 1'); $params = $db->loadResult(); $params = !empty($params) ? json_decode($params, true) : false; if (empty($params)) { return false; } foreach ($data as $k => $v) { if (is_scalar($v)) { $params[$k] = $v; } } $this->purgeStyleSheets($style_id); if ($save_to_file) { $path = JMF_TPL_PATH . DIRECTORY_SEPARATOR . 'assets' . DIRECTORY_SEPARATOR . 'config'; if (JFolder::exists($path) == false) { JFolder::create($path); } $base_name = 'custom_style'; if (!empty($params['templateStyle'])) { $base_name .= '_' . $params['templateStyle']; } else { $base_name .= '_0'; } $iterator = 0; $file_name = $base_name . '.cfg.json'; while (JFile::exists($path . DIRECTORY_SEPARATOR . $file_name)) { $iterator++; $suffix = '_' . $iterator; $file_name = $base_name . $suffix . '.cfg.json'; } $params = json_encode($params); if (JFile::write($path . DIRECTORY_SEPARATOR . $file_name, $params)) { return JText::sprintf('PLG_SYSTEM_JMFRAMEWORK_THEME_SETTINGS_SAVED_TO_FILE', $file_name); } else { return JText::_('PLG_SYSTEM_JMFRAMEWORK_THEME_SETTINGS_SAVING_ERROR'); } } else { $params = json_encode($params); $db->setQuery('UPDATE #__template_styles SET params=' . $db->quote($params) . ' WHERE id=' . (int) $style_id); if ($db->query() == false) { return $db->getErrorMsg(); } if (defined('JMF_TPL')) { // dump CSS sheets which were made from LESS files $suffix = $style_id > 0 ? '.' . $style_id : ''; $less_files = JFolder::files(JPath::clean(JPATH_ROOT . '/templates/' . JMF_TPL . '/less'), '\\.less$'); $css_files = JFolder::files(JPath::clean(JPATH_ROOT . '/templates/' . JMF_TPL . '/css'), '\\.css$'); foreach ($less_files as $less) { $name = JFile::stripExt($less); /*if (in_array($name.'.css', $css_files)) { JFile::delete(JPath::clean(JPATH_ROOT.'/templates/'.JMF_TPL.'/css/').$name.'.css'); }*/ if (in_array($name . $suffix . '.css', $css_files)) { JFile::delete(JPath::clean(JPATH_ROOT . '/templates/' . JMF_TPL . '/css/') . $name . $suffix . '.css'); } } } return JText::_('PLG_SYSTEM_JMFRAMEWORK_THEME_SETTINGS_SAVED_TO_DB'); } }
/** * Method to get the field input markup for Access Control Lists. * Optionally can be associated with a specific component and section. * * @return string The field input markup. * * @since 11.1 * @todo: Add access check. */ protected function getInput() { JHtml::_('bootstrap.tooltip'); // Initialise some field attributes. $section = 'category'; $component = 'com_k2'; $groupId = (int) (string) $this->element->attributes()->groupId; if (!$groupId) { return null; } // Get the actions for the asset. $actions = JAccess::getActionsFromFile(JPATH_ADMINISTRATOR . '/components/' . $component . '/access.xml', "/access/section[@name='" . $section . "']/"); // Iterate over the children and add to the actions. foreach ($this->element->children() as $el) { if ($el->getName() == 'action') { $actions[] = (object) array('name' => (string) $el['name'], 'title' => (string) $el['title'], 'description' => (string) $el['description']); } } // Get database $db = JFactory::getDBO(); // Get group $query = $db->getQuery(true); // Select rows $query->select('*'); $query->from($db->quoteName('#__usergroups')); $query->where($db->quoteName('id') . ' = ' . (int) $groupId); $db->setQuery($query); $group = $db->loadObject(); // Get categories assets $query = $db->getQuery(true); // Select rows $query->select('*'); $query->from($db->quoteName('#__assets')); $query->where($db->quoteName('name') . ' LIKE ' . $db->quote('%' . $db->escape('com_k2.category') . '%')); $query->order($db->quoteName('lft') . ' ASC'); // Set query $db->setQuery($query); $assets = $db->loadObjectList(); // Prepare output $html = array(); // Description $html[] = '<p class="rule-desc">' . JText::_('JLIB_RULES_SETTINGS_DESC') . '</p>'; $html[] = '<table class="table table-striped"><thead>'; $html[] = '<tr><th></th>'; foreach ($actions as $action) { $html[] = '<th>' . JText::_($action->title) . '</th>'; } $html[] = '</tr>'; $html[] = '<tbody>'; foreach ($assets as $asset) { $assetRules = JAccess::getAssetRules($asset->id); $html[] = '<tr>'; $html[] = '<td>'; $html[] = '<span>' . str_repeat('-', $asset->level - 1) . $asset->title . '</span><input type="hidden" name="' . $this->name . '[assets][]" value="' . $asset->id . '" />'; $html[] = '</td>'; foreach ($actions as $action) { $inheritedRule = JAccess::checkGroup($group->id, $action->name, $asset->id); $assetRule = $assetRules->allow($action->name, $group->id); $html[] = '<td>'; $html[] = '<select class="input-small" name="' . $this->name . '[actions][' . $asset->id . '][' . $action->name . ']" id="' . $this->id . '_' . $action->name . '_' . $group->id . '" title="' . JText::sprintf('JLIB_RULES_SELECT_ALLOW_DENY_GROUP', JText::_($action->title), trim($group->title)) . '">'; $html[] = '<option value=""' . ($assetRule === null ? ' selected="selected"' : '') . '>' . JText::_(empty($group->parent_id) && empty($component) ? 'JLIB_RULES_NOT_SET' : 'JLIB_RULES_INHERITED') . '</option>'; $html[] = '<option value="1"' . ($assetRule === true ? ' selected="selected"' : '') . '>' . JText::_('JLIB_RULES_ALLOWED') . '</option>'; $html[] = '<option value="0"' . ($assetRule === false ? ' selected="selected"' : '') . '>' . JText::_('JLIB_RULES_DENIED') . '</option>'; $html[] = '</select>  '; // If this asset's rule is allowed, but the inherited rule is deny, we have a conflict. if ($assetRule === true && $inheritedRule === false) { $html[] = JText::_('JLIB_RULES_CONFLICT'); } // This is where we show the current effective settings considering currrent group, path and cascade. // Check whether this is a component or global. Change the text slightly. if (JAccess::checkGroup($group->id, 'core.admin', $asset->id) !== true) { if ($inheritedRule === null) { $html[] = '<span class="label label-important">' . JText::_('JLIB_RULES_NOT_ALLOWED') . '</span>'; } elseif ($inheritedRule === true) { $html[] = '<span class="label label-success">' . JText::_('JLIB_RULES_ALLOWED') . '</span>'; } elseif ($inheritedRule === false) { if ($assetRule === false) { $html[] = '<span class="label label-important">' . JText::_('JLIB_RULES_NOT_ALLOWED') . '</span>'; } else { $html[] = '<span class="label"><i class="icon-lock icon-white"></i> ' . JText::_('JLIB_RULES_NOT_ALLOWED_LOCKED') . '</span>'; } } } elseif (!empty($component)) { $html[] = '<span class="label label-success"><i class="icon-lock icon-white"></i> ' . JText::_('JLIB_RULES_ALLOWED_ADMIN') . '</span>'; } else { // Special handling for groups that have global admin because they can't be denied. // The admin rights can be changed. if ($action->name === 'core.admin') { $html[] = '<span class="label label-success">' . JText::_('JLIB_RULES_ALLOWED') . '</span>'; } elseif ($inheritedRule === false) { // Other actions cannot be changed. $html[] = '<span class="label label-important"><i class="icon-lock icon-white"></i> ' . JText::_('JLIB_RULES_NOT_ALLOWED_ADMIN_CONFLICT') . '</span>'; } else { $html[] = '<span class="label label-success"><i class="icon-lock icon-white"></i> ' . JText::_('JLIB_RULES_ALLOWED_ADMIN') . '</span>'; } } $html[] = '</td>'; } $html[] = '</tr>'; } $html[] = '</tbody>'; $html[] = '</table>'; $html[] = '<div class="alert">'; if ($section == 'component' || $section == null) { $html[] = JText::_('JLIB_RULES_SETTING_NOTES'); } else { $html[] = JText::_('JLIB_RULES_SETTING_NOTES_ITEM'); } $html[] = '</div>'; return implode("\n", $html); }
/** * Gets a list of the actions that can be performed. * * @param string $component The component name. * @param string $section The access section name. * @param integer $id The item ID. * * @return JObject * * @since 3.2 */ public static function getActions($component = '', $section = '', $id = 0) { // Check for deprecated arguments order if (is_int($component) || is_null($component)) { $result = self::_getActions($component, $section, $id); return $result; } $user = JFactory::getUser(); $result = new JObject(); $path = JPATH_ADMINISTRATOR . '/components/' . $component . '/access.xml'; if ($section && $id) { $assetName = $component . '.' . $section . '.' . (int) $id; } else { $assetName = $component; } if (empty($section)) { $section = 'component'; } $actions = JAccess::getActionsFromFile($path, "/access/section[@name='" . $section . "']/"); foreach ($actions as $action) { $result->set($action->name, $user->authorise($action->name, $assetName)); } return $result; }
public static function getActions($type = 'component', $id = 0) { jimport('joomla.access.access'); $componentName = 'com_imageshow'; $user = JFactory::getUser(); $result = new JObject(); $actions = JAccess::getActionsFromFile(JPATH_ADMINISTRATOR . '/components/' . $componentName . '/access.xml'); if ($type != 'component') { $assetName = $componentName . '.' . $type . '.' . $id; } else { $assetName = $componentName; } foreach ($actions as $action) { $result->set($action->name, $user->authorise($action->name, $assetName)); } return $result; }
/** * Helper wrapper method for getActionsFromFile * * @param string $file The path to the XML file. * @param string $xpath An optional xpath to search for the fields. * * @return boolean|array False if case of error or the list of actions available. * * @see JAccess::getActionsFromFile() * @since 3.4 */ public function getActionsFromFile($file, $xpath = '/access/section[@name=\'component\']/') { return JAccess::getActionsFromFile($file, $xpath); }