/** * Test to see if user can delete event * * @param unknown_type $row * @param unknown_type $user * @return unknown */ public static function canDeleteEvent($row, $user = null) { // store in static to save repeated database calls static $authdata_coredeleteall = array(); // TODO make this call a plugin if ($user == null) { $user = JFactory::getUser(); } // are we authorised to do anything with this category or calendar $jevuser = JEVHelper::getAuthorisedUser(); if ($row->_icsid > 0 && $jevuser && $jevuser->calendars != "" && $jevuser->calendars != "all") { $allowedcals = explode("|", $jevuser->calendars); if (!in_array($row->_icsid, $allowedcals)) { return false; } } if ($row->_catid > 0 && $jevuser && $jevuser->categories != "" && $jevuser->categories != "all") { $allowedcats = explode("|", $jevuser->categories); if (!in_array($row->_catid, $allowedcats)) { return false; } // check multi cats too if (JEVHelper::rowCatids($row)) { if (count(array_diff(JEVHelper::rowCatids($row), $allowedcats))) { return false; } } } $params = JComponentHelper::getParams(JEV_COM_COMPONENT); $authorisedonly = $params->get("authorisedonly", 1); if ($authorisedonly) { if (!$jevuser) { return false; } if (!is_null($jevuser) && $jevuser->candeleteall) { return true; } else { if (!is_null($jevuser) && $jevuser->candeleteown && $row->created_by() == $user->id) { return true; } } return false; } // This involes TOO many database queries in Joomla - one per category which can be a LOT /* $cats = JEVHelper::getAuthorisedCategories($user,'com_jevents', 'core.deleteall'); if (in_array($row->_catid, $cats)) return true; */ $key = $row->catids() ? json_encode($row->catids()) : json_encode(intval($row->catid())); if (!isset($authdata_coredeleteall[$key])) { $authdata_coredeleteall[$key] = JEVHelper::authoriseCategories('core.deleteall', $key, $user); } if ($authdata_coredeleteall[$key]) { return $authdata_coredeleteall[$key]; } // can delete all? if (JEVHelper::isEventDeletor(true)) { // any category restrictions on this? // This involes TOO many database queries in Joomla - one per category which can be a LOT /* $cats = JEVHelper::getAuthorisedCategories($user,'com_jevents', 'core.deleteall'); if (in_array($row->_catid, $cats)) return true; */ $key = $row->catids() ? json_encode($row->catids()) : json_encode(intval($row->catid())); if (!isset($authdata_coredeleteall[$key])) { $authdata_coredeleteall[$key] = JEVHelper::authoriseCategories('core.deleteall', $key, $user); } if ($authdata_coredeleteall[$key]) { return $authdata_coredeleteall[$key]; } } // There seems to be a problem with category permissions - sometimes Joomla ACL set to yes in category but result is false! // fall back to being able to delete own events if a publisher if ($row->created_by() == $user->id) { $jevuser = JEVHelper::getAuthorisedUser(); if (!is_null($jevuser)) { return $jevuser->candeleteown; } // if a user can publish their own then cal delete their own too $params = JComponentHelper::getParams(JEV_COM_COMPONENT); $authorisedonly = $params->get("authorisedonly", 1); $publishown = $params->get("jevpublishown", 0); if (!$authorisedonly && ($publishown || JEVHelper::canPublishEvent($row, $user))) { return true; } } return false; }