function deletefuture() { $is_event_editor = JEVHelper::isEventDeletor(); if (!$is_event_editor) { JError::raiseError(403, JText::_('ALERTNOTAUTH')); } parent::deletefuture(); }
function ProcessRequest(&$requestObject, $returnData) { define("REQUESTOBJECT", serialize($requestObject)); define("RETURNDATA", serialize($returnData)); // Do this ourselves to avoid Joomla 3.0 template path issues // require_once JPATH_BASE . '/' . 'includes' . '/' . 'defines.php'; //Global definitions. //Joomla framework path definitions. $parts = explode(DIRECTORY_SEPARATOR, JPATH_BASE); //Defines. define('JPATH_ROOT', implode(DIRECTORY_SEPARATOR, $parts)); define('JPATH_SITE', JPATH_ROOT); define('JPATH_CONFIGURATION', JPATH_ROOT); define('JPATH_ADMINISTRATOR', JPATH_ROOT . '/administrator'); define('JPATH_LIBRARIES', JPATH_ROOT . '/libraries'); define('JPATH_PLUGINS', JPATH_ROOT . '/plugins'); define('JPATH_INSTALLATION', JPATH_ROOT . '/installation'); // IMPORTANT CHANGE! $requestObject = unserialize(REQUESTOBJECT); $client = "site"; if (isset($requestObject->client) && in_array($requestObject->client, array("site", "administrator"))) { $client = $requestObject->client; } $patharray = array("site" => JPATH_SITE, "administrator" => JPATH_ADMINISTRATOR); define('JPATH_THEMES', $patharray[$client] . '/templates'); define('JPATH_CACHE', JPATH_ROOT . '/cache'); define('JPATH_MANIFESTS', JPATH_ADMINISTRATOR . '/manifests'); require_once JPATH_BASE . '/' . 'includes' . '/' . 'framework.php'; $requestObject = unserialize(REQUESTOBJECT); $returnData = unserialize(RETURNDATA); $returnData->allclear = 1; ini_set("display_errors", 0); global $option; $client = "site"; if (isset($requestObject->client) && in_array($requestObject->client, array("site", "administrator"))) { $client = $requestObject->client; } $mainframe = JFactory::getApplication($client); JFactory::getApplication()->initialise(); $option = "com_jevents"; // Not sure why this is needed but it is if (use use $mainframe = JFactory::getApplication($client); )!!! // needed for Joomla 1.5 plugins $GLOBALS['mainframe'] = $mainframe; $lang = JFactory::getLanguage(); $lang->load("com_jevents", JPATH_SITE); $lang->load("com_jevents", JPATH_ADMINISTRATOR); include_once JPATH_SITE . "/components/com_jevents/jevents.defines.php"; $params = JComponentHelper::getParams("com_jevents"); if (!$params->get("checkclashes", 0) && !$params->get("noclashes", 0)) { return $returnData; } // Do we ignore overlaps if (JEVHelper::isEventDeletor(true) && isset($requestObject->formdata->overlapoverride) && $requestObject->formdata->overlapoverride == 1) { return $returnData; } // Enforce referrer if (!$params->get("skipreferrer", 0)) { if (!array_key_exists("HTTP_REFERER", $_SERVER)) { throwerror("There was an error - no referrer info available"); } $live_site = $_SERVER['HTTP_HOST']; $ref_parts = parse_url($_SERVER["HTTP_REFERER"]); if (!isset($ref_parts["host"]) || $ref_parts["host"] . (isset($ref_parts["port"]) ? ':' . $ref_parts["port"] : '') != $live_site) { throwerror("There was an error - missing host in referrer"); } } if ($params->get("icaltimezonelive", "") != "" && is_callable("date_default_timezone_set") && $params->get("icaltimezonelive", "") != "") { $timezone = date_default_timezone_get(); $tz = $params->get("icaltimezonelive", ""); date_default_timezone_set($tz); $registry = JRegistry::getInstance("jevents"); $registry->set("jevents.timezone", $timezone); } $token = JSession::getFormToken(); if (!isset($requestObject->token) || $requestObject->token != $token) { throwerror("There was an error - bad token. Please refresh the page and try again."); } $user = JFactory::getUser(); if (!JEVHelper::isEventCreator()) { throwerror("There was an error - not an event creator"); } if (intval($requestObject->formdata->evid) > 0) { $db = JFactory::getDBO(); $dataModel = new JEventsDataModel("JEventsAdminDBModel"); $queryModel = new JEventsDBModel($dataModel); $event = $queryModel->getEventById(intval($requestObject->formdata->evid), 1, "icaldb"); //$db->setQuery("SELECT * FROM #__jevents_vevent where ev_id=".intval($requestObject->formdata->evid)); // $event = $db->loadObject(); if (!$event || !JEVHelper::canEditEvent($event)) { throwerror("There was an error - cannot edit this event"); } } $returnData->overlaps = array(); if ($requestObject->pressbutton == "icalrepeat.apply" || $requestObject->pressbutton == "icalrepeat.save") { $testrepeat = simulateSaveRepeat($requestObject); // now we have out event and its repetitions we now check to see for overlapping events $overlaps = checkRepeatOverlaps($testrepeat, $returnData, intval($requestObject->formdata->evid), $requestObject); } else { $testevent = simulateSaveEvent($requestObject); // now we have out event and its repetitions we now check to see for overlapping events $overlaps = checkEventOverlaps($testevent, $returnData, intval($requestObject->formdata->evid), $requestObject); } if (count($overlaps) > 0) { $returnData->allclear = 0; foreach ($overlaps as $olp) { $overlap = new stdClass(); $overlap->event_id = $olp->eventid; $overlap->eventdetail_id = $olp->eventdetail_id; $overlap->summary = $olp->summary; $overlap->rp_id = $olp->rp_id; $overlap->startrepeat = $olp->startrepeat; $overlap->endrepeat = $olp->endrepeat; list($y, $m, $d, $h, $m, $d) = sscanf($olp->startrepeat, "%d-%d-%d %d:%d:%d"); $tstring = JText::_("JEV_OVERLAP_MESSAGE"); $overlap->conflictMessage = sprintf($tstring, $olp->summary, JEV_CommonFunctions::jev_strftime(JText::_("DATE_FORMAT_4"), JevDate::strtotime($olp->startrepeat)), JEV_CommonFunctions::jev_strftime(JText::_("DATE_FORMAT_4"), JevDate::strtotime($olp->endrepeat)), $olp->conflictCause); $overlap->conflictMessage = addslashes($overlap->conflictMessage); $overlap->url = JURI::root() . "index.php?option=com_jevents&task=icalrepeat.detail&evid=" . $olp->rp_id . "&year={$y}&month={$m}&day={$d}"; $overlap->url = str_replace("components/com_jevents/libraries/", "", $overlap->url); $returnData->overlaps[] = $overlap; } } if ($requestObject->error) { $returnData->allclear = 0; return "Error"; } return $returnData; }
/** * @copyright Copyright (C) 2015-2015 GWE Systems Ltd. All rights reserved. * @license By negoriation with author via http://www.gwesystems.com */ function ProcessJsonRequest(&$requestObject, $returnData) { //$file4 = JPATH_SITE . '/components/com_jevents/libraries/checkconflict.php'; //if (JFile::exists($file4)) JFile::delete($file4); $returnData->allclear = 1; ini_set("display_errors", 0); $lang = JFactory::getLanguage(); $lang->load("com_jevents", JPATH_SITE); $lang->load("com_jevents", JPATH_ADMINISTRATOR); include_once JPATH_SITE . "/components/com_jevents/jevents.defines.php"; $params = JComponentHelper::getParams("com_jevents"); if (!$params->get("checkconflicts", 0)) { return $returnData; } // Do we ignore overlaps if (JEVHelper::isEventDeletor(true) && isset($requestObject->formdata->overlapoverride) && $requestObject->formdata->overlapoverride == 1) { return $returnData; } // Enforce referrer if (!$params->get("skipreferrer", 0)) { if (!array_key_exists("HTTP_REFERER", $_SERVER)) { PlgSystemGwejson::throwerror("There was an error - no referrer info available"); } $live_site = $_SERVER['HTTP_HOST']; $ref_parts = parse_url($_SERVER["HTTP_REFERER"]); if (!isset($ref_parts["host"]) || $ref_parts["host"] . (isset($ref_parts["port"]) ? ':' . $ref_parts["port"] : '') != $live_site) { PlgSystemGwejson::throwerror("There was an error - missing host in referrer"); } } if ($params->get("icaltimezonelive", "") != "" && is_callable("date_default_timezone_set") && $params->get("icaltimezonelive", "") != "") { $timezone = date_default_timezone_get(); $tz = $params->get("icaltimezonelive", ""); date_default_timezone_set($tz); $registry = JRegistry::getInstance("jevents"); $registry->set("jevents.timezone", $timezone); } $token = JSession::getFormToken(); if (!isset($requestObject->token) || strcmp($requestObject->token, $token) !== 0) { PlgSystemGwejson::throwerror("There was an error - bad token. Please refresh the page and try again."); } $user = JFactory::getUser(); if (!JEVHelper::isEventCreator()) { PlgSystemGwejson::throwerror("There was an error - not an event creator"); } if (intval($requestObject->formdata->evid) > 0) { $db = JFactory::getDBO(); $dataModel = new JEventsDataModel("JEventsAdminDBModel"); $queryModel = new JEventsDBModel($dataModel); $event = $queryModel->getEventById(intval($requestObject->formdata->evid), 1, "icaldb"); //$db->setQuery("SELECT * FROM #__jevents_vevent where ev_id=".intval($requestObject->formdata->evid)); // $event = $db->loadObject(); if (!$event || !JEVHelper::canEditEvent($event)) { PlgSystemGwejson::throwerror("There was an error - cannot edit this event"); } } $returnData->overlaps = array(); if ($requestObject->pressbutton == "icalrepeat.apply" || $requestObject->pressbutton == "icalrepeat.save") { $testrepeat = simulateSaveRepeat($requestObject); // now we have out event and its repetitions we now check to see for overlapping events $overlaps = checkRepeatOverlaps($testrepeat, $returnData, intval($requestObject->formdata->evid), $requestObject); } else { $testevent = simulateSaveEvent($requestObject); // now we have out event and its repetitions we now check to see for overlapping events $overlaps = checkEventOverlaps($testevent, $returnData, intval($requestObject->formdata->evid), $requestObject); } if (count($overlaps) > 0) { $returnData->allclear = 0; foreach ($overlaps as $olp) { $overlap = new stdClass(); $overlap->event_id = $olp->eventid; $overlap->eventdetail_id = $olp->eventdetail_id; $overlap->summary = $olp->summary; $overlap->rp_id = $olp->rp_id; $overlap->startrepeat = $olp->startrepeat; $overlap->endrepeat = $olp->endrepeat; list($y, $m, $d, $h, $m, $d) = sscanf($olp->startrepeat, "%d-%d-%d %d:%d:%d"); $tstring = JText::_("JEV_OVERLAP_MESSAGE"); $overlap->conflictMessage = sprintf($tstring, $olp->summary, JEV_CommonFunctions::jev_strftime(JText::_("DATE_FORMAT_4"), JevDate::strtotime($olp->startrepeat)), JEV_CommonFunctions::jev_strftime(JText::_("DATE_FORMAT_4"), JevDate::strtotime($olp->endrepeat)), $olp->conflictCause); $overlap->conflictMessage = addslashes($overlap->conflictMessage); $overlap->url = JURI::root() . "index.php?option=com_jevents&task=icalrepeat.detail&evid=" . $olp->rp_id . "&year={$y}&month={$m}&day={$d}"; $overlap->url = str_replace("components/com_jevents/libraries/", "", $overlap->url); $returnData->overlaps[] = $overlap; } } if ($requestObject->error) { $returnData->allclear = 0; return "Error"; } return $returnData; }
/** * Test to see if user can delete event * * @param unknown_type $row * @param unknown_type $user * @return unknown */ public static function canDeleteEvent($row, $user = null) { // store in static to save repeated database calls static $authdata_coredeleteall = array(); // TODO make this call a plugin if ($user == null) { $user = JFactory::getUser(); } // are we authorised to do anything with this category or calendar $jevuser = JEVHelper::getAuthorisedUser(); if ($row->_icsid > 0 && $jevuser && $jevuser->calendars != "" && $jevuser->calendars != "all") { $allowedcals = explode("|", $jevuser->calendars); if (!in_array($row->_icsid, $allowedcals)) { return false; } } if ($row->_catid > 0 && $jevuser && $jevuser->categories != "" && $jevuser->categories != "all") { $allowedcats = explode("|", $jevuser->categories); if (!in_array($row->_catid, $allowedcats)) { return false; } // check multi cats too if (JEVHelper::rowCatids($row)) { if (count(array_diff(JEVHelper::rowCatids($row), $allowedcats))) { return false; } } } $params = JComponentHelper::getParams(JEV_COM_COMPONENT); $authorisedonly = $params->get("authorisedonly", 1); if ($authorisedonly) { if (!$jevuser) { return false; } if (!is_null($jevuser) && $jevuser->candeleteall) { return true; } else { if (!is_null($jevuser) && $jevuser->candeleteown && $row->created_by() == $user->id) { return true; } } return false; } // This involes TOO many database queries in Joomla - one per category which can be a LOT /* $cats = JEVHelper::getAuthorisedCategories($user,'com_jevents', 'core.deleteall'); if (in_array($row->_catid, $cats)) return true; */ $key = $row->catids() ? json_encode($row->catids()) : json_encode(intval($row->catid())); if (!isset($authdata_coredeleteall[$key])) { $authdata_coredeleteall[$key] = JEVHelper::authoriseCategories('core.deleteall', $key, $user); } if ($authdata_coredeleteall[$key]) { return $authdata_coredeleteall[$key]; } // can delete all? if (JEVHelper::isEventDeletor(true)) { // any category restrictions on this? // This involes TOO many database queries in Joomla - one per category which can be a LOT /* $cats = JEVHelper::getAuthorisedCategories($user,'com_jevents', 'core.deleteall'); if (in_array($row->_catid, $cats)) return true; */ $key = $row->catids() ? json_encode($row->catids()) : json_encode(intval($row->catid())); if (!isset($authdata_coredeleteall[$key])) { $authdata_coredeleteall[$key] = JEVHelper::authoriseCategories('core.deleteall', $key, $user); } if ($authdata_coredeleteall[$key]) { return $authdata_coredeleteall[$key]; } } // There seems to be a problem with category permissions - sometimes Joomla ACL set to yes in category but result is false! // fall back to being able to delete own events if a publisher if ($row->created_by() == $user->id) { $jevuser = JEVHelper::getAuthorisedUser(); if (!is_null($jevuser)) { return $jevuser->candeleteown; } // if a user can publish their own then cal delete their own too $params = JComponentHelper::getParams(JEV_COM_COMPONENT); $authorisedonly = $params->get("authorisedonly", 1); $publishown = $params->get("jevpublishown", 0); if (!$authorisedonly && ($publishown || JEVHelper::canPublishEvent($row, $user))) { return true; } } return false; }
<?php } } ?> </div> <?php if ($params->get("checkconflicts", 0)) { ?> <div id='jevoverlapwarning'> <div><?php echo JText::_("JEV_OVERLAPPING_EVENTS_WARNING"); ?> </div> <?php // event deletors get the right to override this if (JEVHelper::isEventDeletor(true) && JText::_("JEV_OVERLAPPING_EVENTS_OVERRIDE") != "JEV_OVERLAPPING_EVENTS_OVERRIDE") { ?> <div> <strong> <label><?php echo JText::_("JEV_OVERLAPPING_EVENTS_OVERRIDE"); ?> <!-- not checked by default !!! //--> <input type="checkbox" name="overlapoverride" value="1" /> </label> </strong> </div> <?php } ?> <div id="jevoverlaps"></div>
function deletefuture() { $is_event_editor = JEVHelper::isEventDeletor(); if (!$is_event_editor) { throw new Exception(JText::_('ALERTNOTAUTH'), 403); return false; } parent::deletefuture(); }
/** * Test to see if user can delete event * * @param unknown_type $row * @param unknown_type $user * @return unknown */ function canDeleteEvent($row, $user = null) { // TODO make this call a plugin if ($user == null) { $user =& JFactory::getUser(); } // are we authorised to do anything with this category or calendar $jevuser =& JEVHelper::getAuthorisedUser(); if ($row->_icsid > 0 && $jevuser && $jevuser->calendars != "" && $jevuser->calendars != "all") { $allowedcals = explode("|", $jevuser->calendars); if (!in_array($row->_icsid, $allowedcals)) { return false; } } if ($row->_catid > 0 && $jevuser && $jevuser->categories != "" && $jevuser->categories != "all") { $allowedcats = explode("|", $jevuser->categories); if (!in_array($row->_catid, $allowedcats)) { return false; } } if (JVersion::isCompatible("1.6.0")) { $cats = $user->getAuthorisedCategories('com_jevents', 'core.edit.state'); if (in_array($row->_catid, $cats)) { return true; } } // can publish all? if (JEVHelper::isEventDeletor(true)) { return true; } else { if ($row->created_by() == $user->id) { $jevuser =& JEVHelper::getAuthorisedUser(); if (!is_null($jevuser)) { return $jevuser->candeleteown; } // if a user can publish their own then cal delete their own too $params = JComponentHelper::getParams(JEV_COM_COMPONENT); $authorisedonly = $params->get("authorisedonly", 1); $publishown = $params->get("jevpublishown", 0); if (!$authorisedonly && $publishown) { return true; } } } return false; }