/** * Method to get item data. * * @param integer $pk The id of the item. * * @return mixed $item Item data object on success, false on failure. */ public function getItem($pk = null) { // Get the record from the parent class method $item = parent::getItem($pk); if ($item === false) { return false; } // Compute selected asset permissions. $user = JFactory::getUser(); $uid = $user->get('id'); $access = PFrepoHelper::getActions('file', $item->id); $view_access = true; if ($item->access && !$user->authorise('core.admin')) { $view_access = in_array($item->access, $user->getAuthorisedViewLevels()); } $item->params->set('access-view', $view_access); if (!$view_access) { $item->params->set('access-edit', false); $item->params->set('access-change', false); } else { // Check general edit permission first. if ($access->get('core.edit')) { $item->params->set('access-edit', true); } elseif (!empty($uid) && $access->get('core.edit.own')) { // Check for a valid user and that they are the owner. if ($uid == $item->created_by) { $item->params->set('access-edit', true); } } // Check edit state permission. $item->params->set('access-change', $access->get('core.edit.state')); } return $item; }
/** * Method to test whether a record can have its state edited. * Defaults to the permission set in the component. * * @param object A record object. * * @return boolean True if allowed to delete the record. */ protected function canEditState($record) { if (empty($record->id)) { return parent::canEditState($record); } return JFactory::getUser()->authorise('core.edit.state', 'com_pfrepo.file.' . (int) $record->parent_id); }