function filterAjaxAddApps(&$appName, &$profiletype, &$objResponse) { $appId = XiptLibApps::getPluginId($appName); $notAllowedApps = XiptLibApps::getNotAllowedCommunityAppsArray($profiletype); // do not restrict if allowed if (!in_array($appId, $notAllowedApps)) { return true; } //restrict the user. $objResponse->addAssign('cwin_logo', 'innerHTML', XiptText::_('CC_ADD_APPLICATION_TITLE')); $action = '<form name="cancelRequest" action="" method="POST">'; $action .= '<input type="button" class="button" onclick="cWindowHide();return false;" name="cancel" value="' . XiptText::_('CC_BUTTON_CLOSE') . '" />'; $action .= '</form>'; $objResponse->addAssign('cWindowContent', 'innerHTML', '<div class="ajax-notice-apps-added">' . XiptText::_('APPLICATION_ACCESS_DENIED') . '</div>'); $objResponse->addScriptCall('cWindowActions', $action); return false; }
/** * This function removes not allowed community apps form dispatcher * as per user's profiletype * @return true */ function onAfterAppsLoad() { // skip these calls from backend if (JFactory::getApplication()->isAdmin()) { return true; } $dispatcher = JDispatcher::getInstance(); // get userids of both users profile owner and profile visitor $selfUserid = JFactory::getUser()->id; $othersUserid = JRequest::getVar('userid', $selfUserid); //when user is not logged in and he is not visiting any profile, return true if ($selfUserid == 0 && $othersUserid == 0) { return true; } // apply guest profile type for guest user $selfProfiletype = XiptLibProfiletypes::getUserData($selfUserid, 'PROFILETYPE'); $othersProfiletype = XiptLibProfiletypes::getUserData($othersUserid, 'PROFILETYPE'); $blockDisplayApp = XiptFactory::getSettings('jspt_block_dis_app', 0); /** * #1: block the display application of logged in user if the above param is set to yes * #2: otherwise block display application of user whose profile is being visited * #3: block the functional application of logged in user */ $apps = $dispatcher->get('_observers'); if ($blockDisplayApp == BLOCK_DISPLAY_APP_OF_OWNER || $blockDisplayApp == BLOCK_DISPLAY_APP_OF_BOTH) { XiptLibApps::filterCommunityApps($apps, $othersProfiletype, true); } if ($blockDisplayApp == BLOCK_DISPLAY_APP_OF_VISITOR || $blockDisplayApp == BLOCK_DISPLAY_APP_OF_BOTH) { XiptLibApps::filterCommunityApps($apps, $selfProfiletype, true); } XiptLibApps::filterCommunityApps($apps, $selfProfiletype, false); $dispatcher->set('_observers', $apps); return true; }
function onAjaxCall(&$func, &$args, &$response) { $callArray = explode(',', $func); //perform Access checks $ajax = true; XiptAclHelper::performACLCheck($ajax, $callArray, $args); // If we come here means ACL Check was passed $controller = $callArray[0]; $function = $callArray[1]; switch ($controller . '_' . $function) { //before creating new account, validate email and username case 'connect_ajaxCreateNewAccount': return XiptHelperRegistration::ajaxCreateNewAccountFacebook($args, $response); case 'connect_ajaxCheckEmail': return XiptHelperRegistration::ajaxCheckEmailDuringFacebook($args, $response); case 'connect_ajaxCheckUsername': return XiptHelperRegistration::ajaxCheckUsernameDuringFacebook($args, $response); case 'connect_ajaxShowNewUserForm': return XiptHelperRegistration::ajaxShowNewUserForm($args, $response); case 'connect_ajaxUpdate': return XiptHelperRegistration::ajaxUpdate($args, $response); // when controller == register // when controller == register case 'register_ajaxCheckEmail': case 'register_ajaxCheckUserName': return XiptHelperRegistration::$function($args, $response); //when controller == apps //when controller == apps case 'apps_ajaxAddApp': case 'apps_ajaxAdd': $my = JFactory::getUser(); //XITODO : Remove it and add assert if (0 == $my->id) { return true; } $profiletype = XiptLibProfiletypes::getUserData($my->id, 'PROFILETYPE'); return XiptLibApps::filterAjaxAddApps($args[0], $profiletype, $response); case 'profile_ajaxConfirmRemoveAvatar': //case 'profile_ajaxConfirmRemovePicture': //case 'profile_ajaxConfirmRemovePicture': case 'profile_ajaxRemovePicture': // This case use for Admin panel return XiptLibAvatar::removeAvatar($args, $response); default: // we do not want to interfere, go ahead JomSocial return true; } }