protected function checkVendor()
{
$input = JFactory::getApplication()->input;
$msg = '';
$this->_vendor = Permissions::getInstance()->isSuperVendor();
if ($this->_vendor == 1) {
return true;
}
// can do all
if (!$this->_vendor) {
//non vendor have no access !
$msg = JText::_('JLIB_APPLICATION_ERROR_ACCESS_FORBIDDEN') . ' (' . JText::_('COM_VIRTUEMART_' . strtoupper($this->_cname)) . ')';
jRequest::setVar('task', '');
$input->set('task', '');
$this->setRedirect('index.php', $msg, 'error');
return false;
}
if ($this->_cname === 'user') {
$this->_canEdit = ShopFunctions::can('editshop', $this->_cname);
} else {
$this->_canEdit = ShopFunctions::can('edit', $this->_cname);
}
$this->_canAdd = ShopFunctions::can('add', $this->_cname);
// publish is for all controllers
$this->_canPublish = ShopFunctions::can('publish');
$tasks = explode('.', JRequest::getCmd('task', 'default'));
$task = $tasks[0];
$addTasks = array('add' => true, 'edit' => true, 'apply' => true, 'save' => true, 'save2new' => true, 'save2copy' => true);
$canDo = true;
if (!$this->_canEdit) {
// toggle is checked in controller
$taskBlacklist = array('edit', 'apply', 'save', 'apply', 'toggle', 'orderUp', 'orderDown', 'saveOrder', 'paste');
// only check non admin
if (in_array($task, $taskBlacklist)) {
$msg = JText::_('JLIB_APPLICATION_ERROR_EDIT_NOT_PERMITTED') . ' (' . JText::_('COM_VIRTUEMART_' . strtoupper($this->_cname)) . ')';
jRequest::setVar('task', '');
$input->set('task', '');
$canDo = false;
}
} elseif (!$this->_canPublish && ($task == 'publish' || $task == 'unpublish' || $task == 'toggle')) {
$msg = JText::_('JLIB_APPLICATION_ERROR_EDITSTATE_NOT_PERMITTED') . ' (' . JText::_('COM_VIRTUEMART_' . strtoupper($this->_cname)) . ')';
jRequest::setVar('task', '');
$input->set('task', '');
$canDo = false;
} elseif (!$this->_canAdd && $task == 'add') {
$msg = JText::_('JLIB_APPLICATION_ERROR_CREATE_RECORD_NOT_PERMITTED') . ' (' . JText::_('COM_VIRTUEMART_' . strtoupper($this->_cname)) . ')';
jRequest::setVar('task', '');
$input->set('task', '');
$canDo = false;
} elseif ($this->_canAdd && isset($addTasks[$task])) {
$canDo = $this->checkOwn();
$msg = JText::_('JERROR_AN_ERROR_HAS_OCCURRED') . ' : ' . JText::_('JACTION_EDITOWN') . ' (' . JText::_('COM_VIRTUEMART_' . strtoupper($this->_cname)) . ' ' . $tasks[0] . ' vendor ' . $this->_vendor . ')';
} else {
//$taskBlacklist =array('add','edit','apply','save');
// verify if it's own item
if (isset($addTasks[$task]) && !$this->checkOwn()) {
$msg = JText::_('JLIB_APPLICATION_ERROR_ACCESS_FORBIDDEN') . ' (' . JText::_('COM_VIRTUEMART_' . strtoupper($this->_cname)) . ' ' . $tasks[0] . ' vendor ' . $this->_vendor . ')';
jRequest::setVar('task', '');
$input->set('task', '');
$canDo = false;
}
}
if (!$canDo) {
$this->setRedirect(null, $msg, 'error');
}
return $canDo;
}
/**
* Clone a product
*
* @author RolandD, Max Milbers
*/
public function CloneProduct()
{
// $mainframe = Jfactory::getApplication();
/* Load the view object */
$view = $this->getView('product', 'html');
$model = VmModel::getModel('product');
$msgtype = '';
//$cids = JRequest::getInt('virtuemart_product_id',0);
$cids = JRequest::getVar($this->_cidName, JRequest::getVar('virtuemart_product_id', array(), '', 'ARRAY'), '', 'ARRAY');
//jimport( 'joomla.utilities.arrayhelper' );
JArrayHelper::toInteger($cids);
foreach ($cids as $cid) {
if ($model->createClone($cid)) {
$msg = JText::_('COM_VIRTUEMART_PRODUCT_CLONED_SUCCESSFULLY');
} else {
$msg = JText::_('COM_VIRTUEMART_PRODUCT_NOT_CLONED_SUCCESSFULLY');
$msgtype = 'error';
}
}
jRequest::setVar('task', null);
$this->display();
// $mainframe->redirect('index.php?option=com_virtuemart&view=product', $msg, $msgtype);
}
