/** * Checks if a specific action on a gallery is allowed by the logged in user * Public (not logged in user) and Registered users have specific permissions. * Users above registered are treated as Registered. Administrator and Super Administrator * have all rights. * @param string action to perform on gallery(view, up_mod_img, del_img, create_mod_gal, del_gal) * @param int gallery ID of gallery to perform action on * @return int 1 if allowed, 0 if not allowed. */ function checkGallery($action, $gallery_id) { global $check, $mainframe; $database =& JFactory::getDBO(); $my =& JFactory::getUser(); //Check if Access Control is enabled if (!rsgAccess::aclActivated()) { //Acl not activated, always return 1; return 1; } elseif ($gallery_id == 0) { //Check for root, always return 1 return 1; } else { // first check if user is the owner. if so we can assume user has access to do anything if ($my->id) { // check that user is logged in $sql = "SELECT uid FROM #__rsgallery2_galleries WHERE id = '{$gallery_id}'"; $database->setQuery($sql); if ($my->id == $database->loadResult()) { return 1; } } if (!rsgAccess::arePermissionsSet($gallery_id)) { //Aparently no permissions were found in #__rsgallery2_acl, so create default permissions rsgAccess::createDefaultPermissions($gallery_id); // mosRedirect( "index.php?option=com_rsgallery2&page=my_galleries", JText::_('_RSGALLERY_ACL_NO_PERM_FOUND')); } // check user type for access $type = rsgAccess::returnUserType(); $type = $this->levelMaping[$type]; if ($type == "admin") { // admins are allowed to do everything return 1; } else { // get permission from acl table $sql = "SELECT " . $type . "_" . $action . " FROM {$this->_table} WHERE gallery_id = '{$gallery_id}'"; $database->setQuery($sql); return intval($database->loadResult()); } } }
$HeightUnit = trim($params->get('heightunit', 'px')); $PicsNum = intval($params->get('PicsNum', '5')); $PickMethod = trim($params->get('PickMethod', 'Rand()')); $ScrollDirection = trim($params->get('ScrollDirection', 'up')); $ScrollAmount = intval($params->get('ScrollAmount', '2')); $ScrollDelay = intval($params->get('ScrollDelay', '50')); $ScrollSpace = intval($params->get('ScrollSpace', '2')); $BugSpace = intval($params->get('BugSpace', '10')); $usecss = $params->get('usecss', '1'); $css = $params->get('css'); //determine which gallery id's to use //use ACL if ($useACL) { global $rsgAccess; //check if acl is activated if (rsgAccess::aclActivated()) { //make list of allowed gallery_ids $gal_ids = $rsgAccess->actionPermitted('view'); if ($usegalselect) { if (in_array($galselect, $gal_ids)) { $list = "WHERE #__rsgallery2_files.gallery_id IN(" . $galselect . ")"; } else { echo "One or more gallery id limits is not viewable for the current usertype"; exit; } } else { $list = "WHERE #__rsgallery2_files.gallery_id IN(" . implode(",", $gal_ids) . ")"; } } else { echo "ACL not enabled in RSGallery2 config<br>Enable it, or also disable it for this module"; exit;