/** * Method override to check if you can edit an existing record. * * @param array $data An array of input data. * @param string $key The name of the key for the primary key. * * @return boolean * * @since 1.6 */ protected function allowEdit($data = array(), $key = 'id') { // get user object. $user = JFactory::getUser(); // get record id. $recordId = (int) isset($data[$key]) ? $data[$key] : 0; if (!$user->authorise('core.options', 'com_costbenefitprojection')) { // make absolutely sure that this health data can be edited $is = CostbenefitprojectionHelper::userIs($user->id); $countries = CostbenefitprojectionHelper::hisCountries($user->id); $country = CostbenefitprojectionHelper::getId('health_data', $recordId, 'id', 'country'); if (3 != $is || !CostbenefitprojectionHelper::checkArray($countries) || !in_array($country, $countries)) { return false; } } // Access check. $access = $user->authorise('health_data.access', 'com_costbenefitprojection.health_data.' . (int) $recordId) && $user->authorise('health_data.access', 'com_costbenefitprojection'); if (!$access) { return false; } if ($recordId) { // The record has been set. Check the record permissions. $permission = $user->authorise('health_data.edit', 'com_costbenefitprojection.health_data.' . (int) $recordId); if (!$permission && !is_null($permission)) { if ($user->authorise('health_data.edit.own', 'com_costbenefitprojection.health_data.' . $recordId)) { // Now test the owner is the user. $ownerId = (int) isset($data['created_by']) ? $data['created_by'] : 0; if (empty($ownerId)) { // Need to do a lookup from the model. $record = $this->getModel()->getItem($recordId); if (empty($record)) { return false; } $ownerId = $record->created_by; } // If the owner matches 'me' then allow. if ($ownerId == $user->id) { if ($user->authorise('health_data.edit.own', 'com_costbenefitprojection')) { return true; } } } return false; } } // Since there is no permission, revert to the component permissions. return $user->authorise('health_data.edit', $this->option); }
/** * Batch move items to a new category * * @param integer $value The new category ID. * @param array $pks An array of row IDs. * @param array $contexts An array of item contexts. * * @return boolean True if successful, false otherwise and internal error is set. * * @since 12.2 */ protected function batchMove($values, $pks, $contexts) { if (empty($this->batchSet)) { // Set some needed variables. $this->user = JFactory::getUser(); $this->table = $this->getTable(); $this->tableClassName = get_class($this->table); $this->contentType = new JUcmType(); $this->type = $this->contentType->getTypeByTable($this->tableClassName); $this->canDo = CostbenefitprojectionHelper::getActions('country'); } if (!$this->canDo->get('country.edit') && !$this->canDo->get('country.batch')) { $this->setError(JText::_('JLIB_APPLICATION_ERROR_BATCH_CANNOT_EDIT')); return false; } if (!$this->user->authorise('core.options', 'com_costbenefitprojection')) { // make absolutely sure that this country can be moved $is = CostbenefitprojectionHelper::userIs($user->id); $countries = CostbenefitprojectionHelper::hisCountries($this->user->id); if (3 == $is && CostbenefitprojectionHelper::checkArray($countries)) { foreach ($pks as $nr => $pk) { if (!in_array($pk, $countries)) { unset($pks[$nr]); } } if (empty($pks)) { $this->setError(JText::sprintf('JLIB_APPLICATION_ERROR_BATCH_MOVE_ROW_NOT_FOUND', 0)); return false; } } else { $this->setError(JText::sprintf('JLIB_APPLICATION_ERROR_BATCH_MOVE_ROW_NOT_FOUND', 0)); return false; } } // make sure published only updates if user has the permission. if (isset($values['published']) && !$this->canDo->get('country.edit.state')) { unset($values['published']); } // remove move_copy from array unset($values['move_copy']); // Parent exists so we proceed foreach ($pks as $pk) { if (!$this->user->authorise('country.edit', $contexts[$pk])) { $this->setError(JText::_('JLIB_APPLICATION_ERROR_BATCH_CANNOT_EDIT')); return false; } // Check that the row actually exists if (!$this->table->load($pk)) { if ($error = $this->table->getError()) { // Fatal error $this->setError($error); return false; } else { // Not fatal error $this->setError(JText::sprintf('JLIB_APPLICATION_ERROR_BATCH_MOVE_ROW_NOT_FOUND', $pk)); continue; } } // insert all set values. if (CostbenefitprojectionHelper::checkArray($values)) { foreach ($values as $key => $value) { // Do special action for access. if ('access' == $key && strlen($value) > 0) { $this->table->{$key} = $value; } elseif (strlen($value) > 0 && isset($this->table->{$key})) { $this->table->{$key} = $value; } } } // Check the row. if (!$this->table->check()) { $this->setError($this->table->getError()); return false; } if (!empty($this->type)) { $this->createTagsHelper($this->tagsObserver, $this->type, $pk, $this->typeAlias, $this->table); } // Store the row. if (!$this->table->store()) { $this->setError($this->table->getError()); return false; } } // Clean the cache $this->cleanCache(); return true; }
/** * Method to get a list of options for a list input. * * @return array An array of JHtml options. */ public function getOptions() { $jinput = JFactory::getApplication()->input; $client = $jinput->get('id', 0, 'INT'); $countries = CostbenefitprojectionHelper::hisCountries(null, $client, 'company'); $db = JFactory::getDBO(); $query = $db->getQuery(true); $query->select($db->quoteName(array('a.year', 'a.country'), array('year', 'country'))); $query->from($db->quoteName('#__costbenefitprojection_health_data', 'a')); $query->where($db->quoteName('a.published') . ' = 1'); if (CostbenefitprojectionHelper::checkArray($countries)) { $query->where($db->quoteName('a.country') . ' IN (' . implode(',', $countries) . ')'); } $query->order('a.country ASC'); $db->setQuery((string) $query); $items = $db->loadObjectList(); $options = array(); if ($items) { $years = array(); foreach ($items as $item) { if (!CostbenefitprojectionHelper::checkArray($years) || !in_array($item->year . '_' . $item->country, $years)) { if (!CostbenefitprojectionHelper::checkArray($countries) || $client == 0) { $countryName = ' (' . CostbenefitprojectionHelper::getCountryName($item->country) . ')'; } else { $countryName = ''; } $options[] = JHtml::_('select.option', $item->year, $item->year . $countryName); $years[$item->year] = $item->year . '_' . $item->country; } } } return $options; }
/** * Method to get a list of options for a list input. * * @return array An array of JHtml options. */ public function getOptions() { // Get the user object. $user = JFactory::getUser(); // Create a new query object. $db = JFactory::getDBO(); $query = $db->getQuery(true); $query->select($db->quoteName(array('a.id', 'a.name'), array('id', 'country_name'))); $query->from($db->quoteName('#__costbenefitprojection_country', 'a')); $query->where($db->quoteName('a.published') . ' = 1'); if (!$user->authorise('core.options', 'com_costbenefitprojection')) { $countries = CostbenefitprojectionHelper::hisCountries($user->id); if (CostbenefitprojectionHelper::checkArray($countries)) { $countries = implode(',', $countries); // only load this users companies $query->where('a.id IN (' . $countries . ')'); } else { // dont allow user to see any countries $query->where('a.id = -4'); } } $query->order('a.name ASC'); $db->setQuery((string) $query); $items = $db->loadObjectList(); $options = array(); if ($items) { $options[] = JHtml::_('select.option', '', 'Select a country'); foreach ($items as $item) { $options[] = JHtml::_('select.option', $item->id, $item->country_name); } } return $options; }
protected function setCountries($limited = false) { // Create a new query object. $query = $this->db->getQuery(true); // Get from #__costbenefitprojection_country as a $query->select($this->db->quoteName(array('a.id', 'a.name'), array('id', 'name'))); $query->from($this->db->quoteName('#__costbenefitprojection_country', 'a')); if ($limited) { // get his countries $ids = CostbenefitprojectionHelper::hisCountries($this->user->id); // limit to only load his countries $query->where('a.id IN (' . implode(',', $ids) . ')'); } else { $query->where('CHAR_LENGTH(a.causesrisks) > 5'); $query->where('CHAR_LENGTH(a.percentfemale) > 5'); $query->where('CHAR_LENGTH(a.percentmale) > 5'); $query->where('CHAR_LENGTH(a.datayear) > 3'); $query->where('CHAR_LENGTH(a.productivity_losses) > 0'); $query->where('CHAR_LENGTH(a.sick_leave) > 0'); $query->where('CHAR_LENGTH(a.medical_turnovers) > 0'); } $query->where('a.published = 1'); $query->order('a.name ASC'); // load the query $this->db->setQuery($query); $this->db->execute(); if ($this->db->getNumRows()) { return $this->db->loadAssocList('id', 'name'); } return false; }
/** * Method to get list export data. * * @return mixed An array of data items on success, false on failure. */ public function getExportData($pks) { // setup the query if (CostbenefitprojectionHelper::checkArray($pks)) { // Set a value to know this is exporting method. $_export = true; // Get the user object. $user = JFactory::getUser(); // Create a new query object. $db = JFactory::getDBO(); $query = $db->getQuery(true); // Select some fields $query->select('a.*'); // From the costbenefitprojection_health_data table $query->from($db->quoteName('#__costbenefitprojection_health_data', 'a')); $query->where('a.id IN (' . implode(',', $pks) . ')'); // Filter by countries (admin sees all) if (!$user->authorise('core.options', 'com_costbenefitprojection')) { $is = CostbenefitprojectionHelper::userIs($user->id); $countries = CostbenefitprojectionHelper::hisCountries($user->id); if (3 == $is && CostbenefitprojectionHelper::checkArray($countries)) { $countries = implode(',', $countries); // only load this users health data $query->where('a.country IN (' . $countries . ')'); } else { // dont allow user to see any health data $query->where('a.country = -4'); } } // Implement View Level Access if (!$user->authorise('core.options', 'com_costbenefitprojection')) { $groups = implode(',', $user->getAuthorisedViewLevels()); $query->where('a.access IN (' . $groups . ')'); } // Order the results by ordering $query->order('a.ordering ASC'); // Load the items $db->setQuery($query); $db->execute(); if ($db->getNumRows()) { $items = $db->loadObjectList(); // set values to display correctly. if (CostbenefitprojectionHelper::checkArray($items)) { // get user object. $user = JFactory::getUser(); foreach ($items as $nr => &$item) { $access = $user->authorise('health_data.access', 'com_costbenefitprojection.health_data.' . (int) $item->id) && $user->authorise('health_data.access', 'com_costbenefitprojection'); if (!$access) { unset($items[$nr]); continue; } // unset the values we don't want exported. unset($item->asset_id); unset($item->checked_out); unset($item->checked_out_time); } } // Add headers to items array. $headers = $this->getExImPortHeaders(); if (CostbenefitprojectionHelper::checkObject($headers)) { array_unshift($items, $headers); } return $items; } } return false; }