/** * Checks access permissions of the user regarding on the groupid * * @author Christoph Lukes * @since 0.9 * * @param int $recurse * @param int $level * @return boolean True on success */ function validate_user($recurse, $level) { $user =& JFactory::getUser(); //only check when user is logged in if ($user->get('id')) { $acl =& JFactory::getACL(); $superuser = ELUser::superuser(); $groupid = $user->get('gid'); if ($recurse) { $recursec = 'RECURSE'; } else { $recursec = 'NO_RECURSE'; } //open for superuser or registered and thats all what is needed //level = -1 all registered users //level = -2 disabled if ($level == -1 && $groupid > 0 || $superuser && $level != -2) { return true; //if not proceed checking } else { //User has exactly the needed groupid->ok if ($groupid == $level) { return true; } //User hasn't the needed groupid, check if he is a member of a member group if ($recursec == 'RECURSE') { $group_childs = array(); $group_childs = $acl->get_group_children($level, 'ARO', $recursec); //ugly workaround to merge Public Frontend and Public Backend if ($groupid >= 23) { $public_backend = array(23, 24, 25); $group_childs = array_merge($group_childs, $public_backend); } if (is_array($group_childs) && count($group_childs) > 0) { //Childgroups exists than check if user belongs to one of it if (in_array($groupid, $group_childs)) { //User belongs to one of it -> ok return true; } } } } //end logged in check } //oh oh, user has no permissions return false; }
/** * Checks access permissions of the user regarding on the groupid * * @author Christoph Lukes * @since 0.9 * * @param int $recurse * @param int $level * @return boolean True on success */ function validate_user($recurse, $level) { $user =& JFactory::getUser(); //only check when user is logged in if ($user->get('id')) { $acl =& JFactory::getACL(); $superuser = ELUser::superuser(); $groupid = $user->get('gid'); if ($recurse) { $recursec = "RECURSE"; } else { $recursec = "NO_RECURSE"; } //open for superuser or registered and thats all what is needed if ($level == -1 && $groupid > 0 || $superuser && $level != -2) { return true; //if not proceed checking } else { if ($groupid == $level) { //User has the needed groupid->ok return true; } else { if ($recursec == 'RECURSE') { //Child group for this level? $group_childs = array(); $group_childs = $acl->get_group_children($level, 'ARO', $recursec); if (is_array($group_childs) && count($group_childs) > 0) { //Childgroups exists than check if user belongs to one of it if (in_array($groupid, $group_childs)) { //User belongs to one of it -> ok return true; } } } } } //end logged in check } //oh oh, user has no permissions return false; }
/** * logic to get the categories * * @access public * @return void */ function getCategories() { $user =& JFactory::getUser(); $elsettings =& ELHelper::config(); $userid = (int) $user->get('id'); $gid = (int) $user->get('aid'); $superuser = ELUser::superuser(); $where = ' WHERE c.published = 1 AND c.access <= ' . $gid; //only check for maintainers if we don't have an edit action if (!$this->_id) { //get the ids of the categories the user maintaines $query = 'SELECT g.group_id' . ' FROM #__eventlist_groupmembers AS g' . ' WHERE g.member = ' . $userid; $this->_db->setQuery($query); $catids = $this->_db->loadResultArray(); $categories = implode(' OR c.groupid = ', $catids); //build ids query if ($categories) { //check if user is allowed to submit events in general, if yes allow to submit into categories //which aren't assigned to a group. Otherwise restrict submission into maintained categories only if (ELUser::validate_user($elsettings->evdelrec, $elsettings->delivereventsyes)) { $where .= ' AND c.groupid = 0 OR c.groupid = ' . $categories; } else { $where .= ' AND c.groupid = ' . $categories; } } else { $where .= ' AND c.groupid = 0'; } } //administrators or superadministrators have access to all categories, also maintained ones if ($superuser) { $where = ' WHERE c.published = 1'; } //get the maintained categories and the categories whithout any group //or just get all if somebody have edit rights $query = 'SELECT c.id AS value, c.catname AS text, c.groupid' . ' FROM #__eventlist_categories AS c' . $where . ' ORDER BY c.ordering'; $this->_db->setQuery($query); $this->_category = array(); $this->_category[] = JHTML::_('select.option', '0', JText::_('SELECT CATEGORY')); $this->_categories = array_merge($this->_category, $this->_db->loadObjectList()); return $this->_categories; }
/** * logic to get the categories * * @access public * @return void */ function getCategoryTree() { $app =& JFactory::getApplication(); // Get the paramaters of the active menu item $params =& $app->getParams('com_eventlist'); $top_id = $params->get('top_category', 0); $user =& JFactory::getUser(); $elsettings =& ELHelper::config(); $userid = (int) $user->get('id'); $gid = (int) $user->get('aid'); $superuser = ELUser::superuser(); $where = ' WHERE c.published = 1 AND c.access <= ' . $gid; //get the maintained categories and the categories whithout any group //or just get all if somebody have edit rights $query = 'SELECT c.*' . ' FROM #__eventlist_categories AS c' . $where . ' ORDER BY c.ordering'; $this->_db->setQuery($query); $rows = $this->_db->loadObjectList(); //set depth limit $levellimit = 10; //get children $children = array(); foreach ($rows as $child) { $parent = $child->parent_id; $list = @$children[$parent] ? $children[$parent] : array(); array_push($list, $child); $children[$parent] = $list; } //get list of the items return eventlist_cats::treerecurse($top_id, '', array(), $children, true, max(0, $levellimit - 1)); }