/** * Logic to get (e.g. via AJAX call) the field specific parameters * * @access public * @return void * @since 1.5 */ function getfieldspecificproperties() { JRequest::setVar('view', 'field'); // set view to be field, if not already done in http request JRequest::setVar('format', 'raw'); // force raw format, if not already done in http request //JRequest::setVar( 'hidemainmenu', 1 ); // Import field to execute its constructor, e.g. needed for loading language file etc JPluginHelper::importPlugin('flexicontent_fields', JRequest::getVar('field_type')); // Display the field parameters parent::display(); }
/** * Displays a view */ function display($cachable = false, $urlparams = false) { switch ($this->getTask()) { case 'add': JRequest::setVar('hidemainmenu', 1); JRequest::setVar('layout', 'form'); JRequest::setVar('view', 'user'); JRequest::setVar('edit', false); break; case 'edit': JRequest::setVar('hidemainmenu', 1); JRequest::setVar('layout', 'form'); JRequest::setVar('view', 'user'); JRequest::setVar('edit', true); break; } if (JRequest::getVar('view', 'users') == 'user') { JRequest::setVar('layout', 'form'); } parent::display(); }
/** * Logic to display form for copy/move items * * @access public * @return void * @since 1.5 */ function copy() { $db = JFactory::getDBO(); $user = JFactory::getUser(); $cid = JRequest::getVar('cid', array(0), 'post', 'array'); $canCopy = $user->authorise('flexicontent.copyitems', 'com_flexicontent'); // check access of copy task if (!$canCopy) { JError::raiseWarning(403, JText::_('FLEXI_ALERTNOTAUTH')); $this->setRedirect('index.php?option=com_flexicontent&view=items'); return false; } // Access check $copytask_allow_uneditable = JComponentHelper::getParams('com_flexicontent')->get('copytask_allow_uneditable', 1); if (!$copytask_allow_uneditable) { // Remove uneditable items $auth_cid = array(); $non_auth_cid = array(); // Get owner and other item data $q = "SELECT id, created_by, catid FROM #__content WHERE id IN (" . implode(',', $cid) . ")"; $db->setQuery($q); $itemdata = $db->loadObjectList('id'); // Check authorization for edit operation foreach ($cid as $id) { $rights = FlexicontentHelperPerm::checkAllItemAccess($user->id, 'item', $itemdata[$id]->id); $canEdit = in_array('edit', $rights); $canEditOwn = in_array('edit.own', $rights) && $itemdata[$id]->created_by == $user->id; if ($canEdit || $canEditOwn) { $auth_cid[] = $id; } else { $non_auth_cid[] = $id; } } //echo "<pre>"; echo "authorized:\n"; print_r($auth_cid); echo "\n\nNOT authorized:\n"; print_r($non_auth_cid); echo "</pre>"; exit; } else { $auth_cid =& $cid; $non_auth_cid = array(); } // Set warning for uneditable items if (count($non_auth_cid)) { $msg_noauth = JText::_('FLEXI_CANNOT_COPY_ASSETS'); $msg_noauth .= ": " . implode(',', $non_auth_cid) . " - " . JText::_('FLEXI_REASON_NO_EDIT_PERMISSION') . " - " . JText::_('FLEXI_IDS_SKIPPED'); JError::raiseNotice(500, $msg_noauth); if (!count($auth_cid)) { // Cancel task if no items can be copied $this->setRedirect('index.php?option=com_flexicontent&view=items'); return false; } } // Set only authenticated item ids, to be used by the parent display method ... $cid = JRequest::setVar('cid', $auth_cid, 'post', 'array'); // display the form of the task parent::display(); }
function processcsv() { parent::display(); }
/** * Logic to create the view for the edit categoryscreen * * @access public * @return void * @since 1.0 */ function edit() { // Check for request forgeries //JRequest::checkToken() or jexit( 'Invalid Token' ); JRequest::setVar('view', 'category'); JRequest::setVar('hidemainmenu', 1); $model = $this->getModel('category'); $user = JFactory::getUser(); // Check if record is checked out by other editor if ($model->isCheckedOut($user->get('id'))) { JError::raiseNotice(500, JText::_('FLEXI_EDITED_BY_ANOTHER_ADMIN')); $this->setRedirect('index.php?option=com_flexicontent&view=categories', ''); return; } // Checkout the record and proceed to edit form if (!$model->checkout()) { JError::raiseWarning(500, $model->getError()); $this->setRedirect('index.php?option=com_flexicontent&view=categories', ''); return; } parent::display(); }
/** * Logic to create the view for the edit item screen * * @access public * @return void * @since 1.0 */ function edit() { JRequest::setVar('view', 'item'); JRequest::setVar('hidemainmenu', 1); $user = JFactory::getUser(); $session = JFactory::getSession(); $model = $this->getModel('item'); $isnew = !$model->getId(); $canAdd = !FLEXI_J16GE ? $model->canAdd() : $model->getItemAccess()->get('access-create'); $canEdit = !FLEXI_J16GE ? $model->canEdit() : $model->getItemAccess()->get('access-edit'); if (!$canEdit) { // No edit privilege, check if item is editable till logoff if ($session->has('rendered_uneditable', 'flexicontent')) { $rendered_uneditable = $session->get('rendered_uneditable', array(), 'flexicontent'); $canEdit = isset($rendered_uneditable[$model->get('id')]) && $rendered_uneditable[$model->get('id')]; } } // New item: check if user can create in at least one category if ($isnew) { // A. Check create privilege if (!$canAdd) { JError::raiseNotice(403, JText::_('FLEXI_NO_ACCESS_CREATE')); $this->setRedirect('index.php?option=com_flexicontent&view=items', ''); return; } // Get User Group / Author parameters $db = JFactory::getDBO(); $db->setQuery('SELECT author_basicparams FROM #__flexicontent_authors_ext WHERE user_id = ' . $user->id); $authorparams = $db->loadResult(); $authorparams = FLEXI_J16GE ? new JRegistry($authorparams) : new JParameter($authorparams); $max_auth_limit = $authorparams->get('max_auth_limit', 0); // maximum number of content items the user can create // B. Check if max authored content limit reached if ($max_auth_limit) { $db->setQuery('SELECT COUNT(id) FROM #__content WHERE created_by = ' . $user->id); $authored_count = $db->loadResult(); if ($authored_count >= $max_auth_limit) { JError::raiseNotice(403, JText::sprintf('FLEXI_ALERTNOTAUTH_CREATE_MORE', $max_auth_limit)); $this->setRedirect('index.php?option=com_flexicontent&view=items', ''); return; } } // C. Check if Content Type can be created by current user $typeid = JRequest::getVar('typeid', 0, '', 'int'); if ($typeid) { $canCreateType = $model->canCreateType(array($typeid), true, $types); // Can create given Content Type } else { $canCreateType = $model->canCreateType(); // Can create at least one Content Type } if (!$canCreateType) { $type_name = isset($types[${$typeid}]) ? '"' . JText::_($types[${$typeid}]->name) . '"' : JText::_('FLEXI_ANY'); $msg = JText::sprintf('FLEXI_NO_ACCESS_CREATE_CONTENT_OF_TYPE', $type_name); JError::raiseNotice(403, $msg); $this->setRedirect('index.php?option=com_flexicontent&view=items', ''); return; } } else { if (!$canEdit) { JError::raiseNotice(403, JText::_('FLEXI_NO_ACCESS_EDIT')); $this->setRedirect('index.php?option=com_flexicontent&view=items', ''); return; } } // Check if record is checked out by other editor if ($model->isCheckedOut($user->get('id'))) { JError::raiseNotice(500, JText::_('FLEXI_EDITED_BY_ANOTHER_ADMIN')); $this->setRedirect('index.php?option=com_flexicontent&view=items', ''); return; } // Checkout the record and proceed to edit form if (!$model->checkout()) { JError::raiseWarning(500, $model->getError()); $this->setRedirect('index.php?option=com_flexicontent&view=items', ''); return; } parent::display(); }
/** * Logic for editing a file * * @access public * @return void * @since 1.0 */ function edit() { $user = JFactory::getUser(); $model = $this->getModel('file'); $file = $model->getFile(); JRequest::setVar('view', 'file'); JRequest::setVar('hidemainmenu', 1); // calculate access $canedit = $user->authorise('flexicontent.publishfile', 'com_flexicontent'); $caneditown = $user->authorise('flexicontent.publishownfile', 'com_flexicontent') && $file->uploaded_by == $user->get('id'); $is_authorised = $canedit || $caneditown; // check access if (!$is_authorised) { JError::raiseNotice(403, JText::_('FLEXI_ALERTNOTAUTH')); $this->setRedirect($_SERVER['HTTP_REFERER'] ? $_SERVER['HTTP_REFERER'] : 'index.php?option=com_flexicontent&view=filemanager', ''); return; } // Check if record is checked out by other editor if ($model->isCheckedOut($user->get('id'))) { JError::raiseNotice(500, JText::_('FLEXI_EDITED_BY_ANOTHER_ADMIN')); $this->setRedirect($_SERVER['HTTP_REFERER'] ? $_SERVER['HTTP_REFERER'] : 'index.php?option=com_flexicontent&view=filemanager', ''); return; } // Checkout the record and proceed to edit form if (!$model->checkout()) { JError::raiseWarning(500, $model->getError()); $this->setRedirect($_SERVER['HTTP_REFERER'] ? $_SERVER['HTTP_REFERER'] : 'index.php?option=com_flexicontent&view=filemanager', ''); return; } parent::display(); }
/** * Logic for editing a file * * @access public * @return void * @since 1.0 */ function edit() { $user = JFactory::getUser(); $model = $this->getModel('file'); $file = $model->getFile(); JRequest::setVar('view', 'file'); JRequest::setVar('hidemainmenu', 1); // Check if record is checked out by other editor if ($model->isCheckedOut($user->get('id'))) { JError::raiseNotice(500, JText::_('FLEXI_EDITED_BY_ANOTHER_ADMIN')); $this->setRedirect($_SERVER['HTTP_REFERER'] ? $_SERVER['HTTP_REFERER'] : 'index.php?option=com_flexicontent&view=filemanager', ''); return; } // Checkout the record and proceed to edit form if (!$model->checkout()) { JError::raiseWarning(500, $model->getError()); $this->setRedirect($_SERVER['HTTP_REFERER'] ? $_SERVER['HTTP_REFERER'] : 'index.php?option=com_flexicontent&view=filemanager', ''); return; } parent::display(); }
/** * Logic to create the view for the record editing * * @access public * @return void * @since 1.5 */ function edit() { JRequest::setVar('view', 'tag'); JRequest::setVar('hidemainmenu', 1); $user = JFactory::getUser(); $session = JFactory::getSession(); $document = JFactory::getDocument(); // Get/Create the view $viewType = $document->getType(); $viewName = $this->input->get('view', $this->default_view, 'cmd'); $viewLayout = $this->input->get('layout', 'default', 'string'); $view = $this->getView($viewName, $viewType, '', array('base_path' => $this->basePath, 'layout' => $viewLayout)); // Get/Create the model $model = $this->getModel('tag'); // Push the model into the view (as default), later we will call the view display method instead of calling parent's display task, because it will create a 2nd model instance !! $view->setModel($model, true); $view->document = $document; $cid = JRequest::getVar('cid', array(0), 'default', 'array'); $tag_id = (int) $cid[0]; // calculate access if (!$tag_id) { $is_authorised = $user->authorise('flexicontent.createtags', 'com_flexicontent'); } else { //$asset = 'com_flexicontent.tag.' . $tag_id; //$is_authorised = $user->authorise('flexicontent.edittag', $asset); $is_authorised = $user->authorise('flexicontent.managetags', 'com_flexicontent'); } // check access if (!$is_authorised) { JError::raiseNotice(403, JText::_('FLEXI_ALERTNOTAUTH')); $this->setRedirect('index.php?option=com_flexicontent&view=tags', ''); return; } // Check if record is checked out by other editor if ($model->isCheckedOut($user->get('id'))) { JError::raiseNotice(500, JText::_('FLEXI_EDITED_BY_ANOTHER_ADMIN')); $this->setRedirect('index.php?option=com_flexicontent&view=tags', ''); return; } // Checkout the record and proceed to edit form if (!$model->checkout()) { JError::raiseWarning(500, $model->getError()); $this->setRedirect('index.php?option=com_flexicontent&view=tags', ''); return; } parent::display(); }
/** * Logic to create the view for the edit field screen * * @access public * @return void * @since 1.0 */ function edit() { JRequest::setVar('view', 'field'); JRequest::setVar('hidemainmenu', 1); $model = $this->getModel('field'); $user = JFactory::getUser(); $cid = JRequest::getVar('cid', array(0), 'default', 'array'); $field_id = (int) $cid[0]; // calculate access if (FLEXI_J16GE) { $asset = 'com_flexicontent.field.' . $field_id; if (!$field_id) { $is_authorised = $user->authorise('flexicontent.createfield', 'com_flexicontent'); } else { $is_authorised = $user->authorise('flexicontent.editfield', $asset); } } else { if (FLEXI_ACCESS && $user->gid < 25) { $perms = FlexicontentHelperPerm::getPerm(); if (!$field_id) { $is_authorised = $perms->CanFields; // For FLEXIAccess consider MANAGE privilege as CREATE Field privilege } else { $is_authorised = FAccess::checkAllContentAccess('com_content', 'edit', 'users', $user->gmid, 'field', $field_id); } } else { // Only admin or super admin can edit fields $is_authorised = $user->gid >= 24; } } // check access if (!$is_authorised) { JError::raiseNotice(403, JText::_('FLEXI_ALERTNOTAUTH')); $this->setRedirect('index.php?option=com_flexicontent&view=fields', ''); return; } // Check if record is checked out by other editor if ($model->isCheckedOut($user->get('id'))) { JError::raiseNotice(500, JText::_('FLEXI_EDITED_BY_ANOTHER_ADMIN')); $this->setRedirect('index.php?option=com_flexicontent&view=fields', ''); return; } // Checkout the record and proceed to edit form if (!$model->checkout()) { JError::raiseWarning(500, $model->getError()); $this->setRedirect('index.php?option=com_flexicontent&view=fields', ''); return; } parent::display(); }