/** * Save an entry * * @return void */ public function saveTask() { // [SECURITY] Check for request forgeries Request::checkToken(); if (!User::authorise('core.edit', $this->_option) && !User::authorise('core.create', $this->_option)) { App::abort(403, Lang::txt('JERROR_ALERTNOAUTHOR')); } // Incoming $fields = Request::getVar('fields', array(), 'post', 'none', 2); $team = Request::getVar('team', '', 'post', 2, 'none'); // Bind the incoming data to our mdoel $row = Application::oneOrNew($fields['id'])->set($fields); // Validate and save the data if (!$row->save()) { Notify::error($row->getError()); return $this->editTask($row); } // parse incoming team $team = array_map('trim', explode(',', $team)); // clean up team foreach ($team as $k => $t) { // handle usernames & emails if (!is_numeric($t)) { // handle emails if (strpos($t, '@')) { // load profile by email $profile = \Hubzero\User\User::oneByEmail($t); } else { // load profile by username $profile = \Hubzero\User\User::oneOrNew($t); } // swap usernames for uidnumbers if ($profile) { $team[$k] = $profile->get('id'); } else { unset($team[$k]); } } } // add creator if new // will only ever get added once $team[] = User::get('id'); // get current team $currentTeam = $row->team()->rows(); $found = array(); // Remove members not included now foreach ($currentTeam as $member) { if (!in_array($member->get('uidNumber'), $team)) { $member->destroy(); } $found[] = $member->get('uidNumber'); } // Add each non-team member to team foreach ($team as $uidNumber) { if (!in_array($uidNumber, $found)) { $member = Member::blank(); $member->set('uidNumber', $uidNumber); $member->set('application_id', $row->get('id')); $member->save(); } } Notify::success(Lang::txt('COM_DEVELOPER_APPLICATION_SAVED')); if ($this->getTask() == 'apply') { return $this->editTask($row); } $this->cancelTask(); }
/** * Set the authorization level for the user * * @param string $assetType * @param integer $assetId * @return void */ protected function _authorize($assetType = 'application', $assetId = null) { // Logged in? if (!User::isGuest()) { // Set comments to viewable $this->config->set('access-create-' . $assetType, true); } // do we have an application? if ($assetId != null) { $app = Application::oneOrNew($assetId); $team = array(); foreach ($app->team()->rows() as $member) { $team[] = $member->get('uidNumber'); } if (in_array(User::get('id'), $team) || User::get('id') == $app->get('created_by')) { // Set comments to viewable $this->config->set('access-view-' . $assetType, true); $this->config->set('access-edit-' . $assetType, true); $this->config->set('access-delete-' . $assetType, true); $this->config->set('access-remove-member-' . $assetType, true); } } }