/**
* Display module contents
*
* @return void
*/
public function display()
{
if (!\App::isAdmin()) {
return;
}
include_once Component::path('com_wishlist') . DS . 'models' . DS . 'wishlist.php';
$wishlist = intval($this->params->get('wishlist', 0));
if (!$wishlist) {
$model = Wishlist::getInstance(1, 'general');
if (!$model->exists()) {
return false;
}
$wishlist = $model->get('id');
}
$this->wishlist = $wishlist;
$queries = array('granted' => 1, 'pending' => "0 AND accepted=0", 'accepted' => "0 AND accepted=1", 'rejected' => 3, 'withdrawn' => 4, 'removed' => 2);
$database = \App::get('db');
foreach ($queries as $key => $state) {
$database->setQuery("SELECT COUNT(*) FROM `#__wishlist_item` WHERE wishlist=" . $database->quote($wishlist) . " AND status=" . $state);
$this->{$key} = $database->loadResult();
}
// Get the view
parent::display();
}
/**
* Check a user's authorization
*
* @param string $action Action to check
* @param string $assetType Type of asset to check
* @param integer $assetId ID of item to check access on
* @return boolean True if authorized, false if not
*/
public function access($action = 'view', $assetType = 'wish', $assetId = null)
{
if (!$this->config()->get('access-check-list-done', false) || !$this->config()->get('access-check-wish-done', false)) {
// Has the list access check been performed?
if (!$this->config()->get('access-check-list-done', false)) {
$wishlist = Wishlist::getInstance($this->get('wishlist'));
$wishlist->access($action, 'list');
}
// Has the wish access check been performed?
if (!$this->config()->get('access-check-wish-done', false)) {
// Set wish NOT viewable by default
$this->config()->set('access-view-wish', false);
// Can they see the list?
if ($this->config()->get('access-view-list')) {
$this->config()->set('access-create-wish', true);
// If the wish is not private or (wish is private and user can manage the list)
// set the wish to viewable
if (!$this->isPrivate() || $this->isPrivate() && $this->config()->get('access-manage-list')) {
$this->config()->set('access-view-wish', true);
}
if ($this->config()->get('access-manage-list')) {
$this->config()->set('access-view-wish', true);
$this->config()->set('access-admin-wish', true);
$this->config()->set('access-manage-wish', true);
$this->config()->set('access-delete-wish', true);
$this->config()->set('access-create-wish', true);
$this->config()->set('access-edit-wish', true);
$this->config()->set('access-edit-state-wish', true);
$this->config()->set('access-edit-own-wish', true);
}
// Is the user logged in?
if (!User::isGuest()) {
// Is the user the wish proposer?
if (User::get('id') == $this->get('proposed_by')) {
// Grant access to view and edit
$this->config()->set('access-view-wish', true);
$this->config()->set('access-edit-wish', true);
$this->config()->set('access-edit-own-wish', true);
}
}
}
// Access check done
$this->config()->set('access-check-wish-done', true);
}
}
return $this->config()->get('access-' . $action . '-' . $assetType);
}
/**
* Vote for a wish
*
* @return void
*/
public function rateitemTask()
{
$wish = new Wish(Request::getInt('refid', 1));
if (!$wish->exists()) {
// cannot proceed
return;
}
// Load the wishlist
$wishlist = Wishlist::getInstance($wish->get('wishlist'));
// Login required
if (User::isGuest()) {
// Get List Title
$this->_list_title = ($wishlist->isPublic() or !$wishlist->isPublic() && $wishlist->access('manage')) ? $wishlist->get('title') : '';
$this->_buildTitle();
// Set the pathway
$this->_buildPathway($wishlist);
$this->_msg = Lang::txt('COM_WISHLIST_WARNING_WISHLIST_LOGIN_TO_RATE');
$this->loginTask();
return;
}
// Incoming
$page = Request::getVar('page', 'wishlist');
$vote = Request::getWord('vote', '');
// assuming text only vote. Fix for sql injection ticket 1182
//$this->authorize_admin($listid);
$filters = self::getFilters($wishlist->access('manage'));
if ($wish->vote($vote)) {
$wishlist->rank();
}
// update display
if (Request::getInt('ajax', 0)) {
$this->view->setLayout('_vote');
$this->view->item = $wish;
$this->view->item->set('vote', $vote);
$this->view->option = $this->_option;
$this->view->page = 'wishlist';
$this->view->filters = $filters;
$this->view->display();
return;
}
if ($page == 'wishlist') {
App::redirect(str_replace('&', '&', Route::url($wishlist->link() . '&filterby=' . $filters['filterby'] . '&sortby=' . $filters['sortby'] . '&limitstart=' . $filters['start'] . '&limit=' . $filters['limit'] . '&tags=' . $filters['tag'])));
} else {
App::redirect(str_replace('&', '&', Route::url($wish->link() . '&filterby=' . $filters['filterby'] . '&sortby=' . $filters['sortby'] . '&limitstart=' . $filters['start'] . '&limit=' . $filters['limit'] . '&tags=' . $filters['tag'])));
}
}