コード例 #1
0
ファイル: helper.php プロジェクト: mined-gatech/hubzero-cms
 /**
  * Display module contents
  *
  * @return  void
  */
 public function display()
 {
     if (!\App::isAdmin()) {
         return;
     }
     include_once Component::path('com_wishlist') . DS . 'models' . DS . 'wishlist.php';
     $wishlist = intval($this->params->get('wishlist', 0));
     if (!$wishlist) {
         $model = Wishlist::getInstance(1, 'general');
         if (!$model->exists()) {
             return false;
         }
         $wishlist = $model->get('id');
     }
     $this->wishlist = $wishlist;
     $queries = array('granted' => 1, 'pending' => "0 AND accepted=0", 'accepted' => "0 AND accepted=1", 'rejected' => 3, 'withdrawn' => 4, 'removed' => 2);
     $database = \App::get('db');
     foreach ($queries as $key => $state) {
         $database->setQuery("SELECT COUNT(*) FROM `#__wishlist_item` WHERE wishlist=" . $database->quote($wishlist) . " AND status=" . $state);
         $this->{$key} = $database->loadResult();
     }
     // Get the view
     parent::display();
 }
コード例 #2
0
ファイル: wish.php プロジェクト: zooley/hubzero-cms
 /**
  * Check a user's authorization
  *
  * @param   string   $action     Action to check
  * @param   string   $assetType  Type of asset to check
  * @param   integer  $assetId    ID of item to check access on
  * @return  boolean  True if authorized, false if not
  */
 public function access($action = 'view', $assetType = 'wish', $assetId = null)
 {
     if (!$this->config()->get('access-check-list-done', false) || !$this->config()->get('access-check-wish-done', false)) {
         // Has the list access check been performed?
         if (!$this->config()->get('access-check-list-done', false)) {
             $wishlist = Wishlist::getInstance($this->get('wishlist'));
             $wishlist->access($action, 'list');
         }
         // Has the wish access check been performed?
         if (!$this->config()->get('access-check-wish-done', false)) {
             // Set wish NOT viewable by default
             $this->config()->set('access-view-wish', false);
             // Can they see the list?
             if ($this->config()->get('access-view-list')) {
                 $this->config()->set('access-create-wish', true);
                 // If the wish is not private or (wish is private and user can manage the list)
                 // set the wish to viewable
                 if (!$this->isPrivate() || $this->isPrivate() && $this->config()->get('access-manage-list')) {
                     $this->config()->set('access-view-wish', true);
                 }
                 if ($this->config()->get('access-manage-list')) {
                     $this->config()->set('access-view-wish', true);
                     $this->config()->set('access-admin-wish', true);
                     $this->config()->set('access-manage-wish', true);
                     $this->config()->set('access-delete-wish', true);
                     $this->config()->set('access-create-wish', true);
                     $this->config()->set('access-edit-wish', true);
                     $this->config()->set('access-edit-state-wish', true);
                     $this->config()->set('access-edit-own-wish', true);
                 }
                 // Is the user logged in?
                 if (!User::isGuest()) {
                     // Is the user the wish proposer?
                     if (User::get('id') == $this->get('proposed_by')) {
                         // Grant access to view and edit
                         $this->config()->set('access-view-wish', true);
                         $this->config()->set('access-edit-wish', true);
                         $this->config()->set('access-edit-own-wish', true);
                     }
                 }
             }
             // Access check done
             $this->config()->set('access-check-wish-done', true);
         }
     }
     return $this->config()->get('access-' . $action . '-' . $assetType);
 }
コード例 #3
0
ファイル: wishlists.php プロジェクト: sumudinie/hubzero-cms
 /**
  * Vote for a wish
  *
  * @return     void
  */
 public function rateitemTask()
 {
     $wish = new Wish(Request::getInt('refid', 1));
     if (!$wish->exists()) {
         // cannot proceed
         return;
     }
     // Load the wishlist
     $wishlist = Wishlist::getInstance($wish->get('wishlist'));
     // Login required
     if (User::isGuest()) {
         // Get List Title
         $this->_list_title = ($wishlist->isPublic() or !$wishlist->isPublic() && $wishlist->access('manage')) ? $wishlist->get('title') : '';
         $this->_buildTitle();
         // Set the pathway
         $this->_buildPathway($wishlist);
         $this->_msg = Lang::txt('COM_WISHLIST_WARNING_WISHLIST_LOGIN_TO_RATE');
         $this->loginTask();
         return;
     }
     // Incoming
     $page = Request::getVar('page', 'wishlist');
     $vote = Request::getWord('vote', '');
     // assuming text only vote. Fix for sql injection ticket 1182
     //$this->authorize_admin($listid);
     $filters = self::getFilters($wishlist->access('manage'));
     if ($wish->vote($vote)) {
         $wishlist->rank();
     }
     // update display
     if (Request::getInt('ajax', 0)) {
         $this->view->setLayout('_vote');
         $this->view->item = $wish;
         $this->view->item->set('vote', $vote);
         $this->view->option = $this->_option;
         $this->view->page = 'wishlist';
         $this->view->filters = $filters;
         $this->view->display();
         return;
     }
     if ($page == 'wishlist') {
         App::redirect(str_replace('&', '&', Route::url($wishlist->link() . '&filterby=' . $filters['filterby'] . '&sortby=' . $filters['sortby'] . '&limitstart=' . $filters['start'] . '&limit=' . $filters['limit'] . '&tags=' . $filters['tag'])));
     } else {
         App::redirect(str_replace('&', '&', Route::url($wish->link() . '&filterby=' . $filters['filterby'] . '&sortby=' . $filters['sortby'] . '&limitstart=' . $filters['start'] . '&limit=' . $filters['limit'] . '&tags=' . $filters['tag'])));
     }
 }