/**
* Save entry
*
* @return void
*/
public function saveTask()
{
// Check for request forgeries
Request::checkToken();
// Incoming password blacklist edits
$fields = Request::getVar('fields', array(), 'post');
// Load the record
$row = Accessgroup::oneOrNew($fields['id'])->set($fields);
// Check the super admin permissions for group
// We get the parent group permissions and then check the group permissions manually
// We have to calculate the group permissions manually because we haven't saved the group yet
$parentSuperAdmin = \JAccess::checkGroup($fields['parent_id'], 'core.admin');
// Get core.admin rules from the root asset
$rules = \JAccess::getAssetRules('root.1')->getData('core.admin');
// Get the value for the current group (will be true (allowed), false (denied), or null (inherit)
$groupSuperAdmin = $rules['core.admin']->allow($row->get('id'));
// We only need to change the $groupSuperAdmin if the parent is true or false. Otherwise, the value set in the rule takes effect.
if ($parentSuperAdmin === false) {
// If parent is false (Denied), effective value will always be false
$groupSuperAdmin = false;
} elseif ($parentSuperAdmin === true) {
// If parent is true (allowed), group is true unless explicitly set to false
$groupSuperAdmin = $groupSuperAdmin === false ? false : true;
}
// Check for non-super admin trying to save with super admin group
$iAmSuperAdmin = User::authorise('core.admin');
if (!$iAmSuperAdmin && $groupSuperAdmin) {
Notify::error(Lang::txt('JLIB_USER_ERROR_NOT_SUPERADMIN'));
return $this->editTask($row);
}
// Check for super-admin changing self to be non-super-admin
// First, are we a super admin>
if ($iAmSuperAdmin) {
// Next, are we a member of the current group?
$myGroups = \JAccess::getGroupsByUser(User::get('id'), false);
if (in_array($fields['id'], $myGroups)) {
// Now, would we have super admin permissions without the current group?
$otherGroups = array_diff($myGroups, array($fields['id']));
$otherSuperAdmin = false;
foreach ($otherGroups as $otherGroup) {
$otherSuperAdmin = $otherSuperAdmin ? $otherSuperAdmin : \JAccess::checkGroup($otherGroup, 'core.admin');
}
// If we would not otherwise have super admin permissions
// and the current group does not have super admin permissions, throw an exception
if (!$otherSuperAdmin && !$groupSuperAdmin) {
Notify::error(Lang::txt('JLIB_USER_ERROR_CANNOT_DEMOTE_SELF'));
return $this->editTask($row);
}
}
}
if ($this->getTask() == 'save2copy') {
$row->set('id', null);
}
// Try to save
if (!$row->save()) {
Notify::error($row->getError());
return $this->editTask($row);
}
Notify::success(Lang::txt('COM_MEMBERS_SAVE_SUCCESS'));
if ($this->getTask() == 'save2new') {
$row = Accessgroup::blank();
}
// Fall through to edit form
if (in_array($this->getTask(), array('apply', 'save2new', 'save2copy'))) {
return $this->editTask($row);
}
// Redirect
$this->cancelTask();
}
