/** * HTML list ready response */ public function get() { $extension = JRequest::getWord('extension'); $categories = JHtml::_('category.options', $extension); // Verify permissions. If the action attribute is set, then we scan the options. $action = 'core.edit.own'; // Get the current user object. $user = JFactory::getUser(APIHelper::getAPIUserId()); foreach ($categories as $i => $cat) { // To take save or create in a category you need to have create rights for that category // unless the item is already in that category. // Unset the option if the user isn't authorised for it. In this field assets are always categories. if ($user->authorise('core.create', $extension . '.category.' . $cat->value) != true) { unset($categories[$i]); } } $this->plugin->setResponse($categories); }
/** * A copy with modifications for the api from the categoryparent.php * field on the categories component */ public function get() { $options = array(); JFactory::getLanguage()->load('joomla', JPATH_ADMINISTRATOR); $db = JFactory::getDbo(); $query = $db->getQuery(true); $query->select('a.id AS value, a.title AS text, a.level'); $query->from('#__categories AS a'); $query->join('LEFT', '`#__categories` AS b ON a.lft > b.lft AND a.rgt < b.rgt'); // Filter by the type if ($extension = JRequest::getVar('extension')) { $query->where('(a.extension = ' . $db->quote($extension) . ' OR a.parent_id = 0)'); } // Prevent parenting to children of this item. if ($id = JRequest::getInt('id')) { $query->join('LEFT', '`#__categories` AS p ON p.id = ' . (int) $id); $query->where('NOT(a.lft >= p.lft AND a.rgt <= p.rgt)'); $rowQuery = $db->getQuery(true); $rowQuery->select('a.id AS value, a.title AS text, a.level, a.parent_id'); $rowQuery->from('#__categories AS a'); $rowQuery->where('a.id = ' . (int) $id); $db->setQuery($rowQuery); $row = $db->loadObject(); } $query->where('a.published IN (0,1)'); $query->group('a.id'); $query->order('a.lft ASC'); // Get the options. $db->setQuery($query); $options = $db->loadObjectList(); // Check for a database error. if ($db->getErrorNum()) { JError::raiseWarning(500, $db->getErrorMsg()); } // Pad the option text with spaces using depth level as a multiplier. for ($i = 0, $n = count($options); $i < $n; $i++) { // Translate ROOT if ($options[$i]->level == 0) { $options[$i]->text = JText::_('JGLOBAL_ROOT_PARENT'); } $options[$i]->text = str_repeat('- ', $options[$i]->level) . $options[$i]->text; } // Initialise variables. $user = JFactory::getUser(APIHelper::getAPIUserId()); if (empty($id)) { // New item, only have to check core.create. foreach ($options as $i => $option) { // Unset the option if the user isn't authorised for it. if (!$user->authorise('core.create', $extension . '.category.' . $option->value)) { unset($options[$i]); } } } else { // Existing item is a bit more complex. Need to account for core.edit and core.edit.own. foreach ($options as $i => $option) { // Unset the option if the user isn't authorised for it. if (!$user->authorise('core.edit', $extension . '.category.' . $option->value)) { // As a backup, check core.edit.own if (!$user->authorise('core.edit.own', $extension . '.category.' . $option->value)) { // No core.edit nor core.edit.own - bounce this one unset($options[$i]); } else { // TODO I've got a funny feeling we need to check core.create here. // Maybe you can only get the list of categories you are allowed to create in? // Need to think about that. If so, this is the place to do the check. } } } } if (isset($row) && !isset($options[0])) { if ($row->parent_id == '1') { $parent = new stdClass(); $parent->text = JText::_('JGLOBAL_ROOT_PARENT'); array_unshift($options, $parent); } } $this->plugin->setResponse($options); }