function add_permissions(&$attachments, $user, $article_id) { // Make sure we have a valid article ID if ($article_id == null || $article_id == '' || !is_numeric($article_id)) { $errmsg = JText::_('ERROR BAD ARTICLE ID'); JError::raiseError(500, $errmsg); } // If there are no attachments, don't do anything if (count($attachments) == 0) { return false; } // Get the component parameters jimport('joomla.application.component.helper'); $params = JComponentHelper::getParams('com_attachments'); // Process each attachment $logged_in = $user->get('username') != ''; $who_can_add = $params->get('who_can_add'); $some_visible = false; for ($i = 0, $n = count($attachments); $i < $n; $i++) { $attach =& $attachments[$i]; $attach->user_may_see = false; $attach->user_may_modify = false; // Determine if the user may modify this attachment // (Nobody may modify attachments without being logged in) if ($logged_in) { $attach->user_may_modify = AttachmentsPermissions::user_may_modify_attachment($user, $attach, $article_id, $params); } // Determine if the user may see the attachment $who_can_see = $params->get('who_can_see', 'logged_in'); if ($who_can_see == 'anyone' || $who_can_see == 'logged_in' && $logged_in) { $attach->user_may_see = true; $some_visible = true; } } return $some_visible; }
function update() { require_once JPATH_COMPONENT_SITE . DS . 'helper.php'; // Call with: index.php?option=com_attachments&task=update&id=1&tmpl=component // or: component/attachments/update/id/1/tmpl/component // Make sure we have a valid attachment ID $id = JRequest::getVar('id'); if (is_numeric($id)) { $id = intval($id); } else { $errmsg = JText::_('ERROR INVALID ATTACHMENT ID') . " ({$id})"; JError::raiseError(500, $errmsg); exit; } // Get the attachment record $attachment =& JTable::getInstance('attachments', 'Table'); if (!$attachment->load($id)) { $errmsg = JText::_('ERROR CANNOT UPDATE ATTACHMENT INVALID ID') . " ({$id})"; JError::raiseError(500, $errmsg); exit; } // Get the component parameters jimport('joomla.application.component.helper'); $params = JComponentHelper::getParams('com_attachments'); // Verify that this user may add attachments to this article $user =& JFactory::getUser(); $article_id = $attachment->article_id; $article_title = AttachmentsHelper::get_article_title($article_id); require_once JPATH_COMPONENT_SITE . DS . 'permissions.php'; if (!AttachmentsPermissions::user_may_modify_attachment($user, $attachment, $article_id, $params)) { $errmsg = JText::_('ERROR NO PERMISSION TO UPLOAD'); JError::raiseError(500, $errmsg); exit; } // Make sure the attachments directory exists $upload_subdir = $params->get('attachments_subdir', 'attachments'); if ($upload_subdir == '') { $upload_subdir = 'attachments'; } $upload_dir = JPATH_BASE . DS . $upload_subdir; $secure = $params->get('secure', false); if (!AttachmentsHelper::setup_upload_directory($upload_dir, $secure)) { $errmsg = JText::_('ERROR UNABLE TO SETUP UPLOAD DIR'); JError::raiseError(500, $errmsg); } // Set up the view require_once JPATH_COMPONENT_SITE . DS . 'views' . DS . 'update' . DS . 'view.php'; $view = new AttachmentsViewUpdate(); $view->assign('update_file', JRequest::getVar('change', false)); $view->assign('save_url', "index.php?option=com_attachments&task=save&tmpl=component"); $view->assign('attachment_id', $id); $view->assign('article_id', $article_id); $view->assign('article_title', $article_title); $view->assign('filename', $attachment->filename); $view->assign('description', $attachment->description); $view->assign('display_filename', $attachment->display_filename); $view->assign('user_field_1', $attachment->user_field_1); $view->assign('user_field_2', $attachment->user_field_2); $view->assign('user_field_3', $attachment->user_field_3); $view->assign('from', JRequest::getVar('from', 'closeme')); $view->assign('Itemid', JRequest::getVar('Itemid', 1)); $view->assignRef('params', $params); $view->display(null, false, false, false); }