/** * Method override to check if you can edit an existing record. * * @param array $data An array of input data. * @param string $key The name of the key for the primary key. * * @return boolean * * @since 1.6 */ protected function allowEdit($data = array(), $key = 'id') { // get user object. $user = JFactory::getUser(); // get record id. $recordId = (int) isset($data[$key]) ? $data[$key] : 0; if (!$user->authorise('core.options', 'com_costbenefitprojection')) { // make absolutely sure that this Service Providers can be edited $serviceproviders = CostbenefitprojectionHelper::hisServiceProviders($user->id); if (!CostbenefitprojectionHelper::checkArray($serviceproviders) || !in_array($recordId, $serviceproviders)) { return false; } } // Access check. $access = $user->authorise('service_provider.access', 'com_costbenefitprojection.service_provider.' . (int) $recordId) && $user->authorise('service_provider.access', 'com_costbenefitprojection'); if (!$access) { return false; } if ($recordId) { // The record has been set. Check the record permissions. $permission = $user->authorise('service_provider.edit', 'com_costbenefitprojection.service_provider.' . (int) $recordId); if (!$permission && !is_null($permission)) { if ($user->authorise('service_provider.edit.own', 'com_costbenefitprojection.service_provider.' . $recordId)) { // Now test the owner is the user. $ownerId = (int) isset($data['created_by']) ? $data['created_by'] : 0; if (empty($ownerId)) { // Need to do a lookup from the model. $record = $this->getModel()->getItem($recordId); if (empty($record)) { return false; } $ownerId = $record->created_by; } // If the owner matches 'me' then allow. if ($ownerId == $user->id) { if ($user->authorise('service_provider.edit.own', 'com_costbenefitprojection')) { return true; } } } return false; } } // Since there is no permission, revert to the component permissions. return $user->authorise('service_provider.edit', $this->option); }
/** * Method to get list data. * * @return mixed An array of data items on success, false on failure. */ public function getVwgservice_providers() { // Get the user object. $user = JFactory::getUser(); // Create a new query object. $db = JFactory::getDBO(); $query = $db->getQuery(true); // Select some fields $query->select('a.*'); // From the costbenefitprojection_service_provider table $query->from($db->quoteName('#__costbenefitprojection_service_provider', 'a')); // Filter the providers (admin sees all) if (!$user->authorise('core.options', 'com_costbenefitprojection')) { $serviceProviders = CostbenefitprojectionHelper::hisServiceProviders($user->id); if (CostbenefitprojectionHelper::checkArray($serviceProviders)) { $serviceProviders = implode(',', $serviceProviders); // only load this users service providers $query->where('a.id IN (' . $serviceProviders . ')'); } else { // don't allow user to see any service providers $query->where('a.id = -4'); } } // From the users table. $query->select($db->quoteName('g.name', 'user_name')); $query->join('LEFT', $db->quoteName('#__users', 'g') . ' ON (' . $db->quoteName('a.user') . ' = ' . $db->quoteName('g.id') . ')'); // From the costbenefitprojection_country table. $query->select($db->quoteName('h.name', 'country_name')); $query->join('LEFT', $db->quoteName('#__costbenefitprojection_country', 'h') . ' ON (' . $db->quoteName('a.country') . ' = ' . $db->quoteName('h.id') . ')'); // Filter by countryvvvz global. $countryvvvz = $this->countryvvvz; if (is_numeric($countryvvvz)) { $query->where('a.country = ' . (int) $countryvvvz); } elseif (is_string($countryvvvz)) { $query->where('a.country = ' . $db->quote($countryvvvz)); } else { $query->where('a.country = -5'); } // Order the results by ordering $query->order('a.published ASC'); $query->order('a.ordering ASC'); // Load the items $db->setQuery($query); $db->execute(); if ($db->getNumRows()) { $items = $db->loadObjectList(); // set values to display correctly. if (CostbenefitprojectionHelper::checkArray($items)) { // get user object. $user = JFactory::getUser(); foreach ($items as $nr => &$item) { $access = $user->authorise('service_provider.access', 'com_costbenefitprojection.service_provider.' . (int) $item->id) && $user->authorise('service_provider.access', 'com_costbenefitprojection'); if (!$access) { unset($items[$nr]); continue; } } } return $items; } return false; }
/** * Batch move items to a new category * * @param integer $value The new category ID. * @param array $pks An array of row IDs. * @param array $contexts An array of item contexts. * * @return boolean True if successful, false otherwise and internal error is set. * * @since 12.2 */ protected function batchMove($values, $pks, $contexts) { if (empty($this->batchSet)) { // Set some needed variables. $this->user = JFactory::getUser(); $this->table = $this->getTable(); $this->tableClassName = get_class($this->table); $this->contentType = new JUcmType(); $this->type = $this->contentType->getTypeByTable($this->tableClassName); $this->canDo = CostbenefitprojectionHelper::getActions('service_provider'); } if (!$this->canDo->get('service_provider.edit') && !$this->canDo->get('service_provider.batch')) { $this->setError(JText::_('JLIB_APPLICATION_ERROR_BATCH_CANNOT_EDIT')); return false; } if (!$this->user->authorise('core.options', 'com_costbenefitprojection')) { // make absolutely sure that this Service Providers can be moved $serviceproviders = CostbenefitprojectionHelper::hisServiceProviders($this->user->id); if (CostbenefitprojectionHelper::checkArray($serviceproviders)) { foreach ($pks as $nr => $pk) { if (!in_array($pk, $serviceproviders)) { unset($pks[$nr]); } } if (empty($pks)) { $this->setError(JText::sprintf('JLIB_APPLICATION_ERROR_BATCH_MOVE_ROW_NOT_FOUND', 0)); return false; } } else { $this->setError(JText::sprintf('JLIB_APPLICATION_ERROR_BATCH_MOVE_ROW_NOT_FOUND', 0)); return false; } } // make sure published only updates if user has the permission. if (isset($values['published']) && !$this->canDo->get('service_provider.edit.state')) { unset($values['published']); } // remove move_copy from array unset($values['move_copy']); // Parent exists so we proceed foreach ($pks as $pk) { if (!$this->user->authorise('service_provider.edit', $contexts[$pk])) { $this->setError(JText::_('JLIB_APPLICATION_ERROR_BATCH_CANNOT_EDIT')); return false; } // Check that the row actually exists if (!$this->table->load($pk)) { if ($error = $this->table->getError()) { // Fatal error $this->setError($error); return false; } else { // Not fatal error $this->setError(JText::sprintf('JLIB_APPLICATION_ERROR_BATCH_MOVE_ROW_NOT_FOUND', $pk)); continue; } } // insert all set values. if (CostbenefitprojectionHelper::checkArray($values)) { foreach ($values as $key => $value) { // Do special action for access. if ('access' == $key && strlen($value) > 0) { $this->table->{$key} = $value; } elseif (strlen($value) > 0 && isset($this->table->{$key})) { $this->table->{$key} = $value; } } } // Check the row. if (!$this->table->check()) { $this->setError($this->table->getError()); return false; } if (!empty($this->type)) { $this->createTagsHelper($this->tagsObserver, $this->type, $pk, $this->typeAlias, $this->table); } // Store the row. if (!$this->table->store()) { $this->setError($this->table->getError()); return false; } } // Clean the cache $this->cleanCache(); return true; }
/** * Method to get a list of options for a list input. * * @return array An array of JHtml options. */ public function getOptions() { // Get the user object. $user = JFactory::getUser(); // Create a new query object. $db = JFactory::getDBO(); $query = $db->getQuery(true); $query->select($db->quoteName(array('a.id', 'a.user'), array('id', 'service_provider_user'))); $query->from($db->quoteName('#__costbenefitprojection_service_provider', 'a')); $query->where($db->quoteName('a.published') . ' = 1'); if (!$user->authorise('core.options', 'com_costbenefitprojection')) { $serviceProviders = CostbenefitprojectionHelper::hisServiceProviders($user->id); if (CostbenefitprojectionHelper::checkArray($serviceProviders)) { $serviceProviders = implode(',', $serviceProviders); // only load this users service providers $query->where('a.id IN (' . $serviceProviders . ')'); } else { // don't allow user to see any service providers $query->where('a.id = -4'); } } $query->order('a.user ASC'); $db->setQuery((string) $query); $items = $db->loadObjectList(); $options = array(); if ($items) { foreach ($items as $item) { $options[] = JHtml::_('select.option', $item->id, JFactory::getUser($item->service_provider_user)->name); } } return $options; }
/** * Method to get list export data. * * @return mixed An array of data items on success, false on failure. */ public function getExportData($pks) { // setup the query if (CostbenefitprojectionHelper::checkArray($pks)) { // Set a value to know this is exporting method. $_export = true; // Get the user object. $user = JFactory::getUser(); // Create a new query object. $db = JFactory::getDBO(); $query = $db->getQuery(true); // Select some fields $query->select('a.*'); // From the costbenefitprojection_service_provider table $query->from($db->quoteName('#__costbenefitprojection_service_provider', 'a')); $query->where('a.id IN (' . implode(',', $pks) . ')'); // Filter the providers (admin sees all) if (!$user->authorise('core.options', 'com_costbenefitprojection')) { $serviceProviders = CostbenefitprojectionHelper::hisServiceProviders($user->id); if (CostbenefitprojectionHelper::checkArray($serviceProviders)) { $serviceProviders = implode(',', $serviceProviders); // only load this users service providers $query->where('a.id IN (' . $serviceProviders . ')'); } else { // don't allow user to see any service providers $query->where('a.id = -4'); } } // Order the results by ordering $query->order('a.ordering ASC'); // Load the items $db->setQuery($query); $db->execute(); if ($db->getNumRows()) { $items = $db->loadObjectList(); // set values to display correctly. if (CostbenefitprojectionHelper::checkArray($items)) { // get user object. $user = JFactory::getUser(); foreach ($items as $nr => &$item) { $access = $user->authorise('service_provider.access', 'com_costbenefitprojection.service_provider.' . (int) $item->id) && $user->authorise('service_provider.access', 'com_costbenefitprojection'); if (!$access) { unset($items[$nr]); continue; } // unset the values we don't want exported. unset($item->asset_id); unset($item->checked_out); unset($item->checked_out_time); } } // Add headers to items array. $headers = $this->getExImPortHeaders(); if (CostbenefitprojectionHelper::checkObject($headers)) { array_unshift($items, $headers); } return $items; } } return false; }