/** * Method to check JMenu object authorization against an access control * object and optionally an access extension object * * @param integer $id The menu id * * @return boolean True if authorised * * @since 1.5 */ public function authorise($id) { $menu = $this->getItem($id); if ($menu) { return in_array((int) $menu->access, $this->user->getAuthorisedViewLevels()); } return true; }
public function onCCK_Field_LivePrepareForm(&$field, &$value = '', &$config = array()) { if (self::$type != $field->live) { return; } // Init $live = ''; $options = parent::g_getLive($field->live_options); // Prepare $default = $options->get('default_value', ''); $excluded = $options->get('excluded'); $property = $options->get('property'); if ($property) { $user = JCck::getUser(); if ($user->id > 0 && $user->guest == 1) { if (!($property == 'ip' || $property == 'session_id')) { $user = new JUser(0); } } if ($property == 'access') { $viewlevels = $user->getAuthorisedViewLevels(); if ($excluded != '') { $excluded = explode(',', $excluded); $viewlevels = array_diff($viewlevels, $excluded); } if (empty($viewlevels)) { $live = $default; } else { $live = implode(',', $viewlevels); } } elseif (isset($user->{$property})) { $live = $user->{$property}; if (is_array($live)) { if ($excluded != '') { $excluded = explode(',', $excluded); $live = array_diff($live, $excluded); } if (empty($live)) { $live = $default; } else { $live = implode(',', $live); } } elseif ($live == '') { $live = $default; } } else { $live = $default; } } // Set $value = (string) $live; }
/** * Method to check whether the user can view the object. * * @return mixed True if allowed, false for an explicit deny, null for an implicit deny. * * @since 12.1 * @throws LogicException * @throws RuntimeException */ public function canView() { // Assert the object is loaded. $this->assertIsLoaded(); // Check if an access level is set. if (isset($this->access)) { // Get the user's authorised view levels. $levels = $this->user->getAuthorisedViewLevels(); // Check if the user has access. return in_array($this->access, $levels); } return null; }
/** * Gets an array of the authorised access levels for the user * * @return int[] */ public function getAuthorisedViewLevels() { return array_unique(Get::arrayToIntegers($this->cmsOwnUser->getAuthorisedViewLevels())); }
/** * Gets the users allowed event categories * * @param JUser $user - The user * * @return array - List of categories */ public static function getUserACLCategories($user) { $db = JFactory::getDbo(); // Check category ACL rights $groups = implode(',', $user->getAuthorisedViewLevels()); $query = $db->getQuery(true); $query->select("id, access")->from("#__categories")->where(array("extension = " . $db->quote("com_matukio"), "published = 1", "access in (" . $groups . ")")); $db->setQuery($query); $cats = $db->loadObjectList(); $allowedcat = array(); foreach ((array) $cats as $cat) { $allowedcat[] = $cat->id; } return $allowedcat; }
/** * Run the pre-filter sql and replace any placeholders in the subsequent pre-filter * * @param mixed $selValue string/array pre-filter value * * @return mixed string/array pre-filter value */ protected function prefilterParse($selValue) { $isstring = false; if (is_string($selValue)) { $isstring = true; $selValue = array($selValue); } $preSQL = htmlspecialchars_decode($this->getParams()->get('prefilter_query'), ENT_QUOTES); if (trim($preSQL) != '') { $db = FabrikWorker::getDbo(); $w = new FabrikWorker(); $w->replaceRequest($preSQL); $preSQL = $w->parseMessageForPlaceHolder($preSQL); $db->setQuery($preSQL); $q = $db->loadObjectList(); if (!$q) { // Try the table's connection db for the query $thisDb = $this->getDb(); $thisDb->setQuery($preSQL); $q = $thisDb->loadObjectList(); } if (!empty($q)) { $q = $q[0]; } } if (isset($q)) { foreach ($q as $key => $val) { if (substr($key, 0, 1) != '_') { $found = false; for ($i = 0; $i < count($selValue); $i++) { if (strstr($selValue[$i], '{$q->' . $key)) { $found = true; $pattern = '{$q->' . $key . "}"; } if (strstr($selValue[$i], '{$q->' . $key)) { $found = true; $pattern = '{$q->' . $key . "}"; } if ($found) { $selValue[$i] = str_replace($pattern, $val, $selValue[$i]); } } } } } else { /* Parse for default values only * $$$ hugh - this pattern is being greedy, so for example ... * foo {$my->id} bar {$my->id} bosh * ... matches everything from first to last brace, like ... * {$my->id} bar {$my->id} *$pattern = "/({[^}]+}).*}?/s"; */ $pattern = "/({[^}]+})/"; for ($i = 0; $i < count($selValue); $i++) { $ok = preg_match($pattern, $selValue[$i], $matches); foreach ($matches as $match) { $matchX = JString::substr($match, 1, JString::strlen($match) - 2); // A default option was set so lets use that if (strstr($matchX, '|')) { $bits = explode('|', $matchX); $selValue[$i] = str_replace($match, $bits[1], $selValue[$i]); } } } } $selValue = $isstring ? $selValue[0] : $selValue; // Replace {authorisedViewLevels} with array of view levels the user can access if (is_array($selValue)) { foreach ($selValue as &$v) { if (strstr($v, '{authorisedViewLevels}')) { $v = $this->user->getAuthorisedViewLevels(); } } } else { if (strstr($selValue, '{authorisedViewLevels}')) { $selValue = $this->user->getAuthorisedViewLevels(); } } return $selValue; }
/** * Checks if a user is allowed to edit a certain issue. * * @param JUser $user The user whose permissions should be checked. * @param int $id ID of the relevant issue. If left empty or set to 0, * the permission to create a new issue is checked. * * @return bool True, if the user is allowed to edit the issue, false if not. */ public function canEdit($user, $id = 0) { $id = (int) $id; // If ID is 0, we create a new issue. if ($id == 0) { return $user->authorise('issue.create', 'com_monitor'); } // If user is not allowed to edit... if (!$user->authorise('issue.edit', 'com_monitor')) { if (!$user->authorise('issue.edit.own', 'com_monitor')) { return false; } // ...but to edit own issue... $infoQuery = $this->db->getQuery(true)->select('author_id, classification')->from('#__monitor_issues')->where('id = ' . $id); $this->db->setQuery($infoQuery); $this->db->execute(); $result = $this->db->loadObject(); // ...check if the issue belongs to the user. if ($result->author_id != $user->id) { return false; } } // Check if the user has access to the issue according to its classification. if (!isset($result)) { $infoQuery = $this->db->getQuery(true)->select('author_id, classification')->from('#__monitor_issues')->where('id = ' . $id); $this->db->setQuery($infoQuery); $this->db->execute(); $result = $this->db->loadObject(); } if (!in_array($result->classification, $user->getAuthorisedViewLevels())) { // Users can edit their own classifications, regardless of the classification. if ($result->author_id != $user->id) { return false; } } return true; }