Exemplo n.º 1
0
 /**
  * Method to check if the user can edit the STATE of the item
  *
  * @access	public
  * @return	boolean	True on success
  * @since	1.5
  */
 function canEditState($item = null, $check_cat_perm = true)
 {
     if (empty($item)) {
         $item =& $this->_item;
     }
     $user = JFactory::getUser();
     $isOwner = !empty($item->created_by) && $item->created_by == $user->get('id');
     if (FLEXI_J16GE) {
         if (!empty($item->id)) {
             // Existing item, use item specific permissions
             $asset = 'com_content.article.' . $item->id;
             return $user->authorise('core.edit.state', $asset) || $user->authorise('core.edit.state.own', $asset) && $isOwner;
         } elseif ($check_cat_perm && !empty($item->catid)) {
             // *** New item *** with main category set
             $cat_asset = 'com_content.category.' . (int) @$item->catid;
             return $user->authorise('core.edit.state', $cat_asset) || $user->authorise('core.edit.state.own', $cat_asset) && $isOwner;
         } else {
             // *** New item *** get general edit/publish/delete permissions
             return $user->authorise('core.edit.state', 'com_flexicontent') || $user->authorise('core.edit.state.own', 'com_flexicontent');
         }
     } else {
         if (FLEXI_ACCESS) {
             if (!empty($item->id)) {
                 // Existing item, use item specific permissions
                 $rights = FAccess::checkAllItemAccess('com_content', 'users', $user->gmid, $item->id, $item->catid);
                 return $user->gid < 25 ? in_array('publishown', $rights) && $isOwner || in_array('publish', $rights) : 1;
             } elseif ($check_cat_perm && !empty($item->catid)) {
                 // *** New item *** with main category set
                 $rights = FAccess::checkAllCategoryAccess('com_content', 'users', $user->gmid, $item->catid);
                 return $user->gid < 25 ? in_array('publishown', $rights) && $isOwner || in_array('publish', $rights) : 1;
             } else {
                 // *** New item *** get general edit/publish/delete permissions
                 $canPublishAll = FAccess::checkAllContentAccess('com_content', 'publish', 'users', $user->gmid, 'content', 'all');
                 $canPublishOwnAll = FAccess::checkAllContentAccess('com_content', 'publishown', 'users', $user->gmid, 'content', 'all');
                 return $user->gid < 25 ? $canPublishAll || $canPublishOwnAll : 1;
             }
         } else {
             // J1.5 permissions with no FLEXIaccess are only general, no item specific permissions
             return $user->gid >= 21;
         }
     }
 }