/** * display method of playjoom view * @return void */ public function display($tpl = null) { $dispatcher = JDispatcher::getInstance(); //Get User Objects $user = JFactory::getUser(); $canDo = PlayJoomHelper::getActions(); // get the Data $this->form = $this->get('Form'); $this->item = $this->get('Item'); $this->script = $this->get('Script'); $this->OptionsNewCover = $this->get('OptionsNewCover'); // Check for errors. if (count($errors = $this->get('Errors'))) { JError::raiseError(500, implode('<br />', $errors)); $dispatcher->trigger('onEventLogging', array(array('method' => __METHOD__ . ":" . __LINE__, 'message' => 'Problem with database query. Error500: ' . implode('<br />', $errors), 'priority' => JLog::ERROR, 'section' => 'admin'))); return false; } if ($canDo->get('core.edit') || $canDo->get('core.create') && !JRequest::getVar('id') || JAccess::check($user->get('id'), 'core.admin') == 1) { // Set the toolbar $this->addToolBar(); // Display the template $dispatcher->trigger('onEventLogging', array(array('method' => __METHOD__ . ":" . __LINE__, 'message' => 'Load template for cover viewer.', 'priority' => JLog::INFO, 'section' => 'admin'))); parent::display($tpl); } else { $dispatcher->trigger('onEventLogging', array(array('method' => __METHOD__ . ":" . __LINE__, 'message' => 'Can not displaying cover viewer. ' . JText::_('JERROR_ALERTNOAUTHOR'), 'priority' => JLog::WARNING, 'section' => 'admin'))); JError::raiseWarning(404, JText::_('JERROR_ALERTNOAUTHOR')); } // Set the document $this->setDocument(); }
/** * display method of playjoom view * @return void */ public function display($tpl = null) { //Get User Objects $user = JFactory::getUser(); $canDo = PlayJoomHelper::getActions(); // get the Data $form = $this->get('Form'); $item = $this->get('Item'); $script = $this->get('Script'); // Check for errors. if (count($errors = $this->get('Errors'))) { JError::raiseError(500, implode('<br />', $errors)); return false; } // Assign the Data $this->form = $form; $this->item = $item; $this->script = $script; if ($canDo->get('core.edit') || $canDo->get('core.create') && !JRequest::getVar('id') || JAccess::check($user->get('id'), 'core.admin') == 1) { // Set the toolbar $this->addToolBar(); // Display the template parent::display($tpl); } else { JError::raiseWarning(404, JText::_('JERROR_ALERTNOAUTHOR')); } // Set the document $this->setDocument(); }
/** * This method should handle any login logic and report back to the subject * * @access public * @param array holds the user data * @param array array holding options (remember, autoregister, group) * @return boolean True on success * @since 1.5 */ function onLoginUser($user, $options = array()) { jimport('joomla.user.helper'); $instance =& $this->_getUser($user, $options); // if _getUser returned an error, then pass it back. if (JError::isError($instance)) { return $instance; } // If the user is blocked, redirect with an error if ($instance->get('block') == 1) { return JError::raiseWarning('SOME_ERROR_CODE', JText::_('E_NOLOGIN_BLOCKED')); } //Authorise the user based on the group information if (!isset($options['group'])) { $options['group'] = 'USERS'; } jimport('joomla.access.access'); $result = JAccess::check($instance->id, $options['action']); if (!$result) { return JError::raiseWarning(401, JText::_('JError_Login_denied')); } //Mark the user as logged in $instance->set('guest', 0); // Register the needed session variables $session =& JFactory::getSession(); $session->set('user', $instance); // Update the user related fields for the Joomla sessions table. $db = JFactory::getDBO(); $db->setQuery('UPDATE `#__session`' . ' SET `guest` = ' . $db->quote($instance->get('guest')) . ',' . ' `username` = ' . $db->quote($instance->get('username')) . ',' . ' `userid` = ' . (int) $instance->get('id') . ' WHERE `session_id` = ' . $db->quote($session->getId())); $db->query(); // Hit the user last visit field $instance->setLastVisit(); return true; }
public static function getOptions($value, $artist) { //For getting the xml parameters $app = JFactory::getApplication(); $params = $app->getParams(); //Get User objects $user = JFactory::getUser(); $db = JFactory::getDbo(); $query = $db->getQuery(true); switch ($value) { case 'album': $query->select('album As value, album As text'); $query->where('artist = "' . $artist . '"'); $query->order('a.album'); $query->group('a.album'); break; case 'year': $query->select('year As value, year As text'); $query->where('artist = "' . $artist . '"'); $query->order('a.year DESC'); $query->group('a.year DESC'); break; default: return JText::_('TCE_PLG_ERROR_NO_VALUE_FOR_getOptions_FUNCTION'); } // Implement View Level Access if (!$user->authorise('core.admin') && !$params->get('show_noauth', 1)) { $groups = implode(',', $user->getAuthorisedViewLevels()); $groups = '0,' . $groups; $query->where('a.access IN (' . $groups . ')'); } //Filtering by user if (JAccess::check($user->get('id'), 'core.admin') != 1) { //Get user id $users = $user->get('id'); $userCheck = $params->get('show_all_users', 1); $userCheck = (int) $userCheck + $params->get('show_nobody', 1); if ($userCheck == 1) { if ($params->get('show_all_users', 1)) { $query->where('a.add_by >= 1'); } if ($params->get('show_nobody', 1)) { $users = '0,' . $users; $query->where('a.add_by IN (' . $users . ')'); } } elseif ($userCheck == 0) { $query->where('a.add_by = ' . $users . ''); } } $query->from('#__jpaudiotracks AS a'); // Get the options. $db->setQuery($query); $options = $db->loadObjectList(); // Check for a database error. if ($db->getErrorNum()) { JError::raiseWarning(500, $db->getErrorMsg()); } return $options; }
protected function allowEdit($data = array(), $key = 'id') { if (JAccess::check($data[$key], 'core.admin')) { if (!JFactory::getUser()->authorise('core.admin')) { return false; } } return parent::allowEdit($data, $key); }
/** * Overrides JControllerForm::allowEdit * * Checks that non-Super Admins are not editing Super Admins. * * @param array $data An array of input data. * @param string $key The name of the key for the primary key. * * @return boolean True if allowed, false otherwise. * * @since 1.6 */ protected function allowEdit($data = array(), $key = 'id') { // Check if this person is a Super Admin if (JAccess::check($data[$key], 'core.admin')) { // If I'm not a Super Admin, then disallow the edit. if (!JFactory::getUser()->authorise('core.admin')) { return false; } } return parent::allowEdit($data, $key); }
function PIE_Access($user) { global $mainframe; if ($mainframe) { //In Joomla 1.5, change this code if you wan´t to adjust which users who can edit images. return $user->usertype == 'Manager' || $user->usertype == 'Administrator' || $user->usertype == 'Super Administrator'; } else { //In Joomla 1.6 and 1.7, change this code if you wan´t to adjust which users who can edit images. //Group 8 = Super Users return JAccess::check($user->id, 'core.edit') || in_array(8, $user->groups); } }
/** * Get the rendering of this field type for a repeatable (grid) display, * e.g. in a view listing many item (typically a "browse" task). * We're going to check if the current user can edit an item or not, creating the correct link * * @since 2.0 * * @return string The field HTML */ public function getRepeatable() { $userid = JFactory::getUser()->id; $itemid = $this->item->todo_item_id; $created_by = $this->item->created_by; // If I can edit, or I am editing a record of mine (and I can do it) or I have // special permissions on that record, display the edit link if (JAccess::check($userid, 'core.edit', 'com_todo') || $created_by == $userid && JAccess::check($userid, 'core.edit.own', 'com_todo') || $created_by == $userid && JAccess::check($userid, 'core.edit.own', 'com_todo.item.' . $itemid) || JAccess::check($userid, 'core.edit', 'com_todo.item.' . $itemid)) { $url = 'index.php?option=com_todo&view=item&task=edit&id=[ITEM:ID]'; } else { $url = 'index.php?option=com_todo&view=item&id=[ITEM:ID]'; } $this->element['url'] = $url; return parent::getRepeatable(); }
function onBeforeRender() { if (!JFactory::getApplication()->isAdmin()) { $app = JFactory::getApplication(); $params = $app->getParams('com_playjoom'); $pj_access_level = (int) $params->get('pj_accesslevel'); //Check for access $user = JFactory::getUser(); if ($user->get('id') == 0 && $pj_access_level >= 2) { $public = null; } else { $groups = implode('|', $user->getAuthorisedViewLevels($user->get('id'))); if (preg_match("(" . $groups . ")", $pj_access_level) || JAccess::check($user->get('id'), 'core.admin') == 1 || $pj_access_level < 2) { $public = true; } else { $public = null; } } $template = $app->getTemplate(true); $file = JRequest::getCmd('tmpl', 'index'); if (!is_dir(JPATH_THEMES . '/' . $template->template)) { $file = 'index'; } if (!$public) { $file = 'nopublic'; JResponse::setHeader('Status', '503 Service Temporarily Unavailable', 'true'); } if (!is_dir(JPATH_THEMES . '/' . $template->template)) { $file = 'component'; } $params = array('file' => $file . '.php', 'template' => 'tmpl', 'directory' => JPATH_PLUGINS . '/system/pjauth/', 'params' => $template->params); $document = JFactory::getDocument(); $document->parse($params); $caching = false; if ($app->getCfg('caching') && $app->getCfg('caching', 2) == 2 && !$user->get('id')) { $caching = true; } // Render the document. JResponse::setBody($document->render($caching, $params)); } }
/** * Override getItems method. * * @return array * @since 1.6 */ public function getItems() { $userId = $this->getState('filter.user_id'); if (($assets = parent::getItems()) && $userId) { $actions = $this->getDebugActions(); foreach ($assets as &$asset) { $asset->checks = array(); foreach ($actions as $action) { $name = $action[0]; $level = $action[1]; // Check that we check this action for the level of the asset. if ($action[1] === null || $action[1] >= $asset->level) { // We need to test this action. $asset->checks[$name] = JAccess::check($userId, $action[0], $asset->name); } else { // We ignore this action. $asset->checks[$name] = 'skip'; } } } } return $assets; }
?> </th> <th class="nowrap" width="3%"><?php echo JHtml::_('grid.sort', 'COM_CJBLOG_AUTOAPPROVE', 'a.auto_approve', $listDirn, $listOrder); ?> </th> <th class="nowrap" width="3%"><?php echo JHtml::_('grid.sort', 'JGRID_HEADING_ID', 'a.id', $listDirn, $listOrder); ?> </th> </tr> </thead> <tbody> <?php foreach ($this->items as $i => $item) { if (!$user->authorise('core.manage') && JAccess::check($item->id, 'core.manage')) { $canEdit = false; $canChange = false; } else { $canEdit = true; $canChange = true; } ?> <tr class="row<?php echo $i % 2; ?> "> <td class="center"> <?php if ($canEdit) { ?>
/** * Tests the JAccess::check method. * * @param integer $userId user id * @param string $action action to test * @param integer $assetId asset id * @param mixed $result true if success, null if not * @param string $message fail message * * @return void * * @since 11.1 * @dataProvider casesCheck() */ public function testCheck($userId, $action, $assetId, $result, $message) { $access = new JAccess(); $this->assertThat($access->check($userId, $action, $assetId), $this->equalTo($result), $message); }
static function getUserPerms($user_id = null) { // handle jcomments integration if (JPluginHelper::isEnabled('system', 'jcomments')) { $JComments_Installed = 1; $destpath = JPATH_SITE . DS . 'components' . DS . 'com_jcomments' . DS . 'plugins'; $dest = $destpath . DS . 'com_flexicontent.plugin.php'; $source = JPATH_SITE . DS . 'components' . DS . 'com_flexicontent' . DS . 'librairies' . DS . 'jcomments' . DS . 'com_flexicontent.plugin.php'; jimport('joomla.filesystem.file'); if (!JFile::exists($dest)) { if (!JFolder::exists($destpath)) { if (!JFolder::create($destpath)) { JError::raiseWarning(100, JText::_('FLEXIcontent: Unable to create jComments plugin folder')); } } if (!JFile::copy($source, $dest)) { JError::raiseWarning(100, JText::_('FLEXIcontent: Unable to copy jComments plugin')); } else { $mainframe->enqueueMessage(JText::_('Copied FLEXIcontent jComments plugin')); } } } else { $JComments_Installed = 0; } // Find permissions for given user id $user = $user_id ? JFactory::getUser($user_id) : JFactory::getUser(); // no user id given, use current user) $permission = new stdClass(); // !!! This is the Super User Privelege of GLOBAL Configuration (==> (for J2.5) core.admin ACTION allowed on ROOT ASSET: 'root.1') $permission->SuperAdmin = JAccess::check($user->id, 'core.admin', 'root.1'); //!!! ALLOWs USERS to change component's CONFIGURATION (==> (for J2.5) core.admin ACTION allowed on COMPONENT ASSET: e.g. 'com_flexicontent') $permission->CanConfig = $user->authorise('core.admin', 'com_flexicontent'); //!!! ALLOWs USERS in JOOMLA BACKEND : (not used in J1.5) // (a) to view the FLEXIcontent menu item in Components Menu and // (b) to access the FLEXIcontent component screens (whatever they are allowed to see by individual FLEXIcontent area permissions) // NOTE: the initially installed permissions allows all areas to be managed for J2.5 and none (except for items) for J1.5 $permission->CanManage = $user->authorise('core.manage', 'com_flexicontent'); // ITEMS/CATEGORIES: category-inherited permissions, (NOTE: these are the global settings, so:) // *** 1. the action permissions of individual items are checked seperately per item // *** 2. the view permission is checked via the access level of each item // --- *. We will check for SOFT DENY, and then try to find the FIRST ALLOWED CATEGORY FOR EACH ACTION $permission->CanAdd = $user->authorise('core.create', 'com_flexicontent'); if ($permission->CanAdd === NULL) { $allowedcats = FlexicontentHelperPerm::getAllowedCats($user, $actions_allowed = array('core.create'), $require_all = true, $check_published = true, false, $find_first = true); $permission->CanAdd = count($allowedcats) > 0; } $permission->CanEdit = $user->authorise('core.edit', 'com_flexicontent'); if ($permission->CanEdit === NULL) { $allowedcats = FlexicontentHelperPerm::getAllowedCats($user, $actions_allowed = array('core.edit'), $require_all = true, $check_published = true, false, $find_first = true); $permission->CanEdit = count($allowedcats) > 0; } $permission->CanEditOwn = $user->authorise('core.edit.own', 'com_flexicontent'); if ($permission->CanEditOwn === NULL) { $allowedcats = FlexicontentHelperPerm::getAllowedCats($user, $actions_allowed = array('core.edit.own'), $require_all = true, $check_published = true, false, $find_first = true); $permission->CanEditOwn = count($allowedcats) > 0; } $permission->CanPublish = $user->authorise('core.edit.state', 'com_flexicontent'); if ($permission->CanPublish === NULL) { $allowedcats = FlexicontentHelperPerm::getAllowedCats($user, $actions_allowed = array('core.edit.state'), $require_all = true, $check_published = true, false, $find_first = true); $permission->CanPublish = count($allowedcats) > 0; } $permission->CanPublishOwn = $user->authorise('core.edit.state.own', 'com_flexicontent'); if ($permission->CanPublishOwn === NULL) { $allowedcats = FlexicontentHelperPerm::getAllowedCats($user, $actions_allowed = array('core.edit.state.own'), $require_all = true, $check_published = true, false, $find_first = true); $permission->CanPublishOwn = count($allowedcats) > 0; } $permission->CanDelete = $user->authorise('core.delete', 'com_flexicontent'); if ($permission->CanDelete === NULL) { $allowedcats = FlexicontentHelperPerm::getAllowedCats($user, $actions_allowed = array('core.delete'), $require_all = true, $check_published = true, false, $find_first = true); $permission->CanDelete = count($allowedcats) > 0; } $permission->CanDeleteOwn = $user->authorise('core.delete.own', 'com_flexicontent'); if ($permission->CanDeleteOwn === NULL) { $allowedcats = FlexicontentHelperPerm::getAllowedCats($user, $actions_allowed = array('core.delete.own'), $require_all = true, $check_published = true, false, $find_first = true); $permission->CanDeleteOwn = count($allowedcats) > 0; } $permission->CanChangeCat = $user->authorise('flexicontent.change.cat', 'com_flexicontent'); $permission->CanChangeSecCat = $user->authorise('flexicontent.change.cat.sec', 'com_flexicontent'); $permission->CanChangeFeatCat = $user->authorise('flexicontent.change.cat.feat', 'com_flexicontent'); // Permission for changing the ACL rules of items and categories that user can edit // Currently given to user that can edit component configuration $permission->CanRights = $permission->CanConfig; // Permission for changing the access level of items and categories that user can edit // (a) In J1.5 with FLEXIaccess, this is given to those that can edit the FLEXIaccess configuration // (b) In J1.5 without FLEXIaccess, this is given to users being at least an Editor // (c) In J2.5, this is the FLEXIcontent component ACTION 'accesslevel' $permission->CanAccLvl = $user->authorise('flexicontent.accesslevel', 'com_flexicontent'); // ITEMS: component controlled permissions $permission->DisplayAllItems = $user->authorise('flexicontent.displayallitems', 'com_flexicontent'); // (backend) List all items (otherwise only items that can be edited) $permission->CanCopy = $user->authorise('flexicontent.copyitems', 'com_flexicontent'); // (backend) Item Copy Task $permission->CanOrder = $user->authorise('flexicontent.orderitems', 'com_flexicontent'); // (backend) Reorder items inside the category $permission->CanParams = $user->authorise('flexicontent.paramsitem', 'com_flexicontent'); // (backend) Edit item parameters like meta data and template parameters $permission->CanVersion = $user->authorise('flexicontent.versioning', 'com_flexicontent'); // (backend) Use item versioning $permission->AssocAnyTrans = $user->authorise('flexicontent.assocanytrans', 'com_flexicontent'); // (item edit form) associate any translation $permission->EditCreationDate = $user->authorise('flexicontent.editcreationdate', 'com_flexicontent'); // (item edit form) edit creation date (frontend) $permission->IgnoreViewState = $user->authorise('flexicontent.ignoreviewstate', 'com_flexicontent'); // (Frontend Content Lists) ignore view state $permission->RequestApproval = $user->authorise('flexicontent.requestapproval', 'com_flexicontent'); // (Workflow) Send Approval Requests (for ANY draft items) $permission->AutoApproveChanges = $user->authorise('flexicontent.autoapprovechanges', 'com_flexicontent'); // (Workflow) Can publish document changes regardless of edit state // CATEGORIES: management tab and usage $permission->CanCats = $user->authorise('flexicontent.managecats', 'com_flexicontent'); // (item edit form) view the categories which user cannot assign to items $permission->ViewAllCats = $user->authorise('flexicontent.usercats', 'com_flexicontent'); // (item edit form) view the categories which user cannot assign to items $permission->ViewTree = $user->authorise('flexicontent.viewtree', 'com_flexicontent'); // (item edit form) view categories as tree instead of flat list $permission->MultiCat = $user->authorise('flexicontent.multicat', 'com_flexicontent'); // (item edit form) allow user to assign items to multiple categories $permission->CanAddCats = $permission->CanAdd && $permission->CanCats; // TAGS: management tab and usage $permission->CanTags = $user->authorise('flexicontent.managetags', 'com_flexicontent'); // (backend) Allow management of Item Types $permission->CanUseTags = $user->authorise('flexicontent.usetags', 'com_flexicontent'); // edit already assigned Tags of items $permission->CanNewTags = $user->authorise('flexicontent.newtags', 'com_flexicontent'); // add new Tags to items // VARIOUS management TABS: types, archives, statistics, templates, tags $permission->CanTypes = $user->authorise('flexicontent.managetypes', 'com_flexicontent'); // (backend) Allow management of Item Types $permission->CanArchives = $user->authorise('flexicontent.managearchives', 'com_flexicontent'); // (backend) Allow management of Archives $permission->CanTemplates = $user->authorise('flexicontent.managetemplates', 'com_flexicontent'); // (backend) Allow management of Templates $permission->CanStats = $user->authorise('flexicontent.managestats', 'com_flexicontent'); // (backend) Allow management of Statistics $permission->CanImport = $user->authorise('flexicontent.manageimport', 'com_flexicontent'); // (backend) Allow management of (Content) Import // FIELDS: management tab $permission->CanFields = $user->authorise('flexicontent.managefields', 'com_flexicontent'); // (backend) Allow management of Fields $permission->CanCopyFields = $user->authorise('flexicontent.copyfields', 'com_flexicontent'); // (backend) Field Copy Task $permission->CanOrderFields = $user->authorise('flexicontent.orderfields', 'com_flexicontent'); // (backend) Reorder fields inside each item type $permission->CanAddField = $user->authorise('flexicontent.createfield', 'com_flexicontent'); // (backend) Create fields $permission->CanEditField = $user->authorise('flexicontent.editfield', 'com_flexicontent'); // (backend) Edit fields $permission->CanDeleteField = $user->authorise('flexicontent.deletefield', 'com_flexicontent'); // (backend) Delete fields $permission->CanPublishField = $user->authorise('flexicontent.publishfield', 'com_flexicontent'); // (backend) Publish fields // FILES: management tab $permission->CanFiles = $user->authorise('flexicontent.managefiles', 'com_flexicontent'); // (backend) Allow management of Files $permission->CanUpload = $user->authorise('flexicontent.uploadfiles', 'com_flexicontent'); // allow user to upload Files $permission->CanViewAllFiles = $user->authorise('flexicontent.viewallfiles', 'com_flexicontent'); // allow user to view all Files // AUTHORS: management tab $permission->CanAuthors = $user->authorise('core.manage', 'com_users'); $permission->CanGroups = FLEXI_J16GE ? $permission->CanAuthors : 0; // SEARCH INDEX: management tab $permission->CanIndex = $permission->CanFields && ($permission->CanAddField || $permission->CanEditField); // OTHER components permissions $permission->CanPlugins = $user->authorise('core.manage', 'com_plugins'); $permission->CanComments = $user->authorise('core.manage', 'com_jcomments'); $permission->CanComments = $permission->CanComments && $JComments_Installed; $permission->JComments_Installed = $JComments_Installed; // Global parameter to force always displaying of categories as tree if (JComponentHelper::getParams('com_flexicontent')->get('cats_always_astree', 1)) { $permission->ViewTree = 1; } return $permission; }
/** * Get the message * @return object The message to be displayed to the user */ protected function getListQuery() { //For getting the xml parameters $app = JFactory::getApplication(); $params = $app->getParams(); // Create a new query object. $db = $this->getDbo(); $query = $db->getQuery(true); $user = JFactory::getUser(); // Select the required fields from the table. $query->select($this->getState('list.select', 'a.id, a.title, a.artist, a.album, a.year, a.add_datetime, a.mod_datetime, a.length, a.catid' . ', a.alias, a.pathatlocal, a.file, a.tracknumber, a.mediatype, a.filesize, a.access, a.add_by, a.access_datetime')); $query->from('#__jpaudiotracks AS a'); // Join over the asset groups. $query->select('ag.title AS access_level'); $query->join('LEFT', '#__viewlevels AS ag ON ag.id = a.access'); // Join over the categories. $query->select('c.title AS category_title'); $query->join('LEFT', '#__categories AS c ON c.id = a.catid'); // Join over the users. $query->select('u.username AS user'); $query->join('LEFT', '#__users AS u ON u.id = a.add_by'); // Implement View Level Access if (!$user->authorise('core.admin') && !$params->get('show_noauth', 1)) { $groups = implode(',', $user->getAuthorisedViewLevels()); $groups = '0,' . $groups; $query->where('a.access IN (' . $groups . ')'); } // Filter by Artist / Band. if ($artist = $this->getState('filter.artist')) { $query->where('a.artist = "' . $artist . '"'); } // Filter by Category. if ($category_id = $this->getState('filter.category_id')) { $query->where('a.catid = ' . $category_id); } //Filtering by user if (JAccess::check($user->get('id'), 'core.admin') != 1) { //Get user id $users = $user->get('id'); $userCheck = $params->get('show_all_users', 1); $userCheck = (int) $userCheck + $params->get('show_nobody', 1); if ($userCheck == 1) { if ($params->get('show_all_users', 1)) { $query->where('add_by >= 1'); } if ($params->get('show_nobody', 1)) { $users = '0,' . $users; $query->where('add_by IN (' . $users . ')'); } } elseif ($userCheck == 0) { $query->where('add_by = ' . $users . ''); } } // Filter by Album. if ($album = $this->getState('filter.album')) { $query->where('a.album = "' . $album . '"'); } // Filter by Year. if ($year = $this->getState('filter.year')) { $query->where('a.year = ' . $year); } /* * Group query configuration */ //$case = $params->get('show_section'); if ($params->get('show_section') != 'all' && $params->get('show_section') != '' && $app->scope != 'mod_pj_albumgallery' && $app->scope != 'mod_pj_lastplayed') { $query->group($params->get('show_section')); } else { if ($app->scope == 'mod_pj_albumgallery') { $query->group('a.album'); } } // Filter by search in title. $search = $this->getState('filter.search'); if (!empty($search)) { if (stripos($search, 'id:') === 0) { $query->where('a.id = ' . (int) substr($search, 3)); } else { if (stripos($search, 'author:') === 0) { $search = $db->Quote('%' . $db->getEscaped(substr($search, 7), true) . '%'); $query->where('(ua.name LIKE ' . $search . ' OR ua.username LIKE ' . $search . ')'); } else { $search = $db->Quote('%' . $db->getEscaped($search, true) . '%'); $query->where('(a.title LIKE ' . $search . ' OR a.album LIKE ' . $search . ' OR a.artist LIKE ' . $search . ')'); } } } // Add the list ordering clause. $orderCol = $this->state->get('list.ordering'); $orderDirn = $this->state->get('list.direction'); //Special ordering for the colum category if ($orderCol == 'a.ordering' || $orderCol == 'category_title') { $orderCol = 'category_title ' . $orderDirn . ', a.ordering'; } // Add the list ordering clause. //$query->order($db->getEscaped($orderCol.' '.$orderDirn)); //$query->order($db->getEscaped($this->getState('list.ordering', 'a.artist')).' '.$db->getEscaped($this->getState('list.direction', 'ASC'))); $query->order($this->getState('list.ordering', 'a.ordering') . ' ' . $this->getState('list.direction', 'ASC')); return $query; }
/** * Method to save the JUser object to the database * * @param boolean $updateOnly Save the object only if not a new user * Currently only used in the user reset password method. * * @return boolean True on success * * @since 11.1 * @throws exception */ public function save($updateOnly = false) { // Create the user table object $table = $this->getTable(); $this->params = (string) $this->_params; $table->bind($this->getProperties()); // Allow an exception to be thrown. try { // Check and store the object. if (!$table->check()) { $this->setError($table->getError()); return false; } // If user is made a Super Admin group and user is NOT a Super Admin // // @todo ACL - this needs to be acl checked // $my = JFactory::getUser(); //are we creating a new user $isNew = empty($this->id); // If we aren't allowed to create new users return if ($isNew && $updateOnly) { return true; } // Get the old user $oldUser = new JUser($this->id); // // Access Checks // // The only mandatory check is that only Super Admins can operate on other Super Admin accounts. // To add additional business rules, use a user plugin and throw an Exception with onUserBeforeSave. // Check if I am a Super Admin $iAmSuperAdmin = $my->authorise('core.admin'); $iAmRehashingSuperadmin = false; if ($my->id == 0 && !$isNew && $this->id == $oldUser->id && $oldUser->authorise('core.admin') && $oldUser->password != $this->password) { $iAmRehashingSuperadmin = true; } // We are only worried about edits to this account if I am not a Super Admin. if ($iAmSuperAdmin != true && $iAmRehashingSuperadmin != true) { if ($isNew) { // Check if the new user is being put into a Super Admin group. foreach ($this->groups as $groupId) { if (JAccess::checkGroup($groupId, 'core.admin')) { throw new Exception(JText::_('JLIB_USER_ERROR_NOT_SUPERADMIN')); } } } else { // I am not a Super Admin, and this one is, so fail. if (JAccess::check($this->id, 'core.admin')) { throw new Exception(JText::_('JLIB_USER_ERROR_NOT_SUPERADMIN')); } if ($this->groups != null) { // I am not a Super Admin and I'm trying to make one. foreach ($this->groups as $groupId) { if (JAccess::checkGroup($groupId, 'core.admin')) { throw new Exception(JText::_('JLIB_USER_ERROR_NOT_SUPERADMIN')); } } } } } // Fire the onUserBeforeSave event. JPluginHelper::importPlugin('user'); $dispatcher = JDispatcher::getInstance(); $result = $dispatcher->trigger('onUserBeforeSave', array($oldUser->getProperties(), $isNew, $this->getProperties())); if (in_array(false, $result, true)) { // Plugin will have to raise its own error or throw an exception. return false; } // Store the user data in the database if (!($result = $table->store())) { throw new Exception($table->getError()); } // Set the id for the JUser object in case we created a new user. if (empty($this->id)) { $this->id = $table->get('id'); } if ($my->id == $table->id) { $registry = new JRegistry(); $registry->loadString($table->params); $my->setParameters($registry); } // Fire the onUserAfterSave event $dispatcher->trigger('onUserAfterSave', array($this->getProperties(), $isNew, $result, $this->getError())); } catch (Exception $e) { $this->setError($e->getMessage()); return false; } return $result; }
public static function getGenreItems($catID, $Filter = array()) { $app = JFactory::getApplication(); $params = $app->getParams(); $user = JFactory::getUser(); $db = JFactory::getDbo(); $query = $db->getQuery(true); $query->select('a.id, a.artist, a.album, a.year, a.catid, a.access, a.add_by'); $query->from('#__jpaudiotracks AS a'); $query->where('a.catid="' . $catID . '"'); $query->group('a.album'); $query->order('RAND()'); // Join over the covers. $query->select('cb.id AS cover_id'); $query->join('LEFT', '#__jpcoverblobs AS cb ON cb.id = a.coverid'); // Implement View Level Access if (!$user->authorise('core.admin') && !$params->get('show_noauth', 1)) { $groups = implode(',', $user->getAuthorisedViewLevels()); $groups = '0,' . $groups; $query->where('a.access IN (' . $groups . ')'); } // Filter by Artist / Band. if ($Filter['filter.artist'] != '') { $query->where('a.artist = "' . $Filter['filter.artist'] . '"'); } // Filter by User. if ($Filter['filter.user_id'] != '') { $query->where('a.add_by = ' . $Filter['filter.user_id']); } // Filter by Year. if ($Filter['filter.year'] != '') { $query->where('a.year = "' . $Filter['filter.year'] . '"'); } //Filtering by user if (JAccess::check($user->get('id'), 'core.admin') != 1) { //Get user id $users = $user->get('id'); $userCheck = $params->get('show_all_users', 1); $userCheck = (int) $userCheck + $params->get('show_nobody', 1); if ($userCheck == 1) { if ($params->get('show_all_users', 1)) { $query->where('add_by >= 1'); } if ($params->get('show_nobody', 1)) { $users = '0,' . $users; $query->where('add_by IN (' . $users . ')'); } } elseif ($userCheck == 0) { $query->where('add_by = ' . $users . ''); } } // Get the genre items. $db->setQuery($query); $genre_items = $db->loadObjectList(); // Check for a database error. if ($db->getErrorNum()) { JError::raiseWarning(500, $db->getErrorMsg()); } return $genre_items; }
/** * Method for to get a list of valid albums for the filter menu * * @return JTable A database object * @since 0.9.460 */ public function getFilterOptionsAlbums() { //Get User Objects $user = JFactory::getUser(); $db = JFactory::getDbo(); $query = $db->getQuery(true); $query->select('album As value, album As text'); $query->order('a.album'); $query->group('a.album'); // Filter by Artist / Band. if ($artist = $this->getState('filter.artist')) { $query->where('a.artist = "' . $artist . '"'); } // Filter by Category. if ($category_id = $this->getState('filter.category_id')) { $query->where('a.catid = ' . $category_id); } // Filter by Category. if ($user_id = $this->getState('filter.user_id')) { $query->where('a.add_by = ' . $user_id); } // Filter by Album. if ($album = $this->getState('filter.album')) { $query->where('a.album = "' . $album . '"'); } // Filter by Year. if ($year = $this->getState('filter.year')) { $query->where('a.year = ' . $year); } // Filter by User. if (JAccess::check($user->get('id'), 'core.admin') != 1) { $query->where('a.add_by = ' . $user->get('id')); } $query->from('#__jpaudiotracks AS a'); // Get the options. $db->setQuery($query); $options = $db->loadObjectList(); // Check for a database error. if ($db->getErrorNum()) { JError::raiseWarning(500, $db->getErrorMsg()); } return $options; }
* * @PlayJoom Component * @copyright Copyright (C) 2010-2012 by www.teglo.info * @license http://www.gnu.org/copyleft/gpl.html GNU/GPL * @date $Date$ * @revision $Revision$ * @author $Author$ * @headurl $HeadURL$ */ // No direct access to this file defined('_JEXEC') or die('Restricted Access'); //Get User Objects $user = JFactory::getUser(); $canDo = PlayJoomHelper::getActions(); foreach ($this->items as $i => $item) { echo '<tr class="row' . $i % 2 . '">'; echo '<td>' . $item->id . '</td>'; echo '<td>' . JHtml::_('grid.id', $i, $item->id) . '</td>'; echo '<td>'; if ($canDo->get('core.edit') || JAccess::check($user->get('id'), 'core.admin') == 1) { echo '<a href="' . JRoute::_('index.php?option=com_playjoom&task=album.edit&id=' . $item->id) . '">'; echo $item->title; echo '</a>'; } else { echo $item->title; } echo '</td>'; echo '<td>' . $item->artist . '</td>'; echo '<td>' . $item->category . '</td>'; echo '</tr>'; }
/** * Batch to change the filter of a track. * * @param integer $value The new value matching a User ID. * @param array $pks An array of row IDs. * @param array $contexts An array of item contexts. * * @return boolean True if successful, false otherwise and internal error is set. * * @since 0.9.5xx */ protected function batchTrackfilter($value, $pks, $contexts) { // Set the variables $user = JFactory::getUser(); $canDo = PlayJoomHelper::getActions(); $userId = $user->get('id'); $table = $this->getTable(); $datetime = JFactory::getDate('now', null); foreach ($pks as $pk) { if ($canDo->get('core.edit') || JAccess::check($user->get('id'), 'core.admin') == 1) { $table->reset(); $table->load($pk); $table->trackfilterid = (int) $value; $table->mod_datetime = $datetime; $table->mod_by = $userId; if (!$table->store()) { $this->setError($table->getError()); return false; } } else { $this->setError(JText::_('JLIB_APPLICATION_ERROR_BATCH_CANNOT_EDIT')); return false; } } // Clean the cache $this->cleanCache(); return true; }
function delete() { $mainframe = JFactory::getApplication(); $user = JFactory::getUser(); $cid = JRequest::getVar('cid'); JArrayHelper::toInteger($cid); $db = JFactory::getDBO(); if (in_array($user->id, $cid)) { foreach ($cid as $key => $id) { if ($id == $user->id) { unset($cid[$key]); } } $mainframe->enqueueMessage(JText::_('K2_YOU_CANNOT_DELETE_YOURSELF'), 'notice'); } if (count($cid) < 1) { $mainframe->enqueueMessage(JText::_('K2_DELETE_COMPLETED')); $mainframe->redirect('index.php?option=com_k2&view=users'); } if (K2_JVERSION != '15') { JPluginHelper::importPlugin('user'); $dispatcher = JDispatcher::getInstance(); $iAmSuperAdmin = $user->authorise('core.admin'); foreach ($cid as $key => $id) { $table = JTable::getInstance('user'); $table->load($id); $allow = $user->authorise('core.delete', 'com_users'); // Don't allow non-super-admin to delete a super admin $allow = !$iAmSuperAdmin && JAccess::check($id, 'core.admin') ? false : $allow; if ($allow) { // Get users data for the users to delete. $user_to_delete = JFactory::getUser($id); // Fire the onUserBeforeDelete event. $dispatcher->trigger('onUserBeforeDelete', array($table->getProperties())); if (!$table->delete($id)) { $this->setError($table->getError()); return false; } else { // Trigger the onUserAfterDelete event. $dispatcher->trigger('onUserAfterDelete', array($user_to_delete->getProperties(), true, $this->getError())); } } else { // Prune items that you can't change. unset($cid[$key]); JError::raiseWarning(403, JText::_('JERROR_CORE_DELETE_NOT_PERMITTED')); } } $IDsToDelete = $cid; } else { $query = "SELECT * FROM #__users WHERE id IN(" . implode(',', $cid) . ") AND gid<={$user->gid}"; $db->setQuery($query); $IDsToDelete = K2_JVERSION == '30' ? $db->loadColumn() : $db->loadResultArray(); $query = "DELETE FROM #__users WHERE id IN(" . implode(',', $IDsToDelete) . ") AND id!={$user->id}"; $db->setQuery($query); $db->query(); } $query = "DELETE FROM #__k2_users WHERE userID IN(" . implode(',', $IDsToDelete) . ") AND userID!={$user->id}"; $db->setQuery($query); $db->query(); $mainframe->enqueueMessage(JText::_('K2_DELETE_COMPLETED')); $mainframe->redirect('index.php?option=com_k2&view=users'); }
/** * Method to approve user records. * * @param array &$pks The ids of the items to approve. * * @return boolean True on success. */ function approve(&$pks) { // Check if I am a Super Admin $iAmSuperAdmin = User::authorise('core.admin'); $table = $this->getTable(); $pks = (array) $pks; // Access checks. foreach ($pks as $i => $pk) { if ($table->load($pk)) { $old = $table->getProperties(); $allow = User::authorise('core.edit.state', 'com_users'); // Don't allow non-super-admin to delete a super admin $allow = !$iAmSuperAdmin && JAccess::check($pk, 'core.admin') ? false : $allow; if ($allow) { $table->approved = 1; // Allow an exception to be thrown. try { if (!$table->check()) { $this->setError($table->getError()); return false; } // Trigger the onUserBeforeSave event. $result = Event::trigger('user.onUserBeforeSave', array($old, false, $table->getProperties())); if (in_array(false, $result, true)) { // Plugin will have to raise it's own error or throw an exception. return false; } // Store the table. if (!$table->store()) { $this->setError($table->getError()); return false; } // Fire the onAftereStoreUser event Event::trigger('user.onUserAfterSave', array($table->getProperties(), false, true, null)); } catch (Exception $e) { $this->setError($e->getMessage()); return false; } } else { // Prune items that you can't change. unset($pks[$i]); Notify::warning(Lang::txt('JLIB_APPLICATION_ERROR_EDITSTATE_NOT_PERMITTED')); } } } return true; }
public static function getFilteritems($trackfilterid) { //Get User objects $user = JFactory::getUser(); //For getting the xml parameters $app = JFactory::getApplication(); $params = $app->getParams(); $db = JFactory::getDbo(); $query = $db->getQuery(true); $query->select('a.album, a.year, a.artist, a.catid'); $query->where('a.artist = "' . base64_decode(JRequest::getVar('artist')) . '" AND a.trackfilterid =' . $trackfilterid); $query->order('a.year'); $query->group('a.album'); // Join over the categories. $query->select('c.title AS category_title'); $query->join('LEFT', '#__categories AS c ON c.id = a.catid'); // Implement View Level Access if (!$user->authorise('core.admin') && !$params->get('show_noauth', 1)) { $groups = implode(',', $user->getAuthorisedViewLevels()); $groups = '0,' . $groups; $query->where('a.access IN (' . $groups . ')'); } //Filtering by user if (JAccess::check($user->get('id'), 'core.admin') != 1) { //Get user id $users = $user->get('id'); $userCheck = $params->get('show_all_users', 1); $userCheck = (int) $userCheck + $params->get('show_nobody', 1); if ($userCheck == 1) { if ($params->get('show_all_users', 1)) { $query->where('a.add_by >= 1'); } if ($params->get('show_nobody', 1)) { $users = '0,' . $users; $query->where('a.add_by IN (' . $users . ')'); } } elseif ($userCheck == 0) { $query->where('a.add_by = ' . $users . ''); } } $query->from('#__jpaudiotracks AS a'); // Get the options. $db->setQuery($query); $album_list = $db->loadObjectList(); // Check for a database error. if ($db->getErrorNum()) { JError::raiseWarning(500, $db->getErrorMsg()); } return $album_list; }
/** * Method to activate user records. * * @param array &$pks The ids of the items to activate. * * @return boolean True on success. * * @since 1.6 */ public function activate(&$pks) { $dispatcher = JEventDispatcher::getInstance(); $user = JFactory::getUser(); // Check if I am a Super Admin $iAmSuperAdmin = $user->authorise('core.admin'); $table = $this->getTable(); $pks = (array) $pks; JPluginHelper::importPlugin($this->events_map['save']); // Access checks. foreach ($pks as $i => $pk) { if ($table->load($pk)) { $old = $table->getProperties(); $allow = $user->authorise('core.edit.state', 'com_users'); // Don't allow non-super-admin to delete a super admin $allow = !$iAmSuperAdmin && JAccess::check($pk, 'core.admin') ? false : $allow; if (empty($table->activation)) { // Ignore activated accounts. unset($pks[$i]); } elseif ($allow) { $table->block = 0; $table->activation = ''; // Allow an exception to be thrown. try { if (!$table->check()) { $this->setError($table->getError()); return false; } // Trigger the before save event. $result = $dispatcher->trigger($this->event_before_save, array($old, false, $table->getProperties())); if (in_array(false, $result, true)) { // Plugin will have to raise it's own error or throw an exception. return false; } // Store the table. if (!$table->store()) { $this->setError($table->getError()); return false; } // Fire the after save event $dispatcher->trigger($this->event_after_save, array($table->getProperties(), false, true, null)); } catch (Exception $e) { $this->setError($e->getMessage()); return false; } } else { // Prune items that you can't change. unset($pks[$i]); JError::raiseWarning(403, JText::_('JLIB_APPLICATION_ERROR_EDITSTATE_NOT_PERMITTED')); } } } return true; }
/** * Method for to get a list of valid genres for the filter menu * * @return JTable A database object * @since 0.9.460 */ public function getFilterOptionsGenres() { $dispatcher = JDispatcher::getInstance(); //Get User Objects $user = JFactory::getUser(); $db = JFactory::getDbo(); $query = $db->getQuery(true); $query->select('catid As value'); $query->group('a.catid'); // Join over the categories. $query->select('c.title AS text'); $query->join('LEFT', '#__categories AS c ON c.id = a.catid'); // Filter by Artist / Band. if ($artist = $this->getState('filter.artist')) { $query->where('a.artist = "' . $artist . '"'); } // Filter by Category. if ($category_id = $this->getState('filter.category_id')) { $query->where('a.catid = ' . $category_id); } // Filter by Category. if ($user_id = $this->getState('filter.user_id')) { $query->where('a.add_by = ' . $user_id); } // Filter by Album. if ($album = $this->getState('filter.album')) { $query->where('a.album = "' . $album . '"'); } // Filter by Year. if ($year = $this->getState('filter.year')) { $query->where('a.year = ' . $year); } // Filter by User. if (JAccess::check($user->get('id'), 'core.admin') != 1) { $query->where('a.add_by = ' . $user->get('id')); } $query->from('#__jpaudiotracks AS a'); // Get the options. $db->setQuery($query); $options = $db->loadObjectList(); // Check for a database error. if ($db->getErrorNum()) { $dispatcher->trigger('onEventLogging', array(array('method' => __METHOD__ . ":" . __LINE__, 'message' => 'Problem with database query: ' . $db->getErrorMsg(), 'priority' => JLog::ERROR, 'section' => 'site'))); JError::raiseWarning(500, $db->getErrorMsg()); } return $options; }
public static function getAlbumItems($AlbumName) { //Get User objects $user = JFactory::getUser(); //For getting the xml parameters $app = JFactory::getApplication(); $params = $app->getParams(); $db = JFactory::getDbo(); $query = $db->getQuery(true); //$query->setState('list.limit', 5); $query->select('a.id, a.title, a.album, a.length, a.hits, a.pathatlocal, a.file'); //$query->order('a.create_date', 'DESC'); $query->from('#__jpaudiotracks AS a'); $query->where('a.album="' . $AlbumName . '"'); $query->order('RAND()'); // Implement View Level Access if (!$user->authorise('core.admin') && !$params->get('show_noauth', 1)) { $groups = implode(',', $user->getAuthorisedViewLevels()); $groups = '0,' . $groups; $query->where('a.access IN (' . $groups . ')'); } //Filtering by user if (JAccess::check($user->get('id'), 'core.admin') != 1) { //Get user id $users = $user->get('id'); $userCheck = $params->get('show_all_users', 1); $userCheck = (int) $userCheck + $params->get('show_nobody', 1); if ($userCheck == 1) { if ($params->get('show_all_users', 1)) { $query->where('add_by >= 1'); } if ($params->get('show_nobody', 1)) { $users = '0,' . $users; $query->where('add_by IN (' . $users . ')'); } } elseif ($userCheck == 0) { $query->where('add_by = ' . $users . ''); } } // Get the genre items. $db->setQuery($query); $genre_items = $db->loadObjectList(); // Check for a database error. if ($db->getErrorNum()) { JError::raiseWarning(500, $db->getErrorMsg()); } return $genre_items; }
public static function getArtistItems($CatID) { //Get PlayJoom maccess config $app = JFactory::getApplication(); $params = $app->getParams(); //Get User Objects $user = JFactory::getUser(); $db = JFactory::getDbo(); $query = $db->getQuery(true); //$query->setState('list.limit', 5); $query->select('a.artist, a.catid'); //$query->order('a.create_date', 'DESC'); $query->from('#__jpaudiotracks AS a'); $query->where('a.catid="' . $CatID . '"'); //Filtering by user if (JAccess::check($user->get('id'), 'core.admin') != 1) { //Get user id $users = $user->get('id'); $userCheck = $params->get('show_all_users', 1); $userCheck = (int) $userCheck + $params->get('show_nobody', 1); if ($userCheck == 1) { if ($params->get('show_all_users', 1)) { $query->where('add_by >= 1'); } if ($params->get('show_nobody', 1)) { $users = '0,' . $users; $query->where('add_by IN (' . $users . ')'); } } elseif ($userCheck == 0) { $query->where('add_by = ' . $users . ''); } } // Implement View Level Access if (!$user->authorise('core.admin') && !$params->get('show_noauth', 1)) { $groups = implode(',', $user->getAuthorisedViewLevels()); $groups = '0,' . $groups; $query->where('a.access IN (' . $groups . ')'); } $query->group('a.artist'); // Get the genre items. $db->setQuery($query); $genre_items = $db->loadObjectList(); // Check for a database error. if ($db->getErrorNum()) { JError::raiseWarning(500, $db->getErrorMsg()); } return $genre_items; }
* @headurl $HeadURL: http://dev.teglo.info/svn/playjoom/components/com_playjoom/views/genres/tmpl/default_filter.php $ */ // No direct access to this file defined('_JEXEC') or die('Restricted Access'); JLoader::import('helpers.genres', JPATH_SITE . DIRECTORY_SEPARATOR . 'components' . DIRECTORY_SEPARATOR . 'com_playjoom'); JHtml::_('formbehavior.chosen', 'select'); //Get User objects $user = JFactory::getUser(); echo '<fieldset class="batch">'; echo '<legend>' . JText::_('JSEARCH_FILTER_LABEL') . '</legend>'; echo '<input type="text" name="filter_search" id="filter_search" value="' . $this->escape($this->state->get('filter.search')) . '" title="' . JText::_('COM_CONTENT_FILTER_SEARCH_DESC') . '" />'; echo '<button type="submit" class="small button">' . JText::_('JSEARCH_FILTER_SUBMIT') . '</button>'; echo '<button type="button" class="small button" onclick="document.id(\'filter_search\').value=\'\';this.form.submit();">' . JText::_('JSEARCH_FILTER_CLEAR') . '</button>'; echo '<p class="filter-selector">'; echo '<select name="filter_artist" class="PJ-filtermenu" onchange="this.form.submit()">'; echo '<option value="">' . JText::_('COM_PLAYJOOM_FILTER_ARTIST') . '</option>'; echo JHtml::_('select.options', PlayJoomGenresHelper::getOptions('artist'), 'value', 'text', $this->state->get('filter.artist')); echo '</select>'; echo '<select name="filter_year" class="PJ-filtermenu" onchange="this.form.submit()">'; echo '<option value="">' . JText::_('COM_PLAYJOOM_FILTER_YEAR') . '</option>'; echo JHtml::_('select.options', PlayJoomGenresHelper::getOptions('year'), 'value', 'text', $this->state->get('filter.year')); echo '</select>'; if ($this->params->get('show_all_users', 1) || JAccess::check($user->get('id'), 'core.admin') == 1) { echo '<select name="filter_user_id" class="PJ-filtermenu" onchange="this.form.submit()">'; echo '<option value="">' . JText::_('COM_PLAYJOOM_FILTER_USER') . '</option>'; echo JHtml::_('select.options', $this->authors, 'value', 'text', $this->state->get('filter.user_id')); echo '</select>'; } echo '</p>'; echo '</fieldset>'; echo '<div class="divider-view"></div>';
/** * Method to check User object authorisation against an access control * object and optionally an access extension object * * @param string $action The name of the action to check for permission. * @param string $assetname The name of the asset on which to perform the action. * @return boolean True if authorised * @since 2.1.0 */ public function authorise($action, $assetname = null) { // Make sure we only check for core.admin once during the run. if ($this->isRoot === null) { $this->isRoot = false; // Check for the configuration file failsafe. $rootUser = \App::get('config')->get('root_user'); // The root_user variable can be a numeric user ID or a username. if (is_numeric($rootUser) && $this->get('id') > 0 && $this->get('id') == $rootUser) { $this->isRoot = true; } elseif ($this->username && $this->username == $rootUser) { $this->isRoot = true; } else { // Get all groups against which the user is mapped. $identities = $this->getAuthorisedGroups(); array_unshift($identities, $this->get('id') * -1); if (\JAccess::getAssetRules(1)->allow('core.admin', $identities)) { $this->isRoot = true; return true; } } } return $this->isRoot ? true : \JAccess::check($this->get('id'), $action, $assetname); }
</th> <th class="nowrap id-col"> <?php echo JHtml::_('grid.sort', 'JGRID_HEADING_ID', 'a.id', $listDirn, $listOrder); ?> </th> </tr> </thead> <tbody> <?php foreach ($this->items as $i => $item) { $canEdit = $this->canDo->get('core.edit'); $canChange = $loggeduser->authorise('core.edit.state', 'com_users'); // If this group is super admin and this user is not super admin, $canEdit is false if (!$loggeduser->authorise('core.admin') && JAccess::check($item->id, 'core.admin')) { $canEdit = false; $canChange = false; } ?> <tr class="row<?php echo $i % 2; ?> "> <td> <?php if ($canEdit) { ?> <?php echo JHtml::_('grid.id', $i, $item->id); ?>
public static function activate($params) { $result = array(); $result['success'] = true; if(empty($params['allow_work'])) { $result['success'] = false; $result['title'] = 'Error'; $result['content'] = JText::_("Error"); return $result; } unset($params['allow_work']); //oseExit($params); $db = oseDB::instance(); $post = JRequest::get('post'); $msc_id = $params['msc_id']; $member_id = $params['member_id']; if(empty($msc_id)) { $result['success'] = false; $result['title'] = 'Error'; $result['content'] = JText::_("Renew Msc: No Msc ID"); return $result; } // get the groupid of msc $query = "SELECT * FROM `#__osemsc_ext` WHERE `id` = '{$msc_id}' AND `type` = 'jgroup'"; $db->setQuery($query); $data = $db->loadObject(); if(empty($data) || JAccess::check($member_id, 'core.admin')) { $result['success'] = true; $result['title'] = JText::_('Done'); $result['content'] = JText::_("Done"); return $result; } $data = oseJson::decode($data->params); if(empty($data->jgroup_id)) { $result['success'] = true; $result['title'] = JText::_('Done'); $result['content'] = JText::_("Done"); return $result; } $user = JUser::getInstance($member_id); $group['groups'] = array_merge($user->groups,(array)$data->jgroup_id); $group['groups'] = array_unique( $group['groups']); $user->bind($group); if (!$user->save()) { $result['success'] = false; $result['title'] = 'Error'; $result['content'] = JText::_("Error"); return $result; } $result['success'] = true; $result['title'] = JText::_('Done'); $result['content'] = JText::_("Done"); return $result; }