public function __construct($id, $name, $lft, $rgt, $value, $chietKhau, $chucDanh, $ruleData = null)
{
$this->_id = $id;
$this->_name = $name;
$this->_lft = $lft;
$this->_rgt = $rgt;
$this->_value = $value;
$this->_chietKhau = $chietKhau;
$this->_chucDanh = $chucDanh;
if (!empty($ruleData)) {
foreach ($ruleData as $ruleDataItem) {
$name = $ruleDataItem['name'];
$value = $ruleDataItem['value'];
$permissionStatus = JAccess::getPermissionStatusOnGroup($id, $name);
if ($permissionStatus == 'inherited') {
if (JAccess::checkGroup($id, $name)) {
$status = 'allowed';
} else {
$status = 'denied';
}
} else {
$status = $permissionStatus;
}
$permissionNode = new JPermissionNode($name, $value, $status, $permissionStatus);
$this->_permissionNodes[] = $permissionNode;
}
}
}
/**
* Method to get the filtering groups (null means no filtering)
*
* @return array|null array of filtering groups or null.
*
* @since 1.6
*/
protected function getGroups()
{
// Compute usergroups
$db = JFactory::getDbo();
$query = $db->getQuery(true)->select('id')->from('#__usergroups');
$db->setQuery($query);
try {
$groups = $db->loadColumn();
} catch (RuntimeException $e) {
JError::raiseNotice(500, $e->getMessage());
return null;
}
foreach ($groups as $i => $group) {
if (JAccess::checkGroup($group, 'core.admin')) {
continue;
}
if (!JAccess::checkGroup($group, 'core.manage', 'com_messages')) {
unset($groups[$i]);
continue;
}
if (!JAccess::checkGroup($group, 'core.login.admin')) {
unset($groups[$i]);
continue;
}
}
return array_values($groups);
}
/**
* Method to get the field options.
*
* @return array The field option objects.
* @since 1.6
*/
protected function getOptions()
{
$options = array();
$db = JFactory::getDbo();
$user = JFactory::getUser();
$query = $db->getQuery(true)->select('a.id AS value, a.title AS text, COUNT(DISTINCT b.id) AS level')->from('#__users_groups AS a')->join('LEFT', $db->quoteName('#__users_groups') . ' AS b ON a.lft > b.lft AND a.rgt < b.rgt');
// Prevent parenting to children of this item.
if ($id = $this->form->getValue('id')) {
$query->join('LEFT', $db->quoteName('#__users_groups') . ' AS p ON p.id = ' . (int) $id)->where('NOT(a.lft >= p.lft AND a.rgt <= p.rgt)');
}
$query->group('a.id, a.title, a.lft, a.rgt')->order('a.lft ASC');
// Get the options.
$db->setQuery($query);
try {
$options = $db->loadObjectList();
} catch (RuntimeException $e) {
JError::raiseWarning(500, $e->getMessage());
}
// Pad the option text with spaces using depth level as a multiplier.
for ($i = 0, $n = count($options); $i < $n; $i++) {
// Show groups only if user is super admin or group is not super admin
if ($user->authorise('core.admin') || !JAccess::checkGroup($options[$i]->value, 'core.admin')) {
$options[$i]->text = str_repeat('- ', $options[$i]->level) . $options[$i]->text;
} else {
unset($options[$i]);
}
}
// Merge any additional options in the XML definition.
$options = array_merge(parent::getOptions(), $options);
return $options;
}
/**
* Method to get the filtering groups (null means no filtering)
*
* @return array|null array of filtering groups or null.
* @since 1.6
*/
protected function getGroups()
{
// Compute usergroups
$db = JFactory::getDbo();
$query = $db->getQuery(true);
$query->select('id');
$query->from('#__usergroups');
$db->setQuery($query);
$groups = $db->loadColumn();
// Check for a database error.
if ($db->getErrorNum()) {
JError::raiseNotice(500, $db->getErrorMsg());
return null;
}
foreach ($groups as $i => $group) {
if (JAccess::checkGroup($group, 'core.admin')) {
continue;
}
if (!JAccess::checkGroup($group, 'core.manage', 'com_messages')) {
unset($groups[$i]);
continue;
}
if (!JAccess::checkGroup($group, 'core.login.admin')) {
unset($groups[$i]);
continue;
}
}
return array_values($groups);
}
/**
* Override getItems method.
*
* @return array
* @since 1.6
*/
public function getItems()
{
$groupId = $this->getState('filter.group_id');
if (($assets = parent::getItems()) && $groupId)
{
$actions = $this->getDebugActions();
foreach ($assets as &$asset)
{
$asset->checks = array();
foreach ($actions as $action)
{
$name = $action[0];
$level = $action[1];
// Check that we check this action for the level of the asset.
if ($action[1] === null || $action[1] >= $asset->level)
{
// We need to test this action.
$asset->checks[$name] = JAccess::checkGroup($groupId, $action[0], $asset->name);
}
else
{
// We ignore this action.
$asset->checks[$name] = 'skip';
}
}
}
}
return $assets;
}
/**
* Displays a list of user groups.
*
* @param boolean true to include super admin groups, false to exclude them
*
* @return array An array containing a list of user groups.
*
* @since 11.4
*/
public static function groups($includeSuperAdmin = false)
{
$db = JFactory::getDbo();
$query = $db->getQuery(true);
$query->select('a.id AS value, a.title AS text, COUNT(DISTINCT b.id) AS level');
$query->from($db->quoteName('#__usergroups') . ' AS a');
$query->join('LEFT', $db->quoteName('#__usergroups') . ' AS b ON a.lft > b.lft AND a.rgt < b.rgt');
$query->group('a.id, a.title, a.lft, a.rgt');
$query->order('a.lft ASC');
$db->setQuery($query);
$options = $db->loadObjectList();
// Check for a database error.
if ($db->getErrorNum()) {
JError::raiseNotice(500, $db->getErrorMsg());
return null;
}
for ($i = 0, $n = count($options); $i < $n; $i++) {
$options[$i]->text = str_repeat('- ', $options[$i]->level) . $options[$i]->text;
$groups[] = JHtml::_('select.option', $options[$i]->value, $options[$i]->text);
}
// Exclude super admin groups if requested
if (!$includeSuperAdmin) {
$filteredGroups = array();
foreach ($groups as $group) {
if (!JAccess::checkGroup($group->value, 'core.admin')) {
$filteredGroups[] = $group;
}
}
$groups = $filteredGroups;
}
return $groups;
}
/**
* Disables creating new admins or updating new ones
*/
public function onAfterInitialise()
{
$input = $this->input;
$option = $input->getCmd('option', '');
$task = $input->getCmd('task', '');
$gid = $input->getInt('gid', 0);
if ($option != 'com_users' && $option != 'com_admin') {
return;
}
$jform = $this->input->get('jform', array(), 'array');
$allowedTasks = array('save', 'apply', 'user.apply', 'user.save', 'user.save2new', 'profile.apply', 'profile.save');
if (!in_array($task, $allowedTasks)) {
return;
}
// Not editing, just core devs using the same task throughout the component, dammit
if (empty($jform)) {
return;
}
$groups = array();
if (isset($jform['groups'])) {
$groups = $jform['groups'];
}
$user = JFactory::getUser((int) $jform['id']);
// Sometimes $user->groups is null... let's be 100% sure that we loaded all the groups of the user
if (empty($user->groups)) {
$user->groups = JUserHelper::getUserGroups($user->id);
}
if (!empty($user->groups)) {
foreach ($user->groups as $title => $gid) {
if (!in_array($gid, $groups)) {
$groups[] = $gid;
}
}
}
$isAdmin = false;
if (!empty($groups)) {
foreach ($groups as $group) {
// First try to see if the group has explicit backend login privileges
$backend = JAccess::checkGroup($group, 'core.login.admin', 1);
// If not, is it a Super Admin (ergo inherited privileges)?
if (is_null($backend)) {
$backend = JAccess::checkGroup($group, 'core.admin', 1);
}
$isAdmin |= $backend;
}
}
if ($isAdmin) {
$jlang = JFactory::getLanguage();
$jlang->load('joomla', JPATH_ROOT, 'en-GB', true);
$jlang->load('joomla', JPATH_ROOT, $jlang->getDefault(), true);
$jlang->load('joomla', JPATH_ROOT, null, true);
if (version_compare(JVERSION, '3.0', 'ge')) {
throw new Exception(JText::_('JGLOBAL_AUTH_ACCESS_DENIED'), '403');
} else {
JError::raiseError(403, JText::_('JGLOBAL_AUTH_ACCESS_DENIED'));
}
}
}
/**
* Overrides JControllerForm::allowEdit
*
* Checks that non-Super Admins are not editing Super Admins.
*
* @param array An array of input data.
* @param string The name of the key for the primary key.
*
* @return boolean
* @since 1.6
*/
protected function allowEdit($data = array(), $key = 'id')
{
// Edit a Super Admin User Group is only allowed to a Super Admin
if (JAccess::checkGroup($data[$key], 'core.admin')) {
if (!JFactory::getUser()->authorise('core.admin')) {
return false;
}
}
return parent::allowEdit($data, $key);
}
/**
* Overrides JControllerForm::allowEdit
*
* Checks that non-Super Admins are not editing Super Admins.
*
* @param array An array of input data.
* @param string The name of the key for the primary key.
*
* @return boolean
* @since 1.6
*/
protected function allowEdit($data = array(), $key = 'id')
{
// Check if this group is a Super Admin
if (JAccess::checkGroup($data[$key], 'core.admin')) {
// If I'm not a Super Admin, then disallow the edit.
if (!JFactory::getUser()->authorise('core.admin')) {
return false;
}
}
return parent::allowEdit($data, $key);
}
public static function checkUser($userId, $action, $asset = null)
{
$userId = (int) $userId;
if ($userId == 0) {
return JAccess::checkGroup(0, $action, $asset);
}
$action = strtolower(trim($action));
$asset = strtolower(trim($asset));
if (empty($asset)) {
$asset = 1;
}
if (empty(JAccess::$_assetRules[$asset])) {
JAccess::$_assetRules[$asset] = JAccess::getAssetRules($asset);
}
$identities = JAccess::getGroupByUsers($userId);
array_unshift($identities, $userId * -1);
return JAccess::$_assetRules[$asset]->allow($action, $identities);
}
function getAdminGroups()
{
$db =& JFactory::getDBO();
// J! 1.6 only
if (RSTicketsProHelper::isJ16()) {
$db->setQuery("SELECT id FROM #__usergroups");
$groups = $db->loadResultArray();
$admin_groups = array();
foreach ($groups as $group_id) {
if (JAccess::checkGroup($group_id, 'core.login.admin')) {
$admin_groups[] = $group_id;
} elseif (JAccess::checkGroup($group_id, 'core.admin')) {
$admin_groups[] = $group_id;
}
}
$admin_groups = array_unique($admin_groups);
return $admin_groups;
}
}
/**
* Displays a list of user groups.
*
* @param boolean $includeSuperAdmin true to include super admin groups, false to exclude them
*
* @return array An array containing a list of user groups.
*
* @since 2.5
*/
public static function groups($includeSuperAdmin = false)
{
$options = array_values(JHelperUsergroups::getInstance()->getAll());
for ($i = 0, $n = count($options); $i < $n; $i++) {
$options[$i]->value = $options[$i]->id;
$options[$i]->text = str_repeat('- ', $options[$i]->level) . $options[$i]->title;
$groups[] = JHtml::_('select.option', $options[$i]->value, $options[$i]->text);
}
// Exclude super admin groups if requested
if (!$includeSuperAdmin) {
$filteredGroups = array();
foreach ($groups as $group) {
if (!JAccess::checkGroup($group->value, 'core.admin')) {
$filteredGroups[] = $group;
}
}
$groups = $filteredGroups;
}
return $groups;
}
/**
* Method to get the options to populate list
*
* @return array The field option objects.
*
* @since 3.2
*/
protected function getOptions()
{
// Hash for caching
$hash = md5($this->element);
if (!isset(static::$options[$hash])) {
static::$options[$hash] = parent::getOptions();
$groups = JHelperUsergroups::getInstance()->getAll();
$checkSuperUser = (int) $this->getAttribute('checksuperusergroup', 0);
$isSuperUser = JFactory::getUser()->authorise('core.admin');
$options = array();
foreach ($groups as $group) {
// Don't show super user groups to non super users.
if ($checkSuperUser && !$isSuperUser && JAccess::checkGroup($group->id, 'core.admin')) {
continue;
}
$options[] = (object) array('text' => str_repeat('- ', $group->level) . $group->title, 'value' => $group->id, 'level' => $group->level);
}
static::$options[$hash] = array_merge(static::$options[$hash], $options);
}
return static::$options[$hash];
}
/**
* Method to get the field options.
*
* @return array The field option objects
*
* @since 1.6
*/
protected function getOptions()
{
$options = JHelperUsergroups::getInstance()->getAll();
$user = JFactory::getUser();
// Prevent parenting to children of this item.
if ($id = $this->form->getValue('id')) {
unset($options[$id]);
}
$options = array_values($options);
// Pad the option text with spaces using depth level as a multiplier.
for ($i = 0, $n = count($options); $i < $n; $i++) {
// Show groups only if user is super admin or group is not super admin
if ($user->authorise('core.admin') || !JAccess::checkGroup($options[$i]->value, 'core.admin')) {
$options[$i]->value = $options[$i]->id;
$options[$i]->text = str_repeat('- ', $options[$i]->level) . $options[$i]->title;
} else {
unset($options[$i]);
}
}
// Merge any additional options in the XML definition.
$options = array_merge(parent::getOptions(), $options);
return $options;
}
/**
* Funkce vracející hodnotu konkrétní položky
*/
public function getArticlesInCategoryByUsergroup($userGroupId, $categoryId = -1)
{
$db =& JFactory::getDBO();
$user =& JFactory::getUser();
//nastavení where částí SQL dotazu
$whereClause = "(state>=0) AND (" . $this->getAccessWhereSql('ct') . ")";
if ($categoryId > -1) {
$whereClause .= " AND (ct.catid='" . $categoryId . "')";
}
//
$db->setQuery("SELECT ct.title,ct.id,date_format(ct.created, '%d.%m.%y %h:%i') as cdate,date_format(ct.modified, '%d.%m.%y %h:%i') as mdate,cat.title as categoryTitle,ct.checked_out FROM #__content ct LEFT JOIN #__categories cat ON ct.catid=cat.id WHERE {$whereClause}");
$rows = $db->loadObjectList();
$resultRows = array();
if (count($rows) > 0) {
//musíme zkontrolovat, jestli může uživatelská skupina upravovat dané články
foreach ($rows as $row) {
if (JAccess::checkGroup($userGroupId, 'core.delete', 'com_content.article.' . $row->id)) {
$resultRows[] = $row;
}
}
}
return $resultRows;
}
</th>
<th class="nowrap id-col">
<?php
echo JText::_('JGRID_HEADING_ID');
?>
</th>
</tr>
</thead>
<tbody>
<?php
foreach ($this->items as $i => $item) {
$canCreate = $user->authorise('core.create', 'com_users');
$canEdit = $user->authorise('core.edit', 'com_users');
// If this group is super admin and this user is not super admin, $canEdit is false
if (!$user->authorise('core.admin') && JAccess::checkGroup($item->id, 'core.admin')) {
$canEdit = false;
}
$canChange = $user->authorise('core.edit.state', 'com_users');
?>
<tr class="row<?php
echo $i % 2;
?>
">
<td>
<?php
if ($canEdit) {
?>
<?php
echo JHtml::_('grid.id', $i, $item->id);
?>
function checkAdminAccess()
{
$db =& JFactory::getDBO();
$user =& JFactory::getUser();
$db->setQuery("SELECT id FROM #__usergroups");
$groups = $db->loadResultArray();
$admin_groups = array();
foreach ($groups as $group_id) {
if (JAccess::checkGroup($group_id, 'core.login.admin')) {
$admin_groups[] = $group_id;
} elseif (JAccess::checkGroup($group_id, 'core.admin')) {
$admin_groups[] = $group_id;
}
}
$admin_groups = array_unique($admin_groups);
$user_groups = JAccess::getGroupsByUser($user->id);
if (count(array_intersect($user_groups, $admin_groups)) > 0) {
$access = true;
} else {
$access = false;
}
return $access;
}
/**
* Method to get the field input markup for Access Control Lists.
* Optionally can be associated with a specific component and section.
*
* TODO: Add access check.
*
* @return string The field input markup.
*
* @since 11.1
*/
protected function getInput()
{
JHtml::_('behavior.tooltip');
// Initialise some field attributes.
$section = $this->element['section'] ? (string) $this->element['section'] : '';
$component = $this->element['component'] ? (string) $this->element['component'] : '';
$assetField = $this->element['asset_field'] ? (string) $this->element['asset_field'] : 'asset_id';
// Get the actions for the asset.
$actions = JAccess::getActions($component, $section);
// Iterate over the children and add to the actions.
foreach ($this->element->children() as $el)
{
if ($el->getName() == 'action')
{
$actions[] = (object) array('name' => (string) $el['name'], 'title' => (string) $el['title'],
'description' => (string) $el['description']);
}
}
// Get the explicit rules for this asset.
if ($section == 'component')
{
// Need to find the asset id by the name of the component.
$db = JFactory::getDbo();
$db->setQuery('SELECT id FROM #__assets WHERE name = ' . $db->quote($component));
$assetId = (int) $db->loadResult();
if ($error = $db->getErrorMsg())
{
JError::raiseNotice(500, $error);
}
}
else
{
// Find the asset id of the content.
// Note that for global configuration, com_config injects asset_id = 1 into the form.
$assetId = $this->form->getValue($assetField);
}
// Use the compact form for the content rules (deprecated).
//if (!empty($component) && $section != 'component') {
// return JHtml::_('rules.assetFormWidget', $actions, $assetId, $assetId ? null : $component, $this->name, $this->id);
//}
// Full width format.
// Get the rules for just this asset (non-recursive).
$assetRules = JAccess::getAssetRules($assetId);
// Get the available user groups.
$groups = $this->getUserGroups();
// Build the form control.
$curLevel = 0;
// Prepare output
$html = array();
$html[] = '<div id="permissions-sliders" class="pane-sliders">';
$html[] = '<p class="rule-desc">' . JText::_('JLIB_RULES_SETTINGS_DESC') . '</p>';
$html[] = '<ul id="rules">';
// Start a row for each user group.
foreach ($groups as $group)
{
$difLevel = $group->level - $curLevel;
if ($difLevel > 0)
{
$html[] = '<li><ul>';
}
else if ($difLevel < 0)
{
$html[] = str_repeat('</ul></li>', -$difLevel);
}
$html[] = '<li>';
$html[] = '<div class="panel">';
$html[] = '<h3 class="pane-toggler title"><a href="javascript:void(0);"><span>';
$html[] = str_repeat('<span class="level">|–</span> ', $curLevel = $group->level) . $group->text;
$html[] = '</span></a></h3>';
$html[] = '<div class="pane-slider content pane-hide">';
$html[] = '<div class="mypanel">';
$html[] = '<table class="group-rules">';
$html[] = '<thead>';
$html[] = '<tr>';
$html[] = '<th class="actions" id="actions-th' . $group->value . '">';
$html[] = '<span class="acl-action">' . JText::_('JLIB_RULES_ACTION') . '</span>';
$html[] = '</th>';
$html[] = '<th class="settings" id="settings-th' . $group->value . '">';
$html[] = '<span class="acl-action">' . JText::_('JLIB_RULES_SELECT_SETTING') . '</span>';
$html[] = '</th>';
// The calculated setting is not shown for the root group of global configuration.
$canCalculateSettings = ($group->parent_id || !empty($component));
if ($canCalculateSettings)
{
$html[] = '<th id="aclactionth' . $group->value . '">';
$html[] = '<span class="acl-action">' . JText::_('JLIB_RULES_CALCULATED_SETTING') . '</span>';
$html[] = '</th>';
}
$html[] = '</tr>';
$html[] = '</thead>';
$html[] = '<tbody>';
foreach ($actions as $action)
{
$html[] = '<tr>';
$html[] = '<td headers="actions-th' . $group->value . '">';
$html[] = '<label class="hasTip" for="' . $this->id . '_' . $action->name . '_' . $group->value . '" title="'
. htmlspecialchars(JText::_($action->title) . '::' . JText::_($action->description), ENT_COMPAT, 'UTF-8') . '">';
$html[] = JText::_($action->title);
$html[] = '</label>';
$html[] = '</td>';
$html[] = '<td headers="settings-th' . $group->value . '">';
$html[] = '<select name="' . $this->name . '[' . $action->name . '][' . $group->value . ']" id="' . $this->id . '_' . $action->name
. '_' . $group->value . '" title="'
. JText::sprintf('JLIB_RULES_SELECT_ALLOW_DENY_GROUP', JText::_($action->title), trim($group->text)) . '">';
$inheritedRule = JAccess::checkGroup($group->value, $action->name, $assetId);
// Get the actual setting for the action for this group.
$assetRule = $assetRules->allow($action->name, $group->value);
// Build the dropdowns for the permissions sliders
// The parent group has "Not Set", all children can rightly "Inherit" from that.
$html[] = '<option value=""' . ($assetRule === null ? ' selected="selected"' : '') . '>'
. JText::_(empty($group->parent_id) && empty($component) ? 'JLIB_RULES_NOT_SET' : 'JLIB_RULES_INHERITED') . '</option>';
$html[] = '<option value="1"' . ($assetRule === true ? ' selected="selected"' : '') . '>' . JText::_('JLIB_RULES_ALLOWED')
. '</option>';
$html[] = '<option value="0"' . ($assetRule === false ? ' selected="selected"' : '') . '>' . JText::_('JLIB_RULES_DENIED')
. '</option>';
$html[] = '</select>  ';
// If this asset's rule is allowed, but the inherited rule is deny, we have a conflict.
if (($assetRule === true) && ($inheritedRule === false))
{
$html[] = JText::_('JLIB_RULES_CONFLICT');
}
$html[] = '</td>';
// Build the Calculated Settings column.
// The inherited settings column is not displayed for the root group in global configuration.
if ($canCalculateSettings)
{
$html[] = '<td headers="aclactionth' . $group->value . '">';
// This is where we show the current effective settings considering currrent group, path and cascade.
// Check whether this is a component or global. Change the text slightly.
if (JAccess::checkGroup($group->value, 'core.admin') !== true)
{
if ($inheritedRule === null)
{
$html[] = '<span class="icon-16-unset">' . JText::_('JLIB_RULES_NOT_ALLOWED') . '</span>';
}
else if ($inheritedRule === true)
{
$html[] = '<span class="icon-16-allowed">' . JText::_('JLIB_RULES_ALLOWED') . '</span>';
}
else if ($inheritedRule === false)
{
if ($assetRule === false)
{
$html[] = '<span class="icon-16-denied">' . JText::_('JLIB_RULES_NOT_ALLOWED') . '</span>';
}
else
{
$html[] = '<span class="icon-16-denied"><span class="icon-16-locked">' . JText::_('JLIB_RULES_NOT_ALLOWED_LOCKED')
. '</span></span>';
}
}
}
else if (!empty($component))
{
$html[] = '<span class="icon-16-allowed"><span class="icon-16-locked">' . JText::_('JLIB_RULES_ALLOWED_ADMIN')
. '</span></span>';
}
else
{
// Special handling for groups that have global admin because they can't be denied.
// The admin rights can be changed.
if ($action->name === 'core.admin')
{
$html[] = '<span class="icon-16-allowed">' . JText::_('JLIB_RULES_ALLOWED') . '</span>';
}
elseif ($inheritedRule === false)
{
// Other actions cannot be changed.
$html[] = '<span class="icon-16-denied"><span class="icon-16-locked">'
. JText::_('JLIB_RULES_NOT_ALLOWED_ADMIN_CONFLICT') . '</span></span>';
}
else
{
$html[] = '<span class="icon-16-allowed"><span class="icon-16-locked">' . JText::_('JLIB_RULES_ALLOWED_ADMIN')
. '</span></span>';
}
}
$html[] = '</td>';
}
$html[] = '</tr>';
}
$html[] = '</tbody>';
$html[] = '</table></div>';
$html[] = '</div></div>';
$html[] = '</li>';
}
$html[] = str_repeat('</ul></li>', $curLevel);
$html[] = '</ul><div class="rule-notes">';
if ($section == 'component' || $section == null)
{
$html[] = JText::_('JLIB_RULES_SETTING_NOTES');
}
else
{
$html[] = JText::_('JLIB_RULES_SETTING_NOTES_ITEM');
}
$html[] = '</div></div>';
$js = "window.addEvent('domready', function(){ new Fx.Accordion($$('div#permissions-sliders.pane-sliders .panel h3.pane-toggler'), $$('div#permissions-sliders.pane-sliders .panel div.pane-slider'), {onActive: function(toggler, i) {toggler.addClass('pane-toggler-down');toggler.removeClass('pane-toggler');i.addClass('pane-down');i.removeClass('pane-hide');Cookie.write('jpanesliders_permissions-sliders"
. $component
. "',$$('div#permissions-sliders.pane-sliders .panel h3').indexOf(toggler));},onBackground: function(toggler, i) {toggler.addClass('pane-toggler');toggler.removeClass('pane-toggler-down');i.addClass('pane-hide');i.removeClass('pane-down');},duration: 300,display: "
. JRequest::getInt('jpanesliders_permissions-sliders' . $component, 0, 'cookie') . ",show: "
. JRequest::getInt('jpanesliders_permissions-sliders' . $component, 0, 'cookie') . ", alwaysHide:true, opacity: false}); });";
JFactory::getDocument()->addScriptDeclaration($js);
return implode("\n", $html);
}
protected function getCalculated($action, $rule, $calc)
{
$html = '';
if (JAccess::checkGroup($this->item->id, 'core.admin') !== true) {
if ($calc === null) {
$html = '<span class="icon-16-unset">' . JText::_('JLIB_RULES_NOT_ALLOWED') . '</span>';
} elseif ($calc === true) {
$html = '<span class="icon-16-allowed">' . JText::_('JLIB_RULES_ALLOWED') . '</span>';
} elseif ($calc === false) {
if ($rule === false) {
$html = '<span class="icon-16-denied">' . JText::_('JLIB_RULES_NOT_ALLOWED') . '</span>';
} else {
$html = '<span class="icon-16-denied"><span class="icon-16-locked">' . JText::_('JLIB_RULES_NOT_ALLOWED_LOCKED') . '</span></span>';
}
}
} elseif (!empty($this->component)) {
$html = '<span class="icon-16-allowed"><span class="icon-16-locked">' . JText::_('JLIB_RULES_ALLOWED_ADMIN') . '</span></span>';
} else {
// Special handling for groups that have global admin because they can't be denied.
// The admin rights can be changed.
if ($action->name === 'core.admin') {
$html = '<span class="icon-16-allowed">' . JText::_('JLIB_RULES_ALLOWED') . '</span>';
} elseif ($calc === false) {
// Other actions cannot be changed.
$html = '<span class="icon-16-denied"><span class="icon-16-locked">' . JText::_('JLIB_RULES_NOT_ALLOWED_ADMIN_CONFLICT') . '</span></span>';
} else {
$html = '<span class="icon-16-allowed"><span class="icon-16-locked">' . JText::_('JLIB_RULES_ALLOWED_ADMIN') . '</span></span>';
}
}
return $html;
}
/**
* Perform batch operations
*
* @param integer $group_id The group ID which assignments are being edited
* @param array $user_ids An array of user IDs on which to operate
* @param string $action The action to perform
*
* @return boolean True on success, false on failure
*
* @since 1.6
*/
public function batchUser($group_id, $user_ids, $action)
{
// Get the DB object
$db = $this->getDbo();
JArrayHelper::toInteger($user_ids);
// Non-super admin cannot work with super-admin group
if (!JFactory::getUser()->get('isRoot') && JAccess::checkGroup($group_id, 'core.admin') || $group_id < 1) {
$this->setError(JText::_('COM_USERS_ERROR_INVALID_GROUP'));
return false;
}
switch ($action) {
// Sets users to a selected group
case 'set':
$doDelete = 'all';
$doAssign = true;
break;
// Remove users from a selected group
// Remove users from a selected group
case 'del':
$doDelete = 'group';
break;
// Add users to a selected group
// Add users to a selected group
case 'add':
default:
$doAssign = true;
break;
}
// Remove the users from the group if requested.
if (isset($doDelete)) {
$query = $db->getQuery(true);
// Remove users from the group
$query->delete($db->quoteName('#__user_usergroup_map'))->where($db->quoteName('user_id') . ' IN (' . implode(',', $user_ids) . ')');
// Only remove users from selected group
if ($doDelete == 'group') {
$query->where($db->quoteName('group_id') . ' = ' . (int) $group_id);
}
$db->setQuery($query);
try {
$db->execute();
} catch (RuntimeException $e) {
$this->setError($e->getMessage());
return false;
}
}
// Assign the users to the group if requested.
if (isset($doAssign)) {
$query = $db->getQuery(true);
// First, we need to check if the user is already assigned to a group
$query->select($db->quoteName('user_id'))->from($db->quoteName('#__user_usergroup_map'))->where($db->quoteName('group_id') . ' = ' . (int) $group_id);
$db->setQuery($query);
$users = $db->loadColumn();
// Build the values clause for the assignment query.
$query->clear();
$groups = false;
foreach ($user_ids as $id) {
if (!in_array($id, $users)) {
$query->values($id . ',' . $group_id);
$groups = true;
}
}
// If we have no users to process, throw an error to notify the user
if (!$groups) {
$this->setError(JText::_('COM_USERS_ERROR_NO_ADDITIONS'));
return false;
}
$query->insert($db->quoteName('#__user_usergroup_map'))->columns(array($db->quoteName('user_id'), $db->quoteName('group_id')));
$db->setQuery($query);
try {
$db->execute();
} catch (RuntimeException $e) {
$this->setError($e->getMessage());
return false;
}
}
return true;
}
/**
* Returns a UL list of user groups with check boxes
*
* @param string $name The name of the checkbox controls array
* @param array $selected An array of the checked boxes
*
* @return string
*/
public static function usergroups($name, $selected, $checkSuperAdmin = false)
{
static $count;
$count++;
$isSuperAdmin = JFactory::getUser()->authorise('core.admin');
$db = JFactory::getDbo();
$db->setQuery('SELECT a.*, COUNT(DISTINCT b.id) AS level' . ' FROM #__usergroups AS a' . ' LEFT JOIN #__usergroups AS b ON a.lft > b.lft AND a.rgt < b.rgt' . ' GROUP BY a.id' . ' ORDER BY a.lft ASC');
$groups = $db->loadObjectList();
// Check for a database error.
if ($db->getErrorNum()) {
JError::raiseNotice(500, $db->getErrorMsg());
return null;
}
$html = array();
$html[] = '<ul class="checklist usergroups">';
for ($i = 0, $n = count($groups); $i < $n; $i++) {
$item =& $groups[$i];
// If checkSuperAdmin is true, only add item if the user is superadmin or the group is not super admin
if (!$checkSuperAdmin || $isSuperAdmin || !JAccess::checkGroup($item->id, 'core.admin')) {
// Setup the variable attributes.
$eid = $count . 'group_' . $item->id;
// Don't call in_array unless something is selected
$checked = '';
if ($selected) {
$checked = in_array($item->id, $selected) ? ' checked="checked"' : '';
}
$rel = $item->parent_id > 0 ? ' rel="' . $count . 'group_' . $item->parent_id . '"' : '';
// Build the HTML for the item.
$html[] = ' <li>';
$html[] = ' <input type="checkbox" name="' . $name . '[]" value="' . $item->id . '" id="' . $eid . '"';
$html[] = ' ' . $checked . $rel . ' />';
$html[] = ' <label for="' . $eid . '">';
$html[] = ' ' . str_repeat('<span class="gi">|—</span>', $item->level) . $item->title;
$html[] = ' </label>';
$html[] = ' </li>';
}
}
$html[] = '</ul>';
return implode("\n", $html);
}
/**
* Method to delete rows.
*
* @param array &$pks An array of item ids.
*
* @return boolean Returns true on success, false on failure.
*
* @since 1.6
* @throws Exception
*/
public function delete(&$pks)
{
// Typecast variable.
$pks = (array) $pks;
$user = JFactory::getUser();
$groups = JAccess::getGroupsByUser($user->get('id'));
// Get a row instance.
$table = $this->getTable();
// Load plugins.
JPluginHelper::importPlugin($this->events_map['delete']);
// Check if I am a Super Admin
$iAmSuperAdmin = $user->authorise('core.admin');
// Do not allow to delete groups to which the current user belongs
foreach ($pks as $pk) {
if (in_array($pk, $groups)) {
JError::raiseWarning(403, JText::_('COM_USERS_DELETE_ERROR_INVALID_GROUP'));
return false;
}
}
// Iterate the items to delete each one.
foreach ($pks as $i => $pk) {
if ($table->load($pk)) {
// Access checks.
$allow = $user->authorise('core.edit.state', 'com_users');
// Don't allow non-super-admin to delete a super admin
$allow = !$iAmSuperAdmin && JAccess::checkGroup($pk, 'core.admin') ? false : $allow;
if ($allow) {
// Fire the before delete event.
JFactory::getApplication()->triggerEvent($this->event_before_delete, array($table->getProperties()));
if (!$table->delete($pk)) {
$this->setError($table->getError());
return false;
} else {
// Trigger the after delete event.
JFactory::getApplication()->triggerEvent($this->event_after_delete, array($table->getProperties(), true, $this->getError()));
}
} else {
// Prune items that you can't change.
unset($pks[$i]);
JError::raiseWarning(403, JText::_('JERROR_CORE_DELETE_NOT_PERMITTED'));
}
} else {
$this->setError($table->getError());
return false;
}
}
return true;
}
public function save($data)
{
// Initialise variables;
$pk = (!empty($data['id'])) ? $data['id'] : (int) $this->getState('user.id');
$user = JUser::getInstance($pk);
$my = JFactory::getUser();
if ($data['block'] && $pk == $my->id && !$my->block) {
$this->setError(JText::_('COM_USERS_USERS_ERROR_CANNOT_BLOCK_SELF'));
return false;
}
// Make sure that we are not removing ourself from Super Admin group
$iAmSuperAdmin = $my->authorise('core.admin');
if ($iAmSuperAdmin && $my->get('id') == $pk) {
// Check that at least one of our new groups is Super Admin
$stillSuperAdmin = false;
$myNewGroups = $data['groups'];
foreach ($myNewGroups as $group) {
$stillSuperAdmin = ($stillSuperAdmin) ? ($stillSuperAdmin) : JAccess::checkGroup($group, 'core.admin');
}
if (!$stillSuperAdmin) {
$this->setError(JText::_('COM_USERS_USERS_ERROR_CANNOT_DEMOTE_SELF'));
return false;
}
}
// Bind the data.
if (!$user->bind($data)) {
$this->setError($user->getError());
return false;
}
// Store the data.
if (!$user->save()) {
$this->setError($user->getError());
return false;
}
$this->setState('user.id', $user->id);
return true;
}
/**
* Creates initial component actions based on global config and on some ... logic
*
* @return array
* @since 11.1
*/
protected function _createComponentRules($component)
{
$groups = $this->_getUserGroups();
// Get flexicontent ACTION names, and initialize flexicontent rules to empty *
$flexi_actions = JAccess::getActions($component, 'component');
$flexi_rules = array();
foreach ($flexi_actions as $action) {
$flexi_rules[$action->name] = array();
// * WE NEED THIS (even if it remains empty), because we will compare COMPONENT actions in DB when checking initial permissions
$flexi_action_names[] = $action->name;
// Create an array of all COMPONENT actions names
}
// Get Joomla ACTION names
$root = JTable::getInstance('asset');
$root->loadByName('root.1');
$joomla_rules = new JAccessRules($root->rules);
foreach ($joomla_rules->getData() as $action_name => $data) {
$joomla_action_names[] = $action_name;
}
//echo "<pre>"; print_r($rules->getData()); echo "</pre>";
// Decide the actions to grant (give) to each user group
foreach ($groups as $group) {
// STEP 1: we will -grant- all NON-STANDARD component ACTIONS to any user group, that has 'core.manage' ACTION in the Global Configuration
// NOTE (a): if some user group has the --Super Admin-- Global Configuration ACTION (aka 'core.admin' for asset root.1), then it also has 'core.manage'
// NOTE (b): The STANDARD Joomla ACTIONs will not be set thus they will default to value -INHERIT- (=value "")
if (JAccess::checkGroup($group->id, 'core.manage')) {
//$flexi_rules['core.manage'][$group->id] = 1;
foreach ($flexi_action_names as $action_name) {
//if ($action_name == 'core.admin') continue; // component CONFIGURE action, skip it, this will can only be granted by STEP 2
if (in_array($action_name, $joomla_action_names)) {
continue;
}
// Skip Joomla STANDARD rules allowing them to inherit
$flexi_rules[$action_name][$group->id] = 1;
}
}
// STEP 2: we will set ACTIONS already granted in GLOBAL CONFIGURATION (this include the COMPONENT CONFIGURE 'core.admin' action)
// NOTE: that actions that do not exist in global configuration, will not be set here, so they will default to the the setting received by STEP 1
// NOTE: this was commented out and thus heritage will be used instead for existing Global ACTIONS
/*foreach($flexi_action_names as $action_name) {
if (JAccess::checkGroup($group->id, $action_name)) {
$flexi_rules[$action_name][$group->id] = 1;
}
}*/
// STEP 3: Handle some special case of custom-added ACTIONs
// e.g. Grant --OWNED-- actions if they have the corresponding --GENERAL-- actions
if (!empty($flexi_rules['core.delete'][$group->id])) {
if (in_array('core.delete.own', $flexi_action_names)) {
$flexi_rules['core.delete.own'][$group->id] = 1;
}
//CanDeleteOwn
}
if (!empty($flexi_rules['core.edit.state'][$group->id])) {
if (in_array('core.edit.state.own', $flexi_action_names)) {
$flexi_rules['core.edit.state.own'][$group->id] = 1;
}
//CanPublishOwn
}
// Give these regardless of edit privelege, since if the do not have edit then they cannot access item form and save task anyway
//if( !empty($flexi_rules['core.edit'][$group->id]) || !empty($flexi_rules['core.edit.own'][$group->id])) {
if (1) {
if (in_array('flexicontent.change.cat', $flexi_action_names)) {
$flexi_rules['flexicontent.change.cat'][$group->id] = 1;
}
// CanChangeCat
if (in_array('flexicontent.change.cat.sec', $flexi_action_names)) {
$flexi_rules['flexicontent.change.cat.sec'][$group->id] = 1;
}
// CanChangeSecCat
if (in_array('flexicontent.change.cat.feat', $flexi_action_names)) {
$flexi_rules['flexicontent.change.cat.feat'][$group->id] = 1;
}
// CanChangeFeatCat
if (in_array('flexicontent.uploadfiles', $flexi_action_names)) {
$flexi_rules['flexicontent.uploadfiles'][$group->id] = 1;
}
// CanUploadFiles
}
// By default give to everybody the edit field values privelege
if (in_array('flexicontent.editfieldvalues', $flexi_action_names)) {
$flexi_rules['flexicontent.editfieldvalues'][$group->id] = 1;
}
//CanEditFieldValues
}
// return rules, a NOTE: MAYBE in future we create better initial permissions by checking allow/deny/inherit values instead of just HAS ACTION ...
return $flexi_rules;
}
function getSAUsersIds()
{
$db = DBHelper::db();
$query = 'SELECT a.`id`, a.`title`';
$query .= ' FROM `#__usergroups` AS a';
$query .= ' LEFT JOIN `#__usergroups` AS b ON a.lft > b.lft AND a.rgt < b.rgt';
$query .= ' GROUP BY a.id';
$query .= ' ORDER BY a.lft ASC';
$db->setQuery($query);
$result = $db->loadObjectList();
$saGroup = array();
foreach ($result as $group) {
if (JAccess::checkGroup($group->id, 'core.admin')) {
$saGroup[] = $group;
}
}
//now we got all the SA groups. Time to get the users
$saUsers = array();
if (count($saGroup) > 0) {
foreach ($saGroup as $sag) {
$userArr = JAccess::getUsersByGroup($sag->id);
if (count($userArr) > 0) {
foreach ($userArr as $user) {
$saUsers[] = $user;
}
}
}
}
return $saUsers;
}
/**
* Method to save the JUser object to the database
*
* @param boolean $updateOnly Save the object only if not a new user
* Currently only used in the user reset password method.
*
* @return boolean True on success
*
* @since 11.1
* @throws exception
*/
public function save($updateOnly = false)
{
// Create the user table object
$table = $this->getTable();
$this->params = (string) $this->_params;
$table->bind($this->getProperties());
// Allow an exception to be thrown.
try {
// Check and store the object.
if (!$table->check()) {
$this->setError($table->getError());
return false;
}
// If user is made a Super Admin group and user is NOT a Super Admin
//
// @todo ACL - this needs to be acl checked
//
$my = JFactory::getUser();
//are we creating a new user
$isNew = empty($this->id);
// If we aren't allowed to create new users return
if ($isNew && $updateOnly) {
return true;
}
// Get the old user
$oldUser = new JUser($this->id);
//
// Access Checks
//
// The only mandatory check is that only Super Admins can operate on other Super Admin accounts.
// To add additional business rules, use a user plugin and throw an Exception with onUserBeforeSave.
// Check if I am a Super Admin
$iAmSuperAdmin = $my->authorise('core.admin');
$iAmRehashingSuperadmin = false;
if ($my->id == 0 && !$isNew && $this->id == $oldUser->id && $oldUser->authorise('core.admin') && $oldUser->password != $this->password) {
$iAmRehashingSuperadmin = true;
}
// We are only worried about edits to this account if I am not a Super Admin.
if ($iAmSuperAdmin != true && $iAmRehashingSuperadmin != true) {
if ($isNew) {
// Check if the new user is being put into a Super Admin group.
foreach ($this->groups as $groupId) {
if (JAccess::checkGroup($groupId, 'core.admin')) {
throw new Exception(JText::_('JLIB_USER_ERROR_NOT_SUPERADMIN'));
}
}
} else {
// I am not a Super Admin, and this one is, so fail.
if (JAccess::check($this->id, 'core.admin')) {
throw new Exception(JText::_('JLIB_USER_ERROR_NOT_SUPERADMIN'));
}
if ($this->groups != null) {
// I am not a Super Admin and I'm trying to make one.
foreach ($this->groups as $groupId) {
if (JAccess::checkGroup($groupId, 'core.admin')) {
throw new Exception(JText::_('JLIB_USER_ERROR_NOT_SUPERADMIN'));
}
}
}
}
}
// Fire the onUserBeforeSave event.
JPluginHelper::importPlugin('user');
$dispatcher = JDispatcher::getInstance();
$result = $dispatcher->trigger('onUserBeforeSave', array($oldUser->getProperties(), $isNew, $this->getProperties()));
if (in_array(false, $result, true)) {
// Plugin will have to raise its own error or throw an exception.
return false;
}
// Store the user data in the database
if (!($result = $table->store())) {
throw new Exception($table->getError());
}
// Set the id for the JUser object in case we created a new user.
if (empty($this->id)) {
$this->id = $table->get('id');
}
if ($my->id == $table->id) {
$registry = new JRegistry();
$registry->loadString($table->params);
$my->setParameters($registry);
}
// Fire the onUserAfterSave event
$dispatcher->trigger('onUserAfterSave', array($this->getProperties(), $isNew, $result, $this->getError()));
} catch (Exception $e) {
$this->setError($e->getMessage());
return false;
}
return $result;
}
/**
* Method to get the field input markup for Access Control Lists.
* Optionally can be associated with a specific component and section.
*
* TODO: Add access check.
*
* @return string The field input markup.
*
* @since 11.1
*/
protected function getInput()
{
JHtml::_('behavior.tooltip');
// Initialise some field attributes.
$section = $this->element['section'] ? (string) $this->element['section'] : '';
$component = $this->element['component'] ? (string) $this->element['component'] : '';
$assetField = $this->element['asset_field'] ? (string) $this->element['asset_field'] : 'asset_id';
// Get the actions for the asset.
$actions = JAccess::getActions($component, $section);
// Iterate over the children and add to the actions.
foreach ($this->element->children() as $el) {
if ($el->getName() == 'action') {
$actions[] = (object) array('name' => (string) $el['name'], 'title' => (string) $el['title'], 'description' => (string) $el['description']);
}
}
// Get the explicit rules for this asset.
if ($section == 'component') {
// Need to find the asset id by the name of the component.
$db = JFactory::getDbo();
$query = $db->getQuery(true)->select($db->quoteName('id'))->from($db->quoteName('#__assets'))->where($db->quoteName('name') . ' = ' . $db->quote($component));
$db->setQuery($query);
$assetId = (int) $db->loadResult();
} else {
// Find the asset id of the content.
// Note that for global configuration, com_config injects asset_id = 1 into the form.
$assetId = $this->form->getValue($assetField);
}
// Use the compact form for the content rules (deprecated).
/* @todo remove code:
if (!empty($component) && $section != 'component') {
return JHtml::_('rules.assetFormWidget', $actions, $assetId, $assetId ? null : $component, $this->name, $this->id);
}
*/
// Full width format.
// Get the rules for just this asset (non-recursive).
$assetRules = JAccess::getAssetRules($assetId);
// Get the available user groups.
$groups = $this->getUserGroups();
// Build the form control.
$curLevel = 0;
// Prepare output
$html = array();
// Description
$html[] = '<p class="rule-desc">' . JText::_('JLIB_RULES_SETTINGS_DESC') . '</p>';
// Begin tabs
$html[] = '<div id="permissions-sliders" class="tabbable tabs-left">';
// Building tab nav
$html[] = '<ul class="nav nav-tabs">';
foreach ($groups as $group) {
// Initial Active Tab
$active = "";
if ($group->value == 1) {
$active = "active";
}
$html[] = '<li class="' . $active . '">';
$html[] = '<a href="#permission-' . $group->value . '" data-toggle="tab">';
$html[] = str_repeat('<span class="level">– ', $curLevel = $group->level) . $group->text;
$html[] = '</a>';
$html[] = '</li>';
}
$html[] = '</ul>';
$html[] = '<div class="tab-content">';
// Start a row for each user group.
foreach ($groups as $group) {
// Initial Active Pane
$active = "";
if ($group->value == 1) {
$active = " active";
}
$difLevel = $group->level - $curLevel;
$html[] = '<div class="tab-pane' . $active . '" id="permission-' . $group->value . '">';
$html[] = '<table class="table table-striped">';
$html[] = '<thead>';
$html[] = '<tr>';
$html[] = '<th class="actions" id="actions-th' . $group->value . '">';
$html[] = '<span class="acl-action">' . JText::_('JLIB_RULES_ACTION') . '</span>';
$html[] = '</th>';
$html[] = '<th class="settings" id="settings-th' . $group->value . '">';
$html[] = '<span class="acl-action">' . JText::_('JLIB_RULES_SELECT_SETTING') . '</span>';
$html[] = '</th>';
// The calculated setting is not shown for the root group of global configuration.
$canCalculateSettings = $group->parent_id || !empty($component);
if ($canCalculateSettings) {
$html[] = '<th id="aclactionth' . $group->value . '">';
$html[] = '<span class="acl-action">' . JText::_('JLIB_RULES_CALCULATED_SETTING') . '</span>';
$html[] = '</th>';
}
$html[] = '</tr>';
$html[] = '</thead>';
$html[] = '<tbody>';
foreach ($actions as $action) {
$html[] = '<tr>';
$html[] = '<td headers="actions-th' . $group->value . '">';
$html[] = '<label class="tip" for="' . $this->id . '_' . $action->name . '_' . $group->value . '" title="' . htmlspecialchars(JText::_($action->title) . ' ' . JText::_($action->description), ENT_COMPAT, 'UTF-8') . '">';
$html[] = JText::_($action->title);
$html[] = '</label>';
$html[] = '</td>';
$html[] = '<td headers="settings-th' . $group->value . '">';
$html[] = '<select class="input-small" name="' . $this->name . '[' . $action->name . '][' . $group->value . ']" id="' . $this->id . '_' . $action->name . '_' . $group->value . '" title="' . JText::sprintf('JLIB_RULES_SELECT_ALLOW_DENY_GROUP', JText::_($action->title), trim($group->text)) . '">';
$inheritedRule = JAccess::checkGroup($group->value, $action->name, $assetId);
// Get the actual setting for the action for this group.
$assetRule = $assetRules->allow($action->name, $group->value);
// Build the dropdowns for the permissions sliders
// The parent group has "Not Set", all children can rightly "Inherit" from that.
$html[] = '<option value=""' . ($assetRule === null ? ' selected="selected"' : '') . '>' . JText::_(empty($group->parent_id) && empty($component) ? 'JLIB_RULES_NOT_SET' : 'JLIB_RULES_INHERITED') . '</option>';
$html[] = '<option value="1"' . ($assetRule === true ? ' selected="selected"' : '') . '>' . JText::_('JLIB_RULES_ALLOWED') . '</option>';
$html[] = '<option value="0"' . ($assetRule === false ? ' selected="selected"' : '') . '>' . JText::_('JLIB_RULES_DENIED') . '</option>';
$html[] = '</select>  ';
// If this asset's rule is allowed, but the inherited rule is deny, we have a conflict.
if ($assetRule === true && $inheritedRule === false) {
$html[] = JText::_('JLIB_RULES_CONFLICT');
}
$html[] = '</td>';
// Build the Calculated Settings column.
// The inherited settings column is not displayed for the root group in global configuration.
if ($canCalculateSettings) {
$html[] = '<td headers="aclactionth' . $group->value . '">';
// This is where we show the current effective settings considering currrent group, path and cascade.
// Check whether this is a component or global. Change the text slightly.
if (JAccess::checkGroup($group->value, 'core.admin', $assetId) !== true) {
if ($inheritedRule === null) {
$html[] = '<span class="label label-important">' . JText::_('JLIB_RULES_NOT_ALLOWED') . '</span>';
} elseif ($inheritedRule === true) {
$html[] = '<span class="label label-success">' . JText::_('JLIB_RULES_ALLOWED') . '</span>';
} elseif ($inheritedRule === false) {
if ($assetRule === false) {
$html[] = '<span class="label label-important">' . JText::_('JLIB_RULES_NOT_ALLOWED') . '</span>';
} else {
$html[] = '<span class="label"><i class="icon-lock icon-white"></i> ' . JText::_('JLIB_RULES_NOT_ALLOWED_LOCKED') . '</span>';
}
}
} elseif (!empty($component)) {
$html[] = '<span class="label label-success"><i class="icon-lock icon-white"></i> ' . JText::_('JLIB_RULES_ALLOWED_ADMIN') . '</span>';
} else {
// Special handling for groups that have global admin because they can't be denied.
// The admin rights can be changed.
if ($action->name === 'core.admin') {
$html[] = '<span class="label label-success">' . JText::_('JLIB_RULES_ALLOWED') . '</span>';
} elseif ($inheritedRule === false) {
// Other actions cannot be changed.
$html[] = '<span class="label label-important"><i class="icon-lock icon-white"></i> ' . JText::_('JLIB_RULES_NOT_ALLOWED_ADMIN_CONFLICT') . '</span>';
} else {
$html[] = '<span class="label label-success"><i class="icon-lock icon-white"></i> ' . JText::_('JLIB_RULES_ALLOWED_ADMIN') . '</span>';
}
}
$html[] = '</td>';
}
$html[] = '</tr>';
}
$html[] = '</tbody>';
$html[] = '</table></div>';
}
$html[] = '</div></div>';
$html[] = '<div class="alert">';
if ($section == 'component' || $section == null) {
$html[] = JText::_('JLIB_RULES_SETTING_NOTES');
} else {
$html[] = JText::_('JLIB_RULES_SETTING_NOTES_ITEM');
}
$html[] = '</div>';
return implode("\n", $html);
}
function getUserGroups($area)
{
$db = JFactory::getDBO();
if (WF_JOOMLA15) {
$front = array('19', '20', '21');
$back = array('23', '24', '25');
} else {
jimport('joomla.access.access');
$query = 'SELECT id FROM #__usergroups';
$db->setQuery($query);
$groups = $db->loadResultArray();
$front = array();
$back = array();
foreach ($groups as $group) {
$create = JAccess::checkGroup($group, 'core.create');
$admin = JAccess::checkGroup($group, 'core.login.admin');
$super = JAccess::checkGroup($group, 'core.admin');
if ($super) {
$back[] = $group;
} else {
// group can create
if ($create) {
// group has admin access
if ($admin) {
$back[] = $group;
} else {
$front[] = $group;
}
}
}
}
}
switch ($area) {
case 0:
return array_merge($front, $back);
break;
case 1:
return $front;
break;
case 2:
return $back;
break;
}
return array();
}
/**
* Returns a UL list of user groups with check boxes
*
* @param string $name The name of the checkbox controls array
* @param array $selected An array of the checked boxes
* @param boolean $checkSuperAdmin If false only super admins can add to super admin groups
*
* @return string
*
* @since 1.6
*/
public static function usergroups($name, $selected, $checkSuperAdmin = false)
{
static $count;
$count++;
$isSuperAdmin = JFactory::getUser()->authorise('core.admin');
$db = JFactory::getDbo();
$query = $db->getQuery(true)->select('a.*, COUNT(DISTINCT b.id) AS level')->from($db->quoteName('#__users_groups') . ' AS a')->join('LEFT', $db->quoteName('#__users_groups') . ' AS b ON a.lft > b.lft AND a.rgt < b.rgt')->group('a.id, a.title, a.lft, a.rgt, a.parent_id')->order('a.lft ASC');
$db->setQuery($query);
$groups = $db->loadObjectList();
$html = array();
for ($i = 0, $n = count($groups); $i < $n; $i++) {
$item =& $groups[$i];
// If checkSuperAdmin is true, only add item if the user is superadmin or the group is not super admin
if (!$checkSuperAdmin || $isSuperAdmin || !JAccess::checkGroup($item->id, 'core.admin')) {
// Setup the variable attributes.
$eid = $count . 'group_' . $item->id;
// Don't call in_array unless something is selected
$checked = '';
if ($selected) {
$checked = in_array($item->id, $selected) ? ' checked="checked"' : '';
}
$rel = $item->parent_id > 0 ? ' rel="' . $count . 'group_' . $item->parent_id . '"' : '';
// Build the HTML for the item.
$html[] = ' <div class="control-group">';
$html[] = ' <div class="controls">';
$html[] = ' <label class="checkbox" for="' . $eid . '">';
$html[] = ' <input type="checkbox" name="' . $name . '[]" value="' . $item->id . '" id="' . $eid . '"';
$html[] = ' ' . $checked . $rel . ' />';
$html[] = ' ' . str_repeat('<span class="gi">|—</span>', $item->level) . $item->title;
$html[] = ' </label>';
$html[] = ' </div>';
$html[] = ' </div>';
}
}
return implode("\n", $html);
}
public function getUserGroups($area)
{
$db = JFactory::getDBO();
if (defined('JPATH_PLATFORM')) {
jimport('joomla.access.access');
$query = $db->getQuery(true);
if (is_object($query)) {
$query->select('id')->from('#__usergroups');
} else {
$query = 'SELECT id FROM #__usergroups';
}
$db->setQuery($query);
if (method_exists($db, 'loadColumn')) {
$groups = $db->loadColumn();
} else {
$groups = $db->loadResultArray();
}
$front = array();
$back = array();
foreach ($groups as $group) {
$create = JAccess::checkGroup($group, 'core.create');
$admin = JAccess::checkGroup($group, 'core.login.admin');
$super = JAccess::checkGroup($group, 'core.admin');
if ($super) {
$back[] = $group;
} else {
// group can create
if ($create) {
// group has admin access
if ($admin) {
$back[] = $group;
} else {
$front[] = $group;
}
}
}
}
} else {
$front = array('19', '20', '21');
$back = array('23', '24', '25');
}
switch ($area) {
case 0:
return array_merge($front, $back);
break;
case 1:
return $front;
break;
case 2:
return $back;
break;
}
return array();
}
