/** * Method to check if you can add a new record. * * @param array $data An array of input data. * * @return boolean */ protected function allowAdd($data = array()) { // Get form input $project = isset($data['project_id']) ? (int) $data['project_id'] : PFApplicationHelper::getActiveProjectId(); $ms = isset($data['milestone_id']) ? (int) $data['milestone_id'] : 0; $user = JFactory::getUser(); $db = JFactory::getDbo(); $is_sa = $user->authorise('core.admin'); $levels = $user->getAuthorisedViewLevels(); $query = $db->getQuery(true); $asset = 'com_pftasks'; $access = true; // Check if the user has access to the project if ($project) { // Check if in allowed projects when not a super admin if (!$is_sa) { $access = in_array($project, PFUserHelper::getAuthorisedProjects()); } // Change the asset name $asset .= '.project.' . $project; } // Check if the user can access the selected milestone when not a super admin if (!$is_sa && $ms && $access) { $query->select('access')->from('#__pf_milestones')->where('id = ' . $db->quote((int) $ms)); $db->setQuery($query); $lvl = $db->loadResult(); $access = in_array($lvl, $levels); } return $user->authorise('core.create', $asset) && $access; }
/** * Method to check if you can add a new record. * * @param array $data An array of input data. * * @return boolean */ protected function allowAdd($data = array()) { // Get form input $project = isset($data['project_id']) ? (int) $data['project_id'] : PFApplicationHelper::getActiveProjectId(); $user = JFactory::getUser(); $asset = 'com_pftime'; $access = true; if ($project) { // Check if the user has viewing access when not a super admin if (!$user->authorise('core.admin')) { $access = in_array($project, PFUserHelper::getAuthorisedProjects()); } // Change the asset name $asset .= '.project.' . $project; } return $user->authorise('core.create', $asset) && $access; }