protected function checkVendor() { $input = JFactory::getApplication()->input; $msg = ''; $this->_vendor = Permissions::getInstance()->isSuperVendor(); if ($this->_vendor == 1) { return true; } // can do all if (!$this->_vendor) { //non vendor have no access ! $msg = JText::_('JLIB_APPLICATION_ERROR_ACCESS_FORBIDDEN') . ' (' . JText::_('COM_VIRTUEMART_' . strtoupper($this->_cname)) . ')'; jRequest::setVar('task', ''); $input->set('task', ''); $this->setRedirect('index.php', $msg, 'error'); return false; } if ($this->_cname === 'user') { $this->_canEdit = ShopFunctions::can('editshop', $this->_cname); } else { $this->_canEdit = ShopFunctions::can('edit', $this->_cname); } $this->_canAdd = ShopFunctions::can('add', $this->_cname); // publish is for all controllers $this->_canPublish = ShopFunctions::can('publish'); $tasks = explode('.', JRequest::getCmd('task', 'default')); $task = $tasks[0]; $addTasks = array('add' => true, 'edit' => true, 'apply' => true, 'save' => true, 'save2new' => true, 'save2copy' => true); $canDo = true; if (!$this->_canEdit) { // toggle is checked in controller $taskBlacklist = array('edit', 'apply', 'save', 'apply', 'toggle', 'orderUp', 'orderDown', 'saveOrder', 'paste'); // only check non admin if (in_array($task, $taskBlacklist)) { $msg = JText::_('JLIB_APPLICATION_ERROR_EDIT_NOT_PERMITTED') . ' (' . JText::_('COM_VIRTUEMART_' . strtoupper($this->_cname)) . ')'; jRequest::setVar('task', ''); $input->set('task', ''); $canDo = false; } } elseif (!$this->_canPublish && ($task == 'publish' || $task == 'unpublish' || $task == 'toggle')) { $msg = JText::_('JLIB_APPLICATION_ERROR_EDITSTATE_NOT_PERMITTED') . ' (' . JText::_('COM_VIRTUEMART_' . strtoupper($this->_cname)) . ')'; jRequest::setVar('task', ''); $input->set('task', ''); $canDo = false; } elseif (!$this->_canAdd && $task == 'add') { $msg = JText::_('JLIB_APPLICATION_ERROR_CREATE_RECORD_NOT_PERMITTED') . ' (' . JText::_('COM_VIRTUEMART_' . strtoupper($this->_cname)) . ')'; jRequest::setVar('task', ''); $input->set('task', ''); $canDo = false; } elseif ($this->_canAdd && isset($addTasks[$task])) { $canDo = $this->checkOwn(); $msg = JText::_('JERROR_AN_ERROR_HAS_OCCURRED') . ' : ' . JText::_('JACTION_EDITOWN') . ' (' . JText::_('COM_VIRTUEMART_' . strtoupper($this->_cname)) . ' ' . $tasks[0] . ' vendor ' . $this->_vendor . ')'; } else { //$taskBlacklist =array('add','edit','apply','save'); // verify if it's own item if (isset($addTasks[$task]) && !$this->checkOwn()) { $msg = JText::_('JLIB_APPLICATION_ERROR_ACCESS_FORBIDDEN') . ' (' . JText::_('COM_VIRTUEMART_' . strtoupper($this->_cname)) . ' ' . $tasks[0] . ' vendor ' . $this->_vendor . ')'; jRequest::setVar('task', ''); $input->set('task', ''); $canDo = false; } } if (!$canDo) { $this->setRedirect(null, $msg, 'error'); } return $canDo; }
/** * Clone a product * * @author RolandD, Max Milbers */ public function CloneProduct() { // $mainframe = Jfactory::getApplication(); /* Load the view object */ $view = $this->getView('product', 'html'); $model = VmModel::getModel('product'); $msgtype = ''; //$cids = JRequest::getInt('virtuemart_product_id',0); $cids = JRequest::getVar($this->_cidName, JRequest::getVar('virtuemart_product_id', array(), '', 'ARRAY'), '', 'ARRAY'); //jimport( 'joomla.utilities.arrayhelper' ); JArrayHelper::toInteger($cids); foreach ($cids as $cid) { if ($model->createClone($cid)) { $msg = JText::_('COM_VIRTUEMART_PRODUCT_CLONED_SUCCESSFULLY'); } else { $msg = JText::_('COM_VIRTUEMART_PRODUCT_NOT_CLONED_SUCCESSFULLY'); $msgtype = 'error'; } } jRequest::setVar('task', null); $this->display(); // $mainframe->redirect('index.php?option=com_virtuemart&view=product', $msg, $msgtype); }