/**
* Checks if a specific action on a gallery is allowed by the logged in user
* Public (not logged in user) and Registered users have specific permissions.
* Users above registered are treated as Registered. Administrator and Super Administrator
* have all rights.
* @param string action to perform on gallery(view, up_mod_img, del_img, create_mod_gal, del_gal)
* @param int gallery ID of gallery to perform action on
* @return int 1 if allowed, 0 if not allowed.
*/
function checkGallery($action, $gallery_id)
{
global $check, $mainframe;
$database =& JFactory::getDBO();
$my =& JFactory::getUser();
//Check if Access Control is enabled
if (!rsgAccess::aclActivated()) {
//Acl not activated, always return 1;
return 1;
} elseif ($gallery_id == 0) {
//Check for root, always return 1
return 1;
} else {
// first check if user is the owner. if so we can assume user has access to do anything
if ($my->id) {
// check that user is logged in
$sql = "SELECT uid FROM #__rsgallery2_galleries WHERE id = '{$gallery_id}'";
$database->setQuery($sql);
if ($my->id == $database->loadResult()) {
return 1;
}
}
if (!rsgAccess::arePermissionsSet($gallery_id)) {
//Aparently no permissions were found in #__rsgallery2_acl, so create default permissions
rsgAccess::createDefaultPermissions($gallery_id);
// mosRedirect( "index.php?option=com_rsgallery2&page=my_galleries", JText::_('_RSGALLERY_ACL_NO_PERM_FOUND'));
}
// check user type for access
$type = rsgAccess::returnUserType();
$type = $this->levelMaping[$type];
if ($type == "admin") {
// admins are allowed to do everything
return 1;
} else {
// get permission from acl table
$sql = "SELECT " . $type . "_" . $action . " FROM {$this->_table} WHERE gallery_id = '{$gallery_id}'";
$database->setQuery($sql);
return intval($database->loadResult());
}
}
}
$HeightUnit = trim($params->get('heightunit', 'px'));
$PicsNum = intval($params->get('PicsNum', '5'));
$PickMethod = trim($params->get('PickMethod', 'Rand()'));
$ScrollDirection = trim($params->get('ScrollDirection', 'up'));
$ScrollAmount = intval($params->get('ScrollAmount', '2'));
$ScrollDelay = intval($params->get('ScrollDelay', '50'));
$ScrollSpace = intval($params->get('ScrollSpace', '2'));
$BugSpace = intval($params->get('BugSpace', '10'));
$usecss = $params->get('usecss', '1');
$css = $params->get('css');
//determine which gallery id's to use
//use ACL
if ($useACL) {
global $rsgAccess;
//check if acl is activated
if (rsgAccess::aclActivated()) {
//make list of allowed gallery_ids
$gal_ids = $rsgAccess->actionPermitted('view');
if ($usegalselect) {
if (in_array($galselect, $gal_ids)) {
$list = "WHERE #__rsgallery2_files.gallery_id IN(" . $galselect . ")";
} else {
echo "One or more gallery id limits is not viewable for the current usertype";
exit;
}
} else {
$list = "WHERE #__rsgallery2_files.gallery_id IN(" . implode(",", $gal_ids) . ")";
}
} else {
echo "ACL not enabled in RSGallery2 config<br>Enable it, or also disable it for this module";
exit;
