/**
* Checks access permissions of the user regarding on the groupid
*
* @author Christoph Lukes
* @since 0.9
*
* @param int $recurse
* @param int $level
* @return boolean True on success
*/
function validate_user($recurse, $level)
{
$user =& JFactory::getUser();
//only check when user is logged in
if ($user->get('id')) {
$acl =& JFactory::getACL();
$superuser = UserAcl::superuser();
$groupid = $user->get('gid');
if ($recurse) {
$recursec = 'RECURSE';
} else {
$recursec = 'NO_RECURSE';
}
//open for superuser or registered and thats all what is needed
//level = -1 all registered users
//level = -2 disabled
if ($level == -1 && $groupid > 0 || $superuser && $level != -2) {
return true;
//if not proceed checking
} else {
//User has exactly the needed groupid->ok
if ($groupid == $level) {
return true;
}
//User hasn't the needed groupid, check if he is a member of a member group
if ($recursec == 'RECURSE') {
$group_childs = array();
$group_childs = $acl->get_group_children($level, 'ARO', $recursec);
//ugly workaround to merge Public Frontend and Public Backend
if ($groupid >= 23) {
$public_backend = array(23, 24, 25);
$group_childs = array_merge($group_childs, $public_backend);
}
if (is_array($group_childs) && count($group_childs) > 0) {
//Childgroups exists than check if user belongs to one of it
if (in_array($groupid, $group_childs)) {
//User belongs to one of it -> ok
return true;
}
}
}
}
//end logged in check
}
//oh oh, user has no permissions
return false;
}
/**
* logic to get the categories options
*
* @access public
* @return void
*/
function getCategoryOptions()
{
$user =& JFactory::getUser();
$app =& JFactory::getApplication();
$params = $app->getParams();
$superuser = UserAcl::superuser();
//administrators or superadministrators have access to all categories, also maintained ones
if ($superuser) {
$cwhere = ' WHERE c.published = 1';
} else {
$acl = UserACl::getInstance();
$managed = $acl->getManagedVenuesCategories();
if (!$managed || !count($managed)) {
return false;
}
$cwhere = ' WHERE c.id IN (' . implode(',', $managed) . ') ';
}
//get the maintained categories and the categories whithout any group
//or just get all if somebody have edit rights
$query = ' SELECT c.id, c.name, (COUNT(parent.name) - 1) AS depth, c.ordering ' . ' FROM #__redevent_venues_categories AS c, ' . ' #__redevent_venues_categories AS parent ' . $cwhere . ' AND c.lft BETWEEN parent.lft AND parent.rgt ' . ' GROUP BY c.id ' . ' ORDER BY c.lft;';
$this->_db->setQuery($query);
$results = $this->_db->loadObjectList();
$options = array();
foreach ((array) $results as $cat) {
$options[] = JHTML::_('select.option', $cat->id, str_repeat('>', $cat->depth) . ' ' . $cat->name);
}
$this->_categories = $options;
return $this->_categories;
}
/**
* return events lists as options, according to group ACL
*
* @return array
*/
function getEventOptions()
{
$user =& JFactory::getUser();
$app =& JFactory::getApplication();
$params = $app->getParams();
$query = ' SELECT e.id AS value, e.title AS text ' . ' FROM #__redevent_events AS e ' . ' INNER JOIN #__redevent_event_category_xref AS xcat ON xcat.event_id = e.id ' . ' LEFT JOIN #__redevent_groups_categories AS gc ON gc.category_id = xcat.category_id ' . ' LEFT JOIN #__redevent_groupmembers AS gm ON gm.group_id = gc.group_id ' . ' LEFT JOIN #__redevent_groups AS g ON gc.group_id = g.id ';
$where = array();
$where[] = ' e.published = 1 ';
// filtering if not superuser
if (!UserAcl::superuser()) {
$where[] = ' gc.accesslevel > 0 ';
$where[] = ' ((g.isdefault = 1 ' . ' AND (g.edit_events > 1 ' . ' OR (g.edit_events = 1 AND e.created_by = ' . $this->_db->Quote($user->get('id')) . '))) ' . ' OR (gm.member = ' . $this->_db->Quote($user->get('id')) . ' AND (gm.manage_xrefs = 1 ' . ' OR gm.manage_events > 1 OR (gm.manage_events = 1 AND e.created_by = gm.member)))) ';
}
$query .= ' WHERE ' . implode(' AND ', $where);
$query .= ' GROUP BY e.id ';
$query .= ' ORDER BY e.title ASC ';
$this->_db->setQuery($query);
return $this->_db->loadObjectList();
}
