Пример #1
0
 /**
  * Method to return a list of view levels for which the user is authorised.
  *
  * @param   integer  $userId  Id of the user for which to get the list of authorised view levels.
  * @return  array    List of view levels for which the user is authorised.
  */
 public static function getAuthorisedViewLevels($userId)
 {
     // Get all groups that the user is mapped to recursively.
     $groups = self::getGroupsByUser($userId);
     // Only load the view levels once.
     if (empty(self::$viewLevels)) {
         // Build the view levels array.
         $levels = Viewlevel::all()->rows();
         foreach ($levels as $level) {
             self::$viewLevels[$level->get('id')] = (array) json_decode($level->get('rules'));
         }
     }
     // Initialise the authorised array.
     $authorised = array(1);
     // Find the authorised levels.
     foreach (self::$viewLevels as $level => $rule) {
         foreach ($rule as $id) {
             if ($id < 0 && $id * -1 == $userId) {
                 $authorised[] = $level;
                 break;
             } elseif ($id >= 0 && in_array($id, $groups)) {
                 $authorised[] = $level;
                 break;
             }
         }
     }
     return $authorised;
 }
Пример #2
0
 /**
  * Removes one or more entries
  *
  * @return  void
  */
 public function removeTask()
 {
     // Check for request forgeries
     Request::checkToken();
     if (!User::authorise('core.delete', $this->option)) {
         return $this->cancelTask();
     }
     // Incoming
     $ids = Request::getVar('id', array());
     $ids = !is_array($ids) ? array($ids) : $ids;
     $i = 0;
     // Do we have any IDs?
     if (!empty($ids)) {
         // Populate the list once.
         $levelsInUse = array();
         $db = App::get('db');
         $query = $db->getQuery(true)->select('DISTINCT access');
         // Get all the tables and the prefix
         $tables = $db->getTableList();
         $prefix = $db->getPrefix();
         foreach ($tables as $table) {
             // Get all of the columns in the table
             $fields = $db->getTableColumns($table);
             // We are looking for the access field.  If custom tables are using something other
             // than the 'access' field they are on their own unfortunately.
             // Also make sure the table prefix matches the live db prefix (eg, it is not a "bak_" table)
             if (strpos($table, $prefix) === 0 && isset($fields['access'])) {
                 // Lookup the distinct values of the field.
                 $query->clear('from')->from($db->quoteName($table));
                 $db->setQuery($query);
                 $values = $db->loadColumn();
                 $error = $db->getErrorMsg();
                 // Check for DB error.
                 if ($error) {
                     Notify::error($error);
                     continue;
                 }
                 $levelsInUse = array_merge($levelsInUse, $values);
             }
         }
         // Get uniques
         $levelsInUse = array_unique($levelsInUse);
         // Loop through each ID and delete the necessary items
         foreach ($ids as $id) {
             $id = intval($id);
             $row = Viewlevel::oneOrNew($id);
             if (in_array($row->get('id'), $levelsInUse)) {
                 Notify::warning(Lang::txt('COM_MEMBERS_ERROR_VIEW_LEVEL_IN_USE', $row->get('id'), $row->get('title')));
                 continue;
             }
             // Remove the record
             if (!$row->destroy()) {
                 Notify::error($row->getError());
                 continue;
             }
             $i++;
         }
     } else {
         Notify::warning(Lang::txt('COM_MEMBERS_ACCESSLEVELS_DELETE_NO_ROW_SELECTED'));
     }
     // Output messsage and redirect
     if ($i) {
         Notify::success(Lang::txt('COM_MEMBERS_ACCESSLEVELS_DELETE_SUCCESS'));
     }
     $this->cancelTask();
 }
Пример #3
0
 /**
  * Delete this object and its dependencies
  *
  * @return  boolean
  */
 public function destroy()
 {
     if ($this->get('id') == 0) {
         $this->addError('JGLOBAL_CATEGORY_NOT_FOUND');
         return false;
     }
     if ($this->get('parent_id') == 0) {
         $this->addError('JLIB_DATABASE_ERROR_DELETE_ROOT');
         return false;
     }
     if ($this->get('lft') == 0 or $this->get('rgt') == 0) {
         $this->addError('JLIB_DATABASE_ERROR_DELETE_ROOT');
         return false;
     }
     // Select it's children
     $children = self::all()->where('lft', '>=', (int) $this->get('lft'))->where('rgt', '<=', (int) $this->get('rgt'))->rows();
     if (!$children->count()) {
         $this->addError('JLIB_DATABASE_ERROR_DELETE_CATEGORY');
         return false;
     }
     // Delete the dependencies
     $ids = array();
     foreach ($children as $child) {
         $ids[] = $child->get('id');
     }
     $query = $this->getQuery()->delete($this->getTableName())->whereIn('id', $ids);
     if (!$query->execute()) {
         $this->addError($query->getError());
         return false;
     }
     // Delete the usergroup in view levels
     $find = array();
     $replace = array();
     foreach ($ids as $id) {
         $find[] = "[{$id},";
         $find[] = ",{$id},";
         $find[] = ",{$id}]";
         $find[] = "[{$id}]";
         $replace[] = "[";
         $replace[] = ",";
         $replace[] = "]";
         $replace[] = "[]";
     }
     $rules = Viewlevel::all()->rows();
     foreach ($rules as $rule) {
         foreach ($ids as $id) {
             if (strstr($rule->get('rules'), '[' . $id) || strstr($rule->get('rules'), ',' . $id) || strstr($rule->get('rules'), $id . ']')) {
                 $rule->set('rules', str_replace($find, $replace, $rule->get('rules')));
                 if (!$rule->save()) {
                     $this->addError($rule->getError());
                     return false;
                 }
             }
         }
     }
     // Delete the user to usergroup mappings for the group(s) from the database.
     try {
         Map::destroyByGroup($ids);
     } catch (\Exception $e) {
         $this->addError($e->getMessage());
         return false;
     }
     return true;
 }