/** * Method override to check if you can edit an existing record. * * @param array $data An array of input data. * @param string $key The name of the key for the primary key. * * @return boolean * * @since 1.6 */ protected function allowEdit($data = array(), $key = 'id') { // get user object. $user = JFactory::getUser(); // get record id. $recordId = (int) isset($data[$key]) ? $data[$key] : 0; if (!$user->authorise('core.options', 'com_costbenefitprojection')) { // make absolutely sure that this company can be edited $companies = CostbenefitprojectionHelper::hisCompanies($user->id); if (!CostbenefitprojectionHelper::checkArray($companies) || !in_array($recordId, $companies)) { return false; } } // ensure lockdown $userIs = CostbenefitprojectionHelper::userIs($user->id); if (1 != $userIs && !CostbenefitprojectionHelper::accessCompany($recordId)) { // this company is locked return false; } // Access check. $access = $user->authorise('company.access', 'com_costbenefitprojection.company.' . (int) $recordId) && $user->authorise('company.access', 'com_costbenefitprojection'); if (!$access) { return false; } if ($recordId) { // The record has been set. Check the record permissions. $permission = $user->authorise('company.edit', 'com_costbenefitprojection.company.' . (int) $recordId); if (!$permission && !is_null($permission)) { if ($user->authorise('company.edit.own', 'com_costbenefitprojection.company.' . $recordId)) { // Now test the owner is the user. $ownerId = (int) isset($data['created_by']) ? $data['created_by'] : 0; if (empty($ownerId)) { // Need to do a lookup from the model. $record = $this->getModel()->getItem($recordId); if (empty($record)) { return false; } $ownerId = $record->created_by; } // If the owner matches 'me' then allow. if ($ownerId == $user->id) { if ($user->authorise('company.edit.own', 'com_costbenefitprojection')) { return true; } } } return false; } } // Since there is no permission, revert to the component permissions. return $user->authorise('company.edit', $this->option); }
/** * Method override to check if you can edit an existing record. * * @param array $data An array of input data. * @param string $key The name of the key for the primary key. * * @return boolean * @since 2.5 */ protected function allowEdit($data = array(), $key = 'id') { // Check specific edit permission then general edit permission. $user = JFactory::getUser(); $recordId = (int) isset($data[$key]) ? $data[$key] : 0; if (!$user->authorise('core.options', 'com_costbenefitprojection')) { // make absolutely sure that this company can be edited $companies = CostbenefitprojectionHelper::hisCompanies($user->id); if (!CostbenefitprojectionHelper::checkArray($companies) || !in_array($recordId, $companies)) { return false; } } // ensure lockdown $userIs = CostbenefitprojectionHelper::userIs($user->id); if (1 != $userIs && !CostbenefitprojectionHelper::accessCompany($recordId)) { // this company is locked return false; } return $user->authorise('company.edit', 'com_costbenefitprojection.company.' . ((int) isset($data[$key]) ? $data[$key] : 0)) or $user->authorise('company.edit', 'com_costbenefitprojection'); }