/** * Method override to check if you can edit an existing record. * * @param array $data An array of input data. * @param string $key The name of the key for the primary key. * * @return boolean * * @since 1.6 */ protected function allowEdit($data = array(), $key = 'id') { // get user object. $user = JFactory::getUser(); // get record id. $recordId = (int) isset($data[$key]) ? $data[$key] : 0; // get company id $company = CostbenefitprojectionHelper::getId('intervention', $recordId, 'id', 'company'); if (!$user->authorise('core.options', 'com_costbenefitprojection')) { // make absolutely sure that this intervention can be edited $companies = CostbenefitprojectionHelper::hisCompanies($user->id); if (!CostbenefitprojectionHelper::checkArray($companies) || !in_array($company, $companies)) { return false; } } // now check the access by sharing if (!CostbenefitprojectionHelper::checkIntervetionAccess($recordId, null, $company)) { return false; } // Access check. $access = $user->authorise('intervention.access', 'com_costbenefitprojection.intervention.' . (int) $recordId) && $user->authorise('intervention.access', 'com_costbenefitprojection'); if (!$access) { return false; } if ($recordId) { // The record has been set. Check the record permissions. $permission = $user->authorise('intervention.edit', 'com_costbenefitprojection.intervention.' . (int) $recordId); if (!$permission && !is_null($permission)) { if ($user->authorise('intervention.edit.own', 'com_costbenefitprojection.intervention.' . $recordId)) { // Now test the owner is the user. $ownerId = (int) isset($data['created_by']) ? $data['created_by'] : 0; if (empty($ownerId)) { // Need to do a lookup from the model. $record = $this->getModel()->getItem($recordId); if (empty($record)) { return false; } $ownerId = $record->created_by; } // If the owner matches 'me' then allow. if ($ownerId == $user->id) { if ($user->authorise('intervention.edit.own', 'com_costbenefitprojection')) { return true; } } } return false; } } // Since there is no permission, revert to the component permissions. return $user->authorise('intervention.edit', $this->option); }
public function getInterventionBuildTable($idName, $oject, $cluster) { if (CostbenefitprojectionHelper::isJson($oject) && CostbenefitprojectionHelper::checkString($idName)) { $array = json_decode($oject, true); $targetHeaders = array('causerisk' => JText::_('COM_COSTBENEFITPROJECTION_CAUSERISK'), 'cpe' => JText::_('COM_COSTBENEFITPROJECTION_COST_PER_EMPLOYEE'), 'mbr' => JText::_('COM_COSTBENEFITPROJECTION_MORBIDITY_REDUCTION'), 'mtr' => JText::_('COM_COSTBENEFITPROJECTION_MORTALITY_REDUCTION')); if (CostbenefitprojectionHelper::checkArray($array)) { $table = '<table id="table_' . $idName . '" class="table" style="margin: 5px 0 20px;"><thead><tr>'; $rows = array(); foreach ($array as $header => $values) { $table .= '<th style="padding: 10px; text-align: center; border: 1px solid rgb(221, 221, 221);" scope="col">' . $targetHeaders[$header] . '</th>'; if (CostbenefitprojectionHelper::checkArray($values)) { foreach ($values as $nr => $value) { if ($header == 'causerisk') { $value = CostbenefitprojectionHelper::getId('causerisk', $value, 'id', 'name'); } elseif ($cluster == 'ja') { $vc = $header . '_' . $nr; if (strpos($value, '&') !== false) { $value = '<input style="width:100px; color:red;" class="clusterintervention required eRrOr" id="' . $vc . '" placeholder="Only A Number" value="' . $value . '">'; } else { $value = '<input style="width:100px;" class="clusterintervention required" id="' . $vc . '" placeholder="Only A Number" value="' . $value . '">'; } } // build rows if (!isset($rows[$nr])) { $rows[$nr] = '<td style="padding: 10px; text-align: center; border: 1px solid rgb(221, 221, 221);">' . $value . '</td>'; } else { $rows[$nr] .= '<td style="padding: 10px; text-align: center; border: 1px solid rgb(221, 221, 221);">' . $value . '</td>'; } } } } // close header start body $table .= '</tr></thead><tbody>'; // add rows to table if (CostbenefitprojectionHelper::checkArray($rows)) { foreach ($rows as $row) { $table .= '<tr>' . $row . '</tr>'; } } // close the body and table $table .= '</tbody></table>'; // return the table return $table; } } return false; }
/** * Method to get a list of options for a list input. * * @return array An array of JHtml options. */ public function getOptions() { // get the input from url $jinput = JFactory::getApplication()->input; // get the view name & id $interId = $jinput->getInt('id', 0); // Get the user object. $user = JFactory::getUser(); $userIs = CostbenefitprojectionHelper::userIs($user->id); $db = JFactory::getDBO(); $query = $db->getQuery(true); $query->select($db->quoteName(array('a.id', 'a.name', 'a.company', 'a.share'), array('id', 'interventions_name', 'company', 'share'))); $query->from($db->quoteName('#__costbenefitprojection_intervention', 'a')); $query->where($db->quoteName('a.published') . ' = 1'); $query->where($db->quoteName('a.id') . ' != ' . $interId); if (!$user->authorise('core.admin')) { $companies = CostbenefitprojectionHelper::hisCompanies($user->id); if (CostbenefitprojectionHelper::checkArray($companies)) { $companies = implode(',', $companies); // only load this users companies $query->where('a.company IN (' . $companies . ')'); } else { // dont allow user to see any companies $query->where('a.company = -4'); } } $query->order('a.name ASC'); $db->setQuery((string) $query); $items = $db->loadObjectList(); $options = array(); if ($items) { foreach ($items as $item) { if (!CostbenefitprojectionHelper::checkIntervetionAccess($item->id, $item->share, $item->company)) { continue; } if (1 == $userIs) { $options[] = JHtml::_('select.option', $item->id, $item->interventions_name); } else { $compName = CostbenefitprojectionHelper::getId('company', $item->company, 'id', 'name'); $options[] = JHtml::_('select.option', $item->id, $item->interventions_name . ' (' . $compName . ')'); } } } return $options; }
/** * Batch move items to a new category * * @param integer $value The new category ID. * @param array $pks An array of row IDs. * @param array $contexts An array of item contexts. * * @return boolean True if successful, false otherwise and internal error is set. * * @since 12.2 */ protected function batchMove($values, $pks, $contexts) { if (empty($this->batchSet)) { // Set some needed variables. $this->user = JFactory::getUser(); $this->table = $this->getTable(); $this->tableClassName = get_class($this->table); $this->contentType = new JUcmType(); $this->type = $this->contentType->getTypeByTable($this->tableClassName); $this->canDo = CostbenefitprojectionHelper::getActions('scaling_factor'); } if (!$this->canDo->get('scaling_factor.edit') && !$this->canDo->get('scaling_factor.batch')) { $this->setError(JText::_('JLIB_APPLICATION_ERROR_BATCH_CANNOT_EDIT')); return false; } if (!$this->user->authorise('core.options', 'com_costbenefitprojection')) { // make absolutely sure that this scaling factor can be moved $companies = CostbenefitprojectionHelper::hisCompanies($this->user->id); if (CostbenefitprojectionHelper::checkArray($companies)) { foreach ($pks as $nr => $pk) { $company = CostbenefitprojectionHelper::getId('scaling_factor', $pk, 'id', 'company'); if (!in_array($company, $companies)) { unset($pks[$nr]); } } if (empty($pks)) { $this->setError(JText::sprintf('JLIB_APPLICATION_ERROR_BATCH_MOVE_ROW_NOT_FOUND', 0)); return false; } } else { $this->setError(JText::sprintf('JLIB_APPLICATION_ERROR_BATCH_MOVE_ROW_NOT_FOUND', 0)); return false; } } // make sure published only updates if user has the permission. if (isset($values['published']) && !$this->canDo->get('scaling_factor.edit.state')) { unset($values['published']); } // remove move_copy from array unset($values['move_copy']); // Parent exists so we proceed foreach ($pks as $pk) { if (!$this->user->authorise('scaling_factor.edit', $contexts[$pk])) { $this->setError(JText::_('JLIB_APPLICATION_ERROR_BATCH_CANNOT_EDIT')); return false; } // Check that the row actually exists if (!$this->table->load($pk)) { if ($error = $this->table->getError()) { // Fatal error $this->setError($error); return false; } else { // Not fatal error $this->setError(JText::sprintf('JLIB_APPLICATION_ERROR_BATCH_MOVE_ROW_NOT_FOUND', $pk)); continue; } } // insert all set values. if (CostbenefitprojectionHelper::checkArray($values)) { foreach ($values as $key => $value) { // Do special action for access. if ('access' == $key && strlen($value) > 0) { $this->table->{$key} = $value; } elseif (strlen($value) > 0 && isset($this->table->{$key})) { $this->table->{$key} = $value; } } } // Check the row. if (!$this->table->check()) { $this->setError($this->table->getError()); return false; } if (!empty($this->type)) { $this->createTagsHelper($this->tagsObserver, $this->type, $pk, $this->typeAlias, $this->table); } // Store the row. if (!$this->table->store()) { $this->setError($this->table->getError()); return false; } } // Clean the cache $this->cleanCache(); return true; }