$originalOrders = array();
$extension = 'com_content';
}
$k = 0;
$i = 0;
foreach ($this->rows as $row) {
if (FLEXI_J16GE) {
$canEdit = $user->authorise('core.edit', $extension . '.category.' . $row->id);
$canEditOwn = $user->authorise('core.edit.own', $extension . '.category.' . $row->id) && $row->created_user_id == $user->get('id');
$canEditState = $user->authorise('core.edit.state', $extension . '.category.' . $row->id);
$canEditStateOwn = $user->authorise('core.edit.state.own', $extension . '.category.' . $row->id) && $row->created_user_id == $user->get('id');
$recordAvailable = $canCheckinRecords && $row->checked_out == $user->id || !$row->checked_out;
$canChange = ($canEditState || $canEditStateOwn) && $recordAvailable;
} else {
if (FLEXI_ACCESS) {
$rights = FAccess::checkAllItemAccess('com_content', 'users', $user->gmid, 0, $row->id);
$canEdit = $user->gid < 25 ? in_array('edit', $rights) || in_array('editown', $rights) : 1;
$canEditOwn = 0;
// edit.own ACL applies only to items, no category ownership in J1.5
} else {
$canEdit = 1;
// No category edit ACL in J1.5
$canEditOwn = 0;
// No category edit.own ACL in J1.5, set to zero because there is no category ownership J1.5
}
}
if (FLEXI_J16GE) {
$published = JHTML::_('jgrid.published', $row->published, $i, 'categories.', $canChange);
} else {
$published = JHTML::_('grid.published', $row, $i);
}
function display($tpl = null)
{
global $globalcats;
$app = JFactory::getApplication();
$user = JFactory::getUser();
$document = JFactory::getDocument();
if (FLEXI_J16GE) {
JFactory::getLanguage()->load('com_categories', JPATH_ADMINISTRATOR, 'en-GB', true);
JFactory::getLanguage()->load('com_categories', JPATH_ADMINISTRATOR, null, true);
}
// ***********************************************************
// Get category data, and check if item is already checked out
// ***********************************************************
// Get data from the model
$model = $this->getModel();
if (FLEXI_J16GE) {
$row = $this->get('Item');
$form = $this->get('Form');
} else {
$row = $this->get('Category');
}
$catparams = FLEXI_J16GE ? new JRegistry($row->params) : new JParameter($row->params);
$cid = $row->id;
$isnew = !$cid;
// Check category is checked out by different editor / administrator
if (!$isnew && $model->isCheckedOut($user->get('id'))) {
JError::raiseWarning('SOME_ERROR_CODE', $row->title . ' ' . JText::_('FLEXI_EDITED_BY_ANOTHER_ADMIN'));
$app->redirect('index.php?option=com_flexicontent&view=categories');
}
// ***************************************************************************
// Currently access checking for category add/edit form , it is done here, for
// most other views we force going though the controller and checking it there
// ***************************************************************************
// *********************************************************************************************
// Global Permssions checking (needed because this view can be called without a controller task)
// *********************************************************************************************
// Get global permissions
$perms = FlexicontentHelperPerm::getPerm();
// handles super admins correctly
// Check no access to categories management (Global permission)
if (!$perms->CanCats) {
$app->redirect('index.php?option=com_flexicontent', JText::_('FLEXI_NO_ACCESS'));
}
// Check no privilege to create new categories (Global permission)
if ($isnew && !$perms->CanAddCats) {
JError::raiseWarning(403, JText::_('FLEXI_NO_ACCESS_CREATE'));
$app->redirect('index.php?option=com_flexicontent');
}
// ************************************************************************************
// Record Permssions (needed because this view can be called without a controller task)
// ************************************************************************************
// Get edit privilege for current category
if (!$isnew) {
if (FLEXI_J16GE) {
$isOwner = $row->get('created_by') == $user->id;
$rights = FlexicontentHelperPerm::checkAllItemAccess($user->id, 'category', $cid);
$canedit_cat = in_array('edit', $rights) || in_array('edit.own', $rights) && $isOwner;
} else {
if (FLEXI_ACCESS) {
$rights = FAccess::checkAllItemAccess('com_content', 'users', $user->gmid, 0, $row->id);
$canedit_cat = $user->gid < 25 ? in_array('edit', $rights) || in_array('editown', $rights) : 1;
} else {
$canedit_cat = true;
}
}
}
// Get if we can create inside at least one (com_content) category
if (!FLEXI_J16GE || $user->authorise('core.create', 'com_flexicontent')) {
$cancreate_cat = true;
} else {
$usercats = FlexicontentHelperPerm::getAllowedCats($user, $actions_allowed = array('core.create'), $require_all = true, $check_published = true, $specific_catids = false, $find_first = true);
$cancreate_cat = count($usercats) > 0;
}
// Creating new category: Check if user can create inside any existing category
if ($isnew && !$cancreate_cat) {
$acc_msg = JText::_('FLEXI_NO_ACCESS_CREATE') . "<br/>" . (FLEXI_J16GE ? JText::_('FLEXI_CANNOT_ADD_CATEGORY_REASON') : "");
JError::raiseWarning(403, $acc_msg);
$app->redirect('index.php?option=com_flexicontent&view=categories');
}
// Editing existing category: Check if user can edit existing (current) category
if (!$isnew && !$canedit_cat) {
$acc_msg = JText::_('FLEXI_NO_ACCESS_EDIT') . "<br/>" . JText::_('FLEXI_CANNOT_EDIT_CATEGORY_REASON');
JError::raiseWarning(403, $acc_msg);
$app->redirect('index.php?option=com_flexicontent&view=categories');
}
// **************************************************
// Include needed files and add needed js / css files
// **************************************************
FLEXI_J30GE ? JHtml::_('behavior.framework', true) : JHTML::_('behavior.mootools');
flexicontent_html::loadFramework('jQuery');
flexicontent_html::loadFramework('select2');
// Load pane behavior
jimport('joomla.html.pane');
// Load tooltips
JHTML::_('behavior.tooltip');
// Add css to document
$document->addStyleSheet(JURI::base() . 'components/com_flexicontent/assets/css/flexicontentbackend.css');
if (FLEXI_J30GE) {
$document->addStyleSheet(JURI::base() . 'components/com_flexicontent/assets/css/j3x.css');
} else {
if (FLEXI_J16GE) {
$document->addStyleSheet(JURI::base() . 'components/com_flexicontent/assets/css/j25.css');
} else {
$document->addStyleSheet(JURI::base() . 'components/com_flexicontent/assets/css/j15.css');
}
}
// Add js function to overload the joomla submitform
$document->addScript(JURI::root() . 'components/com_flexicontent/assets/js/admin.js');
$document->addScript(JURI::root() . 'components/com_flexicontent/assets/js/validate.js');
// ********************
// Initialise variables
// ********************
$editor_name = $user->getParam('editor', $app->getCfg('editor'));
$editor = JFactory::getEditor($editor_name);
$cparams = JComponentHelper::getParams('com_flexicontent');
$bar = JToolBar::getInstance('toolbar');
if (!FLEXI_J16GE) {
$pane = JPane::getInstance('sliders');
$tpane = JPane::getInstance('tabs', array('startOffset' => 0, 'allowAllClose' => true, 'opacityTransition' => true, 'duration' => 600));
}
$categories = $globalcats;
// ******************
// Create the toolbar
// ******************
// Create Toolbar title and add the preview button
if (!$isnew) {
JToolBarHelper::title(JText::_('FLEXI_EDIT_CATEGORY'), 'fc_categoryedit');
$autologin = $cparams->get('autoflogin', 1) ? '&fcu=' . $user->username . '&fcp=' . $user->password : '';
$previewlink = JRoute::_(JURI::root() . FlexicontentHelperRoute::getCategoryRoute($categories[$cid]->slug)) . $autologin;
// Add a preview button
$bar->appendButton('Custom', '<a class="preview btn btn-small" href="' . $previewlink . '" target="_blank"><span title="' . JText::_('Preview') . '" class="icon-32-preview"></span>' . JText::_('Preview') . '</a>', 'preview');
} else {
JToolBarHelper::title(JText::_('FLEXI_NEW_CATEGORY'), 'fc_categoryadd');
}
// Add apply and save buttons
if (FLEXI_J16GE) {
JToolBarHelper::apply('category.apply');
JToolBarHelper::save('category.save');
} else {
JToolBarHelper::apply();
JToolBarHelper::save();
}
// Add a save and new button, if user can create inside at least one (com_content) category
if ($cancreate_cat) {
if (FLEXI_J16GE) {
JToolBarHelper::save2new('category.save2new');
} else {
JToolBarHelper::custom('saveandnew', 'savenew.png', 'savenew.png', 'FLEXI_SAVE_AND_NEW', false);
}
}
// Add a save as copy button, if editing an existing category (J2.5 only)
if (FLEXI_J16GE && !$isnew && $cancreate_cat) {
JToolBarHelper::save2copy('category.save2copy');
}
// Add a cancel or close button
if ($isnew) {
if (FLEXI_J16GE) {
JToolBarHelper::cancel('category.cancel');
} else {
JToolBarHelper::cancel();
}
} else {
if (FLEXI_J16GE) {
JToolBarHelper::cancel('category.cancel', 'JTOOLBAR_CLOSE');
} else {
JToolBarHelper::custom('cancel', 'cancel.png', 'cancel.png', 'CLOSE', false);
}
}
// *******************************************
// Prepare data to pass to the form's template
// *******************************************
if (!FLEXI_J16GE) {
//clean data
JFilterOutput::objectHTMLSafe($row, ENT_QUOTES, 'description');
// Create the form
$form = new JParameter($row->params, JPATH_COMPONENT . DS . 'models' . DS . 'category.xml');
//$form->loadINI($row->attribs);
//echo "<pre>"; print_r($form->_xml['templates']->_children[0]); echo "<pre>"; print_r($form->_xml['templates']->param[0]); exit;
foreach ($form->_xml['templates']->_children as $i => $child) {
if (isset($child->_attributes['enableparam']) && !$cparams->get($child->_attributes['enableparam'])) {
unset($form->_xml['templates']->_children[$i]);
unset($form->_xml['templates']->param[$i]);
}
}
foreach ($form->_xml['special']->_children as $i => $child) {
if (isset($child->_attributes['enableparam']) && !$cparams->get($child->_attributes['enableparam'])) {
unset($form->_xml['special']->_children[$i]);
unset($form->_xml['special']->param[$i]);
}
}
}
// **********************************************************************************
// Get Templates and apply Template Parameters values into the form fields structures
// **********************************************************************************
$themes = flexicontent_tmpl::getTemplates();
$tmpls = $themes->category;
foreach ($tmpls as $tmpl) {
if (FLEXI_J16GE) {
$jform = new JForm('com_flexicontent.template.category', array('control' => 'jform', 'load_data' => true));
$jform->load($tmpl->params);
$tmpl->params = $jform;
// ... values applied at the template form file
} else {
$tmpl->params->loadINI($row->params);
}
}
//build selectlists
$Lists = array();
if (!FLEXI_J16GE) {
$javascript = "onchange=\"javascript:if (document.forms[0].image.options[selectedIndex].value!='') {document.imagelib.src='../images/stories/' + document.forms[0].image.options[selectedIndex].value} else {document.imagelib.src='../images/blank.png'}\"";
$Lists['imagelist'] = JHTML::_('list.images', 'image', $row->image, $javascript, '/images/stories/');
$Lists['access'] = JHTML::_('list.accesslevel', $row);
// build granular access list
if (FLEXI_ACCESS) {
$Lists['access'] = FAccess::TabGmaccess($row, 'category', 1, 1, 1, 1, 1, 1, 1, 1, 1);
}
}
$check_published = false;
$check_perms = true;
$actions_allowed = array('core.create');
$fieldname = FLEXI_J16GE ? 'jform[parent_id]' : 'parent_id';
$Lists['parent_id'] = flexicontent_cats::buildcatselect($categories, $fieldname, $row->parent_id, $top = 1, 'class="use_select2_lib"', $check_published, $check_perms, $actions_allowed, $require_all = true, $skip_subtrees = array(), $disable_subtrees = array($row->id));
$check_published = false;
$check_perms = true;
$actions_allowed = array('core.edit', 'core.edit.own');
$fieldname = FLEXI_J16GE ? 'jform[copycid]' : 'copycid';
$Lists['copycid'] = flexicontent_cats::buildcatselect($categories, $fieldname, '', $top = 2, 'class="use_select2_lib"', $check_published, $check_perms, $actions_allowed, $require_all = false);
$custom_options[''] = 'FLEXI_USE_GLOBAL';
$custom_options['0'] = 'FLEXI_COMPONENT_ONLY';
$custom_options['-1'] = 'FLEXI_PARENT_CAT_MULTI_LEVEL';
$check_published = false;
$check_perms = true;
$actions_allowed = array('core.edit', 'core.edit.own');
$fieldname = FLEXI_J16GE ? 'jform[special][inheritcid]' : 'params[inheritcid]';
$Lists['inheritcid'] = flexicontent_cats::buildcatselect($categories, $fieldname, $catparams->get('inheritcid', ''), $top = false, 'class="use_select2_lib"', $check_published, $check_perms, $actions_allowed, $require_all = false, $skip_subtrees = array(), $disable_subtrees = array(), $custom_options);
// ************************
// Assign variables to view
// ************************
$this->assignRef('document', $document);
$this->assignRef('Lists', $Lists);
$this->assignRef('row', $row);
$this->assignRef('form', $form);
$this->assignRef('perms', $perms);
$this->assignRef('editor', $editor);
$this->assignRef('tmpls', $tmpls);
$this->assignRef('cparams', $cparams);
if (!FLEXI_J16GE) {
$this->assignRef('pane', $pane);
$this->assignRef('tpane', $tpane);
}
parent::display($tpl);
}
/**
* Method to apply a NEW CURRENT version when saving an APPROVED item version
*
* @access public
* @return boolean True on success
* @since 1.0
*/
function applyCurrentVersion(&$item, &$data, $createonly = false)
{
$app = JFactory::getApplication();
$user = JFactory::getUser();
$cparams = $this->_cparams;
$editjf_translations = $cparams->get('editjf_translations', 0);
// ******************************
// Check and store item in the db
// ******************************
// Make sure the data is valid
if (!$item->check()) {
$this->setError($item->getError());
return false;
}
if (!$item->store()) {
$this->setError($this->_db->getErrorMsg());
return false;
}
$this->_id = $item->id;
$this->_item =& $item;
// ***********************
// Save access information
// ***********************
if (FLEXI_ACCESS) {
$rights = FAccess::checkAllItemAccess('com_content', 'users', $user->gmid, $item->id, $item->catid);
$canRight = in_array('right', $rights) || $user->gid > 24;
if ($canRight) {
FAccess::saveaccess($item, 'item');
}
} else {
if (FLEXI_J16GE) {
// Rules for J1.6+ are handled in the JTABLE class of the item with overriden JTable functions: bind() and store()
}
}
// ***************************
// If creating only return ...
// ***************************
if ($createonly) {
return true;
}
// ****************************
// Save joomfish data in the db
// ****************************
if (FLEXI_FISH && $editjf_translations == 2) {
// 0:disable with warning about found translations, 1:disable without warning about found translations, 2:edit-save translations,
$this->_saveJFdata($data['jfdata'], $item);
}
// ***********************************************
// Delete old tag relations and Store the new ones
// ***********************************************
$tags = $data['tags'];
$query = 'DELETE FROM #__flexicontent_tags_item_relations WHERE itemid = ' . $item->id;
$this->_db->setQuery($query);
$this->_db->query();
foreach ($tags as $tag) {
$query = 'INSERT INTO #__flexicontent_tags_item_relations (`tid`, `itemid`) VALUES(' . $tag . ',' . $item->id . ')';
$this->_db->setQuery($query);
$this->_db->query();
}
// ***********************************************************************************************************
// Delete only category relations which are not part of the categories array anymore to avoid loosing ordering
// ***********************************************************************************************************
$cats = $data['categories'];
$query = 'DELETE FROM #__flexicontent_cats_item_relations' . ' WHERE itemid = ' . $item->id . ($cats ? ' AND catid NOT IN (' . implode(', ', $cats) . ')' : '');
$this->_db->setQuery($query);
$this->_db->query();
// Get an array of the item's used categories (already assigned in DB)
$query = 'SELECT catid' . ' FROM #__flexicontent_cats_item_relations' . ' WHERE itemid = ' . $item->id;
$this->_db->setQuery($query);
$used = FLEXI_J16GE ? $this->_db->loadColumn() : $this->_db->loadResultArray();
foreach ($cats as $cat) {
// insert only the new records
if (!in_array($cat, $used)) {
$query = 'INSERT INTO #__flexicontent_cats_item_relations (`catid`, `itemid`)' . ' VALUES(' . $cat . ',' . $item->id . ')';
$this->_db->setQuery($query);
$this->_db->query();
}
}
return true;
}
/**
* Logic to delete items
*
* @access public
* @return void
* @since 1.0
*/
function remove()
{
// Check for request forgeries
JRequest::checkToken() or jexit('Invalid Token');
$db = JFactory::getDBO();
$user = JFactory::getUser();
$cid = JRequest::getVar('cid', array(0), 'post', 'array');
$model = $this->getModel('items');
$itemmodel = $this->getModel('item');
$msg = '';
if (!is_array($cid) || count($cid) < 1) {
JError::raiseNotice(500, JText::_('FLEXI_SELECT_ITEM_DELETE'));
} else {
// Remove unauthorized (undeletable) items
$auth_cid = array();
$non_auth_cid = array();
// Get owner and other item data
$q = "SELECT id, created_by, catid FROM #__content WHERE id IN (" . implode(',', $cid) . ")";
$db->setQuery($q);
$itemdata = $db->loadObjectList('id');
// Check authorization for delete operation
foreach ($cid as $id) {
if (FLEXI_J16GE) {
$rights = FlexicontentHelperPerm::checkAllItemAccess($user->id, 'item', $itemdata[$id]->id);
$canDelete = in_array('delete', $rights);
$canDeleteOwn = in_array('delete.own', $rights) && $itemdata[$id]->created_by == $user->id;
} else {
if (FLEXI_ACCESS && $user->gid < 25) {
$rights = FAccess::checkAllItemAccess('com_content', 'users', $user->gmid, $itemdata[$id]->id, $itemdata[$id]->catid);
$canDelete = in_array('delete', $rights);
$canDeleteOwn = in_array('deleteown', $rights) && $itemdata[$id]->created_by == $user->id;
} else {
$canDelete = $user->gid >= 23;
// is at least manager
$canDeleteOwn = $user->gid >= 23;
// is at least manager
}
}
if ($canDelete || $canDeleteOwn) {
$auth_cid[] = $id;
} else {
$non_auth_cid[] = $id;
}
}
}
//echo "<pre>"; echo "authorized:\n"; print_r($auth_cid); echo "\n\nNOT authorized:\n"; print_r($non_auth_cid); echo "</pre>"; exit;
// Set warning for undeletable items
if (count($non_auth_cid)) {
if (count($non_auth_cid) < 2) {
$msg_noauth = JText::_('FLEXI_CANNOT_DELETE_ITEM');
} else {
$msg_noauth = JText::_('FLEXI_CANNOT_DELETE_ITEMS');
}
$msg_noauth .= ": " . implode(',', $non_auth_cid) . " - " . JText::_('FLEXI_REASON_NO_DELETE_PERMISSION') . " - " . JText::_('FLEXI_IDS_SKIPPED');
JError::raiseNotice(500, $msg_noauth);
}
// Try to delete
if (count($auth_cid) && !$model->delete($auth_cid, $itemmodel)) {
JError::raiseWarning(500, JText::_('FLEXI_OPERATION_FAILED'));
} else {
$msg = count($auth_cid) . ' ' . JText::_('FLEXI_ITEMS_DELETED');
if (FLEXI_J16GE) {
$cache = FLEXIUtilities::getCache($group = '', 0);
$cache->clean('com_flexicontent_items');
$cache->clean('com_flexicontent_filters');
$cache = FLEXIUtilities::getCache($group = '', 1);
$cache->clean('com_flexicontent_items');
$cache->clean('com_flexicontent_filters');
} else {
$itemcache = JFactory::getCache('com_flexicontent_items');
$itemcache->clean();
$filtercache = JFactory::getCache('com_flexicontent_filters');
$filtercache->clean();
}
}
$this->setRedirect('index.php?option=com_flexicontent&view=items', $msg);
}
function display($tpl = null)
{
global $globalcats;
$app = JFactory::getApplication();
$user = JFactory::getUser();
$document = JFactory::getDocument();
JFactory::getLanguage()->load('com_categories', JPATH_ADMINISTRATOR, 'en-GB', true);
JFactory::getLanguage()->load('com_categories', JPATH_ADMINISTRATOR, null, true);
// ***********************************************************
// Get category data, and check if item is already checked out
// ***********************************************************
// Get data from the model
$model = $this->getModel();
if (FLEXI_J16GE) {
$row = $this->get('Item');
$form = $this->get('Form');
} else {
$row = $this->get('Category');
}
$catparams = new JRegistry($row->params);
$cid = $row->id;
$isnew = !$cid;
// Check category is checked out by different editor / administrator
if (!$isnew && $model->isCheckedOut($user->get('id'))) {
JError::raiseWarning('SOME_ERROR_CODE', $row->title . ' ' . JText::_('FLEXI_EDITED_BY_ANOTHER_ADMIN'));
$app->redirect('index.php?option=com_flexicontent&view=categories');
}
// ***************************************************************************
// Currently access checking for category add/edit form , it is done here, for
// most other views we force going though the controller and checking it there
// ***************************************************************************
// *********************************************************************************************
// Global Permssions checking (needed because this view can be called without a controller task)
// *********************************************************************************************
// Get global permissions
$perms = FlexicontentHelperPerm::getPerm();
// handles super admins correctly
// Check no access to categories management (Global permission)
if (!$perms->CanCats) {
$app->redirect('index.php?option=com_flexicontent', JText::_('FLEXI_NO_ACCESS'));
}
// Check no privilege to create new categories (Global permission)
if ($isnew && !$perms->CanAddCats) {
JError::raiseWarning(403, JText::_('FLEXI_NO_ACCESS_CREATE'));
$app->redirect('index.php?option=com_flexicontent');
}
// ************************************************************************************
// Record Permssions (needed because this view can be called without a controller task)
// ************************************************************************************
// Get edit privilege for current category
if (!$isnew) {
if (FLEXI_J16GE) {
$isOwner = $row->get('created_by') == $user->id;
$rights = FlexicontentHelperPerm::checkAllItemAccess($user->id, 'category', $cid);
$canedit_cat = in_array('edit', $rights) || in_array('edit.own', $rights) && $isOwner;
} else {
if (FLEXI_ACCESS) {
$rights = FAccess::checkAllItemAccess('com_content', 'users', $user->gmid, 0, $row->id);
$canedit_cat = $user->gid < 25 ? in_array('edit', $rights) || in_array('editown', $rights) : 1;
} else {
$canedit_cat = true;
}
}
}
// Get if we can create inside at least one (com_content) category
if ($user->authorise('core.create', 'com_flexicontent')) {
$cancreate_cat = true;
} else {
$usercats = FlexicontentHelperPerm::getAllowedCats($user, $actions_allowed = array('core.create'), $require_all = true, $check_published = true, $specific_catids = false, $find_first = true);
$cancreate_cat = count($usercats) > 0;
}
// Creating new category: Check if user can create inside any existing category
if ($isnew && !$cancreate_cat) {
$acc_msg = JText::_('FLEXI_NO_ACCESS_CREATE') . "<br/>" . (FLEXI_J16GE ? JText::_('FLEXI_CANNOT_ADD_CATEGORY_REASON') : "");
JError::raiseWarning(403, $acc_msg);
$app->redirect('index.php?option=com_flexicontent&view=categories');
}
// Editing existing category: Check if user can edit existing (current) category
if (!$isnew && !$canedit_cat) {
$acc_msg = JText::_('FLEXI_NO_ACCESS_EDIT') . "<br/>" . JText::_('FLEXI_CANNOT_EDIT_CATEGORY_REASON');
JError::raiseWarning(403, $acc_msg);
$app->redirect('index.php?option=com_flexicontent&view=categories');
}
// **************************************************
// Include needed files and add needed js / css files
// **************************************************
// Add css to document
$document->addStyleSheetVersion(JURI::base(true) . '/components/com_flexicontent/assets/css/flexicontentbackend.css', FLEXI_VERSION);
$document->addStyleSheetVersion(JURI::base(true) . '/components/com_flexicontent/assets/css/j3x.css', FLEXI_VERSION);
// Add JS frameworks
flexicontent_html::loadFramework('select2');
// Add js function to overload the joomla submitform validation
JHTML::_('behavior.formvalidation');
// load default validation JS to make sure it is overriden
$document->addScriptVersion(JURI::root(true) . '/components/com_flexicontent/assets/js/admin.js', FLEXI_VERSION);
$document->addScriptVersion(JURI::root(true) . '/components/com_flexicontent/assets/js/validate.js', FLEXI_VERSION);
//Load pane behavior
jimport('joomla.html.pane');
// ********************
// Initialise variables
// ********************
$editor_name = $user->getParam('editor', $app->getCfg('editor'));
$editor = JFactory::getEditor($editor_name);
$cparams = JComponentHelper::getParams('com_flexicontent');
$categories = $globalcats;
$bar = JToolBar::getInstance('toolbar');
$tip_class = FLEXI_J30GE ? ' hasTooltip' : ' hasTip';
// ******************
// Create the toolbar
// ******************
// Create Toolbar title and add the preview button
if (!$isnew) {
JToolBarHelper::title(JText::_('FLEXI_EDIT_CATEGORY'), 'fc_categoryedit');
} else {
JToolBarHelper::title(JText::_('FLEXI_NEW_CATEGORY'), 'fc_categoryadd');
}
// Add apply and save buttons
JToolBarHelper::apply('category.apply', 'FLEXI_APPLY');
/*if ( !$isnew ) flexicontent_html::addToolBarButton(
'FLEXI_FAST_APPLY', $btn_name='apply_ajax', $full_js="Joomla.submitbutton('category.apply_ajax')", $msg_alert='', $msg_confirm='',
$btn_task='category.apply_ajax', $extra_js='', $btn_list=false, $btn_menu=true, $btn_confirm=false, $btn_class="", $btn_icon="icon-loop");*/
JToolBarHelper::save('category.save');
// Add a save and new button, if user can create inside at least one (com_content) category
if ($cancreate_cat) {
JToolBarHelper::save2new('category.save2new');
}
// Add a save as copy button, if editing an existing category (J2.5 only)
if (!$isnew && $cancreate_cat) {
JToolBarHelper::save2copy('category.save2copy');
}
// Add a cancel or close button
if ($isnew) {
JToolBarHelper::cancel('category.cancel');
} else {
JToolBarHelper::cancel('category.cancel', 'JTOOLBAR_CLOSE');
}
// ******************
// Add preview button
// ******************
if (!$isnew) {
JToolBarHelper::divider();
$autologin = '';
//$cparams->get('autoflogin', 1) ? '&fcu='.$user->username . '&fcp='.$user->password : '';
$previewlink = JRoute::_(JURI::root() . FlexicontentHelperRoute::getCategoryRoute($categories[$cid]->slug)) . $autologin;
// Add a preview button
$bar->appendButton('Custom', '<a class="preview btn btn-small btn-info spaced-btn" href="' . $previewlink . '" target="_blank" ><span title="' . JText::_('Preview') . '" class="icon-screen"></span>' . JText::_('Preview') . '</a>', 'preview');
}
// ************************
// Add modal layout editing
// ************************
if (!$isnew && $perms->CanTemplates) {
$inheritcid_comp = $cparams->get('inheritcid', -1);
$inheritcid = $catparams->get('inheritcid', '');
$inherit_parent = $inheritcid === '-1' || $inheritcid === '' && $inheritcid_comp;
if (!$inherit_parent || $row->parent_id === '1') {
$row_clayout = $catparams->get('clayout', $cparams->get('clayout', 'blog'));
} else {
$row_clayout = $catparams->get('clayout', '');
if (!$row_clayout) {
$_ancestors = $this->getModel()->getParentParams($row->id);
// This is ordered by level ASC
$row_clayout = $cparams->get('clayout', 'blog');
$cats_params = array();
foreach ($_ancestors as $_cid => $_cat) {
$cats_params = new JRegistry($_cat->params);
$row_clayout = $cats_params->get('clayout', '') ? $cats_params->get('clayout', '') : $row_clayout;
}
}
}
flexicontent_html::addToolBarButton('FLEXI_EDIT_LAYOUT', $btn_name = 'apply_ajax', $full_js = "var url = jQuery(this).attr('data-href'); fc_showDialog(url, 'fc_modal_popup_container'); return false;", $msg_alert = '', $msg_confirm = '', $btn_task = 'items.apply_ajax', $extra_js = '', $btn_list = false, $btn_menu = true, $btn_confirm = false, $btn_class = "btn-info" . $tip_class, $btn_icon = "icon-pencil", 'data-placement="bottom" data-href="index.php?option=com_flexicontent&view=template&type=category&tmpl=component&ismodal=1&folder=' . $row_clayout . '" title="Edit the display layout of this category. <br/><br/>Note: this layout maybe assigned to other categories, thus changing it will effect them too"');
}
// *******************************************
// Prepare data to pass to the form's template
// *******************************************
if (!FLEXI_J16GE) {
//clean data
JFilterOutput::objectHTMLSafe($row, ENT_QUOTES, 'description');
// Create the form
$form = new JParameter($row->params, JPATH_COMPONENT . DS . 'models' . DS . 'category.xml');
//$form->loadINI($row->attribs);
//echo "<pre>"; print_r($form->_xml['templates']->_children[0]); echo "<pre>"; print_r($form->_xml['templates']->param[0]); exit;
foreach ($form->_xml['templates']->_children as $i => $child) {
if (isset($child->_attributes['enableparam']) && !$cparams->get($child->_attributes['enableparam'])) {
unset($form->_xml['templates']->_children[$i]);
unset($form->_xml['templates']->param[$i]);
}
}
foreach ($form->_xml['special']->_children as $i => $child) {
if (isset($child->_attributes['enableparam']) && !$cparams->get($child->_attributes['enableparam'])) {
unset($form->_xml['special']->_children[$i]);
unset($form->_xml['special']->param[$i]);
}
}
}
// **********************************************************************************
// Get Templates and apply Template Parameters values into the form fields structures
// **********************************************************************************
$themes = flexicontent_tmpl::getTemplates();
$tmpls = $themes->category;
foreach ($tmpls as $tmpl) {
$jform = new JForm('com_flexicontent.template.category', array('control' => 'jform', 'load_data' => true));
$jform->load($tmpl->params);
$tmpl->params = $jform;
// ... values applied at the template form file
}
//build selectlists
$Lists = array();
if (!FLEXI_J16GE) {
$javascript = "onchange=\"javascript:if (document.forms[0].image.options[selectedIndex].value!='') {document.imagelib.src='../images/stories/' + document.forms[0].image.options[selectedIndex].value} else {document.imagelib.src='../images/blank.png'}\"";
$Lists['imagelist'] = JHTML::_('list.images', 'image', $row->image, $javascript, '/images/stories/');
$Lists['access'] = JHTML::_('list.accesslevel', $row);
// build granular access list
if (FLEXI_ACCESS) {
$Lists['access'] = FAccess::TabGmaccess($row, 'category', 1, 1, 1, 1, 1, 1, 1, 1, 1);
}
}
$check_published = false;
$check_perms = true;
$actions_allowed = array('core.create');
$fieldname = FLEXI_J16GE ? 'jform[parent_id]' : 'parent_id';
$Lists['parent_id'] = flexicontent_cats::buildcatselect($categories, $fieldname, $row->parent_id, $top = 1, 'class="use_select2_lib"', $check_published, $check_perms, $actions_allowed, $require_all = true, $skip_subtrees = array(), $disable_subtrees = array($row->id));
$check_published = false;
$check_perms = true;
$actions_allowed = array('core.edit', 'core.edit.own');
$fieldname = FLEXI_J16GE ? 'jform[copycid]' : 'copycid';
$Lists['copycid'] = flexicontent_cats::buildcatselect($categories, $fieldname, '', $top = 2, 'class="use_select2_lib"', $check_published, $check_perms, $actions_allowed, $require_all = false);
$custom_options[''] = 'FLEXI_USE_GLOBAL';
$custom_options['0'] = 'FLEXI_COMPONENT_ONLY';
$custom_options['-1'] = 'FLEXI_PARENT_CAT_MULTI_LEVEL';
$check_published = false;
$check_perms = true;
$actions_allowed = array('core.edit', 'core.edit.own');
$fieldname = FLEXI_J16GE ? 'jform[special][inheritcid]' : 'params[inheritcid]';
$Lists['inheritcid'] = flexicontent_cats::buildcatselect($categories, $fieldname, $catparams->get('inheritcid', ''), $top = false, 'class="use_select2_lib"', $check_published, $check_perms, $actions_allowed, $require_all = false, $skip_subtrees = array(), $disable_subtrees = array(), $custom_options);
// ************************
// Assign variables to view
// ************************
$this->assignRef('document', $document);
$this->assignRef('Lists', $Lists);
$this->assignRef('row', $row);
$this->assignRef('form', $form);
$this->assignRef('perms', $perms);
$this->assignRef('editor', $editor);
$this->assignRef('tmpls', $tmpls);
$this->assignRef('cparams', $cparams);
parent::display($tpl);
}
/**
* Creates the edit button
*
* @param int $id
* @param array $params
* @since 1.0
*/
static function editbutton( $item, &$params)
{
if ( !$params->get('show_editbutton', 1) || JRequest::getCmd('print') ) return;
$user = JFactory::getUser();
// Determine if current user can edit the given item
$has_edit_state = false;
if (FLEXI_J16GE) {
$asset = 'com_content.article.' . $item->id;
$has_edit_state = $user->authorise('core.edit', $asset) || ($user->authorise('core.edit.own', $asset) && $item->created_by == $user->get('id'));
// ALTERNATIVE 1
//$rights = FlexicontentHelperPerm::checkAllItemAccess($user->get('id'), 'item', $item->id);
//$has_edit_state = in_array('edit', $rights) || (in_array('edit.own', $rights) && $item->created_by == $user->get('id')) ;
} else if ($user->gid >= 25) {
$has_edit_state = true;
} else if (FLEXI_ACCESS) {
$rights = FAccess::checkAllItemAccess('com_content', 'users', $user->gmid, $item->id, $item->catid);
$has_edit_state = in_array('edit', $rights) || (in_array('editown', $rights) && $item->created_by == $user->get('id')) ;
} else {
$has_edit_state = $user->authorize('com_content', 'edit', 'content', 'all') || ($user->authorize('com_content', 'edit', 'content', 'own') && $item->created_by == $user->get('id'));
}
// Create the edit button only if user can edit the give item
if ( !$has_edit_state ) return;
$show_icons = $params->get('show_icons');
if ( $show_icons ) {
$attribs = '';
$image = FLEXI_J16GE ?
JHTML::image(FLEXI_ICONPATH.'edit.png', JText::_( 'FLEXI_EDIT' ), $attribs) :
JHTML::_('image.site', 'edit.png', FLEXI_ICONPATH, NULL, NULL, JText::_( 'FLEXI_EDIT' ), $attribs) ;
} else {
$image = '';
}
$overlib = JText::_( 'FLEXI_EDIT_TIP' );
$text = JText::_( 'FLEXI_EDIT' );
$tooltip_class = 'fc_editbutton';
if ( $show_icons==1 ) {
$caption = '';
$tooltip_class .= ' editlinktip';
} else {
$caption = $text;
$tooltip_class .= FLEXI_J30GE ? ' btn btn-small' : ' fc_button fcsimple fcsmall';
}
$tooltip_class .= FLEXI_J30GE ? ' hasTooltip' : ' hasTip';
$tooltip_title = flexicontent_html::getToolTip($text, $overlib, 0);
// Maintain menu item ? e.g. current category view,
$Itemid = JRequest::getInt('Itemid', 0); //$Itemid = 0;
$item_url = JRoute::_(FlexicontentHelperRoute::getItemRoute($item->slug, $item->categoryslug, $Itemid, $item));
$link = $item_url .(strstr($item_url, '?') ? '&' : '?'). 'task=edit';
$output = '<a href="'.$link.'" class="'.$tooltip_class.'" title="'.$tooltip_title.'">'.$image.$caption.'</a>';
$output = JText::_( 'FLEXI_ICON_SEP' ) .$output. JText::_( 'FLEXI_ICON_SEP' );
return $output;
}
/**
* Method to CHECK item's -VIEWING- ACCESS, this could be moved to the controller,
* if we do this, then we must check the view variable, because DISPLAY() CONTROLLER TASK
* is shared among all views ... or create a separate FRONTEND controller for the ITEM VIEW
*
* @access private
* @return array
* @since 1.5
*/
function _check_viewing_access()
{
global $globalcats;
$app = JFactory::getApplication();
$user = JFactory::getUser();
$session = JFactory::getSession();
$aid = (int) $user->get('aid');
$gid = (int) $user->get('gid');
$cid = $this->_cid;
$params = $this->_item->parameters;
$cparams = $this->_cparams;
$fcreturn = serialize( array('id'=>@$this->_item->id, 'cid'=>$cid) ); // a special url parameter, used by some SEF code
$referer = @$_SERVER['HTTP_REFERER']; // the previously viewed page (refer)
// a basic item title string
$title_str = "<br />". JText::_('FLEXI_TITLE').": ".$this->_item->title.'[id: '.$this->_item->id.']';
// Since we will check access for VIEW (=read) only, we skip checks if TASK Variable is set,
// the edit() or add() or other controller task, will be responsible for checking permissions.
if ( @$this->_item->id // not new item
&& !JRequest::getVar('task', false) // skip various task checked at the controller
&& JRequest::getVar('view')==FLEXI_ITEMVIEW // must be in item(s) view
)
{
//*************************************************************
// STEP A: Calculate ownership, edit permission and read access
// (a) isOwner, (b) canedititem, (c) canviewitem
//*************************************************************
// (a) Calculate if owned by current user
$isOwner = $this->_item->created_by== $user->get('id');
// (b) Calculate edit access ...
// NOTE: we will allow view access if current user can edit the item (but set a warning message about it, see bellow)
if (FLEXI_J16GE) {
$canedititem = $params->get('access-edit');
$caneditstate = $params->get('access-edit-state');
} else if ($user->gid >= 25) {
$canedititem = true;
$caneditstate = true;
} else if (FLEXI_ACCESS) {
$rights = FAccess::checkAllItemAccess('com_content', 'users', $user->gmid, $this->_item->id, $this->_item->catid );
$canedititem = in_array('edit', $rights) || (in_array('editown', $rights) && $isOwner);
$caneditstate = in_array('publish', $rights) || (in_array('publish', $rights) && $isOwner);
} else {
$canedititem = $user->authorize('com_content', 'edit', 'content', 'all') || ($user->authorize('com_content', 'edit', 'content', 'own') && $isOwner);
$caneditstate = $user->authorize('com_content', 'publish', 'content', 'all');
}
if (!$caneditstate) {
// Item not editable, check if item is editable till logoff
if ( $session->has('rendered_uneditable', 'flexicontent') ) {
$rendered_uneditable = $session->get('rendered_uneditable', array(),'flexicontent');
$canedititem = isset($rendered_uneditable[$model->get('id')]);
}
}
// (c) Calculate read access ...
if (FLEXI_J16GE) {
$canviewitem = $params->get('access-view');
} else if ($user->gid >= 25) {
$canviewitem = true;
} else {
//$has_item_access = FLEXI_ACCESS ? FAccess::checkAllItemReadAccess('com_content', 'read', 'users', $user->gmid, 'item', $this->_item->id) : $this->_item->access <= $aid;
//$has_mcat_access = FLEXI_ACCESS ? FAccess::checkAllItemReadAccess('com_content', 'read', 'users', $user->gmid, 'category', $this->_item->catid) : $this->_item->category_access <= $aid;
//$has_type_access = ... must do SQL query, because No FLEXIaccess support via checkAllItemReadAccess() function
//$canviewitem = $has_item_access && $has_type_access && $has_mcat_access;
$canviewitem = $this->_item->has_item_access &&
(!$this->_item->catid || $this->_item->has_mcat_access) && (!$this->_item->type_id || $this->_item->has_type_access);
}
// *********************************************************************************
// STEP B: Calculate SOME ITEM PUBLICATION STATE FLAGS, used to decide if current item is active
// FLAGS: item_is_published, item_is_scheduled, item_is_expired, cats_are_published
// *********************************************************************************
$item_is_published = $this->_item->state == 1 || $this->_item->state == -5 || $this->_item->state == (FLEXI_J16GE ? 2:-1);
$item_is_scheduled = $this->_item->publication_scheduled;
$item_is_expired = $this->_item->publication_expired;
if ( $cid )
{
// cid is set, check state of current item category only
// NOTE: J1.6+ all ancestor categories from current one to the root, for J1.5 only the current one ($cid)
if ( FLEXI_J16GE && !isset($this->_item->ancestor_cats_published) ) {
$ancestor_cats_published = true;
foreach($globalcats[$cid]->ancestorsarray as $pcid) $ancestor_cats_published = $ancestor_cats_published && ($globalcats[$pcid]->published==1);
$this->_item->ancestor_cats_published = $ancestor_cats_published;
}
$cats_are_published = FLEXI_J16GE ? $this->_item->ancestor_cats_published : $this->_item->catpublished;
$cats_np_err_mssg = JText::sprintf('FLEXI_CONTENT_UNAVAILABLE_ITEM_CURRCAT_UNPUBLISHED', $cid);
}
else
{
// cid is not set, we have no current category, the item is visible if it belongs to at one published category
$itemcats = $this->_item->categories;
$cats_are_published = true;
foreach ($itemcats as $catid) {
$cats_are_published |= $globalcats[$catid]->published;
if (FLEXI_J16GE) { // For J1.6+ check all ancestor categories from current one to the root
foreach($globalcats[$catid]->ancestorsarray as $pcid) $cats_are_published = $cats_are_published && ($globalcats[$pcid]->published==1);
}
}
$cats_np_err_mssg = JText::_('FLEXI_CONTENT_UNAVAILABLE_ITEM_ALLCATS_UNPUBLISHED');
}
// Calculate if item is active ... and viewable is also it's (current or All) categories are published
$preview = JRequest::getVar('preview', 0, 'request', 'int' ); // Get if trying to preview the item
$version = JRequest::getVar('version', 0, 'request', 'int' ); // Get item version to load
$item_active = $item_is_published && !$item_is_scheduled && !$item_is_expired;
$item_n_cat_active = $item_active && $cats_are_published;
$previewing_and_unlogged = (($preview || $version) && $user->guest); // this is a flag indicates to redirect to login instead of 404 error
$ignore_publication = $canedititem || $caneditstate || $isOwner || $previewing_and_unlogged;
$inactive_notice_set = false;
$item_state_pending = $this->_item->state == -3;
$item_state_draft = $this->_item->state == -4;
//***********************************************************************************************************************
// STEP C: CHECK item state, if publication state is not ignored terminate with 404 NOT found, otherwise add a notice
// NOTE: Asking all users to login when item is not active maybe wrong approach, so instead we raise 404 error, but we
// will ask them to login only if previewing a latest or specific version (so ignore publication FLAG includes this case)
// (a) Check that item is PUBLISHED (1,-5) or ARCHIVED (-1)
// (b) Check that item has expired publication date
// (c) Check that item has scheduled publication date
// (d) Check that current item category or all items categories are published
//***********************************************************************************************************************
// (a) Check that item is PUBLISHED (1,-5) or ARCHIVED (-1)
if ( !$caneditstate && ($item_state_pending || $item_state_draft) && $isOwner ) {
// SPECIAL workflow case, regardless of (view/edit privilege), allow users to view unpublished owned content, (a) if waiting for approval, or (b) if can request approval
$inactive_notice_set = true;
} else if ( !$item_is_published && !$ignore_publication ) {
// Raise error that the item is unpublished
$msg = JText::_('FLEXI_CONTENT_UNAVAILABLE_ITEM_UNPUBLISHED') . $title_str;
if (FLEXI_J16GE) throw new Exception($msg, 404); else JError::raiseError(404, $msg);
} else if ( !$item_is_published && !$inactive_notice_set ) {
// Item edittable, set warning that ...
JError::raiseNotice( 404, JText::_('FLEXI_CONTENT_UNAVAILABLE_ITEM_UNPUBLISHED') );
$inactive_notice_set = true;
}
// NOTE: First, we check for expired publication, since if item expired, scheduled publication is meaningless
// (b) Check that item has expired publication date
if ( $item_is_expired && !$ignore_publication ) {
// Raise error that the item is scheduled for publication
$msg = JText::_('FLEXI_CONTENT_UNAVAILABLE_ITEM_EXPIRED') . $title_str;
if (FLEXI_J16GE) throw new Exception($msg, 404); else JError::raiseError(404, $msg);
} else if ( $item_is_expired && !$inactive_notice_set ) {
// Item edittable, set warning that ...
JError::raiseNotice( 404, JText::_('FLEXI_CONTENT_UNAVAILABLE_ITEM_EXPIRED') );
$inactive_notice_set = true;
}
// (c) Check that item has scheduled publication date
if ( $item_is_scheduled && !$ignore_publication ) {
// Raise error that the item is scheduled for publication
$msg = JText::_('FLEXI_CONTENT_UNAVAILABLE_ITEM_SCHEDULED') . $title_str;
if (FLEXI_J16GE) throw new Exception($msg, 404); else JError::raiseError(404, $msg);
} else if ( $item_is_scheduled && !$inactive_notice_set ) {
// Item edittable, set warning that ...
JError::raiseNotice( 404, JText::_('FLEXI_CONTENT_UNAVAILABLE_ITEM_SCHEDULED') );
$inactive_notice_set = true;
}
// (d) Check that current item category or all items categories are published
if ( !$cats_are_published && !$ignore_publication ) {
// Terminate execution with a HTTP not-found Server Error
$msg = $cats_np_err_mssg . $title_str;
if (FLEXI_J16GE) throw new Exception($msg, 404); else JError::raiseError(404, $msg);
} else if( !$cats_are_published && !$inactive_notice_set ) {
// Item edittable, set warning that item's (ancestor) category is unpublished
JError::raiseNotice( 404, $cats_np_err_mssg );
$inactive_notice_set = true;
}
//*******************************************************************************************
// STEP D: CHECK viewing access in relation to if user being logged and being owner / editor
// (a) redirect user previewing a non-current item version, to either current item version or to refer if has no edit permission
// (b) redirect item owner to previous page if user has no access (read/edit) to the item
// (c) redirect unlogged user to login, so that user can possible login to privileged account
// (d) redirect unauthorized logged user to the unauthorized page (if this is set)
// (e) finally raise a 403 forbidden Server Error if user is unauthorized to access item
//*******************************************************************************************
// SPECIAL case when previewing an non-current version of an item, this is allowed only if user can edit the item
$current_version = FLEXIUtilities::getCurrentVersions($this->_id, true); // Get current item version
if ( $version && $version!=$current_version && !$canedititem && !$previewing_and_unlogged )
{
// (a) redirect user previewing a non-current item version, to either current item version or to refer if has no edit permission
JError::raiseNotice(403, JText::_('FLEXI_ALERTNOTAUTH_PREVIEW_UNEDITABLE')."<br />". JText::_('FLEXI_ALERTNOTAUTH_TASK') );
if ( $item_n_cat_active && $canviewitem ) {
$app->redirect(JRoute::_(FlexicontentHelperRoute::getItemRoute($this->_item->slug, $this->_item->categoryslug, 0, $this->_item)));
} else {
$app->redirect($referer); // Item not viewable OR no view access, redirect to refer page
}
}
// SPECIAL cases for inactive item
else if ( !$item_n_cat_active && !$previewing_and_unlogged ) {
if ( !$caneditstate && ($item_state_pending || $item_state_draft) && $isOwner )
{
// no redirect, SET message to owners, to wait for approval or to request approval of their content
$app->enqueueMessage(JText::_( $item_state_pending ? 'FLEXI_ALERT_VIEW_OWN_PENDING_STATE' : 'FLEXI_ALERT_VIEW_OWN_DRAFT_STATE' ), 'notice');
}
else if ( !$canedititem && !$caneditstate && $isOwner )
{
// (b) redirect item owner to previous page if user cannot access (read/edit) the item
JError::raiseNotice(403, JText::_( $item_state_pending ? 'FLEXI_ALERTNOTAUTH_VIEW_OWN_PENDING' : 'FLEXI_ALERTNOTAUTH_VIEW_OWN_UNPUBLISHED' ) );
$app->redirect($referer);
}
else if ( $canedititem || $caneditstate )
{
// no redirect, SET notice to the editors, that they are viewing unreadable content because they can edit the item
$app->enqueueMessage(JText::_('FLEXI_CONTENT_ACCESS_ALLOWED_BECAUSE_EDITABLE_PUBLISHABLE'), 'notice');
} else {
$app->enqueueMessage( 'INTERNAL ERROR: item inactive but checks were ignored despite current user not begin item owner or item assigned editor', 'notice');
$app->redirect($referer);
}
}
// Cases for non-viewable and non-editable item
else if ( !$canviewitem && !$canedititem )
{
if($user->guest) {
// (c) redirect unlogged user to login, so that user can possible login to privileged account
$uri = JFactory::getURI();
$return = $uri->toString();
$com_users = FLEXI_J16GE ? 'com_users' : 'com_user';
$url = $cparams->get('login_page', 'index.php?option='.$com_users.'&view=login');
$return = strtr(base64_encode($return), '+/=', '-_,');
$url .= '&return='.$return;
//$url .= '&return='.base64_encode($return);
$url .= '&fcreturn='.base64_encode($fcreturn);
JError::raiseWarning( 403, JText::sprintf("FLEXI_LOGIN_TO_ACCESS", $url));
$app->redirect( $url );
} else {
$msg = JText::_( 'FLEXI_ALERTNOTAUTH_VIEW');
$msg .= $item->type_id && !$item->has_type_access ? "<br/>".JText::_("FLEXI_ALERTNOTAUTH_VIEW_TYPE") : '';
$msg .= $item->catid && !$item->has_mcat_access ? "<br/>".JText::_("FLEXI_ALERTNOTAUTH_VIEW_MCAT") : '';
if ($cparams->get('unauthorized_page', '')) {
// (d) redirect unauthorized logged user to the unauthorized page (if this is set)
JError::raiseNotice( 403, $msg);
$app->redirect($cparams->get('unauthorized_page'));
} else {
// (e) finally raise a 403 forbidden Server Error if user is unauthorized to access item
if (FLEXI_J16GE) throw new Exception($msg, 403); else JError::raiseError(403, $msg);
}
}
}
// User can read item and item is active, no further actions
else {
}
} // End of Existing item (not new)
}
/**
* Method to check if we can remove an item
* return false if the user doesn't have rights to do it
*
* @access public
* @return boolean True on success
* @since 1.5
*/
function candelete($cid = array())
{
$user = JFactory::getUser();
if (FLEXI_J16GE) {
// Not needed we will check individual item's permissions
//$permission = FlexicontentHelperPerm::getPerm();
} else {
if ($user->gid > 24) {
// Return true for super administrators
return true;
} else {
if (!FLEXI_ACCESS) {
// Return true if flexi_access component is not used,
// since all backend user groups can delete content (manager, administrator, super administrator)
return true;
}
}
}
$n = count($cid);
if ($n) {
$query = 'SELECT id, catid, created_by FROM #__content' . ' WHERE id IN ( ' . implode(',', $cid) . ' )';
$this->_db->setQuery($query);
$items = $this->_db->loadObjectList();
// This is not needed since functionality is already included in checkAllItemAccess() ???
//if (FLEXI_ACCESS) {
//$canDeleteAll = FAccess::checkAllContentAccess('com_content','delete','users',$user->gmid,'content','all');
//$canDeleteOwnAll = FAccess::checkAllContentAccess('com_content','deleteown','users',$user->gmid,'content','all');
//}
foreach ($items as $item) {
if (FLEXI_J16GE) {
$rights = FlexicontentHelperPerm::checkAllItemAccess($user->id, 'item', $item->id);
$canDelete = in_array('delete', $rights);
$canDeleteOwn = in_array('delete.own', $rights) && $item->created_by == $user->id;
} else {
if (FLEXI_ACCESS) {
$rights = FAccess::checkAllItemAccess('com_content', 'users', $user->gmid, $item->id, $item->catid);
$canDelete = in_array('delete', $rights);
$canDeleteOwn = in_array('deleteown', $rights) && $item->created_by == $user->id;
} else {
// This should be unreachable
return true;
}
}
if (!$canDelete && !$canDeleteOwn) {
return false;
}
}
return true;
}
}
/**
* Cancels an edit item operation
*
* @access public
* @since 1.0
*/
function cancel()
{
// Check for request forgeries
JRequest::checkToken( 'request' ) or jexit( 'Invalid Token' );
// Initialize some variables
$user = JFactory::getUser();
$session = JFactory::getSession();
$dolog = JComponentHelper::getParams( 'com_flexicontent' )->get('print_logging_info');
// Get an item model
$model = $this->getModel(FLEXI_ITEMVIEW);
// CHECK-IN the item if user can edit
if ($model->get('id') > 1)
{
if (FLEXI_J16GE) {
$asset = 'com_content.article.' . $model->get('id');
$canEdit = $user->authorise('core.edit', $asset) || ($user->authorise('core.edit.own', $asset) && $model->get('created_by') == $user->get('id'));
// ALTERNATIVE 1
//$canEdit = $model->getItemAccess()->get('access-edit'); // includes privileges edit and edit-own
// ALTERNATIVE 2
//$rights = FlexicontentHelperPerm::checkAllItemAccess($user->get('id'), 'item', $model->get('id'));
//$canEdit = in_array('edit', $rights) || (in_array('edit.own', $rights) && $model->get('created_by') == $user->get('id')) ;
} else if ($user->gid >= 25) {
$canEdit = true;
} else if (FLEXI_ACCESS) {
$rights = FAccess::checkAllItemAccess('com_content', 'users', $user->gmid, $model->get('id'), $model->get('catid'));
$canEdit = in_array('edit', $rights) || (in_array('editown', $rights) && $model->get('created_by') == $user->get('id')) ;
} else {
$canEdit = $user->authorize('com_content', 'edit', 'content', 'all') || ($user->authorize('com_content', 'edit', 'content', 'own') && $model->get('created_by') == $user->get('id'));
}
if ( !$canEdit ) {
// No edit privilege, check if item is editable till logoff
if ($session->has('rendered_uneditable', 'flexicontent')) {
$rendered_uneditable = $session->get('rendered_uneditable', array(),'flexicontent');
$canEdit = isset($rendered_uneditable[$model->get('id')]) && $rendered_uneditable[$model->get('id')];
}
}
if ($canEdit) $model->checkin();
}
// since the task is cancel, we go back to the form referer
$referer = JRequest::getString('referer', JURI::base(), 'post');
// Check that referer URL is 'safe' (allowed) , e.g. not an offsite URL, otherwise for returning to HOME page
if ( ! flexicontent_html::is_safe_url($referer) ) {
if ( $dolog ) JFactory::getApplication()->enqueueMessage( 'refused redirection to possible unsafe URL: '.$referer, 'notice' );
$referer = JURI::base();
}
$this->setRedirect($referer);
}
/**
* Calculates the user permission on the given item
*
* @since 1.0
*/
function _getItemPerms(&$item, &$type)
{
$user = JFactory::getUser();
// get current user\
$isOwner = $item->created_by == $user->get('id');
$perms = array();
$permission = FlexicontentHelperPerm::getPerm();
$perms['isSuperAdmin'] = $permission->SuperAdmin;
$perms['multicat'] = $permission->MultiCat;
$perms['cantags'] = $permission->CanUseTags;
$perms['canparams'] = $permission->CanParams;
$perms['cantemplates'] = $permission->CanTemplates;
$perms['canarchive'] = $permission->CanArchives;
$perms['canright'] = $permission->CanRights;
$perms['canacclvl'] = $permission->CanAccLvl;
$perms['canversion'] = $permission->CanVersion;
// J2.5+ specific
if (FLEXI_J16GE) {
$perms['editcreationdate'] = $permission->EditCreationDate;
}
//else if (FLEXI_ACCESS) $perms['editcreationdate'] = ($user->gid < 25) ? FAccess::checkComponentAccess('com_flexicontent', 'editcreationdate', 'users', $user->gmid) : 1;
//else $perms['editcreationdate'] = ($user->gid >= 25);
// Get general edit/publish/delete permissions (we will override these for existing items)
$perms['canedit'] = $permission->CanEdit || $permission->CanEditOwn;
$perms['canpublish'] = $permission->CanPublish || $permission->CanPublishOwn;
$perms['candelete'] = $permission->CanDelete || $permission->CanDeleteOwn;
$perms['canchange_cat'] = $permission->CanChangeCat;
$perms['canchange_seccat'] = $permission->CanChangeSecCat;
$perms['canchange_featcat'] = $permission->CanChangeFeatCat;
// OVERRIDE global with existing item's atomic settings
if ($item->id) {
if (FLEXI_J16GE) {
$asset = 'com_content.article.' . $item->id;
$perms['canedit'] = $user->authorise('core.edit', $asset) || $user->authorise('core.edit.own', $asset) && $isOwner;
$perms['canpublish'] = $user->authorise('core.edit.state', $asset) || $user->authorise('core.edit.state.own', $asset) && $isOwner;
$perms['candelete'] = $user->authorise('core.delete', $asset) || $user->authorise('core.delete.own', $asset) && $isOwner;
} else {
if (FLEXI_ACCESS) {
$rights = FAccess::checkAllItemAccess('com_content', 'users', $user->gmid, $item->id, $item->catid);
$perms['canedit'] = $user->gid < 25 ? in_array('editown', $rights) && $isOwner || in_array('edit', $rights) : 1;
$perms['canpublish'] = $user->gid < 25 ? in_array('publishown', $rights) && $isOwner || in_array('publish', $rights) : 1;
$perms['candelete'] = $user->gid < 25 ? in_array('deleteown', $rights) && $isOwner || in_array('delete', $rights) : 1;
// Only FLEXI_ACCESS has per item rights permission
$perms['canright'] = $user->gid < 25 ? in_array('right', $rights) : 1;
} else {
// J1.5 permissions with no FLEXIaccess are only general, no item specific permissions
}
}
}
if ($type->id) {
if (FLEXI_J16GE) {
$perms['canchange_cat'] = $user->authorise('flexicontent.change.cat', 'com_flexicontent.type.' . $type->id);
$perms['canchange_seccat'] = $user->authorise('flexicontent.change.cat.sec', 'com_flexicontent.type.' . $type->id);
$perms['canchange_featcat'] = $user->authorise('flexicontent.change.cat.feat', 'com_flexicontent.type.' . $type->id);
}
}
return $perms;
}
function save_import()
{
// Check for request forgeries
//JRequest::checkToken() or jexit( 'Invalid Token' );
//mara
$arr_countries = array('AL' => 'Albania',
'AM' => 'Armenia' ,
'ARG' =>'Argentina' ,
'AU' => 'Australia' ,
'AUT' => 'Austria' ,
'AZ' =>'Azerbaidjan' ,
'BEL' => 'Belgium' ,
'BGD' => 'Bangladesh' ,
'BLG' => 'Bulgaria' ,
'BLR' => 'Belarus' ,
'BOS' => 'Bosnia-Herzegovina' ,
'BRA' => 'Brazil' ,
'CAN' => 'Canada' ,
'CB' => 'Cuba' ,
'CHE' => 'Switzerland' ,
'CHI' => 'China' ,
'CHL' => 'Chile' ,
'CS' => 'Czech Republic' ,
'DEU' => 'Germany' ,
'DNK' => 'Denmark' ,
'EGP' => 'Egypt' ,
'EST' => 'Estonia' ,
'FIN' => 'Finland' ,
'FRA' => 'France' ,
'GBR' => 'Great Britain' ,
'GBRUSA' => 'Great Britain' ,
'GEO' => 'Georgia' ,
'GR' => 'Greece' ,
'HK' => 'Hong Kong' ,
'HOR' => 'Croatia' ,
'HUN' => 'Hungary' ,
'IDZ' => 'Indonesia' ,
'IND' => 'India' ,
'IOR' => 'Jordan' ,
'IRA' => 'Iran' ,
'IRL' => 'Ireland' ,
'ISL' => 'Iceland' ,
'ISR' => 'Israel' ,
'ITA' => 'Italy' ,
'JPN' => 'Japan' ,
'KAZ' => 'Kazakhstan' ,
'KGZ' => 'Kyrgyzstan' ,
'KIP' => 'Cyprus' ,
'LAT' => 'Latvia' ,
'LIT' => 'Lithuania' ,
'LUX' => 'Luxembourg' ,
'MAK' => 'Macedonia' ,
'ME' => 'Montenegro' ,
'MEK' => 'Mexico' ,
'MLT' => 'Malta' ,
'MOL' => 'Moldavia' ,
'MON' => 'Monaco' ,
'NID' => 'Netherlands' ,
'NOR' => 'Norway' ,
'PAK' => 'Pakistan' ,
'POL' => 'Poland' ,
'PORT' => 'Portugal' ,
'PR' => 'Puerto Rico' ,
'PS' => 'Palestinian Territory' ,
'RS' => 'Serbia' ,
'RUM' => 'Romania' ,
'RUS' => 'Russian Federation' ,
'SA' => 'Saudi Arabia' ,
'SCH' => 'Serbia' ,
'SGP' => 'Singapore' ,
'SHE' => 'Switzerland' ,
'SKO' => 'South Korea' ,
'SLO' => 'Slovenia' ,
'SLR' => 'Slovak Republic' ,
'SM' => 'San Marino' ,
'SPN' => 'Spain' ,
'SWE' => 'Sweden' ,
'SYR' => 'Syria' ,
'TA' => 'Thailand' ,
'TUR' => 'Turkey' ,
'UAR' => 'South Africa' ,
'UGS' => 'Serbia' ,
'UKR' => 'Ukraine' ,
'unk' => 'Unknown' ,
'USA' => 'United States' ,
'USAFRA' => 'United States' ,
'Uzb' => 'Uzbekistan' ,
'VTN' => 'Vietnam');
mysql_connect('localhost', 'root', 'staSPE8e');
mysql_select_db('vidal');
mysql_query("SET NAMES utf8");
$query = "SELECT pa.ATCCode,m.LatName,n.NozologyCode,Document.DocumentID,"
."Document.RusName,Document.EngName,Document.CompiledComposition,Document.PhInfluence,Document.PhKinetics,"
."Document.Dosage,Document.OverDosage,Document.Interaction,Document.Lactation,Document.SideEffects,"
."Document.StorageCondition,Document.Indication,Document.ContraIndication,Document.SpecialInstruction "
. "FROM Document"
." LEFT JOIN Document_IndicNozology as n ON Document.DocumentID = n.DocumentID"
." LEFT JOIN Molecule_Document as md ON md.DocumentID = Document.DocumentID"
." LEFT JOIN Molecule as m ON m.MoleculeID = md.MoleculeID"
." LEFT JOIN Product_Document as pd ON pd.DocumentID = Document.DocumentID"
." LEFT JOIN Product_ATC as pa ON pd.ProductID = pa.ProductID"
." GROUP BY Document.DocumentID";
$result = mysql_query($query) or die(mysql_error());
while($all = mysql_fetch_array($result)){
// Initialize variables
$app = JFactory::getApplication();
$db = JFactory::getDBO();
$user = JFactory::getUser();
$menu = $app->getMenu()->getActive();
$config = JFactory::getConfig();
$session = JFactory::getSession();
$task = JRequest::getVar('task');
$model = $this->getModel(FLEXI_ITEMVIEW);
$isnew = !$model->getId();
$ctrl_task = FLEXI_J16GE ? 'task=items.' : 'controller=items&task=';
$fc_params = JComponentHelper::getParams( 'com_flexicontent' );
$dolog = $fc_params->get('print_logging_info');
// Get the COMPONENT only parameters
$comp_params = JComponentHelper::getComponent('com_flexicontent')->params;
$params = FLEXI_J16GE ? clone ($comp_params) : new JParameter( $comp_params ); // clone( JComponentHelper::getParams('com_flexicontent') );
// Merge the type parameters
$tparams = $model->getTypeparams();
$tparams = FLEXI_J16GE ? new JRegistry($tparams) : new JParameter($tparams);
$params->merge($tparams);
// Merge the menu parameters
if ($menu) {
$menu_params = FLEXI_J16GE ? $menu->params : new JParameter($menu->params);
$params->merge($menu_params);
}
// Get needed parameters
$submit_redirect_url_fe = $params->get('submit_redirect_url_fe', '');
$allowunauthorize = $params->get('allowunauthorize', 0);
$data = array();
$data['title'] = $all['RusName'];
//content
$data['text'] = $all['CompiledComposition'].$all['PhInfluence'].$all['PhKinetics'].$all['Dosage'].$all['OverDosage'].$all['Interaction'].$all['Lactation'].$all['SideEffects'].$all['StorageCondition'].$all['Indication'].$all['ContraIndication'].$all['SpecialInstruction'];
$data['state'] = 1;
$data['catid'] = 45;
$data['type_id'] = 2;
$data['id'] = 0;
//insert into content
//flexicontent_fields_item_relations
//15 field RusName EngName
//19 field Zabolev
$zab = '';
if($all['NozologyCode']){
$tmp = $all['NozologyCode'];
$zab_cif = substr($tmp,1,2);
$alpha = substr($tmp,0,1);
switch($alpha){
case 'A' : $zab = 'A00–B99'; break;
case 'B' : $zab = 'A00–B99';break;
case 'C' : $zab = 'C00–D48';break;
case 'D' : $zab = $zab_cif <= 48 ? 'C00–D48' : 'D50–D89';break;
case 'E' : $zab = 'E00–E90';break;
case 'F' : $zab = 'F00–F99';break;
case 'G' : $zab = 'G00–G99';break;
case 'H' : $zab = $zab_cif <= 59 ? 'H00–H59' : 'H60–H95';break;
case 'I' : $zab = 'I00–I99';break;
case 'J' : $zab = 'J00–J99';break;
case 'K' : $zab = 'K00–K93';break;
case 'L' : $zab = 'L00–L99';break;
case 'M' : $zab = 'M00–M99';break;
case 'N' : $zab = 'N00–N99';break;
case 'O' : $zab = 'O00–O99';break;
case 'P' : $zab = 'P00–P96'; break;
case 'R' : $zab = 'R00–R99'; break;
case 'S' : $zab = 'S00–T98'; break;
case 'V' : $zab = 'V01–Y98';break;
case 'Z' : $zab = 'Z00–Z99';break;
case 'U' : $zab = 'U00–U99'; break;
default: $zab = '';
}
}
$custom = array();
$custom['zabolevanie'] = $zab;
$custom['field24'] = $all['ATCCode'];
/*$custom['field24_1'] = '';
$custom['field24_2'] = '';
$custom['field24_3'] = '';
$custom['field24_4'] = '';
$custom['field24_5'] = '';*/
$custom['preparat'][0] = addslashes($all['RusName']);
$custom['preparat'][1] = addslashes($all['EngName']);
$custom['field22'][0] = addslashes($all['LatName']);
$query = "SELECT p.DateOfCloseRegistration, p.RegistrationNumber, p.Composition, p.ZipInfo, "
." c.LocalName, c.CountryCode "
. "FROM Product as p"
." JOIN Product_Company as pc ON pc.ProductID = p.ProductID"
." JOIN Company as c ON c.CompanyID = pc.CompanyID"
." JOIN Product_Document d ON d.ProductID = p.ProductID"
." WHERE d.DocumentID = ".$all['DocumentID'];
$result1 = mysql_query($query) or die(mysql_error());
$field_pr = array();
$z = 0;
while($proizv = mysql_fetch_array($result1)){
if(isset($arr_countries[$proizv['CountryCode']])){
$custom['field21'][0]['country'][$z] = addslashes($arr_countries[$proizv['CountryCode']]);
$custom['field21'][0]['naimen'][$z] = addslashes($proizv['LocalName']);//."<br />".$proizv['Composition']);
$custom['field21'][0]['vypusk'][$z] = addslashes($proizv['ZipInfo']);
$custom['field21'][0]['reg'][$z] = addslashes($proizv['RegistrationNumber']);
$custom['field21'][0]['date'][$z] = addslashes($proizv['DateOfCloseRegistration']);
}
$z++;
}
// *********************
// Get data from request
// *********************
if (FLEXI_J16GE) {
// Retrieve form data these are subject to basic filtering
// $data = JRequest::getVar('jform', array(), 'post', 'array'); // Core Fields and and item Parameters
// $custom = JRequest::getVar('custom', array(), 'post', 'array'); // Custom Fields
$jfdata = JRequest::getVar('jfdata', array(), 'post', 'array'); // Joomfish Data
if ( ! @ $data['rules'] ) $data['rules'] = array();
}
else {
// Retrieve form data these are subject to basic filtering
$data = JRequest::get( 'post' ); // Core & Custom Fields and item Parameters
}
// Set data id into model in case not already set ?
$model->setId((int) $data['id']);
// *************************************
// ENFORCE can change category ACL perms
// *************************************
$perms = FlexicontentHelperPerm::getPerm();
// Per content type change category permissions
if (FLEXI_J16GE) {
$current_type_id = ($isnew || !$model->get('type_id')) ? $data['type_id'] : $model->get('type_id'); // GET current (existing/old) item TYPE ID
$CanChangeFeatCat = $user->authorise('flexicontent.change.cat.feat', 'com_flexicontent.type.' . $current_type_id);
$CanChangeSecCat = $user->authorise('flexicontent.change.cat.sec', 'com_flexicontent.type.' . $current_type_id);
$CanChangeCat = $user->authorise('flexicontent.change.cat', 'com_flexicontent.type.' . $current_type_id);
} else {
$CanChangeFeatCat = 1;
$CanChangeSecCat = 1;
$CanChangeCat = 1;
}
$featured_cats_parent = $params->get('featured_cats_parent', 0);
$featured_cats = array();
$enable_featured_cid_selector = $perms->MultiCat && $CanChangeFeatCat;
$enable_cid_selector = $perms->MultiCat && $CanChangeSecCat;
$enable_catid_selector = ($isnew && !$tparams->get('catid_default')) || (!$isnew && !$model->get('catid')) || $CanChangeCat;
// Enforce maintaining featured categories
$featured_cats_parent = $params->get('featured_cats_parent', 0);
$featured_cats = array();
if ( $featured_cats_parent && !$enable_featured_cid_selector )
{
$featured_tree = flexicontent_cats::getCategoriesTree($published_only=1, $parent_id=$featured_cats_parent, $depth_limit=0);
$featured_cid = array();
if (!$isnew) {
foreach($model->get('categories') as $item_cat) if (isset($featured_tree[$item_cat])) $featured_cid[] = $item_cat;
}
$data['featured_cid'] = $featured_cid;
}
// Enforce maintaining secondary categories
if (!$enable_cid_selector) {
if ($isnew) {
$data['cid'] = $tparams->get('cid_default');
} else if ( isset($featured_cid) ) {
$featured_cid_arr = array_flip($featured_cid);
$sec_cid = array();
foreach($model->get('cats') as $item_cat) if (!isset($featured_cid_arr[$item_cat])) $sec_cid[] = $item_cat;
$data['cid'] = $sec_cid;
} else {
$data['cid'] = $model->get('cats');
}
}
if (!$enable_catid_selector) {
if ($isnew && $tparams->get('catid_default'))
$data['catid'] = $tparams->get('catid_default');
else if ($model->get('catid'))
$data['catid'] = $model->get('catid');
}
// **************************
// Basic Form data validation
// **************************
if (FLEXI_J16GE)
{
// *** MANUALLY CHECK CAPTCHA ***
$use_captcha = $params->get('use_captcha', 1); // 1 for guests, 2 for any user
$captcha_formop = $params->get('captcha_formop', 0); // 0 for submit, 1 for submit/edit (aka always)
$is_submitop = ((int) $data['id']) == 0;
$display_captcha = $use_captcha >= 2 || ( $use_captcha == 1 && $user->guest );
$display_captcha = $display_captcha && ( $is_submitop || $captcha_formop); // for submit operation we do not need to check 'captcha_formop' ...
if ($display_captcha)
{
// Try to force the use of recaptcha plugin
JFactory::getConfig()->set('captcha', 'recaptcha');
if ( $app->getCfg('captcha') == 'recaptcha' && JPluginHelper::isEnabled('captcha', 'recaptcha') ) {
JPluginHelper::importPlugin('captcha');
$dispatcher = JDispatcher::getInstance();
$result = $dispatcher->trigger('onCheckAnswer', JRequest::getString('recaptcha_response_field'));
if (!$result[0]) {
$errmsg = JText::_('FLEXI_CAPTCHA_FAILED');
$errmsg .= ' '.JText::_('FLEXI_MUST_REFILL_SOME_FIELDS');
echo "<script>alert('".$errmsg."');";
echo "window.history.back();";
echo "</script>";
jexit();
}
}
}
// Validate Form data for core fields and for parameters
$form = $model->getForm(); // Do not pass any data we only want the form object in order to validate the data and not create a filled-in form
$post = $model->validate($form, $data);
// Check for validation error
if (!$post) {
// Get the validation messages.
$errors = $form->getErrors();
// Push up to three validation messages out to the user.
for ($i = 0, $n = count($errors); $i < $n && $i < 3; $i++) {
if ($errors[$i] instanceof Exception)
$app->enqueueMessage($errors[$i]->getMessage(), 'notice');
else
$app->enqueueMessage($errors[$i], 'notice');
}
// Save the jform data in the session.
$app->setUserState($form->option.'.edit.'.$form->context.'.data', $data);
// Save the custom fields data in the session.
$app->setUserState($form->option.'.edit.'.$form->context.'.custom', $custom);
// Redirect back to the registration form.
$this->setRedirect( $_SERVER['HTTP_REFERER'] );
return false;
//die('error');
}
/*if (!$post) {
//JError::raiseWarning( 500, "Error while validating data: " . $model->getError() );
echo "Error while validating data: " . $model->getError();
echo '<span class="fc_return_msg">'.JText::sprintf('FLEXI_CLICK_HERE_TO_RETURN', '"JavaScript:window.history.back();"').'</span>';
jexit();
}*/
// Some values need to be assigned after validation
$post['attribs'] = @$data['attribs']; // Workaround for item's template parameters being clear by validation since they are not present in item.xml
$post['custom'] = & $custom; // Assign array of custom field values, they are in the 'custom' form array instead of jform
$post['jfdata'] = & $jfdata; // Assign array of Joomfish field values, they are in the 'jfdata' form array instead of jform
// Assign template parameters of the select ilayout as an sub-array (the DB model will handle the merging of parameters)
$ilayout = @ $data['attribs']['ilayout']; // normal not be set if frontend template editing is not shown
if( $ilayout && !empty($data['layouts'][$ilayout]) ) $post['attribs']['layouts'] = $data['layouts'];
//echo "<pre>"; print_r($post['attribs']); exit;
}
else {
$post = $data;
// Some values need to be assigned after validation
$post['text'] = JRequest::getVar( 'text', '', 'post', 'string', JREQUEST_ALLOWRAW ); // Workaround for allowing raw text field
// Assign template parameters of the select ilayout as an sub-array (the DB model will handle the merging of parameters)
$ilayout = @ $post['params']['ilayout']; // normal not be set if frontend template editing is not shown
if( $ilayout && !empty($post['layouts'][$ilayout]) ) $post['params']['layouts'] = $post['layouts'];
//echo "<pre>"; print_r($post['params']); exit;
}
// USEFULL FOR DEBUGING for J2.5 (do not remove commented code)
//$diff_arr = array_diff_assoc ( $data, $post);
//echo "<pre>"; print_r($diff_arr); jexit();
// ********************************************************************************
// PERFORM ACCESS CHECKS, NOTE: we need to check access again, despite having
// checked them on edit form load, because user may have tampered with the form ...
// ********************************************************************************
$type_id = (int) @ $post['type_id']; // Typecast to int, (already done for J2.5 via validating)
if ( !$isnew && $model->get('type_id') == $type_id ) {
// Existing item with Type not being ALTERED, content type can be maintained regardless of privilege
$canCreateType = true;
} else {
// New item or existing item with Type is being ALTERED, check privilege to create items of this type
$canCreateType = $model->canCreateType( array($type_id), true, $types );
}
// ****************************************************************
// Calculate user's privileges on current content item
// ... canPublish IS RECALCULATED after saving, maybe comment out ?
// ****************************************************************
if (!$isnew) {
if (FLEXI_J16GE) {
$asset = 'com_content.article.' . $model->get('id');
$canPublish = $user->authorise('core.edit.state', $asset) || ($user->authorise('core.edit.state.own', $asset) && $model->get('created_by') == $user->get('id'));
$canEdit = $user->authorise('core.edit', $asset) || ($user->authorise('core.edit.own', $asset) && $model->get('created_by') == $user->get('id'));
// ALTERNATIVE 1
//$canEdit = $model->getItemAccess()->get('access-edit'); // includes privileges edit and edit-own
// ALTERNATIVE 2
//$rights = FlexicontentHelperPerm::checkAllItemAccess($user->get('id'), 'item', $model->get('id'));
//$canEdit = in_array('edit', $rights) || (in_array('edit.own', $rights) && $model->get('created_by') == $user->get('id')) ;
} else if ($user->gid >= 25) {
$canPublish = true;
$canEdit = true;
} else if (FLEXI_ACCESS) {
$rights = FAccess::checkAllItemAccess('com_content', 'users', $user->gmid, $model->get('id'), $model->get('catid'));
$canPublish = in_array('publish', $rights) || (in_array('publishown', $rights) && $model->get('created_by') == $user->get('id')) ;
$canEdit = in_array('edit', $rights) || (in_array('editown', $rights) && $model->get('created_by') == $user->get('id')) ;
} else {
$canPublish = $user->authorize('com_content', 'publish', 'content', 'all');
$canEdit = $user->authorize('com_content', 'edit', 'content', 'all') || ($user->authorize('com_content', 'edit', 'content', 'own') && $model->get('created_by') == $user->get('id'));
//$canPublish = ($user->gid >= 21); // At least J1.5 Publisher
//$canEdit = ($user->gid >= 20); // At least J1.5 Editor
}
if ( !$canEdit ) {
// No edit privilege, check if item is editable till logoff
if ($session->has('rendered_uneditable', 'flexicontent')) {
$rendered_uneditable = $session->get('rendered_uneditable', array(),'flexicontent');
$canEdit = isset($rendered_uneditable[$model->get('id')]) && $rendered_uneditable[$model->get('id')];
}
}
} else {
if (FLEXI_J16GE) {
$canAdd = $model->getItemAccess()->get('access-create'); // includes check of creating in at least one category
$not_authorised = !$canAdd;
$canPublish = $user->authorise('core.edit.state', 'com_flexicontent') || $user->authorise('core.edit.state.own', 'com_flexicontent');
} else if ($user->gid >= 25) {
$canAdd = 1;
} else if (FLEXI_ACCESS) {
$canAdd = FAccess::checkUserElementsAccess($user->gmid, 'submit');
$canAdd = @$canAdd['content'] || @$canAdd['category'];
$canPublishAll = FAccess::checkAllContentAccess('com_content','publish','users',$user->gmid,'content','all');
$canPublishOwnAll = FAccess::checkAllContentAccess('com_content','publishown','users',$user->gmid,'content','all');
$canPublish = ($user->gid < 25) ? $canPublishAll || $canPublishOwnAll : 1;
} else {
$canAdd = $user->authorize('com_content', 'add', 'content', 'all');
//$canAdd = ($user->gid >= 19); // At least J1.5 Author
$not_authorised = ! $canAdd;
$canPublish = ($user->gid >= 21);
}
if ( $allowunauthorize ) {
$canAdd = true;
$canCreateType = true;
}
}
// ... we use some strings from administrator part
// load english language file for 'com_flexicontent' component then override with current language file
JFactory::getLanguage()->load('com_flexicontent', JPATH_ADMINISTRATOR, 'en-GB', true);
JFactory::getLanguage()->load('com_flexicontent', JPATH_ADMINISTRATOR, null, true);
// Check for new content
if ( ($isnew && !$canAdd) || (!$isnew && !$canEdit)) {
$msg = JText::_( 'FLEXI_ALERTNOTAUTH' );
if (FLEXI_J16GE) throw new Exception($msg, 403); else JError::raiseError(403, $msg);
}
if ( !$canCreateType ) {
$msg = isset($types[$type_id]) ?
JText::sprintf( 'FLEXI_NO_ACCESS_CREATE_CONTENT_OF_TYPE', JText::_($types[$type_id]->name) ) :
' Content Type '.$type_id.' was not found OR is not published';
if (FLEXI_J16GE) throw new Exception($msg, 403); else JError::raiseError(403, $msg);
return;
}
// Get "BEFORE SAVE" categories for information mail
$before_cats = array();
if ( !$isnew )
{
$query = 'SELECT DISTINCT c.id, c.title FROM #__categories AS c'
. ' JOIN #__flexicontent_cats_item_relations AS rel ON rel.catid = c.id'
. ' WHERE rel.itemid = '.(int) $model->get('id');
$db->setQuery( $query );
$before_cats = $db->loadObjectList('id');
$before_maincat = $model->get('catid');
$original_item = $model->getItem($post['id'], $check_view_access=false, $no_cache=true, $force_version=0);
}
// ****************************************
// Try to store the form data into the item
// ****************************************
if ( ! $model->store($post) )
{
// Set error message about saving failed, and also the reason (=model's error message)
$msg = JText::_( 'FLEXI_ERROR_STORING_ITEM' );
JError::raiseWarning( 500, $msg .": " . $model->getError() );
// Since an error occured, check if (a) the item is new and (b) was not created
if ($isnew && !$model->get('id')) {
$msg = '';
$link = 'index.php?option=com_flexicontent&'.$ctrl_task.'add&id=0&typeid='.$type_id.'&'. (FLEXI_J30GE ? JSession::getFormToken() : JUtility::getToken()) .'=1';
$this->setRedirect($link, $msg);
} else {
$msg = '';
$link = 'index.php?option=com_flexicontent&'.$ctrl_task.'edit&id='.$model->get('id').'&'. (FLEXI_J30GE ? JSession::getFormToken() : JUtility::getToken()) .'=1';
$this->setRedirect($link, $msg);
}
// Saving has failed check-in and return, (above redirection will be used)
$model->checkin();
return;
}
// **************************************************
// Check in model and get item id in case of new item
// **************************************************
$model->checkin();
$post['id'] = $isnew ? (int) $model->get('id') : $post['id'];
// Get items marked as newly submitted
$newly_submitted = $session->get('newly_submitted', array(), 'flexicontent');
if ($isnew) {
// Mark item as newly submitted, to allow to a proper "THANKS" message after final save & close operation (since user may have clicked add instead of add & close)
$newly_submitted[$model->get('id')] = 1;
$session->set('newly_submitted', $newly_submitted, 'flexicontent');
}
$newly_submitted_item = @ $newly_submitted[$model->get('id')];
// ***********************************************************************************************************
// Get newly saved -latest- version (store task gets latest) of the item, and also calculate publish privelege
// ***********************************************************************************************************
$item = $model->getItem($post['id'], $check_view_access=false, $no_cache=true, $force_version=-1);
$canPublish = $model->canEditState( $item, $check_cat_perm=true );
// ********************************************************************************************
// Use session to detect multiple item saves to avoid sending notification EMAIL multiple times
// ********************************************************************************************
$is_first_save = true;
if ($session->has('saved_fcitems', 'flexicontent')) {
$saved_fcitems = $session->get('saved_fcitems', array(), 'flexicontent');
$is_first_save = $isnew ? true : !isset($saved_fcitems[$model->get('id')]);
}
// Add item to saved items of the corresponding session array
$saved_fcitems[$model->get('id')] = $timestamp = time(); // Current time as seconds since Unix epoc;
$session->set('saved_fcitems', $saved_fcitems, 'flexicontent');
// ********************************************
// Get categories added / removed from the item
// ********************************************
$query = 'SELECT DISTINCT c.id, c.title FROM #__categories AS c'
. ' JOIN #__flexicontent_cats_item_relations AS rel ON rel.catid = c.id'
. ' WHERE rel.itemid = '.(int) $model->get('id');
$db->setQuery( $query );
$after_cats = $db->loadObjectList('id');
if ( !$isnew ) {
$cats_added_ids = array_diff(array_keys($after_cats), array_keys($before_cats));
foreach($cats_added_ids as $cats_added_id) {
$cats_added_titles[] = $after_cats[$cats_added_id]->title;
}
$cats_removed_ids = array_diff(array_keys($before_cats), array_keys($after_cats));
foreach($cats_removed_ids as $cats_removed_id) {
$cats_removed_titles[] = $before_cats[$cats_removed_id]->title;
}
$cats_altered = count($cats_added_ids) + count($cats_removed_ids);
$after_maincat = $model->get('catid');
}
// *******************************************************************************************************************
// We need to get emails to notify, from Global/item's Content Type parameters -AND- from item's categories parameters
// *******************************************************************************************************************
$notify_emails = array();
if ( $is_first_save || $cats_altered || $params->get('nf_enable_debug',0) )
{
// Get needed flags regarding the saved items
$approve_version = 2;
$pending_approval_state = -3;
$draft_state = -4;
$current_version = FLEXIUtilities::getCurrentVersions($item->id, true); // Get current item version
$last_version = FLEXIUtilities::getLastVersions($item->id, true); // Get last version (=latest one saved, highest version id),
// $post variables vstate & state may have been (a) tampered in the form, and/or (b) altered by save procedure so better not use them
$needs_version_reviewal = !$isnew && ($last_version > $current_version) && !$canPublish;
$needs_publication_approval = $isnew && ($item->state == $pending_approval_state) && !$canPublish;
$draft_from_non_publisher = $item->state==$draft_state && !$canPublish;
if ($draft_from_non_publisher) {
// Suppress notifications for draft-state items (new or existing ones), for these each author will publication approval manually via a button
$nConf = false;
} else {
// Get notifications configuration and select appropriate emails for current saving case
$nConf = $model->getNotificationsConf($params); //echo "<pre>"; print_r($nConf); "</pre>";
}
if ($nConf)
{
$states_notify_new = $params->get('states_notify_new', array(1,0,(FLEXI_J16GE ? 2:-1),-3,-4,-5));
if ( empty($states_notify_new) ) $states_notify_new = array();
else if ( ! is_array($states_notify_new) ) $states_notify_new = !FLEXI_J16GE ? array($states_notify_new) : explode("|", $states_notify_new);
$states_notify_existing = $params->get('states_notify_existing', array(1,0,(FLEXI_J16GE ? 2:-1),-3,-4,-5));
if ( empty($states_notify_existing) ) $states_notify_existing = array();
else if ( ! is_array($states_notify_existing) ) $states_notify_existing = !FLEXI_J16GE ? array($states_notify_existing) : explode("|", $states_notify_existing);
$n_state_ok = in_array($item->state, $states_notify_new);
$e_state_ok = in_array($item->state, $states_notify_existing);
if ($needs_publication_approval) $notify_emails = $nConf->emails->notify_new_pending;
else if ($isnew && $n_state_ok) $notify_emails = $nConf->emails->notify_new;
else if ($isnew) $notify_emails = array();
else if ($needs_version_reviewal) $notify_emails = $nConf->emails->notify_existing_reviewal;
else if (!$isnew && $e_state_ok) $notify_emails = $nConf->emails->notify_existing;
else if (!$isnew) $notify_emails = array();
if ($needs_publication_approval) $notify_text = $params->get('text_notify_new_pending');
else if ($isnew) $notify_text = $params->get('text_notify_new');
else if ($needs_version_reviewal) $notify_text = $params->get('text_notify_existing_reviewal');
else if (!$isnew) $notify_text = $params->get('text_notify_existing');
//print_r($notify_emails); jexit();
}
}
// *********************************************************************************************************************
// If there are emails to notify for current saving case, then send the notifications emails, but
// *********************************************************************************************************************
if ( !empty($notify_emails) && count($notify_emails) ) {
$notify_vars = new stdClass();
$notify_vars->needs_version_reviewal = $needs_version_reviewal;
$notify_vars->needs_publication_approval = $needs_publication_approval;
$notify_vars->isnew = $isnew;
$notify_vars->notify_emails = $notify_emails;
$notify_vars->notify_text = $notify_text;
$notify_vars->before_cats = $before_cats;
$notify_vars->after_cats = $after_cats;
$notify_vars->original_item = @ $original_item;
$model->sendNotificationEmails($notify_vars, $params, $manual_approval_request=0);
}
// ***************************************************
// CLEAN THE CACHE so that our changes appear realtime
// ***************************************************
if (FLEXI_J16GE) {
$cache = FLEXIUtilities::getCache($group='', 0);
$cache->clean('com_flexicontent_items');
$cache->clean('com_flexicontent_filters');
$cache = FLEXIUtilities::getCache($group='', 1);
$cache->clean('com_flexicontent_items');
$cache->clean('com_flexicontent_filters');
} else {
$itemcache = JFactory::getCache('com_flexicontent_items');
$itemcache->clean();
$filtercache = JFactory::getCache('com_flexicontent_filters');
$filtercache->clean();
}
// ****************************************************************************************************************************
// Recalculate EDIT PRIVILEGE of new item. Reason for needing to do this is because we can have create permission in a category
// and thus being able to set this category as item's main category, but then have no edit/editown permission for this category
// ****************************************************************************************************************************
if (FLEXI_J16GE) {
$asset = 'com_content.article.' . $model->get('id');
$canEdit = $user->authorise('core.edit', $asset) || ($user->authorise('core.edit.own', $asset) && $model->get('created_by') == $user->get('id'));
// ALTERNATIVE 1
//$canEdit = $model->getItemAccess()->get('access-edit'); // includes privileges edit and edit-own
// ALTERNATIVE 2
//$rights = FlexicontentHelperPerm::checkAllItemAccess($user->get('id'), 'item', $model->get('id'));
//$canEdit = in_array('edit', $rights) || (in_array('edit.own', $rights) && $model->get('created_by') == $user->get('id')) ;
} else if (FLEXI_ACCESS && $user->gid < 25) {
$rights = FAccess::checkAllItemAccess('com_content', 'users', $user->gmid, $model->get('id'), $model->get('catid'));
$canEdit = in_array('edit', $rights) || (in_array('editown', $rights) && $model->get('created_by') == $user->get('id')) ;
} else {
// This is meaningful when executed in frontend, since all backend users (managers and above) can edit items
$canEdit = $user->authorize('com_content', 'edit', 'content', 'all') || ($user->authorize('com_content', 'edit', 'content', 'own') && $model->get('created_by') == $user->get('id'));
}
// *******************************************************************************************************
// Check if user can not edit item further (due to changed main category, without edit/editown permission)
// *******************************************************************************************************
if (!$canEdit)
{
if ($task=='apply') {
// APPLY TASK: Temporarily set item to be editable till closing it
$rendered_uneditable = $session->get('rendered_uneditable', array(),'flexicontent');
$rendered_uneditable[$model->get('id')] = 1;
$session->set('rendered_uneditable', $rendered_uneditable, 'flexicontent');
$canEdit = 1;
}
else if ( $newly_submitted_item ) {
// NEW ITEM: Do not use editable till logoff behaviour
// ALSO: Clear editable FLAG set in the case that 'apply' button was used during new item creation
if ( !$params->get('items_session_editable', 0) ) {
$rendered_uneditable = $session->get('rendered_uneditable', array(),'flexicontent');
if ( isset($rendered_uneditable[$model->get('id')]) ) {
unset( $rendered_uneditable[$model->get('id')] );
$session->set('rendered_uneditable', $rendered_uneditable, 'flexicontent');
}
}
}
else {
// EXISTING ITEM: (if enabled) Use the editable till logoff behaviour
if ( $params->get('items_session_editable', 0) ) {
// Set notice for existing item being editable till logoff
JError::raiseNotice( 403, JText::_( 'FLEXI_CANNOT_EDIT_AFTER_LOGOFF' ) );
// Allow item to be editable till logoff
$rendered_uneditable = $session->get('rendered_uneditable', array(),'flexicontent');
$rendered_uneditable[$model->get('id')] = 1;
$session->set('rendered_uneditable', $rendered_uneditable, 'flexicontent');
$canEdit = 1;
}
}
// Set notice about saving an item that cannot be changed further
if ( !$canEdit ) {
$app->enqueueMessage(JText::_( 'FLEXI_CANNOT_MAKE_FURTHER_CHANGES_TO_CONTENT' ), 'message' );
}
}
// ****************************************************************
// Check for new Content Item is being closed, and clear some flags
// ****************************************************************
if ($task!='apply' && $newly_submitted_item )
{
// Clear item from being marked as newly submitted
unset($newly_submitted[$model->get('id')]);
$session->set('newly_submitted', $newly_submitted, 'flexicontent');
// The 'apply' task may set 'editable till logoff' FLAG ...
// CLEAR IT, since NEW content this is meant to be used temporarily
if ( !$params->get('items_session_editable', 0) ) {
$rendered_uneditable = $session->get('rendered_uneditable', array(),'flexicontent');
if ( isset($rendered_uneditable[$model->get('id')]) ) {
unset( $rendered_uneditable[$model->get('id')] );
$session->set('rendered_uneditable', $rendered_uneditable, 'flexicontent');
}
}
}
}
//$this->setRedirect($link, $msg);
}
