function isAllowed($allowedGroups, $groups = null)
{
if ($allowedGroups == 'all') {
return true;
}
if ($allowedGroups == 'none') {
return false;
}
$my = JFactory::getUser();
if (empty($groups) and empty($my->id)) {
return false;
}
if (empty($groups)) {
if (version_compare(JVERSION, '1.6.0', '<')) {
$groups = $my->gid;
} else {
$groups = JAccess::getGroupsByUser($my->id);
}
}
if (!is_array($allowedGroups)) {
$allowedGroups = explode(',', trim($allowedGroups, ','));
}
if (is_array($groups)) {
$inter = array_intersect($groups, $allowedGroups);
if (empty($inter)) {
return false;
}
return true;
} else {
return in_array($groups, $allowedGroups);
}
}
/**
* display method of playjoom view
* @return void
*/
public function display($tpl = null)
{
$dispatcher = JDispatcher::getInstance();
//Get User Objects
$user = JFactory::getUser();
$canDo = PlayJoomHelper::getActions();
// get the Data
$this->form = $this->get('Form');
$this->item = $this->get('Item');
$this->script = $this->get('Script');
$this->OptionsNewCover = $this->get('OptionsNewCover');
// Check for errors.
if (count($errors = $this->get('Errors'))) {
JError::raiseError(500, implode('<br />', $errors));
$dispatcher->trigger('onEventLogging', array(array('method' => __METHOD__ . ":" . __LINE__, 'message' => 'Problem with database query. Error500: ' . implode('<br />', $errors), 'priority' => JLog::ERROR, 'section' => 'admin')));
return false;
}
if ($canDo->get('core.edit') || $canDo->get('core.create') && !JRequest::getVar('id') || JAccess::check($user->get('id'), 'core.admin') == 1) {
// Set the toolbar
$this->addToolBar();
// Display the template
$dispatcher->trigger('onEventLogging', array(array('method' => __METHOD__ . ":" . __LINE__, 'message' => 'Load template for cover viewer.', 'priority' => JLog::INFO, 'section' => 'admin')));
parent::display($tpl);
} else {
$dispatcher->trigger('onEventLogging', array(array('method' => __METHOD__ . ":" . __LINE__, 'message' => 'Can not displaying cover viewer. ' . JText::_('JERROR_ALERTNOAUTHOR'), 'priority' => JLog::WARNING, 'section' => 'admin')));
JError::raiseWarning(404, JText::_('JERROR_ALERTNOAUTHOR'));
}
// Set the document
$this->setDocument();
}
/**
* Overloaded bind function to pre-process the params.
*
* @param array $array Named array
* @param mixed $ignore Optional array or list of parameters to ignore
*
* @return null|string null is operation was satisfactory, otherwise returns an error
*
* @see JTable:bind
* @since 1.5
*/
public function bind($array, $ignore = '')
{
$input = JFactory::getApplication()->input;
$task = $input->getString('task', '');
if (($task == 'save' || $task == 'apply') && (!JFactory::getUser()->authorise('core.edit.state', 'com_autofilter') && $array['state'] == 1)) {
$array['state'] = 0;
}
if ($array['id'] == 0) {
$array['created_by'] = JFactory::getUser()->id;
}
if (isset($array['params']) && is_array($array['params'])) {
$registry = new JRegistry();
$registry->loadArray($array['params']);
$array['params'] = (string) $registry;
}
if (isset($array['metadata']) && is_array($array['metadata'])) {
$registry = new JRegistry();
$registry->loadArray($array['metadata']);
$array['metadata'] = (string) $registry;
}
if (!JFactory::getUser()->authorise('core.admin', 'com_autofilter.categorie.' . $array['id'])) {
$actions = JAccess::getActionsFromFile(JPATH_ADMINISTRATOR . '/components/com_autofilter/access.xml', "/access/section[@name='categorie']/");
$default_actions = JAccess::getAssetRules('com_autofilter.categorie.' . $array['id'])->getData();
$array_jaccess = array();
foreach ($actions as $action) {
$array_jaccess[$action->name] = $default_actions[$action->name];
}
$array['rules'] = $this->JAccessRulestoArray($array_jaccess);
}
// Bind the rules for ACL where supported.
if (isset($array['rules']) && is_array($array['rules'])) {
$this->setRules($array['rules']);
}
return parent::bind($array, $ignore);
}
/**
* Check if a user can administer the community
*/
public static function isCommunityAdmin($userid = null)
{
static $resultArr;
if (isset($resultArr[$userid])) {
return $resultArr[$userid];
}
//for Joomla 1.6 afterward checking
$jUser = CFactory::getUser($userid);
if ($jUser instanceof CUser && method_exists($jUser, 'authorise')) {
// group 6 = manager, 7 = administrator
if ($jUser->authorise('core.admin') || in_array('7', JAccess::getGroupsByUser($userid))) {
$resultArr[$userid] = true;
return true;
} else {
$resultArr[$userid] = false;
return false;
}
}
//for joomla 1.5
$my = CFactory::getUser($userid);
$cacl = CACL::getInstance();
$usergroup = $cacl->getGroupsByUserId($my->id);
$admingroups = array(0 => 'Super Administrator', 1 => 'Administrator', 2 => 'Manager', 3 => 'Super Users');
return in_array($usergroup, $admingroups);
//return ( $my->usertype == 'Super Administrator' || $my->usertype == 'Administrator' || $my->usertype == 'Manager' );
}
/**
* display method of playjoom view
* @return void
*/
public function display($tpl = null)
{
//Get User Objects
$user = JFactory::getUser();
$canDo = PlayJoomHelper::getActions();
// get the Data
$form = $this->get('Form');
$item = $this->get('Item');
$script = $this->get('Script');
// Check for errors.
if (count($errors = $this->get('Errors'))) {
JError::raiseError(500, implode('<br />', $errors));
return false;
}
// Assign the Data
$this->form = $form;
$this->item = $item;
$this->script = $script;
if ($canDo->get('core.edit') || $canDo->get('core.create') && !JRequest::getVar('id') || JAccess::check($user->get('id'), 'core.admin') == 1) {
// Set the toolbar
$this->addToolBar();
// Display the template
parent::display($tpl);
} else {
JError::raiseWarning(404, JText::_('JERROR_ALERTNOAUTHOR'));
}
// Set the document
$this->setDocument();
}
public static function getList(&$params)
{
// Get the dbo
$db = JFactory::getDbo();
// Get an instance of the generic tracks model
$model = JModelLegacy::getInstance('Sections', 'PlayjoomModel', array('ignore_request' => true));
// Set application parameters in model
$app = JFactory::getApplication();
$appParams = $app->getParams();
$model->setState('params', $appParams);
// Set the filters based on the module params
$model->setState('list.start', 0);
$model->setState('list.limit', (int) $params->get('count', 5));
// Access filter
$access = !JComponentHelper::getParams('com_playjoom')->get('show_noauth', 1);
$authorised = JAccess::getAuthorisedViewLevels(JFactory::getUser()->get('id'));
$ordering = 'a.access_datetime';
$dir = 'DESC';
$model->setState('list.ordering', $ordering);
$model->setState('list.direction', $dir);
$items = $model->getItems();
//create item link
foreach ($items as &$item) {
//Check for Trackcontrol
if (JPluginHelper::isEnabled('playjoom', 'trackcontrol') == false) {
$item->link = null;
} else {
$item->link = JRoute::_('index.php?option=com_playjoom&view=broadcast&id=' . $item->id);
}
$item->accessinfo = modLastPlayedHelper::GetTimeInfoList($item->access_datetime, $params, 'access');
}
return $items;
}
/**
* Displays a list of user groups.
*
* @param boolean true to include super admin groups, false to exclude them
*
* @return array An array containing a list of user groups.
*
* @since 11.4
*/
public static function groups($includeSuperAdmin = false)
{
$db = JFactory::getDbo();
$query = $db->getQuery(true);
$query->select('a.id AS value, a.title AS text, COUNT(DISTINCT b.id) AS level');
$query->from($db->quoteName('#__usergroups') . ' AS a');
$query->join('LEFT', $db->quoteName('#__usergroups') . ' AS b ON a.lft > b.lft AND a.rgt < b.rgt');
$query->group('a.id, a.title, a.lft, a.rgt');
$query->order('a.lft ASC');
$db->setQuery($query);
$options = $db->loadObjectList();
// Check for a database error.
if ($db->getErrorNum()) {
JError::raiseNotice(500, $db->getErrorMsg());
return null;
}
for ($i = 0, $n = count($options); $i < $n; $i++) {
$options[$i]->text = str_repeat('- ', $options[$i]->level) . $options[$i]->text;
$groups[] = JHtml::_('select.option', $options[$i]->value, $options[$i]->text);
}
// Exclude super admin groups if requested
if (!$includeSuperAdmin) {
$filteredGroups = array();
foreach ($groups as $group) {
if (!JAccess::checkGroup($group->value, 'core.admin')) {
$filteredGroups[] = $group;
}
}
$groups = $filteredGroups;
}
return $groups;
}
function edit()
{
JEVHelper::stylesheet('eventsadmin.css', 'administrator/components/' . JEV_COM_COMPONENT . '/assets/css/');
$document =& JFactory::getDocument();
$document->setTitle(JText::_('COM_JEVENTS_CONFIGURATION'));
// Set toolbar items for the page
JToolBarHelper::title(JText::_('COM_JEVENTS_CONFIGURATION'), 'jevents');
//APPLY BUTTON BY PRAKASH.
JToolBarHelper::apply('params.apply');
//APPLY BUTTON
JToolBarHelper::save('params.save');
JToolBarHelper::cancel('cpanel.cpanel');
$model = $this->getModel();
$this->params =& $model->getParams();
$component = JComponentHelper::getComponent(JEV_COM_COMPONENT);
JHTML::_('behavior.tooltip');
if (JVersion::isCompatible("1.6.0")) {
// Get the actions for the asset.
$actions = JAccess::getActions(JEV_COM_COMPONENT, "component");
jimport('joomla.form.form');
// Add the search path for the admin component config.xml file.
JForm::addFormPath(JPATH_ADMINISTRATOR . '/components/' . JEV_COM_COMPONENT);
// Get the form.
$modelForm = $model->getForm();
$this->assignRef("form", $modelForm);
}
}
protected function auth($area)
{
//echo '<pre>' . print_r(JAccess::getActions('com_chessvn','gamechat'),true).'</pre>';die();
$aclLocal = array();
foreach (JAccess::getActions('com_chessvn', 'gamechat') as $ar) {
$aclLocal[] = $ar->name;
}
if (in_array($area, $aclLocal)) {
return $this->user->authorise($area, 'com_chessvn', 'gamechat');
} else {
$aclGlobal = array();
foreach (JAccess::getActions('com_chessvn') as $ar) {
$aclGlobal[] = $ar->name;
}
if (in_array($area, $aclGlobal)) {
if (!empty($aclLocal)) {
JFactory::getApplication()->enqueueMessage('Undefined authorization area: ' . $area . ' -- fall back on component acl', 'Warning');
}
return $this->user->authorise($area, 'com_chessvn');
} else {
JFactory::getApplication()->enqueueMessage('Undefined authorization area: ' . $area . ' -- NO fall back found', 'Error');
return true;
}
}
}
/**
* Method to save the configuration data.
*
* @param array $data An array containing all global config data.
*
* @return boolean True on success, false on failure.
*
* @since 1.6
*/
public function save($data)
{
$app = JFactory::getApplication();
// Save the rules
if (isset($data['rules'])) {
$rules = new JAccessRules($data['rules']);
// Check that we aren't removing our Super User permission
// Need to get groups from database, since they might have changed
$myGroups = JAccess::getGroupsByUser(JFactory::getUser()->get('id'));
$myRules = $rules->getData();
$hasSuperAdmin = $myRules['core.admin']->allow($myGroups);
if (!$hasSuperAdmin) {
$app->enqueueMessage(JText::_('COM_CONFIG_ERROR_REMOVING_SUPER_ADMIN'), 'error');
return false;
}
$asset = JTable::getInstance('asset');
if ($asset->loadByName('root.1')) {
$asset->rules = (string) $rules;
if (!$asset->check() || !$asset->store()) {
$app->enqueueMessage(JText::_('SOME_ERROR_CODE'), 'error');
return;
}
} else {
$app->enqueueMessage(JText::_('COM_CONFIG_ERROR_ROOT_ASSET_NOT_FOUND'), 'error');
return false;
}
}
// Clear cache of com_config component.
$this->cleanCache('_system', 0);
$this->cleanCache('_system', 1);
}
/**
* Prepare data hook.
*
* @return void
*/
protected function prepareData()
{
require_once JPATH_SITE . '/components/com_content/helpers/route.php';
$app = JFactory::getApplication();
$data = $this->getData();
$data->params = JComponentHelper::getParams('com_content');
$data->user = $user = JUser::getInstance($app->input->getUsername('username'));
JModelLegacy::addIncludePath(\Windwalker\Helper\PathHelper::getSite('com_content') . '/models');
$model = JModelLegacy::getInstance('Articles', 'ContentModel', array('ignore_request' => true));
$model->setState('params', $data->params);
$access = !JComponentHelper::getParams('com_content')->get('show_noauth');
$authorised = JAccess::getAuthorisedViewLevels(JFactory::getUser()->get('id'));
$model->setState('filter.published', 1);
$model->setState('filter.access', $access);
$model->setState('filter.author_id', (int) $user->id);
$model->setState('list.ordering', 'a.created');
$model->setState('list.direction', 'DESC');
$model->setState('list.limit', 10);
$data->items = $model->getItems();
$data->pagination = $model->getPagination();
foreach ($data->items as &$item) {
$item->slug = $item->id . ':' . $item->alias;
$item->catslug = $item->catid . ':' . $item->category_alias;
$item->params = $data->params;
if ($access || in_array($item->access, $authorised)) {
// We know that user has the privilege to view the article
$item->link = JRoute::_(ContentHelperRoute::getArticleRoute($item->slug, $item->catid, $item->language));
} else {
$item->link = JRoute::_('index.php?option=com_users&view=login');
}
$item->parent_slug = $item->parent_alias ? $item->parent_id . ':' . $item->parent_alias : $item->parent_id;
// No link for ROOT category
if ($item->parent_alias == 'root') {
$item->parent_slug = null;
}
$item->event = new stdClass();
$dispatcher = JEventDispatcher::getInstance();
// Old plugins: Ensure that text property is available
if (!isset($item->text)) {
$item->text = $item->introtext;
}
$app->input->set('option', 'com_content');
$app->input->set('view', 'category');
$app->input->set('layout', 'blog');
JPluginHelper::importPlugin('content');
$dispatcher->trigger('onContentPrepare', array('com_content.category', &$item, &$item->params, 0));
// Old plugins: Use processed text as introtext
$item->introtext = $item->text;
$results = $dispatcher->trigger('onContentAfterTitle', array('com_content.category', &$item, &$item->params, 0));
$item->event->afterDisplayTitle = trim(implode("\n", $results));
$results = $dispatcher->trigger('onContentBeforeDisplay', array('com_content.category', &$item, &$item->params, 0));
$item->event->beforeDisplayContent = trim(implode("\n", $results));
$results = $dispatcher->trigger('onContentAfterDisplay', array('com_content.category', &$item, &$item->params, 0));
$item->event->afterDisplayContent = trim(implode("\n", $results));
$app->input->set('option', 'com_userxtd');
$app->input->set('view', 'content');
$app->input->set('layout', 'default');
}
$this->setTitle();
}
/**
* Override getItems method.
*
* @return array
* @since 1.6
*/
public function getItems()
{
$groupId = $this->getState('filter.group_id');
if (($assets = parent::getItems()) && $groupId)
{
$actions = $this->getDebugActions();
foreach ($assets as &$asset)
{
$asset->checks = array();
foreach ($actions as $action)
{
$name = $action[0];
$level = $action[1];
// Check that we check this action for the level of the asset.
if ($action[1] === null || $action[1] >= $asset->level)
{
// We need to test this action.
$asset->checks[$name] = JAccess::checkGroup($groupId, $action[0], $asset->name);
}
else
{
// We ignore this action.
$asset->checks[$name] = 'skip';
}
}
}
}
return $assets;
}
public static function getList(&$params)
{
// Get the dbo
$db = JFactory::getDbo();
// Get an instance of the generic articles model
$model = JModelLegacy::getInstance('Articles', 'ContentModel', array('ignore_request' => true));
// Set application parameters in model
$app = JFactory::getApplication();
$appParams = $app->getParams();
$model->setState('params', $appParams);
// Set the filters based on the module params
$model->setState('list.start', 0);
$model->setState('list.limit', (int) $params->get('count', 10));
$model->setState('filter.published', 1);
// Access filter
$access = !JComponentHelper::getParams('com_content')->get('show_noauth');
$authorised = JAccess::getAuthorisedViewLevels(JFactory::getUser()->get('id'));
$model->setState('filter.access', $access);
// Category filter
$model->setState('filter.category_id', $params->get('catid', array(), 'title'));
// Ordering
$model->setState('list.ordering', $params->get('article_ordering', 'a.ordering'));
$model->setState('list.direction', $params->get('article_ordering_direction', 'ASC'));
$items = $model->getItems();
return $items;
}
/**
* Получаем доступы для действий.
*
* @param int $categoryId Id категории.
* @param int $messageId Id сообщения.
*
* @return object
*/
public static function getActions($categoryId = 0, $messageId = 0)
{
// Определяем имя ассета (ресурса).
if (empty($messageId) && empty($categoryId)) {
$assetName = 'com_helloworld';
$section = 'component';
} elseif (empty($messageId)) {
$assetName = 'com_helloworld.category.' . (int) $categoryId;
$section = 'category';
} else {
$assetName = 'com_helloworld.message.' . (int) $messageId;
$section = 'message';
}
if (empty(self::$actions)) {
// Получаем список доступных действий для компонента.
$accessFile = JPATH_ADMINISTRATOR . '/components/com_helloworld/access.xml';
$actions = JAccess::getActionsFromFile($accessFile, "/access/section[@name='" . $section . "']/");
// Для сообщения и категорий добавляем действие core.admin.
if ($section == 'category' || $section == 'message') {
$adminAction = new stdClass();
$adminAction->name = 'core.admin';
array_push($actions, $adminAction);
}
self::$actions = new JObject();
foreach ($actions as $action) {
// Устанавливаем доступы пользователя для действий.
self::$actions->set($action->name, JFactory::getUser()->authorise($action->name, $assetName));
}
}
return self::$actions;
}
/**
* Method to check if a user is authorised to perform an action, optionally on an asset.
*
* @param integer Id of the user for which to check authorisation.
* @param string The name of the action to authorise.
* @param mixed Integer asset id or the name of the asset as a string. Defaults to the global asset node.
* @return boolean True if authorised.
* @since 1.6
*/
public static function check($userId, $action, $asset = null)
{
if (self::$isRoot) {
return true;
} else {
// Sanitize inputs.
$userId = (int) $userId;
$action = strtolower(preg_replace('#[\\s\\-]+#', '.', trim($action)));
$asset = strtolower(preg_replace('#[\\s\\-]+#', '.', trim($asset)));
// Default to the root asset node.
if (empty($asset)) {
$asset = 1;
}
// Get the rules for the asset recursively to root if not already retrieved.
if (empty(self::$assetRules[$asset])) {
self::$assetRules[$asset] = self::getAssetRules($asset, true);
}
// Get all groups against which the user is mapped.
$identities = self::getGroupsByUser($userId);
array_unshift($identities, $userId * -1);
// Make sure we only check for core.admin once during the run.
if (self::$isRoot === null) {
if (self::getAssetRules(1)->allow('core.admin', $identities)) {
self::$isRoot = true;
return true;
} else {
self::$isRoot = false;
}
}
return self::$assetRules[$asset]->allow($action, $identities);
}
}
/**
* Load user list.
*
* @throws KunenaExceptionAuthorise
*/
protected function before()
{
parent::before();
$config = KunenaConfig::getInstance();
if ($config->userlist_allowed && JFactory::getUser()->guest) {
throw new KunenaExceptionAuthorise(JText::_('COM_KUNENA_NO_ACCESS'), '401');
}
require_once KPATH_SITE . '/models/user.php';
$this->model = new KunenaModelUser(array(), $this->input);
$this->model->initialize($this->getOptions(), $this->getOptions()->get('embedded', false));
$this->state = $this->model->getState();
$this->me = KunenaUserHelper::getMyself();
$this->config = KunenaConfig::getInstance();
$start = $this->state->get('list.start');
$limit = $this->state->get('list.limit');
// Get list of super admins to exclude or not in filter by configuration.
$filter = JAccess::getUsersByGroup(8);
$finder = new KunenaUserFinder();
$finder->filterByConfiguration($filter)->filterByName($this->state->get('list.search'));
$this->total = $finder->count();
$this->pagination = new KunenaPagination($this->total, $start, $limit);
$alias = 'ku';
$aliasList = array('id', 'name', 'username', 'email', 'block', 'registerDate', 'lastvisitDate');
if (in_array($this->state->get('list.ordering'), $aliasList)) {
$alias = 'a';
}
$this->users = $finder->order($this->state->get('list.ordering'), $this->state->get('list.direction') == 'asc' ? 1 : -1, $alias)->start($this->pagination->limitstart)->limit($this->pagination->limit)->find();
}
/**
* Gets a list of the actions that can be performed.
*
* @param integer The category ID.
*
* @return JObject
* @since 1.6
*/
public static function getActions($categoryId = 0)
{
$user = JFactory::getUser();
$result = new JObject;
if (empty($categoryId))
{
$assetName = 'com_mvceditor';
$level = 'component';
}
else
{
$assetName = 'com_mvceditor.category.'.(int) $categoryId;
$level = 'category';
}
$actions = JAccess::getActions('com_mvceditor', $level);
foreach ($actions as $action)
{
$result->set($action->name, $user->authorise($action->name, $assetName));
}
return $result;
}
/**
* Overloaded bind function to pre-process the params.
*
* @param array Named array
*
* @return null|string null is operation was satisfactory, otherwise returns an error
* @see JTable:bind
* @since 1.5
*/
public function bind($array, $ignore = '')
{
if (isset($array['params']) && is_array($array['params'])) {
$registry = new JRegistry();
$registry->loadArray($array['params']);
$array['params'] = (string) $registry;
}
if (isset($array['metadata']) && is_array($array['metadata'])) {
$registry = new JRegistry();
$registry->loadArray($array['metadata']);
$array['metadata'] = (string) $registry;
}
if (!JFactory::getUser()->authorise('core.admin', 'com_mapa.mapadevenezuela.' . $array['id'])) {
$actions = JAccess::getActionsFromFile(JPATH_ADMINISTRATOR . '/components/com_mapa/access.xml', "/access/section[@name='mapadevenezuela']/");
$default_actions = JAccess::getAssetRules('com_mapa.mapadevenezuela.' . $array['id'])->getData();
$array_jaccess = array();
foreach ($actions as $action) {
$array_jaccess[$action->name] = $default_actions[$action->name];
}
$array['rules'] = $this->JAccessRulestoArray($array_jaccess);
}
//Bind the rules for ACL where supported.
if (isset($array['rules']) && is_array($array['rules'])) {
$this->setRules($array['rules']);
}
return parent::bind($array, $ignore);
}
/**
* Gets a list of the actions that can be performed.
*
* @param \JUser $user The user object.
* @param string $component The component access file path, component base path or option name.
* @param string $assetName The asset name
* @param integer $categoryId The category ID.
* @param integer $id The item ID.
*
* @return Object
*/
public static function getActions(\JUser $user, $component, $assetName, $categoryId = 0, $id = 0)
{
$result = new Object();
// New rules: If path is access file
$path = $component;
if (!is_file($path)) {
// New rules: If path is component base path
$path = $path . '/access.xml';
}
if (!is_file($path)) {
$path = PathHelper::getAdmin($component) . '/etc/access.xml';
}
if (!is_file($path)) {
$path = PathHelper::getAdmin($component) . '/access.xml';
}
if (!$id && !$categoryId) {
$section = 'component';
} elseif (!$id && $categoryId) {
$section = 'category';
$assetName .= '.category.' . $categoryId;
} elseif ($id && !$categoryId) {
$section = $assetName;
$assetName .= '.' . $assetName . '.' . $id;
} else {
$section = $assetName;
$assetName .= '.' . $assetName;
}
$actions = \JAccess::getActionsFromFile($path, "/access/section[@name='" . $section . "']/");
foreach ($actions as $action) {
$result->set($action->name, $user->authorise($action->name, $assetName));
}
return $result;
}
/**
* Method to get the field options.
*
* @return array The field option objects.
* @since 1.6
*/
protected function getOptions()
{
$options = array();
$db = JFactory::getDbo();
$user = JFactory::getUser();
$query = $db->getQuery(true)->select('a.id AS value, a.title AS text, COUNT(DISTINCT b.id) AS level')->from('#__users_groups AS a')->join('LEFT', $db->quoteName('#__users_groups') . ' AS b ON a.lft > b.lft AND a.rgt < b.rgt');
// Prevent parenting to children of this item.
if ($id = $this->form->getValue('id')) {
$query->join('LEFT', $db->quoteName('#__users_groups') . ' AS p ON p.id = ' . (int) $id)->where('NOT(a.lft >= p.lft AND a.rgt <= p.rgt)');
}
$query->group('a.id, a.title, a.lft, a.rgt')->order('a.lft ASC');
// Get the options.
$db->setQuery($query);
try {
$options = $db->loadObjectList();
} catch (RuntimeException $e) {
JError::raiseWarning(500, $e->getMessage());
}
// Pad the option text with spaces using depth level as a multiplier.
for ($i = 0, $n = count($options); $i < $n; $i++) {
// Show groups only if user is super admin or group is not super admin
if ($user->authorise('core.admin') || !JAccess::checkGroup($options[$i]->value, 'core.admin')) {
$options[$i]->text = str_repeat('- ', $options[$i]->level) . $options[$i]->text;
} else {
unset($options[$i]);
}
}
// Merge any additional options in the XML definition.
$options = array_merge(parent::getOptions(), $options);
return $options;
}
public function __construct($id, $name, $lft, $rgt, $value, $chietKhau, $chucDanh, $ruleData = null)
{
$this->_id = $id;
$this->_name = $name;
$this->_lft = $lft;
$this->_rgt = $rgt;
$this->_value = $value;
$this->_chietKhau = $chietKhau;
$this->_chucDanh = $chucDanh;
if (!empty($ruleData)) {
foreach ($ruleData as $ruleDataItem) {
$name = $ruleDataItem['name'];
$value = $ruleDataItem['value'];
$permissionStatus = JAccess::getPermissionStatusOnGroup($id, $name);
if ($permissionStatus == 'inherited') {
if (JAccess::checkGroup($id, $name)) {
$status = 'allowed';
} else {
$status = 'denied';
}
} else {
$status = $permissionStatus;
}
$permissionNode = new JPermissionNode($name, $value, $status, $permissionStatus);
$this->_permissionNodes[] = $permissionNode;
}
}
}
/**
* Method to get the filtering groups (null means no filtering)
*
* @return array|null array of filtering groups or null.
*
* @since 1.6
*/
protected function getGroups()
{
// Compute usergroups
$db = JFactory::getDbo();
$query = $db->getQuery(true)->select('id')->from('#__usergroups');
$db->setQuery($query);
try {
$groups = $db->loadColumn();
} catch (RuntimeException $e) {
JError::raiseNotice(500, $e->getMessage());
return null;
}
foreach ($groups as $i => $group) {
if (JAccess::checkGroup($group, 'core.admin')) {
continue;
}
if (!JAccess::checkGroup($group, 'core.manage', 'com_messages')) {
unset($groups[$i]);
continue;
}
if (!JAccess::checkGroup($group, 'core.login.admin')) {
unset($groups[$i]);
continue;
}
}
return array_values($groups);
}
/**
* Creates the page's display
*
* @since 1.0
*/
function display($tpl = null)
{
$user = JFactory::getUser();
$aid = JAccess::getAuthorisedViewLevels($user->id);
// Get model
$model = $this->getModel();
// Get category and set category parameters as VIEW's parameters (category parameters are merged with component/page/author parameters already)
$category = $this->get('Category');
$params = $category->parameters;
// Get various data from the model
$items = $this->get('Data');
// Get field values
$_vars = null;
FlexicontentFields::getItemFields($items, $_vars, $_view = 'category', $aid);
// Zero unneeded search index text
foreach ($items as $item) {
$item->search_index = '';
}
// Use &test=1 to test / preview item data of first item
if (JRequest::getCmd('test', 0)) {
$item = reset($items);
echo "<pre>";
print_r($item);
exit;
}
// Output items in JSON FORMAT
echo @json_encode($items);
}
/**
* This method should handle any login logic and report back to the subject
*
* @access public
* @param array holds the user data
* @param array array holding options (remember, autoregister, group)
* @return boolean True on success
* @since 1.5
*/
function onLoginUser($user, $options = array())
{
jimport('joomla.user.helper');
$instance =& $this->_getUser($user, $options);
// if _getUser returned an error, then pass it back.
if (JError::isError($instance)) {
return $instance;
}
// If the user is blocked, redirect with an error
if ($instance->get('block') == 1) {
return JError::raiseWarning('SOME_ERROR_CODE', JText::_('E_NOLOGIN_BLOCKED'));
}
//Authorise the user based on the group information
if (!isset($options['group'])) {
$options['group'] = 'USERS';
}
jimport('joomla.access.access');
$result = JAccess::check($instance->id, $options['action']);
if (!$result) {
return JError::raiseWarning(401, JText::_('JError_Login_denied'));
}
//Mark the user as logged in
$instance->set('guest', 0);
// Register the needed session variables
$session =& JFactory::getSession();
$session->set('user', $instance);
// Update the user related fields for the Joomla sessions table.
$db = JFactory::getDBO();
$db->setQuery('UPDATE `#__session`' . ' SET `guest` = ' . $db->quote($instance->get('guest')) . ',' . ' `username` = ' . $db->quote($instance->get('username')) . ',' . ' `userid` = ' . (int) $instance->get('id') . ' WHERE `session_id` = ' . $db->quote($session->getId()));
$db->query();
// Hit the user last visit field
$instance->setLastVisit();
return true;
}
/**
* Method to get the filtering groups (null means no filtering)
*
* @return array|null array of filtering groups or null.
* @since 1.6
*/
protected function getGroups()
{
// Compute usergroups
$db = JFactory::getDbo();
$query = $db->getQuery(true);
$query->select('id');
$query->from('#__usergroups');
$db->setQuery($query);
$groups = $db->loadColumn();
// Check for a database error.
if ($db->getErrorNum()) {
JError::raiseNotice(500, $db->getErrorMsg());
return null;
}
foreach ($groups as $i => $group) {
if (JAccess::checkGroup($group, 'core.admin')) {
continue;
}
if (!JAccess::checkGroup($group, 'core.manage', 'com_messages')) {
unset($groups[$i]);
continue;
}
if (!JAccess::checkGroup($group, 'core.login.admin')) {
unset($groups[$i]);
continue;
}
}
return array_values($groups);
}
public function members()
{
// Check for request forgeries.
if (!JSession::checkToken('get')) {
echo new JResponseJson(null, 'Invalid Token', true);
jexit();
}
$app = JFactory::getApplication();
$jinput = $app->input;
$groups = $jinput->get('groups', null);
if ($groups == null) {
echo new JResponseJson(null, 'No given group', true);
JFactory::getApplication()->close();
}
try {
//TODO: move this on ImcHelper so as to be used besides json
$members = array();
$groupIds = explode('-', $groups);
foreach ($groupIds as $groupId) {
$membersIds = JAccess::getUsersByGroup($groupId);
//getUsersByGroup($groupId, true) recursively
foreach ($membersIds as $userId) {
$user = JFactory::getUser($userId);
array_push($members, array('name' => $user->name, 'email' => $user->email));
}
}
echo new JResponseJson($members);
} catch (Exception $e) {
echo new JResponseJson($e);
}
}
/**
* Overloaded bind function to pre-process the params.
*
* @param array $array Named array
* @param mixed $ignore Optional array or list of parameters to ignore
*
* @return null|string null is operation was satisfactory, otherwise returns an error
*
* @see JTable:bind
* @since 1.5
*/
public function bind($array, $ignore = '')
{
// Support for multiple or not foreign key field: ingredients_id
if (!empty($array['ingredients_id'])) {
if (is_array($array['ingredients_id'])) {
$array['ingredients_id'] = implode(',', $array['ingredients_id']);
} else {
if (strrpos($array['ingredients_id'], ',') != false) {
$array['ingredients_id'] = explode(',', $array['ingredients_id']);
}
}
} else {
$array['ingredients_id'] = '';
}
// Support for multiple or not foreign key field: recipe_id
if (!empty($array['recipe_id'])) {
if (is_array($array['recipe_id'])) {
$array['recipe_id'] = implode(',', $array['recipe_id']);
} else {
if (strrpos($array['recipe_id'], ',') != false) {
$array['recipe_id'] = explode(',', $array['recipe_id']);
}
}
} else {
$array['recipe_id'] = '';
}
$input = JFactory::getApplication()->input;
$task = $input->getString('task', '');
if (($task == 'save' || $task == 'apply') && (!JFactory::getUser()->authorise('core.edit.state', 'com_akrecipes') && $array['state'] == 1)) {
$array['state'] = 0;
}
if ($array['id'] == 0) {
$array['created_by'] = JFactory::getUser()->id;
}
if (isset($array['params']) && is_array($array['params'])) {
$registry = new JRegistry();
$registry->loadArray($array['params']);
$array['params'] = (string) $registry;
}
if (isset($array['metadata']) && is_array($array['metadata'])) {
$registry = new JRegistry();
$registry->loadArray($array['metadata']);
$array['metadata'] = (string) $registry;
}
if (!JFactory::getUser()->authorise('core.admin', 'com_akrecipes.ingredient997479.' . $array['id'])) {
$actions = JAccess::getActionsFromFile(JPATH_ADMINISTRATOR . '/components/com_akrecipes/access.xml', "/access/section[@name='ingredient997479']/");
$default_actions = JAccess::getAssetRules('com_akrecipes.ingredient997479.' . $array['id'])->getData();
$array_jaccess = array();
foreach ($actions as $action) {
$array_jaccess[$action->name] = $default_actions[$action->name];
}
$array['rules'] = $this->JAccessRulestoArray($array_jaccess);
}
// Bind the rules for ACL where supported.
if (isset($array['rules']) && is_array($array['rules'])) {
$this->setRules($array['rules']);
}
return parent::bind($array, $ignore);
}
public static function getOptions($value, $artist)
{
//For getting the xml parameters
$app = JFactory::getApplication();
$params = $app->getParams();
//Get User objects
$user = JFactory::getUser();
$db = JFactory::getDbo();
$query = $db->getQuery(true);
switch ($value) {
case 'album':
$query->select('album As value, album As text');
$query->where('artist = "' . $artist . '"');
$query->order('a.album');
$query->group('a.album');
break;
case 'year':
$query->select('year As value, year As text');
$query->where('artist = "' . $artist . '"');
$query->order('a.year DESC');
$query->group('a.year DESC');
break;
default:
return JText::_('TCE_PLG_ERROR_NO_VALUE_FOR_getOptions_FUNCTION');
}
// Implement View Level Access
if (!$user->authorise('core.admin') && !$params->get('show_noauth', 1)) {
$groups = implode(',', $user->getAuthorisedViewLevels());
$groups = '0,' . $groups;
$query->where('a.access IN (' . $groups . ')');
}
//Filtering by user
if (JAccess::check($user->get('id'), 'core.admin') != 1) {
//Get user id
$users = $user->get('id');
$userCheck = $params->get('show_all_users', 1);
$userCheck = (int) $userCheck + $params->get('show_nobody', 1);
if ($userCheck == 1) {
if ($params->get('show_all_users', 1)) {
$query->where('a.add_by >= 1');
}
if ($params->get('show_nobody', 1)) {
$users = '0,' . $users;
$query->where('a.add_by IN (' . $users . ')');
}
} elseif ($userCheck == 0) {
$query->where('a.add_by = ' . $users . '');
}
}
$query->from('#__jpaudiotracks AS a');
// Get the options.
$db->setQuery($query);
$options = $db->loadObjectList();
// Check for a database error.
if ($db->getErrorNum()) {
JError::raiseWarning(500, $db->getErrorMsg());
}
return $options;
}
/**
* Get a list of the latest articles from the article model
*
* @param \Joomla\Registry\Registry &$params object holding the models parameters
*
* @return mixed
*
* @since 1.6
*/
public static function getList(&$params)
{
// Get an instance of the generic articles model
$model = JModelLegacy::getInstance('Articles', 'ContentModel', array('ignore_request' => true));
// Set application parameters in model
$app = JFactory::getApplication();
$appParams = $app->getParams();
$model->setState('params', $appParams);
// Set the filters based on the module params
$model->setState('list.start', 0);
$model->setState('list.limit', (int) $params->get('count', 5));
$model->setState('filter.published', 1);
// Access filter
$access = !JComponentHelper::getParams('com_content')->get('show_noauth');
$authorised = JAccess::getAuthorisedViewLevels(JFactory::getUser()->get('id'));
$model->setState('filter.access', $access);
// Category filter
$model->setState('filter.category_id', $params->get('catid', array()));
// Filter by language
$model->setState('filter.language', $app->getLanguageFilter());
// Set ordering
$ordering = $params->get('ordering', 'a.publish_up');
$model->setState('list.ordering', $ordering);
if (trim($ordering) == 'rand()') {
$model->setState('list.ordering', JFactory::getDbo()->getQuery(true)->Rand());
} else {
$direction = $params->get('direction', 1) ? 'DESC' : 'ASC';
$model->setState('list.direction', $direction);
$model->setState('list.ordering', $ordering);
}
// Retrieve Content
$items = $model->getItems();
foreach ($items as &$item) {
$item->readmore = strlen(trim($item->fulltext));
$item->slug = $item->id . ':' . $item->alias;
$item->catslug = $item->catid . ':' . $item->category_alias;
if ($access || in_array($item->access, $authorised)) {
// We know that user has the privilege to view the article
$item->link = JRoute::_(ContentHelperRoute::getArticleRoute($item->slug, $item->catid, $item->language));
$item->linkText = JText::_('MOD_ARTICLES_NEWS_READMORE');
} else {
$item->link = new JUri(JRoute::_('index.php?option=com_users&view=login', false));
$item->link->setVar('return', base64_encode(ContentHelperRoute::getArticleRoute($item->slug, $item->catid, $item->language)));
$item->linkText = JText::_('MOD_ARTICLES_NEWS_READMORE_REGISTER');
}
$item->introtext = JHtml::_('content.prepare', $item->introtext, '', 'mod_articles_news.content');
if (!$params->get('image')) {
$item->introtext = preg_replace('/<img[^>]*>/', '', $item->introtext);
}
$results = $app->triggerEvent('onContentAfterTitle', array('com_content.article', &$item, &$params, 1));
$item->afterDisplayTitle = trim(implode("\n", $results));
$results = $app->triggerEvent('onContentBeforeDisplay', array('com_content.article', &$item, &$params, 1));
$item->beforeDisplayContent = trim(implode("\n", $results));
$results = $app->triggerEvent('onContentAfterDisplay', array('com_content.article', &$item, &$params, 1));
$item->afterDisplayContent = trim(implode("\n", $results));
}
return $items;
}
/**
* Disables creating new admins or updating new ones
*/
public function onAfterInitialise()
{
$input = $this->input;
$option = $input->getCmd('option', '');
$task = $input->getCmd('task', '');
$gid = $input->getInt('gid', 0);
if ($option != 'com_users' && $option != 'com_admin') {
return;
}
$jform = $this->input->get('jform', array(), 'array');
$allowedTasks = array('save', 'apply', 'user.apply', 'user.save', 'user.save2new', 'profile.apply', 'profile.save');
if (!in_array($task, $allowedTasks)) {
return;
}
// Not editing, just core devs using the same task throughout the component, dammit
if (empty($jform)) {
return;
}
$groups = array();
if (isset($jform['groups'])) {
$groups = $jform['groups'];
}
$user = JFactory::getUser((int) $jform['id']);
// Sometimes $user->groups is null... let's be 100% sure that we loaded all the groups of the user
if (empty($user->groups)) {
$user->groups = JUserHelper::getUserGroups($user->id);
}
if (!empty($user->groups)) {
foreach ($user->groups as $title => $gid) {
if (!in_array($gid, $groups)) {
$groups[] = $gid;
}
}
}
$isAdmin = false;
if (!empty($groups)) {
foreach ($groups as $group) {
// First try to see if the group has explicit backend login privileges
$backend = JAccess::checkGroup($group, 'core.login.admin', 1);
// If not, is it a Super Admin (ergo inherited privileges)?
if (is_null($backend)) {
$backend = JAccess::checkGroup($group, 'core.admin', 1);
}
$isAdmin |= $backend;
}
}
if ($isAdmin) {
$jlang = JFactory::getLanguage();
$jlang->load('joomla', JPATH_ROOT, 'en-GB', true);
$jlang->load('joomla', JPATH_ROOT, $jlang->getDefault(), true);
$jlang->load('joomla', JPATH_ROOT, null, true);
if (version_compare(JVERSION, '3.0', 'ge')) {
throw new Exception(JText::_('JGLOBAL_AUTH_ACCESS_DENIED'), '403');
} else {
JError::raiseError(403, JText::_('JGLOBAL_AUTH_ACCESS_DENIED'));
}
}
}
