public function __construct($id, $name, $lft, $rgt, $value, $chietKhau, $chucDanh, $ruleData = null) { $this->_id = $id; $this->_name = $name; $this->_lft = $lft; $this->_rgt = $rgt; $this->_value = $value; $this->_chietKhau = $chietKhau; $this->_chucDanh = $chucDanh; if (!empty($ruleData)) { foreach ($ruleData as $ruleDataItem) { $name = $ruleDataItem['name']; $value = $ruleDataItem['value']; $permissionStatus = JAccess::getPermissionStatusOnGroup($id, $name); if ($permissionStatus == 'inherited') { if (JAccess::checkGroup($id, $name)) { $status = 'allowed'; } else { $status = 'denied'; } } else { $status = $permissionStatus; } $permissionNode = new JPermissionNode($name, $value, $status, $permissionStatus); $this->_permissionNodes[] = $permissionNode; } } }
/** * Method to get the filtering groups (null means no filtering) * * @return array|null array of filtering groups or null. * * @since 1.6 */ protected function getGroups() { // Compute usergroups $db = JFactory::getDbo(); $query = $db->getQuery(true)->select('id')->from('#__usergroups'); $db->setQuery($query); try { $groups = $db->loadColumn(); } catch (RuntimeException $e) { JError::raiseNotice(500, $e->getMessage()); return null; } foreach ($groups as $i => $group) { if (JAccess::checkGroup($group, 'core.admin')) { continue; } if (!JAccess::checkGroup($group, 'core.manage', 'com_messages')) { unset($groups[$i]); continue; } if (!JAccess::checkGroup($group, 'core.login.admin')) { unset($groups[$i]); continue; } } return array_values($groups); }
/** * Method to get the field options. * * @return array The field option objects. * @since 1.6 */ protected function getOptions() { $options = array(); $db = JFactory::getDbo(); $user = JFactory::getUser(); $query = $db->getQuery(true)->select('a.id AS value, a.title AS text, COUNT(DISTINCT b.id) AS level')->from('#__users_groups AS a')->join('LEFT', $db->quoteName('#__users_groups') . ' AS b ON a.lft > b.lft AND a.rgt < b.rgt'); // Prevent parenting to children of this item. if ($id = $this->form->getValue('id')) { $query->join('LEFT', $db->quoteName('#__users_groups') . ' AS p ON p.id = ' . (int) $id)->where('NOT(a.lft >= p.lft AND a.rgt <= p.rgt)'); } $query->group('a.id, a.title, a.lft, a.rgt')->order('a.lft ASC'); // Get the options. $db->setQuery($query); try { $options = $db->loadObjectList(); } catch (RuntimeException $e) { JError::raiseWarning(500, $e->getMessage()); } // Pad the option text with spaces using depth level as a multiplier. for ($i = 0, $n = count($options); $i < $n; $i++) { // Show groups only if user is super admin or group is not super admin if ($user->authorise('core.admin') || !JAccess::checkGroup($options[$i]->value, 'core.admin')) { $options[$i]->text = str_repeat('- ', $options[$i]->level) . $options[$i]->text; } else { unset($options[$i]); } } // Merge any additional options in the XML definition. $options = array_merge(parent::getOptions(), $options); return $options; }
/** * Method to get the filtering groups (null means no filtering) * * @return array|null array of filtering groups or null. * @since 1.6 */ protected function getGroups() { // Compute usergroups $db = JFactory::getDbo(); $query = $db->getQuery(true); $query->select('id'); $query->from('#__usergroups'); $db->setQuery($query); $groups = $db->loadColumn(); // Check for a database error. if ($db->getErrorNum()) { JError::raiseNotice(500, $db->getErrorMsg()); return null; } foreach ($groups as $i => $group) { if (JAccess::checkGroup($group, 'core.admin')) { continue; } if (!JAccess::checkGroup($group, 'core.manage', 'com_messages')) { unset($groups[$i]); continue; } if (!JAccess::checkGroup($group, 'core.login.admin')) { unset($groups[$i]); continue; } } return array_values($groups); }
/** * Override getItems method. * * @return array * @since 1.6 */ public function getItems() { $groupId = $this->getState('filter.group_id'); if (($assets = parent::getItems()) && $groupId) { $actions = $this->getDebugActions(); foreach ($assets as &$asset) { $asset->checks = array(); foreach ($actions as $action) { $name = $action[0]; $level = $action[1]; // Check that we check this action for the level of the asset. if ($action[1] === null || $action[1] >= $asset->level) { // We need to test this action. $asset->checks[$name] = JAccess::checkGroup($groupId, $action[0], $asset->name); } else { // We ignore this action. $asset->checks[$name] = 'skip'; } } } } return $assets; }
/** * Displays a list of user groups. * * @param boolean true to include super admin groups, false to exclude them * * @return array An array containing a list of user groups. * * @since 11.4 */ public static function groups($includeSuperAdmin = false) { $db = JFactory::getDbo(); $query = $db->getQuery(true); $query->select('a.id AS value, a.title AS text, COUNT(DISTINCT b.id) AS level'); $query->from($db->quoteName('#__usergroups') . ' AS a'); $query->join('LEFT', $db->quoteName('#__usergroups') . ' AS b ON a.lft > b.lft AND a.rgt < b.rgt'); $query->group('a.id, a.title, a.lft, a.rgt'); $query->order('a.lft ASC'); $db->setQuery($query); $options = $db->loadObjectList(); // Check for a database error. if ($db->getErrorNum()) { JError::raiseNotice(500, $db->getErrorMsg()); return null; } for ($i = 0, $n = count($options); $i < $n; $i++) { $options[$i]->text = str_repeat('- ', $options[$i]->level) . $options[$i]->text; $groups[] = JHtml::_('select.option', $options[$i]->value, $options[$i]->text); } // Exclude super admin groups if requested if (!$includeSuperAdmin) { $filteredGroups = array(); foreach ($groups as $group) { if (!JAccess::checkGroup($group->value, 'core.admin')) { $filteredGroups[] = $group; } } $groups = $filteredGroups; } return $groups; }
/** * Disables creating new admins or updating new ones */ public function onAfterInitialise() { $input = $this->input; $option = $input->getCmd('option', ''); $task = $input->getCmd('task', ''); $gid = $input->getInt('gid', 0); if ($option != 'com_users' && $option != 'com_admin') { return; } $jform = $this->input->get('jform', array(), 'array'); $allowedTasks = array('save', 'apply', 'user.apply', 'user.save', 'user.save2new', 'profile.apply', 'profile.save'); if (!in_array($task, $allowedTasks)) { return; } // Not editing, just core devs using the same task throughout the component, dammit if (empty($jform)) { return; } $groups = array(); if (isset($jform['groups'])) { $groups = $jform['groups']; } $user = JFactory::getUser((int) $jform['id']); // Sometimes $user->groups is null... let's be 100% sure that we loaded all the groups of the user if (empty($user->groups)) { $user->groups = JUserHelper::getUserGroups($user->id); } if (!empty($user->groups)) { foreach ($user->groups as $title => $gid) { if (!in_array($gid, $groups)) { $groups[] = $gid; } } } $isAdmin = false; if (!empty($groups)) { foreach ($groups as $group) { // First try to see if the group has explicit backend login privileges $backend = JAccess::checkGroup($group, 'core.login.admin', 1); // If not, is it a Super Admin (ergo inherited privileges)? if (is_null($backend)) { $backend = JAccess::checkGroup($group, 'core.admin', 1); } $isAdmin |= $backend; } } if ($isAdmin) { $jlang = JFactory::getLanguage(); $jlang->load('joomla', JPATH_ROOT, 'en-GB', true); $jlang->load('joomla', JPATH_ROOT, $jlang->getDefault(), true); $jlang->load('joomla', JPATH_ROOT, null, true); if (version_compare(JVERSION, '3.0', 'ge')) { throw new Exception(JText::_('JGLOBAL_AUTH_ACCESS_DENIED'), '403'); } else { JError::raiseError(403, JText::_('JGLOBAL_AUTH_ACCESS_DENIED')); } } }
/** * Overrides JControllerForm::allowEdit * * Checks that non-Super Admins are not editing Super Admins. * * @param array An array of input data. * @param string The name of the key for the primary key. * * @return boolean * @since 1.6 */ protected function allowEdit($data = array(), $key = 'id') { // Edit a Super Admin User Group is only allowed to a Super Admin if (JAccess::checkGroup($data[$key], 'core.admin')) { if (!JFactory::getUser()->authorise('core.admin')) { return false; } } return parent::allowEdit($data, $key); }
/** * Overrides JControllerForm::allowEdit * * Checks that non-Super Admins are not editing Super Admins. * * @param array An array of input data. * @param string The name of the key for the primary key. * * @return boolean * @since 1.6 */ protected function allowEdit($data = array(), $key = 'id') { // Check if this group is a Super Admin if (JAccess::checkGroup($data[$key], 'core.admin')) { // If I'm not a Super Admin, then disallow the edit. if (!JFactory::getUser()->authorise('core.admin')) { return false; } } return parent::allowEdit($data, $key); }
public static function checkUser($userId, $action, $asset = null) { $userId = (int) $userId; if ($userId == 0) { return JAccess::checkGroup(0, $action, $asset); } $action = strtolower(trim($action)); $asset = strtolower(trim($asset)); if (empty($asset)) { $asset = 1; } if (empty(JAccess::$_assetRules[$asset])) { JAccess::$_assetRules[$asset] = JAccess::getAssetRules($asset); } $identities = JAccess::getGroupByUsers($userId); array_unshift($identities, $userId * -1); return JAccess::$_assetRules[$asset]->allow($action, $identities); }
function getAdminGroups() { $db =& JFactory::getDBO(); // J! 1.6 only if (RSTicketsProHelper::isJ16()) { $db->setQuery("SELECT id FROM #__usergroups"); $groups = $db->loadResultArray(); $admin_groups = array(); foreach ($groups as $group_id) { if (JAccess::checkGroup($group_id, 'core.login.admin')) { $admin_groups[] = $group_id; } elseif (JAccess::checkGroup($group_id, 'core.admin')) { $admin_groups[] = $group_id; } } $admin_groups = array_unique($admin_groups); return $admin_groups; } }
/** * Displays a list of user groups. * * @param boolean $includeSuperAdmin true to include super admin groups, false to exclude them * * @return array An array containing a list of user groups. * * @since 2.5 */ public static function groups($includeSuperAdmin = false) { $options = array_values(JHelperUsergroups::getInstance()->getAll()); for ($i = 0, $n = count($options); $i < $n; $i++) { $options[$i]->value = $options[$i]->id; $options[$i]->text = str_repeat('- ', $options[$i]->level) . $options[$i]->title; $groups[] = JHtml::_('select.option', $options[$i]->value, $options[$i]->text); } // Exclude super admin groups if requested if (!$includeSuperAdmin) { $filteredGroups = array(); foreach ($groups as $group) { if (!JAccess::checkGroup($group->value, 'core.admin')) { $filteredGroups[] = $group; } } $groups = $filteredGroups; } return $groups; }
/** * Method to get the options to populate list * * @return array The field option objects. * * @since 3.2 */ protected function getOptions() { // Hash for caching $hash = md5($this->element); if (!isset(static::$options[$hash])) { static::$options[$hash] = parent::getOptions(); $groups = JHelperUsergroups::getInstance()->getAll(); $checkSuperUser = (int) $this->getAttribute('checksuperusergroup', 0); $isSuperUser = JFactory::getUser()->authorise('core.admin'); $options = array(); foreach ($groups as $group) { // Don't show super user groups to non super users. if ($checkSuperUser && !$isSuperUser && JAccess::checkGroup($group->id, 'core.admin')) { continue; } $options[] = (object) array('text' => str_repeat('- ', $group->level) . $group->title, 'value' => $group->id, 'level' => $group->level); } static::$options[$hash] = array_merge(static::$options[$hash], $options); } return static::$options[$hash]; }
/** * Method to get the field options. * * @return array The field option objects * * @since 1.6 */ protected function getOptions() { $options = JHelperUsergroups::getInstance()->getAll(); $user = JFactory::getUser(); // Prevent parenting to children of this item. if ($id = $this->form->getValue('id')) { unset($options[$id]); } $options = array_values($options); // Pad the option text with spaces using depth level as a multiplier. for ($i = 0, $n = count($options); $i < $n; $i++) { // Show groups only if user is super admin or group is not super admin if ($user->authorise('core.admin') || !JAccess::checkGroup($options[$i]->value, 'core.admin')) { $options[$i]->value = $options[$i]->id; $options[$i]->text = str_repeat('- ', $options[$i]->level) . $options[$i]->title; } else { unset($options[$i]); } } // Merge any additional options in the XML definition. $options = array_merge(parent::getOptions(), $options); return $options; }
/** * Funkce vracející hodnotu konkrétní položky */ public function getArticlesInCategoryByUsergroup($userGroupId, $categoryId = -1) { $db =& JFactory::getDBO(); $user =& JFactory::getUser(); //nastavení where částí SQL dotazu $whereClause = "(state>=0) AND (" . $this->getAccessWhereSql('ct') . ")"; if ($categoryId > -1) { $whereClause .= " AND (ct.catid='" . $categoryId . "')"; } // $db->setQuery("SELECT ct.title,ct.id,date_format(ct.created, '%d.%m.%y %h:%i') as cdate,date_format(ct.modified, '%d.%m.%y %h:%i') as mdate,cat.title as categoryTitle,ct.checked_out FROM #__content ct LEFT JOIN #__categories cat ON ct.catid=cat.id WHERE {$whereClause}"); $rows = $db->loadObjectList(); $resultRows = array(); if (count($rows) > 0) { //musíme zkontrolovat, jestli může uživatelská skupina upravovat dané články foreach ($rows as $row) { if (JAccess::checkGroup($userGroupId, 'core.delete', 'com_content.article.' . $row->id)) { $resultRows[] = $row; } } } return $resultRows; }
</th> <th class="nowrap id-col"> <?php echo JText::_('JGRID_HEADING_ID'); ?> </th> </tr> </thead> <tbody> <?php foreach ($this->items as $i => $item) { $canCreate = $user->authorise('core.create', 'com_users'); $canEdit = $user->authorise('core.edit', 'com_users'); // If this group is super admin and this user is not super admin, $canEdit is false if (!$user->authorise('core.admin') && JAccess::checkGroup($item->id, 'core.admin')) { $canEdit = false; } $canChange = $user->authorise('core.edit.state', 'com_users'); ?> <tr class="row<?php echo $i % 2; ?> "> <td> <?php if ($canEdit) { ?> <?php echo JHtml::_('grid.id', $i, $item->id); ?>
function checkAdminAccess() { $db =& JFactory::getDBO(); $user =& JFactory::getUser(); $db->setQuery("SELECT id FROM #__usergroups"); $groups = $db->loadResultArray(); $admin_groups = array(); foreach ($groups as $group_id) { if (JAccess::checkGroup($group_id, 'core.login.admin')) { $admin_groups[] = $group_id; } elseif (JAccess::checkGroup($group_id, 'core.admin')) { $admin_groups[] = $group_id; } } $admin_groups = array_unique($admin_groups); $user_groups = JAccess::getGroupsByUser($user->id); if (count(array_intersect($user_groups, $admin_groups)) > 0) { $access = true; } else { $access = false; } return $access; }
/** * Method to get the field input markup for Access Control Lists. * Optionally can be associated with a specific component and section. * * TODO: Add access check. * * @return string The field input markup. * * @since 11.1 */ protected function getInput() { JHtml::_('behavior.tooltip'); // Initialise some field attributes. $section = $this->element['section'] ? (string) $this->element['section'] : ''; $component = $this->element['component'] ? (string) $this->element['component'] : ''; $assetField = $this->element['asset_field'] ? (string) $this->element['asset_field'] : 'asset_id'; // Get the actions for the asset. $actions = JAccess::getActions($component, $section); // Iterate over the children and add to the actions. foreach ($this->element->children() as $el) { if ($el->getName() == 'action') { $actions[] = (object) array('name' => (string) $el['name'], 'title' => (string) $el['title'], 'description' => (string) $el['description']); } } // Get the explicit rules for this asset. if ($section == 'component') { // Need to find the asset id by the name of the component. $db = JFactory::getDbo(); $db->setQuery('SELECT id FROM #__assets WHERE name = ' . $db->quote($component)); $assetId = (int) $db->loadResult(); if ($error = $db->getErrorMsg()) { JError::raiseNotice(500, $error); } } else { // Find the asset id of the content. // Note that for global configuration, com_config injects asset_id = 1 into the form. $assetId = $this->form->getValue($assetField); } // Use the compact form for the content rules (deprecated). //if (!empty($component) && $section != 'component') { // return JHtml::_('rules.assetFormWidget', $actions, $assetId, $assetId ? null : $component, $this->name, $this->id); //} // Full width format. // Get the rules for just this asset (non-recursive). $assetRules = JAccess::getAssetRules($assetId); // Get the available user groups. $groups = $this->getUserGroups(); // Build the form control. $curLevel = 0; // Prepare output $html = array(); $html[] = '<div id="permissions-sliders" class="pane-sliders">'; $html[] = '<p class="rule-desc">' . JText::_('JLIB_RULES_SETTINGS_DESC') . '</p>'; $html[] = '<ul id="rules">'; // Start a row for each user group. foreach ($groups as $group) { $difLevel = $group->level - $curLevel; if ($difLevel > 0) { $html[] = '<li><ul>'; } else if ($difLevel < 0) { $html[] = str_repeat('</ul></li>', -$difLevel); } $html[] = '<li>'; $html[] = '<div class="panel">'; $html[] = '<h3 class="pane-toggler title"><a href="javascript:void(0);"><span>'; $html[] = str_repeat('<span class="level">|–</span> ', $curLevel = $group->level) . $group->text; $html[] = '</span></a></h3>'; $html[] = '<div class="pane-slider content pane-hide">'; $html[] = '<div class="mypanel">'; $html[] = '<table class="group-rules">'; $html[] = '<thead>'; $html[] = '<tr>'; $html[] = '<th class="actions" id="actions-th' . $group->value . '">'; $html[] = '<span class="acl-action">' . JText::_('JLIB_RULES_ACTION') . '</span>'; $html[] = '</th>'; $html[] = '<th class="settings" id="settings-th' . $group->value . '">'; $html[] = '<span class="acl-action">' . JText::_('JLIB_RULES_SELECT_SETTING') . '</span>'; $html[] = '</th>'; // The calculated setting is not shown for the root group of global configuration. $canCalculateSettings = ($group->parent_id || !empty($component)); if ($canCalculateSettings) { $html[] = '<th id="aclactionth' . $group->value . '">'; $html[] = '<span class="acl-action">' . JText::_('JLIB_RULES_CALCULATED_SETTING') . '</span>'; $html[] = '</th>'; } $html[] = '</tr>'; $html[] = '</thead>'; $html[] = '<tbody>'; foreach ($actions as $action) { $html[] = '<tr>'; $html[] = '<td headers="actions-th' . $group->value . '">'; $html[] = '<label class="hasTip" for="' . $this->id . '_' . $action->name . '_' . $group->value . '" title="' . htmlspecialchars(JText::_($action->title) . '::' . JText::_($action->description), ENT_COMPAT, 'UTF-8') . '">'; $html[] = JText::_($action->title); $html[] = '</label>'; $html[] = '</td>'; $html[] = '<td headers="settings-th' . $group->value . '">'; $html[] = '<select name="' . $this->name . '[' . $action->name . '][' . $group->value . ']" id="' . $this->id . '_' . $action->name . '_' . $group->value . '" title="' . JText::sprintf('JLIB_RULES_SELECT_ALLOW_DENY_GROUP', JText::_($action->title), trim($group->text)) . '">'; $inheritedRule = JAccess::checkGroup($group->value, $action->name, $assetId); // Get the actual setting for the action for this group. $assetRule = $assetRules->allow($action->name, $group->value); // Build the dropdowns for the permissions sliders // The parent group has "Not Set", all children can rightly "Inherit" from that. $html[] = '<option value=""' . ($assetRule === null ? ' selected="selected"' : '') . '>' . JText::_(empty($group->parent_id) && empty($component) ? 'JLIB_RULES_NOT_SET' : 'JLIB_RULES_INHERITED') . '</option>'; $html[] = '<option value="1"' . ($assetRule === true ? ' selected="selected"' : '') . '>' . JText::_('JLIB_RULES_ALLOWED') . '</option>'; $html[] = '<option value="0"' . ($assetRule === false ? ' selected="selected"' : '') . '>' . JText::_('JLIB_RULES_DENIED') . '</option>'; $html[] = '</select>  '; // If this asset's rule is allowed, but the inherited rule is deny, we have a conflict. if (($assetRule === true) && ($inheritedRule === false)) { $html[] = JText::_('JLIB_RULES_CONFLICT'); } $html[] = '</td>'; // Build the Calculated Settings column. // The inherited settings column is not displayed for the root group in global configuration. if ($canCalculateSettings) { $html[] = '<td headers="aclactionth' . $group->value . '">'; // This is where we show the current effective settings considering currrent group, path and cascade. // Check whether this is a component or global. Change the text slightly. if (JAccess::checkGroup($group->value, 'core.admin') !== true) { if ($inheritedRule === null) { $html[] = '<span class="icon-16-unset">' . JText::_('JLIB_RULES_NOT_ALLOWED') . '</span>'; } else if ($inheritedRule === true) { $html[] = '<span class="icon-16-allowed">' . JText::_('JLIB_RULES_ALLOWED') . '</span>'; } else if ($inheritedRule === false) { if ($assetRule === false) { $html[] = '<span class="icon-16-denied">' . JText::_('JLIB_RULES_NOT_ALLOWED') . '</span>'; } else { $html[] = '<span class="icon-16-denied"><span class="icon-16-locked">' . JText::_('JLIB_RULES_NOT_ALLOWED_LOCKED') . '</span></span>'; } } } else if (!empty($component)) { $html[] = '<span class="icon-16-allowed"><span class="icon-16-locked">' . JText::_('JLIB_RULES_ALLOWED_ADMIN') . '</span></span>'; } else { // Special handling for groups that have global admin because they can't be denied. // The admin rights can be changed. if ($action->name === 'core.admin') { $html[] = '<span class="icon-16-allowed">' . JText::_('JLIB_RULES_ALLOWED') . '</span>'; } elseif ($inheritedRule === false) { // Other actions cannot be changed. $html[] = '<span class="icon-16-denied"><span class="icon-16-locked">' . JText::_('JLIB_RULES_NOT_ALLOWED_ADMIN_CONFLICT') . '</span></span>'; } else { $html[] = '<span class="icon-16-allowed"><span class="icon-16-locked">' . JText::_('JLIB_RULES_ALLOWED_ADMIN') . '</span></span>'; } } $html[] = '</td>'; } $html[] = '</tr>'; } $html[] = '</tbody>'; $html[] = '</table></div>'; $html[] = '</div></div>'; $html[] = '</li>'; } $html[] = str_repeat('</ul></li>', $curLevel); $html[] = '</ul><div class="rule-notes">'; if ($section == 'component' || $section == null) { $html[] = JText::_('JLIB_RULES_SETTING_NOTES'); } else { $html[] = JText::_('JLIB_RULES_SETTING_NOTES_ITEM'); } $html[] = '</div></div>'; $js = "window.addEvent('domready', function(){ new Fx.Accordion($$('div#permissions-sliders.pane-sliders .panel h3.pane-toggler'), $$('div#permissions-sliders.pane-sliders .panel div.pane-slider'), {onActive: function(toggler, i) {toggler.addClass('pane-toggler-down');toggler.removeClass('pane-toggler');i.addClass('pane-down');i.removeClass('pane-hide');Cookie.write('jpanesliders_permissions-sliders" . $component . "',$$('div#permissions-sliders.pane-sliders .panel h3').indexOf(toggler));},onBackground: function(toggler, i) {toggler.addClass('pane-toggler');toggler.removeClass('pane-toggler-down');i.addClass('pane-hide');i.removeClass('pane-down');},duration: 300,display: " . JRequest::getInt('jpanesliders_permissions-sliders' . $component, 0, 'cookie') . ",show: " . JRequest::getInt('jpanesliders_permissions-sliders' . $component, 0, 'cookie') . ", alwaysHide:true, opacity: false}); });"; JFactory::getDocument()->addScriptDeclaration($js); return implode("\n", $html); }
protected function getCalculated($action, $rule, $calc) { $html = ''; if (JAccess::checkGroup($this->item->id, 'core.admin') !== true) { if ($calc === null) { $html = '<span class="icon-16-unset">' . JText::_('JLIB_RULES_NOT_ALLOWED') . '</span>'; } elseif ($calc === true) { $html = '<span class="icon-16-allowed">' . JText::_('JLIB_RULES_ALLOWED') . '</span>'; } elseif ($calc === false) { if ($rule === false) { $html = '<span class="icon-16-denied">' . JText::_('JLIB_RULES_NOT_ALLOWED') . '</span>'; } else { $html = '<span class="icon-16-denied"><span class="icon-16-locked">' . JText::_('JLIB_RULES_NOT_ALLOWED_LOCKED') . '</span></span>'; } } } elseif (!empty($this->component)) { $html = '<span class="icon-16-allowed"><span class="icon-16-locked">' . JText::_('JLIB_RULES_ALLOWED_ADMIN') . '</span></span>'; } else { // Special handling for groups that have global admin because they can't be denied. // The admin rights can be changed. if ($action->name === 'core.admin') { $html = '<span class="icon-16-allowed">' . JText::_('JLIB_RULES_ALLOWED') . '</span>'; } elseif ($calc === false) { // Other actions cannot be changed. $html = '<span class="icon-16-denied"><span class="icon-16-locked">' . JText::_('JLIB_RULES_NOT_ALLOWED_ADMIN_CONFLICT') . '</span></span>'; } else { $html = '<span class="icon-16-allowed"><span class="icon-16-locked">' . JText::_('JLIB_RULES_ALLOWED_ADMIN') . '</span></span>'; } } return $html; }
/** * Perform batch operations * * @param integer $group_id The group ID which assignments are being edited * @param array $user_ids An array of user IDs on which to operate * @param string $action The action to perform * * @return boolean True on success, false on failure * * @since 1.6 */ public function batchUser($group_id, $user_ids, $action) { // Get the DB object $db = $this->getDbo(); JArrayHelper::toInteger($user_ids); // Non-super admin cannot work with super-admin group if (!JFactory::getUser()->get('isRoot') && JAccess::checkGroup($group_id, 'core.admin') || $group_id < 1) { $this->setError(JText::_('COM_USERS_ERROR_INVALID_GROUP')); return false; } switch ($action) { // Sets users to a selected group case 'set': $doDelete = 'all'; $doAssign = true; break; // Remove users from a selected group // Remove users from a selected group case 'del': $doDelete = 'group'; break; // Add users to a selected group // Add users to a selected group case 'add': default: $doAssign = true; break; } // Remove the users from the group if requested. if (isset($doDelete)) { $query = $db->getQuery(true); // Remove users from the group $query->delete($db->quoteName('#__user_usergroup_map'))->where($db->quoteName('user_id') . ' IN (' . implode(',', $user_ids) . ')'); // Only remove users from selected group if ($doDelete == 'group') { $query->where($db->quoteName('group_id') . ' = ' . (int) $group_id); } $db->setQuery($query); try { $db->execute(); } catch (RuntimeException $e) { $this->setError($e->getMessage()); return false; } } // Assign the users to the group if requested. if (isset($doAssign)) { $query = $db->getQuery(true); // First, we need to check if the user is already assigned to a group $query->select($db->quoteName('user_id'))->from($db->quoteName('#__user_usergroup_map'))->where($db->quoteName('group_id') . ' = ' . (int) $group_id); $db->setQuery($query); $users = $db->loadColumn(); // Build the values clause for the assignment query. $query->clear(); $groups = false; foreach ($user_ids as $id) { if (!in_array($id, $users)) { $query->values($id . ',' . $group_id); $groups = true; } } // If we have no users to process, throw an error to notify the user if (!$groups) { $this->setError(JText::_('COM_USERS_ERROR_NO_ADDITIONS')); return false; } $query->insert($db->quoteName('#__user_usergroup_map'))->columns(array($db->quoteName('user_id'), $db->quoteName('group_id'))); $db->setQuery($query); try { $db->execute(); } catch (RuntimeException $e) { $this->setError($e->getMessage()); return false; } } return true; }
/** * Returns a UL list of user groups with check boxes * * @param string $name The name of the checkbox controls array * @param array $selected An array of the checked boxes * * @return string */ public static function usergroups($name, $selected, $checkSuperAdmin = false) { static $count; $count++; $isSuperAdmin = JFactory::getUser()->authorise('core.admin'); $db = JFactory::getDbo(); $db->setQuery('SELECT a.*, COUNT(DISTINCT b.id) AS level' . ' FROM #__usergroups AS a' . ' LEFT JOIN #__usergroups AS b ON a.lft > b.lft AND a.rgt < b.rgt' . ' GROUP BY a.id' . ' ORDER BY a.lft ASC'); $groups = $db->loadObjectList(); // Check for a database error. if ($db->getErrorNum()) { JError::raiseNotice(500, $db->getErrorMsg()); return null; } $html = array(); $html[] = '<ul class="checklist usergroups">'; for ($i = 0, $n = count($groups); $i < $n; $i++) { $item =& $groups[$i]; // If checkSuperAdmin is true, only add item if the user is superadmin or the group is not super admin if (!$checkSuperAdmin || $isSuperAdmin || !JAccess::checkGroup($item->id, 'core.admin')) { // Setup the variable attributes. $eid = $count . 'group_' . $item->id; // Don't call in_array unless something is selected $checked = ''; if ($selected) { $checked = in_array($item->id, $selected) ? ' checked="checked"' : ''; } $rel = $item->parent_id > 0 ? ' rel="' . $count . 'group_' . $item->parent_id . '"' : ''; // Build the HTML for the item. $html[] = ' <li>'; $html[] = ' <input type="checkbox" name="' . $name . '[]" value="' . $item->id . '" id="' . $eid . '"'; $html[] = ' ' . $checked . $rel . ' />'; $html[] = ' <label for="' . $eid . '">'; $html[] = ' ' . str_repeat('<span class="gi">|—</span>', $item->level) . $item->title; $html[] = ' </label>'; $html[] = ' </li>'; } } $html[] = '</ul>'; return implode("\n", $html); }
/** * Method to delete rows. * * @param array &$pks An array of item ids. * * @return boolean Returns true on success, false on failure. * * @since 1.6 * @throws Exception */ public function delete(&$pks) { // Typecast variable. $pks = (array) $pks; $user = JFactory::getUser(); $groups = JAccess::getGroupsByUser($user->get('id')); // Get a row instance. $table = $this->getTable(); // Load plugins. JPluginHelper::importPlugin($this->events_map['delete']); // Check if I am a Super Admin $iAmSuperAdmin = $user->authorise('core.admin'); // Do not allow to delete groups to which the current user belongs foreach ($pks as $pk) { if (in_array($pk, $groups)) { JError::raiseWarning(403, JText::_('COM_USERS_DELETE_ERROR_INVALID_GROUP')); return false; } } // Iterate the items to delete each one. foreach ($pks as $i => $pk) { if ($table->load($pk)) { // Access checks. $allow = $user->authorise('core.edit.state', 'com_users'); // Don't allow non-super-admin to delete a super admin $allow = !$iAmSuperAdmin && JAccess::checkGroup($pk, 'core.admin') ? false : $allow; if ($allow) { // Fire the before delete event. JFactory::getApplication()->triggerEvent($this->event_before_delete, array($table->getProperties())); if (!$table->delete($pk)) { $this->setError($table->getError()); return false; } else { // Trigger the after delete event. JFactory::getApplication()->triggerEvent($this->event_after_delete, array($table->getProperties(), true, $this->getError())); } } else { // Prune items that you can't change. unset($pks[$i]); JError::raiseWarning(403, JText::_('JERROR_CORE_DELETE_NOT_PERMITTED')); } } else { $this->setError($table->getError()); return false; } } return true; }
public function save($data) { // Initialise variables; $pk = (!empty($data['id'])) ? $data['id'] : (int) $this->getState('user.id'); $user = JUser::getInstance($pk); $my = JFactory::getUser(); if ($data['block'] && $pk == $my->id && !$my->block) { $this->setError(JText::_('COM_USERS_USERS_ERROR_CANNOT_BLOCK_SELF')); return false; } // Make sure that we are not removing ourself from Super Admin group $iAmSuperAdmin = $my->authorise('core.admin'); if ($iAmSuperAdmin && $my->get('id') == $pk) { // Check that at least one of our new groups is Super Admin $stillSuperAdmin = false; $myNewGroups = $data['groups']; foreach ($myNewGroups as $group) { $stillSuperAdmin = ($stillSuperAdmin) ? ($stillSuperAdmin) : JAccess::checkGroup($group, 'core.admin'); } if (!$stillSuperAdmin) { $this->setError(JText::_('COM_USERS_USERS_ERROR_CANNOT_DEMOTE_SELF')); return false; } } // Bind the data. if (!$user->bind($data)) { $this->setError($user->getError()); return false; } // Store the data. if (!$user->save()) { $this->setError($user->getError()); return false; } $this->setState('user.id', $user->id); return true; }
/** * Creates initial component actions based on global config and on some ... logic * * @return array * @since 11.1 */ protected function _createComponentRules($component) { $groups = $this->_getUserGroups(); // Get flexicontent ACTION names, and initialize flexicontent rules to empty * $flexi_actions = JAccess::getActions($component, 'component'); $flexi_rules = array(); foreach ($flexi_actions as $action) { $flexi_rules[$action->name] = array(); // * WE NEED THIS (even if it remains empty), because we will compare COMPONENT actions in DB when checking initial permissions $flexi_action_names[] = $action->name; // Create an array of all COMPONENT actions names } // Get Joomla ACTION names $root = JTable::getInstance('asset'); $root->loadByName('root.1'); $joomla_rules = new JAccessRules($root->rules); foreach ($joomla_rules->getData() as $action_name => $data) { $joomla_action_names[] = $action_name; } //echo "<pre>"; print_r($rules->getData()); echo "</pre>"; // Decide the actions to grant (give) to each user group foreach ($groups as $group) { // STEP 1: we will -grant- all NON-STANDARD component ACTIONS to any user group, that has 'core.manage' ACTION in the Global Configuration // NOTE (a): if some user group has the --Super Admin-- Global Configuration ACTION (aka 'core.admin' for asset root.1), then it also has 'core.manage' // NOTE (b): The STANDARD Joomla ACTIONs will not be set thus they will default to value -INHERIT- (=value "") if (JAccess::checkGroup($group->id, 'core.manage')) { //$flexi_rules['core.manage'][$group->id] = 1; foreach ($flexi_action_names as $action_name) { //if ($action_name == 'core.admin') continue; // component CONFIGURE action, skip it, this will can only be granted by STEP 2 if (in_array($action_name, $joomla_action_names)) { continue; } // Skip Joomla STANDARD rules allowing them to inherit $flexi_rules[$action_name][$group->id] = 1; } } // STEP 2: we will set ACTIONS already granted in GLOBAL CONFIGURATION (this include the COMPONENT CONFIGURE 'core.admin' action) // NOTE: that actions that do not exist in global configuration, will not be set here, so they will default to the the setting received by STEP 1 // NOTE: this was commented out and thus heritage will be used instead for existing Global ACTIONS /*foreach($flexi_action_names as $action_name) { if (JAccess::checkGroup($group->id, $action_name)) { $flexi_rules[$action_name][$group->id] = 1; } }*/ // STEP 3: Handle some special case of custom-added ACTIONs // e.g. Grant --OWNED-- actions if they have the corresponding --GENERAL-- actions if (!empty($flexi_rules['core.delete'][$group->id])) { if (in_array('core.delete.own', $flexi_action_names)) { $flexi_rules['core.delete.own'][$group->id] = 1; } //CanDeleteOwn } if (!empty($flexi_rules['core.edit.state'][$group->id])) { if (in_array('core.edit.state.own', $flexi_action_names)) { $flexi_rules['core.edit.state.own'][$group->id] = 1; } //CanPublishOwn } // Give these regardless of edit privelege, since if the do not have edit then they cannot access item form and save task anyway //if( !empty($flexi_rules['core.edit'][$group->id]) || !empty($flexi_rules['core.edit.own'][$group->id])) { if (1) { if (in_array('flexicontent.change.cat', $flexi_action_names)) { $flexi_rules['flexicontent.change.cat'][$group->id] = 1; } // CanChangeCat if (in_array('flexicontent.change.cat.sec', $flexi_action_names)) { $flexi_rules['flexicontent.change.cat.sec'][$group->id] = 1; } // CanChangeSecCat if (in_array('flexicontent.change.cat.feat', $flexi_action_names)) { $flexi_rules['flexicontent.change.cat.feat'][$group->id] = 1; } // CanChangeFeatCat if (in_array('flexicontent.uploadfiles', $flexi_action_names)) { $flexi_rules['flexicontent.uploadfiles'][$group->id] = 1; } // CanUploadFiles } // By default give to everybody the edit field values privelege if (in_array('flexicontent.editfieldvalues', $flexi_action_names)) { $flexi_rules['flexicontent.editfieldvalues'][$group->id] = 1; } //CanEditFieldValues } // return rules, a NOTE: MAYBE in future we create better initial permissions by checking allow/deny/inherit values instead of just HAS ACTION ... return $flexi_rules; }
function getSAUsersIds() { $db = DBHelper::db(); $query = 'SELECT a.`id`, a.`title`'; $query .= ' FROM `#__usergroups` AS a'; $query .= ' LEFT JOIN `#__usergroups` AS b ON a.lft > b.lft AND a.rgt < b.rgt'; $query .= ' GROUP BY a.id'; $query .= ' ORDER BY a.lft ASC'; $db->setQuery($query); $result = $db->loadObjectList(); $saGroup = array(); foreach ($result as $group) { if (JAccess::checkGroup($group->id, 'core.admin')) { $saGroup[] = $group; } } //now we got all the SA groups. Time to get the users $saUsers = array(); if (count($saGroup) > 0) { foreach ($saGroup as $sag) { $userArr = JAccess::getUsersByGroup($sag->id); if (count($userArr) > 0) { foreach ($userArr as $user) { $saUsers[] = $user; } } } } return $saUsers; }
/** * Method to save the JUser object to the database * * @param boolean $updateOnly Save the object only if not a new user * Currently only used in the user reset password method. * * @return boolean True on success * * @since 11.1 * @throws exception */ public function save($updateOnly = false) { // Create the user table object $table = $this->getTable(); $this->params = (string) $this->_params; $table->bind($this->getProperties()); // Allow an exception to be thrown. try { // Check and store the object. if (!$table->check()) { $this->setError($table->getError()); return false; } // If user is made a Super Admin group and user is NOT a Super Admin // // @todo ACL - this needs to be acl checked // $my = JFactory::getUser(); //are we creating a new user $isNew = empty($this->id); // If we aren't allowed to create new users return if ($isNew && $updateOnly) { return true; } // Get the old user $oldUser = new JUser($this->id); // // Access Checks // // The only mandatory check is that only Super Admins can operate on other Super Admin accounts. // To add additional business rules, use a user plugin and throw an Exception with onUserBeforeSave. // Check if I am a Super Admin $iAmSuperAdmin = $my->authorise('core.admin'); $iAmRehashingSuperadmin = false; if ($my->id == 0 && !$isNew && $this->id == $oldUser->id && $oldUser->authorise('core.admin') && $oldUser->password != $this->password) { $iAmRehashingSuperadmin = true; } // We are only worried about edits to this account if I am not a Super Admin. if ($iAmSuperAdmin != true && $iAmRehashingSuperadmin != true) { if ($isNew) { // Check if the new user is being put into a Super Admin group. foreach ($this->groups as $groupId) { if (JAccess::checkGroup($groupId, 'core.admin')) { throw new Exception(JText::_('JLIB_USER_ERROR_NOT_SUPERADMIN')); } } } else { // I am not a Super Admin, and this one is, so fail. if (JAccess::check($this->id, 'core.admin')) { throw new Exception(JText::_('JLIB_USER_ERROR_NOT_SUPERADMIN')); } if ($this->groups != null) { // I am not a Super Admin and I'm trying to make one. foreach ($this->groups as $groupId) { if (JAccess::checkGroup($groupId, 'core.admin')) { throw new Exception(JText::_('JLIB_USER_ERROR_NOT_SUPERADMIN')); } } } } } // Fire the onUserBeforeSave event. JPluginHelper::importPlugin('user'); $dispatcher = JDispatcher::getInstance(); $result = $dispatcher->trigger('onUserBeforeSave', array($oldUser->getProperties(), $isNew, $this->getProperties())); if (in_array(false, $result, true)) { // Plugin will have to raise its own error or throw an exception. return false; } // Store the user data in the database if (!($result = $table->store())) { throw new Exception($table->getError()); } // Set the id for the JUser object in case we created a new user. if (empty($this->id)) { $this->id = $table->get('id'); } if ($my->id == $table->id) { $registry = new JRegistry(); $registry->loadString($table->params); $my->setParameters($registry); } // Fire the onUserAfterSave event $dispatcher->trigger('onUserAfterSave', array($this->getProperties(), $isNew, $result, $this->getError())); } catch (Exception $e) { $this->setError($e->getMessage()); return false; } return $result; }
/** * Method to get the field input markup for Access Control Lists. * Optionally can be associated with a specific component and section. * * TODO: Add access check. * * @return string The field input markup. * * @since 11.1 */ protected function getInput() { JHtml::_('behavior.tooltip'); // Initialise some field attributes. $section = $this->element['section'] ? (string) $this->element['section'] : ''; $component = $this->element['component'] ? (string) $this->element['component'] : ''; $assetField = $this->element['asset_field'] ? (string) $this->element['asset_field'] : 'asset_id'; // Get the actions for the asset. $actions = JAccess::getActions($component, $section); // Iterate over the children and add to the actions. foreach ($this->element->children() as $el) { if ($el->getName() == 'action') { $actions[] = (object) array('name' => (string) $el['name'], 'title' => (string) $el['title'], 'description' => (string) $el['description']); } } // Get the explicit rules for this asset. if ($section == 'component') { // Need to find the asset id by the name of the component. $db = JFactory::getDbo(); $query = $db->getQuery(true)->select($db->quoteName('id'))->from($db->quoteName('#__assets'))->where($db->quoteName('name') . ' = ' . $db->quote($component)); $db->setQuery($query); $assetId = (int) $db->loadResult(); } else { // Find the asset id of the content. // Note that for global configuration, com_config injects asset_id = 1 into the form. $assetId = $this->form->getValue($assetField); } // Use the compact form for the content rules (deprecated). /* @todo remove code: if (!empty($component) && $section != 'component') { return JHtml::_('rules.assetFormWidget', $actions, $assetId, $assetId ? null : $component, $this->name, $this->id); } */ // Full width format. // Get the rules for just this asset (non-recursive). $assetRules = JAccess::getAssetRules($assetId); // Get the available user groups. $groups = $this->getUserGroups(); // Build the form control. $curLevel = 0; // Prepare output $html = array(); // Description $html[] = '<p class="rule-desc">' . JText::_('JLIB_RULES_SETTINGS_DESC') . '</p>'; // Begin tabs $html[] = '<div id="permissions-sliders" class="tabbable tabs-left">'; // Building tab nav $html[] = '<ul class="nav nav-tabs">'; foreach ($groups as $group) { // Initial Active Tab $active = ""; if ($group->value == 1) { $active = "active"; } $html[] = '<li class="' . $active . '">'; $html[] = '<a href="#permission-' . $group->value . '" data-toggle="tab">'; $html[] = str_repeat('<span class="level">– ', $curLevel = $group->level) . $group->text; $html[] = '</a>'; $html[] = '</li>'; } $html[] = '</ul>'; $html[] = '<div class="tab-content">'; // Start a row for each user group. foreach ($groups as $group) { // Initial Active Pane $active = ""; if ($group->value == 1) { $active = " active"; } $difLevel = $group->level - $curLevel; $html[] = '<div class="tab-pane' . $active . '" id="permission-' . $group->value . '">'; $html[] = '<table class="table table-striped">'; $html[] = '<thead>'; $html[] = '<tr>'; $html[] = '<th class="actions" id="actions-th' . $group->value . '">'; $html[] = '<span class="acl-action">' . JText::_('JLIB_RULES_ACTION') . '</span>'; $html[] = '</th>'; $html[] = '<th class="settings" id="settings-th' . $group->value . '">'; $html[] = '<span class="acl-action">' . JText::_('JLIB_RULES_SELECT_SETTING') . '</span>'; $html[] = '</th>'; // The calculated setting is not shown for the root group of global configuration. $canCalculateSettings = $group->parent_id || !empty($component); if ($canCalculateSettings) { $html[] = '<th id="aclactionth' . $group->value . '">'; $html[] = '<span class="acl-action">' . JText::_('JLIB_RULES_CALCULATED_SETTING') . '</span>'; $html[] = '</th>'; } $html[] = '</tr>'; $html[] = '</thead>'; $html[] = '<tbody>'; foreach ($actions as $action) { $html[] = '<tr>'; $html[] = '<td headers="actions-th' . $group->value . '">'; $html[] = '<label class="tip" for="' . $this->id . '_' . $action->name . '_' . $group->value . '" title="' . htmlspecialchars(JText::_($action->title) . ' ' . JText::_($action->description), ENT_COMPAT, 'UTF-8') . '">'; $html[] = JText::_($action->title); $html[] = '</label>'; $html[] = '</td>'; $html[] = '<td headers="settings-th' . $group->value . '">'; $html[] = '<select class="input-small" name="' . $this->name . '[' . $action->name . '][' . $group->value . ']" id="' . $this->id . '_' . $action->name . '_' . $group->value . '" title="' . JText::sprintf('JLIB_RULES_SELECT_ALLOW_DENY_GROUP', JText::_($action->title), trim($group->text)) . '">'; $inheritedRule = JAccess::checkGroup($group->value, $action->name, $assetId); // Get the actual setting for the action for this group. $assetRule = $assetRules->allow($action->name, $group->value); // Build the dropdowns for the permissions sliders // The parent group has "Not Set", all children can rightly "Inherit" from that. $html[] = '<option value=""' . ($assetRule === null ? ' selected="selected"' : '') . '>' . JText::_(empty($group->parent_id) && empty($component) ? 'JLIB_RULES_NOT_SET' : 'JLIB_RULES_INHERITED') . '</option>'; $html[] = '<option value="1"' . ($assetRule === true ? ' selected="selected"' : '') . '>' . JText::_('JLIB_RULES_ALLOWED') . '</option>'; $html[] = '<option value="0"' . ($assetRule === false ? ' selected="selected"' : '') . '>' . JText::_('JLIB_RULES_DENIED') . '</option>'; $html[] = '</select>  '; // If this asset's rule is allowed, but the inherited rule is deny, we have a conflict. if ($assetRule === true && $inheritedRule === false) { $html[] = JText::_('JLIB_RULES_CONFLICT'); } $html[] = '</td>'; // Build the Calculated Settings column. // The inherited settings column is not displayed for the root group in global configuration. if ($canCalculateSettings) { $html[] = '<td headers="aclactionth' . $group->value . '">'; // This is where we show the current effective settings considering currrent group, path and cascade. // Check whether this is a component or global. Change the text slightly. if (JAccess::checkGroup($group->value, 'core.admin', $assetId) !== true) { if ($inheritedRule === null) { $html[] = '<span class="label label-important">' . JText::_('JLIB_RULES_NOT_ALLOWED') . '</span>'; } elseif ($inheritedRule === true) { $html[] = '<span class="label label-success">' . JText::_('JLIB_RULES_ALLOWED') . '</span>'; } elseif ($inheritedRule === false) { if ($assetRule === false) { $html[] = '<span class="label label-important">' . JText::_('JLIB_RULES_NOT_ALLOWED') . '</span>'; } else { $html[] = '<span class="label"><i class="icon-lock icon-white"></i> ' . JText::_('JLIB_RULES_NOT_ALLOWED_LOCKED') . '</span>'; } } } elseif (!empty($component)) { $html[] = '<span class="label label-success"><i class="icon-lock icon-white"></i> ' . JText::_('JLIB_RULES_ALLOWED_ADMIN') . '</span>'; } else { // Special handling for groups that have global admin because they can't be denied. // The admin rights can be changed. if ($action->name === 'core.admin') { $html[] = '<span class="label label-success">' . JText::_('JLIB_RULES_ALLOWED') . '</span>'; } elseif ($inheritedRule === false) { // Other actions cannot be changed. $html[] = '<span class="label label-important"><i class="icon-lock icon-white"></i> ' . JText::_('JLIB_RULES_NOT_ALLOWED_ADMIN_CONFLICT') . '</span>'; } else { $html[] = '<span class="label label-success"><i class="icon-lock icon-white"></i> ' . JText::_('JLIB_RULES_ALLOWED_ADMIN') . '</span>'; } } $html[] = '</td>'; } $html[] = '</tr>'; } $html[] = '</tbody>'; $html[] = '</table></div>'; } $html[] = '</div></div>'; $html[] = '<div class="alert">'; if ($section == 'component' || $section == null) { $html[] = JText::_('JLIB_RULES_SETTING_NOTES'); } else { $html[] = JText::_('JLIB_RULES_SETTING_NOTES_ITEM'); } $html[] = '</div>'; return implode("\n", $html); }
function getUserGroups($area) { $db = JFactory::getDBO(); if (WF_JOOMLA15) { $front = array('19', '20', '21'); $back = array('23', '24', '25'); } else { jimport('joomla.access.access'); $query = 'SELECT id FROM #__usergroups'; $db->setQuery($query); $groups = $db->loadResultArray(); $front = array(); $back = array(); foreach ($groups as $group) { $create = JAccess::checkGroup($group, 'core.create'); $admin = JAccess::checkGroup($group, 'core.login.admin'); $super = JAccess::checkGroup($group, 'core.admin'); if ($super) { $back[] = $group; } else { // group can create if ($create) { // group has admin access if ($admin) { $back[] = $group; } else { $front[] = $group; } } } } } switch ($area) { case 0: return array_merge($front, $back); break; case 1: return $front; break; case 2: return $back; break; } return array(); }
/** * Returns a UL list of user groups with check boxes * * @param string $name The name of the checkbox controls array * @param array $selected An array of the checked boxes * @param boolean $checkSuperAdmin If false only super admins can add to super admin groups * * @return string * * @since 1.6 */ public static function usergroups($name, $selected, $checkSuperAdmin = false) { static $count; $count++; $isSuperAdmin = JFactory::getUser()->authorise('core.admin'); $db = JFactory::getDbo(); $query = $db->getQuery(true)->select('a.*, COUNT(DISTINCT b.id) AS level')->from($db->quoteName('#__users_groups') . ' AS a')->join('LEFT', $db->quoteName('#__users_groups') . ' AS b ON a.lft > b.lft AND a.rgt < b.rgt')->group('a.id, a.title, a.lft, a.rgt, a.parent_id')->order('a.lft ASC'); $db->setQuery($query); $groups = $db->loadObjectList(); $html = array(); for ($i = 0, $n = count($groups); $i < $n; $i++) { $item =& $groups[$i]; // If checkSuperAdmin is true, only add item if the user is superadmin or the group is not super admin if (!$checkSuperAdmin || $isSuperAdmin || !JAccess::checkGroup($item->id, 'core.admin')) { // Setup the variable attributes. $eid = $count . 'group_' . $item->id; // Don't call in_array unless something is selected $checked = ''; if ($selected) { $checked = in_array($item->id, $selected) ? ' checked="checked"' : ''; } $rel = $item->parent_id > 0 ? ' rel="' . $count . 'group_' . $item->parent_id . '"' : ''; // Build the HTML for the item. $html[] = ' <div class="control-group">'; $html[] = ' <div class="controls">'; $html[] = ' <label class="checkbox" for="' . $eid . '">'; $html[] = ' <input type="checkbox" name="' . $name . '[]" value="' . $item->id . '" id="' . $eid . '"'; $html[] = ' ' . $checked . $rel . ' />'; $html[] = ' ' . str_repeat('<span class="gi">|—</span>', $item->level) . $item->title; $html[] = ' </label>'; $html[] = ' </div>'; $html[] = ' </div>'; } } return implode("\n", $html); }
public function getUserGroups($area) { $db = JFactory::getDBO(); if (defined('JPATH_PLATFORM')) { jimport('joomla.access.access'); $query = $db->getQuery(true); if (is_object($query)) { $query->select('id')->from('#__usergroups'); } else { $query = 'SELECT id FROM #__usergroups'; } $db->setQuery($query); if (method_exists($db, 'loadColumn')) { $groups = $db->loadColumn(); } else { $groups = $db->loadResultArray(); } $front = array(); $back = array(); foreach ($groups as $group) { $create = JAccess::checkGroup($group, 'core.create'); $admin = JAccess::checkGroup($group, 'core.login.admin'); $super = JAccess::checkGroup($group, 'core.admin'); if ($super) { $back[] = $group; } else { // group can create if ($create) { // group has admin access if ($admin) { $back[] = $group; } else { $front[] = $group; } } } } } else { $front = array('19', '20', '21'); $back = array('23', '24', '25'); } switch ($area) { case 0: return array_merge($front, $back); break; case 1: return $front; break; case 2: return $back; break; } return array(); }