/** * Method to save the configuration data. * * @param array $data An array containing all global config data. * * @return boolean True on success, false on failure. * * @since 1.6 */ public function save($data) { $app = JFactory::getApplication(); // Save the rules if (isset($data['rules'])) { $rules = new JAccessRules($data['rules']); // Check that we aren't removing our Super User permission // Need to get groups from database, since they might have changed $myGroups = JAccess::getGroupsByUser(JFactory::getUser()->get('id')); $myRules = $rules->getData(); $hasSuperAdmin = $myRules['core.admin']->allow($myGroups); if (!$hasSuperAdmin) { $app->enqueueMessage(JText::_('COM_CONFIG_ERROR_REMOVING_SUPER_ADMIN'), 'error'); return false; } $asset = JTable::getInstance('asset'); if ($asset->loadByName('root.1')) { $asset->rules = (string) $rules; if (!$asset->check() || !$asset->store()) { $app->enqueueMessage(JText::_('SOME_ERROR_CODE'), 'error'); return; } } else { $app->enqueueMessage(JText::_('COM_CONFIG_ERROR_ROOT_ASSET_NOT_FOUND'), 'error'); return false; } } // Clear cache of com_config component. $this->cleanCache('_system', 0); $this->cleanCache('_system', 1); }
public function loadAllowedCategories($user, &$categories) { $user = JFactory::getUser($user); $accesslevels = (array) $user->authorisedLevels(); $groups_r = JAccess::getGroupsByUser($user->id, true); $groups = JAccess::getGroupsByUser($user->id, false); $catlist = array(); foreach ( $categories as $category ) { // Check if user is a moderator if (self::isModerator($user->id, $category->id)) { $catlist[$category->id] = $category->id; } // Check against Joomla access level elseif ($category->accesstype == 'joomla') { if ( in_array($category->access, $accesslevels) ) { $catlist[$category->id] = $category->id; } } // Check against Joomla user group elseif ($category->accesstype == 'none') { $pub_access = (($category->pub_recurse && in_array($category->pub_access, $groups_r)) || in_array($category->pub_access, $groups)); $admin_access = (($category->admin_recurse && in_array($category->admin_access, $groups_r)) || in_array($category->admin_access, $groups)); if (($category->pub_access == 0) || ($category->pub_access == - 1 && $user->id > 0) || ( $pub_access ) || ( $admin_access )) { $catlist[$category->id] = $category->id; } } } return $catlist; }
function isAllowed($allowedGroups, $groups = null) { if ($allowedGroups == 'all') { return true; } if ($allowedGroups == 'none') { return false; } $my = JFactory::getUser(); if (empty($groups) and empty($my->id)) { return false; } if (empty($groups)) { if (version_compare(JVERSION, '1.6.0', '<')) { $groups = $my->gid; } else { $groups = JAccess::getGroupsByUser($my->id); } } if (!is_array($allowedGroups)) { $allowedGroups = explode(',', trim($allowedGroups, ',')); } if (is_array($groups)) { $inter = array_intersect($groups, $allowedGroups); if (empty($inter)) { return false; } return true; } else { return in_array($groups, $allowedGroups); } }
function loadAllowedCategories($user) { $user = JFactory::getUser($user); $accesslevels = (array) $user->authorisedLevels(); $groups_r = (array) JAccess::getGroupsByUser($user->id, true); $groups = (array) JAccess::getGroupsByUser($user->id, false); $categories = KunenaCategory::loadCategories(); $catlist = array(); foreach ($categories as $category) { // Check if user is a moderator if (self::isModerator($user->id, $category->id)) { $catlist[$category->id] = $category->id; } elseif ($category->accesstype == 'joomla.level') { if (in_array($category->access, $accesslevels)) { $catlist[$category->id] = $category->id; } } elseif ($category->accesstype == 'none') { $pub_access = in_array($category->pub_access, $category->pub_recurse ? $groups_r : $groups); $admin_access = in_array($category->admin_access, $category->admin_recurse ? $groups_r : $groups); if ($pub_access || $admin_access) { $catlist[$category->id] = $category->id; } } } return $catlist; }
/** * Check if a user can administer the community */ public static function isCommunityAdmin($userid = null) { static $resultArr; if (isset($resultArr[$userid])) { return $resultArr[$userid]; } //for Joomla 1.6 afterward checking $jUser = CFactory::getUser($userid); if ($jUser instanceof CUser && method_exists($jUser, 'authorise')) { // group 6 = manager, 7 = administrator if ($jUser->authorise('core.admin') || in_array('7', JAccess::getGroupsByUser($userid))) { $resultArr[$userid] = true; return true; } else { $resultArr[$userid] = false; return false; } } //for joomla 1.5 $my = CFactory::getUser($userid); $cacl = CACL::getInstance(); $usergroup = $cacl->getGroupsByUserId($my->id); $admingroups = array(0 => 'Super Administrator', 1 => 'Administrator', 2 => 'Manager', 3 => 'Super Users'); return in_array($usergroup, $admingroups); //return ( $my->usertype == 'Super Administrator' || $my->usertype == 'Administrator' || $my->usertype == 'Manager' ); }
public function display($tpl = null) { $this->doc = JFactory::getDocument(); $this->app = JFactory::getApplication(); $this->user = JFactory::getUser(); $this->params = $this->app->getParams(); $this->menu = $this->app->getMenu()->getActive(); // Params $this->showDate = $this->app->input->get('showDate', $this->params->get('showDate', 1)); $this->showIcon = $this->app->input->get('showIcon', $this->params->get('showIcon', 1)); $this->showDesc = $this->app->input->get('showDesc', $this->params->get('showDesc', 1)); $this->showAuth = $this->app->input->get('showAuth', $this->params->get('showAuth', 0)); $this->showLicence = $this->app->input->get('showLicence', $this->params->get('showLicence', 0)); $this->showSize = $this->app->input->get('showSize', $this->params->get('showSize', 1)); $this->showMD5 = $this->app->input->get('showMD5', $this->params->get('showMD5', 0)); $this->showNew = $this->app->input->get('showNew', $this->params->get('showNew', 1)); $this->newfiledays = $this->params->get('newfiledays', 7); $this->show_page_heading = $this->app->input->get('show_page_heading', 1); $this->subview = $this->app->input->get('subview', 'list'); $this->defIcon = $this->params->get('defaulticon', "./media/com_simplefilemanager/images/document.png"); $this->linkOnEntryTitle = $this->params->get('linkOnTitle', 1); $this->enableOrderingSelect = $this->app->input->get('sortFieldSelection', 1); // Permissions $this->canCreate = $this->user->authorise('core.create', 'com_simplefilemanager'); $this->canEdit = $this->user->authorise('core.edit', 'com_simplefilemanager'); $this->canCheckin = $this->user->authorise('core.manage', 'com_simplefilemanager'); $this->canChange = $this->user->authorise('core.edit.state', 'com_simplefilemanager'); $this->canDelete = $this->user->authorise('core.delete', 'com_simplefilemanager'); // View data $this->state = $this->get('State'); $this->items = $this->get('Items'); $this->pagination = $this->get('Pagination'); $this->params = $this->app->getParams('com_simplefilemanager'); $this->catID = $this->app->input->get('catid', 0); $this->category = JCategories::getInstance('Simplefilemanager')->get($this->catID); $this->sortDirection = $this->state->get('list.direction'); $this->sortColumn = $this->state->get('list.ordering'); $this->sortFields = $this->getSortFields(); // CSS and Libraries $this->doc->addStyleSheet("./media/com_simplefilemanager/css/site.stylesheet.css"); foreach ($this->items as $item) { $item->icon = $item->icon ?: $this->defIcon; $item->canDownload = $item->visibility == 1 || $item->visibility == 3 && $item->reserved_user == $this->user->id || $item->visibility == 2 && $item->user->id || $item->visibility == 5 && $item->author == $this->user->id || $item->visibility == 4 && in_array($item->reserved_group, JAccess::getGroupsByUser($this->user->id)); } if (!$this->catID or !$this->category) { JError::raiseError(500); } // TODO: Check if user can view cateogry else throw a 403 error $this->children = $this->category->getChildren(); // Check for errors. if (count($errors = $this->get('Errors'))) { throw new Exception(implode("\n", $errors)); } $this->_prepareDocument(); parent::display($tpl); echo JText::_("COM_SIMPLEFILEMANAGER_CREDITS"); }
/** * Returns the groups the user is part of * * @return array An array of group id's */ public function getGroups() { $data = $this->getData(); $groups = KObjectConfig::unbox($data->groups); if (empty($groups)) { $this->getSession()->set('user.groups', JAccess::getGroupsByUser($this->getId())); } return parent::getGroups(); }
/** * Check user access * */ public function allowEdit($userid) { // This condition is already available in StreamAccess class // added here to eliminate dependency, in case StreamAccess has the condition removed $groupIds = JAccess::getGroupsByUser($userid); if (in_array(8, $groupIds) || in_array(7, $groupIds)) { return true; } return false; }
/** * Method to get the options to populate list * * @return array The field option objects. * * @since 3.2 */ protected function getOptions() { $showEmpty = $this->element['showempty']; // Hash for caching $hash = md5($this->element); if (!isset(static::$options[$hash])) { static::$options[$hash] = parent::getOptions(); $options = array(); $db = JFactory::getDbo(); $user = JFactory::getUser(); $canDo = ImcHelper::getActions(); $canShowAllIssues = $canDo->get('imc.showall.issues'); if ($canShowAllIssues) { $query = $db->getQuery(true)->select('a.id AS value')->select('a.title AS text')->select('COUNT(DISTINCT b.id) AS level')->from('#__usergroups as a')->where('a.id > 9')->join('LEFT', '#__usergroups AS b ON a.lft > b.lft AND a.rgt < b.rgt')->group('a.id, a.title, a.lft, a.rgt')->order('a.lft ASC'); } else { //get user groups higher than 9 $usergroups = JAccess::getGroupsByUser($user->id, false); for ($i = 0; $i < count($usergroups); $i++) { if ($usergroups[$i] <= 9) { unset($usergroups[$i]); } } $ids = implode(',', $usergroups); //get lft, rgt for these groups $where = array(); $query = $db->getQuery(true)->select('a.id, a.lft, a.rgt')->from('#__usergroups as a')->where('a.id IN (' . $ids . ')'); $db->setQuery($query); if ($grps = $db->loadAssocList()) { foreach ($grps as $grp) { $where[] = '(a.lft >= ' . $grp['lft'] . ' AND a.rgt <= ' . $grp['rgt'] . ')'; $where[] = ' OR '; } array_pop($where); } else { $where[] = "1=1"; } $query = $db->getQuery(true)->select('a.id AS value')->select('a.title AS text')->select('COUNT(DISTINCT b.id) AS level')->from('#__usergroups as a')->where('a.id > 9')->where(implode("\n", $where))->join('LEFT', '#__usergroups AS b ON a.lft > b.lft AND a.rgt < b.rgt')->group('a.id, a.title, a.lft, a.rgt')->order('a.lft ASC'); } $db->setQuery($query); if ($options = $db->loadObjectList()) { if ($showEmpty) { $empty = new stdClass(); $empty->value = '0'; $empty->text = ''; $empty->level = 1; array_unshift($options, $empty); } foreach ($options as &$option) { $option->text = str_repeat('- ', $option->level) . $option->text; } static::$options[$hash] = array_merge(static::$options[$hash], $options); } } return static::$options[$hash]; }
public static function getUserAccessLevel($board_id) { $userData = JFactory::getUser(); $userGroups = JAccess::getGroupsByUser($userData->id); $boardAccessList = comQuipForumHelper::getboardAccessListDB($userGroups); $highestAccessLevel = 0; foreach ((array) $userGroups as $kgroup => $vgroup) { if (@$boardAccessList[$board_id][$vgroup] > $highestAccessLevel) { $highestAccessLevel = $boardAccessList[$board_id][$vgroup]; } } return $highestAccessLevel; }
public function calculate() { $variant = $this->get('variant'); $quantity = $this->get('quantity'); $date = $this->get('date'); $group_id = $this->get('group_id'); $pricing = new JObject(); //set the base price $pricing->base_price = $variant->price; $pricing->price = $variant->price; $pricing->calculator = 'standard'; //see if we have advanced pricing for this product / variant $model = F0FModel::getTmpInstance('ProductPrices', 'J2StoreModel'); J2Store::plugin()->event('BeforeGetPrice', array(&$pricing, &$model)); $model->setState('variant_id', $variant->j2store_variant_id); //where quantity_from < $quantity $model->setState('filter_quantity', $quantity); $tz = JFactory::getConfig()->get('offset'); // does date even matter? $nullDate = JFactory::getDBO()->getNullDate(); if (empty($date) || $date == $nullDate) { $date = JFactory::getDate('now', $tz)->toSql(true); } //where date_from <= $date //where date_to >= $date OR date_to == nullDate $model->setState('filter_date', $date); // does group_id? $user = JFactory::getUser(); if (empty($group_id)) { $group_id = implode(',', JAccess::getGroupsByUser($user->id)); } //if(empty($group_id)) $group_id = implode(',', JAccess::getAuthorisedViewLevels($user->id)); $model->setState('group_id', $group_id); // set the ordering so the most discounted item is at the top of the list $model->setState('orderby', 'quantity_from'); $model->setState('direction', 'DESC'); try { $price = $model->getItem(); //var_dump($price); } catch (Exception $e) { $price = new stdClass(); } if (isset($price->price)) { $pricing->special_price = $price->price; //this is going to be the sale price $pricing->price = $price->price; $pricing->is_discount_pricing_available = $pricing->base_price > $pricing->price ? true : false; } return $pricing; }
/** * Display the view */ public function display($tpl = null) { if (!empty($this->item)) { $this->form = $this->get('Form'); } // Check for errors. if (count($errors = $this->get('Errors'))) { throw new Exception(implode("\n", $errors)); } // Check for errors. if (count($errors = $this->get('Errors'))) { throw new Exception(implode("\n", $errors)); } // Get API $jinput = JFactory::getApplication()->input; $user = JFactory::getUser(); $this->params = JComponentHelper::getParams('com_simplefilemanager'); $id = $jinput->getInt('id', 0); // Changed from: // $id = $jinput->get->get('id',0, 'INTEGER'); // Because of incompatibility with router.php $db = JFactory::getDbo(); $query = $db->getQuery(true); $query->select('file_name, visibility, reserved_group, reserved_user, state'); $query->from($db->quoteName('#__simplefilemanager')); $query->where($db->quoteName('id') . ' = ' . $id); $db->setQuery($query); $row = $db->loadAssoc(); // Check if file exists in database if (!$row) { throw new Exception("No input file", 403); } // Check if file exists on file system if (!file_exists($row['file_name'])) { throw new Exception("File not found", 404); } // Check permissions if ($row['state'] != '1' or $row['visibility'] == 2 and !$user->id or $row['visibility'] == 3 and $user->id != $row['reserved_user'] or $row['visibility'] == 4 and !in_array($row['reserved_group'], JAccess::getGroupsByUser($user->id)) or $row['visibility'] == 5 and $user->id != $row['author']) { throw new Exception("No access", 403); } // Increment download counter $db1 = JFactory::getDbo(); $query1 = $db1->getQuery(true); $db1->setQuery("UPDATE #__simplefilemanager SET download_counter = download_counter + 1, download_last = NOW() WHERE id = " . $id); $db1->execute(); $this->file_name = $row['file_name']; parent::display($tpl); }
/** * Fetch the user for the given user identifier from the backend * * @param string $identifier A unique user identifier, (i.e a username or email address) * @return KUserInterface|null Returns a UserInterface object or NULL if the user could not be found. */ public function fetch($identifier) { $table = JUser::getTable(); if ($table->load($identifier)) { $user = JUser::getInstance(0); $user->setProperties($table->getProperties()); $params = new JRegistry(); $params->loadString($table->params); $user->setParameters($params); $data = array('id' => $user->id, 'email' => $user->email, 'name' => $user->name, 'username' => $user->username, 'password' => $user->password, 'salt' => '', 'groups' => JAccess::getGroupsByUser($user->id), 'roles' => JAccess::getAuthorisedViewLevels($user->id), 'authentic' => !$user->guest, 'enabled' => !$user->block, 'expired' => (bool) $user->activation, 'attributes' => $user->getParameters()->toArray()); $user = $this->create($data); } else { $user = null; } return $user; }
public static function checkContenuto4Utente($userid, $contenutoid) { $groups = JAccess::getGroupsByUser($userid, true); $db = JFactory::getDBO(); $query = ' SELECT count(*) as count FROM #__gg_contenuti_acl WHERE id_contenuto=' . $contenutoid . ' and id_group in (' . implode(",", $groups) . ')'; FB::LOG($query, "query checkContenuto4Utente"); // FB::LOG($groups, "groups getTOTContenuti"); $db->setQuery($query); $totgroups = $db->loadAssoc(); FB::LOG($totgroups, "risultato checkContenuto4Utente"); return $totgroups['count']; }
/** * Checks the user group of the user and returns true if the user belongs to a selected group * * @return bool */ private function allowedUserGroups() { $user = JFactory::getUser(); $allowed_user_groups = false; $filter_groups = (array) $this->params->get('filter_groups', 8); $user_group = JAccess::getGroupsByUser($user->id); foreach ($user_group as $value) { foreach ($filter_groups as $filter_groups_value) { if ($value == $filter_groups_value) { $allowed_user_groups = true; break; } } } return $allowed_user_groups; }
/** * generate contribution access sql that used with blogs * * @since 5.0 * @access public * @param string * @return */ public static function genAccessSQL($contributorType, $columnPrefix, $options = array()) { $db = EB::db(); $my = JFactory::getUser(); $gid = array(); if ($my->id == 0) { $gid = JAccess::getGroupsByUser(0, false); } else { $gid = JAccess::getGroupsByUser($my->id, false); } $gids = ''; if (count($gid) > 0) { foreach ($gid as $id) { $gids .= empty($gids) ? $id : ',' . $id; } } $sourceSQL = ''; if ($contributorType == EASYBLOG_POST_SOURCE_TEAM) { $sourceSQL = self::getTeamBlogSQL($columnPrefix, $gids, $options); } else { if ($contributorType == EASYBLOG_POST_SOURCE_JOMSOCIAL_GROUP) { $sourceSQL = self::getJomSocialGroupSQL($columnPrefix, $options); } else { if ($contributorType == EASYBLOG_POST_SOURCE_JOMSOCIAL_EVENT) { $sourceSQL = self::getJomSocialEventSQL($columnPrefix, $options); } else { if ($contributorType == EASYBLOG_POST_SOURCE_EASYSOCIAL_GROUP) { $sourceSQL = self::getEasySocialGroupSQL($columnPrefix, $options); } else { if ($contributorType == EASYBLOG_POST_SOURCE_EASYSOCIAL_EVENT) { $sourceSQL = self::getEasySocialEventSQL($columnPrefix, $options); } } } } } $concate = isset($options['concateOperator']) ? $options['concateOperator'] : 'OR'; $sql = ''; if ($sourceSQL) { //starting bracket $sql = " {$concate} ("; $sql .= $sourceSQL; //ending bracket $sql .= ")"; } return $sql; }
/** * Build an SQL query to load the list data. * * @return JDatabaseQuery * @since 1.6 */ protected function getListQuery() { $app = JFactory::getApplication('site'); $user = JFactory::getUser(); $groups = implode(',', $user->getAuthorisedViewLevels()); $params = JComponentHelper::getParams('com_simplefilemanager'); // Create a new query object. $db = $this->getDbo(); $query = $db->getQuery(true); // Select the required fields from the table. $query->select($this->getState('list.select', 'DISTINCT a.*')); $query->from('`#__simplefilemanager` AS a'); // Join over the users for the checked out user. $query->select('uc.name AS editor'); $query->join('LEFT', '#__users AS uc ON uc.id=a.checked_out'); // Join over the created by field 'created_by' $query->join('LEFT', '#__users AS created_by ON created_by.id = a.created_by'); if (!JFactory::getUser()->authorise('core.manage', 'com_simplefilemanager')) { if ($params->get('forceListVisibility', 0) == 1) { // Can't see only documents reserved to a single user (included the author) $query->where("((a.visibility = 1) OR ((a.visibility = 3) AND (a.reserved_user="******")) OR (a.visibility = 2) OR ((a.visibility = 5) AND (a.author=" . $user->id . ")) OR (a.visibility = 4))"); } else { $query->where("((a.visibility = 1) OR ((a.visibility = 3) AND (a.reserved_user="******")) OR ((a.visibility = 2) AND (" . $user->id . ">0)) OR ((a.visibility = 5) AND (a.author=" . $user->id . ")) OR ((a.visibility = 4) AND ( a.reserved_group IN (" . implode(", ", JAccess::getGroupsByUser($user->id)) . "))))"); } } if (!JFactory::getUser()->authorise('core.edit.state', 'com_simplefilemanager')) { $query->where('a.state = 1'); } if ($categoryId = $this->getState('catid') and $categoryId != 0) { $query->where('a.catid = ' . (int) $categoryId); } // Filter by search in title $search = $this->getState('filter.search'); if (!empty($search)) { if (stripos($search, 'id:') === 0) { $query->where('a.id = ' . (int) substr($search, 3)); } else { $search = $db->Quote('%' . $db->escape($search, true) . '%'); } } // Add the list ordering clause. $query->order($db->escape($this->getState('list.ordering', 'a.file_created')) . ' ' . $db->escape($this->getState('list.direction', 'ASC'))); return $query; }
function getAuthorize() { $mainframe = JFactory::getApplication(); $option = 'com_tz_pinboard'; $params = $mainframe->getParams($option); $modticket = $params->get('modticket', array()); $user = JFactory::getUser(); $groups = JAccess::getGroupsByUser($user->id); if (!count($modticket) || !count($groups)) { return false; } foreach ($modticket as $mod) { foreach ($groups as $group) { if (intval($mod) == intval($group)) { return true; } } } }
public function getForumObjectList() { $this->userData = JFactory::getUser(); $this->userGroups = JAccess::getGroupsByUser($this->userData->id); $this->getForumObjectListDB(); $this->boardAccessList = comQuipForumHelper::getBoardAccessListDB($this->userGroups); foreach ((array) $this->forumObjectList as $kboard => $vboard) { $readAccess = 0; foreach ((array) $this->userGroups as $kgroup => $vgroup) { if (@$this->boardAccessList[$vboard->id][$vgroup] > 0) { $readAccess = 1; } } if (!$readAccess) { unset($this->forumObjectList[$kboard]); } } return $this->forumObjectList; }
public static function getCategoriesByUserGroups($user = null) { if ($user == null) { $user = JFactory::getUser(); } self::$catIds = array(); ImcHelper::getCategoriesUserGroups(); //populates self::catIds $categories = self::$catIds; $usergroups = JAccess::getGroupsByUser($user->id); $allowed_catIds = array(); foreach ($categories as $category) { foreach ($category['usergroups'] as $groupid) { if (in_array($groupid, $usergroups)) { array_push($allowed_catIds, $category['catid']); } } } return $allowed_catIds; }
function saveCatg() { require JPATH_COMPONENT_ADMINISTRATOR . DS . 'config.datsogallery.php'; $is_admin = array(7, 8); $db = JFactory::getDBO(); $user = JFactory::getUser(); $userGroups = JAccess::getGroupsByUser($user->id, true); $post = JRequest::get('post'); //$post['description'] = JRequest::getVar('description', '', 'post', 'string', JREQUEST_ALLOWRAW); $row = new DatsoCategories($db); if (!array_intersect($is_admin, $userGroups)) { $category = explode(',', $ad_category); $getfirst = array_shift($category); $db->setQuery('SELECT cid' . ' FROM #__datsogallery_catg' . ' WHERE user_id = ' . (int) $user->id . ' AND parent = ' . $ad_category); $result = $db->loadResult(); $row->parent = $result ? $result : $ad_category; $row->ordering = $row->getNextOrder('parent = ' . $row->parent); } else { $row->ordering = $row->getNextOrder('parent = 0'); } $row->user_id = $user->id; $row->approved = !$user_categories_approval || array_intersect($is_admin, $userGroups) ? 1 : 0; $row->published = 1; jimport('joomla.utilities.date'); $dtz = new DateTimeZone(JFactory::getApplication()->getCfg('offset')); $date = new JDate($row->date); $date->setTimezone($dtz); $row->date = $date->toMySQL(true); if (!$row->bind($post)) { JError::raiseError(500, $row->getError()); } if (!$row->check()) { JError::raiseError(500, $row->getError()); } if (!$row->store()) { JError::raiseError(500, $row->getError()); } if ($ad_category_notify && !array_intersect($is_admin, $userGroups)) { categoryNotify($user->username, $post['name']); } }
public function onBeforeSerialConsume(&$serial, $user_id, &$do, &$extra_data) { $user = hikaserial::loadUser(true); $ids = array(); parent::listPlugins('groupfilterconsumer', $ids, false); if (!$do) { return; } foreach ($ids as $id) { parent::pluginParams($id); if (in_array($serial->serial_pack_id, $this->plugin_params->packs_id)) { if (empty($user) || empty($user->user_cms_id)) { $do = false; } if (!empty($this->plugin_params->groups)) { $valid_groups = explode(',', trim($this->plugin_params->groups, ',')); foreach ($valid_groups as &$g) { $g = (int) $g; } unset($g); if (!HIKASHOP_J16) { $joomla_user = clone JFactory::getUser($user->user_cms_id); $userGroups = array($joomla_user->gid); } else { jimport('joomla.access.access'); $userGroups = JAccess::getGroupsByUser($user->user_cms_id, true); } $f = false; foreach ($userGroups as $g) { if (in_array($g, $valid_groups)) { $f = true; break; } } if (!$f) { $do = false; } } } } }
/** * Display the view */ public function display($tpl = null) { $this->doc = JFactory::getDocument(); $this->app = JFactory::getApplication(); $this->params = $this->app->getParams(); $this->menu = $this->app->getMenu()->getActive(); $this->defIcon = $this->params->get('defaulticon', "./media/com_simplefilemanager/images/document.png"); $this->showDate = $this->app->input->get('showDate', $this->params->get('showDate', 1, "int")); $this->showIcon = $this->app->input->get('showIcon', $this->params->get('showIcon', 1, "int")); $this->showDesc = $this->app->input->get('showDesc', $this->params->get('showDesc', 1, "int")); $this->showAuth = $this->app->input->get('showAuth', $this->params->get('showAuth', 1, "int")); $this->showLicence = $this->app->input->get('showLicence', $this->params->get('showLicence', 1, "int")); $this->showSize = $this->app->input->get('showSize', $this->params->get('showSize', 1, "int")); $this->showMD5 = $this->app->input->get('showMD5', $this->params->get('showMD5', 1, "int")); $this->showNew = $this->app->input->get('showNew', $this->params->get('showNew', 1, "int")); $this->newfiledays = $this->params->get('newfiledays', 7, "int"); $this->show_page_heading = $this->app->input->get('show_page_heading', 1, "int"); $app = JFactory::getApplication(); $user = JFactory::getUser(); $this->state = $this->get('State'); $this->item = $this->get('Data'); $this->params = $app->getParams('com_simplefilemanager'); if (!empty($this->item)) { $this->form = $this->get('Form'); } $this->item->icon = $this->item->icon ?: $this->defIcon; $this->item->canDownload = $this->item->visibility == 1 || $this->item->visibility == 3 && $this->item->reserved_user == $user->id || $this->item->visibility == 2 && $user->id || $this->item->visibility == 5 && $this->author == $user->id || $this->item->visibility == 4 && in_array($this->item->reserved_group, JAccess::getGroupsByUser($user->id)); // Check for errors. if (count($errors = $this->get('Errors'))) { throw new Exception(implode("\n", $errors)); } if ($this->_layout == 'edit') { $authorised = $user->authorise('core.create', 'com_simplefilemanager'); if ($authorised !== true) { throw new Exception(JText::_('JERROR_ALERTNOAUTHOR')); } } $this->_prepareDocument(); parent::display($tpl); }
function getFrontendLists($index = '') { $my = JFactory::getUser(); if (empty($my->id)) { return array(); } if (!ACYMAILING_J16) { $groups = array($my->gid); } else { jimport('joomla.access.access'); $groups = JAccess::getGroupsByUser($my->id, false); } $possibleValues = array(); $possibleValues[] = 'access_manage = \'all\''; $possibleValues[] = 'userid = ' . intval($my->id); foreach ($groups as $oneGroup) { $possibleValues[] = 'access_manage LIKE \'%,' . intval($oneGroup) . ',%\''; } $query = 'SELECT * FROM ' . acymailing_table('list') . ' WHERE published = 1 AND type = \'' . $this->type . '\' AND (' . implode(' OR ', $possibleValues) . ') ORDER BY ordering ASC'; $this->database->setQuery($query); return $this->database->loadObjectList($index); }
function getDefault() { $queryDefaultTemp = 'SELECT * FROM ' . acymailing_table('template') . ' WHERE premium = 1 AND published = 1 ORDER BY ordering ASC LIMIT 1'; if (acymailing_level(3)) { $my = JFactory::getUser(); if (!ACYMAILING_J16) { $groups = $my->gid; $condGroup = ' OR access LIKE (\'%,' . $groups . ',%\')'; } else { jimport('joomla.access.access'); $groups = JAccess::getGroupsByUser($my->id, false); $condGroup = ''; foreach ($groups as $group) { $condGroup .= ' OR access LIKE (\'%,' . $group . ',%\')'; } } $queryDefaultTemp = 'SELECT * FROM ' . acymailing_table('template') . ' WHERE premium = 1 AND published = 1 AND (access = \'all\' ' . $condGroup . ') ORDER BY ordering ASC LIMIT 1'; } $this->database->setQuery($queryDefaultTemp); $template = $this->database->loadObject(); return $this->_prepareTemplate($template); }
private function updateGroup($user_id, $new_group_id, $remove_group_id = 0) { $user = clone JFactory::getUser($user_id); if (version_compare(JVERSION, '1.6.0', '<')) { if ($user->gid != 25) { $user->set('gid', $new_group_id); $acl = JFactory::getACL(); $user->set('usertype', $acl->get_group_name($new_group_id)); } } else { jimport('joomla.access.access'); $userGroups = JAccess::getGroupsByUser($user_id, true); $userGroups[] = $new_group_id; if (!empty($remove_group_id)) { $key = array_search($remove_group_id, $userGroups); if (is_int($key)) { unset($userGroups[$key]); } } $user->set('groups', $userGroups); } $user->save(); }
public function isMemberGrp($groupId, $userId) { $groupsUserIsIn = JAccess::getGroupsByUser($userId); if(in_array(7,$groupsUserIsIn) || in_array(8,$groupsUserIsIn)) { return true; } $db = &JFactory::getDBO(); $query = 'SELECT user_id FROM #__awd_groups_members ' .'WHERE group_id = ' . (int)$groupId . ' AND user_id = ' . (int)$userId .' AND status="1"' ; $db->setQuery($query); $result = $db->loadResult(); $config = &JComponentHelper::getParams('com_awdwall'); $moderator_users = $config->get('moderator_users', ''); $moderator_type = $config->get('moderator_type', '0'); $moderator_users=explode(',',$moderator_users); if($moderator_type==0) { if(in_array($userId,$moderator_users)) { return true; } } if($result && (int)$result > 0){ return true; }else{ return false; } }
/** * Check if logined user is Super Admin */ public function isAdmin($checkSuperuser = false) { if ($checkSuperuser) { return in_array(8, JAccess::getGroupsByUser($this->id)); // we'd want to check if the user's a superadmin } else { if (is_null($this->_isAdmin)) { $groupIds = JAccess::getGroupsByUser($this->id); $this->_isAdmin = in_array(8, $groupIds) || in_array(7, $groupIds); } return $this->_isAdmin; } }
/** * Applies the global text filters to arbitrary text as per settings for current user groups * * @param text $text The string to filter * * @return string The filtered string * * @since 11.4 */ public static function filterText($text) { // Filter settings $config = self::getParams('com_config'); $user = JFactory::getUser(); $userGroups = JAccess::getGroupsByUser($user->get('id')); $filters = $config->get('filters'); $blackListTags = array(); $blackListAttributes = array(); $customListTags = array(); $customListAttributes = array(); $whiteListTags = array(); $whiteListAttributes = array(); $noHtml = false; $whiteList = false; $blackList = false; $customList = false; $unfiltered = false; // Cycle through each of the user groups the user is in. // Remember they are included in the Public group as well. foreach ($userGroups as $groupId) { // May have added a group by not saved the filters. if (!isset($filters->{$groupId})) { continue; } // Each group the user is in could have different filtering properties. $filterData = $filters->{$groupId}; $filterType = strtoupper($filterData->filter_type); if ($filterType == 'NH') { // Maximum HTML filtering. $noHtml = true; } elseif ($filterType == 'NONE') { // No HTML filtering. $unfiltered = true; } else { // Black or white list. // Preprocess the tags and attributes. $tags = explode(',', $filterData->filter_tags); $attributes = explode(',', $filterData->filter_attributes); $tempTags = array(); $tempAttributes = array(); foreach ($tags as $tag) { $tag = trim($tag); if ($tag) { $tempTags[] = $tag; } } foreach ($attributes as $attribute) { $attribute = trim($attribute); if ($attribute) { $tempAttributes[] = $attribute; } } // Collect the black or white list tags and attributes. // Each list is cummulative. if ($filterType == 'BL') { $blackList = true; $blackListTags = array_merge($blackListTags, $tempTags); $blackListAttributes = array_merge($blackListAttributes, $tempAttributes); } elseif ($filterType == 'CBL') { // Only set to true if Tags or Attributes were added if ($tempTags || $tempAttributes) { $customList = true; $customListTags = array_merge($customListTags, $tempTags); $customListAttributes = array_merge($customListAttributes, $tempAttributes); } } elseif ($filterType == 'WL') { $whiteList = true; $whiteListTags = array_merge($whiteListTags, $tempTags); $whiteListAttributes = array_merge($whiteListAttributes, $tempAttributes); } } } // Remove duplicates before processing (because the black list uses both sets of arrays). $blackListTags = array_unique($blackListTags); $blackListAttributes = array_unique($blackListAttributes); $customListTags = array_unique($customListTags); $customListAttributes = array_unique($customListAttributes); $whiteListTags = array_unique($whiteListTags); $whiteListAttributes = array_unique($whiteListAttributes); // Unfiltered assumes first priority. if ($unfiltered) { // Dont apply filtering. } else { // Custom blacklist precedes Default blacklist if ($customList) { $filter = JFilterInput::getInstance(array(), array(), 1, 1); // Override filter's default blacklist tags and attributes if ($customListTags) { $filter->tagBlacklist = $customListTags; } if ($customListAttributes) { $filter->attrBlacklist = $customListAttributes; } } elseif ($blackList) { // Remove the white-listed tags and attributes from the black-list. $blackListTags = array_diff($blackListTags, $whiteListTags); $blackListAttributes = array_diff($blackListAttributes, $whiteListAttributes); $filter = JFilterInput::getInstance($blackListTags, $blackListAttributes, 1, 1); // Remove white listed tags from filter's default blacklist if ($whiteListTags) { $filter->tagBlacklist = array_diff($filter->tagBlacklist, $whiteListTags); } // Remove white listed attributes from filter's default blacklist if ($whiteListAttributes) { $filter->attrBlacklist = array_diff($filter->attrBlacklist); } } elseif ($whiteList) { $filter = JFilterInput::getInstance($whiteListTags, $whiteListAttributes, 0, 0, 0); // turn off xss auto clean } else { $filter = JFilterInput::getInstance(); } $text = $filter->clean($text, 'html'); } return $text; }
/** * Gets an array of the authorised user groups * * @return array * * @since 11.1 */ public function getAuthorisedGroups() { if ($this->_authGroups === null) { $this->_authGroups = array(); } if (empty($this->_authGroups)) { $this->_authGroups = JAccess::getGroupsByUser($this->id); } return $this->_authGroups; }