/** * Method to save the configuration data. * * @param array $data An array containing all global config data. * * @return boolean True on success, false on failure. * * @since 1.6 */ public function save($data) { $app = JFactory::getApplication(); // Save the rules if (isset($data['rules'])) { $rules = new JAccessRules($data['rules']); // Check that we aren't removing our Super User permission // Need to get groups from database, since they might have changed $myGroups = JAccess::getGroupsByUser(JFactory::getUser()->get('id')); $myRules = $rules->getData(); $hasSuperAdmin = $myRules['core.admin']->allow($myGroups); if (!$hasSuperAdmin) { $app->enqueueMessage(JText::_('COM_CONFIG_ERROR_REMOVING_SUPER_ADMIN'), 'error'); return false; } $asset = JTable::getInstance('asset'); if ($asset->loadByName('root.1')) { $asset->rules = (string) $rules; if (!$asset->check() || !$asset->store()) { $app->enqueueMessage(JText::_('SOME_ERROR_CODE'), 'error'); return; } } else { $app->enqueueMessage(JText::_('COM_CONFIG_ERROR_ROOT_ASSET_NOT_FOUND'), 'error'); return false; } } // Clear cache of com_config component. $this->cleanCache('_system', 0); $this->cleanCache('_system', 1); }
public function installPermissionsObs() { $time_start = microtime(true); jimport('joomla.access.rules'); $app = JFactory::getApplication(); // Get the default rules (root) $root = JTable::getInstance('Asset'); $root->loadByName('root.1'); $root_rules = new JAccessRules($root->rules); // Define the new rules $ACL_PERMISSIONS = '{"core.admin":[],"core.manage":[],"core.create":[],"core.delete":[],"core.edit":[],"core.edit.state":[],"settings.edit":[],"settings.save":[]}'; $new_rules = new JAccessRules($ACL_PERMISSIONS); // Merge the rules into default rules and save it $root_rules->merge($new_rules); $root->rules = (string) $root_rules; if ($root->store()) { echo 'Installed ACL Permissions'; echo ' - <span style="color:green">' . JText::_('Success') . '</span><br />'; } else { echo ' - <span style="color:red">' . JText::_('Failed') . '</span><br />'; } $time_end = microtime(true); $time = $time_end - $time_start; if ($this->debug) { echo 'Duration: ' . round($time) . 's<br>'; } }
private static function getAssetRules($asset) { $db = JFactory::getDBO(); if (is_numeric($asset)) { $query = "SELECT b.rules\n FROM #__assets AS a LEFT JOIN #__assets AS b ON b.lft <= a.lft AND b.rgt >= a.rgt\n WHERE (a.id = '{$asset}' OR a.parent_id=0) GROUP BY b.id, b.rules, b.lft ORDER BY b.lft"; } else { $query = "SELECT b.rules\n FROM #__assets AS a LEFT JOIN #__assets AS b ON b.lft <= a.lft AND b.rgt >= a.rgt\n WHERE (a.name = '{$asset}' OR a.parent_id=0) GROUP BY b.id, b.rules, b.lft ORDER BY b.lft"; } $db->setQuery($query); $result = $db->loadResultArray(); if (empty($result)) { $query = "SELECT rules\n FROM #__assets\n WHERE parent_id=0"; $db->setQuery($query); $result = $db->loadResultArray(); } $rules = new JAccessRules(); $rules->mergeCollection($result); return $rules; }
/** * Method to return the JAccessRules object for an asset. The returned object can optionally hold * only the rules explicitly set for the asset or the summation of all inherited rules from * parent assets and explicit rules. * * @param mixed $asset Integer asset id or the name of the asset as a string. * @param boolean $recursive True to return the rules object with inherited rules. * * @return JAccessRules JAccessRules object for the asset. * * @since 11.1 */ public static function getAssetRules($asset, $recursive = false) { // Get the database connection object. $db = JFactory::getDbo(); // Build the database query to get the rules for the asset. $query = $db->getQuery(true); $query->select($recursive ? 'b.rules' : 'a.rules'); $query->from('#__assets AS a'); // SQLsrv change $query->group($recursive ? 'b.id, b.rules, b.lft' : 'a.id, a.rules, a.lft'); // If the asset identifier is numeric assume it is a primary key, else lookup by name. if (is_numeric($asset)) { $query->where('(a.id = ' . (int) $asset . ')'); } else { $query->where('(a.name = ' . $db->quote($asset) . ')'); } // If we want the rules cascading up to the global asset node we need a self-join. if ($recursive) { $query->leftJoin('#__assets AS b ON b.lft <= a.lft AND b.rgt >= a.rgt'); $query->order('b.lft'); } // Execute the query and load the rules from the result. $db->setQuery($query); $result = $db->loadColumn(); // Get the root even if the asset is not found and in recursive mode if (empty($result)) { $db = JFactory::getDbo(); $assets = JTable::getInstance('Asset', 'JTable', array('dbo' => $db)); $rootId = $assets->getRootId(); $query = $db->getQuery(true); $query->select('rules'); $query->from('#__assets'); $query->where('id = ' . $db->quote($rootId)); $db->setQuery($query); $result = $db->loadResult(); $result = array($result); } // Instantiate and return the JAccessRules object for the asset rules. $rules = new JAccessRules(); $rules->mergeCollection($result); return $rules; }
/** * @return bool */ public function save() { $result = parent::save(); if ($result) { $this->_createFilesContainer(); $this->_createIconsContainer(); $this->_createImagesContainer(); if (file_exists(dirname(__FILE__) . '/../../install/mimetypes.sql')) { $query = file_get_contents(dirname(__FILE__) . '/../../install/mimetypes.sql'); if ($query) { $db = JFactory::getDBO(); $db->setQuery($query); $db->queryBatch(false); } } // Remove com_files from the menu table $db = JFactory::getDBO(); $db->setQuery("SELECT id FROM #__menu WHERE link = 'index.php?option=com_files'"); $id = $db->loadResult(); if ($id) { $table = JTable::getInstance('menu'); $table->bind(array('id' => $id)); $table->delete(); } // Add a rule to authorize Public group to download if ($this->event === 'install') { $asset = JTable::getInstance('Asset'); $asset->loadByName('com_docman'); $rules = new JAccessRules($asset->rules); $rules->mergeAction('com_docman.download', new JAccessRule(array(1 => true))); $asset->rules = (string) $rules; if ($asset->check()) { $asset->store(); } unset($asset); $asset = JTable::getInstance('Asset'); $asset->loadByName('com_docman'); $rules = new JAccessRules($asset->rules); $rules->mergeAction('com_docman.upload', new JAccessRule(array(6 => true, 2 => true))); $asset->rules = (string) $rules; if ($asset->check()) { $asset->store(); } } if ($this->old_version) { $this->_migrate(); } } return $result; }
/** * Creates initial component actions based on global config and on some ... logic * * @return array * @since 11.1 */ protected function _createComponentRules($component) { $groups = $this->_getUserGroups(); // Get flexicontent ACTION names, and initialize flexicontent rules to empty * $flexi_actions = JAccess::getActions($component, 'component'); $flexi_rules = array(); foreach ($flexi_actions as $action) { $flexi_rules[$action->name] = array(); // * WE NEED THIS (even if it remains empty), because we will compare COMPONENT actions in DB when checking initial permissions $flexi_action_names[] = $action->name; // Create an array of all COMPONENT actions names } // Get Joomla ACTION names $root = JTable::getInstance('asset'); $root->loadByName('root.1'); $joomla_rules = new JAccessRules($root->rules); foreach ($joomla_rules->getData() as $action_name => $data) { $joomla_action_names[] = $action_name; } //echo "<pre>"; print_r($rules->getData()); echo "</pre>"; // Decide the actions to grant (give) to each user group foreach ($groups as $group) { // STEP 1: we will -grant- all NON-STANDARD component ACTIONS to any user group, that has 'core.manage' ACTION in the Global Configuration // NOTE (a): if some user group has the --Super Admin-- Global Configuration ACTION (aka 'core.admin' for asset root.1), then it also has 'core.manage' // NOTE (b): The STANDARD Joomla ACTIONs will not be set thus they will default to value -INHERIT- (=value "") if (JAccess::checkGroup($group->id, 'core.manage')) { //$flexi_rules['core.manage'][$group->id] = 1; foreach ($flexi_action_names as $action_name) { //if ($action_name == 'core.admin') continue; // component CONFIGURE action, skip it, this will can only be granted by STEP 2 if (in_array($action_name, $joomla_action_names)) { continue; } // Skip Joomla STANDARD rules allowing them to inherit $flexi_rules[$action_name][$group->id] = 1; } } // STEP 2: we will set ACTIONS already granted in GLOBAL CONFIGURATION (this include the COMPONENT CONFIGURE 'core.admin' action) // NOTE: that actions that do not exist in global configuration, will not be set here, so they will default to the the setting received by STEP 1 // NOTE: this was commented out and thus heritage will be used instead for existing Global ACTIONS /*foreach($flexi_action_names as $action_name) { if (JAccess::checkGroup($group->id, $action_name)) { $flexi_rules[$action_name][$group->id] = 1; } }*/ // STEP 3: Handle some special case of custom-added ACTIONs // e.g. Grant --OWNED-- actions if they have the corresponding --GENERAL-- actions if (!empty($flexi_rules['core.delete'][$group->id])) { if (in_array('core.delete.own', $flexi_action_names)) { $flexi_rules['core.delete.own'][$group->id] = 1; } //CanDeleteOwn } if (!empty($flexi_rules['core.edit.state'][$group->id])) { if (in_array('core.edit.state.own', $flexi_action_names)) { $flexi_rules['core.edit.state.own'][$group->id] = 1; } //CanPublishOwn } // Give these regardless of edit privelege, since if the do not have edit then they cannot access item form and save task anyway //if( !empty($flexi_rules['core.edit'][$group->id]) || !empty($flexi_rules['core.edit.own'][$group->id])) { if (1) { if (in_array('flexicontent.change.cat', $flexi_action_names)) { $flexi_rules['flexicontent.change.cat'][$group->id] = 1; } // CanChangeCat if (in_array('flexicontent.change.cat.sec', $flexi_action_names)) { $flexi_rules['flexicontent.change.cat.sec'][$group->id] = 1; } // CanChangeSecCat if (in_array('flexicontent.change.cat.feat', $flexi_action_names)) { $flexi_rules['flexicontent.change.cat.feat'][$group->id] = 1; } // CanChangeFeatCat if (in_array('flexicontent.uploadfiles', $flexi_action_names)) { $flexi_rules['flexicontent.uploadfiles'][$group->id] = 1; } // CanUploadFiles } // By default give to everybody the edit field values privelege if (in_array('flexicontent.editfieldvalues', $flexi_action_names)) { $flexi_rules['flexicontent.editfieldvalues'][$group->id] = 1; } //CanEditFieldValues } // return rules, a NOTE: MAYBE in future we create better initial permissions by checking allow/deny/inherit values instead of just HAS ACTION ... return $flexi_rules; }
/** * Tests the JAccessRules::getAllowed method. * * @return void * * @since 11.1 */ public function testGetAllowed() { $array1 = array('create' => array(-42 => 1), 'edit' => array(-42 => 1), 'delete' => array(-42 => 0, 2 => 1)); $result = new JObject(); $result->set('create', true); $result->set('edit', true); $rules = new JAccessRules($array1); $allowed = $rules->getAllowed(-42); $this->assertThat($result, $this->equalTo($allowed)); }
/** * Method to save the configuration data. * * @param array $data An array containing all global config data. * * @return boolean True on success, false on failure. * * @since 1.6 */ public function save($data) { $app = JFactory::getApplication(); // Check that we aren't setting wrong database configuration $options = array('driver' => $data['dbtype'], 'host' => $data['host'], 'user' => $data['user'], 'password' => JFactory::getConfig()->get('password'), 'database' => $data['db'], 'prefix' => $data['dbprefix']); try { $dbc = JDatabaseDriver::getInstance($options)->getVersion(); } catch (Exception $e) { $app->enqueueMessage(JText::_('JLIB_DATABASE_ERROR_DATABASE_CONNECT'), 'error'); return false; } // Save the rules if (isset($data['rules'])) { $rules = new JAccessRules($data['rules']); // Check that we aren't removing our Super User permission // Need to get groups from database, since they might have changed $myGroups = JAccess::getGroupsByUser(JFactory::getUser()->get('id')); $myRules = $rules->getData(); $hasSuperAdmin = $myRules['core.admin']->allow($myGroups); if (!$hasSuperAdmin) { $app->enqueueMessage(JText::_('COM_CONFIG_ERROR_REMOVING_SUPER_ADMIN'), 'error'); return false; } $asset = JTable::getInstance('asset'); if ($asset->loadByName('root.1')) { $asset->rules = (string) $rules; if (!$asset->check() || !$asset->store()) { $app->enqueueMessage(JText::_('SOME_ERROR_CODE'), 'error'); return; } } else { $app->enqueueMessage(JText::_('COM_CONFIG_ERROR_ROOT_ASSET_NOT_FOUND'), 'error'); return false; } unset($data['rules']); } // Save the text filters if (isset($data['filters'])) { $registry = new Registry(); $registry->loadArray(array('filters' => $data['filters'])); $extension = JTable::getInstance('extension'); // Get extension_id $extension_id = $extension->find(array('name' => 'com_config')); if ($extension->load((int) $extension_id)) { $extension->params = (string) $registry; if (!$extension->check() || !$extension->store()) { $app->enqueueMessage(JText::_('SOME_ERROR_CODE'), 'error'); return; } } else { $app->enqueueMessage(JText::_('COM_CONFIG_ERROR_CONFIG_EXTENSION_NOT_FOUND'), 'error'); return false; } unset($data['filters']); } // Get the previous configuration. $prev = new JConfig(); $prev = JArrayHelper::fromObject($prev); // Merge the new data in. We do this to preserve values that were not in the form. $data = array_merge($prev, $data); /* * Perform miscellaneous options based on configuration settings/changes. */ // Escape the offline message if present. if (isset($data['offline_message'])) { $data['offline_message'] = JFilterOutput::ampReplace($data['offline_message']); } // Purge the database session table if we are changing to the database handler. if ($prev['session_handler'] != 'database' && $data['session_handler'] == 'database') { $table = JTable::getInstance('session'); $table->purge(-1); } if (empty($data['cache_handler'])) { $data['caching'] = 0; } $path = JPATH_SITE . '/cache'; // Give a warning if the cache-folder can not be opened if ($data['caching'] > 0 && $data['cache_handler'] == 'file' && @opendir($path) == false) { JLog::add(JText::sprintf('COM_CONFIG_ERROR_CACHE_PATH_NOTWRITABLE', $path), JLog::WARNING, 'jerror'); $data['caching'] = 0; } // Clean the cache if disabled but previously enabled. if (!$data['caching'] && $prev['caching']) { $cache = JFactory::getCache(); $cache->clean(); } // Create the new configuration object. $config = new Registry('config'); $config->loadArray($data); // Overwrite the old FTP credentials with the new ones. $temp = JFactory::getConfig(); $temp->set('ftp_enable', $data['ftp_enable']); $temp->set('ftp_host', $data['ftp_host']); $temp->set('ftp_port', $data['ftp_port']); $temp->set('ftp_user', $data['ftp_user']); $temp->set('ftp_pass', $data['ftp_pass']); $temp->set('ftp_root', $data['ftp_root']); // Clear cache of com_config component. $this->cleanCache('_system', 0); $this->cleanCache('_system', 1); // Write the configuration file. return $this->writeConfigFile($config); }
/** * Constructor. * * The input array must be in the form: array('action' => array(-42 => true, 3 => true, 4 => false)) * or an equivalent JSON encoded string, or an object where properties are arrays. * * @param mixed $input A JSON format string (probably from the database) or a nested array. * * @since 11.1 * @deprecated 12.3 */ public function __construct($input = '') { JLog::add('JRules is deprecated. Use JAccessRules instead.', JLog::WARNING, 'deprecated'); parent::__construct($input); }
/** * Method to save the configuration data. * * @param array $data An array containing all global config data. * * @return boolean True on success, false on failure. * * @since 1.6 */ public function save($data) { $app = JFactory::getApplication(); // Check that we aren't setting wrong database configuration $options = array('driver' => $data['dbtype'], 'host' => $data['host'], 'user' => $data['user'], 'password' => JFactory::getConfig()->get('password'), 'database' => $data['db'], 'prefix' => $data['dbprefix']); try { $dbc = JDatabaseDriver::getInstance($options)->getVersion(); } catch (Exception $e) { $app->enqueueMessage(JText::_('JLIB_DATABASE_ERROR_DATABASE_CONNECT'), 'error'); return false; } // Check if we can set the Force SSL option if ((int) $data['force_ssl'] !== 0 && (int) $data['force_ssl'] !== (int) JFactory::getConfig()->get('force_ssl', '0')) { try { // Make an HTTPS request to check if the site is available in HTTPS. $host = JUri::getInstance()->getHost(); $options = new \Joomla\Registry\Registry(); $options->set('userAgent', 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0'); $options->set('transport.curl', array(CURLOPT_SSL_VERIFYPEER => false)); $response = JHttpFactory::getHttp($options)->get('https://' . $host . JUri::root(true) . '/', array('Host' => $host), 10); // If available in HTTPS check also the status code. if (!in_array($response->code, array(200, 503, 301, 302, 303, 304, 305, 306, 307, 308, 309, 310), true)) { throw new RuntimeException('HTTPS version of the site returned an invalid HTTP status code.'); } } catch (RuntimeException $e) { $data['force_ssl'] = 0; // Also update the user state $app->setUserState('com_config.config.global.data.force_ssl', 0); // Inform the user $app->enqueueMessage(JText::_('COM_CONFIG_ERROR_SSL_NOT_AVAILABLE'), 'warning'); } } // Save the rules if (isset($data['rules'])) { $rules = new JAccessRules($data['rules']); // Check that we aren't removing our Super User permission // Need to get groups from database, since they might have changed $myGroups = JAccess::getGroupsByUser(JFactory::getUser()->get('id')); $myRules = $rules->getData(); $hasSuperAdmin = $myRules['core.admin']->allow($myGroups); if (!$hasSuperAdmin) { $app->enqueueMessage(JText::_('COM_CONFIG_ERROR_REMOVING_SUPER_ADMIN'), 'error'); return false; } $asset = JTable::getInstance('asset'); if ($asset->loadByName('root.1')) { $asset->rules = (string) $rules; if (!$asset->check() || !$asset->store()) { $app->enqueueMessage(JText::_('SOME_ERROR_CODE'), 'error'); return; } } else { $app->enqueueMessage(JText::_('COM_CONFIG_ERROR_ROOT_ASSET_NOT_FOUND'), 'error'); return false; } unset($data['rules']); } // Save the text filters if (isset($data['filters'])) { $registry = new Registry(); $registry->loadArray(array('filters' => $data['filters'])); $extension = JTable::getInstance('extension'); // Get extension_id $extension_id = $extension->find(array('name' => 'com_config')); if ($extension->load((int) $extension_id)) { $extension->params = (string) $registry; if (!$extension->check() || !$extension->store()) { $app->enqueueMessage(JText::_('SOME_ERROR_CODE'), 'error'); return; } } else { $app->enqueueMessage(JText::_('COM_CONFIG_ERROR_CONFIG_EXTENSION_NOT_FOUND'), 'error'); return false; } unset($data['filters']); } // Get the previous configuration. $prev = new JConfig(); $prev = JArrayHelper::fromObject($prev); // Merge the new data in. We do this to preserve values that were not in the form. $data = array_merge($prev, $data); /* * Perform miscellaneous options based on configuration settings/changes. */ // Escape the offline message if present. if (isset($data['offline_message'])) { $data['offline_message'] = JFilterOutput::ampReplace($data['offline_message']); } // Purge the database session table if we are changing to the database handler. if ($prev['session_handler'] != 'database' && $data['session_handler'] == 'database') { $table = JTable::getInstance('session'); $table->purge(-1); } if (empty($data['cache_handler'])) { $data['caching'] = 0; } $path = JPATH_SITE . '/cache'; // Give a warning if the cache-folder can not be opened if ($data['caching'] > 0 && $data['cache_handler'] == 'file' && @opendir($path) == false) { JLog::add(JText::sprintf('COM_CONFIG_ERROR_CACHE_PATH_NOTWRITABLE', $path), JLog::WARNING, 'jerror'); $data['caching'] = 0; } // Clean the cache if disabled but previously enabled. if (!$data['caching'] && $prev['caching']) { $cache = JFactory::getCache(); $cache->clean(); } // Create the new configuration object. $config = new Registry('config'); $config->loadArray($data); // Overwrite the old FTP credentials with the new ones. $temp = JFactory::getConfig(); $temp->set('ftp_enable', $data['ftp_enable']); $temp->set('ftp_host', $data['ftp_host']); $temp->set('ftp_port', $data['ftp_port']); $temp->set('ftp_user', $data['ftp_user']); $temp->set('ftp_pass', $data['ftp_pass']); $temp->set('ftp_root', $data['ftp_root']); // Clear cache of com_config component. $this->cleanCache('_system', 0); $this->cleanCache('_system', 1); // Write the configuration file. return $this->writeConfigFile($config); }
/** * Gets the default asset values for a component. * * @param $string $component The component asset name to search for * * @return JAccessRules The JAccessRules object for the asset */ protected function getDefaultAssetValues($component, $try = true) { // Need to find the asset id by the name of the component. $db = JFactory::getDbo(); $query = $db->getQuery(true)->select($db->quoteName('id'))->from($db->quoteName('#__assets'))->where($db->quoteName('name') . ' = ' . $db->quote($component)); $db->setQuery($query); $db->execute(); if ($db->loadRowList()) { // asset alread set so use saved rules $assetId = (int) $db->loadResult(); return JAccess::getAssetRules($assetId); } elseif ($try) { $try = explode('.', $component); $result = $this->getDefaultAssetValues($try[0], false); if ($result instanceof JAccessRules) { if (isset($try[1])) { $_result = (string) $result; $_result = json_decode($_result); foreach ($_result as $name => &$rule) { $v = explode('.', $name); if ($try[1] !== $v[0]) { // remove since it is not part of this view unset($_result->{$name}); } else { // clear the value since we inherit $rule = array(); } } // check if there are any view values remaining if (count($_result)) { $_result = json_encode($_result); $_result = array($_result); // Instantiate and return the JAccessRules object for the asset rules. $rules = new JAccessRules(); $rules->mergeCollection($_result); return $rules; } } return $result; } } return JAccess::getAssetRules(0); }
/** * Method to return the JAccessRules object for an asset. The returned object can optionally hold * only the rules explicitly set for the asset or the summation of all inherited rules from * parent assets and explicit rules. * * @param mixed $asset Integer asset id or the name of the asset as a string. * @param boolean $recursive True to return the rules object with inherited rules. * @param boolean $recursiveParentAsset True to calculate the rule also based on inherited component/extension rules. * * @return JAccessRules JAccessRules object for the asset. * * @since 11.1 */ public static function getAssetRules($asset, $recursive = false, $recursiveParentAsset = true) { // Get instance of the Profiler: $_PROFILER = JProfiler::getInstance('Application'); $extensionName = self::getExtensionNameFromAsset($asset); // Almost all calls should have recursive set to true // so we'll get to take advantage of preloading: if ($recursive && $recursiveParentAsset && isset(self::$assetPermissionsByName[$extensionName]) && isset(self::$assetPermissionsByName[$extensionName][$asset])) { // Mark in the profiler. JDEBUG ? $_PROFILER->mark('Start JAccess::getAssetRules New (' . $asset . ')') : null; $assetType = self::getAssetType($asset); $assetId = self::$assetPermissionsByName[$extensionName][$asset]->id; $ancestors = array_reverse(self::getAssetAncestors($assetType, $assetId)); // Collects permissions for each $asset $collected = array(); foreach ($ancestors as $id) { $collected[] = self::$assetPermissionsById[$extensionName][$id]->rules; } /** * Hashing the collected rules allows us to store * only one instance of the JAccessRules object for * Assets that have the same exact permissions... * it's a great way to save some memory. */ $hash = md5(implode(',', $collected)); if (!isset(self::$assetRulesIdentities[$hash])) { $rules = new JAccessRules(); $rules->mergeCollection($collected); self::$assetRulesIdentities[$hash] = $rules; } // Mark in the profiler. JDEBUG ? $_PROFILER->mark('Finish JAccess::getAssetRules New (' . $asset . ')') : null; return self::$assetRulesIdentities[$hash]; } else { // Mark in the profiler. JDEBUG ? $_PROFILER->mark('Start JAccess::getAssetRules Old (' . $asset . ')') : null; if ($asset === "1") { // There's no need to process it with the // recursive method for the Root Asset ID. $recursive = false; } // Get the database connection object. $db = JFactory::getDbo(); // Build the database query to get the rules for the asset. $query = $db->getQuery(true)->select($recursive ? 'b.rules' : 'a.rules')->from('#__assets AS a'); $extensionString = ''; if ($recursiveParentAsset && ($extensionName !== $asset || is_numeric($asset))) { $extensionString = ' OR a.name = ' . $db->quote($extensionName); } $recursiveString = ''; if ($recursive) { $recursiveString = ' OR a.parent_id=0'; } // If the asset identifier is numeric assume it is a primary key, else lookup by name. if (is_numeric($asset)) { $query->where('(a.id = ' . (int) $asset . $extensionString . $recursiveString . ')'); } else { $query->where('(a.name = ' . $db->quote($asset) . $extensionString . $recursiveString . ')'); } // If we want the rules cascading up to the global asset node we need a self-join. if ($recursive) { $query->join('LEFT', '#__assets AS b ON b.lft <= a.lft AND b.rgt >= a.rgt')->order('b.lft'); } // Execute the query and load the rules from the result. $db->setQuery($query); $result = $db->loadColumn(); // Get the root even if the asset is not found and in recursive mode if (empty($result)) { $db = JFactory::getDbo(); $assets = JTable::getInstance('Asset', 'JTable', array('dbo' => $db)); $rootId = $assets->getRootId(); $query->clear()->select('rules')->from('#__assets')->where('id = ' . $db->quote($rootId)); $db->setQuery($query); $result = $db->loadResult(); $result = array($result); } // Instantiate and return the JAccessRules object for the asset rules. $rules = new JAccessRules(); $rules->mergeCollection($result); JDEBUG ? $_PROFILER->mark('Finish JAccess::getAssetRules Old (' . $asset . ')') : null; return $rules; } }
/** * Method to save the configuration data. * * @param array An array containing all global config data. * @return bool True on success, false on failure. * @since 1.6 */ public function save($data) { // Save the rules if (isset($data['rules'])) { $rules = new JAccessRules($data['rules']); // Check that we aren't removing our Super User permission // Need to get groups from database, since they might have changed $myGroups = JAccess::getGroupsByUser(JFactory::getUser()->get('id')); $myRules = $rules->getData(); $hasSuperAdmin = $myRules['core.admin']->allow($myGroups); if (!$hasSuperAdmin) { $this->setError(JText::_('COM_CONFIG_ERROR_REMOVING_SUPER_ADMIN')); return false; } $asset = JTable::getInstance('asset'); if ($asset->loadByName('root.1')) { $asset->rules = (string) $rules; if (!$asset->check() || !$asset->store()) { JError::raiseNotice('SOME_ERROR_CODE', $asset->getError()); } } else { $this->setError(JText::_('COM_CONFIG_ERROR_ROOT_ASSET_NOT_FOUND')); return false; } unset($data['rules']); } // Save the text filters if (isset($data['filters'])) { $registry = new JRegistry(); $registry->loadArray(array('filters' => $data['filters'])); $extension = JTable::getInstance('extension'); // Get extension_id $extension_id = $extension->find(array('name' => 'com_config')); if ($extension->load((int) $extension_id)) { $extension->params = (string) $registry; if (!$extension->check() || !$extension->store()) { JError::raiseNotice('SOME_ERROR_CODE', $extension->getError()); } } else { $this->setError(JText::_('COM_CONFIG_ERROR_CONFIG_EXTENSION_NOT_FOUND')); return false; } unset($data['filters']); } // Get the previous configuration. $prev = new JConfig(); $prev = JArrayHelper::fromObject($prev); // Merge the new data in. We do this to preserve values that were not in the form. $data = array_merge($prev, $data); /* * Perform miscellaneous options based on configuration settings/changes. */ // Escape the sitename if present. if (isset($data['sitename'])) { $data['sitename'] = $data['sitename']; } // Escape the MetaDesc if present. if (isset($data['MetaDesc'])) { $data['MetaDesc'] = $data['MetaDesc']; } // Escape the MetaKeys if present. if (isset($data['MetaKeys'])) { $data['MetaKeys'] = $data['MetaKeys']; } // Escape the offline message if present. if (isset($data['offline_message'])) { $data['offline_message'] = JFilterOutput::ampReplace($data['offline_message']); } // Purge the database session table if we are changing to the database handler. if ($prev['session_handler'] != 'database' && $data['session_handler'] == 'database') { $table = JTable::getInstance('session'); $table->purge(-1); } if (empty($data['cache_handler'])) { $data['caching'] = 0; } // Clean the cache if disabled but previously enabled. if (!$data['caching'] && $prev['caching']) { $cache = JFactory::getCache(); $cache->clean(); } // Create the new configuration object. $config = new JRegistry('config'); $config->loadArray($data); /* * Write the configuration file. */ jimport('joomla.filesystem.path'); jimport('joomla.filesystem.file'); // Set the configuration file path. $file = JPATH_CONFIGURATION . '/configuration.php'; // Overwrite the old FTP credentials with the new ones. $temp = JFactory::getConfig(); $temp->set('ftp_enable', $data['ftp_enable']); $temp->set('ftp_host', $data['ftp_host']); $temp->set('ftp_port', $data['ftp_port']); $temp->set('ftp_user', $data['ftp_user']); $temp->set('ftp_pass', $data['ftp_pass']); $temp->set('ftp_root', $data['ftp_root']); // Get the new FTP credentials. $ftp = JClientHelper::getCredentials('ftp', true); // Attempt to make the file writeable if using FTP. if (!$ftp['enabled'] && JPath::isOwner($file) && !JPath::setPermissions($file, '0644')) { JError::raiseNotice('SOME_ERROR_CODE', JText::_('COM_CONFIG_ERROR_CONFIGURATION_PHP_NOTWRITABLE')); } // Attempt to write the configuration file as a PHP class named JConfig. $configString = $config->toString('PHP', array('class' => 'JConfig', 'closingtag' => false)); if (!JFile::write($file, $configString)) { $this->setError(JText::_('COM_CONFIG_ERROR_WRITE_FAILED')); return false; } // Attempt to make the file unwriteable if using FTP. if ($data['ftp_enable'] == 0 && !$ftp['enabled'] && JPath::isOwner($file) && !JPath::setPermissions($file, '0444')) { JError::raiseNotice('SOME_ERROR_CODE', JText::_('COM_CONFIG_ERROR_CONFIGURATION_PHP_NOTUNWRITABLE')); } return true; }
/** * @return bool */ public function save() { $result = parent::save(); if ($result) { $this->_createFilesContainer(); $this->_createIconsContainer(); $this->_createImagesContainer(); if (file_exists(dirname(__FILE__) . '/../../resources/install/mimetypes.sql')) { $mimetypes = file_get_contents(dirname(__FILE__) . '/../../resources/install/mimetypes.sql'); if ($mimetypes) { try { $db = JFactory::getDBO(); $queries = $db->splitSql($mimetypes); foreach ($queries as $query) { if (trim($query)) { $db->setQuery($query)->execute(); } } } catch (Exception $e) { } } } if ($this->event === 'install') { // Add a rule to authorize Public group to download $asset = JTable::getInstance('Asset'); $asset->loadByName('com_docman'); $rules = new JAccessRules($asset->rules); $rules->mergeAction('com_docman.download', new JAccessRule(array(1 => true))); $asset->rules = (string) $rules; if ($asset->check()) { $asset->store(); } // Disable finder plugin by default $finder_id = $this->getExtensionId(array('type' => 'plugin', 'element' => 'docman', 'folder' => 'finder')); if ($finder_id) { $query = sprintf('UPDATE #__extensions SET enabled = 0 WHERE extension_id = %d', $finder_id); JFactory::getDBO()->setQuery($query)->query(); } } if ($this->old_version) { JCache::getInstance('output', array('defaultgroup' => 'com_docman.files'))->clean(); $this->_migrate(); } } return $result; }
/** * Method to save the configuration data. * * @param array An array containing all global config data. * * @return bool True on success, false on failure. * * @since 1.6 */ public function save($data) { // Save the rules if (isset($data['rules'])) { $rules = new JAccessRules($data['rules']); // Check that we aren't removing our Super User permission // Need to get groups from database, since they might have changed $myGroups = JAccess::getGroupsByUser(JFactory::getUser()->get('id')); $myRules = $rules->getData(); $hasSuperAdmin = $myRules['core.admin']->allow($myGroups); if (!$hasSuperAdmin) { $this->setError(JText::_('COM_CONFIG_ERROR_REMOVING_SUPER_ADMIN')); return false; } $asset = JTable::getInstance('asset'); if ($asset->loadByName('root.1')) { $asset->rules = (string) $rules; if (!$asset->check() || !$asset->store()) { JError::raiseNotice('SOME_ERROR_CODE', $asset->getError()); } } else { $this->setError(JText::_('COM_CONFIG_ERROR_ROOT_ASSET_NOT_FOUND')); return false; } unset($data['rules']); } // Save the text filters if (isset($data['filters'])) { $registry = new JRegistry(); $registry->loadArray(array('filters' => $data['filters'])); $extension = JTable::getInstance('extension'); // Get extension_id $extension_id = $extension->find(array('name' => 'com_config')); if ($extension->load((int) $extension_id)) { $extension->params = (string) $registry; if (!$extension->check() || !$extension->store()) { JError::raiseNotice('SOME_ERROR_CODE', $extension->getError()); } } else { $this->setError(JText::_('COM_CONFIG_ERROR_CONFIG_EXTENSION_NOT_FOUND')); return false; } unset($data['filters']); } // Get the previous configuration. $prev = new JConfig(); $prev = JArrayHelper::fromObject($prev); // Merge the new data in. We do this to preserve values that were not in the form. $data = array_merge($prev, $data); /* * Perform miscellaneous options based on configuration settings/changes. */ // Escape the offline message if present. if (isset($data['offline_message'])) { $data['offline_message'] = JFilterOutput::ampReplace($data['offline_message']); } // Purge the database session table if we are changing to the database handler. if ($prev['session_handler'] != 'database' && $data['session_handler'] == 'database') { $table = JTable::getInstance('session'); $table->purge(-1); } if (empty($data['cache_handler'])) { $data['caching'] = 0; } // Clean the cache if disabled but previously enabled. if (!$data['caching'] && $prev['caching']) { $cache = JFactory::getCache(); $cache->clean(); } // Create the new configuration object. $config = new JRegistry('config'); $config->loadArray($data); // Overwrite the old FTP credentials with the new ones. $temp = JFactory::getConfig(); $temp->set('ftp_enable', $data['ftp_enable']); $temp->set('ftp_host', $data['ftp_host']); $temp->set('ftp_port', $data['ftp_port']); $temp->set('ftp_user', $data['ftp_user']); $temp->set('ftp_pass', $data['ftp_pass']); $temp->set('ftp_root', $data['ftp_root']); // Clear cache of com_config component. $this->cleanCache('_system'); // Write the configuration file. return $this->writeConfigFile($config); }
/** * Validate all URLS and update their "valid" status */ public static function installAttachmentsPermissions($verbose = true) { jimport('joomla.access.rules'); $app = JFactory::getApplication(); // Get the root rules $root = JTable::getInstance('asset'); $root->loadByName('root.1'); $root_rules = new JAccessRules($root->rules); // Define the new rules $new_rules = new JAccessRules(AttachmentsDefines::$DEFAULT_ATTACHMENTS_ACL_PERMISSIONS); // Merge the rules into default rules and save it $root_rules->merge($new_rules); $root->rules = (string) $root_rules; if ($root->store()) { if ($verbose) { $app->enqueueMessage(JText::_('ATTACH_INSTALLED_DEFAULT_ATTACHMENTS_ASSET_RULES'), 'message'); } } else { if ($verbose) { $app->enqueueMessage(JText::_('ATTACH_INSTALLING_DEFAULT_ATTACHMENTS_ASSET_RULES_FAILED'), 'message'); } } }