/**
* Method to save the configuration data.
*
* @param array $data An array containing all global config data.
*
* @return boolean True on success, false on failure.
*
* @since 1.6
*/
public function save($data)
{
$app = JFactory::getApplication();
// Save the rules
if (isset($data['rules'])) {
$rules = new JAccessRules($data['rules']);
// Check that we aren't removing our Super User permission
// Need to get groups from database, since they might have changed
$myGroups = JAccess::getGroupsByUser(JFactory::getUser()->get('id'));
$myRules = $rules->getData();
$hasSuperAdmin = $myRules['core.admin']->allow($myGroups);
if (!$hasSuperAdmin) {
$app->enqueueMessage(JText::_('COM_CONFIG_ERROR_REMOVING_SUPER_ADMIN'), 'error');
return false;
}
$asset = JTable::getInstance('asset');
if ($asset->loadByName('root.1')) {
$asset->rules = (string) $rules;
if (!$asset->check() || !$asset->store()) {
$app->enqueueMessage(JText::_('SOME_ERROR_CODE'), 'error');
return;
}
} else {
$app->enqueueMessage(JText::_('COM_CONFIG_ERROR_ROOT_ASSET_NOT_FOUND'), 'error');
return false;
}
}
// Clear cache of com_config component.
$this->cleanCache('_system', 0);
$this->cleanCache('_system', 1);
}
public function installPermissionsObs()
{
$time_start = microtime(true);
jimport('joomla.access.rules');
$app = JFactory::getApplication();
// Get the default rules (root)
$root = JTable::getInstance('Asset');
$root->loadByName('root.1');
$root_rules = new JAccessRules($root->rules);
// Define the new rules
$ACL_PERMISSIONS = '{"core.admin":[],"core.manage":[],"core.create":[],"core.delete":[],"core.edit":[],"core.edit.state":[],"settings.edit":[],"settings.save":[]}';
$new_rules = new JAccessRules($ACL_PERMISSIONS);
// Merge the rules into default rules and save it
$root_rules->merge($new_rules);
$root->rules = (string) $root_rules;
if ($root->store()) {
echo 'Installed ACL Permissions';
echo ' - <span style="color:green">' . JText::_('Success') . '</span><br />';
} else {
echo ' - <span style="color:red">' . JText::_('Failed') . '</span><br />';
}
$time_end = microtime(true);
$time = $time_end - $time_start;
if ($this->debug) {
echo 'Duration: ' . round($time) . 's<br>';
}
}
private static function getAssetRules($asset)
{
$db = JFactory::getDBO();
if (is_numeric($asset)) {
$query = "SELECT b.rules\n FROM #__assets AS a LEFT JOIN #__assets AS b ON b.lft <= a.lft AND b.rgt >= a.rgt\n WHERE (a.id = '{$asset}' OR a.parent_id=0) GROUP BY b.id, b.rules, b.lft ORDER BY b.lft";
} else {
$query = "SELECT b.rules\n FROM #__assets AS a LEFT JOIN #__assets AS b ON b.lft <= a.lft AND b.rgt >= a.rgt\n WHERE (a.name = '{$asset}' OR a.parent_id=0) GROUP BY b.id, b.rules, b.lft ORDER BY b.lft";
}
$db->setQuery($query);
$result = $db->loadResultArray();
if (empty($result)) {
$query = "SELECT rules\n FROM #__assets\n WHERE parent_id=0";
$db->setQuery($query);
$result = $db->loadResultArray();
}
$rules = new JAccessRules();
$rules->mergeCollection($result);
return $rules;
}
/**
* Method to return the JAccessRules object for an asset. The returned object can optionally hold
* only the rules explicitly set for the asset or the summation of all inherited rules from
* parent assets and explicit rules.
*
* @param mixed $asset Integer asset id or the name of the asset as a string.
* @param boolean $recursive True to return the rules object with inherited rules.
*
* @return JAccessRules JAccessRules object for the asset.
*
* @since 11.1
*/
public static function getAssetRules($asset, $recursive = false)
{
// Get the database connection object.
$db = JFactory::getDbo();
// Build the database query to get the rules for the asset.
$query = $db->getQuery(true);
$query->select($recursive ? 'b.rules' : 'a.rules');
$query->from('#__assets AS a');
// SQLsrv change
$query->group($recursive ? 'b.id, b.rules, b.lft' : 'a.id, a.rules, a.lft');
// If the asset identifier is numeric assume it is a primary key, else lookup by name.
if (is_numeric($asset)) {
$query->where('(a.id = ' . (int) $asset . ')');
} else {
$query->where('(a.name = ' . $db->quote($asset) . ')');
}
// If we want the rules cascading up to the global asset node we need a self-join.
if ($recursive) {
$query->leftJoin('#__assets AS b ON b.lft <= a.lft AND b.rgt >= a.rgt');
$query->order('b.lft');
}
// Execute the query and load the rules from the result.
$db->setQuery($query);
$result = $db->loadColumn();
// Get the root even if the asset is not found and in recursive mode
if (empty($result)) {
$db = JFactory::getDbo();
$assets = JTable::getInstance('Asset', 'JTable', array('dbo' => $db));
$rootId = $assets->getRootId();
$query = $db->getQuery(true);
$query->select('rules');
$query->from('#__assets');
$query->where('id = ' . $db->quote($rootId));
$db->setQuery($query);
$result = $db->loadResult();
$result = array($result);
}
// Instantiate and return the JAccessRules object for the asset rules.
$rules = new JAccessRules();
$rules->mergeCollection($result);
return $rules;
}
/**
* @return bool
*/
public function save()
{
$result = parent::save();
if ($result) {
$this->_createFilesContainer();
$this->_createIconsContainer();
$this->_createImagesContainer();
if (file_exists(dirname(__FILE__) . '/../../install/mimetypes.sql')) {
$query = file_get_contents(dirname(__FILE__) . '/../../install/mimetypes.sql');
if ($query) {
$db = JFactory::getDBO();
$db->setQuery($query);
$db->queryBatch(false);
}
}
// Remove com_files from the menu table
$db = JFactory::getDBO();
$db->setQuery("SELECT id FROM #__menu WHERE link = 'index.php?option=com_files'");
$id = $db->loadResult();
if ($id) {
$table = JTable::getInstance('menu');
$table->bind(array('id' => $id));
$table->delete();
}
// Add a rule to authorize Public group to download
if ($this->event === 'install') {
$asset = JTable::getInstance('Asset');
$asset->loadByName('com_docman');
$rules = new JAccessRules($asset->rules);
$rules->mergeAction('com_docman.download', new JAccessRule(array(1 => true)));
$asset->rules = (string) $rules;
if ($asset->check()) {
$asset->store();
}
unset($asset);
$asset = JTable::getInstance('Asset');
$asset->loadByName('com_docman');
$rules = new JAccessRules($asset->rules);
$rules->mergeAction('com_docman.upload', new JAccessRule(array(6 => true, 2 => true)));
$asset->rules = (string) $rules;
if ($asset->check()) {
$asset->store();
}
}
if ($this->old_version) {
$this->_migrate();
}
}
return $result;
}
/**
* Creates initial component actions based on global config and on some ... logic
*
* @return array
* @since 11.1
*/
protected function _createComponentRules($component)
{
$groups = $this->_getUserGroups();
// Get flexicontent ACTION names, and initialize flexicontent rules to empty *
$flexi_actions = JAccess::getActions($component, 'component');
$flexi_rules = array();
foreach ($flexi_actions as $action) {
$flexi_rules[$action->name] = array();
// * WE NEED THIS (even if it remains empty), because we will compare COMPONENT actions in DB when checking initial permissions
$flexi_action_names[] = $action->name;
// Create an array of all COMPONENT actions names
}
// Get Joomla ACTION names
$root = JTable::getInstance('asset');
$root->loadByName('root.1');
$joomla_rules = new JAccessRules($root->rules);
foreach ($joomla_rules->getData() as $action_name => $data) {
$joomla_action_names[] = $action_name;
}
//echo "<pre>"; print_r($rules->getData()); echo "</pre>";
// Decide the actions to grant (give) to each user group
foreach ($groups as $group) {
// STEP 1: we will -grant- all NON-STANDARD component ACTIONS to any user group, that has 'core.manage' ACTION in the Global Configuration
// NOTE (a): if some user group has the --Super Admin-- Global Configuration ACTION (aka 'core.admin' for asset root.1), then it also has 'core.manage'
// NOTE (b): The STANDARD Joomla ACTIONs will not be set thus they will default to value -INHERIT- (=value "")
if (JAccess::checkGroup($group->id, 'core.manage')) {
//$flexi_rules['core.manage'][$group->id] = 1;
foreach ($flexi_action_names as $action_name) {
//if ($action_name == 'core.admin') continue; // component CONFIGURE action, skip it, this will can only be granted by STEP 2
if (in_array($action_name, $joomla_action_names)) {
continue;
}
// Skip Joomla STANDARD rules allowing them to inherit
$flexi_rules[$action_name][$group->id] = 1;
}
}
// STEP 2: we will set ACTIONS already granted in GLOBAL CONFIGURATION (this include the COMPONENT CONFIGURE 'core.admin' action)
// NOTE: that actions that do not exist in global configuration, will not be set here, so they will default to the the setting received by STEP 1
// NOTE: this was commented out and thus heritage will be used instead for existing Global ACTIONS
/*foreach($flexi_action_names as $action_name) {
if (JAccess::checkGroup($group->id, $action_name)) {
$flexi_rules[$action_name][$group->id] = 1;
}
}*/
// STEP 3: Handle some special case of custom-added ACTIONs
// e.g. Grant --OWNED-- actions if they have the corresponding --GENERAL-- actions
if (!empty($flexi_rules['core.delete'][$group->id])) {
if (in_array('core.delete.own', $flexi_action_names)) {
$flexi_rules['core.delete.own'][$group->id] = 1;
}
//CanDeleteOwn
}
if (!empty($flexi_rules['core.edit.state'][$group->id])) {
if (in_array('core.edit.state.own', $flexi_action_names)) {
$flexi_rules['core.edit.state.own'][$group->id] = 1;
}
//CanPublishOwn
}
// Give these regardless of edit privelege, since if the do not have edit then they cannot access item form and save task anyway
//if( !empty($flexi_rules['core.edit'][$group->id]) || !empty($flexi_rules['core.edit.own'][$group->id])) {
if (1) {
if (in_array('flexicontent.change.cat', $flexi_action_names)) {
$flexi_rules['flexicontent.change.cat'][$group->id] = 1;
}
// CanChangeCat
if (in_array('flexicontent.change.cat.sec', $flexi_action_names)) {
$flexi_rules['flexicontent.change.cat.sec'][$group->id] = 1;
}
// CanChangeSecCat
if (in_array('flexicontent.change.cat.feat', $flexi_action_names)) {
$flexi_rules['flexicontent.change.cat.feat'][$group->id] = 1;
}
// CanChangeFeatCat
if (in_array('flexicontent.uploadfiles', $flexi_action_names)) {
$flexi_rules['flexicontent.uploadfiles'][$group->id] = 1;
}
// CanUploadFiles
}
// By default give to everybody the edit field values privelege
if (in_array('flexicontent.editfieldvalues', $flexi_action_names)) {
$flexi_rules['flexicontent.editfieldvalues'][$group->id] = 1;
}
//CanEditFieldValues
}
// return rules, a NOTE: MAYBE in future we create better initial permissions by checking allow/deny/inherit values instead of just HAS ACTION ...
return $flexi_rules;
}
/**
* Tests the JAccessRules::getAllowed method.
*
* @return void
*
* @since 11.1
*/
public function testGetAllowed()
{
$array1 = array('create' => array(-42 => 1), 'edit' => array(-42 => 1), 'delete' => array(-42 => 0, 2 => 1));
$result = new JObject();
$result->set('create', true);
$result->set('edit', true);
$rules = new JAccessRules($array1);
$allowed = $rules->getAllowed(-42);
$this->assertThat($result, $this->equalTo($allowed));
}
/**
* Method to save the configuration data.
*
* @param array $data An array containing all global config data.
*
* @return boolean True on success, false on failure.
*
* @since 1.6
*/
public function save($data)
{
$app = JFactory::getApplication();
// Check that we aren't setting wrong database configuration
$options = array('driver' => $data['dbtype'], 'host' => $data['host'], 'user' => $data['user'], 'password' => JFactory::getConfig()->get('password'), 'database' => $data['db'], 'prefix' => $data['dbprefix']);
try {
$dbc = JDatabaseDriver::getInstance($options)->getVersion();
} catch (Exception $e) {
$app->enqueueMessage(JText::_('JLIB_DATABASE_ERROR_DATABASE_CONNECT'), 'error');
return false;
}
// Save the rules
if (isset($data['rules'])) {
$rules = new JAccessRules($data['rules']);
// Check that we aren't removing our Super User permission
// Need to get groups from database, since they might have changed
$myGroups = JAccess::getGroupsByUser(JFactory::getUser()->get('id'));
$myRules = $rules->getData();
$hasSuperAdmin = $myRules['core.admin']->allow($myGroups);
if (!$hasSuperAdmin) {
$app->enqueueMessage(JText::_('COM_CONFIG_ERROR_REMOVING_SUPER_ADMIN'), 'error');
return false;
}
$asset = JTable::getInstance('asset');
if ($asset->loadByName('root.1')) {
$asset->rules = (string) $rules;
if (!$asset->check() || !$asset->store()) {
$app->enqueueMessage(JText::_('SOME_ERROR_CODE'), 'error');
return;
}
} else {
$app->enqueueMessage(JText::_('COM_CONFIG_ERROR_ROOT_ASSET_NOT_FOUND'), 'error');
return false;
}
unset($data['rules']);
}
// Save the text filters
if (isset($data['filters'])) {
$registry = new Registry();
$registry->loadArray(array('filters' => $data['filters']));
$extension = JTable::getInstance('extension');
// Get extension_id
$extension_id = $extension->find(array('name' => 'com_config'));
if ($extension->load((int) $extension_id)) {
$extension->params = (string) $registry;
if (!$extension->check() || !$extension->store()) {
$app->enqueueMessage(JText::_('SOME_ERROR_CODE'), 'error');
return;
}
} else {
$app->enqueueMessage(JText::_('COM_CONFIG_ERROR_CONFIG_EXTENSION_NOT_FOUND'), 'error');
return false;
}
unset($data['filters']);
}
// Get the previous configuration.
$prev = new JConfig();
$prev = JArrayHelper::fromObject($prev);
// Merge the new data in. We do this to preserve values that were not in the form.
$data = array_merge($prev, $data);
/*
* Perform miscellaneous options based on configuration settings/changes.
*/
// Escape the offline message if present.
if (isset($data['offline_message'])) {
$data['offline_message'] = JFilterOutput::ampReplace($data['offline_message']);
}
// Purge the database session table if we are changing to the database handler.
if ($prev['session_handler'] != 'database' && $data['session_handler'] == 'database') {
$table = JTable::getInstance('session');
$table->purge(-1);
}
if (empty($data['cache_handler'])) {
$data['caching'] = 0;
}
$path = JPATH_SITE . '/cache';
// Give a warning if the cache-folder can not be opened
if ($data['caching'] > 0 && $data['cache_handler'] == 'file' && @opendir($path) == false) {
JLog::add(JText::sprintf('COM_CONFIG_ERROR_CACHE_PATH_NOTWRITABLE', $path), JLog::WARNING, 'jerror');
$data['caching'] = 0;
}
// Clean the cache if disabled but previously enabled.
if (!$data['caching'] && $prev['caching']) {
$cache = JFactory::getCache();
$cache->clean();
}
// Create the new configuration object.
$config = new Registry('config');
$config->loadArray($data);
// Overwrite the old FTP credentials with the new ones.
$temp = JFactory::getConfig();
$temp->set('ftp_enable', $data['ftp_enable']);
$temp->set('ftp_host', $data['ftp_host']);
$temp->set('ftp_port', $data['ftp_port']);
$temp->set('ftp_user', $data['ftp_user']);
$temp->set('ftp_pass', $data['ftp_pass']);
$temp->set('ftp_root', $data['ftp_root']);
// Clear cache of com_config component.
$this->cleanCache('_system', 0);
$this->cleanCache('_system', 1);
// Write the configuration file.
return $this->writeConfigFile($config);
}
/**
* Constructor.
*
* The input array must be in the form: array('action' => array(-42 => true, 3 => true, 4 => false))
* or an equivalent JSON encoded string, or an object where properties are arrays.
*
* @param mixed $input A JSON format string (probably from the database) or a nested array.
*
* @since 11.1
* @deprecated 12.3
*/
public function __construct($input = '')
{
JLog::add('JRules is deprecated. Use JAccessRules instead.', JLog::WARNING, 'deprecated');
parent::__construct($input);
}
/**
* Method to save the configuration data.
*
* @param array $data An array containing all global config data.
*
* @return boolean True on success, false on failure.
*
* @since 1.6
*/
public function save($data)
{
$app = JFactory::getApplication();
// Check that we aren't setting wrong database configuration
$options = array('driver' => $data['dbtype'], 'host' => $data['host'], 'user' => $data['user'], 'password' => JFactory::getConfig()->get('password'), 'database' => $data['db'], 'prefix' => $data['dbprefix']);
try {
$dbc = JDatabaseDriver::getInstance($options)->getVersion();
} catch (Exception $e) {
$app->enqueueMessage(JText::_('JLIB_DATABASE_ERROR_DATABASE_CONNECT'), 'error');
return false;
}
// Check if we can set the Force SSL option
if ((int) $data['force_ssl'] !== 0 && (int) $data['force_ssl'] !== (int) JFactory::getConfig()->get('force_ssl', '0')) {
try {
// Make an HTTPS request to check if the site is available in HTTPS.
$host = JUri::getInstance()->getHost();
$options = new \Joomla\Registry\Registry();
$options->set('userAgent', 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:41.0) Gecko/20100101 Firefox/41.0');
$options->set('transport.curl', array(CURLOPT_SSL_VERIFYPEER => false));
$response = JHttpFactory::getHttp($options)->get('https://' . $host . JUri::root(true) . '/', array('Host' => $host), 10);
// If available in HTTPS check also the status code.
if (!in_array($response->code, array(200, 503, 301, 302, 303, 304, 305, 306, 307, 308, 309, 310), true)) {
throw new RuntimeException('HTTPS version of the site returned an invalid HTTP status code.');
}
} catch (RuntimeException $e) {
$data['force_ssl'] = 0;
// Also update the user state
$app->setUserState('com_config.config.global.data.force_ssl', 0);
// Inform the user
$app->enqueueMessage(JText::_('COM_CONFIG_ERROR_SSL_NOT_AVAILABLE'), 'warning');
}
}
// Save the rules
if (isset($data['rules'])) {
$rules = new JAccessRules($data['rules']);
// Check that we aren't removing our Super User permission
// Need to get groups from database, since they might have changed
$myGroups = JAccess::getGroupsByUser(JFactory::getUser()->get('id'));
$myRules = $rules->getData();
$hasSuperAdmin = $myRules['core.admin']->allow($myGroups);
if (!$hasSuperAdmin) {
$app->enqueueMessage(JText::_('COM_CONFIG_ERROR_REMOVING_SUPER_ADMIN'), 'error');
return false;
}
$asset = JTable::getInstance('asset');
if ($asset->loadByName('root.1')) {
$asset->rules = (string) $rules;
if (!$asset->check() || !$asset->store()) {
$app->enqueueMessage(JText::_('SOME_ERROR_CODE'), 'error');
return;
}
} else {
$app->enqueueMessage(JText::_('COM_CONFIG_ERROR_ROOT_ASSET_NOT_FOUND'), 'error');
return false;
}
unset($data['rules']);
}
// Save the text filters
if (isset($data['filters'])) {
$registry = new Registry();
$registry->loadArray(array('filters' => $data['filters']));
$extension = JTable::getInstance('extension');
// Get extension_id
$extension_id = $extension->find(array('name' => 'com_config'));
if ($extension->load((int) $extension_id)) {
$extension->params = (string) $registry;
if (!$extension->check() || !$extension->store()) {
$app->enqueueMessage(JText::_('SOME_ERROR_CODE'), 'error');
return;
}
} else {
$app->enqueueMessage(JText::_('COM_CONFIG_ERROR_CONFIG_EXTENSION_NOT_FOUND'), 'error');
return false;
}
unset($data['filters']);
}
// Get the previous configuration.
$prev = new JConfig();
$prev = JArrayHelper::fromObject($prev);
// Merge the new data in. We do this to preserve values that were not in the form.
$data = array_merge($prev, $data);
/*
* Perform miscellaneous options based on configuration settings/changes.
*/
// Escape the offline message if present.
if (isset($data['offline_message'])) {
$data['offline_message'] = JFilterOutput::ampReplace($data['offline_message']);
}
// Purge the database session table if we are changing to the database handler.
if ($prev['session_handler'] != 'database' && $data['session_handler'] == 'database') {
$table = JTable::getInstance('session');
$table->purge(-1);
}
if (empty($data['cache_handler'])) {
$data['caching'] = 0;
}
$path = JPATH_SITE . '/cache';
// Give a warning if the cache-folder can not be opened
if ($data['caching'] > 0 && $data['cache_handler'] == 'file' && @opendir($path) == false) {
JLog::add(JText::sprintf('COM_CONFIG_ERROR_CACHE_PATH_NOTWRITABLE', $path), JLog::WARNING, 'jerror');
$data['caching'] = 0;
}
// Clean the cache if disabled but previously enabled.
if (!$data['caching'] && $prev['caching']) {
$cache = JFactory::getCache();
$cache->clean();
}
// Create the new configuration object.
$config = new Registry('config');
$config->loadArray($data);
// Overwrite the old FTP credentials with the new ones.
$temp = JFactory::getConfig();
$temp->set('ftp_enable', $data['ftp_enable']);
$temp->set('ftp_host', $data['ftp_host']);
$temp->set('ftp_port', $data['ftp_port']);
$temp->set('ftp_user', $data['ftp_user']);
$temp->set('ftp_pass', $data['ftp_pass']);
$temp->set('ftp_root', $data['ftp_root']);
// Clear cache of com_config component.
$this->cleanCache('_system', 0);
$this->cleanCache('_system', 1);
// Write the configuration file.
return $this->writeConfigFile($config);
}
/**
* Gets the default asset values for a component.
*
* @param $string $component The component asset name to search for
*
* @return JAccessRules The JAccessRules object for the asset
*/
protected function getDefaultAssetValues($component, $try = true)
{
// Need to find the asset id by the name of the component.
$db = JFactory::getDbo();
$query = $db->getQuery(true)->select($db->quoteName('id'))->from($db->quoteName('#__assets'))->where($db->quoteName('name') . ' = ' . $db->quote($component));
$db->setQuery($query);
$db->execute();
if ($db->loadRowList()) {
// asset alread set so use saved rules
$assetId = (int) $db->loadResult();
return JAccess::getAssetRules($assetId);
} elseif ($try) {
$try = explode('.', $component);
$result = $this->getDefaultAssetValues($try[0], false);
if ($result instanceof JAccessRules) {
if (isset($try[1])) {
$_result = (string) $result;
$_result = json_decode($_result);
foreach ($_result as $name => &$rule) {
$v = explode('.', $name);
if ($try[1] !== $v[0]) {
// remove since it is not part of this view
unset($_result->{$name});
} else {
// clear the value since we inherit
$rule = array();
}
}
// check if there are any view values remaining
if (count($_result)) {
$_result = json_encode($_result);
$_result = array($_result);
// Instantiate and return the JAccessRules object for the asset rules.
$rules = new JAccessRules();
$rules->mergeCollection($_result);
return $rules;
}
}
return $result;
}
}
return JAccess::getAssetRules(0);
}
/**
* Method to return the JAccessRules object for an asset. The returned object can optionally hold
* only the rules explicitly set for the asset or the summation of all inherited rules from
* parent assets and explicit rules.
*
* @param mixed $asset Integer asset id or the name of the asset as a string.
* @param boolean $recursive True to return the rules object with inherited rules.
* @param boolean $recursiveParentAsset True to calculate the rule also based on inherited component/extension rules.
*
* @return JAccessRules JAccessRules object for the asset.
*
* @since 11.1
*/
public static function getAssetRules($asset, $recursive = false, $recursiveParentAsset = true)
{
// Get instance of the Profiler:
$_PROFILER = JProfiler::getInstance('Application');
$extensionName = self::getExtensionNameFromAsset($asset);
// Almost all calls should have recursive set to true
// so we'll get to take advantage of preloading:
if ($recursive && $recursiveParentAsset && isset(self::$assetPermissionsByName[$extensionName]) && isset(self::$assetPermissionsByName[$extensionName][$asset])) {
// Mark in the profiler.
JDEBUG ? $_PROFILER->mark('Start JAccess::getAssetRules New (' . $asset . ')') : null;
$assetType = self::getAssetType($asset);
$assetId = self::$assetPermissionsByName[$extensionName][$asset]->id;
$ancestors = array_reverse(self::getAssetAncestors($assetType, $assetId));
// Collects permissions for each $asset
$collected = array();
foreach ($ancestors as $id) {
$collected[] = self::$assetPermissionsById[$extensionName][$id]->rules;
}
/**
* Hashing the collected rules allows us to store
* only one instance of the JAccessRules object for
* Assets that have the same exact permissions...
* it's a great way to save some memory.
*/
$hash = md5(implode(',', $collected));
if (!isset(self::$assetRulesIdentities[$hash])) {
$rules = new JAccessRules();
$rules->mergeCollection($collected);
self::$assetRulesIdentities[$hash] = $rules;
}
// Mark in the profiler.
JDEBUG ? $_PROFILER->mark('Finish JAccess::getAssetRules New (' . $asset . ')') : null;
return self::$assetRulesIdentities[$hash];
} else {
// Mark in the profiler.
JDEBUG ? $_PROFILER->mark('Start JAccess::getAssetRules Old (' . $asset . ')') : null;
if ($asset === "1") {
// There's no need to process it with the
// recursive method for the Root Asset ID.
$recursive = false;
}
// Get the database connection object.
$db = JFactory::getDbo();
// Build the database query to get the rules for the asset.
$query = $db->getQuery(true)->select($recursive ? 'b.rules' : 'a.rules')->from('#__assets AS a');
$extensionString = '';
if ($recursiveParentAsset && ($extensionName !== $asset || is_numeric($asset))) {
$extensionString = ' OR a.name = ' . $db->quote($extensionName);
}
$recursiveString = '';
if ($recursive) {
$recursiveString = ' OR a.parent_id=0';
}
// If the asset identifier is numeric assume it is a primary key, else lookup by name.
if (is_numeric($asset)) {
$query->where('(a.id = ' . (int) $asset . $extensionString . $recursiveString . ')');
} else {
$query->where('(a.name = ' . $db->quote($asset) . $extensionString . $recursiveString . ')');
}
// If we want the rules cascading up to the global asset node we need a self-join.
if ($recursive) {
$query->join('LEFT', '#__assets AS b ON b.lft <= a.lft AND b.rgt >= a.rgt')->order('b.lft');
}
// Execute the query and load the rules from the result.
$db->setQuery($query);
$result = $db->loadColumn();
// Get the root even if the asset is not found and in recursive mode
if (empty($result)) {
$db = JFactory::getDbo();
$assets = JTable::getInstance('Asset', 'JTable', array('dbo' => $db));
$rootId = $assets->getRootId();
$query->clear()->select('rules')->from('#__assets')->where('id = ' . $db->quote($rootId));
$db->setQuery($query);
$result = $db->loadResult();
$result = array($result);
}
// Instantiate and return the JAccessRules object for the asset rules.
$rules = new JAccessRules();
$rules->mergeCollection($result);
JDEBUG ? $_PROFILER->mark('Finish JAccess::getAssetRules Old (' . $asset . ')') : null;
return $rules;
}
}
/**
* Method to save the configuration data.
*
* @param array An array containing all global config data.
* @return bool True on success, false on failure.
* @since 1.6
*/
public function save($data)
{
// Save the rules
if (isset($data['rules'])) {
$rules = new JAccessRules($data['rules']);
// Check that we aren't removing our Super User permission
// Need to get groups from database, since they might have changed
$myGroups = JAccess::getGroupsByUser(JFactory::getUser()->get('id'));
$myRules = $rules->getData();
$hasSuperAdmin = $myRules['core.admin']->allow($myGroups);
if (!$hasSuperAdmin) {
$this->setError(JText::_('COM_CONFIG_ERROR_REMOVING_SUPER_ADMIN'));
return false;
}
$asset = JTable::getInstance('asset');
if ($asset->loadByName('root.1')) {
$asset->rules = (string) $rules;
if (!$asset->check() || !$asset->store()) {
JError::raiseNotice('SOME_ERROR_CODE', $asset->getError());
}
} else {
$this->setError(JText::_('COM_CONFIG_ERROR_ROOT_ASSET_NOT_FOUND'));
return false;
}
unset($data['rules']);
}
// Save the text filters
if (isset($data['filters'])) {
$registry = new JRegistry();
$registry->loadArray(array('filters' => $data['filters']));
$extension = JTable::getInstance('extension');
// Get extension_id
$extension_id = $extension->find(array('name' => 'com_config'));
if ($extension->load((int) $extension_id)) {
$extension->params = (string) $registry;
if (!$extension->check() || !$extension->store()) {
JError::raiseNotice('SOME_ERROR_CODE', $extension->getError());
}
} else {
$this->setError(JText::_('COM_CONFIG_ERROR_CONFIG_EXTENSION_NOT_FOUND'));
return false;
}
unset($data['filters']);
}
// Get the previous configuration.
$prev = new JConfig();
$prev = JArrayHelper::fromObject($prev);
// Merge the new data in. We do this to preserve values that were not in the form.
$data = array_merge($prev, $data);
/*
* Perform miscellaneous options based on configuration settings/changes.
*/
// Escape the sitename if present.
if (isset($data['sitename'])) {
$data['sitename'] = $data['sitename'];
}
// Escape the MetaDesc if present.
if (isset($data['MetaDesc'])) {
$data['MetaDesc'] = $data['MetaDesc'];
}
// Escape the MetaKeys if present.
if (isset($data['MetaKeys'])) {
$data['MetaKeys'] = $data['MetaKeys'];
}
// Escape the offline message if present.
if (isset($data['offline_message'])) {
$data['offline_message'] = JFilterOutput::ampReplace($data['offline_message']);
}
// Purge the database session table if we are changing to the database handler.
if ($prev['session_handler'] != 'database' && $data['session_handler'] == 'database') {
$table = JTable::getInstance('session');
$table->purge(-1);
}
if (empty($data['cache_handler'])) {
$data['caching'] = 0;
}
// Clean the cache if disabled but previously enabled.
if (!$data['caching'] && $prev['caching']) {
$cache = JFactory::getCache();
$cache->clean();
}
// Create the new configuration object.
$config = new JRegistry('config');
$config->loadArray($data);
/*
* Write the configuration file.
*/
jimport('joomla.filesystem.path');
jimport('joomla.filesystem.file');
// Set the configuration file path.
$file = JPATH_CONFIGURATION . '/configuration.php';
// Overwrite the old FTP credentials with the new ones.
$temp = JFactory::getConfig();
$temp->set('ftp_enable', $data['ftp_enable']);
$temp->set('ftp_host', $data['ftp_host']);
$temp->set('ftp_port', $data['ftp_port']);
$temp->set('ftp_user', $data['ftp_user']);
$temp->set('ftp_pass', $data['ftp_pass']);
$temp->set('ftp_root', $data['ftp_root']);
// Get the new FTP credentials.
$ftp = JClientHelper::getCredentials('ftp', true);
// Attempt to make the file writeable if using FTP.
if (!$ftp['enabled'] && JPath::isOwner($file) && !JPath::setPermissions($file, '0644')) {
JError::raiseNotice('SOME_ERROR_CODE', JText::_('COM_CONFIG_ERROR_CONFIGURATION_PHP_NOTWRITABLE'));
}
// Attempt to write the configuration file as a PHP class named JConfig.
$configString = $config->toString('PHP', array('class' => 'JConfig', 'closingtag' => false));
if (!JFile::write($file, $configString)) {
$this->setError(JText::_('COM_CONFIG_ERROR_WRITE_FAILED'));
return false;
}
// Attempt to make the file unwriteable if using FTP.
if ($data['ftp_enable'] == 0 && !$ftp['enabled'] && JPath::isOwner($file) && !JPath::setPermissions($file, '0444')) {
JError::raiseNotice('SOME_ERROR_CODE', JText::_('COM_CONFIG_ERROR_CONFIGURATION_PHP_NOTUNWRITABLE'));
}
return true;
}
/**
* @return bool
*/
public function save()
{
$result = parent::save();
if ($result) {
$this->_createFilesContainer();
$this->_createIconsContainer();
$this->_createImagesContainer();
if (file_exists(dirname(__FILE__) . '/../../resources/install/mimetypes.sql')) {
$mimetypes = file_get_contents(dirname(__FILE__) . '/../../resources/install/mimetypes.sql');
if ($mimetypes) {
try {
$db = JFactory::getDBO();
$queries = $db->splitSql($mimetypes);
foreach ($queries as $query) {
if (trim($query)) {
$db->setQuery($query)->execute();
}
}
} catch (Exception $e) {
}
}
}
if ($this->event === 'install') {
// Add a rule to authorize Public group to download
$asset = JTable::getInstance('Asset');
$asset->loadByName('com_docman');
$rules = new JAccessRules($asset->rules);
$rules->mergeAction('com_docman.download', new JAccessRule(array(1 => true)));
$asset->rules = (string) $rules;
if ($asset->check()) {
$asset->store();
}
// Disable finder plugin by default
$finder_id = $this->getExtensionId(array('type' => 'plugin', 'element' => 'docman', 'folder' => 'finder'));
if ($finder_id) {
$query = sprintf('UPDATE #__extensions SET enabled = 0 WHERE extension_id = %d', $finder_id);
JFactory::getDBO()->setQuery($query)->query();
}
}
if ($this->old_version) {
JCache::getInstance('output', array('defaultgroup' => 'com_docman.files'))->clean();
$this->_migrate();
}
}
return $result;
}
/**
* Method to save the configuration data.
*
* @param array An array containing all global config data.
*
* @return bool True on success, false on failure.
*
* @since 1.6
*/
public function save($data)
{
// Save the rules
if (isset($data['rules'])) {
$rules = new JAccessRules($data['rules']);
// Check that we aren't removing our Super User permission
// Need to get groups from database, since they might have changed
$myGroups = JAccess::getGroupsByUser(JFactory::getUser()->get('id'));
$myRules = $rules->getData();
$hasSuperAdmin = $myRules['core.admin']->allow($myGroups);
if (!$hasSuperAdmin) {
$this->setError(JText::_('COM_CONFIG_ERROR_REMOVING_SUPER_ADMIN'));
return false;
}
$asset = JTable::getInstance('asset');
if ($asset->loadByName('root.1')) {
$asset->rules = (string) $rules;
if (!$asset->check() || !$asset->store()) {
JError::raiseNotice('SOME_ERROR_CODE', $asset->getError());
}
} else {
$this->setError(JText::_('COM_CONFIG_ERROR_ROOT_ASSET_NOT_FOUND'));
return false;
}
unset($data['rules']);
}
// Save the text filters
if (isset($data['filters'])) {
$registry = new JRegistry();
$registry->loadArray(array('filters' => $data['filters']));
$extension = JTable::getInstance('extension');
// Get extension_id
$extension_id = $extension->find(array('name' => 'com_config'));
if ($extension->load((int) $extension_id)) {
$extension->params = (string) $registry;
if (!$extension->check() || !$extension->store()) {
JError::raiseNotice('SOME_ERROR_CODE', $extension->getError());
}
} else {
$this->setError(JText::_('COM_CONFIG_ERROR_CONFIG_EXTENSION_NOT_FOUND'));
return false;
}
unset($data['filters']);
}
// Get the previous configuration.
$prev = new JConfig();
$prev = JArrayHelper::fromObject($prev);
// Merge the new data in. We do this to preserve values that were not in the form.
$data = array_merge($prev, $data);
/*
* Perform miscellaneous options based on configuration settings/changes.
*/
// Escape the offline message if present.
if (isset($data['offline_message'])) {
$data['offline_message'] = JFilterOutput::ampReplace($data['offline_message']);
}
// Purge the database session table if we are changing to the database handler.
if ($prev['session_handler'] != 'database' && $data['session_handler'] == 'database') {
$table = JTable::getInstance('session');
$table->purge(-1);
}
if (empty($data['cache_handler'])) {
$data['caching'] = 0;
}
// Clean the cache if disabled but previously enabled.
if (!$data['caching'] && $prev['caching']) {
$cache = JFactory::getCache();
$cache->clean();
}
// Create the new configuration object.
$config = new JRegistry('config');
$config->loadArray($data);
// Overwrite the old FTP credentials with the new ones.
$temp = JFactory::getConfig();
$temp->set('ftp_enable', $data['ftp_enable']);
$temp->set('ftp_host', $data['ftp_host']);
$temp->set('ftp_port', $data['ftp_port']);
$temp->set('ftp_user', $data['ftp_user']);
$temp->set('ftp_pass', $data['ftp_pass']);
$temp->set('ftp_root', $data['ftp_root']);
// Clear cache of com_config component.
$this->cleanCache('_system');
// Write the configuration file.
return $this->writeConfigFile($config);
}
/**
* Validate all URLS and update their "valid" status
*/
public static function installAttachmentsPermissions($verbose = true)
{
jimport('joomla.access.rules');
$app = JFactory::getApplication();
// Get the root rules
$root = JTable::getInstance('asset');
$root->loadByName('root.1');
$root_rules = new JAccessRules($root->rules);
// Define the new rules
$new_rules = new JAccessRules(AttachmentsDefines::$DEFAULT_ATTACHMENTS_ACL_PERMISSIONS);
// Merge the rules into default rules and save it
$root_rules->merge($new_rules);
$root->rules = (string) $root_rules;
if ($root->store()) {
if ($verbose) {
$app->enqueueMessage(JText::_('ATTACH_INSTALLED_DEFAULT_ATTACHMENTS_ASSET_RULES'), 'message');
}
} else {
if ($verbose) {
$app->enqueueMessage(JText::_('ATTACH_INSTALLING_DEFAULT_ATTACHMENTS_ASSET_RULES_FAILED'), 'message');
}
}
}
