/** * Renders the user group tree listing. * * @since 1.0 * @access public * @param object The object to check against. * @param string The controller to be called. * @param string The key for the object. * * @author Mark Lee <*****@*****.**> */ public static function groups($name = 'gid', $selected = '', $exclude = array(), $checkSuperAdmin = false) { static $count; $count++; // If selected value is a string, we assume that it's a json object. if (is_string($selected)) { $json = FD::json(); $selected = $json->decode($selected); } $version = FD::getInstance('Version')->getVersion(); if ($version >= '1.6') { $groups = self::getGroups(); $theme = FD::themes(); $selected = FD::makeArray($selected); $isSuperAdmin = JFactory::getUser()->authorise('core.admin'); $theme->set('name', $name); $theme->set('checkSuperAdmin', $checkSuperAdmin); $theme->set('isSuperAdmin', $isSuperAdmin); $theme->set('selected', $selected); $theme->set('count', $count); $theme->set('groups', $groups); return $theme->output('admin/html/tree.groups'); } return JHTML::_('select.genericlist', JFactory::getAcl()->get_group_children_tree(null, 'USERS', false), 'gid', 'size="10"', 'value', 'text', $selected); }
protected function _actionAdd(KCommandContext $context) { $parameters = JComponentHelper::getParams('com_users'); if (!($group_name = $parameters->get('new_usertype'))) { $group_name = 'Registered'; } $context->data->id = 0; $context->data->group_name = $group_name; $context->data->users_group_id = JFactory::getAcl()->get_group_id('', $group_name, 'ARO'); $context->data->registered_on = JFactory::getDate()->toMySQL(); if ($parameters->get('useractivation') == '1') { $password = $this->getService('com://site/users.helper.password'); $context->data->activation = $password->getHash($password->getRandom(32)); $context->data->enabled = 0; $message = JText::_('REG_COMPLETE_ACTIVATE'); } else { $message = JText::_('REG_COMPLETE'); } return parent::_actionAdd($context); }
/** * Tests the JFactory::getACL method. * * @return void * * @since 12.1 */ public function testGetAcl() { $this->assertInstanceOf('JAccess', JFactory::getAcl(), 'Line: ' . __LINE__); }
/** * Renders a user group select list * * @since 1.0 * @access public * @param string * @return */ public static function usergroups($name, $selected = '') { $model = FD::model('Users'); $groups = $model->getUserGroups(); $theme = FD::themes(); $theme->set('name', $name); $theme->set('selected', $selected); $theme->set('groups', $groups); $output = $theme->output('admin/html/form.usergroups'); return $output; return JHTML::_('select.genericlist', JFactory::getAcl()->get_group_children_tree(null, 'USERS', false), $name, 'size="10"', 'value', 'text', $selected); }
public static function checkPermissions($action, $error_msg, $suffix = '', $auth = false) { $allowed = false; jimport('joomla.version'); $version = new JVersion(); if (version_compare($version->getShortVersion(), '1.6', '<')) { $user = JFactory::getUser(); if ($user->guest) { $user->usertype = 'public frontend'; $user->gid = JFactory::getAcl()->get_group_id('public frontend', 'ARO'); } $user_return = $user->authorize('com_contentbuilder', $action); $published_return = $user->authorize('com_contentbuilder_published', 'any'); if ($published_return !== 'ok') { if (!$auth) { //JError::raiseError(403, $error_msg); JFactory::getApplication()->redirect('index.php', $error_msg, 'error'); } else { return false; } } switch ($action) { case 'edit': $edit_return = $user->authorize('com_contentbuilder_limit_edit', $action); if ($edit_return !== 'ok') { if (!$auth) { //JError::raiseError(403, $error_msg); JFactory::getApplication()->redirect('index.php', $error_msg, 'error'); } else { return false; } } break; } switch ($action) { case 'new': $add_return = $user->authorize('com_contentbuilder_limit_add', $action); if ($add_return !== 'ok') { if (!$auth) { //JError::raiseError(403, $error_msg); JFactory::getApplication()->redirect('index.php', $error_msg, 'error'); } else { return false; } } break; } switch ($action) { case 'edit': case 'new': case 'view': case 'delete': $myaction = $action == 'delete' ? 'edit' : $action; $verify_return = $user->authorize('com_contentbuilder_verify', $myaction); if ($verify_return !== 'ok') { if ($verify_return === 'notok') { if (!$auth) { //JError::raiseError(403, $error_msg); JFactory::getApplication()->redirect('index.php', $error_msg, 'error'); } else { return false; } } else { if ($verify_return !== 'notok') { if (!$auth) { JFactory::getApplication()->redirect($verify_return); } else { return false; } } } } break; } if ($user->guest) { $user->usertype = ''; $user->gid = 0; } if (is_array($user_return) && isset($user_return['own']) && $user_return['own']) { $db = JFactory::getDBO(); static $typeref; if (is_array($typeref)) { $typerefid = $typeref[intval($user_return['form_id'])]; } else { $db->setQuery("Select `type`, `reference_id` From #__contentbuilder_forms Where id = " . intval($user_return['form_id'])); $typerefid = $db->loadAssoc(); $typeref[intval($user_return['form_id'])] = $typerefid; } if (is_array($typerefid)) { $form = self::getForm($typerefid['type'], $typerefid['reference_id']); if ($form && !isset($user_return['record_id'])) { $allowed = true; } else { if (is_array($user_return['record_id'])) { foreach ($user_return['record_id'] as $recid) { $db->setQuery("Select session_id From #__contentbuilder_records Where `record_id` = " . $db->Quote($recid) . " And `type` = " . $db->Quote($typerefid['type']) . " And `reference_id` = " . $db->Quote($typerefid['reference_id']) . ""); $session_id = $db->loadResult(); if ($form && $session_id != JFactory::getSession()->getId() && !$form->isOwner(JFactory::getUser()->get('id', 0), $recid)) { $allowed = false; break; } else { $allowed = true; } } } else { $db->setQuery("Select session_id From #__contentbuilder_records Where `record_id` = " . $db->Quote($user_return['record_id']) . " And `type` = " . $db->Quote($typerefid['type']) . " And `reference_id` = " . $db->Quote($typerefid['reference_id']) . ""); $session_id = $db->loadResult(); if ($form && ($session_id == JFactory::getSession()->getId() || JFactory::getUser()->get('id', 0) && $form->isOwner(JFactory::getUser()->get('id', 0), $user_return['record_id']))) { $allowed = true; } } } } } else { if (!is_array($user_return) && $user_return) { $allowed = true; } } if (!$allowed) { if (!$auth) { //JError::raiseError(403, $error_msg); JFactory::getApplication()->redirect('index.php', $error_msg, 'error'); } else { return false; } } } else { $permissions = JFactory::getSession()->get('permissions' . $suffix, array(), 'com_contentbuilder'); $published_return = $permissions['published']; if (!$published_return) { if (!$auth) { //JError::raiseError(403, $error_msg); JFactory::getApplication()->redirect('index.php', $error_msg, 'error'); } else { return false; } } switch ($action) { case 'edit': $edit_return = $permissions['limit_edit']; if (!$edit_return) { if (!$auth) { //JError::raiseError(403, $error_msg); JFactory::getApplication()->redirect('index.php', $error_msg, 'error'); } else { return false; } } break; } switch ($action) { case 'new': $add_return = $permissions['limit_add']; if (!$add_return) { if (!$auth) { //JError::raiseError(403, $error_msg); JFactory::getApplication()->redirect('index.php', $error_msg, 'error'); } else { return false; } } break; } switch ($action) { case 'edit': case 'new': case 'view': case 'delete': $myaction = $action == 'delete' ? 'edit' : $action; $verify_return = $permissions['verify_' . $myaction]; if ($verify_return !== true) { if ($verify_return === false) { if (!$auth) { //JError::raiseError(403, $error_msg); JFactory::getApplication()->redirect('index.php', $error_msg, 'error'); } else { return false; } } else { if (is_string($verify_return)) { if (!$auth) { JFactory::getApplication()->redirect($verify_return); } else { return false; } } } } break; } if (!isset($permissions['own' . $suffix])) { $gids = array(); $groups = JAccess::getGroupsByUser(JFactory::getUser()->get('id', 0)); foreach ($groups as $gid) { $gids[] = $gid; } foreach ($permissions as $group_id => $group_action) { if (isset($group_action[$action]) && $group_action[$action] && in_array($group_id, $gids)) { $allowed = true; break; } } } else { if (isset($permissions['own' . $suffix][$action])) { $user_return = $permissions['own' . $suffix][$action]; if (is_array($user_return) && isset($user_return['own']) && $user_return['own']) { $db = JFactory::getDBO(); static $typeref; if (is_array($typeref)) { $typerefid = $typeref[intval($user_return['form_id'])]; } else { $db->setQuery("Select `type`, `reference_id` From #__contentbuilder_forms Where id = " . intval($user_return['form_id'])); $typerefid = $db->loadAssoc(); $typeref[intval($user_return['form_id'])] = $typerefid; } if (is_array($typerefid)) { $form = self::getForm($typerefid['type'], $typerefid['reference_id']); if ($form && !isset($user_return['record_id'])) { $allowed = true; } else { if (is_array($user_return['record_id'])) { foreach ($user_return['record_id'] as $recid) { $db->setQuery("Select session_id From #__contentbuilder_records Where `record_id` = " . $db->Quote($recid) . " And `type` = " . $db->Quote($typerefid['type']) . " And `reference_id` = " . $db->Quote($typerefid['reference_id']) . ""); $session_id = $db->loadResult(); if ($form && $session_id != JFactory::getSession()->getId() && !$form->isOwner(JFactory::getUser()->get('id', 0), $recid)) { $allowed = false; break; } else { $allowed = true; } } } else { $db->setQuery("Select session_id From #__contentbuilder_records Where `record_id` = " . $db->Quote($user_return['record_id']) . " And `type` = " . $db->Quote($typerefid['type']) . " And `reference_id` = " . $db->Quote($typerefid['reference_id']) . ""); $session_id = $db->loadResult(); if ($form && ($user_return['record_id'] == false || $session_id == JFactory::getSession()->getId() || $form->isOwner(JFactory::getUser()->get('id', 0), $user_return['record_id']))) { $allowed = true; } } } } } } } if (!$allowed) { if (!$auth) { //JError::raiseError(403, $error_msg); JFactory::getApplication()->redirect('index.php', $error_msg, 'error'); } else { return false; } } } if ($auth) { return true; } }
/** * If table key (id) is NULL : inserts new rows * otherwise updates existing row in the database tables * * Can be overridden or overloaded by the child classes * * @param boolean $updateNulls TRUE: null object variables are also updated, FALSE: not. * @return boolean TRUE if successful otherwise FALSE */ function store($updateNulls = false) { global $_CB_framework, $_CB_database, $ueConfig; $this->id = (int) $this->id; if (checkJversion() == 2) { $this->gids = is_array($this->gids) ? $this->gids : array($this->gid); $this->gid = (int) $_CB_framework->acl->getBackwardsCompatibleGid($this->gids); } else { $this->gid = (int) $this->gid; $this->gids = array($this->gid); } $isNew = $this->id == 0; $oldUsername = null; $oldGid = null; $oldGids = array(); $oldBlock = null; if (!$isNew) { // get actual username to update sessions in case: $sql = 'SELECT ' . $_CB_database->NameQuote($this->_cmsUserTableUsername) . (checkJversion() < 2 ? ', ' . $_CB_database->NameQuote($this->_cmsUserTableGid) : null) . ', ' . $_CB_database->NameQuote('block') . ' FROM ' . $_CB_database->NameQuote($this->_cmsUserTable) . ' WHERE ' . $_CB_database->NameQuote($this->_cmsUserTableKey) . ' = ' . (int) $this->user_id; $_CB_database->setQuery($sql); $oldEntry = null; if ($_CB_database->loadObject($oldEntry)) { $oldUsername = $oldEntry->username; if (checkJversion() == 2) { $gids = array_values((array) JFactory::getAcl()->getGroupsByUser($this->id, false)); foreach ($gids as $k => $v) { $gids[$k] = (string) $v; } $oldGids = $gids; $oldGid = (int) $_CB_framework->acl->getBackwardsCompatibleGid($oldGids); } else { $oldGid = (int) $oldEntry->gid; $oldGids = array($oldEntry->gid); } $oldBlock = $oldEntry->block; } } // insure usertype is in sync with gid: /* * This could be a better method: if ( checkJversion() == 1 ) { $gdataArray = $_CB_framework->acl->get_group_data( (int) $this->gid, 'ARO' ); if ( $gdataArray ) { $this->usertype = $gdataArray[3]; } else { user_error( sprintf( 'comprofilerUser::store: gacl:get_group_data: for user_id %d, name of group_id %d not found in acl groups table.', $this->id, $this->gid ), E_USER_WARNING ); $this->usertype = 'Registered'; } } else { $this->usertype = $_CB_framework->acl->get_group_name( (int) $gid, 'ARO' ); } */ if (checkJversion() == 2) { $this->usertype = null; } else { if (checkJversion() == 1) { $query = 'SELECT name' . "\n FROM #__core_acl_aro_groups" . "\n WHERE id = " . (int) $this->gid; } else { $query = 'SELECT name' . "\n FROM #__core_acl_aro_groups" . "\n WHERE group_id = " . (int) $this->gid; } $_CB_database->setQuery($query); $this->usertype = $_CB_database->loadResult(); } if (!$isNew && $this->confirmed == 0 && $this->cbactivation == '' && $ueConfig['reg_confirmation'] != 0) { $this->_setActivationCode(); } // creates CMS and CB objects: $this->_mapUsers(); // remove the previous email set in bindSafely() and needed for checkSafely(): unset($this->_original_email); // stores first into CMS to get id of user if new: if (is_callable(array($this->_cmsUser, 'store'))) { $result = $this->_cmsUser->store($updateNulls); if (!$result) { $this->_error = $this->_cmsUser->getError(); } } else { if (checkJversion() == 2) { $this->_cmsUser->groups = $this->gids; } $result = $this->_cmsUser->save(); // Joomla 1.5 native if (!$result) { $this->_error = $this->_cmsUser->getError(); if (class_exists('JText')) { $this->_error = JText::_($this->_error); } } } if ($result) { // synchronize id and user_id: if ($isNew) { if ($this->_cmsUser->id == 0) { // this is only for mambo 4.5.0 backwards compatibility. 4.5.2.3 $row->store() updates id on insert $sql = 'SELECT ' . $_CB_database->NameQuote($this->_cmsUserTableKey) . ' FROM ' . $_CB_database->NameQuote($this->_cmsUserTable) . ' WHERE ' . $_CB_database->NameQuote($this->_cmsUserTableUsername) . ' = ' . $_CB_database->Quote($this->username); $_CB_database->setQuery($sql); $this->_cmsUser->id = (int) $_CB_database->loadResult(); } $this->id = $this->_cmsUser->id; $this->_comprofilerUser->id = $this->_cmsUser->id; if ($this->confirmed == 0 && $this->cbactivation == '' && $ueConfig['reg_confirmation'] != 0) { $this->_setActivationCode(); } } // stores CB user into comprofiler: if new, inserts, otherwise updates: if ($this->user_id == 0) { $this->user_id = $this->_cmsUser->id; $this->_comprofilerUser->user_id = $this->user_id; $result = $this->_comprofilerUser->storeNew($updateNulls); } else { $result = $this->_comprofilerUser->store($updateNulls); } if (!$result) { $this->_error = $this->_comprofilerUser->getError(); } } if ($result) { // update the ACL: if (checkJversion() == 2) { $query = 'SELECT m.id AS aro_id, a.group_id FROM #__user_usergroup_map AS a' . "\n INNER JOIN #__usergroups AS m ON m.id= a.group_id" . "\n WHERE a.user_id = " . (int) $this->id; } elseif (checkJversion() == 1) { $query = 'SELECT a.id AS aro_id, m.group_id FROM #__core_acl_aro AS a' . "\n INNER JOIN #__core_acl_groups_aro_map AS m ON m.aro_id = a.id" . "\n WHERE a.value = " . $_CB_database->Quote((int) $this->id); } else { $query = 'SELECT a.aro_id, m.group_id FROM #__core_acl_aro AS a' . "\n INNER JOIN #__core_acl_groups_aro_map AS m ON m.aro_id = a.aro_id" . "\n WHERE a.value = " . $_CB_database->Quote((int) $this->id); } $_CB_database->setQuery($query); $aro_group = null; $result = $_CB_database->loadObject($aro_group); if ($result && $aro_group->group_id != $this->gid) { if (checkJversion() == 2) { // $query = 'UPDATE #__user_usergroup_map' // . "\n SET group_id = " . (int) $this->gid // . "\n WHERE user_id = " . (int) $this->id // . ( $oldGid ? "\n AND group_id = " . (int) $oldGid : null ) // ; // $_CB_database->setQuery( $query ); // $result = $_CB_database->query(); } else { $query = 'UPDATE #__core_acl_groups_aro_map' . "\n SET group_id = " . (int) $this->gid . "\n WHERE aro_id = " . (int) $aro_group->aro_id; $_CB_database->setQuery($query); $result = $_CB_database->query(); } } if ($result && !$isNew && ($oldUsername != $this->username || $aro_group->group_id != $this->gid || $oldGid != $this->gid || self::_ArraysEquivalent($oldGids, $this->gids) || $oldBlock == 0 && $this->block == 1)) { // Update current sessions state if there is a change in gid or in username: if ($this->block == 0) { $sessionGid = 1; if ($_CB_framework->acl->is_group_child_of($this->usertype, 'Registered', 'ARO') || $_CB_framework->acl->is_group_child_of($this->usertype, 'Public Backend', 'ARO')) { // Authors, Editors, Publishers and Super Administrators are part of the Special Group: $sessionGid = 2; } $query = 'UPDATE #__session ' . "\n SET username = "******"\n WHERE userid = " . (int) $this->id; //TBD: here maybe jaclplus fields update if JACLplus installed.... $_CB_database->setQuery($query); $result = $_CB_database->query(); if (checkJversion() >= 2) { // This is needed for instant adding of groups to logged-in user (fixing bug #3581): $session = JFactory::getSession(); $jUser = $session->get('user'); if ($jUser->id == $this->id) { JAccess::clearStatics(); $session->set('user', new JUser((int) $this->id)); } } } else { // logout user now that user login has been blocked: if ($_CB_framework->myId() == $this->id) { $_CB_framework->logout(); } $_CB_database->setQuery("DELETE FROM #__session WHERE userid = " . (int) $this->id); //TBD: check if this is enough for J 1.5 $result = $_CB_database->query(); } } if (!$result) { $this->_error = $_CB_database->stderr(); return false; } } return $result; }
function &_getCmsUserObject($cmsUserId = null) { if ($this->_cmsUserNeedsDb) { global $_CB_database; $obj = new $this->_cmsUserClassName($_CB_database); } else { $obj = new $this->_cmsUserClassName(); } if ($cmsUserId !== null) { if (!$obj->load((int) $cmsUserId)) { $obj = null; } else { if (checkJversion() == 2) { global $_CB_framework; $obj->gid = (int) $_CB_framework->acl->getBackwardsCompatibleGid(array_values((array) JFactory::getAcl()->getGroupsByUser($obj->id, false))); } } } return $obj; }
/** * If table key (id) is NULL : inserts new rows * otherwise updates existing row in the database tables * * Can be overridden or overloaded by the child classes * * @param boolean $updateNulls TRUE: null object variables are also updated, FALSE: not. * @return boolean TRUE if successful otherwise FALSE * * @throws \RuntimeException */ public function store($updateNulls = false) { global $_CB_framework, $ueConfig; $this->id = (int) $this->id; $isNew = $this->id == 0; $oldUsername = null; $oldGids = array(); $oldBlock = null; if (!$isNew) { // get actual username to update sessions in case: $sql = 'SELECT ' . $this->_db->NameQuote($this->_cmsUserTableUsername) . ', ' . $this->_db->NameQuote('block') . ' FROM ' . $this->_db->NameQuote($this->_cmsUserTable) . ' WHERE ' . $this->_db->NameQuote($this->_cmsUserTableKey) . ' = ' . (int) $this->user_id; $this->_db->setQuery($sql); $oldEntry = null; if ($this->_db->loadObject($oldEntry)) { /** @var \JUser $oldEntry */ $oldUsername = $oldEntry->username; $gids = array_values((array) \JFactory::getAcl()->getGroupsByUser($this->id, false)); foreach ($gids as $k => $v) { $gids[$k] = (string) $v; } $oldGids = $gids; $oldBlock = $oldEntry->block; } } if (!$isNew && $this->confirmed == 0 && $this->cbactivation == '' && $ueConfig['reg_confirmation'] != 0) { $this->_setActivationCode(); } // creates CMS and CB objects: $this->_mapUsers(); // remove the previous email set in bindSafely() and needed for checkSafely(): unset($this->_original_email); // stores first into CMS to get id of user if new: $this->_cmsUser->groups = $this->gids; $result = $this->_cmsUser->save(); if (!$result) { $this->_error = $this->_cmsUser->getError(); if (class_exists('JText')) { $this->_error = \JText::_($this->_error); } } if ($result) { // synchronize id and user_id: if ($isNew) { $this->id = $this->_cmsUser->id; $this->_comprofilerUser->id = $this->_cmsUser->id; if ($this->confirmed == 0 && $this->cbactivation == '' && $ueConfig['reg_confirmation'] != 0) { $this->_setActivationCode(); } } // stores CB user into comprofiler: if new, inserts, otherwise updates: if ($this->user_id == 0) { $this->user_id = $this->_cmsUser->id; $this->_comprofilerUser->user_id = $this->user_id; $result = $this->_comprofilerUser->storeNew($updateNulls); } else { $result = $this->_comprofilerUser->store($updateNulls); } if (!$result) { $this->_error = $this->_comprofilerUser->getError(); } } if ($result) { // update the ACL: $query = 'SELECT m.id AS aro_id, a.group_id FROM #__user_usergroup_map AS a' . "\n INNER JOIN #__usergroups AS m ON m.id= a.group_id" . "\n WHERE a.user_id = " . (int) $this->id; $this->_db->setQuery($query); $aro_group = null; $result = $this->_db->loadObject($aro_group); /** @var \StdClass $aro_group */ if ($result && !$isNew && ($oldUsername != $this->username || self::_ArraysEquivalent($oldGids, $this->gids) || $oldBlock == 0 && $this->block == 1)) { // Update current sessions state if there is a change in gid or in username: if ($this->block == 0) { $query = 'UPDATE #__session ' . "\n SET username = "******"\n WHERE userid = " . (int) $this->id; $this->_db->setQuery($query); $result = $this->_db->query(); // This is needed for instant adding of groups to logged-in user (fixing bug #3581): $session = \JFactory::getSession(); $jUser = $session->get('user'); if ($jUser->id == $this->id) { \JAccess::clearStatics(); $session->set('user', new \JUser((int) $this->id)); } } else { // logout user now that user login has been blocked: if ($_CB_framework->myId() == $this->id) { $_CB_framework->logout(); } $this->_db->setQuery("DELETE FROM #__session WHERE userid = " . (int) $this->id); //TBD: check if this is enough for J 1.5 $result = $this->_db->query(); } } if (!$result) { $this->_error = $this->_db->stderr(); return false; } } return $result; }