/** * Authorization check * Checks if the group is a system group and the user has super admin access * * @param object $group \Hubzero\User\Group * @return boolean True if authorized, false if not. */ protected function authorize($task, $group = null) { // get users actions $canDo = Permissions::getActions('group'); // build task name $taskName = 'core.' . $task; // can user perform task if (!$canDo->get($taskName) || !$canDo->get('core.admin') && $task == 'edit' && $group->get('type') == 0) { // No access - redirect to main listing App::redirect(Route::url('index.php?option=' . $this->_option . '&controller=' . $this->_controller, false), Lang::txt('COM_GROUPS_NOT_AUTH'), 'error'); return false; } return true; }
* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN * THE SOFTWARE. * * HUBzero is a registered trademark of Purdue University. * * @package hubzero-cms * @copyright Copyright 2005-2015 HUBzero Foundation, LLC. * @license http://opensource.org/licenses/MIT MIT */ // No direct access defined('_HZEXEC_') or die; $tmpl = Request::getVar('tmpl', ''); $canDo = \Components\Groups\Helpers\Permissions::getActions('group'); Toolbar::title(Lang::txt('COM_GROUPS') . ': ' . Lang::txt('COM_GROUPS_ROLES'), 'groups.png'); if ($canDo->get('core.create')) { Toolbar::addNew(); } if ($canDo->get('core.edit')) { Toolbar::editList(); } if ($canDo->get('core.delete')) { Toolbar::deleteList('COM_GROUPS_DELETE_CONFIRM', 'delete'); } Toolbar::spacer(); Toolbar::help('groups'); Html::behavior('tooltip'); ?> <script type="text/javascript">
"> <?php echo Lang::txt('TPL_SYSTEM_GROUP_EDIT'); ?> <span><?php echo Lang::txt('TPL_SYSTEM_GROUP_EDIT_DESC'); ?> </span> </a> </li> <?php } ?> <?php if ($isManager || \Components\Groups\Helpers\Permissions::userHasPermissionForGroupAction($group, 'group.pages')) { ?> <li> <a class="pages" href="<?php echo Route::url('index.php?option=com_groups&cn=' . $group->get('cn') . '&task=pages'); ?> "> <?php echo Lang::txt('TPL_SYSTEM_GROUP_PAGES'); ?> <span><?php echo Lang::txt('TPL_SYSTEM_GROUP_PAGES_DESC'); ?> </span> </a> </li>
/** * Check if user has role with permission to perform task * * @param string $task Task to be performed * @return boolean */ public function _authorizedForTask($task) { $group = Group::getInstance($this->cn); if (!is_object($group)) { return false; } // check if user has permissions return Permissions::userHasPermissionForGroupAction($group, $task); }
/** * Display Group Page * * @param Object $group \Hubzero\User\Group Object * @param Object $page \Components\Groups\Models\Page Object * @return String */ public static function displayPage($group, $page, $markHit = true) { // create view object $view = new \Hubzero\Component\View(array('name' => 'pages', 'layout' => '_view')); // if super group add super group folder // to available paths if ($group->isSuperGroup()) { $base = $group->getBasePath(); $view->addTemplatePath(PATH_APP . $base . DS . 'template' . DS . 'pages'); } // get needed vars $database = \App::get('db'); $authorized = \Components\Groups\Helpers\View::authorize($group); $version = $page ? $page->approvedVersion() : null; // stops from displaying pages that dont exist if ($page === null) { App::abort(404, Lang::txt('Group Page Not Found')); return; } // stops from displaying unpublished pages // make sure we have approved version to display if ($page->get('state') == $page::APP_STATE_UNPUBLISHED || $version === null) { // determine which layout to use $layout = $version === null ? '_view_notapproved' : '_view_unpublished'; // show unpublished or no version layout if ($authorized == 'manager' || Permissions::userHasPermissionForGroupAction($group, 'group.pages')) { $view->setLayout($layout); $view->group = $group; $view->page = $page; $view->version = $version; return $view->loadTemplate(); } // show 404 App::abort(404, Lang::txt('Group Page Not Found')); return; } // build page hit object // mark page hit if ($markHit) { $groupsTablePageHit = new PageHit($database); $pageHit = new stdClass(); $pageHit->gidNumber = $group->get('gidNumber'); $pageHit->pageid = $page->get('id'); $pageHit->userid = User::get('id'); $pageHit->date = date('Y-m-d H:i:s'); $pageHit->ip = $_SERVER['REMOTE_ADDR']; $groupsTablePageHit->save($pageHit); } // parse old wiki content //$content = self::parseWiki($group, $version->get('content'), $fullparse = true); $content = $version->get('content', '<p class="warning">' . Lang::txt('COM_GROUPS_PAGES_PAGE_NO_CONTENT') . '</p>'); // parse php tags and modules $content = self::parse($group, $page, $content); // set content $version->set('content', trim($content)); // set vars to view $view->user = User::getInstance(); $view->group = $group; $view->page = $page; $view->version = $version; $view->authorized = $authorized; $view->config = Component::params('com_groups'); // return rendered template return $view->loadTemplate(); }
/** * Authorization check * Checks if the group is a system group and the user has super admin access * * @param object $group \Hubzero\User\Group * @return boolean True if authorized, false if not. */ protected function authorize($task, $group = null) { // get users actions $canDo = Permissions::getActions('group'); // build task name $taskName = 'core.' . $task; // can user perform task if (!$canDo->get($taskName) || !$canDo->get('core.admin') && $task == 'edit' && $group->get('type') == 0) { // No access return false; } return true; }