joomla_test/components/com_k2/helpers/permissions.php

345 lines
12 KiB
PHP
Raw Permalink Normal View History

2020-01-02 22:20:31 +07:00
<?php
/**
* @version $Id: permissions.php 1962 2013-04-29 12:29:34Z lefteris.kavadas $
* @package K2
* @author JoomlaWorks http://www.joomlaworks.net
* @copyright Copyright (c) 2006 - 2013 JoomlaWorks Ltd. All rights reserved.
* @license GNU/GPL license: http://www.gnu.org/copyleft/gpl.html
*/
// no direct access
defined('_JEXEC') or die ;
jimport('joomla.html.parameter');
class K2HelperPermissions
{
public static function setPermissions()
{
$params = K2HelperUtilities::getParams('com_k2');
$user = JFactory::getUser();
if ($user->guest)
{
return;
}
$K2User = K2HelperPermissions::getK2User($user->id);
if (!is_object($K2User))
{
return;
}
$K2UserGroup = K2HelperPermissions::getK2UserGroup($K2User->group);
if (is_null($K2UserGroup))
{
return;
}
$K2Permissions = K2Permissions::getInstance();
$permissions = K2_JVERSION == '15' ? new JParameter($K2UserGroup->permissions) : new JRegistry($K2UserGroup->permissions);
$K2Permissions->permissions = $permissions;
if ($permissions->get('categories') == 'none')
{
return;
}
else if ($permissions->get('categories') == 'all')
{
if ($permissions->get('add') && $permissions->get('frontEdit') && $params->get('frontendEditing'))
{
$K2Permissions->actions[] = 'add.category.all';
$K2Permissions->actions[] = 'tag';
$K2Permissions->actions[] = 'extraFields';
}
if ($permissions->get('editOwn') && $permissions->get('frontEdit') && $params->get('frontendEditing'))
{
$K2Permissions->actions[] = 'editOwn.item.'.$user->id;
$K2Permissions->actions[] = 'tag';
$K2Permissions->actions[] = 'extraFields';
}
if ($permissions->get('editAll') && $permissions->get('frontEdit') && $params->get('frontendEditing'))
{
$K2Permissions->actions[] = 'editAll.category.all';
$K2Permissions->actions[] = 'tag';
$K2Permissions->actions[] = 'extraFields';
}
if ($permissions->get('publish') && $permissions->get('frontEdit') && $params->get('frontendEditing'))
{
$K2Permissions->actions[] = 'publish.category.all';
}
if ($permissions->get('comment'))
{
$K2Permissions->actions[] = 'comment.category.all';
}
if ($permissions->get('editPublished'))
{
$K2Permissions->actions[] = 'editPublished.category.all';
}
}
else
{
$selectedCategories = $permissions->get('categories', NULL);
if (is_string($selectedCategories))
{
$searchIDs[] = $selectedCategories;
}
else
{
$searchIDs = $selectedCategories;
}
if ($permissions->get('inheritance'))
{
$model = K2Model::getInstance('Itemlist', 'K2Model');
$categories = $model->getCategoryTree($searchIDs);
}
else
{
$categories = $searchIDs;
}
if (is_array($categories) && count($categories))
{
foreach ($categories as $category)
{
if ($permissions->get('add') && $permissions->get('frontEdit') && $params->get('frontendEditing'))
{
$K2Permissions->actions[] = 'add.category.'.$category;
$K2Permissions->actions[] = 'tag';
$K2Permissions->actions[] = 'extraFields';
}
if ($permissions->get('editOwn') && $permissions->get('frontEdit') && $params->get('frontendEditing'))
{
$K2Permissions->actions[] = 'editOwn.item.'.$user->id.'.'.$category;
$K2Permissions->actions[] = 'tag';
$K2Permissions->actions[] = 'extraFields';
}
if ($permissions->get('editAll') && $permissions->get('frontEdit') && $params->get('frontendEditing'))
{
$K2Permissions->actions[] = 'editAll.category.'.$category;
$K2Permissions->actions[] = 'tag';
$K2Permissions->actions[] = 'extraFields';
}
if ($permissions->get('publish') && $permissions->get('frontEdit') && $params->get('frontendEditing'))
{
$K2Permissions->actions[] = 'publish.category.'.$category;
}
if ($permissions->get('comment'))
{
$K2Permissions->actions[] = 'comment.category.'.$category;
}
if ($permissions->get('editPublished'))
{
$K2Permissions->actions[] = 'editPublished.category.'.$category;
}
}
}
}
return;
}
public static function checkPermissions()
{
$view = JRequest::getCmd('view');
if ($view != 'item')
{
return;
}
$task = JRequest::getCmd('task');
$user = JFactory::getUser();
if ($user->guest && ($task == 'add' || $task == 'edit'))
{
$mainframe = JFactory::getApplication();
$uri = JURI::getInstance();
$return = base64_encode($uri->toString());
if (K2_JVERSION == '15')
{
$mainframe->redirect('index.php?option=com_user&view=login&return='.$return.'&tmpl=component', JText::_('K2_YOU_NEED_TO_LOGIN_FIRST'), 'notice');
}
else
{
$mainframe->redirect('index.php?option=com_users&view=login&return='.$return.'&tmpl=component', JText::_('K2_YOU_NEED_TO_LOGIN_FIRST'), 'notice');
}
}
switch ($task)
{
case 'add' :
if (!K2HelperPermissions::canAddItem())
JError::raiseError(403, JText::_('K2_ALERTNOTAUTH'));
break;
case 'edit' :
case 'deleteAttachment' :
case 'checkin' :
$cid = JRequest::getInt('cid');
if (!$cid)
JError::raiseError(403, JText::_('K2_ALERTNOTAUTH'));
JTable::addIncludePath(JPATH_COMPONENT_ADMINISTRATOR.DS.'tables');
$item = JTable::getInstance('K2Item', 'Table');
$item->load($cid);
if (!K2HelperPermissions::canEditItem($item->created_by, $item->catid))
JError::raiseError(403, JText::_('K2_ALERTNOTAUTH'));
break;
case 'save' :
$cid = JRequest::getInt('id');
if ($cid)
{
JTable::addIncludePath(JPATH_COMPONENT_ADMINISTRATOR.DS.'tables');
$item = JTable::getInstance('K2Item', 'Table');
$item->load($cid);
if (!K2HelperPermissions::canEditItem($item->created_by, $item->catid))
JError::raiseError(403, JText::_('K2_ALERTNOTAUTH'));
}
else
{
if (!K2HelperPermissions::canAddItem())
JError::raiseError(403, JText::_('K2_ALERTNOTAUTH'));
}
break;
case 'tag' :
if (!K2HelperPermissions::canAddTag())
JError::raiseError(403, JText::_('K2_ALERTNOTAUTH'));
break;
case 'extraFields' :
if (!K2HelperPermissions::canRenderExtraFields())
JError::raiseError(403, JText::_('K2_ALERTNOTAUTH'));
break;
}
}
public static function getK2User($userID)
{
$db = JFactory::getDBO();
$query = "SELECT * FROM #__k2_users WHERE userID = ".(int)$userID;
$db->setQuery($query);
$row = $db->loadObject();
return $row;
}
public static function getK2UserGroup($id)
{
$db = JFactory::getDBO();
$query = "SELECT * FROM #__k2_user_groups WHERE id = ".(int)$id;
$db->setQuery($query);
$row = $db->loadObject();
return $row;
}
public static function canAddItem($category = false)
{
$user = JFactory::getUser();
$K2Permissions = K2Permissions::getInstance();
if (in_array('add.category.all', $K2Permissions->actions))
{
return true;
}
if ($category)
{
return in_array('add.category.'.$category, $K2Permissions->actions);
}
$db = JFactory::getDBO();
$query = "SELECT id FROM #__k2_categories WHERE published=1 AND trash=0";
if (K2_JVERSION != '15')
{
$query .= " AND access IN(".implode(',', $user->getAuthorisedViewLevels()).")";
}
else
{
$aid = (int)$user->get('aid');
$query .= " AND access<={$aid}";
}
$db->setQuery($query);
$categories = K2_JVERSION == '30' ? $db->loadColumn() : $db->loadResultArray();
foreach ($categories as $category)
{
if (in_array('add.category.'.$category, $K2Permissions->actions))
{
return true;
}
}
return false;
}
public static function canAddToAll()
{
$K2Permissions = K2Permissions::getInstance();
return in_array('add.category.all', $K2Permissions->actions);
}
public static function canEditItem($itemOwner, $itemCategory)
{
$K2Permissions = K2Permissions::getInstance();
if (in_array('editAll.category.all', $K2Permissions->actions) || in_array('editOwn.item.'.$itemOwner, $K2Permissions->actions) || in_array('editOwn.item.'.$itemOwner.'.'.$itemCategory, $K2Permissions->actions) || in_array('editAll.category.'.$itemCategory, $K2Permissions->actions))
{
return true;
}
else
{
return false;
}
}
public static function canPublishItem($itemCategory)
{
$K2Permissions = K2Permissions::getInstance();
if (in_array('publish.category.all', $K2Permissions->actions) || in_array('publish.category.'.$itemCategory, $K2Permissions->actions))
{
return true;
}
else
{
return false;
}
}
public static function canAddTag()
{
$K2Permissions = K2Permissions::getInstance();
return in_array('tag', $K2Permissions->actions);
}
public static function canRenderExtraFields()
{
$K2Permissions = K2Permissions::getInstance();
return in_array('extraFields', $K2Permissions->actions);
}
public static function canAddComment($itemCategory)
{
$K2Permissions = K2Permissions::getInstance();
return in_array('comment.category.all', $K2Permissions->actions) || in_array('comment.category.'.$itemCategory, $K2Permissions->actions);
}
public static function canEditPublished($itemCategory)
{
$K2Permissions = K2Permissions::getInstance();
return in_array('editPublished.category.all', $K2Permissions->actions) || in_array('editPublished.category.'.$itemCategory, $K2Permissions->actions);
}
}
class K2Permissions
{
var $actions = array();
var $permissions = null;
public static function getInstance()
{
static $instance;
if (!is_object($instance))
{
$instance = new K2Permissions();
}
return $instance;
}
}