first commit

2020-01-02 22:20:31 +07:00
commit 10eb3340ad
5753 changed files with 631345 additions and 0 deletions
--- a/components/com_k2/helpers/permissions.j16.php
+++ b/components/com_k2/helpers/permissions.j16.php
@ -0,0 +1,87 @@
+<?php
+/**
+ * @version		$Id: permissions.j16.php 1812 2013-01-14 18:45:06Z lefteris.kavadas $
+ * @package		K2
+ * @author		JoomlaWorks http://www.joomlaworks.net
+ * @copyright	Copyright (c) 2006 - 2013 JoomlaWorks Ltd. All rights reserved.
+ * @license		GNU/GPL license: http://www.gnu.org/copyleft/gpl.html
+ */
+
+// no direct access
+defined('_JEXEC') or die;
+
+jimport('joomla.html.parameter');
+
+class K2HelperPermissions
+{
+
+    public static function checkPermissions()
+    {
+        // Set some variables
+        $mainframe = JFactory::getApplication();
+        $user = JFactory::getUser();
+        $option = JRequest::getCmd('option');
+        $view = JRequest::getCmd('view');
+        $task = JRequest::getCmd('task');
+        $id = JRequest::getInt('cid');
+
+        //Generic manage check
+        if (!$user->authorise('core.manage', $option))
+        {
+            JError::raiseWarning(404, JText::_('JERROR_ALERTNOAUTHOR'));
+            $mainframe->redirect('index.php');
+        }
+
+        // Determine action for rest checks
+        $action = false;
+        if ($mainframe->isAdmin() && $view != '' && $view != 'info')
+        {
+            switch($task)
+            {
+                case '' :
+                case 'save' :
+                case 'apply' :
+                    if (!$id)
+                    {
+                        $action = 'core.create';
+                    }
+                    else
+                    {
+                        $action = 'core.edit';
+                    }
+                    break;
+                case 'trash' :
+                case 'remove' :
+                    $action = 'core.delete';
+                    break;
+                case 'publish' :
+                case 'unpublish' :
+                    $action = 'core.edit.state';
+            }
+
+            // Edit or Edit own action
+            if ($action == 'core.edit' && $view == 'item' && $id)
+            {
+                JTable::addIncludePath(JPATH_COMPONENT_ADMINISTRATOR.DS.'tables');
+                $item = JTable::getInstance('K2Item', 'Table');
+                $item->load($id);
+                if ($item->created_by == $user->id)
+                {
+                    $action = 'core.edit.own';
+                }
+            }
+
+            // Check the determined action
+            if ($action)
+            {
+                if (!$user->authorise($action, $option))
+                {
+                    JError::raiseWarning(404, JText::_('JERROR_ALERTNOAUTHOR'));
+                    $mainframe->redirect('index.php?option=com_k2');
+                }
+            }
+
+        }
+    }
+
+}