primo commit

2024-12-17 17:34:10 +01:00
commit e650f8df99
16435 changed files with 2451012 additions and 0 deletions
--- a/libraries/fof40/Model/DataModel/Behaviour/Own.php
+++ b/libraries/fof40/Model/DataModel/Behaviour/Own.php
@ -0,0 +1,82 @@
+<?php
+/**
+ * @package   FOF
+ * @copyright Copyright (c)2010-2022 Nicholas K. Dionysopoulos / Akeeba Ltd
+ * @license   GNU General Public License version 3, or later
+ */
+
+namespace FOF40\Model\DataModel\Behaviour;
+
+defined('_JEXEC') || die;
+
+use FOF40\Event\Observer;
+use FOF40\Model\DataModel;
+use JDatabaseQuery;
+
+/**
+ * FOF model behavior class to filter access to items owned by the currently logged in user only
+ *
+ * @since    2.1
+ */
+class Own extends Observer
+{
+	/**
+	 * This event runs after we have built the query used to fetch a record
+	 * list in a model. It is used to apply automatic query filters.
+	 *
+	 * @param   DataModel      &$model  The model which calls this event
+	 * @param   JDatabaseQuery &$query  The query we are manipulating
+	 *
+	 * @return  void
+	 */
+	public function onAfterBuildQuery(DataModel &$model, JDatabaseQuery &$query)
+	{
+		// Make sure the field actually exists
+		if (!$model->hasField('created_by'))
+		{
+			return;
+		}
+
+		// Get the current user's id
+		$user_id = $model->getContainer()->platform->getUser()->id;
+
+		// And filter the query output by the user id
+		$db = $model->getContainer()->platform->getDbo();
+
+		$query->where($db->qn($model->getFieldAlias('created_by')) . ' = ' . $db->q($user_id));
+	}
+
+	/**
+	 * The event runs after DataModel has retrieved a single item from the database. It is used to apply automatic
+	 * filters.
+	 *
+	 * @param   DataModel &$model  The model which was called
+	 * @param   mixed     &$keys   The keys used to locate the record which was loaded
+	 *
+	 * @return  void
+	 */
+	public function onAfterLoad(DataModel &$model, &$keys)
+	{
+		// Make sure we have a DataModel
+		if (!($model instanceof DataModel))
+		{
+			return;
+		}
+
+		// Make sure the field actually exists
+		if (!$model->hasField('created_by'))
+		{
+			return;
+		}
+
+		// Get the user
+		$user_id    = $model->getContainer()->platform->getUser()->id;
+		$recordUser = $model->getFieldValue('created_by', null);
+
+		// Filter by authorised access levels
+		if ($recordUser != $user_id)
+		{
+			$model->reset(true);
+		}
+	}
+}