160 lines
4.3 KiB
PHP
160 lines
4.3 KiB
PHP
<?php
|
|
/**
|
|
* Attachments component
|
|
*
|
|
* @package Attachments
|
|
* @subpackage Attachments_Component
|
|
*
|
|
* @copyright Copyright (C) 2007-2018 Jonathan M. Cameron, All Rights Reserved
|
|
* @license http://www.gnu.org/licenses/gpl-3.0.html GNU/GPL
|
|
* @link http://joomlacode.org/gf/project/attachments/frs/
|
|
* @author Jonathan M. Cameron
|
|
*/
|
|
|
|
defined('_JEXEC') or die('Restricted access');
|
|
|
|
|
|
/**
|
|
* A class for attachments permissions functions
|
|
*
|
|
* @package Attachments
|
|
*/
|
|
class AttachmentsPermissions
|
|
{
|
|
|
|
/**
|
|
* Get the actions
|
|
*
|
|
* @return an array of which actions are permitted for this user
|
|
*/
|
|
public static function getActions($user_id = null)
|
|
{
|
|
$user = JFactory::getUser($user_id);
|
|
$result = new JObject;
|
|
|
|
$assetName = 'com_attachments';
|
|
|
|
$actions = array( 'core.admin',
|
|
'core.manage',
|
|
'core.create',
|
|
'core.delete',
|
|
'core.edit',
|
|
'core.edit.state',
|
|
'core.edit.own',
|
|
'attachments.edit.state.own',
|
|
'attachments.delete.own',
|
|
'attachments.edit.state.ownparent',
|
|
'attachments.delete.ownparent'
|
|
);
|
|
|
|
foreach ($actions as $action) {
|
|
$result->set($action, $user->authorise($action, $assetName));
|
|
}
|
|
|
|
return $result;
|
|
}
|
|
|
|
|
|
/**
|
|
* Determine if a user can edit a specified category
|
|
*
|
|
* Partially based on allowEdit() in com_categories/controllers/category.php
|
|
*
|
|
* @param integer $category_id the ID for the category to be tested
|
|
* @param integer $id The id of the user to load (defaults to null)
|
|
*/
|
|
public static function userMayEditCategory($category_id, $user_id = null)
|
|
{
|
|
$user = JFactory::getUser($user_id);
|
|
|
|
// Check general edit permission first.
|
|
if ($user->authorise('core.edit', 'com_content')) {
|
|
return true;
|
|
}
|
|
|
|
// Check specific edit permission.
|
|
if ($user->authorise('core.edit', 'com_content.category.'.$category_id)) {
|
|
return true;
|
|
}
|
|
|
|
// No general permissions, see if 'edit own' is permitted for this category
|
|
if ( $user->authorise('core.edit.own', 'com_content') ||
|
|
$user->authorise('core.edit.own', 'com_content.category.'.$category_id) ) {
|
|
|
|
// Yes user can 'edit.own', Find out if the user created the category
|
|
$db = JFactory::getDBO();
|
|
$query = $db->getQuery(true);
|
|
$query->select('id')->from('#__categories');
|
|
$query->where('id = '.(int)$category_id.' AND created_user_id = '.(int)$user->id);
|
|
$db->setQuery($query, 0, 1);
|
|
$results = $db->loadObject();
|
|
if ($db->getErrorNum()) {
|
|
$errmsg = JText::_('ATTACH_ERROR_CHECKING_CATEGORY_OWNERSHIP') . ' (ERR 106)';
|
|
JError::raiseError(500, $errmsg);
|
|
}
|
|
|
|
if ( !empty($results) ) {
|
|
// The user did actually create the category
|
|
return true;
|
|
}
|
|
}
|
|
|
|
return false;
|
|
}
|
|
|
|
|
|
|
|
/**
|
|
* Determine if a user can edit a specified article
|
|
*
|
|
* Partially based on allowEdit() in com_content/controllers/article.php
|
|
*
|
|
* @param integer $article_id the ID for the article to be tested
|
|
* @param integer $id The id of the user to load (defaults to null)
|
|
*/
|
|
public static function userMayEditArticle($article_id, $user_id = null)
|
|
{
|
|
$user = JFactory::getUser($user_id);
|
|
|
|
// Check general edit permission first.
|
|
if ($user->authorise('core.edit', 'com_content')) {
|
|
return true;
|
|
}
|
|
|
|
// Check specific edit permission.
|
|
if ($user->authorise('core.edit', 'com_content.article.'.$article_id)) {
|
|
return true;
|
|
}
|
|
|
|
// Check for article being created.
|
|
// NOTE: we must presume that the article is being created by this user!
|
|
if ( ((int)$article_id == 0) && $user->authorise('core.edit.own', 'com_content') ) {
|
|
return true;
|
|
}
|
|
|
|
// No general permissions, see if 'edit own' is permitted for this article
|
|
if ( $user->authorise('core.edit.own', 'com_content') ||
|
|
$user->authorise('core.edit.own', 'com_content.article.'.$article_id) ) {
|
|
|
|
// Yes user can 'edit.own', Find out if the user created the article
|
|
$db = JFactory::getDBO();
|
|
$query = $db->getQuery(true);
|
|
$query->select('id')->from('#__content');
|
|
$query->where('id = '.(int)$article_id.' AND created_by = '.(int)$user->id);
|
|
$db->setQuery($query, 0, 1);
|
|
$results = $db->loadObject();
|
|
if ($db->getErrorNum()) {
|
|
$errmsg = JText::_('ATTACH_ERROR_CHECKING_ARTICLE_OWNERSHIP') . ' (ERR 107)';
|
|
JError::raiseError(500, $errmsg);
|
|
}
|
|
|
|
if ( !empty($results) ) {
|
|
// The user did actually create the article
|
|
return true;
|
|
}
|
|
}
|
|
|
|
return false;
|
|
}
|
|
}
|