group.php
8.47 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
<?php
/**
* @package Joomla.Administrator
* @subpackage com_users
*
* @copyright Copyright (C) 2005 - 2019 Open Source Matters, Inc. All rights reserved.
* @license GNU General Public License version 2 or later; see LICENSE.txt
*/
defined('_JEXEC') or die;
use Joomla\String\StringHelper;
use Joomla\Utilities\ArrayHelper;
/**
* User group model.
*
* @since 1.6
*/
class UsersModelGroup extends JModelAdmin
{
/**
* Constructor
*
* @param array $config An optional associative array of configuration settings.
*/
public function __construct($config = array())
{
$config = array_merge(
array(
'event_after_delete' => 'onUserAfterDeleteGroup',
'event_after_save' => 'onUserAfterSaveGroup',
'event_before_delete' => 'onUserBeforeDeleteGroup',
'event_before_save' => 'onUserBeforeSaveGroup',
'events_map' => array('delete' => 'user', 'save' => 'user')
), $config
);
parent::__construct($config);
}
/**
* Returns a reference to the a Table object, always creating it.
*
* @param string $type The table type to instantiate
* @param string $prefix A prefix for the table class name. Optional.
* @param array $config Configuration array for model. Optional.
*
* @return JTable A database object
*
* @since 1.6
*/
public function getTable($type = 'Usergroup', $prefix = 'JTable', $config = array())
{
$return = JTable::getInstance($type, $prefix, $config);
return $return;
}
/**
* Method to get the record form.
*
* @param array $data An optional array of data for the form to interogate.
* @param boolean $loadData True if the form is to load its own data (default case), false if not.
*
* @return JForm A JForm object on success, false on failure
*
* @since 1.6
*/
public function getForm($data = array(), $loadData = true)
{
// Get the form.
$form = $this->loadForm('com_users.group', 'group', array('control' => 'jform', 'load_data' => $loadData));
if (empty($form))
{
return false;
}
return $form;
}
/**
* Method to get the data that should be injected in the form.
*
* @return mixed The data for the form.
*
* @since 1.6
*/
protected function loadFormData()
{
// Check the session for previously entered form data.
$data = JFactory::getApplication()->getUserState('com_users.edit.group.data', array());
if (empty($data))
{
$data = $this->getItem();
}
$this->preprocessData('com_users.group', $data);
return $data;
}
/**
* Override preprocessForm to load the user plugin group instead of content.
*
* @param JForm $form A form object.
* @param mixed $data The data expected for the form.
* @param string $group The name of the plugin group to import (defaults to "content").
*
* @return void
*
* @since 1.6
* @throws Exception if there is an error loading the form.
*/
protected function preprocessForm(JForm $form, $data, $group = '')
{
$obj = is_array($data) ? ArrayHelper::toObject($data, 'JObject') : $data;
if (isset($obj->parent_id) && $obj->parent_id == 0 && $obj->id > 0)
{
$form->setFieldAttribute('parent_id', 'type', 'hidden');
$form->setFieldAttribute('parent_id', 'hidden', 'true');
}
parent::preprocessForm($form, $data, 'user');
}
/**
* Method to save the form data.
*
* @param array $data The form data.
*
* @return boolean True on success.
*
* @since 1.6
*/
public function save($data)
{
// Include the user plugins for events.
JPluginHelper::importPlugin($this->events_map['save']);
/**
* Check the super admin permissions for group
* We get the parent group permissions and then check the group permissions manually
* We have to calculate the group permissions manually because we haven't saved the group yet
*/
$parentSuperAdmin = JAccess::checkGroup($data['parent_id'], 'core.admin');
// Get core.admin rules from the root asset
$rules = JAccess::getAssetRules('root.1')->getData('core.admin');
// Get the value for the current group (will be true (allowed), false (denied), or null (inherit)
$groupSuperAdmin = $rules['core.admin']->allow($data['id']);
// We only need to change the $groupSuperAdmin if the parent is true or false. Otherwise, the value set in the rule takes effect.
if ($parentSuperAdmin === false)
{
// If parent is false (Denied), effective value will always be false
$groupSuperAdmin = false;
}
elseif ($parentSuperAdmin === true)
{
// If parent is true (allowed), group is true unless explicitly set to false
$groupSuperAdmin = ($groupSuperAdmin === false) ? false : true;
}
// Check for non-super admin trying to save with super admin group
$iAmSuperAdmin = JFactory::getUser()->authorise('core.admin');
if (!$iAmSuperAdmin && $groupSuperAdmin)
{
$this->setError(JText::_('JLIB_USER_ERROR_NOT_SUPERADMIN'));
return false;
}
/**
* Check for super-admin changing self to be non-super-admin
* First, are we a super admin
*/
if ($iAmSuperAdmin)
{
// Next, are we a member of the current group?
$myGroups = JAccess::getGroupsByUser(JFactory::getUser()->get('id'), false);
if (in_array($data['id'], $myGroups))
{
// Now, would we have super admin permissions without the current group?
$otherGroups = array_diff($myGroups, array($data['id']));
$otherSuperAdmin = false;
foreach ($otherGroups as $otherGroup)
{
$otherSuperAdmin = $otherSuperAdmin ?: JAccess::checkGroup($otherGroup, 'core.admin');
}
/**
* If we would not otherwise have super admin permissions
* and the current group does not have super admin permissions, throw an exception
*/
if ((!$otherSuperAdmin) && (!$groupSuperAdmin))
{
$this->setError(JText::_('JLIB_USER_ERROR_CANNOT_DEMOTE_SELF'));
return false;
}
}
}
if (JFactory::getApplication()->input->get('task') == 'save2copy')
{
$data['title'] = $this->generateGroupTitle($data['parent_id'], $data['title']);
}
// Proceed with the save
return parent::save($data);
}
/**
* Method to delete rows.
*
* @param array &$pks An array of item ids.
*
* @return boolean Returns true on success, false on failure.
*
* @since 1.6
* @throws Exception
*/
public function delete(&$pks)
{
// Typecast variable.
$pks = (array) $pks;
$user = JFactory::getUser();
$groups = JAccess::getGroupsByUser($user->get('id'));
// Get a row instance.
$table = $this->getTable();
// Load plugins.
JPluginHelper::importPlugin($this->events_map['delete']);
$dispatcher = JEventDispatcher::getInstance();
// Check if I am a Super Admin
$iAmSuperAdmin = $user->authorise('core.admin');
// Do not allow to delete groups to which the current user belongs
foreach ($pks as $pk)
{
if (in_array($pk, $groups))
{
JError::raiseWarning(403, JText::_('COM_USERS_DELETE_ERROR_INVALID_GROUP'));
return false;
}
}
// Iterate the items to delete each one.
foreach ($pks as $i => $pk)
{
if ($table->load($pk))
{
// Access checks.
$allow = $user->authorise('core.edit.state', 'com_users');
// Don't allow non-super-admin to delete a super admin
$allow = (!$iAmSuperAdmin && JAccess::checkGroup($pk, 'core.admin')) ? false : $allow;
if ($allow)
{
// Fire the before delete event.
$dispatcher->trigger($this->event_before_delete, array($table->getProperties()));
if (!$table->delete($pk))
{
$this->setError($table->getError());
return false;
}
else
{
// Trigger the after delete event.
$dispatcher->trigger($this->event_after_delete, array($table->getProperties(), true, $this->getError()));
}
}
else
{
// Prune items that you can't change.
unset($pks[$i]);
JError::raiseWarning(403, JText::_('JERROR_CORE_DELETE_NOT_PERMITTED'));
}
}
else
{
$this->setError($table->getError());
return false;
}
}
return true;
}
/**
* Method to generate the title of group on Save as Copy action
*
* @param integer $parentId The id of the parent.
* @param string $title The title of group
*
* @return string Contains the modified title.
*
* @since 3.3.7
*/
protected function generateGroupTitle($parentId, $title)
{
// Alter the title & alias
$table = $this->getTable();
while ($table->load(array('title' => $title, 'parent_id' => $parentId)))
{
if ($title == $table->title)
{
$title = StringHelper::increment($title);
}
}
return $title;
}
}