level.php
6.87 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
<?php
/**
* @package Joomla.Administrator
* @subpackage com_users
*
* @copyright Copyright (C) 2005 - 2019 Open Source Matters, Inc. All rights reserved.
* @license GNU General Public License version 2 or later; see LICENSE.txt
*/
defined('_JEXEC') or die;
use Joomla\CMS\Access\Access;
use Joomla\CMS\Factory;
use Joomla\CMS\Helper\UserGroupsHelper;
use Joomla\CMS\Language\Text;
use Joomla\CMS\MVC\Model\AdminModel;
use Joomla\Utilities\ArrayHelper;
/**
* User view level model.
*
* @since 1.6
*/
class UsersModelLevel extends AdminModel
{
/**
* @var array A list of the access levels in use.
* @since 1.6
*/
protected $levelsInUse = null;
/**
* Method to test whether a record can be deleted.
*
* @param object $record A record object.
*
* @return boolean True if allowed to delete the record. Defaults to the permission set in the component.
*
* @since 1.6
*/
protected function canDelete($record)
{
// Check if the access level is being used by any content.
if ($this->levelsInUse === null)
{
// Populate the list once.
$this->levelsInUse = array();
$db = $this->getDbo();
$query = $db->getQuery(true)
->select('DISTINCT access');
// Get all the tables and the prefix
$tables = $db->getTableList();
$prefix = $db->getPrefix();
foreach ($tables as $table)
{
// Get all of the columns in the table
$fields = $db->getTableColumns($table);
/**
* We are looking for the access field. If custom tables are using something other
* than the 'access' field they are on their own unfortunately.
* Also make sure the table prefix matches the live db prefix (eg, it is not a "bak_" table)
*/
if (strpos($table, $prefix) === 0 && isset($fields['access']))
{
// Lookup the distinct values of the field.
$query->clear('from')
->from($db->quoteName($table));
$db->setQuery($query);
try
{
$values = $db->loadColumn();
}
catch (RuntimeException $e)
{
$this->setError($e->getMessage());
return false;
}
$this->levelsInUse = array_merge($this->levelsInUse, $values);
// TODO Could assemble an array of the tables used by each view level list those,
// giving the user a clue in the error where to look.
}
}
// Get uniques.
$this->levelsInUse = array_unique($this->levelsInUse);
// Ok, after all that we are ready to check the record :)
}
if (in_array($record->id, $this->levelsInUse))
{
$this->setError(JText::sprintf('COM_USERS_ERROR_VIEW_LEVEL_IN_USE', $record->id, $record->title));
return false;
}
return parent::canDelete($record);
}
/**
* Returns a reference to the a Table object, always creating it.
*
* @param string $type The table type to instantiate
* @param string $prefix A prefix for the table class name. Optional.
* @param array $config Configuration array for model. Optional.
*
* @return JTable A database object
*
* @since 1.6
*/
public function getTable($type = 'Viewlevel', $prefix = 'JTable', $config = array())
{
$return = JTable::getInstance($type, $prefix, $config);
return $return;
}
/**
* Method to get a single record.
*
* @param integer $pk The id of the primary key.
*
* @return mixed Object on success, false on failure.
*
* @since 1.6
*/
public function getItem($pk = null)
{
$result = parent::getItem($pk);
// Convert the params field to an array.
$result->rules = json_decode($result->rules);
return $result;
}
/**
* Method to get the record form.
*
* @param array $data An optional array of data for the form to interogate.
* @param boolean $loadData True if the form is to load its own data (default case), false if not.
*
* @return JForm A JForm object on success, false on failure
*
* @since 1.6
*/
public function getForm($data = array(), $loadData = true)
{
// Get the form.
$form = $this->loadForm('com_users.level', 'level', array('control' => 'jform', 'load_data' => $loadData));
if (empty($form))
{
return false;
}
return $form;
}
/**
* Method to get the data that should be injected in the form.
*
* @return mixed The data for the form.
*
* @since 1.6
*/
protected function loadFormData()
{
// Check the session for previously entered form data.
$data = JFactory::getApplication()->getUserState('com_users.edit.level.data', array());
if (empty($data))
{
$data = $this->getItem();
}
$this->preprocessData('com_users.level', $data);
return $data;
}
/**
* Method to preprocess the form
*
* @param JForm $form A form object.
* @param mixed $data The data expected for the form.
* @param string $group The name of the plugin group to import (defaults to "content").
*
* @return void
*
* @since 1.6
* @throws Exception if there is an error loading the form.
*/
protected function preprocessForm(JForm $form, $data, $group = '')
{
parent::preprocessForm($form, $data, 'user');
}
/**
* Method to save the form data.
*
* @param array $data The form data.
*
* @return boolean True on success.
*
* @since 1.6
*/
public function save($data)
{
if (!isset($data['rules']))
{
$data['rules'] = array();
}
$data['title'] = JFilterInput::getInstance()->clean($data['title'], 'TRIM');
return parent::save($data);
}
/**
* Method to validate the form data.
*
* @param \JForm $form The form to validate against.
* @param array $data The data to validate.
* @param string $group The name of the field group to validate.
*
* @return array|boolean Array of filtered data if valid, false otherwise.
*
* @see \JFormRule
* @see \JFilterInput
* @since 3.8.8
*/
public function validate($form, $data, $group = null)
{
$isSuperAdmin = Factory::getUser()->authorise('core.admin');
// Non Super user should not be able to change the access levels of super user groups
if (!$isSuperAdmin)
{
if (!isset($data['rules']) || !is_array($data['rules']))
{
$data['rules'] = array();
}
$groups = array_values(UserGroupsHelper::getInstance()->getAll());
$rules = array();
if (!empty($data['id']))
{
$table = $this->getTable();
$table->load($data['id']);
$rules = json_decode($table->rules);
}
$rules = ArrayHelper::toInteger($rules);
for ($i = 0, $n = count($groups); $i < $n; ++$i)
{
if (Access::checkGroup((int) $groups[$i]->id, 'core.admin'))
{
if (in_array($groups[$i]->id, $rules) && !in_array($groups[$i]->id, $data['rules']))
{
$data['rules'][] = (int) $groups[$i]->id;
}
elseif (!in_array($groups[$i]->id, $rules) && in_array($groups[$i]->id, $data['rules']))
{
$this->setError(Text::_('JLIB_USER_ERROR_NOT_SUPERADMIN'));
return false;
}
}
}
}
return parent::validate($form, $data, $group);
}
}