[Summary view] [Print] [Text view]

   1  <?php
   2  
   3  /**
   4   * @package     Joomla.Administrator
   5   * @subpackage  com_media
   6   *
   7   * @copyright   (C) 2017 Open Source Matters, Inc. <https://www.joomla.org>
   8   * @license     GNU General Public License version 2 or later; see LICENSE.txt
   9   */
  10  
  11  namespace Joomla\Component\Media\Administrator\Dispatcher;
  12  
  13  use Joomla\CMS\Access\Exception\NotAllowed;
  14  use Joomla\CMS\Dispatcher\ComponentDispatcher;
  15  
  16  // phpcs:disable PSR1.Files.SideEffects
  17  \defined('_JEXEC') or die;
  18  // phpcs:enable PSR1.Files.SideEffects
  19  
  20  /**
  21   * ComponentDispatcher class for com_media
  22   *
  23   * @since  4.0.0
  24   */
  25  class Dispatcher extends ComponentDispatcher
  26  {
  27      /**
  28       * Method to check component access permission
  29       *
  30       * @since   4.0.0
  31       *
  32       * @return  void
  33       */
  34      protected function checkAccess()
  35      {
  36          $user   = $this->app->getIdentity();
  37          $asset  = $this->input->get('asset');
  38          $author = $this->input->get('author');
  39  
  40          // Access check
  41          if (
  42              !$user->authorise('core.manage', 'com_media')
  43              && (!$asset || (!$user->authorise('core.edit', $asset)
  44              && !$user->authorise('core.create', $asset)
  45              && count($user->getAuthorisedCategories($asset, 'core.create')) == 0)
  46              && !($user->id == $author && $user->authorise('core.edit.own', $asset)))
  47          ) {
  48              throw new NotAllowed($this->app->getLanguage()->_('JERROR_ALERTNOAUTHOR'), 403);
  49          }
  50      }
  51  }