[ Index ] |
PHP Cross Reference of Joomla 4.2.2 documentation |
[Summary view] [Print] [Text view]
1 <?php 2 3 /** 4 * @package Joomla.Administrator 5 * @subpackage com_users 6 * 7 * @copyright (C) 2021 Open Source Matters, Inc. <https://www.joomla.org> 8 * @license GNU General Public License version 2 or later; see LICENSE.txt 9 */ 10 11 namespace Joomla\Component\Users\Administrator\Dispatcher; 12 13 use Joomla\CMS\Dispatcher\ComponentDispatcher; 14 15 // phpcs:disable PSR1.Files.SideEffects 16 \defined('_JEXEC') or die; 17 // phpcs:enable PSR1.Files.SideEffects 18 19 /** 20 * ComponentDispatcher class for com_users 21 * 22 * @since 4.0.0 23 */ 24 class Dispatcher extends ComponentDispatcher 25 { 26 /** 27 * Override checkAccess to allow users edit profile without having to have core.manager permission 28 * 29 * @return void 30 * 31 * @since 4.0.0 32 */ 33 protected function checkAccess() 34 { 35 $task = $this->input->getCmd('task'); 36 $view = $this->input->getCmd('view'); 37 $layout = $this->input->getCmd('layout'); 38 $allowedTasks = ['user.edit', 'user.apply', 'user.save', 'user.cancel']; 39 40 // Allow users to edit their own account 41 if (in_array($task, $allowedTasks, true) || ($view === 'user' && $layout === 'edit')) { 42 $user = $this->app->getIdentity(); 43 $id = $this->input->getInt('id'); 44 45 if ((int) $user->id === $id) { 46 return; 47 } 48 } 49 50 /** 51 * Special case: Multi-factor Authentication 52 * 53 * We allow access to all MFA views and tasks. Access control for MFA tasks is performed in 54 * the Controllers since what is allowed depends on who is logged in and whose account you 55 * are trying to modify. Implementing these checks in the Dispatcher would violate the 56 * separation of concerns. 57 */ 58 $allowedViews = ['callback', 'captive', 'method', 'methods']; 59 $isAllowedTask = array_reduce( 60 $allowedViews, 61 function ($carry, $taskPrefix) use ($task) { 62 return $carry || strpos($task ?? '', $taskPrefix . '.') === 0; 63 }, 64 false 65 ); 66 67 if (in_array(strtolower($view ?? ''), $allowedViews) || $isAllowedTask) { 68 return; 69 } 70 71 parent::checkAccess(); 72 } 73 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
Generated: Wed Sep 7 05:41:13 2022 | Chilli.vc Blog - For Webmaster,Blog-Writer,System Admin and Domainer |