| [ Index ] |
PHP Cross Reference of Joomla 4.2.2 documentation |
[Summary view] [Print] [Text view]
1 <?php 2 3 /** 4 * @package Joomla.Administrator 5 * @subpackage com_users 6 * 7 * @copyright (C) 2009 Open Source Matters, Inc. <https://www.joomla.org> 8 * @license GNU General Public License version 2 or later; see LICENSE.txt 9 */ 10 11 namespace Joomla\Component\Users\Administrator\Model; 12 13 use Joomla\CMS\Access\Access; 14 use Joomla\CMS\Factory; 15 use Joomla\CMS\Filter\InputFilter; 16 use Joomla\CMS\Form\Form; 17 use Joomla\CMS\Helper\UserGroupsHelper; 18 use Joomla\CMS\Language\Text; 19 use Joomla\CMS\MVC\Model\AdminModel; 20 use Joomla\CMS\Table\Table; 21 use Joomla\Utilities\ArrayHelper; 22 23 // phpcs:disable PSR1.Files.SideEffects 24 \defined('_JEXEC') or die; 25 // phpcs:enable PSR1.Files.SideEffects 26 27 /** 28 * User view level model. 29 * 30 * @since 1.6 31 */ 32 class LevelModel extends AdminModel 33 { 34 /** 35 * @var array A list of the access levels in use. 36 * @since 1.6 37 */ 38 protected $levelsInUse = null; 39 40 /** 41 * Method to test whether a record can be deleted. 42 * 43 * @param object $record A record object. 44 * 45 * @return boolean True if allowed to delete the record. Defaults to the permission set in the component. 46 * 47 * @since 1.6 48 */ 49 protected function canDelete($record) 50 { 51 $groups = json_decode($record->rules); 52 53 if ($groups === null) { 54 throw new \RuntimeException('Invalid rules schema'); 55 } 56 57 $isAdmin = Factory::getUser()->authorise('core.admin'); 58 59 // Check permissions 60 foreach ($groups as $group) { 61 if (!$isAdmin && Access::checkGroup($group, 'core.admin')) { 62 $this->setError(Text::_('JERROR_ALERTNOAUTHOR')); 63 64 return false; 65 } 66 } 67 68 // Check if the access level is being used by any content. 69 if ($this->levelsInUse === null) { 70 // Populate the list once. 71 $this->levelsInUse = array(); 72 73 $db = $this->getDatabase(); 74 $query = $db->getQuery(true) 75 ->select('DISTINCT access'); 76 77 // Get all the tables and the prefix 78 $tables = $db->getTableList(); 79 $prefix = $db->getPrefix(); 80 81 foreach ($tables as $table) { 82 // Get all of the columns in the table 83 $fields = $db->getTableColumns($table); 84 85 /** 86 * We are looking for the access field. If custom tables are using something other 87 * than the 'access' field they are on their own unfortunately. 88 * Also make sure the table prefix matches the live db prefix (eg, it is not a "bak_" table) 89 */ 90 if (strpos($table, $prefix) === 0 && isset($fields['access'])) { 91 // Lookup the distinct values of the field. 92 $query->clear('from') 93 ->from($db->quoteName($table)); 94 $db->setQuery($query); 95 96 try { 97 $values = $db->loadColumn(); 98 } catch (\RuntimeException $e) { 99 $this->setError($e->getMessage()); 100 101 return false; 102 } 103 104 $this->levelsInUse = array_merge($this->levelsInUse, $values); 105 106 // @todo Could assemble an array of the tables used by each view level list those, 107 // giving the user a clue in the error where to look. 108 } 109 } 110 111 // Get uniques. 112 $this->levelsInUse = array_unique($this->levelsInUse); 113 114 // Ok, after all that we are ready to check the record :) 115 } 116 117 if (in_array($record->id, $this->levelsInUse)) { 118 $this->setError(Text::sprintf('COM_USERS_ERROR_VIEW_LEVEL_IN_USE', $record->id, $record->title)); 119 120 return false; 121 } 122 123 return parent::canDelete($record); 124 } 125 126 /** 127 * Returns a reference to the a Table object, always creating it. 128 * 129 * @param string $type The table type to instantiate 130 * @param string $prefix A prefix for the table class name. Optional. 131 * @param array $config Configuration array for model. Optional. 132 * 133 * @return Table A database object 134 * 135 * @since 1.6 136 */ 137 public function getTable($type = 'ViewLevel', $prefix = 'Joomla\\CMS\\Table\\', $config = array()) 138 { 139 $return = Table::getInstance($type, $prefix, $config); 140 141 return $return; 142 } 143 144 /** 145 * Method to get a single record. 146 * 147 * @param integer $pk The id of the primary key. 148 * 149 * @return mixed Object on success, false on failure. 150 * 151 * @since 1.6 152 */ 153 public function getItem($pk = null) 154 { 155 $result = parent::getItem($pk); 156 157 // Convert the params field to an array. 158 $result->rules = json_decode($result->rules); 159 160 return $result; 161 } 162 163 /** 164 * Method to get the record form. 165 * 166 * @param array $data An optional array of data for the form to interrogate. 167 * @param boolean $loadData True if the form is to load its own data (default case), false if not. 168 * 169 * @return Form|bool A Form object on success, false on failure 170 * 171 * @since 1.6 172 */ 173 public function getForm($data = array(), $loadData = true) 174 { 175 // Get the form. 176 $form = $this->loadForm('com_users.level', 'level', array('control' => 'jform', 'load_data' => $loadData)); 177 178 if (empty($form)) { 179 return false; 180 } 181 182 return $form; 183 } 184 185 /** 186 * Method to get the data that should be injected in the form. 187 * 188 * @return mixed The data for the form. 189 * 190 * @since 1.6 191 * @throws \Exception 192 */ 193 protected function loadFormData() 194 { 195 // Check the session for previously entered form data. 196 $data = Factory::getApplication()->getUserState('com_users.edit.level.data', array()); 197 198 if (empty($data)) { 199 $data = $this->getItem(); 200 } 201 202 $this->preprocessData('com_users.level', $data); 203 204 return $data; 205 } 206 207 /** 208 * Method to preprocess the form 209 * 210 * @param Form $form A form object. 211 * @param mixed $data The data expected for the form. 212 * @param string $group The name of the plugin group to import (defaults to "content"). 213 * 214 * @return void 215 * 216 * @since 1.6 217 * @throws \Exception if there is an error loading the form. 218 */ 219 protected function preprocessForm(Form $form, $data, $group = '') 220 { 221 // TO DO warning! 222 parent::preprocessForm($form, $data, 'user'); 223 } 224 225 /** 226 * Method to save the form data. 227 * 228 * @param array $data The form data. 229 * 230 * @return boolean True on success. 231 * 232 * @since 1.6 233 */ 234 public function save($data) 235 { 236 if (!isset($data['rules'])) { 237 $data['rules'] = array(); 238 } 239 240 $data['title'] = InputFilter::getInstance()->clean($data['title'], 'TRIM'); 241 242 return parent::save($data); 243 } 244 245 /** 246 * Method to validate the form data. 247 * 248 * @param Form $form The form to validate against. 249 * @param array $data The data to validate. 250 * @param string $group The name of the field group to validate. 251 * 252 * @return array|boolean Array of filtered data if valid, false otherwise. 253 * 254 * @see \Joomla\CMS\Form\FormRule 255 * @see \JFilterInput 256 * @since 3.8.8 257 */ 258 public function validate($form, $data, $group = null) 259 { 260 $isSuperAdmin = Factory::getUser()->authorise('core.admin'); 261 262 // Non Super user should not be able to change the access levels of super user groups 263 if (!$isSuperAdmin) { 264 if (!isset($data['rules']) || !is_array($data['rules'])) { 265 $data['rules'] = array(); 266 } 267 268 $groups = array_values(UserGroupsHelper::getInstance()->getAll()); 269 270 $rules = array(); 271 272 if (!empty($data['id'])) { 273 $table = $this->getTable(); 274 275 $table->load($data['id']); 276 277 $rules = json_decode($table->rules); 278 } 279 280 $rules = ArrayHelper::toInteger($rules); 281 282 for ($i = 0, $n = count($groups); $i < $n; ++$i) { 283 if (Access::checkGroup((int) $groups[$i]->id, 'core.admin')) { 284 if (in_array((int) $groups[$i]->id, $rules) && !in_array((int) $groups[$i]->id, $data['rules'])) { 285 $data['rules'][] = (int) $groups[$i]->id; 286 } elseif (!in_array((int) $groups[$i]->id, $rules) && in_array((int) $groups[$i]->id, $data['rules'])) { 287 $this->setError(Text::_('JLIB_USER_ERROR_NOT_SUPERADMIN')); 288 289 return false; 290 } 291 } 292 } 293 } 294 295 return parent::validate($form, $data, $group); 296 } 297 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
| Generated: Wed Sep 7 05:41:13 2022 | Chilli.vc Blog - For Webmaster,Blog-Writer,System Admin and Domainer |