Various code cleanup + permissions check improvement
This commit is contained in:
Tuan Pham Ngoc
parent
4274af68e3
commit
047cee28aa
|
|
@ -91,7 +91,7 @@ class WeblinkTable extends Table implements VersionableTableInterface, TaggableT
|
|||
{
|
||||
$this->created_by = $user->id;
|
||||
}
|
||||
|
||||
|
||||
if (empty($this->hits))
|
||||
{
|
||||
$this->hits = 0;
|
||||
|
|
@ -113,7 +113,7 @@ class WeblinkTable extends Table implements VersionableTableInterface, TaggableT
|
|||
// Verify that the alias is unique
|
||||
$table = new WeblinkTable($this->getDbo());
|
||||
|
||||
if ($table->load(array('language' => $this->language, 'alias' => $this->alias, 'catid' => (int)$this->catid))
|
||||
if ($table->load(array('language' => $this->language, 'alias' => $this->alias, 'catid' => (int) $this->catid))
|
||||
&& ($table->id != $this->id || $this->id == 0))
|
||||
{
|
||||
$this->setError(Text::_('COM_WEBLINKS_ERROR_UNIQUE_ALIAS'));
|
||||
|
|
|
|||
|
|
@ -28,9 +28,9 @@ use Joomla\CMS\Toolbar\ToolbarHelper;
|
|||
class HtmlView extends BaseHtmlView
|
||||
{
|
||||
/**
|
||||
* The \JForm object
|
||||
* The Form object
|
||||
*
|
||||
* @var \JForm
|
||||
* @var \Joomla\CMS\Form\Form
|
||||
*/
|
||||
protected $form;
|
||||
|
||||
|
|
@ -44,7 +44,7 @@ class HtmlView extends BaseHtmlView
|
|||
/**
|
||||
* The model state
|
||||
*
|
||||
* @var \JObject
|
||||
* @var \Joomla\CMS\Object\CMSObject
|
||||
*/
|
||||
protected $state;
|
||||
|
||||
|
|
|
|||
|
|
@ -36,21 +36,21 @@ class HtmlView extends BaseHtmlView
|
|||
/**
|
||||
* The pagination object
|
||||
*
|
||||
* @var \JPagination
|
||||
* @var \Joomla\CMS\Pagination\Pagination
|
||||
*/
|
||||
protected $pagination;
|
||||
|
||||
/**
|
||||
* The model state
|
||||
*
|
||||
* @var \JObject
|
||||
* @var \Joomla\CMS\Object\CMSObject
|
||||
*/
|
||||
protected $state;
|
||||
|
||||
/**
|
||||
* Form object for search filters
|
||||
*
|
||||
* @var \JForm
|
||||
* @var \Joomla\CMS\Form\Form
|
||||
*/
|
||||
public $filterForm;
|
||||
|
||||
|
|
|
|||
|
|
@ -79,7 +79,6 @@ class WeblinkController extends FormController
|
|||
protected function allowAdd($data = array())
|
||||
{
|
||||
$categoryId = ArrayHelper::getValue($data, 'catid', $this->input->getInt('id'), 'int');
|
||||
$allow = null;
|
||||
|
||||
if ($categoryId)
|
||||
{
|
||||
|
|
@ -104,17 +103,33 @@ class WeblinkController extends FormController
|
|||
protected function allowEdit($data = array(), $key = 'id')
|
||||
{
|
||||
$recordId = (int) isset($data[$key]) ? $data[$key] : 0;
|
||||
$categoryId = 0;
|
||||
|
||||
if ($recordId)
|
||||
if (!$recordId)
|
||||
{
|
||||
$categoryId = (int) $this->getModel()->getItem($recordId)->catid;
|
||||
return false;
|
||||
}
|
||||
|
||||
$record = $this->getModel()->getItem($recordId);
|
||||
$categoryId = (int) $record->catid;
|
||||
|
||||
if ($categoryId)
|
||||
{
|
||||
// The category has been set. Check the category permissions.
|
||||
return $this->app->getIdentity()->authorise('core.edit', $this->option . '.category.' . $categoryId);
|
||||
$user = $this->app->getIdentity();
|
||||
|
||||
// First, check edit permission
|
||||
if ($user->authorise('core.edit', $this->option . '.category.' . $categoryId))
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
// Fallback on edit.own
|
||||
if ($user->authorise('core.edit.own', $this->option . '.category.' . $categoryId) && $record->created_by == $user->id)
|
||||
{
|
||||
return true;
|
||||
}
|
||||
|
||||
return false;
|
||||
}
|
||||
|
||||
// Since there is no asset tracking, revert to the component permissions.
|
||||
|
|
@ -307,7 +322,6 @@ class WeblinkController extends FormController
|
|||
}
|
||||
|
||||
// Redirect to the URL
|
||||
// @todo: Probably should check for a valid http link
|
||||
if ($link->url)
|
||||
{
|
||||
$modelLink->hit($id);
|
||||
|
|
|
|||
|
|
@ -103,9 +103,7 @@ class CategoryModel extends ListModel
|
|||
{
|
||||
if (!isset($this->_params))
|
||||
{
|
||||
$params = new Registry;
|
||||
$params->loadString($item->params);
|
||||
$item->params = $params;
|
||||
$item->params = new Registry($item->params);
|
||||
}
|
||||
|
||||
// Get the tags
|
||||
|
|
|
|||
|
|
@ -26,6 +26,14 @@ use Joomla\Registry\Registry;
|
|||
*/
|
||||
class WeblinkModel extends ItemModel
|
||||
{
|
||||
/**
|
||||
* Store loaded weblink items
|
||||
*
|
||||
* @var array
|
||||
* @since 1.6
|
||||
*/
|
||||
protected $_item = null;
|
||||
|
||||
/**
|
||||
* Model context string.
|
||||
*
|
||||
|
|
|
|||
|
|
@ -72,7 +72,6 @@ class HtmlView extends CategoryView
|
|||
protected function prepareDocument()
|
||||
{
|
||||
parent::prepareDocument();
|
||||
;
|
||||
|
||||
parent::addFeed();
|
||||
|
||||
|
|
|
|||
|
|
@ -23,10 +23,10 @@ $params = &$this->category->params;
|
|||
// Get the user object.
|
||||
$user = Factory::getApplication()->getIdentity();
|
||||
|
||||
// Check if user is allowed to add/edit based on weblinks permissinos.
|
||||
$canEdit = $user->authorise('core.edit', 'com_weblinks.category.' . $this->category->id);
|
||||
$canCreate = $user->authorise('core.create', 'com_weblinks');
|
||||
$canEditState = $user->authorise('core.edit.state', 'com_weblinks');
|
||||
// Check if user is allowed to add/edit based on weblinks permission.
|
||||
$canEdit = $user->authorise('core.edit', 'com_weblinks.category.' . $this->category->id);
|
||||
$canEditOwn = $user->authorise('core.edit.own', 'com_weblinks.category.' . $this->category->id);
|
||||
$canCreate = $user->authorise('core.create', 'com_weblinks.category.' . $this->category->id);
|
||||
|
||||
$n = count($this->items);
|
||||
$listOrder = $this->escape($this->state->get('list.ordering'));
|
||||
|
|
@ -45,7 +45,7 @@ $listDirn = $this->escape($this->state->get('list.direction'));
|
|||
name="filter-search"
|
||||
id="filter-search"
|
||||
value="<?php echo $this->escape($this->state->get('list.filter')); ?>"
|
||||
class="inputbox" onchange="document.adminForm.submit();"
|
||||
onchange="document.adminForm.submit();"
|
||||
placeholder="<?php echo Text::_('COM_WEBLINKS_FILTER_SEARCH_DESC'); ?>"
|
||||
>
|
||||
<button type="submit" name="filter_submit" class="btn btn-primary"><?php echo Text::_('JGLOBAL_FILTER_BUTTON'); ?></button>
|
||||
|
|
@ -79,7 +79,7 @@ $listDirn = $this->escape($this->state->get('list.direction'));
|
|||
<li class="list-group mt-3">
|
||||
<?php endif; ?>
|
||||
|
||||
<?php if ($canEdit) : ?>
|
||||
<?php if ($canEdit || ($canEditOwn && $item->created_by == $userId)) : ?>
|
||||
<div class="icons list-group-item">
|
||||
<?php echo HTMLHelper::_('weblinkicon.edit', $item, $this->params); ?>
|
||||
</div>
|
||||
|
|
@ -193,9 +193,9 @@ $listDirn = $this->escape($this->state->get('list.direction'));
|
|||
</ul>
|
||||
|
||||
<?php if ($this->params->get('show_pagination')) : ?>
|
||||
<div class="com-contact-category__counter w-100">
|
||||
<div class="com-weblinks-category__counter w-100">
|
||||
<?php if ($this->params->def('show_pagination_results', 1)) : ?>
|
||||
<p class="com-contact-category__counter counter float-end pt-3 pe-2">
|
||||
<p class="com-weblinks-category__counter counter float-end pt-3 pe-2">
|
||||
<?php echo $this->pagination->getPagesCounter(); ?>
|
||||
</p>
|
||||
<?php endif; ?>
|
||||
|
|
|
|||
Loading…
Reference in New Issue