setRedirect($this->getReturnPage()); return false; } return true; } /** * Method override to check if you can add a new record. * * @param array $data An array of input data. * * @return boolean * * @since 1.6 */ protected function allowAdd($data = []) { $categoryId = ArrayHelper::getValue($data, 'catid', $this->input->getInt('id'), 'int'); if ($categoryId) { // If the category has been passed in the URL check it. return $this->app->getIdentity()->authorise('core.create', $this->option . '.category.' . $categoryId); } // In the absence of better information, revert to the component permissions. return parent::allowAdd($data); } /** * Method to check if you can add a new record. * * @param array $data An array of input data. * @param string $key The name of the key for the primary key. * * @return boolean * * @since 1.6 */ protected function allowEdit($data = [], $key = 'id') { $recordId = (int) isset($data[$key]) ? $data[$key] : 0; if (!$recordId) { return false; } $record = $this->getModel()->getItem($recordId); $categoryId = (int) $record->catid; if ($categoryId) { // The category has been set. Check the category permissions. $user = $this->app->getIdentity(); // First, check edit permission if ($user->authorise('core.edit', $this->option . '.category.' . $categoryId)) { return true; } // Fallback on edit.own if ($user->authorise('core.edit.own', $this->option . '.category.' . $categoryId) && $record->created_by == $user->id) { return true; } return false; } // Since there is no asset tracking, revert to the component permissions. return parent::allowEdit($data, $key); } /** * Method to cancel an edit. * * @param string $key The name of the primary key of the URL variable. * * @return boolean True if access level checks pass, false otherwise. * * @since 1.6 */ public function cancel($key = 'w_id') { $return = parent::cancel($key); // Redirect to the return page. $this->setRedirect($this->getReturnPage()); return $return; } /** * Method to edit an existing record. * * @param string $key The name of the primary key of the URL variable. * @param string $urlVar The name of the URL variable if different from the primary key (sometimes required to avoid router collisions). * * @return boolean True if access level check and checkout passes, false otherwise. * * @since 1.6 */ public function edit($key = null, $urlVar = 'w_id') { return parent::edit($key, $urlVar); } /** * Method to get a model object, loading it if required. * * @param string $name The model name. Optional. * @param string $prefix The class prefix. Optional. * @param array $config Configuration array for model. Optional. * * @return object The model. * * @since 1.5 */ public function getModel($name = 'form', $prefix = 'Site', $config = ['ignore_request' => true]) { return parent::getModel($name, $prefix, $config); } /** * Gets the URL arguments to append to an item redirect. * * @param integer $recordId The primary key id for the item. * @param string $urlVar The name of the URL variable for the id. * * @return string The arguments to append to the redirect URL. * * @since 1.6 */ protected function getRedirectToItemAppend($recordId = null, $urlVar = null) { $append = parent::getRedirectToItemAppend($recordId, $urlVar); $itemId = $this->input->getInt('Itemid'); $return = $this->getReturnPage(); if ($itemId) { $append .= '&Itemid=' . $itemId; } if ($return) { $append .= '&return=' . base64_encode($return); } return $append; } /** * Get the return URL if a "return" variable has been passed in the request * * @return string The return URL. * * @since 1.6 */ protected function getReturnPage() { $return = $this->input->get('return', null, 'base64'); if (empty($return) || !Uri::isInternal(base64_decode($return))) { return Uri::base(); } return base64_decode($return); } /** * Method to save a record. * * @param string $key The name of the primary key of the URL variable. * @param string $urlVar The name of the URL variable if different from the primary key (sometimes required to avoid router collisions). * * @return boolean True if successful, false otherwise. * * @since 1.6 */ public function save($key = null, $urlVar = 'w_id') { // Get the application $app = $this->app; // Get the data from POST $data = $this->input->post->get('jform', [], 'array'); // Save the data in the session. $app->setUserState('com_weblinks.edit.weblink.data', $data); $result = parent::save($key, $urlVar); // If ok, redirect to the return page. if ($result) { // Flush the data from the session $app->setUserState('com_weblinks.edit.weblink.data', null); $this->setRedirect($this->getReturnPage()); } return $result; } /** * Go to a weblink * * @return void * * @throws \Exception * * @since 1.6 */ public function go() { // Get the ID from the request $id = $this->input->getInt('id'); // Get the model, requiring published items $modelLink = $this->getModel('Weblink'); $modelLink->setState('filter.published', 1); // Get the item $link = $modelLink->getItem($id); // Make sure the item was found. if (empty($link)) { throw new \Exception(Text::_('COM_WEBLINKS_ERROR_WEBLINK_NOT_FOUND'), 404); } // Check whether item access level allows access. $groups = $this->app->getIdentity()->getAuthorisedViewLevels(); if (!in_array($link->access, $groups)) { throw new \Exception(Text::_('JERROR_ALERTNOAUTHOR'), 403); } // Check whether category access level allows access. $modelCat = $this->getModel('Category', 'Site', ['ignore_request' => true]); $modelCat->setState('filter.published', 1); // Get the category $category = $modelCat->getCategory($link->catid); // Make sure the category was found. if (empty($category)) { throw new \Exception(Text::_('COM_WEBLINKS_ERROR_WEBLINK_NOT_FOUND'), 404); } // Check whether item access level allows access. if (!in_array($category->access, $groups)) { throw new \Exception(Text::_('JERROR_ALERTNOAUTHOR'), 403); } // Redirect to the URL if ($link->url) { $modelLink->hit($id); $this->app->redirect($link->url, 301); } throw new \Exception(Text::_('COM_WEBLINKS_ERROR_WEBLINK_URL_INVALID'), 404); } }