Extra ACL checks (yay)

joomla · Jul 22, 2016 · 204d991 · 204d991
1 parent a3ee16c
commit 204d991
Show file tree

Hide file tree

Showing 8 changed files with 64 additions and 9 deletions.
diff --git a/administrator/components/com_banners/models/banner.php b/administrator/components/com_banners/models/banner.php
@@ -473,6 +473,30 @@ protected function prepareTable($table)
 		$table->version++;
 	}
 
+	/**
+	 * Allows preprocessing of the JForm object.
+	 *
+	 * @param   JForm   $form   The form object
+	 * @param   array   $data   The data to be merged into the form object
+	 * @param   string  $group  The plugin group to be executed
+	 *
+	 * @return  void
+	 *
+	 * @since    3.0
+	 */
+	protected function preprocessForm(JForm $form, $data, $group = 'content')
+	{
+		// Check if article is associated
+		$canCreateCategories = JFactory::getUser()->authorise('core.create', 'com_banners');
+
+		if ($canCreateCategories)
+		{
+			$form->setFieldAttribute('catid', 'allowAdd', 'true');
+		}
+
+		parent::preprocessForm($form, $data, $group);
+	}
+
 	/**
 	 * Method to save the form data.
 	 *

diff --git a/administrator/components/com_banners/models/forms/banner.xml b/administrator/components/com_banners/models/forms/banner.xml
@@ -39,7 +39,6 @@
 			extension="com_banners"
 			required="true"
 			addfieldpath="/administrator/components/com_categories/models/fields"
-			allowAdd="true"
 			default=""
 		/>
 

diff --git a/administrator/components/com_contact/models/contact.php b/administrator/components/com_contact/models/contact.php
@@ -512,9 +512,31 @@ protected function getReorderConditions($table)
 	 * @param   string  $group  Group name.
 	 *
 	 * @return  void
+	 *
+	 * @since   3.0.3
 	 */
 	protected function preprocessForm(JForm $form, $data, $group = 'content')
 	{
+		// Determine correct permissions to check.
+		if ($this->getState('contact.id'))
+		{
+			// Existing record. Can only edit in selected categories.
+			$form->setFieldAttribute('catid', 'action', 'core.edit');
+		}
+		else
+		{
+			// New record. Can only create in selected categories.
+			$form->setFieldAttribute('catid', 'action', 'core.create');
+		}
+
+		// Check if article is associated
+		$canCreateCategories = JFactory::getUser()->authorise('core.create', 'com_contact');
+
+		if ($canCreateCategories)
+		{
+			$form->setFieldAttribute('catid', 'allowAdd', 'true');
+		}
+
 		// Association content items
 		$assoc = JLanguageAssociations::isEnabled();
 

diff --git a/administrator/components/com_contact/models/forms/contact.xml b/administrator/components/com_contact/models/forms/contact.xml
@@ -75,7 +75,6 @@
 			description="JFIELD_CATEGORY_DESC"
 			extension="com_contact"
 			required="true"
-			allowAdd="true"
 			default=""
 		/>
 

diff --git a/administrator/components/com_content/models/article.php b/administrator/components/com_content/models/article.php
@@ -723,9 +723,7 @@ protected function getReorderConditions($table)
 	}
 
 	/**
-	 * Auto-populate the model state.
-	 *
-	 * Note. Calling getState in this method will result in recursion.
+     * Allows preprocessing of the JForm object.
 	 *
 	 * @param   JForm   $form   The form object
 	 * @param   array   $data   The data to be merged into the form object
@@ -737,8 +735,15 @@ protected function getReorderConditions($table)
 	 */
 	protected function preprocessForm(JForm $form, $data, $group = 'content')
 	{
+		// Check if article is associated
+		$canCreateCategories = JFactory::getUser()->authorise('core.create', 'com_content');
+
+		if ($canCreateCategories)
+		{
+			$form->setFieldAttribute('catid', 'allowAdd', 'true');
+		}
+
 		// Association content items
-		$app = JFactory::getApplication();
 		$assoc = JLanguageAssociations::isEnabled();
 
 		if ($assoc)

diff --git a/administrator/components/com_content/models/forms/article.xml b/administrator/components/com_content/models/forms/article.xml
@@ -47,7 +47,6 @@
 			label="JCATEGORY"
 			   description="JFIELD_CATEGORY_DESC"
 			required="true"
-			   allowAdd="true"
 			   default=""
 		>
 		</field>

diff --git a/administrator/components/com_newsfeeds/models/forms/newsfeed.xml b/administrator/components/com_newsfeeds/models/forms/newsfeed.xml
@@ -54,7 +54,6 @@
 			description="COM_NEWSFEEDS_FIELD_CATEGORY_DESC"
 			extension="com_newsfeeds"
 			required="true"
-			allowAdd="true"
 			default=""
 		/>
 

diff --git a/administrator/components/com_newsfeeds/models/newsfeed.php b/administrator/components/com_newsfeeds/models/newsfeed.php
@@ -503,9 +503,17 @@ protected function getReorderConditions($table)
 	 */
 	protected function preprocessForm(JForm $form, $data, $group = 'content')
 	{
+		// Check if article is associated
+		$canCreateCategories = JFactory::getUser()->authorise('core.create', 'com_newsfeeds');
+
+		if ($canCreateCategories)
+		{
+			$form->setFieldAttribute('catid', 'allowAdd', 'true');
+		}
+
 		// Association newsfeeds items
-		$app = JFactory::getApplication();
 		$assoc = JLanguageAssociations::isEnabled();
+
 		if ($assoc)
 		{
 			$languages = JLanguageHelper::getLanguages('lang_code');