diff --git a/components/com_content/content.php b/components/com_content/content.php index f30b194f1a4b5..72136dd389612 100644 --- a/components/com_content/content.php +++ b/components/com_content/content.php @@ -16,9 +16,21 @@ $input = JFactory::getApplication()->input; $user = JFactory::getUser(); -if ($input->get('view') === 'articles' && $input->get('layout') === 'modal') +$checkCreateEdit = ($input->get('view') === 'articles' && $input->get('layout') === 'modal') + || ($input->get('view') === 'article' && $input->get('layout') === 'pagebreak'); + +if ($checkCreateEdit) { - if (!$user->authorise('core.create', 'com_content') && count($user->getAuthorisedCategories('com_content', 'core.create')) == 0 ) + // Can create in any category (component permission) or at least in one category + $canCreateRecords = $user->authorise('core.create', 'com_content') + || count($user->getAuthorisedCategories('com_content', 'core.create')) > 0; + + // Instead of checking edit on all records, we can use **same** check as the form editing view + $values = (array) JFactory::getApplication()->getUserState('com_content.edit.article.id'); + $isEditingRecords = count($values); + + $hasAccess = $canCreateRecords || $isEditingRecords; + if (!$hasAccess) { JFactory::getApplication()->enqueueMessage(JText::_('JERROR_ALERTNOAUTHOR'), 'warning'); diff --git a/plugins/editors-xtd/article/article.php b/plugins/editors-xtd/article/article.php index 9e9aadfe90f39..fd5a2a3ae3899 100644 --- a/plugins/editors-xtd/article/article.php +++ b/plugins/editors-xtd/article/article.php @@ -35,6 +35,26 @@ class PlgButtonArticle extends JPlugin */ public function onDisplay($name) { + $input = JFactory::getApplication()->input; + $user = JFactory::getUser(); + + // Can create in any category (component permission) or at least in one category + $canCreateRecords = $user->authorise('core.create', 'com_content') + || count($user->getAuthorisedCategories('com_content', 'core.create')) > 0; + + // Instead of checking edit on all records, we can use **same** check as the form editing view + $values = (array) JFactory::getApplication()->getUserState('com_content.edit.article.id'); + $isEditingRecords = count($values); + + // This ACL check is probably a double-check (form view already performed checks) + $hasAccess = $canCreateRecords || $isEditingRecords; + if (!$hasAccess) + { + JFactory::getApplication()->enqueueMessage(JText::_('JERROR_ALERTNOAUTHOR'), 'warning'); + + return; + } + $link = 'index.php?option=com_content&view=articles&layout=modal&tmpl=component&' . JSession::getFormToken() . '=1&editor=' . $name; diff --git a/plugins/editors-xtd/pagebreak/pagebreak.php b/plugins/editors-xtd/pagebreak/pagebreak.php index d98ede9be78a3..4cb26544913ef 100644 --- a/plugins/editors-xtd/pagebreak/pagebreak.php +++ b/plugins/editors-xtd/pagebreak/pagebreak.php @@ -35,6 +35,26 @@ class PlgButtonPagebreak extends JPlugin */ public function onDisplay($name) { + $input = JFactory::getApplication()->input; + $user = JFactory::getUser(); + + // Can create in any category (component permission) or at least in one category + $canCreateRecords = $user->authorise('core.create', 'com_content') + || count($user->getAuthorisedCategories('com_content', 'core.create')) > 0; + + // Instead of checking edit on all records, we can use **same** check as the form editing view + $values = (array) JFactory::getApplication()->getUserState('com_content.edit.article.id'); + $isEditingRecords = count($values); + + // This ACL check is probably a double-check (form view already performed checks) + $hasAccess = $canCreateRecords || $isEditingRecords; + if (!$hasAccess) + { + JFactory::getApplication()->enqueueMessage(JText::_('JERROR_ALERTNOAUTHOR'), 'warning'); + + return; + } + JFactory::getDocument()->addScriptOptions('xtd-pagebreak', array('editor' => $name)); $link = 'index.php?option=com_content&view=article&layout=pagebreak&tmpl=component&e_name=' . $name;