Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Extra ACL checks (yay) #11244

Merged
merged 4 commits into from Jul 31, 2016
Merged

Extra ACL checks (yay) #11244

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
204d991
Extra ACL checks (yay)
wilsonge Jul 22, 2016
6d3d129
Fix comments + since
wilsonge Jul 22, 2016
06e1602
Merge branch 'staging' into category-on-fly-acl
wilsonge Jul 29, 2016
0e7d0f8
Add checks into save method
wilsonge Jul 29, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Jump to
Jump to file
Failed to load files.
Diff view
Diff view
35 changes: 34 additions & 1 deletion administrator/components/com_banners/models/banner.php
View file
Open in desktop
Expand Up @@ -473,6 +473,27 @@ protected function prepareTable($table)
$table->version++;
}

/**
* Allows preprocessing of the JForm object.
*
* @param JForm $form The form object
* @param array $data The data to be merged into the form object
* @param string $group The plugin group to be executed
*
* @return void
*
* @since 3.6.1
*/
protected function preprocessForm(JForm $form, $data, $group = 'content')
{
if ($this->canCreateCategory())
{
$form->setFieldAttribute('catid', 'allowAdd', 'true');
}

parent::preprocessForm($form, $data, $group);
}

/**
* Method to save the form data.
*
Expand All @@ -498,7 +519,7 @@ public function save($data)
}

// Save New Category
if ($catid == 0)
if ($catid == 0 && $this->canCreateCategory())
{
$table = array();
$table['title'] = $data['catid'];
Expand Down Expand Up @@ -537,4 +558,16 @@ public function save($data)

return parent::save($data);
}

/**
* Is the user allowed to create an on the fly category?
*
* @return bool
*
* @since 3.6.1
*/
private function canCreateCategory()
{
return JFactory::getUser()->authorise('core.create', 'com_banners');
}
}
1 change: 0 additions & 1 deletion administrator/components/com_banners/models/forms/banner.xml
View file
Open in desktop
Expand Up @@ -39,7 +39,6 @@
extension="com_banners"
required="true"
addfieldpath="/administrator/components/com_categories/models/fields"
allowAdd="true"
default=""
/>

Expand Down
33 changes: 32 additions & 1 deletion administrator/components/com_contact/models/contact.php
View file
Open in desktop
Expand Up @@ -396,7 +396,7 @@ public function save($data)
}

// Save New Category
if ($catid == 0)
if ($catid == 0 && $this->canCreateCategory())
{
$table = array();
$table['title'] = $data['catid'];
Expand Down Expand Up @@ -512,9 +512,28 @@ protected function getReorderConditions($table)
* @param string $group Group name.
*
* @return void
*
* @since 3.0.3
*/
protected function preprocessForm(JForm $form, $data, $group = 'content')
{
// Determine correct permissions to check.
if ($this->getState('contact.id'))
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

This check is in all the other components - but missing from contacts so added this as well for consistency

{
// Existing record. Can only edit in selected categories.
$form->setFieldAttribute('catid', 'action', 'core.edit');
}
else
{
// New record. Can only create in selected categories.
$form->setFieldAttribute('catid', 'action', 'core.create');
}

if ($this->canCreateCategory())
{
$form->setFieldAttribute('catid', 'allowAdd', 'true');
}

// Association content items
$assoc = JLanguageAssociations::isEnabled();

Expand Down Expand Up @@ -633,4 +652,16 @@ protected function generateNewTitle($category_id, $alias, $name)

return array($name, $alias);
}

/**
* Is the user allowed to create an on the fly category?
*
* @return bool
*
* @since 3.6.1
*/
private function canCreateCategory()
{
return JFactory::getUser()->authorise('core.create', 'com_contact');
}
}
1 change: 0 additions & 1 deletion administrator/components/com_contact/models/forms/contact.xml
View file
Open in desktop
Expand Up @@ -75,7 +75,6 @@
description="JFIELD_CATEGORY_DESC"
extension="com_contact"
required="true"
allowAdd="true"
default=""
/>

Expand Down
26 changes: 20 additions & 6 deletions administrator/components/com_content/models/article.php
View file
Open in desktop
Expand Up @@ -504,8 +504,8 @@ public function save($data)
$catid = CategoriesHelper::validateCategoryId($data['catid'], 'com_content');
}

// Save New Category
if ($catid == 0)
// Save New Categoryg
if ($catid == 0 && $this->canCreateCategory())
{
$table = array();
$table['title'] = $data['catid'];
Expand Down Expand Up @@ -723,9 +723,7 @@ protected function getReorderConditions($table)
}

/**
* Auto-populate the model state.
*
* Note. Calling getState in this method will result in recursion.
* Allows preprocessing of the JForm object.
*
* @param JForm $form The form object
* @param array $data The data to be merged into the form object
Expand All @@ -737,8 +735,12 @@ protected function getReorderConditions($table)
*/
protected function preprocessForm(JForm $form, $data, $group = 'content')
{
if ($this->canCreateCategory())
{
$form->setFieldAttribute('catid', 'allowAdd', 'true');
}

// Association content items
$app = JFactory::getApplication();
$assoc = JLanguageAssociations::isEnabled();

if ($assoc)
Expand Down Expand Up @@ -809,4 +811,16 @@ public function hit()
{
return;
}

/**
* Is the user allowed to create an on the fly category?
*
* @return bool
*
* @since 3.6.1
*/
private function canCreateCategory()
{
return JFactory::getUser()->authorise('core.create', 'com_content');
}
}
1 change: 0 additions & 1 deletion administrator/components/com_content/models/forms/article.xml
View file
Open in desktop
Expand Up @@ -47,7 +47,6 @@
label="JCATEGORY"
description="JFIELD_CATEGORY_DESC"
required="true"
allowAdd="true"
default=""
>
</field>
Expand Down
1 change: 0 additions & 1 deletion administrator/components/com_newsfeeds/models/forms/newsfeed.xml
View file
Open in desktop
Expand Up @@ -54,7 +54,6 @@
description="COM_NEWSFEEDS_FIELD_CATEGORY_DESC"
extension="com_newsfeeds"
required="true"
allowAdd="true"
default=""
/>

Expand Down
21 changes: 19 additions & 2 deletions administrator/components/com_newsfeeds/models/newsfeed.php
View file
Open in desktop
Expand Up @@ -314,7 +314,7 @@ public function save($data)
}

// Save New Category
if ($catid == 0)
if ($catid == 0 && $this->canCreateCategory())
{
$table = array();
$table['title'] = $data['catid'];
Expand Down Expand Up @@ -503,9 +503,14 @@ protected function getReorderConditions($table)
*/
protected function preprocessForm(JForm $form, $data, $group = 'content')
{
if ($this->canCreateCategory())
{
$form->setFieldAttribute('catid', 'allowAdd', 'true');
}

// Association newsfeeds items
$app = JFactory::getApplication();
$assoc = JLanguageAssociations::isEnabled();

if ($assoc)
{
$languages = JLanguageHelper::getLanguages('lang_code');
Expand Down Expand Up @@ -568,4 +573,16 @@ protected function generateNewTitle($category_id, $alias, $name)

return array($name, $alias);
}

/**
* Is the user allowed to create an on the fly category?
*
* @return bool
*
* @since 3.6.1
*/
private function canCreateCategory()
{
return JFactory::getUser()->authorise('core.create', 'com_newsfeeds');
}
}