Support for ACL permissions per module in com_modules

administrator/components/com_admin/sql/updates/mysql/3.2.0.sql

@@ -93,3 +93,5 @@ INSERT INTO `#__content_types` (`type_title`, `type_alias`, `table`, `rules`, `f
 ('Banner Client', 'com_banners.client', '{"special":{"dbtable":"#__banner_clients","key":"id","type":"Client","prefix":"BannersTable"}}', '', '', '', '{"form_file":"administrator\\/components\\/com_banners\\/models\\/forms\\/client.xml", "hide_fields":["checked_out","checked_out_time"],"display_lookup":[]}'),
 ('User Notes', 'com_users.note', '{"special":{"dbtable":"#__user_notes","key":"id","type":"Note","prefix":"UsersTable"}}', '', '', '', '{"form_file":"administrator\\/components\\/com_users\\/models\\/forms\\/note.xml", "hide_fields":["checked_out","checked_out_time", "publish_up", "publish_down"],"display_lookup":[  {"source_column":"catid","target_table":"#__categories","target_column":"id","display_column":"title"},    {"source_column":"created_user_id","target_table":"#__users","target_column":"id","display_column":"name"}, {"source_column":"user_id","target_table":"#__users","target_column":"id","display_column":"name"}, {"source_column":"modified_user_id","target_table":"#__users","target_column":"id","display_column":"name"}  ]}'),
 ('User Notes Category', 'com_users.category', '{"special":{"dbtable":"#__categories","key":"id","type":"Category","prefix":"JTable","config":"array()"},"common":{"dbtable":"#__ucm_content","key":"ucm_id","type":"Corecontent","prefix":"JTable","config":"array()"}}', '', '{"common":{"core_content_item_id":"id","core_title":"title","core_state":"published","core_alias":"alias","core_created_time":"created_time","core_modified_time":"modified_time","core_body":"description", "core_hits":"hits","core_publish_up":"null","core_publish_down":"null","core_access":"access", "core_params":"params", "core_featured":"null", "core_metadata":"metadata", "core_language":"language", "core_images":"null", "core_urls":"null", "core_version":"version", "core_ordering":"null", "core_metakey":"metakey", "core_metadesc":"metadesc", "core_catid":"parent_id", "core_xreference":"null", "asset_id":"asset_id"}, "special":{"parent_id":"parent_id","lft":"lft","rgt":"rgt","level":"level","path":"path","extension":"extension","note":"note"}}', '', '{"form_file":"administrator\\/components\\/com_categories\\/models\\/forms\\/category.xml",   "hide_fields":["checked_out","checked_out_time","version","lft","rgt","level","path","extension"],   "display_lookup":[   {"source_column":"created_user_id","target_table":"#__users","target_column":"id","display_column":"name"},{"source_column":"access","target_table":"#__viewlevels","target_column":"id","display_column":"title"},{"source_column":"modified_user_id","target_table":"#__users","target_column":"id","display_column":"name"},{"source_column":"parent_id","target_table":"#__categories","target_column":"id","display_column":"title"}  ] }');
+
+ALTER TABLE `#__modules` ADD COLUMN `asset_id` INT(10) UNSIGNED NOT NULL DEFAULT '0' COMMENT 'FK to the #__assets table.' AFTER `id`;

administrator/components/com_admin/sql/updates/postgresql/3.2.0.sql

@@ -39,3 +39,5 @@ INSERT INTO "#__postinstall_messages" ("postinstall_message_id", "extension_id",
 INSERT INTO "#__content_types" ("type_id", "type_title", "type_alias", "table", "rules", "field_mappings") VALUES
 (11, 'Banner', 'com_banners.banner', '{"special":{"dbtable":"#__banners","key":"id","type":"Banner","prefix":"BannersTable","config":"array()"},"common":{"dbtable":"#__ucm_content","key":"ucm_id","type":"Corecontent","prefix":"JTable","config":"array()"}}', '', '{"common":{"core_content_item_id":"id","core_title":"name","core_state":"published","core_alias":"alias","core_created_time":"created","core_modified_time":"modified","core_body":"description", "core_hits":"null","core_publish_up":"publish_up","core_publish_down":"publish_down","core_access":"access", "core_params":"params", "core_featured":"null", "core_metadata":"metadata", "core_language":"language", "core_images":"images", "core_urls":"link", "core_version":"version", "core_ordering":"ordering", "core_metakey":"metakey", "core_metadesc":"metadesc", "core_catid":"catid", "core_xreference":"null", "asset_id":"null"}, "special":{"imptotal":"imptotal", "impmade":"impmade", "clicks":"clicks", "clickurl":"clickurl", "custombannercode":"custombannercode", "cid":"cid", "purchase_type":"purchase_type", "track_impressions":"track_impressions", "track_clicks":"track_clicks"}}'),
 (12, 'Banners Category', 'com_banners.category', '{"special":{"dbtable":"#__categories","key":"id","type":"Category","prefix":"JTable","config":"array()"},"common":{"dbtable":"#__ucm_content","key":"ucm_id","type":"Corecontent","prefix":"JTable","config":"array()"}}', '', '{"common":{"core_content_item_id":"id","core_title":"title","core_state":"published","core_alias":"alias","core_created_time":"created_time","core_modified_time":"modified_time","core_body":"description", "core_hits":"hits","core_publish_up":"null","core_publish_down":"null","core_access":"access", "core_params":"params", "core_featured":"null", "core_metadata":"metadata", "core_language":"language", "core_images":"null", "core_urls":"null", "core_version":"version", "core_ordering":"null", "core_metakey":"metakey", "core_metadesc":"metadesc", "core_catid":"parent_id", "core_xreference":"null", "asset_id":"asset_id"}, "special": {"parent_id":"parent_id","lft":"lft","rgt":"rgt","level":"level","path":"path","extension":"extension","note":"note"}}');
+
+ALTER TABLE "#__modules" ADD COLUMN "asset_id" INT(10) UNSIGNED DEFAULT 0 NOT NULL AFTER "id";

administrator/components/com_admin/sql/updates/sqlazure/3.2.0.sql

@@ -66,3 +66,4 @@ SELECT 12,'Banners Category','com_banners.category','{"special":{"dbtable":"#__c
 
 SET IDENTITY_INSERT #__content_types  OFF;
 
+ALTER TABLE [#__modules] ADD [asset_id] [int](10) NOT NULL DEFAULT 0 AFTER [id];

administrator/components/com_modules/access.xml

@@ -8,4 +8,9 @@
 		<action name="core.edit" title="JACTION_EDIT" description="JACTION_EDIT_COMPONENT_DESC" />
 		<action name="core.edit.state" title="JACTION_EDITSTATE" description="JACTION_EDITSTATE_COMPONENT_DESC" />
 	</section>
-</access>
+	<section name="module">
+		<action name="core.delete" title="JACTION_DELETE" description="JACTION_DELETE_COMPONENT_DESC" />
+		<action name="core.edit" title="JACTION_EDIT" description="JACTION_EDIT_COMPONENT_DESC" />
+		<action name="core.edit.state" title="JACTION_EDITSTATE" description="JACTION_EDITSTATE_COMPONENT_DESC" />
+	</section>
+</access>

administrator/components/com_modules/controllers/module.php

@@ -99,6 +99,33 @@ protected function allowSave($data, $key = 'id')
 		return parent::allowSave($data, $key);
 	}
 
+	/**
+	 * Method override to check if you can edit an existing record.
+	 *
+	 * @param   array   $data  An array of input data.
+	 * @param   string  $key   The name of the key for the primary key.
+	 *
+	 * @return  boolean
+	 *
+	 * @since   3.2
+	 */
+	protected function allowEdit($data = array(), $key = 'id')
+	{
+		// Initialise variables.
+		$recordId = (int) isset($data[$key]) ? $data[$key] : 0;
+		$user = JFactory::getUser();
+		$userId = $user->get('id');
+
+		// Check general edit permission first.
+		if ($user->authorise('core.edit', 'com_modules.module.' . $recordId))
+		{
+			return true;
+		}
+
+		// Since there is no asset tracking, revert to the component permissions.
+		return parent::allowEdit($data, $key);
+	}
+
 	/**
 	 * Method to run batch operations.
 	 *

administrator/components/com_modules/helpers/modules.php

@@ -31,18 +31,30 @@ public static function addSubmenu($vName)
 	/**
 	 * Gets a list of the actions that can be performed.
 	 *
+	 * @param   integer  The module ID.
+	 *
 	 * @return  JObject
 	 */
-	public static function getActions()
+	public static function getActions($moduleId = 0)
 	{
 		$user	= JFactory::getUser();
 		$result	= new JObject;
 
-		$actions = JAccess::getActions('com_modules');
+		if (empty($moduleId)) {
+			$assetName = 'com_modules';
+		}
+		else 
+		{
+			$assetName = 'com_modules.module.'.(int) $moduleId;
+		}
+
+		$actions = JAccess::getActionsFromFile(
+			JPATH_ADMINISTRATOR . '/components/com_modules/access.xml',"/access/section[@name='component']/"
+		);
 
 		foreach ($actions as $action)
 		{
-			$result->set($action->name, $user->authorise($action->name, 'com_modules'));
+			$result->set($action->name, $user->authorise($action->name, $assetName));
 		}
 
 		return $result;

administrator/components/com_modules/models/forms/module.xml

@@ -115,5 +115,19 @@
 		<field name="assignment" type="hidden" />
 
 		<field name="assigned" type="hidden" />
+
+		<field name="asset_id" type="hidden"
+			filter="unset"
+		/>
+
+		<field name="rules" type="rules"
+			label="JFIELD_RULES_LABEL"
+			translate_label="false"
+			class="inputbox"
+			filter="rules"
+			component="com_modules"
+			section="module"
+			validate="rules"
+		/>
 	</fieldset>
 </form>

administrator/components/com_modules/models/module.php

@@ -318,6 +318,30 @@ protected function batchMove($value, $pks, $contexts)
 		return true;
 	}
 
+	/**
+	 * Method to test whether a record can have its state edited.
+	 *
+	 * @param   object    $record    A record object.
+	 *
+	 * @return  boolean  True if allowed to change the state of the record. Defaults to the permission set in the component.
+	 * @since   3.2
+	 */
+	protected function canEditState($record)
+	{
+		$user = JFactory::getUser();
+
+		// Check for existing module.
+		if (!empty($record->id))
+		{
+			return $user->authorise('core.edit.state', 'com_modules.module.' . (int) $record->id);
+		}
+		// Default to component settings if module not known.
+		else
+		{
+			return parent::canEditState('com_modules');
+		}
+	}
+
 	/**
 	 * Method to delete rows.
 	 *
@@ -340,7 +364,7 @@ public function delete(&$pks)
 			if ($table->load($pk))
 			{
 				// Access checks.
-				if (!$user->authorise('core.delete', 'com_modules') || $table->published != -2)
+				if (!$user->authorise('core.delete', 'com_modules.module.'.(int) $pk) || $table->published != -2)
 				{
 					JError::raiseWarning(403, JText::_('JERROR_CORE_DELETE_NOT_PERMITTED'));
 					return;
@@ -523,11 +547,13 @@ public function getForm($data = array(), $loadData = true)
 			$item		= $this->getItem();
 			$clientId	= $item->client_id;
 			$module		= $item->module;
+			$id			= $item->id;
 		}
 		else
 		{
 			$clientId	= JArrayHelper::getValue($data, 'client_id');
 			$module		= JArrayHelper::getValue($data, 'module');
+			$id			= JArrayHelper::getValue($data, 'id');
 		}
 
 		// These variables are used to add data from the plugin XML files.
@@ -543,8 +569,13 @@ public function getForm($data = array(), $loadData = true)
 
 		$form->setFieldAttribute('position', 'client', $this->getState('item.client_id') == 0 ? 'site' : 'administrator');
 
-		// Modify the form based on access controls.
-		if (!$this->canEditState((object) $data))
+		$user = JFactory::getUser();
+
+		// Check for existing module
+		// Modify the form based on Edit State access controls.
+		if ($id != 0 && (!$user->authorise('core.edit.state', 'com_modules.module.'.(int) $id))
+			|| ($id == 0 && !$user->authorise('core.edit.state', 'com_modules'))
+		)
 		{
 			// Disable fields for display.
 			$form->setFieldAttribute('ordering', 'disabled', 'true');

administrator/components/com_modules/views/module/tmpl/edit.php

@@ -153,6 +153,12 @@
 			<?php echo JHtml::_('bootstrap.endTab'); ?>
 		<?php endif; ?>
 
+		<?php if ($this->canDo->get('core.admin')) : ?>
+			<?php echo JHtml::_('bootstrap.addTab', 'myTab', 'permissions', JText::_('COM_MODULES_FIELDSET_RULES', true)); ?>
+			<?php echo $this->form->getInput('rules'); ?>
+			<?php echo JHtml::_('bootstrap.endTab'); ?>
+		<?php endif; ?>
+
 		<?php
 		$this->fieldsets = array();
 		$this->ignore_fieldsets = array('basic');
@@ -166,4 +172,4 @@
 		<?php echo $this->form->getInput('module'); ?>
 		<?php echo $this->form->getInput('client_id'); ?>
 	</div>
-</form>
+</form>

administrator/components/com_modules/views/module/view.html.php

@@ -32,6 +32,7 @@ public function display($tpl = null)
 		$this->form		= $this->get('Form');
 		$this->item		= $this->get('Item');
 		$this->state	= $this->get('State');
+		$this->canDo	= ModulesHelper::getActions($this->item->id);
 
 		// Check for errors.
 		if (count($errors = $this->get('Errors')))
@@ -56,31 +57,43 @@ protected function addToolbar()
 		$user		= JFactory::getUser();
 		$isNew		= ($this->item->id == 0);
 		$checkedOut	= !($this->item->checked_out == 0 || $this->item->checked_out == $user->get('id'));
-		$canDo		= ModulesHelper::getActions($this->state->get('filter.category_id'), $this->item->id);
+		$canDo		= ModulesHelper::getActions($this->item->id);
 
 		JToolbarHelper::title(JText::sprintf('COM_MODULES_MANAGER_MODULE', JText::_($this->item->module)), 'cube module');
 
-		// If not checked out, can save the item.
-		if (!$checkedOut && ($canDo->get('core.edit') || $canDo->get('core.create') ))
+		// For new records, check the create permission.
+		if ($isNew && $canDo->get('core.create'))
 		{
 			JToolbarHelper::apply('module.apply');
 			JToolbarHelper::save('module.save');
-		}
-		if (!$checkedOut && $canDo->get('core.create'))
-		{
 			JToolbarHelper::save2new('module.save2new');
-		}
-			// If an existing item, can save to a copy.
-		if (!$isNew && $canDo->get('core.create'))
-		{
-			JToolbarHelper::save2copy('module.save2copy');
-		}
-		if (empty($this->item->id))
-		{
 			JToolbarHelper::cancel('module.cancel');
 		}
 		else
 		{
+			// Can't save the record if it's checked out.
+			if (!$checkedOut)
+			{
+				// Since it's an existing record, check the edit permission.
+				if ($canDo->get('core.edit'))
+				{
+					JToolbarHelper::apply('module.apply');
+					JToolbarHelper::save('module.save');
+
+					// We can save this record, but check the create permission to see if we can return to make a new one.
+					if ($canDo->get('core.create'))
+					{
+						JToolbarHelper::save2new('module.save2new');
+					}
+				}
+			}
+
+			// If checked out, we can still save
+			if ($canDo->get('core.create'))
+			{
+				JToolbarHelper::save2copy('module.save2copy');
+			}
+
 			JToolbarHelper::cancel('module.cancel', 'JTOOLBAR_CLOSE');
 		}
 

administrator/components/com_modules/views/modules/tmpl/default.php

@@ -130,9 +130,9 @@
 			<?php foreach ($this->items as $i => $item) :
 				$ordering   = ($listOrder == 'ordering');
 				$canCreate  = $user->authorise('core.create',     'com_modules');
-				$canEdit    = $user->authorise('core.edit',       'com_modules');
+				$canEdit	= $user->authorise('core.edit',		  'com_modules.module.'.$item->id);
 				$canCheckin = $user->authorise('core.manage',     'com_checkin') || $item->checked_out == $user->get('id')|| $item->checked_out == 0;
-				$canChange  = $user->authorise('core.edit.state', 'com_modules') && $canCheckin;
+				$canChange  = $user->authorise('core.edit.state', 'com_modules.module.'.$item->id) && $canCheckin;
 			?>
 				<tr class="row<?php echo $i % 2; ?>" sortable-group-id="<?php echo $item->position?>">
 					<td class="order nowrap center hidden-phone">
@@ -238,4 +238,4 @@
 		<input type="hidden" name="filter_order_Dir" value="<?php echo $listDirn; ?>" />
 		<?php echo JHtml::_('form.token'); ?>
 	</div>
-</form>
+</form>

administrator/components/com_postinstall/controllers/message.php

@@ -82,4 +82,4 @@ public function action()
 
 		$this->setRedirect('index.php?option=com_postinstall');
 	}
-}
+}

administrator/components/com_postinstall/models/messages.php

@@ -171,4 +171,4 @@ protected function onProcessList(&$resultArray)
 			}
 		}
 	}
-}
+}

administrator/components/com_postinstall/toolbar.php

@@ -39,4 +39,4 @@ public function onMessages()
 
 		JToolBarHelper::title(JText::sprintf('COM_POSTINSTALL_MESSAGES_TITLE', $extension_name));
 	}
-}
+}

administrator/components/com_postinstall/views/messages/view.html.php

@@ -34,5 +34,4 @@ protected function onBrowse($tpl = null)
 
 		return parent::onBrowse($tpl);
 	}
-
-}
+}

administrator/language/en-GB/en-GB.com_modules.ini

@@ -63,6 +63,7 @@ COM_MODULES_FIELD_HEADER_CLASS_LABEL="Header Class"
 COM_MODULES_FIELD_HEADER_CLASS_DESC="The CSS class for module header/title"
 COM_MODULES_FIELD_MODULE_STYLE_LABEL="Module Style"
 COM_MODULES_FIELD_MODULE_STYLE_DESC="Use this option to override the template style for it's position."
+COM_MODULES_FIELDSET_RULES="Module Permissions"
 COM_MODULES_FILTER_SEARCH_DESC="Filter by position name."
 COM_MODULES_HEADING_MODULE="Type"
 COM_MODULES_HEADING_PAGES="Pages"

administrator/templates/isis/css/template.css

@@ -7358,9 +7358,6 @@ html[dir=rtl] .quick-icons .nav-list [class*=" icon-"] {
 .nav-filters hr {
 	margin: 5px 0;
 }
-.view-module .tab-content {
-	overflow: visible;
-}
 #assignment.tab-pane {
 	min-height: 500px;
 }

administrator/templates/isis/less/template.less

@@ -501,9 +501,6 @@ html[dir=rtl] .quick-icons .nav-list [class^="icon-"],html[dir=rtl] .quick-icons
 }
 
 /* Module Assignment Tab */
-.view-module .tab-content{
-	overflow: visible;
-}
 #assignment.tab-pane{
 	min-height: 500px;
 }