| Server IP : 195.201.23.43 / Your IP : 18.119.165.116 Web Server : Apache System : Linux webserver2.vercom.be 5.4.0-192-generic #212-Ubuntu SMP Fri Jul 5 09:47:39 UTC 2024 x86_64 User : kdecoratie ( 1041) PHP Version : 7.1.33-63+ubuntu20.04.1+deb.sury.org+1 Disable Function : pcntl_alarm,pcntl_fork,pcntl_waitpid,pcntl_wait,pcntl_wifexited,pcntl_wifstopped,pcntl_wifsignaled,pcntl_wifcontinued,pcntl_wexitstatus,pcntl_wtermsig,pcntl_wstopsig,pcntl_signal,pcntl_signal_get_handler,pcntl_signal_dispatch,pcntl_get_last_error,pcntl_strerror,pcntl_sigprocmask,pcntl_sigwaitinfo,pcntl_sigtimedwait,pcntl_exec,pcntl_getpriority,pcntl_setpriority,pcntl_async_signals, MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : OFF | Sudo : ON | Pkexec : ON Directory : /home/kdecoratie/public_html/administrator/components/com_users/controllers/ |
Upload File : |
<?php
/**
* @package Joomla.Administrator
* @subpackage com_users
*
* @copyright (C) 2009 Open Source Matters, Inc. <https://www.joomla.org>
* @license GNU General Public License version 2 or later; see LICENSE.txt
*/
defined('_JEXEC') or die;
/**
* User view level controller class.
*
* @since 1.6
*/
class UsersControllerLevel extends JControllerForm
{
/**
* @var string The prefix to use with controller messages.
* @since 1.6
*/
protected $text_prefix = 'COM_USERS_LEVEL';
/**
* Method to check if you can save a new or existing record.
*
* Overrides JControllerForm::allowSave to check the core.admin permission.
*
* @param array $data An array of input data.
* @param string $key The name of the key for the primary key.
*
* @return boolean
*
* @since 1.6
*/
protected function allowSave($data, $key = 'id')
{
return (JFactory::getUser()->authorise('core.admin', $this->option) && parent::allowSave($data, $key));
}
/**
* Overrides JControllerForm::allowEdit
*
* Checks that non-Super Admins are not editing Super Admins.
*
* @param array $data An array of input data.
* @param string $key The name of the key for the primary key.
*
* @return boolean
*
* @since 3.8.8
*/
protected function allowEdit($data = array(), $key = 'id')
{
// Get user instance
$user = JFactory::getUser();
// Check for if Super Admin can edit
$db = JFactory::getDbo();
$query = $db->getQuery(true)
->select('*')
->from($db->quoteName('#__viewlevels'))
->where($db->quoteName('id') . ' = ' . (int) $data['id']);
$db->setQuery($query);
$viewlevel = $db->loadAssoc();
// Decode level groups
$groups = json_decode($viewlevel['rules']);
// If this group is super admin and this user is not super admin, canEdit is false
if (!$user->authorise('core.admin') && JAccess::checkGroup($groups[0], 'core.admin'))
{
$this->setError(JText::sprintf('JLIB_APPLICATION_ERROR_EDIT_NOT_PERMITTED'));
return false;
}
return parent::allowEdit($data, $key);
}
/**
* Removes an item.
*
* Overrides JControllerAdmin::delete to check the core.admin permission.
*
* @return boolean Returns true on success, false on failure.
*
* @since 1.6
*/
public function delete()
{
// Check for request forgeries.
$this->checkToken();
$ids = (array) $this->input->get('cid', array(), 'int');
// Remove zero values resulting from input filter
$ids = array_filter($ids);
if (!JFactory::getUser()->authorise('core.admin', $this->option))
{
JError::raiseError(500, JText::_('JERROR_ALERTNOAUTHOR'));
jexit();
}
elseif (empty($ids))
{
JError::raiseWarning(500, JText::_('COM_USERS_NO_LEVELS_SELECTED'));
}
else
{
// Get the model.
$model = $this->getModel();
// Remove the items.
if (!$model->delete($ids))
{
JError::raiseWarning(500, $model->getError());
}
else
{
$this->setMessage(JText::plural('COM_USERS_N_LEVELS_DELETED', count($ids)));
}
}
$this->setRedirect('index.php?option=com_users&view=levels');
}
}
Private