Ð¤Ð°Ð¹Ð»Ð¾Ð²Ñ‹Ð¹ Ð¼ÐµÐ½ÐµÐ´Ð¶ÐµÑ€

Ð¤Ð°Ð¹Ð»Ð¾Ð²Ñ‹Ð¹ Ð¼ÐµÐ½ÐµÐ´Ð¶ÐµÑ€ - Ð ÐµÐ´Ð°ÐºÑ‚Ð¸Ñ€Ð¾Ð²Ð°Ñ‚ÑŒ - /var/www/html/access.zip

ÐÐ°Ð·Ð°Ð´
PK��!��chat.phpnu��[��<?php /** * @copyright (C) 2013 iJoomla, Inc. - All rights reserved. * @license GNU General Public License, version 2 (http://www.gnu.org/licenses/gpl-2.0.html) * @author iJoomla.com <webmaster@ijoomla.com> * @url https://www.jomsocial.com/license-agreement * The PHP code portions are distributed under the GPL license. If not otherwise stated, all images, manuals, cascading style sheets, and included JavaScript are NOT GPL, and are released under the IJOOMLA Proprietary Use License v1.0 More info at https://www.jomsocial.com/license-agreement / defined('_JEXEC') or die('Restricted access'); class CChatAccess implements CAccessInterface { static public function authorise() { $args = func_get_args(); $assetName = array_shift ( $args ); if (method_exists(__CLASS__,$assetName)) { return call_user_func_array(array(__CLASS__, $assetName), $args); } else { return null; } } /* * check if the user can send a messsage to the respective user * @param $userId * @param $toUserId / static public function chatMessageSend($userId, $toUserId){ $toUser = CFactory::getUser($toUserId); $my = CFactory::getUser($userId); if(!$userId \|\| !$toUserId){ return false; } // @rule: Global admin can view all if( COwnerHelper::isCommunityAdmin() \|\| $my->id == $toUser->id ){ return true; } // @rule: if the user is blocked, you can't see it either if( $toUser->isBlocked() ){ return false; } $param = $toUser->getParams(); $access = $param->get('privacyProfileView'); // @rule, User with public access, show // In old profile, 0 also means public if( $access == PRIVACY_PUBLIC \|\| $access == 0){ return true; } // @$my: at this stage, non registered member can't view it anyway if( $my->id == 0){ return false; } // @rule: User that limit to friend only, check for friend if( $access == PRIVACY_FRIENDS ){ $friends = explode( ',', $my->_friends ); if(in_array( $toUser->id, $friends )){ return true; } } if( $access == PRIVACY_MEMBERS && $my->id !==0){ return true; } return false; } / * This function will get the private message permission * * @return : bool / static public function chatPrivateMessage($userId, $targetId) { $config = CFactory::getConfig(); $targetUser = CFactory::getUser($targetId); $params = $targetUser->getParams(); if (COwnerHelper::isCommunityAdmin()) { return true; } if ($userId == $targetId \|\| !$config->get('enablepm')) { return false; } $privacyPrivateMessage = $params->get('privacyPrivateMessage', $config->get('privacyprivatemessage')); if ($privacyPrivateMessage == PRIVACY_PUBLIC) { return true; } else if ($privacyPrivateMessage == PRIVACY_MEMBERS) { // friend if (CFriendsHelper::isConnected($userId, $targetId)) { return true; } } else if ($privacyPrivateMessage == PRIVACY_FRIENDS) { // friend of friend $friendsModel = CFactory::getModel('Friends'); $friends = $friendsModel->getFriendIds($targetId); if (!$friends) { return false; } else { foreach ($friends as $friendId) { if (CFriendsHelper::isConnected($userId, $friendId)) { return true; } } } } else if ($privacyPrivateMessage == PRIVACY_PRIVATE) { return false; } return false; } }PK��!�?S�Lh��Lh�� pages.phpnu��[��<?php /* * @copyright (C) 2013 iJoomla, Inc. - All rights reserved. * @license GNU General Public License, version 2 (http://www.gnu.org/licenses/gpl-2.0.html) * @author iJoomla.com <webmaster@ijoomla.com> * @url https://www.jomsocial.com/license-agreement * The PHP code portions are distributed under the GPL license. If not otherwise stated, all images, manuals, cascading style sheets, and included JavaScript are NOT GPL, and are released under the IJOOMLA Proprietary Use License v1.0 More info at https://www.jomsocial.com/license-agreement / use Joomla\CMS\Factory; use Joomla\CMS\Language\Text; defined('_JEXEC') or die('Restricted access'); Class CPagesAccess implements CAccessInterface { /* * Method to check if a user is authorised to perform an action in this class * * @param integer $userId Id of the user for which to check authorisation. * @param string $action The name of the action to authorise. * @param mixed $asset Name of the asset as a string. * * @return boolean True if authorised. * @since Jomsocial 2.4 / static public function authorise() { $args = func_get_args(); $assetName = array_shift ( $args ); if (method_exists(__CLASS__,$assetName)) { return call_user_func_array(array(__CLASS__, $assetName), $args); } else { return null; } } /* * * @since 2.4 * @param type $userId * @param type $pageId * @param type $page / static public function pagesStreamView($userId, $pageId, $page) { return $page->isMember( $userId ); } / * This function will get the permission to invite list * @param type $userId * @return : bool / static public function pagesInvitelistView($userId) { $config = CFactory::getConfig(); if( !$config->get('enablepages') ) { CAccess::setError(Text::_('COM_COMMUNITY_PAGES_DISABLE')); return false ; } else { return true; } } / * This function will get the permission to invite user in a page * @param type $userId * @param type $assetId * @param type $page object * @return : bool / static public function pagesInviteView($userId, $pageId, $page) { $config = CFactory::getConfig(); if (!$page->isMember($userId) && !COwnerHelper::isCommunityAdmin()) { return false; } else { return true; } } / * Return true if can report on page * @param type $userId * @return : bool / static public function pagesReportView($userId) { $config = CFactory::getConfig(); if( !$config->get('enablereporting') \|\| ( ( $userId == 0 ) && ( !$config->get('enableguestreporting') ) ) ) { return false; } else { return true; } } / * Return true if can report on page * @param type $userId * @return : bool / static public function pagesSearchView($userId=0) { if(!$userId) { $my = CFactory::getUser(); $userId = $my->id; } $config = CFactory::getConfig(); if( !$config->get('enablepages') ){ CAccess::setError(Text::_('COM_COMMUNITY_PAGES_DISABLE')); return false; } else if( $userId == 0 && !$config->get('enableguestsearchpages') ) { CAccess::setError('blockUnregister'); return false; } else { return true; } } / * Return true if can view page * @return : bool / static public function pagesListView($userId) { $config = CFactory::getConfig(); if( !$config->get('enablepages') ) { return false; } else { return true; } } static public function pagesMyView($userId) { $config = CFactory::getConfig(); $requestUser = CFactory::getRequestUser(); if ($userId == 0 && $requestUser->_cparams->get('privacyPagesView') > 0 ) { CAccess::setError('blockUnregister'); return false; } else if( !$config->get('enablepages') ) { CAccess::setError(Text::_('COM_COMMUNITY_PAGES_DISABLE')); return false; } else { return true; } } / * Return true if can edit page * @param type $userId * @return : bool / static public function pagesAdd($userId) { $config = CFactory::getConfig(); $my = CFactory::getUser(); return true; if ($userId == 0){ CAccess::setError('blockUnregister'); return false; } else if (!$config->get('enablepages')) { CACCESS::setError(Text::_('COM_COMMUNITY_PAGES_DISABLE')); return false; } else if( !$config->get('createpages') \|\| !( COwnerHelper::isCommunityAdmin() \|\| (COwnerHelper::isRegisteredUser() && $my->canCreatePages())) ) { CACCESS::setError(Text::_('COM_COMMUNITY_PAGES_DISABLE_CREATE_MESSAGE')); return false; } else if(CLimitsHelper::exceededPageCreation($userId)) { $pageLimit = $config->get('pagecreatelimit'); CACCESS::setError(Text::sprintf('COM_COMMUNITY_PAGES_LIMIT' , $pageLimit)); return false; } else { return true; } } / * Return true if can edit page * @return : bool / static public function pagesEdit($userId, $pageId, $page) { $document = Factory::getDocument(); $viewType = $document->getType(); $jinput = Factory::getApplication()->input; $viewName = $jinput->get( 'view' ); $view = CFactory::getView($viewName, '', $viewType); if( $userId == 0 ) { CAccess::setError('blockUnregister'); return false; // ACL check } else if( !$page->isAdmin($userId) && !CFactory::getUser()->authorise('community.pageedit', 'com_community')) { CAccess::setError($view->noAccess()); return false; } else { return true; } } / * Return true if can delete page * @param type $userId * @param type $pageId * @param type $page object * @return : bool / static public function pagesDelete($userId, $pageId, $page) { if (!CFactory::getUser()->authorise('community.pagedelete', 'com_community') && !($userId == $page->ownerid)) { return false; } else { return true; } } / * Return true if can join page * @param type $userId * @param type $pageId * @return : bool / static public function pagesJoin($userId, $pageId) { if( $userId == 0 ) { return false; } else { return true; } } / * Return true if can leave page * @param type $userId * @param type $pageId * @return : bool / static public function pagesLeave($userId, $pageId) { if( $userId == 0 ) { CAccess::setError('blockUnregister'); return false; } else { return true; } } / * Return true if can leave page * @param type $userId * @param type $pageId * @return : bool / static public function pagesAvatarUpload($userId, $pageId, $page) { $document = Factory::getDocument(); $viewType = $document->getType(); $jinput = Factory::getApplication()->input; $viewName = $jinput->get( 'view' ); $view = CFactory::getView($viewName, '', $viewType); if( $userId == 0 ) { CAccess::setError('blockUnregister'); return false; } else if( !$page->isAdmin($userId) && !COwnerHelper::isCommunityAdmin() ) { CAccess::setError($view->noAccess()); return false; } else { return true; } } / * Return true if can delete page discussion * @param type $userId * @param type $pageId * @return : bool / static public function pagesDiscussionDelete($userId, $pageId) { // Access check: ACL if (!CFactory::getUser()->authorise('community.postcommentcreate', 'com_community')) { return false; } else if (CFactory::getUser()->authorise('community.postcommentdelete', 'com_community')) { return true; } $page = CFactory::getModel( 'pages' ); if (!COwnerHelper::isRegisteredUser()) { CAccess::setError('blockUnregister'); return false; } else if ( !COwnerHelper::isCommunityAdmin() && !$page->isAdmin( $userId , $pageId ) ) { CACCESS::setError(Text::_('COM_COMMUNITY_NOT_ALLOWED_TO_REMOVE_WALL')); return false; } else { return true; } } / * Return true if can approve page member * @param type $userId * @param type $pageId * @return : bool / static public function pagesMemberApprove($userId, $pageId) { $page = CFactory::getModel( 'pages' ); if( !$page->isAdmin( $userId , $pageId ) && !COwnerHelper::isCommunityAdmin() ) { return false; } else { return true; } } / * Return true if can edit page wall. * @param type $userId * @param type $pageId * @param type $wall object * @return : bool / static public function pagesWallEdit($userId, $pageId, $wall) { $page = CFactory::getModel( 'Pages' ); if( $page->isAdmin( $userId , $pageId ) \|\| COwnerHelper::isCommunityAdmin() \|\| $userId == $wall->post_by ) { return true; } else { return false; } } / * Return true if can edit page discussion * @param type $userId * @param type $pageId * @param type $wall object * @return : bool / static public function pagesDiscussionEdit($userId, $pageId, $wall) { // Access check: ACL if (!CFactory::getUser()->authorise('community.postcommentcreate', 'com_community')) { return false; } $page = CFactory::getModel( 'Pages' ); if( $page->isAdmin( $userId , $pageId ) \|\| CFactory::getUser()->authorise('community.postcommentedit', 'com_community') \|\| $userId == $wall->post_by ) { return true; } else { return false; } } / * Return true if can remove member * @param type $userId * @param type $memberId * @param type $page object * @return : bool / static public function pagesMemberRemove($userId, $memberId, $page) { if (!COwnerHelper::isRegisteredUser()) { CAccess::setError('blockUnregister'); return false; } else if ($page->ownerid == $memberId) { CAccess::setError(Text::_('COM_COMMUNITY_PAGES_MEMBERS_DELETE_DENIED')); return false; } else if (!$page->isAdmin($userId) && !COwnerHelper::isCommunityAdmin()) { CAccess::setError(Text::_('COM_COMMUNITY_PERMISSION_DENIED_WARNING')); return false; } else { return true; } } / * Return true if can remove page wall. * @param type $userId * @param type $pageId * @return : bool / static public function pagesWallDelete($userId, $pageId) { $pageModel = CFactory::getModel( 'pages' ); if (!COwnerHelper::isRegisteredUser()) { CAccess::setError('blockUnregister'); return false; } else if ( !COwnerHelper::isCommunityAdmin() && !$pageModel->isAdmin( $userId , $pageId ) ) { CAccess::setError(Text::_('COM_COMMUNITY_NOT_ALLOWED_TO_REMOVE_WALL')); return false; } else { return true; } } / * Return true if can edit page admin * @param type $userId * @param type $pageId * @param type $page * @return : bool / static public function pagesAdminEdit($userId, $pageId, $page) { if( $page->ownerid != $userId && !COwnerHelper::isCommunityAdmin() ) { return false; } else { return true; } } / * Return true if can edit page admin * @param type $userId * @param type $pageId * @param type $page * @return : bool / static public function pagesWallSave($userId, $pageId, $page) { $config = CFactory::getConfig(); if( $config->get('lockpagewalls') && !$page->isMember( $userId ) ) { return false; } else { return true; } } / * Return true if can edit page admin * @param type $userId * @param type $pageId * @param type $page * @return : bool / static public function pagesMemberBanUpdate($userId, $pageId, $page) { if( $page->ownerid != $userId && !COwnerHelper::isCommunityAdmin() ) { return false; } else { return true; } } / * Return true if can edit page admin * @param type $userId * @param type $pageId * @return : bool / static public function pagesMemberView($userId, $pageId) { $config = CFactory::getConfig(); if( !$config->get('enablepages') ) { CAccess::setError(Text::_('COM_COMMUNITY_PAGES_DISABLE')); return false; } else { return true; } } static public function pagesReviewView($userId, $pageId) { $config = CFactory::getConfig(); if( !$config->get('enablepages') ) { CAccess::setError(Text::_('COM_COMMUNITY_PAGES_DISABLE')); return false; } else { return true; } } /* * @param $userId * @param $page * @return bool / static public function pagesAnnouncementCreate($userId, $pageId){ $page = JTable::getInstance('Page', 'CTable'); $page->load($pageId); //only admins can create if(COwnerHelper::isCommunityAdmin() \|\| $page->isAdmin($userId)){ return true; } return false; } / * Return true if can view bulletins * @param type $userId * @return : bool / static public function pagesBulletinsView($userId) { $config = CFactory::getConfig(); if( !$config->get('enablepages') ) { CAccess::setError(Text::_('COM_COMMUNITY_PAGES_DISABLE')); return false; } else { return true; } } / * Return true if can view bulletin * @param type $userId * @param type $bullentinId * @return : bool / static public function pagesBulletinView($userId, $bullentinId) { $config = CFactory::getConfig(); if( !$config->get('enablepages') ) { CAccess::setError(Text::_('COM_COMMUNITY_PAGES_DISABLE')); return false; } else { return true; } } / * Return true if can create a discussion * @param type $userId * @param type $pageId * @return : bool * * Test cases (cascading - the next rule is only checked if the previous didn't kick in): * * 0 globally disabled * 0 not logged in * 1 super admin * 1 page owner * 0 not member * 0 member, banned * 0 member, awaiting approval * 1 member * 0 default (should not be the case) / static public function pagesDiscussionsCreate($userId, $pageId) { // Access check: ACL if (!CFactory::getUser()->authorise('community.postcommentcreate', 'com_community')) { return false; } $config = CFactory::getConfig(); $page = JTable::getInstance('Page', 'CTable'); $page->load($pageId); $pageModel = CFactory::getModel('pages'); // FALSE globally disabled if(!$config->get('creatediscussion')) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } // FALSE not logged in if(!$userId) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } // TRUE Super Admin if(COwnerHelper::isCommunityAdmin($userId)) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return true; } // TRUE owner if($page->ownerid == $userId) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return true; } // FALSE not member if(!$page->isMember($userId)) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } // FALSE member, but banned if($page->isBanned($userId)) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } // FALSE member, but waiting approval if($pageModel->isWaitingAuthorization($userId, $pageId)) { echo "<!-- " . __FUNCTION__ . __LINE__ . "-->"; return false; } // TRUE member if($page->isMember($userId)) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return true; } // default (shouldn't really kick in) echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } / * Return true if can create a video * @param type $userId * @param type $pageId * @return : bool * * Test cases (cascading - the next rule is only checked if the previous didn't kick in): * * 0 globally disabled * 0 disabled for page * 0 not logged in * 1 super admin * 1 page owner * 0 disabled for members * 0 not member * 0 member, banned * 0 member, awaiting approval * 1 member * 0 default (should not be the case) / static public function pagesVideosCreate($userId, $pageId) { $config = CFactory::getConfig(); $page = JTable::getInstance('Page', 'CTable'); $page->load($pageId); $params = $page->getParams(); $pageModel = CFactory::getModel('pages'); // FALSE globally disabled if(!$config->get('pagevideos')) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } // FALSE page videos disabled if($params->get('videopermission') == -1) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } // FALSE not logged in if(!$userId) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } // TRUE Super Admin if(COwnerHelper::isCommunityAdmin($userId)) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return true; } // TRUE owner if($page->ownerid == $userId) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return true; } // FALSE only admins can post if($params->get('videopermission') == 1) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } // FALSE not member if(!$page->isMember($userId)) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } // FALSE member, but banned if($page->isBanned($userId)) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } // FALSE member, but waiting approval if($pageModel->isWaitingAuthorization($userId, $pageId)) { echo "<!-- " . __FUNCTION__ . __LINE__ . "-->"; return false; } // TRUE member if($page->isMember($userId)) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return true; } // default (shouldn't really kick in) echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } / * Return true if can create an event * @param type $userId * @param type $pageId * @return : bool * * Test cases (cascading - the next rule is only checked if the previous didn't kick in): * * 0 globally disabled * 0 disabled for page * 0 not logged in * 1 super admin * 1 page owner * 0 disabled for members * 0 not member * 0 member, banned * 0 member, awaiting approval * 1 member * 0 default (should not be the case) / static public function pagesEventsCreate($userId, $pageId) { $config = CFactory::getConfig(); $page = JTable::getInstance('Page', 'CTable'); $page->load($pageId); $params = $page->getParams(); $pageModel = CFactory::getModel('pages'); // FALSE globally disabled if(!$config->get('page_events')) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } // FALSE page events disabled if($params->get('eventpermission') == -1) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } // FALSE not logged in if(!$userId) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } // TRUE Super Admin if(COwnerHelper::isCommunityAdmin($userId)) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return true; } // TRUE owner if($page->ownerid == $userId) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return true; } // FALSE only admins can post if($params->get('eventpermission') == 1) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } // FALSE not member if(!$page->isMember($userId)) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } // FALSE member, but banned if($page->isBanned($userId)) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } // FALSE member, but waiting approval if($pageModel->isWaitingAuthorization($userId, $pageId)) { echo "<!-- " . __FUNCTION__ . __LINE__ . "-->"; return false; } // TRUE member if($page->isMember($userId)) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return true; } // default (shouldn't really kick in) echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } static public function pagesPhotosCreate($userId, $pageId) { $config = CFactory::getConfig(); $page = JTable::getInstance('Page', 'CTable'); $page->load($pageId); $params = $page->getParams(); $pageModel = CFactory::getModel('pages'); // FALSE globally disabled if(!$config->get('pagephotos') \|\| !CFactory::getUser()->authorise('community.photocreate', 'com_community')) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } // FALSE page photos disabled if($params->get('photopermission') == -1) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } // FALSE not logged in if(!$userId) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } // TRUE Super Admin if(COwnerHelper::isCommunityAdmin($userId) \|\| $page->isAdmin($userId)) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return true; } // TRUE owner if($page->ownerid == $userId) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return true; } // FALSE only admins can post if($params->get('photopermission') == 1) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } // FALSE not member if(!$page->isMember($userId)) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } // FALSE member, but banned if($page->isBanned($userId)) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } // FALSE member, but waiting approval if($pageModel->isWaitingAuthorization($userId, $pageId)) { echo "<!-- " . __FUNCTION__ . __LINE__ . "-->"; return false; } // TRUE member if($page->isMember($userId)) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return true; } // default (shouldn't really kick in) echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } static public function pagesPollsCreate($userId, $pageId) { $config = CFactory::getConfig(); $page = JTable::getInstance('Page', 'CTable'); $page->load($pageId); $params = $page->getParams(); $pageModel = CFactory::getModel('pages'); // FALSE globally disabled if(!$config->get('page_polls') \|\| !CFactory::getUser()->authorise('community.pollcreate', 'com_community')) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } // FALSE page photos disabled if($params->get('pollspermission') == -1) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } // FALSE not logged in if(!$userId) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } // TRUE Super Admin if(COwnerHelper::isCommunityAdmin($userId) \|\| $page->isAdmin($userId)) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return true; } // TRUE owner if($page->ownerid == $userId) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return true; } // FALSE only admins can post if($params->get('pollspermission') == 1) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } // FALSE not member if(!$page->isMember($userId)) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } // FALSE member, but banned if($page->isBanned($userId)) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } // FALSE member, but waiting approval if($pageModel->isWaitingAuthorization($userId, $pageId)) { echo "<!-- " . __FUNCTION__ . __LINE__ . "-->"; return false; } // TRUE member if($page->isMember($userId)) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return true; } // default (shouldn't really kick in) echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } static public function pagesCreate($userId) { $config = CFactory::getConfig(); $my = CFactory::getUser(); // ACL check if (!CFactory::getUser()->authorise('community.pagecreate', 'com_community')) { return false; } //admin can always create page if(COwnerHelper::isCommunityAdmin()){ return true; } return $config->get('createpages') && (COwnerHelper::isRegisteredUser() && $my->canCreatePages() ); } }PK��!��h��h�� groups.phpnu��[��<?php /* * @copyright (C) 2013 iJoomla, Inc. - All rights reserved. * @license GNU General Public License, version 2 (http://www.gnu.org/licenses/gpl-2.0.html) * @author iJoomla.com <webmaster@ijoomla.com> * @url https://www.jomsocial.com/license-agreement * The PHP code portions are distributed under the GPL license. If not otherwise stated, all images, manuals, cascading style sheets, and included JavaScript are NOT GPL, and are released under the IJOOMLA Proprietary Use License v1.0 More info at https://www.jomsocial.com/license-agreement / use Joomla\CMS\Factory; use Joomla\CMS\Language\Text; use Joomla\CMS\Table\Table; defined('_JEXEC') or die('Restricted access'); Class CGroupsAccess implements CAccessInterface { /* * Method to check if a user is authorised to perform an action in this class * * @param integer $userId Id of the user for which to check authorisation. * @param string $action The name of the action to authorise. * @param mixed $asset Name of the asset as a string. * * @return boolean True if authorised. * @since Jomsocial 2.4 / static public function authorise() { $args = func_get_args(); $assetName = array_shift ( $args ); if (method_exists(__CLASS__,$assetName)) { return call_user_func_array(array(__CLASS__, $assetName), $args); } else { return null; } } /* * * @since 2.4 * @param type $userId * @param type $groupId * @param type $group / static public function groupsStreamView($userId, $groupId, $group) { return $group->isMember( $userId ); } / * This function will get the permission to invite list * @param type $userId * @return : bool / static public function groupsInvitelistView($userId) { $config = CFactory::getConfig(); if( !$config->get('enablegroups') ) { CAccess::setError(Text::_('COM_COMMUNITY_GROUPS_DISABLE')); return false ; } else { return true; } } / * This function will get the permission to invite user in a group * @param type $userId * @param type $assetId * @param type $group object * @return : bool / static public function groupsInviteView($userId, $groupId, $group) { $config = CFactory::getConfig(); if (!$group->isMember($userId) && !COwnerHelper::isCommunityAdmin()) { return false; } else { return true; } } / * Return true if can report on group * @param type $userId * @return : bool / static public function groupsReportView($userId) { $config = CFactory::getConfig(); if( !$config->get('enablereporting') \|\| ( ( $userId == 0 ) && ( !$config->get('enableguestreporting') ) ) ) { return false; } else { return true; } } / * Return true if can report on group * @param type $userId * @return : bool / static public function groupsSearchView($userId=0) { if(!$userId) { $my = CFactory::getUser(); $userId = $my->id; } $config = CFactory::getConfig(); if( !$config->get('enablegroups') ){ CAccess::setError(Text::_('COM_COMMUNITY_GROUPS_DISABLE')); return false; } else if( $userId == 0 && !$config->get('enableguestsearchgroups') ) { CAccess::setError('blockUnregister'); return false; } else { return true; } } / * Return true if can view group * @return : bool / static public function groupsListView($userId) { $config = CFactory::getConfig(); if( !$config->get('enablegroups') ) { return false; } else { return true; } } /* * Return true if can view my group * @param type $userId * @return boolean / static public function groupsMyView($userId) { $config = CFactory::getConfig(); $requestUser = CFactory::getRequestUser(); if ($userId == 0 && $requestUser->_cparams->get('privacyGroupsView') > 0 ) { CAccess::setError('blockUnregister'); return false; } else if( !$config->get('enablegroups') ) { CAccess::setError(Text::_('COM_COMMUNITY_GROUPS_DISABLE')); return false; } else { return true; } } / * Return true if can edit group * @param type $userId * @return : bool / static public function groupsAdd($userId) { $config = CFactory::getConfig(); $my = CFactory::getUser(); return true; if ($userId == 0){ CAccess::setError('blockUnregister'); return false; } else if (!$config->get('enablegroups')) { CACCESS::setError(Text::_('COM_COMMUNITY_GROUPS_DISABLE')); return false; } else if( !$config->get('creategroups') \|\| !( COwnerHelper::isCommunityAdmin() \|\| (COwnerHelper::isRegisteredUser() && $my->canCreateGroups())) ) { CACCESS::setError(Text::_('COM_COMMUNITY_GROUPS_DISABLE_CREATE_MESSAGE')); return false; } else if(CLimitsHelper::exceededGroupCreation($userId)) { $groupLimit = $config->get('groupcreatelimit'); CACCESS::setError(Text::sprintf('COM_COMMUNITY_GROUPS_LIMIT' , $groupLimit)); return false; } else { return true; } } / * Return true if can edit group * @return : bool / static public function groupsEdit($userId, $groupId, $group) { $document = Factory::getDocument(); $viewType = $document->getType(); $jinput = Factory::getApplication()->input; $viewName = $jinput->get( 'view' ); $view = CFactory::getView($viewName, '', $viewType); if( $userId == 0 ) { CAccess::setError('blockUnregister'); return false; // ACL check } else if( !$group->isAdmin($userId) && !CFactory::getUser()->authorise('community.groupedit', 'com_community')) { CAccess::setError($view->noAccess()); return false; } else { return true; } } / * Return true if can delete group * @param type $userId * @param type $groupId * @param type $group object * @return : bool / static public function groupsDelete($userId, $groupId, $group) { if (!CFactory::getUser()->authorise('community.groupdelete', 'com_community') && !($userId == $group->ownerid)) { return false; } else { return true; } } / * Return true if can join group * @param type $userId * @param type $groupId * @return : bool / static public function groupsJoin($userId, $groupId) { if( $userId == 0 ) { return false; } else { return true; } } / * Return true if can leave group * @param type $userId * @param type $groupId * @return : bool / static public function groupsLeave($userId, $groupId) { if( $userId == 0 ) { CAccess::setError('blockUnregister'); return false; } else { return true; } } / * Return true if can leave group * @param type $userId * @param type $groupId * @return : bool / static public function groupsAvatarUpload($userId, $groupId, $group) { $document = Factory::getDocument(); $viewType = $document->getType(); $jinput = Factory::getApplication()->input; $viewName = $jinput->get( 'view' ); $view = CFactory::getView($viewName, '', $viewType); if( $userId == 0 ) { CAccess::setError('blockUnregister'); return false; } else if( !$group->isAdmin($userId) && !COwnerHelper::isCommunityAdmin() ) { CAccess::setError($view->noAccess()); return false; } else { return true; } } / * Return true if can delete group discussion * @param type $userId * @param type $groupId * @return : bool / static public function groupsDiscussionDelete($userId, $groupId) { // Access check: ACL if (!CFactory::getUser()->authorise('community.postcommentcreate', 'com_community')) { return false; } else if (CFactory::getUser()->authorise('community.postcommentdelete', 'com_community')) { return true; } $group = CFactory::getModel( 'groups' ); if (!COwnerHelper::isRegisteredUser()) { CAccess::setError('blockUnregister'); return false; } else if ( !COwnerHelper::isCommunityAdmin() && !$group->isAdmin( $userId , $groupId ) ) { CACCESS::setError(Text::_('COM_COMMUNITY_NOT_ALLOWED_TO_REMOVE_WALL')); return false; } else { return true; } } / * Return true if can approve group member * @param type $userId * @param type $groupId * @return : bool / static public function groupsMemberApprove($userId, $groupId) { $group = CFactory::getModel( 'groups' ); if( !$group->isAdmin( $userId , $groupId ) && !COwnerHelper::isCommunityAdmin() ) { return false; } else { return true; } } / * Return true if can edit group wall. * @param type $userId * @param type $groupId * @param type $wall object * @return : bool / static public function groupsWallEdit($userId, $groupId, $wall) { $group = CFactory::getModel( 'Groups' ); if( $group->isAdmin( $userId , $groupId ) \|\| COwnerHelper::isCommunityAdmin() \|\| $userId == $wall->post_by ) { return true; } else { return false; } } / * Return true if can edit group discussion * @param type $userId * @param type $groupId * @param type $wall object * @return : bool / static public function groupsDiscussionEdit($userId, $groupId, $wall) { // Access check: ACL if (!CFactory::getUser()->authorise('community.postcommentcreate', 'com_community')) { return false; } $group = CFactory::getModel( 'Groups' ); if( $group->isAdmin( $userId , $groupId ) \|\| CFactory::getUser()->authorise('community.postcommentedit', 'com_community') \|\| $userId == $wall->post_by ) { return true; } else { return false; } } / * Return true if can remove member * @param type $userId * @param type $memberId * @param type $group object * @return : bool / static public function groupsMemberRemove($userId, $memberId, $group) { if (!COwnerHelper::isRegisteredUser()) { CAccess::setError('blockUnregister'); return false; } else if ($group->ownerid == $memberId) { CAccess::setError(Text::_('COM_COMMUNITY_GROUPS_MEMBERS_DELETE_DENIED')); return false; } else if (!$group->isAdmin($userId) && !COwnerHelper::isCommunityAdmin()) { CAccess::setError(Text::_('COM_COMMUNITY_PERMISSION_DENIED_WARNING')); return false; } else { return true; } } / * Return true if can remove group wall. * @param type $userId * @param type $groupId * @return : bool / static public function groupsWallDelete($userId, $groupId) { $groupModel = CFactory::getModel( 'groups' ); if (!COwnerHelper::isRegisteredUser()) { CAccess::setError('blockUnregister'); return false; } else if ( !COwnerHelper::isCommunityAdmin() && !$groupModel->isAdmin( $userId , $groupId ) ) { CAccess::setError(Text::_('COM_COMMUNITY_NOT_ALLOWED_TO_REMOVE_WALL')); return false; } else { return true; } } / * Return true if can edit group admin * @param type $userId * @param type $groupId * @param type $group * @return : bool / static public function groupsAdminEdit($userId, $groupId, $group) { if( $group->ownerid != $userId && !COwnerHelper::isCommunityAdmin() ) { return false; } else { return true; } } / * Return true if can edit group admin * @param type $userId * @param type $groupId * @param type $group * @return : bool / static public function groupsWallSave($userId, $groupId, $group) { $config = CFactory::getConfig(); if( $config->get('lockgroupwalls') && !$group->isMember( $userId ) ) { return false; } else { return true; } } / * Return true if can edit group admin * @param type $userId * @param type $groupId * @param type $group * @return : bool / static public function groupsMemberBanUpdate($userId, $groupId, $group) { if( $group->ownerid != $userId && !COwnerHelper::isCommunityAdmin() ) { return false; } else { return true; } } / * Return true if can edit group admin * @param type $userId * @param type $groupId * @return : bool / static public function groupsMemberView($userId, $groupId) { $config = CFactory::getConfig(); if( !$config->get('enablegroups') ) { CAccess::setError(Text::_('COM_COMMUNITY_GROUPS_DISABLE')); return false; } else { return true; } } /* * @param $userId * @param $group * @return bool / static public function groupsAnnouncementCreate($userId, $groupId){ $group = Table::getInstance('Group', 'CTable'); $group->load($groupId); //only admins can create if(COwnerHelper::isCommunityAdmin() \|\| $group->isAdmin($userId)){ return true; } return false; } / * Return true if can view bulletins * @param type $userId * @return : bool / static public function groupsBulletinsView($userId) { $config = CFactory::getConfig(); if( !$config->get('enablegroups') ) { CAccess::setError(Text::_('COM_COMMUNITY_GROUPS_DISABLE')); return false; } else { return true; } } / * Return true if can view bulletin * @param type $userId * @param type $bullentinId * @return : bool / static public function groupsBulletinView($userId, $bullentinId) { $config = CFactory::getConfig(); if( !$config->get('enablegroups') ) { CAccess::setError(Text::_('COM_COMMUNITY_GROUPS_DISABLE')); return false; } else { return true; } } / * Return true if can create a discussion * @param type $userId * @param type $groupId * @return : bool * * Test cases (cascading - the next rule is only checked if the previous didn't kick in): * * 0 globally disabled * 0 not logged in * 1 super admin * 1 group owner * 0 not member * 0 member, banned * 0 member, awaiting approval * 1 member * 0 default (should not be the case) / static public function groupsDiscussionsCreate($userId, $groupId) { // Access check: ACL if (!CFactory::getUser()->authorise('community.postcommentcreate', 'com_community')) { return false; } $config = CFactory::getConfig(); $group = Table::getInstance('Group', 'CTable'); $group->load($groupId); $groupModel = CFactory::getModel('groups'); // FALSE globally disabled if(!$config->get('creatediscussion')) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } // FALSE not logged in if(!$userId) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } // TRUE Super Admin if(COwnerHelper::isCommunityAdmin($userId)) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return true; } // TRUE owner if($group->ownerid == $userId) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return true; } // FALSE not member if(!$group->isMember($userId)) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } // FALSE member, but banned if($group->isBanned($userId)) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } // FALSE member, but waiting approval if($groupModel->isWaitingAuthorization($userId, $groupId)) { echo "<!-- " . __FUNCTION__ . __LINE__ . "-->"; return false; } // TRUE member if($group->isMember($userId)) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return true; } // default (shouldn't really kick in) echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } / * Return true if can create a video * @param type $userId * @param type $groupId * @return : bool * * Test cases (cascading - the next rule is only checked if the previous didn't kick in): * * 0 globally disabled * 0 disabled for group * 0 not logged in * 1 super admin * 1 group owner * 0 disabled for members * 0 not member * 0 member, banned * 0 member, awaiting approval * 1 member * 0 default (should not be the case) / static public function groupsVideosCreate($userId, $groupId) { $config = CFactory::getConfig(); $group = Table::getInstance('Group', 'CTable'); $group->load($groupId); $params = $group->getParams(); $groupModel = CFactory::getModel('groups'); // FALSE globally disabled if(!$config->get('groupvideos')) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } // FALSE group videos disabled if($params->get('videopermission') == -1) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } // FALSE not logged in if(!$userId) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } // TRUE Super Admin if(COwnerHelper::isCommunityAdmin($userId)) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return true; } // TRUE owner if($group->ownerid == $userId) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return true; } // FALSE only admins can post if($params->get('videopermission') == 1) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } // FALSE not member if(!$group->isMember($userId)) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } // FALSE member, but banned if($group->isBanned($userId)) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } // FALSE member, but waiting approval if($groupModel->isWaitingAuthorization($userId, $groupId)) { echo "<!-- " . __FUNCTION__ . __LINE__ . "-->"; return false; } // TRUE member if($group->isMember($userId)) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return true; } // default (shouldn't really kick in) echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } / * Return true if can create an event * @param type $userId * @param type $groupId * @return : bool * * Test cases (cascading - the next rule is only checked if the previous didn't kick in): * * 0 globally disabled * 0 disabled for group * 0 not logged in * 1 super admin * 1 group owner * 0 disabled for members * 0 not member * 0 member, banned * 0 member, awaiting approval * 1 member * 0 default (should not be the case) / static public function groupsEventsCreate($userId, $groupId) { $config = CFactory::getConfig(); $group = Table::getInstance('Group', 'CTable'); $group->load($groupId); $params = $group->getParams(); $groupModel = CFactory::getModel('groups'); // FALSE globally disabled if(!$config->get('group_events')) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } // FALSE group events disabled if($params->get('eventpermission') == -1) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } // FALSE not logged in if(!$userId) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } // TRUE Super Admin if(COwnerHelper::isCommunityAdmin($userId)) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return true; } // TRUE owner if($group->ownerid == $userId) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return true; } // FALSE only admins can post if($params->get('eventpermission') == 1) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } // FALSE not member if(!$group->isMember($userId)) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } // FALSE member, but banned if($group->isBanned($userId)) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } // FALSE member, but waiting approval if($groupModel->isWaitingAuthorization($userId, $groupId)) { echo "<!-- " . __FUNCTION__ . __LINE__ . "-->"; return false; } // TRUE member if($group->isMember($userId)) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return true; } // default (shouldn't really kick in) echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } static public function groupsPhotosCreate($userId, $groupId) { $config = CFactory::getConfig(); $group = Table::getInstance('Group', 'CTable'); $group->load($groupId); $params = $group->getParams(); $groupModel = CFactory::getModel('groups'); // FALSE globally disabled if(!$config->get('groupphotos') \|\| !CFactory::getUser()->authorise('community.photocreate', 'com_community')) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } // FALSE group photos disabled if($params->get('photopermission') == -1) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } // FALSE not logged in if(!$userId) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } // TRUE Super Admin if(COwnerHelper::isCommunityAdmin($userId) \|\| $group->isAdmin($userId)) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return true; } // TRUE owner if($group->ownerid == $userId) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return true; } // FALSE only admins can post if($params->get('photopermission') == 1) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } // FALSE not member if(!$group->isMember($userId)) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } // FALSE member, but banned if($group->isBanned($userId)) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } // FALSE member, but waiting approval if($groupModel->isWaitingAuthorization($userId, $groupId)) { echo "<!-- " . __FUNCTION__ . __LINE__ . "-->"; return false; } // TRUE member if($group->isMember($userId)) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return true; } // default (shouldn't really kick in) echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } static public function groupsPollsCreate($userId, $groupId) { $config = CFactory::getConfig(); $group = Table::getInstance('Group', 'CTable'); $group->load($groupId); $params = $group->getParams(); $groupModel = CFactory::getModel('groups'); // FALSE globally disabled if(!$config->get('group_polls') \|\| !CFactory::getUser()->authorise('community.pollcreate', 'com_community')) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } // FALSE group photos disabled if($params->get('pollspermission') == -1) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } // FALSE not logged in if(!$userId) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } // TRUE Super Admin if(COwnerHelper::isCommunityAdmin($userId) \|\| $group->isAdmin($userId)) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return true; } // TRUE owner if($group->ownerid == $userId) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return true; } // FALSE only admins can post if($params->get('pollspermission') == 1) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } // FALSE not member if(!$group->isMember($userId)) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } // FALSE member, but banned if($group->isBanned($userId)) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } // FALSE member, but waiting approval if($groupModel->isWaitingAuthorization($userId, $groupId)) { echo "<!-- " . __FUNCTION__ . __LINE__ . "-->"; return false; } // TRUE member if($group->isMember($userId)) { echo "<!-- ".__FUNCTION__.__LINE__."-->"; return true; } // default (shouldn't really kick in) echo "<!-- ".__FUNCTION__.__LINE__."-->"; return false; } static public function groupsCreate($userId) { $config = CFactory::getConfig(); $my = CFactory::getUser(); // ACL check if (!CFactory::getUser()->authorise('community.groupcreate', 'com_community')) { return false; } //admin can always create group if(COwnerHelper::isCommunityAdmin()){ return true; } return $config->get('creategroups') && (COwnerHelper::isRegisteredUser() && $my->canCreateGroups() ); } }PK��!�0v�#�(��(�� photos.phpnu��[��<?php /* * @copyright (C) 2013 iJoomla, Inc. - All rights reserved. * @license GNU General Public License, version 2 (http://www.gnu.org/licenses/gpl-2.0.html) * @author iJoomla.com <webmaster@ijoomla.com> * @url https://www.jomsocial.com/license-agreement * The PHP code portions are distributed under the GPL license. If not otherwise stated, all images, manuals, cascading style sheets, and included JavaScript are NOT GPL, and are released under the IJOOMLA Proprietary Use License v1.0 More info at https://www.jomsocial.com/license-agreement / use Joomla\CMS\Factory; use Joomla\CMS\Table\Table; defined('_JEXEC') or die('Restricted access'); Class CPhotosAccess implements CAccessInterface { /* * Method to check if a user is authorised to perform an action in this class * * @param integer $userId Id of the user for which to check authorisation. * @param string $action The name of the action to authorise. * @param mixed $asset Name of the asset as a string. * * @return boolean True if authorised. * @since Jomsocial 2.4 / static public function authorise() { $args = func_get_args(); $assetName = array_shift ( $args ); if (method_exists(__CLASS__,$assetName)) { return call_user_func_array(array(__CLASS__, $assetName), $args); } else { return null; } } static public function photosPageAlbumView($userid, $asset, $album_obj = ''){ $page = Table::getInstance( 'Page' , 'CTable' ); $page->load($asset); $params = $page->getParams(); $photopermission = $params->get('photopermission', PAGE_PHOTO_PERMISSION_ADMINS); if($page->isMember($userid)){ //all members should be able to view return true; }elseif( $photopermission == PAGE_PHOTO_PERMISSION_MEMBERS && $page->isMember($userid) ){ return ((isset($album_obj) && $userid == $album_obj->creator )\|\| $page->isAdmin($userid )); }else if( ($photopermission == PAGE_PHOTO_PERMISSION_ADMINS && $page->isAdmin($userid) ) \|\| COwnerHelper::isCommunityAdmin() ){ return true; }elseif ($page->approvals == 0) { return true; }else{ return false; } } static public function photosPageAlbumManage($userid, $asset, $page_obj){ $album = Table::getInstance( 'Album' , 'CTable' ); $album->load( $asset ); //ACL check return ((CFactory::getUser()->authorise('community.photoedit', 'com_community') \|\| CFactory::getUser()->authorise('community.photodelete', 'com_community')) \|\| ($page_obj->isAdmin($userid) && CFactory::getUser()->authorise('community.photocreate', 'com_community')) \|\| ($album->creator == $userid && CFactory::getUser()->authorise('community.photocreate', 'com_community'))); } / * @param : $asset = group id, $album_obj = album object, $userid = userid * @return : boolean / int / static public function photosGroupAlbumView($userid, $asset, $album_obj = ''){ $group = Table::getInstance( 'Group' , 'CTable' ); $group->load($asset); $params = $group->getParams(); $photopermission = $params->get('photopermission', GROUP_PHOTO_PERMISSION_ADMINS); if($group->isMember($userid)){ //all members should be able to view return true; }elseif( $photopermission == GROUP_PHOTO_PERMISSION_MEMBERS && $group->isMember($userid) ){ return ((isset($album_obj) && $userid == $album_obj->creator )\|\| $group->isAdmin($userid )); }else if( ($photopermission == GROUP_PHOTO_PERMISSION_ADMINS && $group->isAdmin($userid) ) \|\| COwnerHelper::isCommunityAdmin() ){ return true; }elseif ($group->approvals == 0) { return true; }else{ return false; } } / * @param : $asset = null, $wall_obj = wall object, $userid = userid * @return : boolean / int / static public function photosWallEdit($userid, $asset, $wall_obj){ // @rule: We only allow editing of wall in 15 minutes $viewer = CFactory::getUser($userid); $now = JDate::getInstance(); $interval = CTimeHelper::timeIntervalDifference( $wall_obj->date , $now->toSql() ); $interval = abs( $interval ); // Only owner and ACL access can edit if( ( CFactory::getUser()->authorise('community.postcommentedit', 'com_community') \|\| $viewer->id == $wall_obj->post_by )) { if (!CFactory::getUser()->authorise('community.postcommentcreate', 'com_community')) { return false; } else { return true; } } return false; } / * @param - asset as photo id / static public function photosTagRemove($userid, $asset,$taggedUser){ //condition: only owner can remove the tag $photo = Table::getInstance( 'Photo' , 'CTable' ); $photo->load( $asset ); if($userid == $photo->creator \|\| $userid == $taggedUser->id){ return true; }else{ return false; } } / * @param - asset as album id * @param - group_obj as group object * / static public function photosGroupAlbumManage($userid, $asset, $group_obj){ $album = Table::getInstance( 'Album' , 'CTable' ); $album->load( $asset ); //ACL check return ((CFactory::getUser()->authorise('community.photoedit', 'com_community') \|\| CFactory::getUser()->authorise('community.photodelete', 'com_community')) \|\| ($group_obj->isAdmin($userid) && CFactory::getUser()->authorise('community.photocreate', 'com_community')) \|\| ($album->creator == $userid && CFactory::getUser()->authorise('community.photocreate', 'com_community'))); //return ( COwnerHelper::isCommunityAdmin() \|\| ($group_obj->isAdmin($userid) && CFactory::getUser()->authorise('community.photocreate', 'com_community')) \|\| ($album->creator == $userid && CFactory::getUser()->authorise('community.photocreate', 'com_community'))); } /* * To check the permission for the respective user to edit album * @param $userid * @param $asset * @param $eventObj * @return bool / static public function photosEventAlbumManage($userid, $asset, $eventObj){ $album = Table::getInstance( 'Album' , 'CTable' ); $album->load( $asset ); if (($eventObj->isMember($userid) && CFactory::getUser()->authorise('community.photocreate', 'com_community')) \|\| ($album->creator == $userid && CFactory::getUser()->authorise('community.photocreate', 'com_community')) \|\| (CFactory::getUser()->authorise('community.photoedit', 'com_community') \|\| CFactory::getUser()->authorise('community.photodelete', 'com_community')) \|\| ($eventObj->isAdmin($userid) && CFactory::getUser()->authorise('community.photocreate', 'com_community'))) { return true; } // if($eventObj->isMember($userid) \|\| $album->creator == $userid \|\| COwnerHelper::isCommunityAdmin() \|\| $eventObj->isAdmin($userid)){ // return true; // } return false; } / * @param - asset as album id * / static public function photosUserAlbumManage($userid, $asset){ $album = Table::getInstance( 'Album' , 'CTable' ); $album->load( $asset ); //ACL check return (($album->creator == $userid && CFactory::getUser()->authorise('community.photocreate', 'com_community')) \|\| (CFactory::getUser()->authorise('community.photoedit', 'com_community') \|\| CFactory::getUser()->authorise('community.photodelete', 'com_community'))); } static public function photosUserAlbumView($userid, $asset){ //first $album = Table::getInstance( 'Album' , 'CTable' ); $album->load( $asset ); if($userid == $album->creator \|\| CFactory::getUser()->authorise('community.photoedit', 'com_community') \|\| CFactory::getUser()->authorise('community.photodelete', 'com_community') \|\| CFactory::getUser()->authorise('community.photoeditstate', 'com_community')) { return true; // creator always be able to view his own album } $owner = CFactory::getUser($album->creator); $permission = $album->permissions; if($permission == COMMUNITY_STATUS_PRIVACY_FRIENDS && $owner->isFriendWith($userid)){ return true; } if($permission == COMMUNITY_STATUS_PRIVACY_MEMBERS && $userid){ return true; } if($permission <= COMMUNITY_STATUS_PRIVACY_PUBLIC){ return true; } return false; } static public function photosAvatarUpload($myId, $userid) { if(COwnerHelper::isCommunityAdmin()){ return true; }elseif($userid == CFactory::getUser()->id && $userid){ return true; }else{ //we need to check if this user is used in registration last step // so lets check if the user id belongs to a user that hasn't been activated yet which mean the last visit date is zero $db = Factory::getDbo(); $query = "SELECT id FROM ".$db->quoteName('#__users') ." WHERE id = " . $db->q($userid) . " AND (lastvisitDate = '0000-00-00 00:00:00' OR lastvisitDate IS NULL)"; $db->setQuery($query); $result = $db->loadResult(); return ($result) ? true : false; } return false; } static public function photosDelete($userId, $photoId){ $photoTable = Table::getInstance('Photo', 'CTable'); $photoTable->load($photoId); //the creator can always delete the photo OR ACL access if( ($userId && $photoTable->creator == $userId && CFactory::getUser()->authorise('community.photocreate', 'com_community')) \|\| CFactory::getUser()->authorise('community.photodelete', 'com_community')){ return true; } $album = Table::getInstance( 'Album' , 'CTable' ); $album->load( $photoTable->albumid ); //check if this photo belongs to events/group albums if($album->eventid){ $event = Table::getInstance( 'Event' , 'CTable' ); $event->load( $album->eventid ); return $event->isAdmin($userId); }elseif($album->groupid){ $group = Table::getInstance( 'Group' , 'CTable' ); $group->load( $album->groupid ); return $group->isAdmin($userId); }elseif($album->pageid){ $page = Table::getInstance( 'Page' , 'CTable' ); $page->load( $album->pageid ); return $page->isAdmin($userId); } return false; } }PK��!��#�Id��Id��activities.phpnu��[��<?php /* * @copyright (C) 2013 iJoomla, Inc. - All rights reserved. * @license GNU General Public License, version 2 (http://www.gnu.org/licenses/gpl-2.0.html) * @author iJoomla.com <webmaster@ijoomla.com> * @url https://www.jomsocial.com/license-agreement * The PHP code portions are distributed under the GPL license. If not otherwise stated, all images, manuals, cascading style sheets, and included JavaScript are NOT GPL, and are released under the IJOOMLA Proprietary Use License v1.0 More info at https://www.jomsocial.com/license-agreement / use Joomla\CMS\Factory; use Joomla\CMS\Table\Table; use Joomla\Registry\Registry; defined('_JEXEC') or die('Restricted access'); Class CActivitiesAccess implements CAccessInterface{ /* * Method to check if a user is authorised to perform an action in this class * * @param integer $userId Id of the user for which to check authorisation. * @param string $action The name of the action to authorise. * @param mixed $asset Name of the asset as a string. * * @return boolean True if authorised. * @since Jomsocial 2.4 / static public function authorise() { $args = func_get_args(); $assetName = array_shift ( $args ); if (method_exists(__CLASS__,$assetName)) { return call_user_func_array(array(__CLASS__, $assetName), $args); } else { return null; } } / * @param : int(activity_id) * This function will get the permission to add for profile/mainstream activity * * @return : bool / static public function activitiesCommentAdd($userId, $assetId, $obj=NULL){ // Access check: ACL if (!CFactory::getUser()->authorise('community.postcommentcreate', 'com_community')) { return false; } //$obj = func_get_arg(2); $params = func_get_args(); $obj = (!isset($params[2])) ? NULL : $params[2] ; $model = CFactory::getModel('activities'); $result = false; $config = CFactory::getConfig(); // Guest can never leave a comment if( $userId == 0){ return false; } // If global config allow all members to comment, allow it if( $config->get( 'allmemberactivitycomment' ) == '1') { return true; } $allow_comment = false; // if all activity comment is allowed, return true $config = CFactory::getConfig(); if($config->get( 'allmemberactivitycomment' ) == '1' && COwnerHelper::isRegisteredUser()){ $allow_comment = true; } if($obj instanceof CTableActivity \|\| is_object($obj)){ //lets check if this table activity belongs to group or events $tempObj = $obj; if(isset($obj->groupid) && $obj->groupid){ $tempObj = Table::getInstance('Group','CTable'); $tempObj->load($obj->groupid); }elseif(isset($obj->eventid) && $obj->eventid){ $tempObj = Table::getInstance('Event','CTable'); $tempObj->load($obj->eventid); } $obj = $tempObj; } $eventOrGroup = false; if($obj instanceof CTableEvent \|\| $obj instanceof CTableGroup){ //event or group activities only $eventOrGroup = true; if($obj->isMember($userId)){ $allow_comment = true; } }else if($config->get( 'allmemberactivitycomment' ) == '1' && COwnerHelper::isRegisteredUser()){ // if all activity comment is allowed, return true $allow_comment = true; }else if(isset($obj->access) && COwnerHelper::isRegisteredUser() && $obj->access <= 20) { // if site members privacy $allow_comment = true; } if ( !isset($obj->params)) { $params = '{}'; }else { $params = $obj->params; } $params = new CParameter($params); $commentPermission = $params->get('commentPermission',NULL); / if( !$commentPermission && !is_null($commentPermission)) { $allow_comment = false; }/ if ($eventOrGroup) { if($allow_comment \|\| COwnerHelper::isCommunityAdmin()){ $result = true; } } else { if($allow_comment \|\| CFriendsHelper::isConnected($assetId, $userId) \|\| COwnerHelper::isCommunityAdmin()){ $result = true; } } return $result; } / * @param : int(activity_id) * This function will get the permission to delete for profile/mainstream activity * * @return : bool / static public function activitiesDelete($userId, $assetId, $activity = array()){ // Access check: ACL if (!CFactory::getUser()->authorise('community.postcommentcreate', 'com_community')) { return false; } $obj = func_get_arg(0); $model = CFactory::getModel('activities'); $result = false; // Access check: ACL if (CFactory::getUser()->authorise('community.postcommentdelete', 'com_community')) { return true; } if($obj instanceof CTableEvent \|\| $obj instanceof CTableGroup){ //event or group activities only $isAppOwner = $obj->isAdmin($userId); if($isAppOwner \|\| COwnerHelper::isCommunityAdmin() \|\| $model->getActivityOwner($assetId) == $userId){ $result = true; } }else{ if($model->getActivityOwner($assetId) == $userId \|\| $activity->target == $userId){ $result = true; }else if($activity instanceof CTableActivity && ($activity->eventid != 0 \|\| $activity->groupid != 0)){ //we can check if this activity belongs to any group or event and check if the user is authorized to delete the post if($activity->eventid){ //this activity belongs to an event $event = Table::getInstance('Event','CTable'); $event->load($activity->eventid); $result = ($event->isAdmin($userId)) ? true : false; }elseif($activity->groupid){ $group = Table::getInstance('Group','CTable'); $group->load($activity->groupid); $result = ($group->isAdmin($userId)) ? true : false; } } } return $result; } /* * check permission to hide stream * @param $userId * @param $actorId * @param $obj * @return bool / static public function activitiesStreamHide($userId, $actorId, $obj= null){ if($obj != null) { //we cant hide this if this is a featured item $featuredModel = CFactory::getModel('featured'); $featuredActivities = $featuredModel->getAllStreamFeaturedId(); if (in_array($obj->id, $featuredActivities)) { return false; } } if($userId){ return true; } return false; } /* * This function to check permission to add Mood in sthe stream * @param [string] $userId [description] * @param [string] $actorId [description] * @param [object] $obj [description] * @return [boolean] [description] / static public function activitiesStreamAddMood($userId,$actorId,$obj = NULL){ if(!$obj->params instanceof JRegistry) $obj->params = new Registry(); $mood = $obj->params->get('mood',null); $allowapp = array( 'profile', 'groups.wall', 'events.wall' ); $isAllowedApp = in_array($obj->app,$allowapp); if(($userId == $actorId \|\| COwnerHelper::isCommunityAdmin()) && is_null($mood) && $isAllowedApp){ return true; } return false; } /* * This function to check permission for user to edit mood; * @param [string] $userId [description] * @param [string] $actorId [description] * @param [object] $obj [description] * @return [boolean] [description] / static public function activitiesStreamEditMood($userId,$actorId,$obj = NULL){ $allowapp = array( 'profile', 'groups.wall', 'events.wall', 'photos', 'videos.linking' ); $isAllowedApp = in_array($obj->app,$allowapp); $mood = $obj->params->get('mood',null); if(($userId == $actorId \|\| COwnerHelper::isCommunityAdmin()) && !is_null($mood) && $isAllowedApp){ return true; } return false; } /* * This function to check permission user to edit post * @param [string] $userId [description] * @param [string] $actorId [description] * @param [object] $obj [description] * @return [boolean] [description] / static public function activitiesStreamEditPost($userId,$actorId,$obj = NULL){ $allowapp = array( 'profile', 'filesharing', 'groups.wall', 'events.wall', 'pages.wall', 'profile.status.share', 'photos', 'videos.linking', 'videos' ); $isAllowedApp = in_array($obj->app,$allowapp); // Access check: ACL if(( ($actorId == $userId) \|\| CFactory::getUser()->authorise('community.postcommentedit', 'com_community') \|\| ( $obj->target == $userId && $actorId == $userId )) && $isAllowedApp){ // Access check: ACL if (!CFactory::getUser()->authorise('community.postcommentcreate', 'com_community')) { return false; } else { return true; } } return false; } /* * This Function to check permission for delete post * @param [string] $userId [description] * @param [string] $actorId [description] * @param [object] $obj [description] * @return [boolean] [description] / static public function activitiesStreamDeletetPost($userId,$actorId,$obj = NULL){ // Access check: ACL if (!CFactory::getUser()->authorise('community.postcommentcreate', 'com_community')) { return false; } if(!$userId){ return false; } if(CFactory::getUser()->authorise('community.postcommentdelete', 'com_community')) { return true; } if(CFactory::getUser()->authorise('community.postcommentdelete', 'com_community') && $obj->app == 'users.featured'){ return true; } //admin can delete system generated post $appType = isset($obj->app) ? explode('.',$obj->app) : false ; if(COwnerHelper::isCommunityAdmin() && $appType && $appType[0] == 'system'){ return true; } $allowapp = array( 'profile', 'groups.wall', 'events.wall', 'profile.status.share', 'videos', 'photos' ); $disallowApp = array('photo.like', 'album.like'); if(in_array($obj->app, $disallowApp)){ return false; } $isAllowedApp = in_array($obj->app,$allowapp); $appAdmin = false; if($obj->app == "groups.wall"){ $gTable = Table::getInstance('Group','CTable'); $gTable->load($obj->groupid); if($gTable->ownerid == $userId \|\| $gTable->isAdmin($userId)){ $appAdmin = true; //group admin } }elseif($obj->app=='events.wall'){ $eventTable = Table::getInstance('Event','CTable'); $eventTable->load($obj->eventid); if($eventTable->creator == $userId \|\| $eventTable->isAdmin($userId)){ $appAdmin = true; // event admin } } // Access check: ACL if (CFactory::getUser()->authorise('community.postcommentdelete', 'com_community')) { return true; } if(( ($actorId == $userId) \|\| COwnerHelper::isCommunityAdmin() \|\| ( $obj->target == $userId )) \|\| $appAdmin /&& $isAllowedApp/){ // Access check: ACL if (!CFactory::getUser()->authorise('community.postcommentcreate', 'com_community')) { return false; } else { return true; } } return false; } static public function activitiesStreamAddLocation($userId,$actorId,$obj = NULL){ $allowapp = array( 'profile', 'groups.wall', 'events.wall' ); $isAllowedApp = in_array($obj->app,$allowapp); if(($userId == $actorId \|\| COwnerHelper::isCommunityAdmin()) && empty($obj->location) && $isAllowedApp && CFactory::getConfig()->get('streamlocation',0)){ return true; } return false; } static public function activitiesStreamEditLocation($userId,$actorId,$obj = NULL){ $allowapp = array( 'profile', 'groups.wall', 'events.wall' ); $isAllowedApp = in_array($obj->app,$allowapp); if(($userId == $actorId \|\| COwnerHelper::isCommunityAdmin()) && !empty($obj->location) && $isAllowedApp && CFactory::getConfig()->get('streamlocation',0)){ return true; } return false; } /* * @param $userid * @param $obj * @since 4.1 / static public function activitiesStreamFeature($userid, $obj){ $config = CFactory::getConfig(); $streamInfo = isset($obj->extraInfo) ? $obj->extraInfo : ''; //if feature stream is disabled, this will always be false if(!$config->get('featured_stream')){ return false; } //determine the view $jinput = Factory::getApplication()->input; $streamType = $jinput->get('view','','STRING'); //higher precedence as this might be from ajax call where we cant ge the view type correctly if(isset($streamInfo['stream_type'])){ $streamType = $streamInfo['stream_type']; //fortunately, we have the stream type from ajax } $featuredModel = CFactory::getModel('featured'); $featuredLists = $featuredModel->getStreamFeaturedList();//current featured counts $totalFeatured = 0; //actual count of the featured item $limitCount = 0; $otherFlag = false; //check if the limit is over or not switch($streamType){ case 'profile' : $limitCount = $config->get('stream_profile_featured'); $profileId = (isset($streamInfo['profile_id'])) ? $streamInfo['profile_id'] : $userid; //for profile, if there is no userid, this should be my own profile $profileId = $jinput->get('userid',$profileId,'INT'); if(isset($featuredLists['stream.profile'][$profileId])){ //we need to know which profile is this foreach($featuredLists['stream.profile'][$profileId] as $profile){ if($profile->target_id == $profileId){ if($profile->cid == $obj->id){ return false; // indicates this stream has been featured, so it cannot be featured again } $totalFeatured++; } } } //echo $profileId;die; //if this is own profile if($userid == $profileId && $totalFeatured < $limitCount){ return true; } break; case 'frontpage' : $limitCount = $config->get('stream_frontpage_featured'); if(!COwnerHelper::isCommunityAdmin()){ //instantly return false because only community admin can feature this return false; }else{ //passed the identity check $otherFlag = true; } //array 0 because it doesnt have any target id if(isset($featuredLists['stream.frontpage'][0])){ foreach($featuredLists['stream.frontpage'][0] as $feature){ if($feature->cid == $obj->id){ return false; // indicates this stream has been featured, so it cannot be featured again } $totalFeatured++; } } break; case 'group' : case 'groups' : $limitCount = $config->get('stream_group_featured'); //only community admin and group admin can do this $groupId = $obj->groupid; if(!$groupId){ return false; } $groupTable = Table::getInstance('Group','CTable'); $groupTable->load($groupId); if(!$groupTable->isAdmin($userid) && !COwnerHelper::isCommunityAdmin()){ return false; }else{ $otherFlag = true; } $limitCount = $config->get('stream_group_featured'); if(isset($featuredLists['stream.group'][$groupId])){ foreach($featuredLists['stream.group'][$groupId] as $feature){ if($feature->cid == $obj->id){ return false; // indicates this stream has been featured, so it cannot be featured again } $totalFeatured++; } } break; case 'event': case 'events' : $limitCount = $config->get('stream_event_featured'); $eventId = $obj->eventid; if(!$eventId){ return false; } $eventTable = Table::getInstance('Event','CTable'); $eventTable->load($eventId); if(!$eventTable->isAdmin($userid) && !COwnerHelper::isCommunityAdmin()){ return false; }else{ $otherFlag = true; } $limitCount = $config->get('stream_event_featured'); if(isset($featuredLists['stream.event'][$eventId])){ foreach($featuredLists['stream.event'][$eventId] as $feature){ if($feature->cid == $obj->id){ return false; // indicates this stream has been featured, so it cannot be featured again } $totalFeatured++; } } break; default : return false; } //if the total featured item on specific stream type meet the quota, it cannot be featured anymore if($totalFeatured >= $limitCount){ return false; } //community admin can feature as long as the permission passed on top of this if(COwnerHelper::isCommunityAdmin() \|\| $otherFlag){ return true; } } /* * check if current user can unfeature the stream * @param $userId * @param $obj / static public function activitiesStreamUnfeature($userId, $obj){ //before we unfeature, we must make sure the already been featured $config = CFactory::getConfig(); $streamInfo = isset($obj->extraInfo) ? $obj->extraInfo : ''; //if feature stream is disabled, this will always be false if(!$config->get('featured_stream')){ return false; } //determine the view $jinput = Factory::getApplication()->input; $streamType = $jinput->get('view','','STRING'); //higher precedence as this might be from ajax call where we cant ge the view type correctly if(isset($streamInfo['stream_type'])){ $streamType = $streamInfo['stream_type']; //fortunately, we have the stream type from ajax } $featuredModel = CFactory::getModel('featured'); $featuredLists = $featuredModel->getStreamFeaturedList();//current featured counts $lists = array(); $otherFlag = false; switch($streamType){ case 'frontpage': $lists = isset($featuredLists['stream.frontpage'][0]) ? $featuredLists['stream.frontpage'][0] : array(); break; case 'profile': $profileId = (isset($streamInfo['profile_id'])) ? $streamInfo['profile_id'] : $userId; //for profile, if there is no userid, this should be my own profile $profileId = $jinput->get('userid',$profileId,'INT'); if($profileId == $userId){ $otherFlag = true; } $lists = isset($featuredLists['stream.profile'][$profileId]) ? $featuredLists['stream.profile'][$profileId] : array(); break; case 'group': case 'groups': $groupId = $obj->groupid; if(!$groupId){ return false; } $groupTable = Table::getInstance('Group','CTable'); $groupTable->load($groupId); if(!$groupTable->isAdmin($userId) && !COwnerHelper::isCommunityAdmin()){ return false; }else{ $otherFlag = true; } $lists = isset($featuredLists['stream.group'][$obj->groupid]) ? $featuredLists['stream.group'][$obj->groupid] : array(); break; case 'event': case 'events': $eventId = $obj->eventid; if(!$eventId){ return false; } $eventTable = Table::getInstance('Event','CTable'); $eventTable->load($eventId); if(!$eventTable->isAdmin($userId) && !COwnerHelper::isCommunityAdmin()){ return false; }else{ $otherFlag = true; } $lists = isset($featuredLists['stream.event'][$obj->eventid]) ? $featuredLists['stream.event'][$obj->eventid] : array(); break; default : $lists = isset($featuredLists['stream.frontpage'][0]) ? $featuredLists['stream.frontpage'][0] : array(); break; } foreach($lists as $list){ if($list->cid == $obj->id){ //found this id in the feature list if(COwnerHelper::isCommunityAdmin() \|\| $otherFlag){ return true; }else{ return false; } } } return false; } static public function activitiesStreamPermission($userId,$actorId,$obj){ $permission = new StdClass(); $permission->editPost = self::activitiesStreamEditPost($userId,$actorId,$obj); $permission->deletePost = self::activitiesStreamDeletetPost($userId,$actorId,$obj); $permission->addLocation = self::activitiesStreamAddLocation($userId,$actorId,$obj); $permission->deleteLocation = self::activitiesStreamEditLocation($userId,$actorId,$obj); $permission->addMood = self::activitiesStreamAddMood($userId,$actorId,$obj); $permission->deleteMood = self::activitiesStreamEditMood($userId,$actorId,$obj); $permission->hideStream = self::activitiesStreamHide($userId,$actorId, $obj); $permission->featureActivity= self::activitiesStreamFeature($userId,$obj); $permission->unfeatureActivity= self::activitiesStreamUnfeature($userId, $obj); $permission->ignoreStream = self::activitiesStreamIgnore($userId,$actorId,$obj); $permission->showButton = ($permission->editPost \|\| $permission->deletePost \|\| $permission->addLocation \|\| $permission->deleteLocation \|\| $permission->addMood \|\| $permission->deleteMood \|\| $permission->hideStream \|\| $permission->featureActivity \|\| $permission->unfeatureActivity \|\| $permission->ignoreStream ); return $permission; } static public function activitiesStreamIgnore($userId, $actorId, $obj = NULL){ //ignore anything related to comment if(isset($obj->app) && strpos($obj->app, 'comment') !== false){ return false; } if($userId > 0 && $userId != $actorId && !COwnerHelper::isCommunityAdmin($actorId)){ return true; } if($obj->target == 0){ return false; } return false; } static public function activitiesLikeAdd($userId, $assetId, $obj=NULL){ //some activity that cannot be liked $cannotLikeApp = array('photos.comment'); if(isset($obj->app) && in_array($obj->app, $cannotLikeApp)){ return false; } // Guest can never leave a comment if( $userId == 0 ){ return false; } if(isset($obj->params)) { $params = new CParameter($obj->params); $likesPermission = $params->get('likesPermission',NULL); if( $likesPermission == false && !is_null($likesPermission)) { return false; } } return true; } } PK��!��R�� events.phpnu��[��<?php /* * @copyright (C) 2013 iJoomla, Inc. - All rights reserved. * @license GNU General Public License, version 2 (http://www.gnu.org/licenses/gpl-2.0.html) * @author iJoomla.com <webmaster@ijoomla.com> * @url https://www.jomsocial.com/license-agreement * The PHP code portions are distributed under the GPL license. If not otherwise stated, all images, manuals, cascading style sheets, and included JavaScript are NOT GPL, and are released under the IJOOMLA Proprietary Use License v1.0 More info at https://www.jomsocial.com/license-agreement / use Joomla\CMS\Table\Table; defined('_JEXEC') or die('Restricted access'); Class CEventsAccess implements CAccessInterface { /* * Method to check if a user is authorised to perform an action in this class * * @param integer $userId Id of the user for which to check authorisation. * @param string $action The name of the action to authorise. * @param mixed $asset Name of the asset as a string. * * @return boolean True if authorised. * @since Jomsocial 2.6 / static public function authorise() { $args = func_get_args(); $assetName = array_shift ( $args ); if (method_exists(__CLASS__,$assetName)) { return call_user_func_array(array(__CLASS__, $assetName), $args); } else { return null; } } / * This function will get the permission to invite list * @param type $userId * @return : bool / static public function EventsRepeatView($userId) { $config = CFactory::getConfig(); if( !$config->get('enablerepeat') ) { return false; } else { return true; } } static public function eventsCreate($userid) { $config = CFactory::getConfig(); // FALSE user not logged in if(!$userid) { echo "<!--".__FUNCTION__.__LINE__."-->"; return false; } if(COwnerHelper::isCommunityAdmin()){ return true; } // FALSE globally disabled if(!$config->get('enableevents')) { echo "<!--".__FUNCTION__.__LINE__."-->"; return false; } // FALSE creation globally disabled. ACL check if(!$config->get('createevents') \|\| !CFactory::getUser()->authorise('community.eventcreate', 'com_community')) { echo "<!--".__FUNCTION__.__LINE__."-->"; return false; } echo "<!--".__FUNCTION__.__LINE__."-->"; return true; } static public function eventsView($userid, $eventid){ if(COwnerHelper::isCommunityAdmin($userid)) { return true; } $event = Table::getInstance('Event', 'CTable'); $event->load($eventid); $my = CFactory::getUser($userid); $allowShow = array(COMMUNITY_EVENT_STATUS_ATTEND,COMMUNITY_EVENT_STATUS_WONTATTEND,COMMUNITY_EVENT_STATUS_MAYBE); if($event->permission == COMMUNITY_PUBLIC_EVENT){ //if event is not invitation only, everyone can view this return true; }elseif($event->unlisted && !$event->isMember($my->id) && !in_array($event->getUserStatus($my->id),$allowShow)){ // if this is unlisted, only admin, member and invited people can see it return false; } //if this is invitation only, everyone can see it. but not to the full details return true; } static public function eventsPhotosCreate($userId, $eventId) { $config = CFactory::getConfig(); $event = Table::getInstance('Event', 'CTable'); $event->load($eventId); $params = new CParameter($event->params); // FALSE globally disabled if(!$config->get('eventphotos') \|\| !CFactory::getUser()->authorise('community.photocreate', 'com_community')) { return false; } // FALSE event photos disabled if($params->get('photopermission') == EVENT_PHOTO_PERMISSION_DISABLE) { return false; } // FALSE not logged in if(!$userId) { return false; } // TRUE Super Admin if(COwnerHelper::isCommunityAdmin($userId)) { return true; } // TRUE owner if($event->creator == $userId) { return true; } // FALSE only admins can post if($params->get('photopermission') == 1) { return false; } // TRUE member if($event->isMember($userId)) { return true; } // default return false; } static public function eventsVideosCreate($userId, $eventId) { $config = CFactory::getConfig(); $event = Table::getInstance('Event', 'CTable'); $event->load($eventId); $params = new CParameter($event->params); $groupModel = CFactory::getModel('groups'); // FALSE globally disabled or event video itself disabled if(!$config->get('eventvideos') \|\| $params->get('videopermission') == -1 \|\| !$userId) { return false; } // TRUE Super Admin if(COwnerHelper::isCommunityAdmin($userId)) { return true; } // TRUE owner if($event->creator == $userId) { return true; } // FALSE only admins can post if($params->get('videopermission') == 1) { return false; } // member and video permission is on for member if($event->isMember($userId) && $params->get('videopermission') == 2) { return true; } return false; } static public function eventsPollsCreate($userId, $eventId) { $config = CFactory::getConfig(); $event = Table::getInstance('Event', 'CTable'); $event->load($eventId); $params = new CParameter($event->params); $groupModel = CFactory::getModel('groups'); // FALSE globally disabled if(!$config->get('event_polls') \|\| !CFactory::getUser()->authorise('community.pollcreate', 'com_community')) { return false; } if($params->get('pollspermission') == -1 \|\| !$userId) { return false; } // TRUE Super Admin if(COwnerHelper::isCommunityAdmin($userId)) { return true; } // TRUE owner if($event->creator == $userId) { return true; } // FALSE only admins can post if($params->get('pollspermission') == 1) { return false; } // member and video permission is on for member if($event->isMember($userId) && $params->get('pollspermission') == 2) { return true; } return false; } /* * Check if the user can do the ban action on events * @param $userId * @param $eventId * @param $event * @return bool / static public function eventsMemberBan($userId, $eventId, $event) { //only event creator, community admin and event admin can ban if( $event->creator == $userId \|\| COwnerHelper::isCommunityAdmin() \|\| $event->isAdmin($userId)) { return true; } return false; } static public function eventsDelete($userId,$eventId, $event) { if( CFactory::getUser()->authorise('community.eventdelete', 'com_community') \|\| $event->isCreator($userId) ) { return true; } return false; } } ?>PK��!��facebook.phpnu��[��<?php /* * @copyright (C) 2013 iJoomla, Inc. - All rights reserved. * @license GNU General Public License, version 2 (http://www.gnu.org/licenses/gpl-2.0.html) * @author iJoomla.com <webmaster@ijoomla.com> * @url https://www.jomsocial.com/license-agreement * The PHP code portions are distributed under the GPL license. If not otherwise stated, all images, manuals, cascading style sheets, and included JavaScript are NOT GPL, and are released under the IJOOMLA Proprietary Use License v1.0 More info at https://www.jomsocial.com/license-agreement / defined('_JEXEC') or die('Restricted access'); Class CFacebookAccess implements CAccessInterface { /* * Method to check if a user is authorised to perform an action in this class * * @param integer $userId Id of the user for which to check authorisation. * @param string $action The name of the action to authorise. * @param mixed $asset Name of the asset as a string. * * @return boolean True if authorised. * @since Jomsocial 2.4 / static public function authorise() { $args = func_get_args(); $assetName = array_shift ( $args ); if (method_exists(__CLASS__,$assetName)) { return call_user_func_array(array(__CLASS__, $assetName), $args); } else { return null; } } / * This function will get the permission to facebook friend invite. * * @return : bool / static public function facebookFriendInviteView($userId) { $config = CFactory::getConfig(); if (self::facebookView($userId) && $config->get( 'facebook_invite_friends' )) { return true; } else { return false; } } / * This function will get the permission to facebook view. * * @return : bool / static public function facebookView($userId) { $config = CFactory::getConfig(); $connectModel = CFactory::getModel( 'Connect' ); $isFacebookUser = $connectModel->isAssociated( $userId ); if( $isFacebookUser && $config->get('fbconnectkey') && $config->get( 'fbconnectsecret' ) ) { return true; } else { return false; } } }PK��!�(�:$��profile.phpnu��[��<?php /* * @copyright (C) 2013 iJoomla, Inc. - All rights reserved. * @license GNU General Public License, version 2 (http://www.gnu.org/licenses/gpl-2.0.html) * @author iJoomla.com <webmaster@ijoomla.com> * @url https://www.jomsocial.com/license-agreement * The PHP code portions are distributed under the GPL license. If not otherwise stated, all images, manuals, cascading style sheets, and included JavaScript are NOT GPL, and are released under the IJOOMLA Proprietary Use License v1.0 More info at https://www.jomsocial.com/license-agreement / defined('_JEXEC') or die('Restricted access'); Class CProfileAccess implements CAccessInterface { /* * Method to check if a user is authorised to perform an action in this class * * @param integer $userId Id of the user for which to check authorisation. * @param string $action The name of the action to authorise. * @param mixed $asset Name of the asset as a string. * * @return boolean True if authorised. * @since Jomsocial 2.4 / static public function authorise() { $args = func_get_args(); $assetName = array_shift ( $args ); if (method_exists(__CLASS__,$assetName)) { return call_user_func_array(array(__CLASS__, $assetName), $args); } else { return null; } } /* * Return true if the user can view the given profile * @param type $asset * @param type $assetObject * / static public function profileView($userid, $asset, $user) { $viewer = CFactory::getUser($userid); // ACL if( CFactory::getUser()->authorise('community.profileeditstate', 'com_community') \|\| CFactory::getUser()->authorise('community.profileedit', 'com_community') \|\| $viewer->id == $user->id ){ return true; } // @rule: if the user is blocked, you can't see it either if( $user->isBlocked() ){ return false; } // Check based on privacy settin $param = $user->getParams(); $access = $param->get('privacyProfileView'); // @rule, User with public access, show // In old profile, 0 also means public if( $access == PRIVACY_PUBLIC \|\| $access == 0){ return true; } // @rule: at this stage, non registered member can't view it anyway if( $viewer->id == 0){ return false; } // @rule: User that limit to friend only, check for friend if( $access == PRIVACY_FRIENDS ){ $friends = explode( ',', $viewer->_friends ); if(in_array( $user->id, $friends )){ return true; } } if( $access == PRIVACY_MEMBERS && $viewer->id !==0){ return true; } // @rule: for private profile, only owner can view // No checking needed, already allow user to see themselves at the top line return false; } /* * * @param type $userid * @param type $asset * @param type $user / static public function profileDelete($userid, $asset, $user) { $config = CFactory::getConfig(); $viewer = CFactory::getUser($userid); // Check if profile deletion is disabled if( !$config->get('profile_deletion') ) { return false; } // Guest obviously can't delete a profile if( $userid == 0){ return false; } // Community admin cannot be deleted from the front-end if( COwnerHelper::isCommunityAdmin($user->id) ){ return false; } // You can only delete your own profile if( $userid == $user->id ){ return true; } return false; } static public function profileBan($userid, $asset, $user) { // Only community admin can ban a user //return COwnerHelper::isCommunityAdmin( $userid ); // ACL check return CFactory::getUser()->authorise('community.profileeditstate', 'com_community'); } } PK��!�_�� polls.phpnu��[��<?php /* * @copyright (C) 2013 iJoomla, Inc. - All rights reserved. * @license GNU General Public License, version 2 (http://www.gnu.org/licenses/gpl-2.0.html) * @author iJoomla.com <webmaster@ijoomla.com> * @url https://www.jomsocial.com/license-agreement * The PHP code portions are distributed under the GPL license. If not otherwise stated, all images, manuals, cascading style sheets, and included JavaScript are NOT GPL, and are released under the IJOOMLA Proprietary Use License v1.0 More info at https://www.jomsocial.com/license-agreement / use Joomla\CMS\Factory; use Joomla\CMS\Language\Text; defined('_JEXEC') or die('Restricted access'); Class CPollsAccess implements CAccessInterface { /* * Method to check if a user is authorised to perform an action in this class * * @param integer $userId Id of the user for which to check authorisation. * @param string $action The name of the action to authorise. * @param mixed $asset Name of the asset as a string. * * @return boolean True if authorised. * @since Jomsocial 2.4 / static public function authorise() { $args = func_get_args(); $assetName = array_shift ( $args ); if (method_exists(__CLASS__,$assetName)) { return call_user_func_array(array(__CLASS__, $assetName), $args); } else { return null; } } static public function pollsListView($userId) { $config = CFactory::getConfig(); if( !$config->get('enablepolls') ) { return false; } else { return true; } } / * Return true if can add poll * @param type $userId * @return : bool / static public function pollsAdd($userId) { $config = CFactory::getConfig(); $my = CFactory::getUser(); if ($userId == 0){ CAccess::setError('blockUnregister'); return false; } else if (!$config->get('enablepolls')) { CACCESS::setError(Text::_('COM_COMMUNITY_POLLS_DISABLE')); return false; } else if (!COwnerHelper::isCommunityAdmin() && !$config->get('createpolls')) { CACCESS::setError(Text::_('COM_COMMUNITY_POLLS_DISABLE_CREATE_MESSAGE')); return false; } else if (CLimitsHelper::exceededPollCreation($userId)) { $pollLimit = $config->get('pollcreatelimit'); CACCESS::setError(Text::sprintf('COM_COMMUNITY_POLLS_LIMIT', $pollLimit)); return false; } else { return true; } } static public function pollsCreate($userId) { $config = CFactory::getConfig(); $my = CFactory::getUser(); // ACL check if (!CFactory::getUser()->authorise('community.pollcreate', 'com_community')) { return false; } //admin can always create group if(COwnerHelper::isCommunityAdmin()){ return true; } return $config->get('createpolls') && (COwnerHelper::isRegisteredUser() && $my->canCreatePolls() ); } static public function pollsEdit($userId, $pollId, $poll) { $document = Factory::getDocument(); $viewType = $document->getType(); $jinput = Factory::getApplication()->input; $viewName = $jinput->get( 'view' ); $view = CFactory::getView($viewName, '', $viewType); if( $userId == 0 ) { CAccess::setError('blockUnregister'); return false; // ACL check } else if( !$poll->isCreator($userId) && !CFactory::getUser()->authorise('community.polledit', 'com_community')) { return false; } else { return true; } } static public function pollsDelete($userId, $pollId, $poll) { $document = Factory::getDocument(); $viewType = $document->getType(); $jinput = Factory::getApplication()->input; $viewName = $jinput->get( 'view' ); $view = CFactory::getView($viewName, '', $viewType); if( $userId == 0 ) { CAccess::setError('blockUnregister'); return false; // ACL check } else if( !$poll->isCreator($userId) && !CFactory::getUser()->authorise('community.polldelete', 'com_community')) { return false; } else { return true; } } static public function pollsSearchView($userId = 0) { if (!$userId) { $my = CFactory::getUser(); $userId = $my->id; } $config = CFactory::getConfig(); if (!$config->get('enablepolls')) { CAccess::setError(Text::_('COM_COMMUNITY_POLLS_DISABLE')); return false; } else if ($userId == 0 && !$config->get('enableguestsearchpolls')) { CAccess::setError('blockUnregister'); return false; } else { return true; } } static public function pollsMyView($userId) { $config = CFactory::getConfig(); $requestUser = CFactory::getRequestUser(); if( !$config->get('enablepolls') ) { CAccess::setError(Text::_('COM_COMMUNITY_POLLS_DISABLE')); return false; } else { return true; } } }PK��!�%a�t�� videos.phpnu��[��<?php /* * @copyright (C) 2013 iJoomla, Inc. - All rights reserved. * @license GNU General Public License, version 2 (http://www.gnu.org/licenses/gpl-2.0.html) * @author iJoomla.com <webmaster@ijoomla.com> * @url https://www.jomsocial.com/license-agreement * The PHP code portions are distributed under the GPL license. If not otherwise stated, all images, manuals, cascading style sheets, and included JavaScript are NOT GPL, and are released under the IJOOMLA Proprietary Use License v1.0 More info at https://www.jomsocial.com/license-agreement / use Joomla\CMS\Table\Table; defined('_JEXEC') or die('Restricted access'); Class CVideosAccess implements CAccessInterface { /* * Method to check if a user is authorised to perform an action in this class * * @param integer $userId Id of the user for which to check authorisation. * @param string $action The name of the action to authorise. * @param mixed $asset Name of the asset as a string. * * @return boolean True if authorised. * @since Jomsocial 2.4 / static public function authorise() { $args = func_get_args(); $assetName = array_shift ( $args ); if (method_exists(__CLASS__,$assetName)) { return call_user_func_array(array(__CLASS__, $assetName), $args); } else { return null; } } static public function videosTagRemove($userid, $asset){ //condition: only owner can remove the tag $video = Table::getInstance( 'Video' , 'CTable' ); $video->load( $asset ); if($userid == $video->creator){ return true; }else{ return false; } } static public function videosCreate($userid) { $config = CFactory::getConfig(); // FALSE user not logged in if(!$userid) { echo "<!--".__FUNCTION__.__LINE__."-->"; return false; } // FALSE globally disabled if(!$config->get('enablevideos') \|\| !CFactory::getUser()->authorise('community.videocreate', 'com_community')) { echo "<!--".__FUNCTION__.__LINE__."-->"; return false; } echo "<!--".__FUNCTION__.__LINE__."-->"; return true; } static public function videosDelete($userid, $video) { if(!$userid){ return false; } elseif ($video->isOwner() && CFactory::getUser()->authorise('community.videocreate', 'com_community')) { return true; } else if (CFactory::getUser()->authorise('community.videodelete', 'com_community')) { return true; } //now we need to check if the current video is group video or event video or not if($video->groupid){ //this will cater both group and group event $groupTable = Table::getInstance('Group', 'CTable'); $groupTable->load($video->groupid); return $groupTable->isAdmin($userid) ? true : false; }elseif($video->eventid){ $eventTable = Table::getInstance('Event', 'CTable'); $eventTable->load($video->eventid); return $eventTable->isAdmin($userid) ? true : false; } return false; } static public function videosEdit($userid, $video) { //only owner or community admin can edit if (!$userid) { return false; } elseif ($video->isOwner() && CFactory::getUser()->authorise('community.videocreate', 'com_community')) { // Access check: ACL return true; } elseif (CFactory::getUser()->authorise('community.videoedit', 'com_community')) { return true; } return false; } static public function videosUserVideoView($userid, $asset){ //first $video = Table::getInstance( 'Video' , 'CTable' ); $video->load( $asset ); // ACL if($userid == $video->creator \|\| CFactory::getUser()->authorise('community.videoeditstate', 'com_community') \|\| CFactory::getUser()->authorise('community.videoedit', 'com_community') \|\| CFactory::getUser()->authorise('community.videodelete', 'com_community')){ return true; // creator always be able to view his own album } $owner = CFactory::getUser($video->creator); $permission = $video->permissions; if($permission == COMMUNITY_STATUS_PRIVACY_FRIENDS && $owner->isFriendWith($userid)){ return true; } if($permission == COMMUNITY_STATUS_PRIVACY_MEMBERS && $userid){ return true; } if($permission <= COMMUNITY_STATUS_PRIVACY_PUBLIC){ return true; } return false; } }PK��!�[Y��k��k�� frontpage.phpnu��[��<?php /* * @copyright (C) 2013 iJoomla, Inc. - All rights reserved. * @license GNU General Public License, version 2 (http://www.gnu.org/licenses/gpl-2.0.html) * @author iJoomla.com <webmaster@ijoomla.com> * @url https://www.jomsocial.com/license-agreement * The PHP code portions are distributed under the GPL license. If not otherwise stated, all images, manuals, cascading style sheets, and included JavaScript are NOT GPL, and are released under the IJOOMLA Proprietary Use License v1.0 More info at https://www.jomsocial.com/license-agreement / defined('_JEXEC') or die('Restricted access'); Class CFrontpageAccess implements CAccessInterface { /* * Method to check if a user is authorised to perform an action in this class * * @param integer $userId Id of the user for which to check authorisation. * @param string $action The name of the action to authorise. * @param mixed $asset Name of the asset as a string. * * @return boolean True if authorised. * @since Jomsocial 2.4 / static public function authorise() { $args = func_get_args(); $assetName = array_shift ( $args ); if (method_exists(__CLASS__,$assetName)) { return call_user_func_array(array(__CLASS__, $assetName), $args); } else { return null; } } /* * Return true if the user can view the frontpage statusbox / static public function frontpageStatusboxView($userid) { $config = CFactory::getConfig(); if($userid && ($config->get('showactivitystream') == '1' \|\| ($config->get('showactivitystream') == '2'))){ return true; } return false; } }PK��!�&��W �� files.phpnu��[��<?php /* * @copyright (C) 2013 iJoomla, Inc. - All rights reserved. * @license GNU General Public License, version 2 (http://www.gnu.org/licenses/gpl-2.0.html) * @author iJoomla.com <webmaster@ijoomla.com> * @url https://www.jomsocial.com/license-agreement * The PHP code portions are distributed under the GPL license. If not otherwise stated, all images, manuals, cascading style sheets, and included JavaScript are NOT GPL, and are released under the IJOOMLA Proprietary Use License v1.0 More info at https://www.jomsocial.com/license-agreement / use Joomla\CMS\Table\Table; defined('_JEXEC') or die('Restricted access'); Class CFilesAccess implements CAccessInterface { /* * Method to check if a user is authorised to perform an action in this class * * @param integer $userId Id of the user for which to check authorisation. * @param string $action The name of the action to authorise. * @param mixed $asset Name of the asset as a string. * * @return boolean True if authorised. * @since Jomsocial 2.4 / static public function authorise() { $args = func_get_args(); $assetName = array_shift ( $args ); if (method_exists(__CLASS__,$assetName)) { return call_user_func_array(array(__CLASS__, $assetName), $args); } else { return null; } } static public function filesDiscussionAdd($userId,$discussionId) { $config = CFactory::getConfig(); //CFactory::load( 'libraries' , 'limits' ); $discussionTable = Table::getInstance('Discussion' , 'CTable' ); $discussionTable->load($discussionId); $groupModel = CFactory::getModel( 'groups' ); $discusionParams = $discussionTable->getParams(); if($userId == 0) { CAccess::setError('blockUnregister'); return false; } if(!CLimitsHelper::exceededGroupFileUpload($discussionTable->groupid)) { return false; } if( CLimitsLibrary::exceedDaily( 'files',$userId ) ) { return false; } if( COwnerHelper::isCommunityAdmin() \|\| $groupModel->isAdmin($userId, $discussionTable->groupid) \|\| ($groupModel->isMember($userId, $discussionTable->groupid) && $discusionParams->get('filepermission-member')) ) { return true; } return false; } static public function filesDiscussionDelete($userId,$obj) { $discussionTable = Table::getInstance('Discussion' , 'CTable' ); $discussionTable->load($obj->discussionid); $groupModel = CFactory::getModel( 'groups' ); if( COwnerHelper::isCommunityAdmin() \|\| $groupModel->isAdmin($userId, $discussionTable->groupid) \|\| ($discussionTable->creator == $userId) \|\| ($obj->creator == $userId)) { return true; } return false; } static public function filesBulletinAdd($userId,$bulletinId) { if($userId == 0) { CAccess::setError('blockUnregister'); return false; } $table = Table::getInstance('Bulletin' , 'CTable' ); $table->load($bulletinId); //CFactory::load( 'libraries' , 'limits' ); $groupModel = CFactory::getModel( 'groups' ); $bulletinParams = $table->getParams(); if(!CLimitsHelper::exceededGroupFileUpload($table->groupid)) { return false; } if( CLimitsLibrary::exceedDaily( 'files',$userId ) ) { return false; } if( COwnerHelper::isCommunityAdmin()\|\| $groupModel->isAdmin($userId, $table->groupid) \|\| ($groupModel->isMember($userId, $table->groupid) && $bulletinParams->get('filepermission-member'))) { return true; } return false; } static public function filesBulletinDelete($userId,$obj) { $table = Table::getInstance('Bulletin' , 'CTable' ); $table->load($obj->bulletinid); $groupModel = CFactory::getModel( 'groups' ); if( COwnerHelper::isCommunityAdmin() \|\| $groupModel->isAdmin($userId, $table->groupid) \|\| ($table->created_by == $userId) \|\| ($obj->creator == $userId)) { return true; } return false; } static public function filesDiscussionDownload($userId,$discussionId) { $discussionTable = Table::getInstance('Discussion' , 'CTable' ); $discussionTable->load($discussionId); $groupModel = CFactory::getModel( 'groups' ); if( COwnerHelper::isCommunityAdmin() \|\| $groupModel->isAdmin($userId, $discussionTable->groupid) \|\| $groupModel->isMember($userId, $discussionTable->groupid) ) { return true; } return false; } static public function filesBulletinDownload($userId,$bulletinId) { $table = Table::getInstance('Bulletin' , 'CTable' ); $table->load($bulletinId); $groupModel = CFactory::getModel( 'groups' ); if( COwnerHelper::isCommunityAdmin() \|\| $groupModel->isAdmin($userId, $table->groupid) \|\| $groupModel->isMember($userId, $table->groupid) ) { return true; } return false; } static public function filesGroupDownload($userId, $groupId) { $groupModel = CFactory::getModel( 'groups' ); if( COwnerHelper::isCommunityAdmin() \|\| $groupModel->isAdmin($userId, $groupId) \|\| $groupModel->isMember($userId, $groupId) ) { return true; } return false; } static public function filesMessageDelete($userId,$obj) { $table = Table::getInstance('Message', 'CTable'); $table->load($obj->messageid); $parentTable = Table::getInstance('Message', 'CTable'); $parentTable->load($table->parent); if( COwnerHelper::isCommunityAdmin() \|\| ($table->from == $userId) \|\| ($parentTable->from == $userId) ) { return true; } return false; } static public function filesActivityDownload($userId, $actid) { $table = Table::getInstance('Activity', 'CTable'); $table->load($actid); if ($table->access == 20) { if ($userId > 0) return true; else return false; } else if ($table->access == 30) { return CFriendsHelper::isConnected($userId, $table->actor); } else if ($table->access == 40) { return COwnerHelper::isMine($userId, $table->actor); } return true; } }PK��!�� walls.phpnu��[��<?php /* * @copyright (C) 2015 iJoomla, Inc. - All rights reserved. * @license GNU General Public License, version 2 (http://www.gnu.org/licenses/gpl-2.0.html) * @author iJoomla.com <webmaster@ijoomla.com> * @url https://www.jomsocial.com/license-agreement * The PHP code portions are distributed under the GPL license. If not otherwise stated, all images, manuals, cascading style sheets, and included JavaScript are NOT GPL, and are released under the IJOOMLA Proprietary Use License v1.0 More info at https://www.jomsocial.com/license-agreement / use Joomla\CMS\Table\Table; use Joomla\Registry\Registry; defined('_JEXEC') or die('Restricted access'); Class CWallsAccess implements CAccessInterface { /* * Method to check if a user is authorised to perform an action in this class * * @param integer $userId Id of the user for which to check authorisation. * @param string $action The name of the action to authorise. * @param mixed $asset Name of the asset as a string. * * @return boolean True if authorised. * @since Jomsocial 2.4 / static public function authorise() { $args = func_get_args(); $assetName = array_shift ( $args ); if (method_exists(__CLASS__,$assetName)) { return call_user_func_array(array(__CLASS__, $assetName), $args); } else { return null; } } static public function wallsDelete($userid, $wall) { // Access check: ACL if (!CFactory::getUser()->authorise('community.postcommentcreate', 'com_community')) { return false; } $my = CFactory::getUser(); // Access check: ACL if ($my->authorise('community.postcommentdelete', 'com_community')) { return true; } //bear in mind that not all contentid is activity id, it could be photo id or album id depending on the type $cid = 0; if($wall->params != '' && $wall->params != '{}'){ if($wall->params instanceof JRegistry){ $cid = $wall->params->get('activityId',0); }else{ $wall->params = new Registry($wall->params); $cid = $wall->params->get('activityId',0); } }elseif($wall->type == 'profile.status'){ //in the case of profile status, the contentid is linked to the activity id $cid = $wall->contentid; } //check if this is a photo owner, if he is, he can always remove the comment under the photo if($wall->type == 'photos'){ $photoTable = Table::getInstance('photo','CTable'); $photoTable->load($wall->contentid); if($photoTable->creator == $my->id){ return true; } }elseif($wall->type == 'videos'){ $photoTable = Table::getInstance('video','CTable'); $photoTable->load($wall->contentid); if($photoTable->creator == $my->id){ return true; } }elseif($wall->type == 'discussions'){ $photoTable = Table::getInstance('discussion','CTable'); $photoTable->load($wall->contentid); if($photoTable->creator == $my->id){ return true; } } $actModel = CFactory::getModel('activities'); $activity = $actModel->getActivity($cid); $ownPost = ($my->id == $wall->post_by); $targetPost = ($activity->target == $my->id); $allowRemove = (($ownPost \|\| $targetPost \|\| $activity->actor == $my->id) && $my->id) ; return $allowRemove; } }PK��!�ڈ�� friends.phpnu��[��<?php /* * @copyright (C) 2013 iJoomla, Inc. - All rights reserved. * @license GNU General Public License, version 2 (http://www.gnu.org/licenses/gpl-2.0.html) * @author iJoomla.com <webmaster@ijoomla.com> * @url https://www.jomsocial.com/license-agreement * The PHP code portions are distributed under the GPL license. If not otherwise stated, all images, manuals, cascading style sheets, and included JavaScript are NOT GPL, and are released under the IJOOMLA Proprietary Use License v1.0 More info at https://www.jomsocial.com/license-agreement / defined('_JEXEC') or die('Restricted access'); Class CFriendsAccess implements CAccessInterface { /* * Method to check if a user is authorised to perform an action in this class * * @param integer $userId Id of the user for which to check authorisation. * @param string $action The name of the action to authorise. * @param mixed $asset Name of the asset as a string. * * @return boolean True if authorised. * @since Jomsocial 2.4 / static public function authorise() { $args = func_get_args(); $assetName = array_shift ( $args ); if (method_exists(__CLASS__,$assetName)) { return call_user_func_array(array(__CLASS__, $assetName), $args); } else { return null; } } / * This function will get the permission to view friend list * * @return : bool / static public function friendsView($userId, $assetId) { $accesAllowed = CPrivacy::isAccessAllowed($userId, $assetId, 'user', 'privacyFriendsView'); if(!$accesAllowed \|\| ($userId == 0 && $assetId == 0)) { return false; } return true; } / * This function will get the permission to send private message * @param type $userId * @param type $assetId * @return : bool / static public function friendsPmView($userId, $assetId) { $config = CFactory::getConfig(); if (($userId != $assetId) && $config->get('enablepm')) { return true; } else { return false; } } / * This function will get the add friend permission * * @return : bool */ static public function friendsRequest($userId, $targetId) { if(COwnerHelper::isCommunityAdmin()){ return true; } if($userId == $targetId){ return false; } $config = CFactory::getConfig(); $targetUser = CFactory::getUser($targetId); $params = $targetUser->getParams(); $privacyFriendRequest = $params->get('privacyFriendRequest', $config->get('privacyfriendrequest')); if ($privacyFriendRequest == PRIVACY_PUBLIC) { return true; } else if ($privacyFriendRequest == PRIVACY_FRIENDS) { // friend of friend $friendsModel = CFactory::getModel('Friends'); $friends = $friendsModel->getFriendIds($targetId); if (!$friends) { return false; } else { foreach ($friends as $friendId) { if (CFriendsHelper::isConnected($userId, $friendId)) { return true; } } } } else if ($privacyFriendRequest == PRIVACY_PRIVATE) { return false; } return false; } }PK��!��chat.phpnu��[��PK��!�?S�Lh��Lh�� ?��pages.phpnu��[��PK��!��h��h�� x��groups.phpnu��[��PK��!�0v�#�(��(�� photos.phpnu��[��PK��!��#�Id��Id�� activities.phpnu��[��PK��!��R�� 9o�events.phpnu��[��PK��!��facebook.phpnu��[��PK��!�(�:$��profile.phpnu��[��PK��!�_�� v��polls.phpnu��[��PK��!�%a�t�� o��videos.phpnu��[��PK��!�[Y��k��k�� ?��frontpage.phpnu��[��PK��!�&��W �� files.phpnu��[��PK��!�� )��walls.phpnu��[��PK��!�ڈ�� `��friends.phpnu��[��PK��! ��

| ver. 1.1 | | . | PHP 8.4.18 | Ð“ÐµÐ½ÐµÑ€Ð°Ñ†Ð¸Ñ ÑÑ‚Ñ€Ð°Ð½Ð¸Ñ†Ñ‹: 0.01 | proxy | phpinfo | ÐÐ°ÑÑ‚Ñ€Ð¾Ð¹ÐºÐ°