Файловый менеджер - Редактировать - /var/www/html/components/com_community/helpers/access/activities.php
Ðазад
<?php /** * @copyright (C) 2013 iJoomla, Inc. - All rights reserved. * @license GNU General Public License, version 2 (http://www.gnu.org/licenses/gpl-2.0.html) * @author iJoomla.com <webmaster@ijoomla.com> * @url https://www.jomsocial.com/license-agreement * The PHP code portions are distributed under the GPL license. If not otherwise stated, all images, manuals, cascading style sheets, and included JavaScript *are NOT GPL, and are released under the IJOOMLA Proprietary Use License v1.0 * More info at https://www.jomsocial.com/license-agreement */ use Joomla\CMS\Factory; use Joomla\CMS\Table\Table; use Joomla\Registry\Registry; defined('_JEXEC') or die('Restricted access'); Class CActivitiesAccess implements CAccessInterface{ /** * Method to check if a user is authorised to perform an action in this class * * @param integer $userId Id of the user for which to check authorisation. * @param string $action The name of the action to authorise. * @param mixed $asset Name of the asset as a string. * * @return boolean True if authorised. * @since Jomsocial 2.4 */ static public function authorise() { $args = func_get_args(); $assetName = array_shift ( $args ); if (method_exists(__CLASS__,$assetName)) { return call_user_func_array(array(__CLASS__, $assetName), $args); } else { return null; } } /* * @param : int(activity_id) * This function will get the permission to add for profile/mainstream activity * * @return : bool */ static public function activitiesCommentAdd($userId, $assetId, $obj=NULL){ // Access check: ACL if (!CFactory::getUser()->authorise('community.postcommentcreate', 'com_community')) { return false; } //$obj = func_get_arg(2); $params = func_get_args(); $obj = (!isset($params[2])) ? NULL : $params[2] ; $model = CFactory::getModel('activities'); $result = false; $config = CFactory::getConfig(); // Guest can never leave a comment if( $userId == 0){ return false; } // If global config allow all members to comment, allow it if( $config->get( 'allmemberactivitycomment' ) == '1') { return true; } $allow_comment = false; // if all activity comment is allowed, return true $config = CFactory::getConfig(); if($config->get( 'allmemberactivitycomment' ) == '1' && COwnerHelper::isRegisteredUser()){ $allow_comment = true; } if($obj instanceof CTableActivity || is_object($obj)){ //lets check if this table activity belongs to group or events $tempObj = $obj; if(isset($obj->groupid) && $obj->groupid){ $tempObj = Table::getInstance('Group','CTable'); $tempObj->load($obj->groupid); }elseif(isset($obj->eventid) && $obj->eventid){ $tempObj = Table::getInstance('Event','CTable'); $tempObj->load($obj->eventid); } $obj = $tempObj; } $eventOrGroup = false; if($obj instanceof CTableEvent || $obj instanceof CTableGroup){ //event or group activities only $eventOrGroup = true; if($obj->isMember($userId)){ $allow_comment = true; } }else if($config->get( 'allmemberactivitycomment' ) == '1' && COwnerHelper::isRegisteredUser()){ // if all activity comment is allowed, return true $allow_comment = true; }else if(isset($obj->access) && COwnerHelper::isRegisteredUser() && $obj->access <= 20) { // if site members privacy $allow_comment = true; } if ( !isset($obj->params)) { $params = '{}'; }else { $params = $obj->params; } $params = new CParameter($params); $commentPermission = $params->get('commentPermission',NULL); /* if( !$commentPermission && !is_null($commentPermission)) { $allow_comment = false; }*/ if ($eventOrGroup) { if($allow_comment || COwnerHelper::isCommunityAdmin()){ $result = true; } } else { if($allow_comment || CFriendsHelper::isConnected($assetId, $userId) || COwnerHelper::isCommunityAdmin()){ $result = true; } } return $result; } /* * @param : int(activity_id) * This function will get the permission to delete for profile/mainstream activity * * @return : bool */ static public function activitiesDelete($userId, $assetId, $activity = array()){ // Access check: ACL if (!CFactory::getUser()->authorise('community.postcommentcreate', 'com_community')) { return false; } $obj = func_get_arg(0); $model = CFactory::getModel('activities'); $result = false; // Access check: ACL if (CFactory::getUser()->authorise('community.postcommentdelete', 'com_community')) { return true; } if($obj instanceof CTableEvent || $obj instanceof CTableGroup){ //event or group activities only $isAppOwner = $obj->isAdmin($userId); if($isAppOwner || COwnerHelper::isCommunityAdmin() || $model->getActivityOwner($assetId) == $userId){ $result = true; } }else{ if($model->getActivityOwner($assetId) == $userId || $activity->target == $userId){ $result = true; }else if($activity instanceof CTableActivity && ($activity->eventid != 0 || $activity->groupid != 0)){ //we can check if this activity belongs to any group or event and check if the user is authorized to delete the post if($activity->eventid){ //this activity belongs to an event $event = Table::getInstance('Event','CTable'); $event->load($activity->eventid); $result = ($event->isAdmin($userId)) ? true : false; }elseif($activity->groupid){ $group = Table::getInstance('Group','CTable'); $group->load($activity->groupid); $result = ($group->isAdmin($userId)) ? true : false; } } } return $result; } /** * check permission to hide stream * @param $userId * @param $actorId * @param $obj * @return bool */ static public function activitiesStreamHide($userId, $actorId, $obj= null){ if($obj != null) { //we cant hide this if this is a featured item $featuredModel = CFactory::getModel('featured'); $featuredActivities = $featuredModel->getAllStreamFeaturedId(); if (in_array($obj->id, $featuredActivities)) { return false; } } if($userId){ return true; } return false; } /** * This function to check permission to add Mood in sthe stream * @param [string] $userId [description] * @param [string] $actorId [description] * @param [object] $obj [description] * @return [boolean] [description] */ static public function activitiesStreamAddMood($userId,$actorId,$obj = NULL){ if(!$obj->params instanceof JRegistry) $obj->params = new Registry(); $mood = $obj->params->get('mood',null); $allowapp = array( 'profile', 'groups.wall', 'events.wall' ); $isAllowedApp = in_array($obj->app,$allowapp); if(($userId == $actorId || COwnerHelper::isCommunityAdmin()) && is_null($mood) && $isAllowedApp){ return true; } return false; } /** * This function to check permission for user to edit mood; * @param [string] $userId [description] * @param [string] $actorId [description] * @param [object] $obj [description] * @return [boolean] [description] */ static public function activitiesStreamEditMood($userId,$actorId,$obj = NULL){ $allowapp = array( 'profile', 'groups.wall', 'events.wall', 'photos', 'videos.linking' ); $isAllowedApp = in_array($obj->app,$allowapp); $mood = $obj->params->get('mood',null); if(($userId == $actorId || COwnerHelper::isCommunityAdmin()) && !is_null($mood) && $isAllowedApp){ return true; } return false; } /** * This function to check permission user to edit post * @param [string] $userId [description] * @param [string] $actorId [description] * @param [object] $obj [description] * @return [boolean] [description] */ static public function activitiesStreamEditPost($userId,$actorId,$obj = NULL){ $allowapp = array( 'profile', 'filesharing', 'groups.wall', 'events.wall', 'pages.wall', 'profile.status.share', 'photos', 'videos.linking', 'videos' ); $isAllowedApp = in_array($obj->app,$allowapp); // Access check: ACL if(( ($actorId == $userId) || CFactory::getUser()->authorise('community.postcommentedit', 'com_community') || ( $obj->target == $userId && $actorId == $userId )) && $isAllowedApp){ // Access check: ACL if (!CFactory::getUser()->authorise('community.postcommentcreate', 'com_community')) { return false; } else { return true; } } return false; } /** * This Function to check permission for delete post * @param [string] $userId [description] * @param [string] $actorId [description] * @param [object] $obj [description] * @return [boolean] [description] */ static public function activitiesStreamDeletetPost($userId,$actorId,$obj = NULL){ // Access check: ACL if (!CFactory::getUser()->authorise('community.postcommentcreate', 'com_community')) { return false; } if(!$userId){ return false; } if(CFactory::getUser()->authorise('community.postcommentdelete', 'com_community')) { return true; } if(CFactory::getUser()->authorise('community.postcommentdelete', 'com_community') && $obj->app == 'users.featured'){ return true; } //admin can delete system generated post $appType = isset($obj->app) ? explode('.',$obj->app) : false ; if(COwnerHelper::isCommunityAdmin() && $appType && $appType[0] == 'system'){ return true; } $allowapp = array( 'profile', 'groups.wall', 'events.wall', 'profile.status.share', 'videos', 'photos' ); $disallowApp = array('photo.like', 'album.like'); if(in_array($obj->app, $disallowApp)){ return false; } $isAllowedApp = in_array($obj->app,$allowapp); $appAdmin = false; if($obj->app == "groups.wall"){ $gTable = Table::getInstance('Group','CTable'); $gTable->load($obj->groupid); if($gTable->ownerid == $userId || $gTable->isAdmin($userId)){ $appAdmin = true; //group admin } }elseif($obj->app=='events.wall'){ $eventTable = Table::getInstance('Event','CTable'); $eventTable->load($obj->eventid); if($eventTable->creator == $userId || $eventTable->isAdmin($userId)){ $appAdmin = true; // event admin } } // Access check: ACL if (CFactory::getUser()->authorise('community.postcommentdelete', 'com_community')) { return true; } if(( ($actorId == $userId) || COwnerHelper::isCommunityAdmin() || ( $obj->target == $userId )) || $appAdmin /*&& $isAllowedApp*/){ // Access check: ACL if (!CFactory::getUser()->authorise('community.postcommentcreate', 'com_community')) { return false; } else { return true; } } return false; } static public function activitiesStreamAddLocation($userId,$actorId,$obj = NULL){ $allowapp = array( 'profile', 'groups.wall', 'events.wall' ); $isAllowedApp = in_array($obj->app,$allowapp); if(($userId == $actorId || COwnerHelper::isCommunityAdmin()) && empty($obj->location) && $isAllowedApp && CFactory::getConfig()->get('streamlocation',0)){ return true; } return false; } static public function activitiesStreamEditLocation($userId,$actorId,$obj = NULL){ $allowapp = array( 'profile', 'groups.wall', 'events.wall' ); $isAllowedApp = in_array($obj->app,$allowapp); if(($userId == $actorId || COwnerHelper::isCommunityAdmin()) && !empty($obj->location) && $isAllowedApp && CFactory::getConfig()->get('streamlocation',0)){ return true; } return false; } /** * @param $userid * @param $obj * @since 4.1 */ static public function activitiesStreamFeature($userid, $obj){ $config = CFactory::getConfig(); $streamInfo = isset($obj->extraInfo) ? $obj->extraInfo : ''; //if feature stream is disabled, this will always be false if(!$config->get('featured_stream')){ return false; } //determine the view $jinput = Factory::getApplication()->input; $streamType = $jinput->get('view','','STRING'); //higher precedence as this might be from ajax call where we cant ge the view type correctly if(isset($streamInfo['stream_type'])){ $streamType = $streamInfo['stream_type']; //fortunately, we have the stream type from ajax } $featuredModel = CFactory::getModel('featured'); $featuredLists = $featuredModel->getStreamFeaturedList();//current featured counts $totalFeatured = 0; //actual count of the featured item $limitCount = 0; $otherFlag = false; //check if the limit is over or not switch($streamType){ case 'profile' : $limitCount = $config->get('stream_profile_featured'); $profileId = (isset($streamInfo['profile_id'])) ? $streamInfo['profile_id'] : $userid; //for profile, if there is no userid, this should be my own profile $profileId = $jinput->get('userid',$profileId,'INT'); if(isset($featuredLists['stream.profile'][$profileId])){ //we need to know which profile is this foreach($featuredLists['stream.profile'][$profileId] as $profile){ if($profile->target_id == $profileId){ if($profile->cid == $obj->id){ return false; // indicates this stream has been featured, so it cannot be featured again } $totalFeatured++; } } } //echo $profileId;die; //if this is own profile if($userid == $profileId && $totalFeatured < $limitCount){ return true; } break; case 'frontpage' : $limitCount = $config->get('stream_frontpage_featured'); if(!COwnerHelper::isCommunityAdmin()){ //instantly return false because only community admin can feature this return false; }else{ //passed the identity check $otherFlag = true; } //array 0 because it doesnt have any target id if(isset($featuredLists['stream.frontpage'][0])){ foreach($featuredLists['stream.frontpage'][0] as $feature){ if($feature->cid == $obj->id){ return false; // indicates this stream has been featured, so it cannot be featured again } $totalFeatured++; } } break; case 'group' : case 'groups' : $limitCount = $config->get('stream_group_featured'); //only community admin and group admin can do this $groupId = $obj->groupid; if(!$groupId){ return false; } $groupTable = Table::getInstance('Group','CTable'); $groupTable->load($groupId); if(!$groupTable->isAdmin($userid) && !COwnerHelper::isCommunityAdmin()){ return false; }else{ $otherFlag = true; } $limitCount = $config->get('stream_group_featured'); if(isset($featuredLists['stream.group'][$groupId])){ foreach($featuredLists['stream.group'][$groupId] as $feature){ if($feature->cid == $obj->id){ return false; // indicates this stream has been featured, so it cannot be featured again } $totalFeatured++; } } break; case 'event': case 'events' : $limitCount = $config->get('stream_event_featured'); $eventId = $obj->eventid; if(!$eventId){ return false; } $eventTable = Table::getInstance('Event','CTable'); $eventTable->load($eventId); if(!$eventTable->isAdmin($userid) && !COwnerHelper::isCommunityAdmin()){ return false; }else{ $otherFlag = true; } $limitCount = $config->get('stream_event_featured'); if(isset($featuredLists['stream.event'][$eventId])){ foreach($featuredLists['stream.event'][$eventId] as $feature){ if($feature->cid == $obj->id){ return false; // indicates this stream has been featured, so it cannot be featured again } $totalFeatured++; } } break; default : return false; } //if the total featured item on specific stream type meet the quota, it cannot be featured anymore if($totalFeatured >= $limitCount){ return false; } //community admin can feature as long as the permission passed on top of this if(COwnerHelper::isCommunityAdmin() || $otherFlag){ return true; } } /** * check if current user can unfeature the stream * @param $userId * @param $obj */ static public function activitiesStreamUnfeature($userId, $obj){ //before we unfeature, we must make sure the already been featured $config = CFactory::getConfig(); $streamInfo = isset($obj->extraInfo) ? $obj->extraInfo : ''; //if feature stream is disabled, this will always be false if(!$config->get('featured_stream')){ return false; } //determine the view $jinput = Factory::getApplication()->input; $streamType = $jinput->get('view','','STRING'); //higher precedence as this might be from ajax call where we cant ge the view type correctly if(isset($streamInfo['stream_type'])){ $streamType = $streamInfo['stream_type']; //fortunately, we have the stream type from ajax } $featuredModel = CFactory::getModel('featured'); $featuredLists = $featuredModel->getStreamFeaturedList();//current featured counts $lists = array(); $otherFlag = false; switch($streamType){ case 'frontpage': $lists = isset($featuredLists['stream.frontpage'][0]) ? $featuredLists['stream.frontpage'][0] : array(); break; case 'profile': $profileId = (isset($streamInfo['profile_id'])) ? $streamInfo['profile_id'] : $userId; //for profile, if there is no userid, this should be my own profile $profileId = $jinput->get('userid',$profileId,'INT'); if($profileId == $userId){ $otherFlag = true; } $lists = isset($featuredLists['stream.profile'][$profileId]) ? $featuredLists['stream.profile'][$profileId] : array(); break; case 'group': case 'groups': $groupId = $obj->groupid; if(!$groupId){ return false; } $groupTable = Table::getInstance('Group','CTable'); $groupTable->load($groupId); if(!$groupTable->isAdmin($userId) && !COwnerHelper::isCommunityAdmin()){ return false; }else{ $otherFlag = true; } $lists = isset($featuredLists['stream.group'][$obj->groupid]) ? $featuredLists['stream.group'][$obj->groupid] : array(); break; case 'event': case 'events': $eventId = $obj->eventid; if(!$eventId){ return false; } $eventTable = Table::getInstance('Event','CTable'); $eventTable->load($eventId); if(!$eventTable->isAdmin($userId) && !COwnerHelper::isCommunityAdmin()){ return false; }else{ $otherFlag = true; } $lists = isset($featuredLists['stream.event'][$obj->eventid]) ? $featuredLists['stream.event'][$obj->eventid] : array(); break; default : $lists = isset($featuredLists['stream.frontpage'][0]) ? $featuredLists['stream.frontpage'][0] : array(); break; } foreach($lists as $list){ if($list->cid == $obj->id){ //found this id in the feature list if(COwnerHelper::isCommunityAdmin() || $otherFlag){ return true; }else{ return false; } } } return false; } static public function activitiesStreamPermission($userId,$actorId,$obj){ $permission = new StdClass(); $permission->editPost = self::activitiesStreamEditPost($userId,$actorId,$obj); $permission->deletePost = self::activitiesStreamDeletetPost($userId,$actorId,$obj); $permission->addLocation = self::activitiesStreamAddLocation($userId,$actorId,$obj); $permission->deleteLocation = self::activitiesStreamEditLocation($userId,$actorId,$obj); $permission->addMood = self::activitiesStreamAddMood($userId,$actorId,$obj); $permission->deleteMood = self::activitiesStreamEditMood($userId,$actorId,$obj); $permission->hideStream = self::activitiesStreamHide($userId,$actorId, $obj); $permission->featureActivity= self::activitiesStreamFeature($userId,$obj); $permission->unfeatureActivity= self::activitiesStreamUnfeature($userId, $obj); $permission->ignoreStream = self::activitiesStreamIgnore($userId,$actorId,$obj); $permission->showButton = ($permission->editPost || $permission->deletePost || $permission->addLocation || $permission->deleteLocation || $permission->addMood || $permission->deleteMood || $permission->hideStream || $permission->featureActivity || $permission->unfeatureActivity || $permission->ignoreStream ); return $permission; } static public function activitiesStreamIgnore($userId, $actorId, $obj = NULL){ //ignore anything related to comment if(isset($obj->app) && strpos($obj->app, 'comment') !== false){ return false; } if($userId > 0 && $userId != $actorId && !COwnerHelper::isCommunityAdmin($actorId)){ return true; } if($obj->target == 0){ return false; } return false; } static public function activitiesLikeAdd($userId, $assetId, $obj=NULL){ //some activity that cannot be liked $cannotLikeApp = array('photos.comment'); if(isset($obj->app) && in_array($obj->app, $cannotLikeApp)){ return false; } // Guest can never leave a comment if( $userId == 0 ){ return false; } if(isset($obj->params)) { $params = new CParameter($obj->params); $likesPermission = $params->get('likesPermission',NULL); if( $likesPermission == false && !is_null($likesPermission)) { return false; } } return true; } }
| ver. 1.1 | |
.
| PHP 8.4.18 | Ð“ÐµÐ½ÐµÑ€Ð°Ñ†Ð¸Ñ Ñтраницы: 0 |
proxy
|
phpinfo
|
ÐаÑтройка