Ð¤Ð°Ð¹Ð»Ð¾Ð²Ñ‹Ð¹ Ð¼ÐµÐ½ÐµÐ´Ð¶ÐµÑ€

Ð¤Ð°Ð¹Ð»Ð¾Ð²Ñ‹Ð¹ Ð¼ÐµÐ½ÐµÐ´Ð¶ÐµÑ€ - Ð ÐµÐ´Ð°ÐºÑ‚Ð¸Ñ€Ð¾Ð²Ð°Ñ‚ÑŒ - /var/www/html/components/com_community/helpers/access/photos.php

ÐÐ°Ð·Ð°Ð´
<?php /** * @copyright (C) 2013 iJoomla, Inc. - All rights reserved. * @license GNU General Public License, version 2 (http://www.gnu.org/licenses/gpl-2.0.html) * @author iJoomla.com <webmaster@ijoomla.com> * @url https://www.jomsocial.com/license-agreement * The PHP code portions are distributed under the GPL license. If not otherwise stated, all images, manuals, cascading style sheets, and included JavaScript are NOT GPL, and are released under the IJOOMLA Proprietary Use License v1.0 More info at https://www.jomsocial.com/license-agreement / use Joomla\CMS\Factory; use Joomla\CMS\Table\Table; defined('_JEXEC') or die('Restricted access'); Class CPhotosAccess implements CAccessInterface { /* * Method to check if a user is authorised to perform an action in this class * * @param integer $userId Id of the user for which to check authorisation. * @param string $action The name of the action to authorise. * @param mixed $asset Name of the asset as a string. * * @return boolean True if authorised. * @since Jomsocial 2.4 / static public function authorise() { $args = func_get_args(); $assetName = array_shift ( $args ); if (method_exists(__CLASS__,$assetName)) { return call_user_func_array(array(__CLASS__, $assetName), $args); } else { return null; } } static public function photosPageAlbumView($userid, $asset, $album_obj = ''){ $page = Table::getInstance( 'Page' , 'CTable' ); $page->load($asset); $params = $page->getParams(); $photopermission = $params->get('photopermission', PAGE_PHOTO_PERMISSION_ADMINS); if($page->isMember($userid)){ //all members should be able to view return true; }elseif( $photopermission == PAGE_PHOTO_PERMISSION_MEMBERS && $page->isMember($userid) ){ return ((isset($album_obj) && $userid == $album_obj->creator )\|\| $page->isAdmin($userid )); }else if( ($photopermission == PAGE_PHOTO_PERMISSION_ADMINS && $page->isAdmin($userid) ) \|\| COwnerHelper::isCommunityAdmin() ){ return true; }elseif ($page->approvals == 0) { return true; }else{ return false; } } static public function photosPageAlbumManage($userid, $asset, $page_obj){ $album = Table::getInstance( 'Album' , 'CTable' ); $album->load( $asset ); //ACL check return ((CFactory::getUser()->authorise('community.photoedit', 'com_community') \|\| CFactory::getUser()->authorise('community.photodelete', 'com_community')) \|\| ($page_obj->isAdmin($userid) && CFactory::getUser()->authorise('community.photocreate', 'com_community')) \|\| ($album->creator == $userid && CFactory::getUser()->authorise('community.photocreate', 'com_community'))); } / * @param : $asset = group id, $album_obj = album object, $userid = userid * @return : boolean / int / static public function photosGroupAlbumView($userid, $asset, $album_obj = ''){ $group = Table::getInstance( 'Group' , 'CTable' ); $group->load($asset); $params = $group->getParams(); $photopermission = $params->get('photopermission', GROUP_PHOTO_PERMISSION_ADMINS); if($group->isMember($userid)){ //all members should be able to view return true; }elseif( $photopermission == GROUP_PHOTO_PERMISSION_MEMBERS && $group->isMember($userid) ){ return ((isset($album_obj) && $userid == $album_obj->creator )\|\| $group->isAdmin($userid )); }else if( ($photopermission == GROUP_PHOTO_PERMISSION_ADMINS && $group->isAdmin($userid) ) \|\| COwnerHelper::isCommunityAdmin() ){ return true; }elseif ($group->approvals == 0) { return true; }else{ return false; } } / * @param : $asset = null, $wall_obj = wall object, $userid = userid * @return : boolean / int / static public function photosWallEdit($userid, $asset, $wall_obj){ // @rule: We only allow editing of wall in 15 minutes $viewer = CFactory::getUser($userid); $now = JDate::getInstance(); $interval = CTimeHelper::timeIntervalDifference( $wall_obj->date , $now->toSql() ); $interval = abs( $interval ); // Only owner and ACL access can edit if( ( CFactory::getUser()->authorise('community.postcommentedit', 'com_community') \|\| $viewer->id == $wall_obj->post_by )) { if (!CFactory::getUser()->authorise('community.postcommentcreate', 'com_community')) { return false; } else { return true; } } return false; } / * @param - asset as photo id / static public function photosTagRemove($userid, $asset,$taggedUser){ //condition: only owner can remove the tag $photo = Table::getInstance( 'Photo' , 'CTable' ); $photo->load( $asset ); if($userid == $photo->creator \|\| $userid == $taggedUser->id){ return true; }else{ return false; } } / * @param - asset as album id * @param - group_obj as group object * / static public function photosGroupAlbumManage($userid, $asset, $group_obj){ $album = Table::getInstance( 'Album' , 'CTable' ); $album->load( $asset ); //ACL check return ((CFactory::getUser()->authorise('community.photoedit', 'com_community') \|\| CFactory::getUser()->authorise('community.photodelete', 'com_community')) \|\| ($group_obj->isAdmin($userid) && CFactory::getUser()->authorise('community.photocreate', 'com_community')) \|\| ($album->creator == $userid && CFactory::getUser()->authorise('community.photocreate', 'com_community'))); //return ( COwnerHelper::isCommunityAdmin() \|\| ($group_obj->isAdmin($userid) && CFactory::getUser()->authorise('community.photocreate', 'com_community')) \|\| ($album->creator == $userid && CFactory::getUser()->authorise('community.photocreate', 'com_community'))); } /* * To check the permission for the respective user to edit album * @param $userid * @param $asset * @param $eventObj * @return bool / static public function photosEventAlbumManage($userid, $asset, $eventObj){ $album = Table::getInstance( 'Album' , 'CTable' ); $album->load( $asset ); if (($eventObj->isMember($userid) && CFactory::getUser()->authorise('community.photocreate', 'com_community')) \|\| ($album->creator == $userid && CFactory::getUser()->authorise('community.photocreate', 'com_community')) \|\| (CFactory::getUser()->authorise('community.photoedit', 'com_community') \|\| CFactory::getUser()->authorise('community.photodelete', 'com_community')) \|\| ($eventObj->isAdmin($userid) && CFactory::getUser()->authorise('community.photocreate', 'com_community'))) { return true; } // if($eventObj->isMember($userid) \|\| $album->creator == $userid \|\| COwnerHelper::isCommunityAdmin() \|\| $eventObj->isAdmin($userid)){ // return true; // } return false; } / * @param - asset as album id * */ static public function photosUserAlbumManage($userid, $asset){ $album = Table::getInstance( 'Album' , 'CTable' ); $album->load( $asset ); //ACL check return (($album->creator == $userid && CFactory::getUser()->authorise('community.photocreate', 'com_community')) \|\| (CFactory::getUser()->authorise('community.photoedit', 'com_community') \|\| CFactory::getUser()->authorise('community.photodelete', 'com_community'))); } static public function photosUserAlbumView($userid, $asset){ //first $album = Table::getInstance( 'Album' , 'CTable' ); $album->load( $asset ); if($userid == $album->creator \|\| CFactory::getUser()->authorise('community.photoedit', 'com_community') \|\| CFactory::getUser()->authorise('community.photodelete', 'com_community') \|\| CFactory::getUser()->authorise('community.photoeditstate', 'com_community')) { return true; // creator always be able to view his own album } $owner = CFactory::getUser($album->creator); $permission = $album->permissions; if($permission == COMMUNITY_STATUS_PRIVACY_FRIENDS && $owner->isFriendWith($userid)){ return true; } if($permission == COMMUNITY_STATUS_PRIVACY_MEMBERS && $userid){ return true; } if($permission <= COMMUNITY_STATUS_PRIVACY_PUBLIC){ return true; } return false; } static public function photosAvatarUpload($myId, $userid) { if(COwnerHelper::isCommunityAdmin()){ return true; }elseif($userid == CFactory::getUser()->id && $userid){ return true; }else{ //we need to check if this user is used in registration last step // so lets check if the user id belongs to a user that hasn't been activated yet which mean the last visit date is zero $db = Factory::getDbo(); $query = "SELECT id FROM ".$db->quoteName('#__users') ." WHERE id = " . $db->q($userid) . " AND (lastvisitDate = '0000-00-00 00:00:00' OR lastvisitDate IS NULL)"; $db->setQuery($query); $result = $db->loadResult(); return ($result) ? true : false; } return false; } static public function photosDelete($userId, $photoId){ $photoTable = Table::getInstance('Photo', 'CTable'); $photoTable->load($photoId); //the creator can always delete the photo OR ACL access if( ($userId && $photoTable->creator == $userId && CFactory::getUser()->authorise('community.photocreate', 'com_community')) \|\| CFactory::getUser()->authorise('community.photodelete', 'com_community')){ return true; } $album = Table::getInstance( 'Album' , 'CTable' ); $album->load( $photoTable->albumid ); //check if this photo belongs to events/group albums if($album->eventid){ $event = Table::getInstance( 'Event' , 'CTable' ); $event->load( $album->eventid ); return $event->isAdmin($userId); }elseif($album->groupid){ $group = Table::getInstance( 'Group' , 'CTable' ); $group->load( $album->groupid ); return $group->isAdmin($userId); }elseif($album->pageid){ $page = Table::getInstance( 'Page' , 'CTable' ); $page->load( $album->pageid ); return $page->isAdmin($userId); } return false; } }

| ver. 1.1 | | . | PHP 8.4.18 | Ð“ÐµÐ½ÐµÑ€Ð°Ñ†Ð¸Ñ ÑÑ‚Ñ€Ð°Ð½Ð¸Ñ†Ñ‹: 0.01 | proxy | phpinfo | ÐÐ°ÑÑ‚Ñ€Ð¾Ð¹ÐºÐ°