Ð¤Ð°Ð¹Ð»Ð¾Ð²Ñ‹Ð¹ Ð¼ÐµÐ½ÐµÐ´Ð¶ÐµÑ€

Ð¤Ð°Ð¹Ð»Ð¾Ð²Ñ‹Ð¹ Ð¼ÐµÐ½ÐµÐ´Ð¶ÐµÑ€ - Ð ÐµÐ´Ð°ÐºÑ‚Ð¸Ñ€Ð¾Ð²Ð°Ñ‚ÑŒ - /var/www/html/components/com_community/helpers/access/profile.php

ÐÐ°Ð·Ð°Ð´
<?php /** * @copyright (C) 2013 iJoomla, Inc. - All rights reserved. * @license GNU General Public License, version 2 (http://www.gnu.org/licenses/gpl-2.0.html) * @author iJoomla.com <webmaster@ijoomla.com> * @url https://www.jomsocial.com/license-agreement * The PHP code portions are distributed under the GPL license. If not otherwise stated, all images, manuals, cascading style sheets, and included JavaScript are NOT GPL, and are released under the IJOOMLA Proprietary Use License v1.0 More info at https://www.jomsocial.com/license-agreement / defined('_JEXEC') or die('Restricted access'); Class CProfileAccess implements CAccessInterface { /* * Method to check if a user is authorised to perform an action in this class * * @param integer $userId Id of the user for which to check authorisation. * @param string $action The name of the action to authorise. * @param mixed $asset Name of the asset as a string. * * @return boolean True if authorised. * @since Jomsocial 2.4 / static public function authorise() { $args = func_get_args(); $assetName = array_shift ( $args ); if (method_exists(__CLASS__,$assetName)) { return call_user_func_array(array(__CLASS__, $assetName), $args); } else { return null; } } /* * Return true if the user can view the given profile * @param type $asset * @param type $assetObject * / static public function profileView($userid, $asset, $user) { $viewer = CFactory::getUser($userid); // ACL if( CFactory::getUser()->authorise('community.profileeditstate', 'com_community') \|\| CFactory::getUser()->authorise('community.profileedit', 'com_community') \|\| $viewer->id == $user->id ){ return true; } // @rule: if the user is blocked, you can't see it either if( $user->isBlocked() ){ return false; } // Check based on privacy settin $param = $user->getParams(); $access = $param->get('privacyProfileView'); // @rule, User with public access, show // In old profile, 0 also means public if( $access == PRIVACY_PUBLIC \|\| $access == 0){ return true; } // @rule: at this stage, non registered member can't view it anyway if( $viewer->id == 0){ return false; } // @rule: User that limit to friend only, check for friend if( $access == PRIVACY_FRIENDS ){ $friends = explode( ',', $viewer->_friends ); if(in_array( $user->id, $friends )){ return true; } } if( $access == PRIVACY_MEMBERS && $viewer->id !==0){ return true; } // @rule: for private profile, only owner can view // No checking needed, already allow user to see themselves at the top line return false; } /* * * @param type $userid * @param type $asset * @param type $user */ static public function profileDelete($userid, $asset, $user) { $config = CFactory::getConfig(); $viewer = CFactory::getUser($userid); // Check if profile deletion is disabled if( !$config->get('profile_deletion') ) { return false; } // Guest obviously can't delete a profile if( $userid == 0){ return false; } // Community admin cannot be deleted from the front-end if( COwnerHelper::isCommunityAdmin($user->id) ){ return false; } // You can only delete your own profile if( $userid == $user->id ){ return true; } return false; } static public function profileBan($userid, $asset, $user) { // Only community admin can ban a user //return COwnerHelper::isCommunityAdmin( $userid ); // ACL check return CFactory::getUser()->authorise('community.profileeditstate', 'com_community'); } }

| ver. 1.1 | | . | PHP 8.4.18 | Ð“ÐµÐ½ÐµÑ€Ð°Ñ†Ð¸Ñ ÑÑ‚Ñ€Ð°Ð½Ð¸Ñ†Ñ‹: 0 | proxy | phpinfo | ÐÐ°ÑÑ‚Ñ€Ð¾Ð¹ÐºÐ°