AAAArule.php000066600000010113151372560570006237 0ustar00 true, 3 => true, 4 => false) * or an equivalent JSON encoded string. * * @param mixed $identities A JSON format string (probably from the database) or a named array. * * @since 11.1 */ public function __construct($identities) { // Convert string input to an array. if (is_string($identities)) { $identities = json_decode($identities, true); } $this->mergeIdentities($identities); } /** * Get the data for the action. * * @return array A named array * * @since 11.1 */ public function getData() { return $this->data; } /** * Merges the identities * * @param mixed $identities An integer or array of integers representing the identities to check. * * @return void * * @since 11.1 */ public function mergeIdentities($identities) { if ($identities instanceof JAccessRule) { $identities = $identities->getData(); } if (is_array($identities)) { foreach ($identities as $identity => $allow) { $this->mergeIdentity($identity, $allow); } } } /** * Merges the values for an identity. * * @param integer $identity The identity. * @param boolean $allow The value for the identity (true == allow, false == deny). * * @return void * * @since 11.1 */ public function mergeIdentity($identity, $allow) { $identity = (int) $identity; $allow = (int) ((boolean) $allow); // Check that the identity exists. if (isset($this->data[$identity])) { // Explicit deny always wins a merge. if ($this->data[$identity] !== 0) { $this->data[$identity] = $allow; } } else { $this->data[$identity] = $allow; } } /** * Checks that this action can be performed by an identity. * * The identity is an integer where +ve represents a user group, * and -ve represents a user. * * @param mixed $identities An integer or array of integers representing the identities to check. * * @return mixed True if allowed, false for an explicit deny, null for an implicit deny. * * @since 11.1 */ public function allow($identities) { // Implicit deny by default. $result = null; // Check that the inputs are valid. if (!empty($identities)) { if (!is_array($identities)) { $identities = array($identities); } foreach ($identities as $identity) { // Technically the identity just needs to be unique. $identity = (int) $identity; // Check if the identity is known. if (isset($this->data[$identity])) { $result = (boolean) $this->data[$identity]; // An explicit deny wins. if ($result === false) { break; } } } } return $result; } /** * Convert this object into a JSON encoded string. * * @return string JSON encoded string * * @since 11.1 */ public function __toString() { return json_encode($this->data); } } /** * Deprecated class placeholder. You should use JAccessRule instead. * * @package Joomla.Platform * @subpackage Access * @since 11.1 * @deprecated 12.3 */ class JRule extends JAccessRule { /** * Constructor. * * The input array must be in the form: array(-42 => true, 3 => true, 4 => false) * or an equivalent JSON encoded string. * * @param mixed $identities A JSON format string (probably from the database) or a named array. * * @since 11.1 * @deprecated 12.3 */ public function __construct($identities) { JLog::add('JRule is deprecated. Use JAccessRule instead.', JLog::WARNING, 'deprecated'); parent::__construct($identities); } } .htaccess000066600000000177151372560570006366 0ustar00 Order allow,deny Deny from all access.php000066600000035547151372560570006553 0ustar00 $db)); $rootId = $assets->getRootId(); $asset = $rootId; } // Get the rules for the asset recursively to root if not already retrieved. if (empty(self::$assetRules[$asset])) { self::$assetRules[$asset] = self::getAssetRules($asset, true); } // Get all groups against which the user is mapped. $identities = self::getGroupsByUser($userId); array_unshift($identities, $userId * -1); return self::$assetRules[$asset]->allow($action, $identities); } /** * Method to check if a group is authorised to perform an action, optionally on an asset. * * @param integer $groupId The path to the group for which to check authorisation. * @param string $action The name of the action to authorise. * @param mixed $asset Integer asset id or the name of the asset as a string. Defaults to the global asset node. * * @return boolean True if authorised. * * @since 11.1 */ public static function checkGroup($groupId, $action, $asset = null) { // Sanitize inputs. $groupId = (int) $groupId; $action = strtolower(preg_replace('#[\s\-]+#', '.', trim($action))); $asset = strtolower(preg_replace('#[\s\-]+#', '.', trim($asset))); // Get group path for group $groupPath = self::getGroupPath($groupId); // Default to the root asset node. if (empty($asset)) { $db = JFactory::getDbo(); $assets = JTable::getInstance('Asset', 'JTable', array('dbo' => $db)); $rootId = $assets->getRootId(); } // Get the rules for the asset recursively to root if not already retrieved. if (empty(self::$assetRules[$asset])) { self::$assetRules[$asset] = self::getAssetRules($asset, true); } return self::$assetRules[$asset]->allow($action, $groupPath); } /** * Gets the parent groups that a leaf group belongs to in its branch back to the root of the tree * (including the leaf group id). * * @param mixed $groupId An integer or array of integers representing the identities to check. * * @return mixed True if allowed, false for an explicit deny, null for an implicit deny. * * @since 11.1 */ protected static function getGroupPath($groupId) { // Preload all groups if (empty(self::$userGroups)) { $db = JFactory::getDbo(); $query = $db->getQuery(true) ->select('parent.id, parent.lft, parent.rgt') ->from('#__usergroups AS parent') ->order('parent.lft'); $db->setQuery($query); self::$userGroups = $db->loadObjectList('id'); } // Make sure groupId is valid if (!array_key_exists($groupId, self::$userGroups)) { return array(); } // Get parent groups and leaf group if (!isset(self::$userGroupPaths[$groupId])) { self::$userGroupPaths[$groupId] = array(); foreach (self::$userGroups as $group) { if ($group->lft <= self::$userGroups[$groupId]->lft && $group->rgt >= self::$userGroups[$groupId]->rgt) { self::$userGroupPaths[$groupId][] = $group->id; } } } return self::$userGroupPaths[$groupId]; } /** * Method to return the JAccessRules object for an asset. The returned object can optionally hold * only the rules explicitly set for the asset or the summation of all inherited rules from * parent assets and explicit rules. * * @param mixed $asset Integer asset id or the name of the asset as a string. * @param boolean $recursive True to return the rules object with inherited rules. * * @return JAccessRules JAccessRules object for the asset. * * @since 11.1 */ public static function getAssetRules($asset, $recursive = false) { // Get the database connection object. $db = JFactory::getDbo(); // Build the database query to get the rules for the asset. $query = $db->getQuery(true); $query->select($recursive ? 'b.rules' : 'a.rules'); $query->from('#__assets AS a'); //sqlsrv change $query->group($recursive ? 'b.id, b.rules, b.lft' : 'a.id, a.rules, a.lft'); // If the asset identifier is numeric assume it is a primary key, else lookup by name. if (is_numeric($asset)) { $query->where('(a.id = ' . (int) $asset . ')'); } else { $query->where('(a.name = ' . $db->quote($asset) . ')'); } // If we want the rules cascading up to the global asset node we need a self-join. if ($recursive) { $query->leftJoin('#__assets AS b ON b.lft <= a.lft AND b.rgt >= a.rgt'); $query->order('b.lft'); } // Execute the query and load the rules from the result. $db->setQuery($query); $result = $db->loadColumn(); // Get the root even if the asset is not found and in recursive mode if (empty($result)) { $db = JFactory::getDbo(); $assets = JTable::getInstance('Asset', 'JTable', array('dbo' => $db)); $rootId = $assets->getRootId(); $query = $db->getQuery(true); $query->select('rules'); $query->from('#__assets'); $query->where('id = ' . $db->quote($rootId)); $db->setQuery($query); $result = $db->loadResult(); $result = array($result); } // Instantiate and return the JAccessRules object for the asset rules. $rules = new JAccessRules; $rules->mergeCollection($result); return $rules; } /** * Method to return a list of user groups mapped to a user. The returned list can optionally hold * only the groups explicitly mapped to the user or all groups both explicitly mapped and inherited * by the user. * * @param integer $userId Id of the user for which to get the list of groups. * @param boolean $recursive True to include inherited user groups. * * @return array List of user group ids to which the user is mapped. * * @since 11.1 */ public static function getGroupsByUser($userId, $recursive = true) { // Creates a simple unique string for each parameter combination: $storeId = $userId . ':' . (int) $recursive; if (!isset(self::$groupsByUser[$storeId])) { // Guest user (if only the actually assigned group is requested) if (empty($userId) && !$recursive) { $result = array(JComponentHelper::getParams('com_users')->get('guest_usergroup', 1)); } // Registered user and guest if all groups are requested else { $db = JFactory::getDbo(); // Build the database query to get the rules for the asset. $query = $db->getQuery(true); $query->select($recursive ? 'b.id' : 'a.id'); if (empty($userId)) { $query->from('#__usergroups AS a'); $query->where('a.id = ' . (int) JComponentHelper::getParams('com_users')->get('guest_usergroup', 1)); } else { $query->from('#__user_usergroup_map AS map'); $query->where('map.user_id = ' . (int) $userId); $query->leftJoin('#__usergroups AS a ON a.id = map.group_id'); } // If we want the rules cascading up to the global asset node we need a self-join. if ($recursive) { $query->leftJoin('#__usergroups AS b ON b.lft <= a.lft AND b.rgt >= a.rgt'); } // Execute the query and load the rules from the result. $db->setQuery($query); $result = $db->loadColumn(); // Clean up any NULL or duplicate values, just in case JArrayHelper::toInteger($result); if (empty($result)) { $result = array('1'); } else { $result = array_unique($result); } } self::$groupsByUser[$storeId] = $result; } return self::$groupsByUser[$storeId]; } /** * Method to return a list of user Ids contained in a Group * * @param integer $groupId The group Id * @param boolean $recursive Recursively include all child groups (optional) * * @return array * * @since 11.1 * @todo This method should move somewhere else */ public static function getUsersByGroup($groupId, $recursive = false) { // Get a database object. $db = JFactory::getDbo(); $test = $recursive ? '>=' : '='; // First find the users contained in the group $query = $db->getQuery(true); $query->select('DISTINCT(user_id)'); $query->from('#__usergroups as ug1'); $query->join('INNER', '#__usergroups AS ug2 ON ug2.lft' . $test . 'ug1.lft AND ug1.rgt' . $test . 'ug2.rgt'); $query->join('INNER', '#__user_usergroup_map AS m ON ug2.id=m.group_id'); $query->where('ug1.id=' . $db->Quote($groupId)); $db->setQuery($query); $result = $db->loadColumn(); // Clean up any NULL values, just in case JArrayHelper::toInteger($result); return $result; } /** * Method to return a list of view levels for which the user is authorised. * * @param integer $userId Id of the user for which to get the list of authorised view levels. * * @return array List of view levels for which the user is authorised. * * @since 11.1 */ public static function getAuthorisedViewLevels($userId) { // Get all groups that the user is mapped to recursively. $groups = self::getGroupsByUser($userId); // Only load the view levels once. if (empty(self::$viewLevels)) { // Get a database object. $db = JFactory::getDBO(); // Build the base query. $query = $db->getQuery(true); $query->select('id, rules'); $query->from($query->qn('#__viewlevels')); // Set the query for execution. $db->setQuery((string) $query); // Build the view levels array. foreach ($db->loadAssocList() as $level) { self::$viewLevels[$level['id']] = (array) json_decode($level['rules']); } } // Initialise the authorised array. $authorised = array(1); // Find the authorised levels. foreach (self::$viewLevels as $level => $rule) { foreach ($rule as $id) { if (($id < 0) && (($id * -1) == $userId)) { $authorised[] = $level; break; } // Check to see if the group is mapped to the level. elseif (($id >= 0) && in_array($id, $groups)) { $authorised[] = $level; break; } } } return $authorised; } /** * Method to return a list of actions for which permissions can be set given a component and section. * * @param string $component The component from which to retrieve the actions. * @param string $section The name of the section within the component from which to retrieve the actions. * * @return array List of actions available for the given component and section. * * @since 11.1 * * @deprecated 12.3 Use JAccess::getActionsFromFile or JAccess::getActionsFromData instead. * * @codeCoverageIgnore * */ public static function getActions($component, $section = 'component') { JLog::add(__METHOD__ . ' is deprecated. Use JAccess::getActionsFromFile or JAcces::getActionsFromData instead.', JLog::WARNING, 'deprecated'); $actions = self::getActionsFromFile( JPATH_ADMINISTRATOR . '/components/' . $component . '/access.xml', "/access/section[@name='" . $section . "']/" ); if (empty($actions)) { return array(); } else { return $actions; } } /** * Method to return a list of actions from a file for which permissions can be set. * * @param string $file The path to the XML file. * @param string $xpath An optional xpath to search for the fields. * * @return boolean|array False if case of error or the list of actions available. * * @since 12.1 */ public static function getActionsFromFile($file, $xpath = "/access/section[@name='component']/") { if (!is_file($file)) { // If unable to find the file return false. return false; } else { // Else return the actions from the xml. return self::getActionsFromData(JFactory::getXML($file, true), $xpath); } } /** * Method to return a list of actions from a string or from an xml for which permissions can be set. * * @param string|SimpleXMLElement $data The XML string or an XML element. * @param string $xpath An optional xpath to search for the fields. * * @return boolean|array False if case of error or the list of actions available. * * @since 12.1 */ public static function getActionsFromData($data, $xpath = "/access/section[@name='component']/") { // If the data to load isn't already an XML element or string return false. if ((!($data instanceof SimpleXMLElement)) && (!is_string($data))) { return false; } // Attempt to load the XML if a string. if (is_string($data)) { $data = JFactory::getXML($data, false); // Make sure the XML loaded correctly. if (!$data) { return false; } } // Initialise the actions array $actions = array(); // Get the elements from the xpath $elements = $data->xpath($xpath . 'action[@name][@title][@description]'); // If there some elements, analyse them if (!empty($elements)) { foreach ($elements as $action) { // Add the action to the actions array $actions[] = (object) array( 'name' => (string) $action['name'], 'title' => (string) $action['title'], 'description' => (string) $action['description'] ); } } // Finally return the actions array return $actions; } } rules.php000066600000012327151372560570006433 0ustar00 array(-42 => true, 3 => true, 4 => false)) * or an equivalent JSON encoded string, or an object where properties are arrays. * * @param mixed $input A JSON format string (probably from the database) or a nested array. * * @since 11.1 */ public function __construct($input = '') { // Convert in input to an array. if (is_string($input)) { $input = json_decode($input, true); } elseif (is_object($input)) { $input = (array) $input; } if (is_array($input)) { // Top level keys represent the actions. foreach ($input as $action => $identities) { $this->mergeAction($action, $identities); } } } /** * Get the data for the action. * * @return array A named array of JAccessRule objects. * * @since 11.1 */ public function getData() { return $this->data; } /** * Method to merge a collection of JAccessRules. * * @param mixed $input JAccessRule or array of JAccessRules * * @return void * * @since 11.1 */ public function mergeCollection($input) { // Check if the input is an array. if (is_array($input)) { foreach ($input as $actions) { $this->merge($actions); } } } /** * Method to merge actions with this object. * * @param mixed $actions JAccessRule object, an array of actions or a JSON string array of actions. * * @return void * * @since 11.1 */ public function merge($actions) { if (is_string($actions)) { $actions = json_decode($actions, true); } if (is_array($actions)) { foreach ($actions as $action => $identities) { $this->mergeAction($action, $identities); } } elseif ($actions instanceof JAccessRules) { $data = $actions->getData(); foreach ($data as $name => $identities) { $this->mergeAction($name, $identities); } } } /** * Merges an array of identities for an action. * * @param string $action The name of the action. * @param array $identities An array of identities * * @return void * * @since 11.1 */ public function mergeAction($action, $identities) { if (isset($this->data[$action])) { // If exists, merge the action. $this->data[$action]->mergeIdentities($identities); } else { // If new, add the action. $this->data[$action] = new JAccessRule($identities); } } /** * Checks that an action can be performed by an identity. * * The identity is an integer where +ve represents a user group, * and -ve represents a user. * * @param string $action The name of the action. * @param mixed $identity An integer representing the identity, or an array of identities * * @return mixed Object or null if there is no information about the action. * * @since 11.1 */ public function allow($action, $identity) { // Check we have information about this action. if (isset($this->data[$action])) { return $this->data[$action]->allow($identity); } return null; } /** * Get the allowed actions for an identity. * * @param mixed $identity An integer representing the identity or an array of identities * * @return object Allowed actions for the identity or identities * * @since 11.1 */ public function getAllowed($identity) { // Sweep for the allowed actions. $allowed = new JObject; foreach ($this->data as $name => &$action) { if ($action->allow($identity)) { $allowed->set($name, true); } } return $allowed; } /** * Magic method to convert the object to JSON string representation. * * @return string JSON representation of the actions array * * @since 11.1 */ public function __toString() { $temp = array(); foreach ($this->data as $name => $rule) { // Convert the action to JSON, then back into an array otherwise // re-encoding will quote the JSON for the identities in the action. $temp[$name] = json_decode((string) $rule); } return json_encode($temp); } } /** * Deprecated class placeholder. You should use JAccessRules instead. * * @package Joomla.Platform * @subpackage Access * @since 11.1 * @deprecated 12.3 */ class JRules extends JAccessRules { /** * Constructor. * * The input array must be in the form: array('action' => array(-42 => true, 3 => true, 4 => false)) * or an equivalent JSON encoded string, or an object where properties are arrays. * * @param mixed $input A JSON format string (probably from the database) or a nested array. * * @since 11.1 * @deprecated 12.3 */ public function __construct($input = '') { JLog::add('JRules is deprecated. Use JAccessRules instead.', JLog::WARNING, 'deprecated'); parent::__construct($input); } } index.html000066600000000037151372560570006560 0ustar00