File joomla/form/fields/rules.php | Joomla! Framework TM

  1 <?php
  2 /**
  3  * @package     Joomla.Platform
  4  * @subpackage  Form
  5  *
  6  * @copyright   Copyright (C) 2005 - 2017 Open Source Matters, Inc. All rights reserved.
  7  * @license     GNU General Public License version 2 or later; see LICENSE
  8  */
  9 
 10 defined('JPATH_PLATFORM') or die;
 11 
 12 /**
 13  * Form Field class for the Joomla Platform.
 14  * Field for assigning permissions to groups for a given asset
 15  *
 16  * @see    JAccess
 17  * @since  11.1
 18  */
 19 class JFormFieldRules extends JFormField
 20 {
 21     /**
 22      * The form field type.
 23      *
 24      * @var    string
 25      * @since  11.1
 26      */
 27     protected $type = 'Rules';
 28 
 29     /**
 30      * The section.
 31      *
 32      * @var    string
 33      * @since  3.2
 34      */
 35     protected $section;
 36 
 37     /**
 38      * The component.
 39      *
 40      * @var    string
 41      * @since  3.2
 42      */
 43     protected $component;
 44 
 45     /**
 46      * The assetField.
 47      *
 48      * @var    string
 49      * @since  3.2
 50      */
 51     protected $assetField;
 52 
 53     /**
 54      * Method to get certain otherwise inaccessible properties from the form field object.
 55      *
 56      * @param   string  $name  The property name for which to the the value.
 57      *
 58      * @return  mixed  The property value or null.
 59      *
 60      * @since   3.2
 61      */
 62     public function __get($name)
 63     {
 64         switch ($name)
 65         {
 66             case 'section':
 67             case 'component':
 68             case 'assetField':
 69                 return $this->$name;
 70         }
 71 
 72         return parent::__get($name);
 73     }
 74 
 75     /**
 76      * Method to set certain otherwise inaccessible properties of the form field object.
 77      *
 78      * @param   string  $name   The property name for which to the the value.
 79      * @param   mixed   $value  The value of the property.
 80      *
 81      * @return  void
 82      *
 83      * @since   3.2
 84      */
 85     public function __set($name, $value)
 86     {
 87         switch ($name)
 88         {
 89             case 'section':
 90             case 'component':
 91             case 'assetField':
 92                 $this->$name = (string) $value;
 93                 break;
 94 
 95             default:
 96                 parent::__set($name, $value);
 97         }
 98     }
 99 
100     /**
101      * Method to attach a JForm object to the field.
102      *
103      * @param   SimpleXMLElement  $element  The SimpleXMLElement object representing the `<field>` tag for the form field object.
104      * @param   mixed             $value    The form field value to validate.
105      * @param   string            $group    The field name group control value. This acts as an array container for the field.
106      *                                      For example if the field has name="foo" and the group value is set to "bar" then the
107      *                                      full field name would end up being "bar[foo]".
108      *
109      * @return  boolean  True on success.
110      *
111      * @see     JFormField::setup()
112      * @since   3.2
113      */
114     public function setup(SimpleXMLElement $element, $value, $group = null)
115     {
116         $return = parent::setup($element, $value, $group);
117 
118         if ($return)
119         {
120             $this->section    = $this->element['section'] ? (string) $this->element['section'] : '';
121             $this->component  = $this->element['component'] ? (string) $this->element['component'] : '';
122             $this->assetField = $this->element['asset_field'] ? (string) $this->element['asset_field'] : 'asset_id';
123         }
124 
125         return $return;
126     }
127 
128     /**
129      * Method to get the field input markup for Access Control Lists.
130      * Optionally can be associated with a specific component and section.
131      *
132      * @return  string  The field input markup.
133      *
134      * @since   11.1
135      * @todo:   Add access check.
136      */
137     protected function getInput()
138     {
139         JHtml::_('bootstrap.tooltip');
140 
141         // Add Javascript for permission change
142         JHtml::_('script', 'system/permissions.js', array('version' => 'auto', 'relative' => true));
143 
144         // Load JavaScript message titles
145         JText::script('ERROR');
146         JText::script('WARNING');
147         JText::script('NOTICE');
148         JText::script('MESSAGE');
149 
150         // Add strings for JavaScript error translations.
151         JText::script('JLIB_JS_AJAX_ERROR_CONNECTION_ABORT');
152         JText::script('JLIB_JS_AJAX_ERROR_NO_CONTENT');
153         JText::script('JLIB_JS_AJAX_ERROR_OTHER');
154         JText::script('JLIB_JS_AJAX_ERROR_PARSE');
155         JText::script('JLIB_JS_AJAX_ERROR_TIMEOUT');
156 
157         // Initialise some field attributes.
158         $section    = $this->section;
159         $assetField = $this->assetField;
160         $component  = empty($this->component) ? 'root.1' : $this->component;
161 
162         // Current view is global config?
163         $isGlobalConfig = $component === 'root.1';
164 
165         // Get the actions for the asset.
166         $actions = JAccess::getActions($component, $section);
167 
168         // Iterate over the children and add to the actions.
169         foreach ($this->element->children() as $el)
170         {
171             if ($el->getName() == 'action')
172             {
173                 $actions[] = (object) array(
174                     'name' => (string) $el['name'],
175                     'title' => (string) $el['title'],
176                     'description' => (string) $el['description'],
177                 );
178             }
179         }
180 
181         // Get the asset id.
182         // Note that for global configuration, com_config injects asset_id = 1 into the form.
183         $assetId       = $this->form->getValue($assetField);
184         $newItem       = empty($assetId) && $isGlobalConfig === false && $section !== 'component';
185         $parentAssetId = null;
186 
187         // If the asset id is empty (component or new item).
188         if (empty($assetId))
189         {
190             // Get the component asset id as fallback.
191             $db = JFactory::getDbo();
192             $query = $db->getQuery(true)
193                 ->select($db->quoteName('id'))
194                 ->from($db->quoteName('#__assets'))
195                 ->where($db->quoteName('name') . ' = ' . $db->quote($component));
196 
197             $db->setQuery($query);
198 
199             $assetId = (int) $db->loadResult();
200 
201             /**
202              * @to do: incorrect info
203              * When creating a new item (not saving) it uses the calculated permissions from the component (item <-> component <-> global config).
204              * But if we have a section too (item <-> section(s) <-> component <-> global config) this is not correct.
205              * Also, currently it uses the component permission, but should use the calculated permissions for achild of the component/section.
206              */
207         }
208 
209         // If not in global config we need the parent_id asset to calculate permissions.
210         if (!$isGlobalConfig)
211         {
212             // In this case we need to get the component rules too.
213             $db = JFactory::getDbo();
214 
215             $query = $db->getQuery(true)
216                 ->select($db->quoteName('parent_id'))
217                 ->from($db->quoteName('#__assets'))
218                 ->where($db->quoteName('id') . ' = ' . $assetId);
219 
220             $db->setQuery($query);
221 
222             $parentAssetId = (int) $db->loadResult();
223         }
224 
225         // Full width format.
226 
227         // Get the rules for just this asset (non-recursive).
228         $assetRules = JAccess::getAssetRules($assetId, false, false);
229 
230         // Get the available user groups.
231         $groups = $this->getUserGroups();
232 
233         // Ajax request data.
234         $ajaxUri = JRoute::_('index.php?option=com_config&task=config.store&format=json&' . JSession::getFormToken() . '=1');
235 
236         // Prepare output
237         $html = array();
238 
239         // Description
240         $html[] = '<p class="rule-desc">' . JText::_('JLIB_RULES_SETTINGS_DESC') . '</p>';
241 
242         // Begin tabs
243         $html[] = '<div class="tabbable tabs-left" data-ajaxuri="' . $ajaxUri . '" id="permissions-sliders">';
244 
245         // Building tab nav
246         $html[] = '<ul class="nav nav-tabs">';
247 
248         foreach ($groups as $group)
249         {
250             // Initial Active Tab
251             $active = (int) $group->value === 1 ? ' class="active"' : '';
252 
253             $html[] = '<li' . $active . '>';
254             $html[] = '<a href="#permission-' . $group->value . '" data-toggle="tab">';
255             $html[] = JLayoutHelper::render('joomla.html.treeprefix', array('level' => $group->level + 1)) . $group->text;
256             $html[] = '</a>';
257             $html[] = '</li>';
258         }
259 
260         $html[] = '</ul>';
261 
262         $html[] = '<div class="tab-content">';
263 
264         // Start a row for each user group.
265         foreach ($groups as $group)
266         {
267             // Initial Active Pane
268             $active = (int) $group->value === 1 ? ' active' : '';
269 
270             $html[] = '<div class="tab-pane' . $active . '" id="permission-' . $group->value . '">';
271             $html[] = '<table class="table table-striped">';
272             $html[] = '<thead>';
273             $html[] = '<tr>';
274 
275             $html[] = '<th class="actions" id="actions-th' . $group->value . '">';
276             $html[] = '<span class="acl-action">' . JText::_('JLIB_RULES_ACTION') . '</span>';
277             $html[] = '</th>';
278 
279             $html[] = '<th class="settings" id="settings-th' . $group->value . '">';
280             $html[] = '<span class="acl-action">' . JText::_('JLIB_RULES_SELECT_SETTING') . '</span>';
281             $html[] = '</th>';
282 
283             $html[] = '<th id="aclactionth' . $group->value . '">';
284             $html[] = '<span class="acl-action">' . JText::_('JLIB_RULES_CALCULATED_SETTING') . '</span>';
285             $html[] = '</th>';
286 
287             $html[] = '</tr>';
288             $html[] = '</thead>';
289             $html[] = '<tbody>';
290 
291             // Check if this group has super user permissions
292             $isSuperUserGroup = JAccess::checkGroup($group->value, 'core.admin');
293 
294             foreach ($actions as $action)
295             {
296                 $html[] = '<tr>';
297                 $html[] = '<td headers="actions-th' . $group->value . '">';
298                 $html[] = '<label for="' . $this->id . '_' . $action->name . '_' . $group->value . '" class="hasTooltip" title="'
299                     . JHtml::_('tooltipText', $action->title, $action->description) . '">';
300                 $html[] = JText::_($action->title);
301                 $html[] = '</label>';
302                 $html[] = '</td>';
303 
304                 $html[] = '<td headers="settings-th' . $group->value . '">';
305 
306                 $html[] = '<select onchange="sendPermissions.call(this, event)" data-chosen="true" class="input-small novalidate"'
307                     . ' name="' . $this->name . '[' . $action->name . '][' . $group->value . ']"'
308                     . ' id="' . $this->id . '_' . $action->name . '_' . $group->value . '"'
309                     . ' title="' . strip_tags(JText::sprintf('JLIB_RULES_SELECT_ALLOW_DENY_GROUP', JText::_($action->title), trim($group->text))) . '">';
310 
311                 /**
312                  * Possible values:
313                  * null = not set means inherited
314                  * false = denied
315                  * true = allowed
316                  */
317 
318                 // Get the actual setting for the action for this group.
319                 $assetRule = $newItem === false ? $assetRules->allow($action->name, $group->value) : null;
320 
321                 // Build the dropdowns for the permissions sliders
322 
323                 // The parent group has "Not Set", all children can rightly "Inherit" from that.
324                 $html[] = '<option value=""' . ($assetRule === null ? ' selected="selected"' : '') . '>'
325                     . JText::_(empty($group->parent_id) && $isGlobalConfig ? 'JLIB_RULES_NOT_SET' : 'JLIB_RULES_INHERITED') . '</option>';
326                 $html[] = '<option value="1"' . ($assetRule === true ? ' selected="selected"' : '') . '>' . JText::_('JLIB_RULES_ALLOWED')
327                     . '</option>';
328                 $html[] = '<option value="0"' . ($assetRule === false ? ' selected="selected"' : '') . '>' . JText::_('JLIB_RULES_DENIED')
329                     . '</option>';
330 
331                 $html[] = '</select>&#160; ';
332 
333                 $html[] = '<span id="icon_' . $this->id . '_' . $action->name . '_' . $group->value . '"' . '></span>';
334                 $html[] = '</td>';
335 
336                 // Build the Calculated Settings column.
337                 $html[] = '<td headers="aclactionth' . $group->value . '">';
338 
339                 $result = array();
340 
341                 // Get the group, group parent id, and group global config recursive calculated permission for the chosen action.
342                 $inheritedGroupRule            = JAccess::checkGroup((int) $group->value, $action->name, $assetId);
343                 $inheritedGroupParentAssetRule = !empty($parentAssetId) ? JAccess::checkGroup($group->value, $action->name, $parentAssetId) : null;
344                 $inheritedParentGroupRule      = !empty($group->parent_id) ? JAccess::checkGroup($group->parent_id, $action->name, $assetId) : null;
345 
346                 // Current group is a Super User group, so calculated setting is "Allowed (Super User)".
347                 if ($isSuperUserGroup)
348                 {
349                     $result['class'] = 'label label-success';
350                     $result['text'] = '<span class="icon-lock icon-white"></span>' . JText::_('JLIB_RULES_ALLOWED_ADMIN');
351                 }
352                 // Not super user.
353                 else
354                 {
355                     // First get the real recursive calculated setting and add (Inherited) to it.
356 
357                     // If recursive calculated setting is "Denied" or null. Calculated permission is "Not Allowed (Inherited)".
358                     if ($inheritedGroupRule === null || $inheritedGroupRule === false)
359                     {
360                         $result['class'] = 'label label-important';
361                         $result['text']  = JText::_('JLIB_RULES_NOT_ALLOWED_INHERITED');
362                     }
363                     // If recursive calculated setting is "Allowed". Calculated permission is "Allowed (Inherited)".
364                     else
365                     {
366                         $result['class'] = 'label label-success';
367                         $result['text']  = JText::_('JLIB_RULES_ALLOWED_INHERITED');
368                     }
369 
370                     // Second part: Overwrite the calculated permissions labels if there is an explicit permission in the current group.
371 
372                     /**
373                      * @to do: incorrect info
374                      * If a component has a permission that doesn't exists in global config (ex: frontend editing in com_modules) by default
375                      * we get "Not Allowed (Inherited)" when we should get "Not Allowed (Default)".
376                      */
377 
378                     // If there is an explicit permission "Not Allowed". Calculated permission is "Not Allowed".
379                     if ($assetRule === false)
380                     {
381                         $result['class'] = 'label label-important';
382                         $result['text']  = JText::_('JLIB_RULES_NOT_ALLOWED');
383                     }
384                     // If there is an explicit permission is "Allowed". Calculated permission is "Allowed".
385                     elseif ($assetRule === true)
386                     {
387                         $result['class'] = 'label label-success';
388                         $result['text']  = JText::_('JLIB_RULES_ALLOWED');
389                     }
390 
391                     // Third part: Overwrite the calculated permissions labels for special cases.
392 
393                     // Global configuration with "Not Set" permission. Calculated permission is "Not Allowed (Default)".
394                     if (empty($group->parent_id) && $isGlobalConfig === true && $assetRule === null)
395                     {
396                         $result['class'] = 'label label-important';
397                         $result['text']  = JText::_('JLIB_RULES_NOT_ALLOWED_DEFAULT');
398                     }
399 
400                     /**
401                      * Component/Item with explicit "Denied" permission at parent Asset (Category, Component or Global config) configuration.
402                      * Or some parent group has an explicit "Denied".
403                      * Calculated permission is "Not Allowed (Locked)".
404                      */
405                     elseif ($inheritedGroupParentAssetRule === false || $inheritedParentGroupRule === false)
406                     {
407                         $result['class'] = 'label label-important';
408                         $result['text']  = '<span class="icon-lock icon-white"></span>' . JText::_('JLIB_RULES_NOT_ALLOWED_LOCKED');
409                     }
410                 }
411 
412                 $html[] = '<span class="' . $result['class'] . '">' . $result['text'] . '</span>';
413                 $html[] = '</td>';
414                 $html[] = '</tr>';
415             }
416 
417             $html[] = '</tbody>';
418             $html[] = '</table></div>';
419         }
420 
421         $html[] = '</div></div>';
422         $html[] = '<div class="clr"></div>';
423         $html[] = '<div class="alert">';
424 
425         if ($section === 'component' || !$section)
426         {
427             $html[] = JText::_('JLIB_RULES_SETTING_NOTES');
428         }
429         else
430         {
431             $html[] = JText::_('JLIB_RULES_SETTING_NOTES_ITEM');
432         }
433 
434         $html[] = '</div>';
435 
436         return implode("\n", $html);
437     }
438 
439     /**
440      * Get a list of the user groups.
441      *
442      * @return  array
443      *
444      * @since   11.1
445      */
446     protected function getUserGroups()
447     {
448         $options = JHelperUsergroups::getInstance()->getAll();
449 
450         foreach ($options as &$option)
451         {
452             $option->value = $option->id;
453             $option->text  = $option->title;
454         }
455 
456         return array_values($options);
457     }
458 }
459
Namespaces

Classes

Interfaces

Exceptions

Constants

Functions
