Source code for file /joomla/user/authorization.php
Documentation is available at authorization.php
* @version $Id: authorization.php 6580 2007-02-11 10:53:32Z tcp $
* @package Joomla.Framework
* @copyright Copyright (C) 2005 - 2007 Open Source Matters. All rights reserved.
* @license GNU/GPL, see LICENSE.php
* Joomla! is free software. This version may have been modified pursuant
* to the GNU General Public License, and as distributed it includes or
* is derivative of works licensed under the GNU General Public License or
* other free or open source software licenses.
* See COPYRIGHT.php for copyright notices and details.
// Check to ensure this file is within the rest of the framework
* Class that handles all access authorization
* @package Joomla.Framework
* @param array An arry of options to oeverride the class defaults
parent::gacl( $options );
// ARO value is currently the user type,
// this changes to user id in proper implementation
// No hierarchial inheritance so have to do that the long way
$this->_mos_add_acl( 'mydetails', 'manage', 'users', 'super administrator' );
$this->_mos_add_acl( 'mydetails', 'manage', 'users', 'administrator' );
$this->_mos_add_acl( 'mydetails', 'manage', 'users', 'manager' );
$this->_mos_add_acl( 'mydetails', 'author', 'users', 'author' );
$this->_mos_add_acl( 'mydetails', 'author', 'users', 'editor' );
$this->_mos_add_acl( 'mydetails', 'author', 'users', 'publisher' );
$this->_mos_add_acl( 'mydetails', 'registered', 'users', 'registered' );
$this->_mos_add_acl( 'login', 'administrator', 'users', 'administrator' );
$this->_mos_add_acl( 'login', 'administrator', 'users', 'super administrator' );
$this->_mos_add_acl( 'login', 'administrator', 'users', 'manager' );
$this->_mos_add_acl( 'login', 'site', 'users', 'administrator' );
$this->_mos_add_acl( 'login', 'site', 'users', 'super administrator' );
$this->_mos_add_acl( 'login', 'site', 'users', 'registered' );
$this->_mos_add_acl( 'login', 'site', 'users', 'publisher' );
$this->_mos_add_acl( 'com_banners', 'manage', 'users', 'super administrator' );
$this->_mos_add_acl( 'com_banners', 'manage', 'users', 'administrator' );
$this->_mos_add_acl( 'com_banners', 'manage', 'users', 'manager' );
$this->_mos_add_acl( 'com_checkin', 'manage', 'users', 'super administrator' );
$this->_mos_add_acl( 'com_checkin', 'manage', 'users', 'administrator' );
$this->_mos_add_acl( 'com_cache', 'manage', 'users', 'super administrator' );
$this->_mos_add_acl( 'com_cache', 'manage', 'users', 'administrator' );
$this->_mos_add_acl( 'com_config', 'manage', 'users', 'super administrator' );
//$this->_mos_add_acl( 'com_config', 'manage', 'users', 'administrator' );
$this->_mos_add_acl( 'com_contact', 'manage', 'users', 'super administrator' );
$this->_mos_add_acl( 'com_contact', 'manage', 'users', 'administrator' );
$this->_mos_add_acl( 'com_contact', 'manage', 'users', 'manager' );
$this->_mos_add_acl( 'com_components', 'manage', 'users', 'super administrator' );
$this->_mos_add_acl( 'com_components', 'manage', 'users', 'administrator' );
$this->_mos_add_acl( 'com_components', 'manage', 'users', 'manager' );
$this->_mos_add_acl( 'com_frontpage', 'manage', 'users', 'super administrator' );
$this->_mos_add_acl( 'com_frontpage', 'manage', 'users', 'administrator' );
$this->_mos_add_acl( 'com_frontpage', 'manage', 'users', 'manager' );
$this->_mos_add_acl( 'com_frontpage', 'edit', 'users', 'manager' );
// access to installers and base installer
$this->_mos_add_acl( 'com_installer', 'installer', 'users', 'administrator' );
$this->_mos_add_acl( 'com_installer', 'installer', 'users', 'super administrator' );
$this->_mos_add_acl( 'com_installer', 'component', 'users', 'administrator' );
$this->_mos_add_acl( 'com_installer', 'component', 'users', 'super administrator' );
$this->_mos_add_acl( 'com_installer', 'language', 'users', 'super administrator' );
$this->_mos_add_acl( 'com_installer', 'language', 'users', 'administrator' );
$this->_mos_add_acl( 'com_installer', 'module', 'users', 'administrator' );
$this->_mos_add_acl( 'com_installer', 'module', 'users', 'super administrator' );
$this->_mos_add_acl( 'com_installer', 'plugin', 'users', 'administrator' );
$this->_mos_add_acl( 'com_installer', 'plugin', 'users', 'super administrator' );
$this->_mos_add_acl( 'com_installer', 'template', 'users', 'super administrator' );
$this->_mos_add_acl( 'com_installer', 'template', 'users', 'administrator' );
$this->_mos_add_acl( 'com_languages', 'manage', 'users', 'super administrator' );
$this->_mos_add_acl( 'com_plugins', 'manage', 'users', 'super administrator' );
$this->_mos_add_acl( 'com_plugins', 'manage', 'users', 'administrator' );
// uncomment following to allow managers to edit modules
//array( 'administration', 'edit', 'users', 'manager', 'modules', 'all' );
$this->_mos_add_acl( 'com_massmail', 'manage', 'users', 'super administrator' );
$this->_mos_add_acl( 'com_media', 'manage', 'users', 'super administrator' );
$this->_mos_add_acl( 'com_media', 'manage', 'users', 'administrator' );
$this->_mos_add_acl( 'com_media', 'manage', 'users', 'manager' );
$this->_mos_add_acl( 'com_media', 'popup', 'users', 'super administrator' );
$this->_mos_add_acl( 'com_media', 'popup', 'users', 'administrator' );
$this->_mos_add_acl( 'com_media', 'popup', 'users', 'manager' );
$this->_mos_add_acl( 'com_media', 'popup', 'users', 'registered' );
$this->_mos_add_acl( 'com_media', 'popup', 'users', 'author' );
$this->_mos_add_acl( 'com_media', 'popup', 'users', 'editor' );
$this->_mos_add_acl( 'com_media', 'popup', 'users', 'publisher' );
$this->_mos_add_acl( 'com_menumanager', 'manage', 'users', 'administrator' );
$this->_mos_add_acl( 'com_menumanager', 'manage', 'users', 'super administrator' );
$this->_mos_add_acl( 'com_modules', 'manage', 'users', 'super administrator' );
$this->_mos_add_acl( 'com_modules', 'manage', 'users', 'administrator' );
$this->_mos_add_acl( 'com_newsfeeds', 'manage', 'users', 'super administrator' );
$this->_mos_add_acl( 'com_newsfeeds', 'manage', 'users', 'administrator' );
$this->_mos_add_acl( 'com_newsfeeds', 'manage', 'users', 'manager' );
$this->_mos_add_acl( 'com_poll', 'manage', 'users', 'super administrator' );
$this->_mos_add_acl( 'com_poll', 'manage', 'users', 'administrator' );
$this->_mos_add_acl( 'com_poll', 'manage', 'users', 'manager' );
$this->_mos_add_acl( 'com_syndicate', 'manage', 'users', 'super administrator' );
$this->_mos_add_acl( 'com_syndicate', 'manage', 'users', 'administrator' );
$this->_mos_add_acl( 'com_syndicate', 'manage', 'users', 'manager' );
$this->_mos_add_acl( 'com_templates', 'manage', 'users', 'super administrator' );
//$this->_mos_add_acl( 'com_templates', 'manage', 'user', 'administrator' )
$this->_mos_add_acl( 'com_trash', 'manage', 'users', 'administrator' );
$this->_mos_add_acl( 'com_trash', 'manage', 'users', 'super administrator' );
// email block users property
$this->_mos_add_acl( 'com_users', 'block user', 'users', 'administrator' );
$this->_mos_add_acl( 'com_users', 'block user', 'users', 'super administrator' );
$this->_mos_add_acl( 'com_users', 'manage', 'users', 'administrator' );
$this->_mos_add_acl( 'com_users', 'manage', 'users', 'super administrator' );
$this->_mos_add_acl( 'com_weblinks', 'manage', 'users', 'super administrator' );
$this->_mos_add_acl( 'com_weblinks', 'manage', 'users', 'administrator' );
$this->_mos_add_acl( 'com_weblinks', 'manage', 'users', 'manager' );
$this->_mos_add_acl( 'com_users', 'email_events', 'users', 'administrator' );
$this->_mos_add_acl( 'com_users', 'email_events', 'users', 'super administrator' );
$this->_mos_add_acl( 'workflow', 'email_events', 'users', 'administrator', null, null );
$this->_mos_add_acl( 'workflow', 'email_events', 'users', 'super administrator', null, null );
$this->_mos_add_acl( 'action', 'add', 'users', 'author', 'content', 'all' );
$this->_mos_add_acl( 'action', 'add', 'users', 'editor', 'content', 'all' );
$this->_mos_add_acl( 'action', 'add', 'users', 'publisher', 'content', 'all' );
$this->_mos_add_acl( 'action', 'edit', 'users', 'author', 'content', 'own' );
$this->_mos_add_acl( 'action', 'edit', 'users', 'editor', 'content', 'all' );
$this->_mos_add_acl( 'action', 'edit', 'users', 'publisher', 'content', 'all' );
$this->_mos_add_acl( 'action', 'publish', 'users', 'publisher', 'content', 'all' );
$this->_mos_add_acl( 'action', 'add', 'users', 'manager', 'content', 'all' );
$this->_mos_add_acl( 'action', 'edit', 'users', 'manager', 'content', 'all' );
$this->_mos_add_acl( 'action', 'publish', 'users', 'manager', 'content', 'all' );
$this->_mos_add_acl( 'action', 'add', 'users', 'administrator', 'content', 'all' );
$this->_mos_add_acl( 'action', 'edit', 'users', 'administrator', 'content', 'all' );
$this->_mos_add_acl( 'action', 'publish', 'users', 'administrator', 'content', 'all' );
$this->_mos_add_acl( 'action', 'add', 'users', 'super administrator', 'content', 'all' );
$this->_mos_add_acl( 'action', 'edit', 'users', 'super administrator', 'content', 'all' );
$this->_mos_add_acl( 'action', 'publish', 'users', 'super administrator', 'content', 'all' );
// Legacy ACL's for backward compat
$this->_mos_add_acl( 'administration', 'edit', 'users', 'super administrator', 'components', 'all' );
$this->_mos_add_acl( 'administration', 'edit', 'users', 'administrator', 'components', 'all' );
$this->_mos_add_acl( 'administration', 'edit', 'users', 'super administrator', 'user properties', 'block_user' );
$this->_mos_add_acl( 'administration', 'manage', 'users', 'super administrator', 'components', 'com_users' );
$this->_mos_add_acl( 'administration', 'manage', 'users', 'administrator', 'components', 'com_users' );
$this->_mos_add_acl( 'administration', 'config', 'users', 'super administrator' );
//$this->_mos_add_acl( 'administration', 'config', 'users', 'administrator' );
* This is a temporary function to allow 3PD's to add basic ACL checks for their
* modules and components. NOTE: this information will be compiled in the db
$aro_section_value, $aro_value, $axo_section_value=
NULL, $axo_value=
NULL ) {
$this->acl[] =
array( $aco_section_value, $aco_value, $aro_section_value, $aro_value, $axo_section_value, $axo_value );
* Wraps the actual acl_query() function.
* It is simply here to return TRUE/FALSE accordingly.
* @param string The ACO section value
* @param string The ACO value
* @param string The ARO section value
* @param string The ARO section
* @param string The AXO section value (optional)
* @param string The AXO section value (optional)
* @param integer The group id of the ARO ??Mike?? (optional)
* @param integer The group id of the AXO ??Mike?? (optional)
* @return mixed Generally a zero (0) or (1) or the extended return value of the ACL
function acl_check( $aco_section_value, $aco_value,
$aro_section_value, $aro_value, $axo_section_value=
NULL, $axo_value=
NULL ) {
$this->debug_text( "\n<br> ACO=$aco_section_value:$aco_value, ARO=$aro_section_value:$aro_value, AXO=$axo_section_value|$axo_value" );
if ($axo_section_value &&
$this->acl[$i][4]) {
* Gets the 'name' of a group
* @param int The group id
* @param string The type: [ARO]|AXO
* @param string The value for the group
* @return object The row from the group table
$db->setQuery( 'SELECT g.*'
.
' FROM #__core_acl_'.
$type.
'_groups AS g'
.
' INNER JOIN #__core_acl_groups_'.
$type.
'_map AS gm ON gm.group_id = g.id'
.
' INNER JOIN #__core_acl_'.
$type.
' AS ao ON ao.id = gm.'.
$type.
'_id'
.
' WHERE ao.value="'.
$value.
'"'
$obj =
$db->loadObject( );
function _getBelow( $table, $fields, $groupby=
null, $root_id=
null, $root_name=
null, $inclusive=
true )
$query =
"SELECT lft, rgt FROM $table WHERE name = '$root_name' ";
$root =
$db->loadObject();
if ($root->lft+
$root->rgt <>
0) {
$where =
" WHERE g1.lft BETWEEN $root->lft AND $root->rgt ";
$where =
' WHERE g1.lft BETWEEN 3 AND 22 ';
$query =
'SELECT '.
$fields
.
' FROM '.
$table .
' AS g1'
.
' INNER JOIN '.
$table .
' AS g2 ON g1.lft BETWEEN g2.lft AND g2.rgt'
.
($groupby ?
' GROUP BY ' .
$groupby :
'')
return $db->loadObjectList();
* @param boolean Returns the complete html if true
* @return string|arrayString if html, otherwise an array
$tree =
$this->_getBelow( '#__core_acl_aro_groups',
'g1.id, g1.name, COUNT(g2.name) AS level',
$root_id, $root_name, $inclusive );
// first pass get level limits
for ($i=
0; $i <
$n; $i++
) {
$min =
min( $min, $tree[$i]->level );
$max =
max( $max, $tree[$i]->level );
foreach (range( $min, $max ) as $i) {
$indents[$i] =
' ';
// correction for first indent
for ($i=
$n-
1; $i >=
0; $i--
) {
foreach (range( $min, $tree[$i]->level ) as $j) {
if (@$indents[$tree[$i]->level+
1] ==
'. ') {
$groupName =
JText::_( $tree[$i]->name );
//$list[$i] = $tree[$i]->level.$shim.$twist.$tree[$i]->name;
$list[$i] =
array( 'value'=>
$tree[$i]->id, 'text'=>
$shim.
$twist.
$groupName );
if ($tree[$i]->level <
@$tree[$i-
1]->level) {
$indents[$tree[$i]->level+
1] =
'. ';
/*======================================================================*\
Function: has_group_parent
Purpose: Checks whether the 'source' group is a child of the 'target'
\*======================================================================*/
$this->debug_text("has_group_parent(): Source=$grp_src, Target=$grp_tgt, Type=$group_type");
$db->setQuery( 'SELECT COUNT(*)'
.
' LEFT JOIN '.
$table .
' AS g2 ON g1.lft > g2.lft AND g1.lft < g2.rgt '
.
' WHERE g1.id='.
$grp_src .
' AND g2.id= '.
$grp_tgt
$db->setQuery( 'SELECT COUNT(*)'
.
' FROM '.
$table .
' AS g1 '
.
' LEFT JOIN '.
$table .
' AS g2 ON g1.lft > g2.lft AND g1.lft < g2.rgt'
.
' WHERE g1.name="'.
$grp_src .
'" AND g2.name="' .
$grp_tgt .
'"'
$db->setQuery( 'SELECT COUNT(*)'
.
'LEFT JOIN '.
$table .
' AS g2 ON g1.lft > g2.lft AND g1.lft < g2.rgt'
.
'WHERE g1.id="' .
$grp_src .
'" AND g2.name="' .
$grp_tgt.
'"'
$db->setQuery( 'SELECT COUNT(*)'
.
'LEFT JOIN $table AS g2 ON g1.lft > g2.lft AND g1.lft < g2.rgt'
.
'WHERE g1.name= "' .
$grp_src .
'" AND g2.id="' .
$grp_tgt .
'"'
return $db->loadResult();
/*======================================================================*\
Function: get_group_children()
Purpose: Gets a groups child IDs
\*======================================================================*/
function get_group_parents($group_id, $group_type =
'ARO', $recurse =
'NO_RECURSE') {
$this->debug_text("get_group_parents(): Group_ID: $group_id Group Type: $group_type Recurse: $recurse");
$this->debug_text("get_group_parents(): ID ($group_id) is empty, this is required");
//FIXME-mikeb: Why is group_id in quotes?
LEFT JOIN '.
$table .
' g2 ON g1.lft > g2.lft AND g1.lft < g2.rgt
WHERE g1.id='.
$group_id;
LEFT JOIN '.
$table .
' g2 ON g1.lft >= g2.lft AND g1.lft <= g2.rgt
WHERE g1.id='.
$group_id;
WHERE g1.parent_id='.
$group_id;
$this->db->setQuery( $query );
return $this->db->loadResultArray();
* Required for both Classess below
* @package Joomla.Framework
/** @var int Primary key */
parent::__construct( '#__core_acl_aro', 'aro_id', $db );
* @package Joomla.Framework
/** @var int Primary key */
parent::__construct( '#__core_acl_aro_groups', 'group_id', $db );