Event visibilty dependend on Joomla User Groups

Discontinued products Scheduler for Joomla and WP
#1

Hi,

I just installed Scheduler 3.0 on Joomla 2.5.4 and I like it very much! Thank you!

I need to to show and hide events depending on the user group. I think this is currently not possible, right?
Is this planned for the furture? If yes: When might it be available?

Since I need this feature quite urgent I would try to change the relevant code by myself. Where is the best place to do so? I have seen that in the DB the userid of the creator of an events is stored. I could use this to compare the creators user group to the user group of the current user.
But where do I find the check for the right userid in the code?

Any help is very welcome.

Thank you very much!

Best regards
Arno

#2

Hi,
you’re right: there is no special feature and we don’t have plans to implement it in the nearest future. But it’s no so reaaly to implement it.
The start point is components/com_scheduler/codebase/dhtmlxSchedulerConfigurator.php. There is method getEventsRec in this file which renders list of events for scheduler.
DHTMLX SchedulerConnector is used to render events, so you may attach event beforeRender and implement checking inside this event call:

public function getEventsRec($usergroups) {
		require("connector/scheduler_connector.php");
		$this->scheduler = new schedulerConnector($this->connection);
		$this->scheduler->event->attach("beforeRender", array($this, "check_user_group"));
		...
}

public function check_user_group($item) {
		$author_id = $item->get_option('author');
		// now you have event author id and can check if event should be rendered
		if ( $dont_render) {
			// don't include event in output
			$item->skip();
		}
}
#3

Thank you very much for your fast reply and giving me that starting point.

In case of success I will share it here.

Best regards
Arno

#4

I built a work around with a custom field for access level permissions;

1: create custom field select options list named “permission” I use 5 levels:

0 - select access lever for display in calendar ( defaults to private , not viewable by admins either)
1 - private, only viewable to user
2 - managers
3 - staff
4 - residents
5 - public

note you set custom acls like “staff” & “residents” in var declaration. array is used for gid, should be obvious how to tweak for you needs. I also tweak

  1. settings admin to ‘private extended mode’

  2. create function in db_common.php and edit select & update query functions:

    //doug add new function
    //used with the custom field “Permission” to Set Access Level for Viewing
    function get_acl_doug() {

        $acl_doug = array();
    //get user info
    $user =& JFactory::getUser();
    $acl_doug['gid'] = $user->gid;
    $acl_doug['uid'] = $user->id;
    
    
$gid_acl = array(
			25 => 2,  // even super admin cannot see private calendars
			24 => 2,
			23 => 2,
			31 => 3,
			34 => 3,
			35 => 3,
			36 => 3,
			37 => 3,
			27 => 4,
			18 => 5,
			17 => 5,
			28 => 5,
			29 => 5,
			0  => 5
		);
        
$gid_acl_update = array(
			25 => 5,
			24 => 5,
			23 => 5,
			31 => 3,
			34 => 3,
			35 => 3,
			36 => 3,
			37 => 4,
			27 => 1,
			18 => 1,
			17 => 1,
			28 => 1,
			29 => 1,
			0  => 1
		);
        
        $gid_acl_edit = array(
			25 => true,
			24 => true,
			23 => true,
			31 => false,
			34 => false,
			35 => false,
			36 => false,
			37 => false,
			27 => false,
			18 => false,
			17 => false,
			28 => false,
			29 => false,
			0  => false
		);
        
$acl_doug['select'] = (array_key_exists ( $acl_doug['gid'] , $gid_acl ) ? $gid_acl[$acl_doug['gid']] : 5 ); // highest acl user gid can view
        $acl_doug['update'] = (array_key_exists ( $acl_doug['gid'] , $gid_acl_update ) ? $gid_acl_update[$acl_doug['gid']] : 1 ); // highest acl user gid can update or insert
        $acl_doug['insert'] = (array_key_exists ( $acl_doug['gid'] , $gid_acl_update ) ? $gid_acl_update[$acl_doug['gid']] : 1 ); // same as update for now
$acl_doug['edit'] = (array_key_exists ( $acl_doug['gid'] , $gid_acl_edit ) ? $gid_acl_edit[$acl_doug['gid']] : false ); // can edit or delete other users entry?
 
        return $acl_doug;

    }

    protected function select_query($select,$from,$where,$sort,$start,$count){
    //doug
    $acl_doug = array();
    $acl_doug = $this->get_acl_doug();

        if ($where) $where.=" OR ";
    $where.= ' (right(`permission`,1) >= '.$acl_doug['select'].') ';
	$where.= ' OR (`user`= '.$acl_doug['uid'].') ';
    

$sql="SELECT ".$select." FROM ".$from;
        
           
if ($where) $sql.=" WHERE ".$where;
if ($sort) $sql.=" ORDER BY ".$sort;
if ($start || $count) $sql.=" LIMIT ".$start.",".$count;
return $sql;

    }

    protected function update_query($data,$request){

    //get user info
    $acl_doug = array();
    $acl_doug = $this->get_acl_doug();
	
    

$source=str_replace( "events_rec" , "events_rec_view" , $request->get_source() );



$sql="UPDATE ".$source." SET ";
    
    
//$sql="UPDATE ".$request->get_source()." SET ";

$temp=array();
for ($i=0; $i < sizeof($this->config->text); $i++) { 
	$step=$this->config->text[$i];
	
	if ($data->get_value($step["name"])===Null)
		$step_value ="Null";
	else
		$step_value = "'".$this->escape($data->get_value($step["name"]))."'";
                //doug
                // `permission`='permission_2'
                // $temp[$i]= $this->escape_name($step["db_name"])."=". $step_value;
                if ($this->escape_name($step["db_name"]) == '`permission`') {
                    $step_value = "'permission_".min(right($this->escape($data->get_value($step["name"])),1),$acl_doug['update'])."'";
                    //echo 'right: '.right($this->escape($data->get_value($step["name"])),1).' acl: '.$acl_doug['update'].'<br>';
                }
                
                if ($this->escape_name($step["db_name"]) == '`user`' && $acl_doug['edit'] ) {
                    
                        $query = "SELECT `user` FROM #__events_rec WHERE ".$this->escape_name($this->config->id["db_name"])."='".$this->escape($data->get_id())."'";
                        $db =& JFactory::getDBO();
                        $db->setQuery($query);
                        $crow = $db->loadRow();

                    
                    $step_value = "'".$crow[0]."'";
                }
                
	$temp[$i]= $this->escape_name($step["db_name"])."=". $step_value;
 	
}
        

if ($relation = $this->config->relation_id["db_name"]){
	$temp[]= $this->escape_name($relation)."='".$this->escape($data->get_value($relation))."'";
}

$sql.=implode(",",$temp)." WHERE ".$this->escape_name($this->config->id["db_name"])."='".$this->escape($data->get_id())."'";

//if we have limited set - set constraints
$where=$this->build_where($request->get_filters(),$request->get_relation());
if ($where) $sql.=" AND (".$where.")";

    
return $sql;

    }

#5

NOTE in the above code, need insert function update too, included here. Each group has publishing level limits too. “residents” group can only post to level you set, in my example array it’s “private” only. “staff” can publish viewable to all other staff. “managers” or higher only can publish to “resident” or “public” calendars.

My guess this has more flexibility than you were looking for but should accomplish what you want i.e. you can hard set with arrays that exact acls a given group can insert and update an event to.

Look out for this line. I use a different table name so adjust this line in update and insert functions accordingly:

$source=str_replace ( “events_rec” , “events_rec_view” , $request->get_source() );

protected function insert_query($data,$request){
        
        $acl_doug = array();
        $acl_doug = $this->get_acl_doug();
        
        
	$temp_n=array(); 
	$temp_v=array(); 
	foreach($this->config->text as $k => $v){
		$temp_n[$k]=$this->escape_name($v["db_name"]);
		if ($data->get_value($v["name"])===Null)
			$temp_v[$k]="Null";
		else
		$temp_v[$k]="'".$this->escape($data->get_value($v["name"]))."'";
                    //doug
                    // `permission`='permission_2'
                    if ($this->escape_name($v["db_name"]) == '`permission`') 
                        $temp_v[$k] = "'permission_".min(right($this->escape($data->get_value($v["name"])),1),$acl_doug['insert'])."'";
                        //echo 'right: '.right($this->escape($data->get_value($v["name"])),1).' acl: '.$acl_doug['insert'].'<br>';
                    
                        
	}
	if ($relation = $this->config->relation_id["db_name"]){
		$temp_n[]=$this->escape_name($relation);
		$temp_v[]="'".$this->escape($data->get_value($relation))."'";
	}
	if ($this->sequence){
		$temp_n[]=$this->escape_name($this->config->id["db_name"]);
		$temp_v[]=$this->sequence;
	}
	
            
            //doug  if want to change table name which I do
	$source=str_replace ( "events_rec" , "events_rec_view" , $request->get_source() );
	
	$sql="INSERT INTO ".$source."(".implode(",",$temp_n).") VALUES (".implode(",",$temp_v).")";
	
            
	//$sql="INSERT INTO ".$request->get_source()."(".implode(",",$temp_n).") VALUES (".implode(",",$temp_v).")";
	
	return $sql;
}
#6

Hi,
good work!

#7

Thank you Radyno. And thank you for a great product. I do have two issues if you can please help.

Per another post recommended for admins being able to edit events other users create I modified in dhtmlxSchedulerConfigurator.php:

//replace – if ($settings[“privatemode”] == “ext”) {
if ($settings[“privatemode”] == “ext” &&($usergroups[0] != “manager”) &&($usergroups[0] != “administrator”) &&($usergroups[0] != “superadministrator”)) {

  1. Edits update events of others but only on the second attempt and beyond. The first attempt shows in red and won’t take. Then it works on all following attempts.

  2. Deletes pf events of others don’t work at all. Show in red with line thru them. Unlike edits, retries don’t work.

Thanks in advance.

Note in my previous post you need to define somewhere global the right() function:

function right($string,$chars)
{
$vright = substr($string, strlen($string)-$chars,$chars);
return $vright;

}

function left($string,$chars)
{
$vright = substr($string, 0 ,$chars);
return $vright;

}