create function in db_common.php and edit select & update query functions:
//doug add new function
//used with the custom field “Permission” to Set Access Level for Viewing
function get_acl_doug() {
$acl_doug = array();
//get user info
$user =& JFactory::getUser();
$acl_doug['gid'] = $user->gid;
$acl_doug['uid'] = $user->id;
$gid_acl = array(
25 => 2, // even super admin cannot see private calendars
24 => 2,
23 => 2,
31 => 3,
34 => 3,
35 => 3,
36 => 3,
37 => 3,
27 => 4,
18 => 5,
17 => 5,
28 => 5,
29 => 5,
0 => 5
);
$gid_acl_update = array(
25 => 5,
24 => 5,
23 => 5,
31 => 3,
34 => 3,
35 => 3,
36 => 3,
37 => 4,
27 => 1,
18 => 1,
17 => 1,
28 => 1,
29 => 1,
0 => 1
);
$gid_acl_edit = array(
25 => true,
24 => true,
23 => true,
31 => false,
34 => false,
35 => false,
36 => false,
37 => false,
27 => false,
18 => false,
17 => false,
28 => false,
29 => false,
0 => false
);
$acl_doug['select'] = (array_key_exists ( $acl_doug['gid'] , $gid_acl ) ? $gid_acl[$acl_doug['gid']] : 5 ); // highest acl user gid can view
$acl_doug['update'] = (array_key_exists ( $acl_doug['gid'] , $gid_acl_update ) ? $gid_acl_update[$acl_doug['gid']] : 1 ); // highest acl user gid can update or insert
$acl_doug['insert'] = (array_key_exists ( $acl_doug['gid'] , $gid_acl_update ) ? $gid_acl_update[$acl_doug['gid']] : 1 ); // same as update for now
$acl_doug['edit'] = (array_key_exists ( $acl_doug['gid'] , $gid_acl_edit ) ? $gid_acl_edit[$acl_doug['gid']] : false ); // can edit or delete other users entry?
return $acl_doug;
}
protected function select_query($select,$from,$where,$sort,$start,$count){
//doug
$acl_doug = array();
$acl_doug = $this->get_acl_doug();
if ($where) $where.=" OR ";
$where.= ' (right(`permission`,1) >= '.$acl_doug['select'].') ';
$where.= ' OR (`user`= '.$acl_doug['uid'].') ';
$sql="SELECT ".$select." FROM ".$from;
if ($where) $sql.=" WHERE ".$where;
if ($sort) $sql.=" ORDER BY ".$sort;
if ($start || $count) $sql.=" LIMIT ".$start.",".$count;
return $sql;
}
protected function update_query($data,$request){
//get user info
$acl_doug = array();
$acl_doug = $this->get_acl_doug();
$source=str_replace( "events_rec" , "events_rec_view" , $request->get_source() );
$sql="UPDATE ".$source." SET ";
//$sql="UPDATE ".$request->get_source()." SET ";
$temp=array();
for ($i=0; $i < sizeof($this->config->text); $i++) {
$step=$this->config->text[$i];
if ($data->get_value($step["name"])===Null)
$step_value ="Null";
else
$step_value = "'".$this->escape($data->get_value($step["name"]))."'";
//doug
// `permission`='permission_2'
// $temp[$i]= $this->escape_name($step["db_name"])."=". $step_value;
if ($this->escape_name($step["db_name"]) == '`permission`') {
$step_value = "'permission_".min(right($this->escape($data->get_value($step["name"])),1),$acl_doug['update'])."'";
//echo 'right: '.right($this->escape($data->get_value($step["name"])),1).' acl: '.$acl_doug['update'].'<br>';
}
if ($this->escape_name($step["db_name"]) == '`user`' && $acl_doug['edit'] ) {
$query = "SELECT `user` FROM #__events_rec WHERE ".$this->escape_name($this->config->id["db_name"])."='".$this->escape($data->get_id())."'";
$db =& JFactory::getDBO();
$db->setQuery($query);
$crow = $db->loadRow();
$step_value = "'".$crow[0]."'";
}
$temp[$i]= $this->escape_name($step["db_name"])."=". $step_value;
}
if ($relation = $this->config->relation_id["db_name"]){
$temp[]= $this->escape_name($relation)."='".$this->escape($data->get_value($relation))."'";
}
$sql.=implode(",",$temp)." WHERE ".$this->escape_name($this->config->id["db_name"])."='".$this->escape($data->get_id())."'";
//if we have limited set - set constraints
$where=$this->build_where($request->get_filters(),$request->get_relation());
if ($where) $sql.=" AND (".$where.")";
return $sql;
}