| Server IP : 54.36.91.62 / Your IP : 216.73.217.112 Web Server : Apache System : Linux webm013.cluster127.gra.hosting.ovh.net 5.15.206-ovh-vps-grsec-zfs-classid #1 SMP Fri May 15 02:41:25 UTC 2026 x86_64 User : coopiak ( 151928) PHP Version : 8.3.23 Disable Function : _dyuweyrj4,_dyuweyrj4r,dl MySQL : OFF | cURL : ON | WGET : ON | Perl : ON | Python : ON | Sudo : OFF | Pkexec : OFF Directory : /home/coopiak/plats-individuels/lyon/components/com_community/helpers/access/ |
Upload File : |
<?php
/**
* @copyright (C) 2013 iJoomla, Inc. - All rights reserved.
* @license GNU General Public License, version 2 (http://www.gnu.org/licenses/gpl-2.0.html)
* @author iJoomla.com <webmaster@ijoomla.com>
* @url https://www.jomsocial.com/license-agreement
* The PHP code portions are distributed under the GPL license. If not otherwise stated, all images, manuals, cascading style sheets, and included JavaScript *are NOT GPL, and are released under the IJOOMLA Proprietary Use License v1.0
* More info at https://www.jomsocial.com/license-agreement
*/
defined('_JEXEC') or die('Restricted access');
Class CProfileAccess implements CAccessInterface
{
/**
* Method to check if a user is authorised to perform an action in this class
*
* @param integer $userId Id of the user for which to check authorisation.
* @param string $action The name of the action to authorise.
* @param mixed $asset Name of the asset as a string.
*
* @return boolean True if authorised.
* @since Jomsocial 2.4
*/
static public function authorise()
{
$args = func_get_args();
$assetName = array_shift ( $args );
if (method_exists(__CLASS__,$assetName)) {
return call_user_func_array(array(__CLASS__, $assetName), $args);
} else {
return null;
}
}
/**
* Return true if the user can view the given profile
* @param type $asset
* @param type $assetObject
*
*/
static public function profileView($userid, $asset, $user)
{
$viewer = CFactory::getUser($userid);
// ACL
if( CFactory::getUser()->authorise('community.profileeditstate', 'com_community') || CFactory::getUser()->authorise('community.profileedit', 'com_community') || $viewer->id == $user->id ){
return true;
}
// @rule: if the user is blocked, you can't see it either
if( $user->isBlocked() ){
return false;
}
// Check based on privacy settin
$param = $user->getParams();
$access = $param->get('privacyProfileView');
// @rule, User with public access, show
// In old profile, 0 also means public
if( $access == PRIVACY_PUBLIC || $access == 0){
return true;
}
// @rule: at this stage, non registered member can't view it anyway
if( $viewer->id == 0){
return false;
}
// @rule: User that limit to friend only, check for friend
if( $access == PRIVACY_FRIENDS ){
$friends = explode( ',', $viewer->_friends );
if(in_array( $user->id, $friends )){
return true;
}
}
if( $access == PRIVACY_MEMBERS && $viewer->id !==0){
return true;
}
// @rule: for private profile, only owner can view
// No checking needed, already allow user to see themselves at the top line
return false;
}
/**
*
* @param type $userid
* @param type $asset
* @param type $user
*/
static public function profileDelete($userid, $asset, $user)
{
$config = CFactory::getConfig();
$viewer = CFactory::getUser($userid);
// Check if profile deletion is disabled
if( !$config->get('profile_deletion') )
{
return false;
}
// Guest obviously can't delete a profile
if( $userid == 0){
return false;
}
// Community admin cannot be deleted from the front-end
if( COwnerHelper::isCommunityAdmin($user->id) ){
return false;
}
// You can only delete your own profile
if( $userid == $user->id ){
return true;
}
return false;
}
static public function profileBan($userid, $asset, $user)
{
// Only community admin can ban a user
//return COwnerHelper::isCommunityAdmin( $userid );
// ACL check
return CFactory::getUser()->authorise('community.profileeditstate', 'com_community');
}
}