[Feature Request] allow upload by access-level (w/ patch)

[PhracturedBlue]

I wanted to be able to define which users can upload to which categories by access-level rather than by userid

The following (crude) patch accomplishes this for the 3.0.6 Phoca release. There is probably a better way, but this works for me:
part1:

Code: Select all

diff -u -r a/administrator/components/com_phocadownload/libraries/phocadownload/access/access.php b/administrator/components/com_phocadownload/com_phocadownload/libraries/phocadownload/access/access.php
--- a/administrator/components/com_phocadownload/libraries/phocadownload/access/access.php     2015-02-20 08:27:48.000000000 -0800
+++ b/administrator/components/com_phocadownload/com_phocadownload/libraries/phocadownload/access/access.php      2015-03-05 10:37:31.000000000 -0800
@@ -84,7 +84,15 @@
                                                // Check if the user is contained in selected array
                                                $userIsContained = 0;
                                                foreach ($rightUsersIdArray as $key => $value) {
-                                                       if ($userId == $value) {
+                                                       if($value[0] == '+') {
+                                                               $value = substr($value, 1);
+                                                               $userLevels = JFactory::getUser($userId)->getAuthorisedViewLevels();
+                                                               if (in_array($value, $userLevels)) {
+                                                                       $userIsContained = 1;
+                                                                       break;
+                                                               }
+                                                               continue;
+                                                       } elseif ($userId == $value) {
                                                                $userIsContained = 1;// check if the user id is selected in multiple box
                                                                break;// don't search again
                                                        }

[jstratos]

I don't believe this is valid for 2.5.

[PhracturedBlue]

Here is part 2 of the code (forum will not let me paste it all in one message):

Code: Select all

diff -u -r a/administrator/components/com_phocadownload/libraries/phocadownload/user/user.php b/administrator/components/com_phocadownload/com_phocadownload/libraries/phocadownload/user/user.php
--- a/administrator/components/com_phocadownload/libraries/phocadownload/user/user.php	2015-02-20 08:27:48.000000000 -0800
+++ b/administrator/components/com_phocadownload/com_phocadownload/libraries/phocadownload/user/user.php	2015-03-05 10:14:45.000000000 -0800
@@ -81,6 +81,9 @@
 		}
 		
 		$db		= JFactory::getDBO();
+		$query = 'SELECT v.title,v.id FROM #__viewlevels AS v ORDER BY v.ordering';
+		$db->setQuery( $query );
+                $viewLevels = $db->loadObjectList();
 		$and 	= '';
 		if ($reg) {
 			// does not include registered users in the list
@@ -120,6 +123,9 @@
 			
 			$users[] = JHTML::_('select.option',  $idInput1, '- '. $idText1 .' -' );
 			$users[] = JHTML::_('select.option',  $idInput2, '- '. $idText2 .' -' );
+			foreach ($viewLevels as $key => $value) {
+				$users[] = JHTML::_('select.option',  "+". $value->id, '- '. $value->title. ' -');
+			}
 			
 			$users = array_merge( $users, $db->loadObjectList() );
 		} else {

[PhracturedBlue]

here is the 3rd (and last) part of the patch:

Code: Select all

diff -u -r a/components/com_phocadownload/views/user/view.html.php b/components/com_phocadownload/com_phocadownload/views/user/view.html.php
--- a/components/com_phocadownload/views/user/view.html.php	2015-02-20 08:27:48.000000000 -0800
+++ b.components/com_phocadownload/com_phocadownload/views/user/view.html.php	2015-03-05 10:26:43.000000000 -0800
@@ -219,7 +219,15 @@
 		//}
 		//$whereC[]	= "(cc.uploaduserid LIKE '%-1%' OR cc.uploaduserid LIKE '%".(int)$user->id."%')";
 		//$whereC[]	= "(cc.uploaduserid LIKE '%-1%' OR cc.uploaduserid LIKE '%,{".(int)$user->id."}' OR cc.uploaduserid LIKE '{".(int)$user->id."},%' OR cc.uploaduserid LIKE '%,{".(int)$user->id."},%' OR cc.uploaduserid ={".(int)$user->id."} )";
-		$whereC[]	= "(cc.uploaduserid LIKE '%-1%' OR cc.uploaduserid LIKE '%,".(int)$user->id."' OR cc.uploaduserid LIKE '".(int)$user->id.",%' OR cc.uploaduserid LIKE '%,".(int)$user->id.",%' OR cc.uploaduserid =".(int)$user->id." )";
+		//$whereC[]	= "(cc.uploaduserid LIKE '%-1%' OR cc.uploaduserid LIKE '%,".(int)$user->id."' OR cc.uploaduserid LIKE '".(int)$user->id.",%' OR cc.uploaduserid LIKE '%,".(int)$user->id.",%' OR cc.uploaduserid =".(int)$user->id." )";
+		$userMatch	= "(cc.uploaduserid LIKE '%-1' OR cc.uploaduserid LIKE '%-1,' OR cc.uploaduserid LIKE '%,".(int)$user->id."' OR cc.uploaduserid LIKE '".(int)$user->id.",%' OR cc.uploaduserid LIKE '%,".(int)$user->id.",%' OR cc.uploaduserid =".(int)$user->id;
+                foreach (JFactory::getUser($user->id)->getAuthorisedViewLevels() as $level) {
+                    if($level != 1) {
+                         $userMatch .= " OR cc.uploaduserid LIKE '%+" . $level . "' OR cc.uploaduserid LIKE '%+".$level.",'";
+                    }
+                }
+                $userMatch .= ")";
+		$whereC[] = $userMatch;
 		$whereC 		= ( count( $whereC ) ? ' WHERE '. implode( ' AND ', $whereC ) : '' );
 		
 		// get list of categories for dropdown filter

[PhracturedBlue]

Sorry the above post is all out of order.New accounts need review before posts go thorugh, and this forum limits the maximal post length. Hopefully my '2nd post' arrives shortly, and the above patch will make more sense.

The idea of the patch is that viewaccess ids are stored in the access list as '+<id>', and all queries of the access lists are then updated to understand this syntax.

The patch has 3 parts:
1) change getUserRight() to allow matching the <upload/access/delete>userid value in phocadownload_categories against '+<id>' where <id> is from the 'viewlevels' table
2) add a query into the admin page so that the access lists are choosable for Access/Upload/Download
3) on the user upload page, add support for '+<id>' syntax in finding all uploadable categories for the combo-box

[Jan]

Hi, thank you for the guide, I hope it is now completely (with all the posts)

Thanky you, Jan

[PhracturedBlue]

yes, it is all complete now (and in order even). As I mentioned at the top, this is developed for phocadownload 3.0.6. It will probably need modifications to work with any other version. I do not guarantee that I found every case where 'accessuserid' is used (i.e. using a group in the 'Access Rights' filed is not recommended). PhocaDownload already supports category authorization filtering by groups using the 'Access' field. The purpose of this patch is primarily to easily let a group of users upload to specific categories without needing to add them individually. The delete-authorization is tested and works as well. The fact that groups show up in 'Access Rights' is just a side-effect. As I said at the top, the patch is somewhat crude.

[Jan]

Ok, thank you.