Merge pull request #13 from Tazzios/field-autorisation

3.1.0

Author: Tazzios

Changelog.md

@@ -1,6 +1,10 @@
-v3.0.5 (not released)  
-Fix: Escape special chars for value #11
-
+v3.1.0 
+Add: field autorisation, also works for existing fields #12  
+Improved: removed a foreach for.  
+Improved: Order of the rules should have less influence on the result  
+Fix: Escape special chars for value #11  
+Fix: Fix cast array Update helper.php #10 (@magnushasselquist)  
+  
 v3.0.4 oct 2023  
 Improve: PHP warnings when multifield options has changes #7 (@magnushasselquist)  
 Improve: PHP warnings when a list is not filtered #8 (@magnushasselquist)  

README.md

@@ -13,7 +13,7 @@ Example of presentation in front-end:
 ![cblistfront](https://user-images.githubusercontent.com/23451105/120665837-6a21d600-c48c-11eb-9815-c243f2310b37.png)
 
 Back-end configuration:
-![cblistbackend](https://user-images.githubusercontent.com/23451105/120667634-f84a8c00-c48d-11eb-9cd5-a8e6279bb936.png)
+![config](https://github.com/Tazzios/cblistmodule/assets/23451105/9f0f5639-8138-4484-9b43-bb955efdd57d)
 
 ## Configuration  
 The only mandatory configuration for the module is selecting a CB list to show the users from. all other settings have default options which you can change.
@@ -27,3 +27,9 @@ The only mandatory configuration for the module is selecting a CB list to show t
 ### rule examples;
 A basic set of rules will be created when creating the module.
 When creating custom tags make sure the tags that you are using within always have a value. For example see the avatar rule and show_avatar rule.
+  
+You can also show fields only to specific usergroups. 
+For existing databace fields like cb_example you can also create a rule to set autorisation on by creatign the following rule:
+tag name:  cb_example
+Usergroup: to what you want
+htmlcode to replace tag with: [cb_example]

cblistmodule-3.0.4.zip

@@ -12,130 +12,10 @@
 
 require_once( dirname(__FILE__) . '/cblisthelper.php' );
 
-function checkString(array $arr, $str) {
 
-  $str = preg_replace( array('/[^ \w]+/', '/\s+/'), ' ', strtolower($str) ); // Remove Special Characters and extra spaces -or- convert to LowerCase
 
-  $matchedString = array_intersect( explode(' ', $str), $arr);
 
-  if ( count($matchedString) > 0 ) {
-    return true;
-  }
-  return false;
-}
-
-
-function db_field_replace($before_str, $user_id,$rules,$fields,$search_paramtofind) {
-	
-	//Get data from current user
-	$db = JFactory::getDbo();
-	$query = "select * from #__users inner join #__comprofiler on #__users.id = #__comprofiler.user_id WHERE #__users.id =".$user_id;
-	// echo $query;
-	$db->setQuery($query);
-	$person = $db->loadAssoc();
-	
-	$after_str = $before_str;
-
-
-	// The while will only run multiple times if you have complex rules like using [canvas] in your avatar htmlcode.
-	// With this while loop we are certain that all paramtofind will be replaced. 
-	$i=0; 
-	while ((str_replace($search_paramtofind, '', $after_str) !== $after_str) and $i<>5){	
-		$i++; // safety count to stop the loop if the user created one. While will run expected once or twice to replace everything.
-		
-		foreach ($fields as $field) { //for every field that may be in the before_str
-			$paramtofind = "[".$field['name']."]";
-			$fieldtouse = $field['name'];
-			$fieldtype = $field['type'];
 
-			$datatoinsert = null;
-			//check if the fieldtouse exist (or is null)
-			if (isset($person[$fieldtouse]) ) {
-				$datatoinsert = $person[$fieldtouse];
-			} 
-			
-
-					
-			// if it is an image check the approved and create full url	
-			$show = 'yes';
-			if ($fieldtype=='image') {
-				 			
-				if ( $person[$fieldtouse.'approved']==0 or (empty($datatoinsert)) ) {
-					$show = 'no';
-				} else {
-					//url to the default canvas images are incorrect in stored in the database 
-					if ($fieldtouse=='canvas') {
-						$datatoinsert = str_ireplace('Gallery/', 'gallery/canvas/', $datatoinsert);
-					} 
-					//create the full image path
-					$datatoinsert =  JURI::base(). "images/comprofiler/" .$datatoinsert;
-
-				}
-			}
-			
-			//Fieldtypes with a label name in the comprofiler_field_values
-			// normal checkbox currently returns a 0 or 1
-			if ( !empty($datatoinsert) and ($fieldtype=='multicheckbox' or $fieldtype=='multiselect' or $fieldtype=='select' or $fieldtype=='radio')) {
-				
-
-				$values= explode("|*|", $datatoinsert);				
-				// clear unexploded data from data to insert
-				$datatoinsert= '';
-				
-				
-			
-				foreach ($values as $value)	{
-					
-					//Get label from value
-					$dblabel = JFactory::getDbo();
-					$query = "select fieldlabel from #__comprofiler_field_values WHERE fieldtitle ='". addslashes($value) . "'";
-					$dblabel->setQuery($query);
-					$labels = (array) $dblabel->loadAssoc();
-				
-					if (is_iterable($labels)) {
-						foreach ($labels as $label) {			
-							if(empty($label)) { 
-							$datatoinsert .= $value. " " ;
-							}
-							else{
-								$datatoinsert .= $label. " " ;
-							}
-						}
-					}
-					else  {
-						print("Can't iterate array\n");					
-					}
-				}
-			}
-			
-			 
-			//check if there is a rule for this field
-			if (null !==(array_search($fieldtouse,array_column($rules,'tag_name'))) ) {
-				
-				//loop through the rules to find the rule	
-				foreach ($rules as $rule)	{
-				
-					// If the rule is found:
-					if (strtolower($rule['tag_name']) == $fieldtouse) {
-						
-						// check if show still true and data is not empty or that it is a custom tag created in the module.				
-						if ($show == 'yes' and ((!empty($datatoinsert)) or $fieldtype=='custom') ) {
-							$datatoinsert = str_ireplace($paramtofind, ($datatoinsert ?? ''), $rule['htmlcode']);						
-						} else {	
-							$datatoinsert = str_ireplace($paramtofind, ($datatoinsert ?? ''), $rule['htmlcode_no']);	
-						}
-					} 
-				}  	
-			} 
-				 
-			$after_str = str_ireplace($paramtofind, ($datatoinsert ?? ''), $after_str); // replace the param name with '' if not found.
-					
-		} // end for each fields
-	}//  end while
-	
-	return $after_str;
-	
-}
 
 class modcbListHelper
 {
@@ -145,17 +25,11 @@ class modcbListHelper
      * @param array $params An object containing the module parameters
      * @access public
      */
-	 
-
-
-
 
 
 public static function getData( $params )
 	{
 
-		
-		
 		//retrieve $rules
 		$subform = $params->get('rules');
 		$arr = (array) $subform;
@@ -165,36 +39,31 @@ public static function getData( $params )
 		$additional_names = '';
 		foreach ($arr as $value)
 		{
+			
 			$rules[$i]['tag_name']= strtolower($value->tag_name);
+			$rules[$i]['accesslevel']= $value->accesslevel;
 			$rules[$i]['htmlcode'] = $value->htmlcode;
 			$rules[$i]['htmlcode_no'] = $value->htmlcode_no;
 
-			$additional_names .= " UNION SELECT '". strtolower($value->tag_name). "' AS name, 'custom' as type  ";
+			$additional_names .= " UNION SELECT '". strtolower($value->tag_name). "' AS name, 'rule' as type ";
 
-			$i++;
+			$i++;			
 		}
-		
+
 
 		// get all the fields that could possibly be part of template to be replaced to get us something to loop through. Also add id and user_id as fields.
 		$db = JFactory::getDbo();
-		$query = "SELECT name, type FROM #__comprofiler_fields WHERE (#__comprofiler_fields.table = '#__users' OR #__comprofiler_fields.table = '#__comprofiler') and name not in ('password','params')
-			UNION SELECT 'id' AS name, '' as type 
-			UNION SELECT 'user_id' AS name, '' as type  ";
+		$query = "SELECT fields.name, fields.type FROM #__comprofiler_fields as fields
+			WHERE (fields.table = '#__users' OR fields.table = '#__comprofiler') and name not in ('password','params')
+			UNION SELECT 'id' AS name, 'id' as type 
+			UNION SELECT 'user_id' AS name, 'id' as type   ";
 		// add additional names created in the parameters 
 		$query .= $additional_names ;
 		// retrieve fields from type images as first. this way other tags in the htmlcode then from the image will also be replaced without additional while loop
-		$query .=  " order by FIELD(type,'image') desc";
+		$query .=  " order by FIELD(type,'image' ) desc";
 		$db->setQuery($query);
 		$fields = $db->loadAssocList();
-		
-		// create an one row array with paramtofind to use for the while check
-		$search_paramtofind = array ();
-		foreach ($fields as $field) {
-			$search_paramtofind[] = "[".$field['name']."]";
-		}
 
-		
-		
 
     	$result=''; //reset result
 		// Get the parameters
@@ -259,17 +128,15 @@ public static function getData( $params )
 	$result .= " <div style=\" margin: 0 auto; display: grid; grid-gap: 0.2rem;grid-template-columns: repeat(". $columns .", minmax(".$minwidth."rem, 1fr));\" class=\"cblist\"> " ;
 
 	// Now, lets use the final SQL to get all Users from Joomla/CB
-	$query = $fetch_sql;
 
 	$debug_text= '';				
-	if ($list_debug == 1) {  $debug_text .= "<p>DEBUG: <pre>".$query."</pre></p>"; }
-	$db->setQuery($query);
+	if ($list_debug == 1) {  $debug_text .= "<p>DEBUG: <pre>".$fetch_sql."</pre></p>"; }
+	$db->setQuery($fetch_sql);
 	$persons = $db->loadAssocList();
 	if (!empty($persons)){
-		foreach ($persons as $person) { //for every person that is a reciever, lets do an email.
-		 	// $result .= $person['username']."<br/>";
+		foreach ($persons as $person) {  
 		 	// Lets loop over the Users and create the output using the Template, replacing [fileds] in Template
-			$result .= "<div style=\"padding: 5px;overflow-wrap: break-word;\" class=\"cblist-user\" >". db_field_replace($list_template, $person['id'],$rules,$fields,$search_paramtofind) ."</div >" ;
+			$result .= "<div style=\"padding: 5px;overflow-wrap: break-word;\" class=\"cblist-user\" >". db_field_replace($list_template, $person['id'],$rules,$fields) ."</div >" ;
 		}
 	} else if ($list_debug == 1) { $debug_text .= "<p>DEBUG: Empty list?!</p>"; }
 
@@ -279,5 +146,126 @@ public static function getData( $params )
 	return $list_textabove . $debug_text . $result . $list_textbelow;
 
     	}
+		
+		
 }
+
+function db_field_replace($before_str, $user_id,$rules,$fields) {
+	
+	//Get data from current user
+	$db = JFactory::getDbo();
+	$query = "select * from #__users inner join #__comprofiler on #__users.id = #__comprofiler.user_id WHERE #__users.id =".$user_id;
+	// echo $query;
+	$db->setQuery($query);
+	$person = $db->loadAssoc();
+	
+	$after_str = $before_str;
+
+
+	// The while will only run multiple times if you have complex rules like using [canvas] in your avatar htmlcode.
+	// With this while loop we are certain that all paramtofind will be replaced. 
+	$i=0; 
+	while (/*(str_replace($search_paramtofind, '', $after_str) !== $after_str) and*/ $i<>4){	
+		$i++; // safety count to stop the loop if the user created one. While will run expected once or twice to replace everything.
+		
+		
+		foreach ($fields as $field) { //for every field that may be in the before_str
+			$paramtofind = "[".$field['name']."]";
+			$fieldtouse = $field['name'];
+			$fieldtype = $field['type'];
+
+
+			/*set value to insert for normal fields*/ 
+			$datatoinsert = null;			
+			
+			//check if the fieldtouse exist (or is null)
+			if (isset($person[$fieldtouse]) ) {
+				$datatoinsert = $person[$fieldtouse];
+			} 
+			
+
+			/*set value to insert for images */ 
+			// if it is an image check the approved and create full url
+			//if there is an '[fieldname]approved' column it is an image. By checking the exsting of the column instead of type 'image' it will also be aplied to rules with the same name.
+			$show = true;			
+			if (isset($person[$fieldtouse.'approved']) ) {		
+								 			
+				if ( $person[$fieldtouse.'approved']==0 or (empty($datatoinsert)) ) {
+					$datatoinsert = 'no image available';
+				} else {
+					//url to the default canvas images are incorrect in stored in the database 
+					if ($fieldtouse=='canvas') {
+						$datatoinsert = str_ireplace('Gallery/', 'gallery/canvas/', $datatoinsert);
+					} 
+					//create the full image path
+					$datatoinsert =  JURI::base(). "images/comprofiler/" .$datatoinsert;
+				}
+			}
+			
+			
+			/*set value to insert for multiple value fields */ 
+			//Fieldtypes with a label name in the comprofiler_field_values
+			// TODO normal checkbox currently returns a 0 or 1
+			if ( !empty($datatoinsert) and ($fieldtype=='multicheckbox' or $fieldtype=='multiselect' or $fieldtype=='select' or $fieldtype=='radio')) {
+				
+				$values= explode("|*|", $datatoinsert);				
+				// clear unexploded data from data to insert
+				$datatoinsert= '';
+					
+				foreach ($values as $value)	{			
+					//Get label from value
+					$dblabel = JFactory::getDbo();
+					$query = "select fieldlabel from #__comprofiler_field_values WHERE fieldtitle ='". addslashes($value) . "'";
+					$dblabel->setQuery($query);
+					$labels = (array) $dblabel->loadAssoc();
+				
+					if (is_iterable($labels)) {
+						foreach ($labels as $label) {			
+							if(empty($label)) { 
+							$datatoinsert .= $value. " " ;
+							} else {
+								$datatoinsert .= $label. " " ;
+							}
+						}
+					} else {
+						print("Can't iterate array\n");					
+					}
+				}
+			}		
+			 			
+			// Check if there is an rule. A rule can have the same name as an CB field.
+			//array_search will return false of an array ID.
+			$rule_id = array_search($fieldtouse,array_column($rules,'tag_name'));				
+			if ( $rule_id !== false) {
+
+				// get usergroups from loggedin user
+				$user_accesslevels = JAccess::getAuthorisedViewLevels(JFactory::getUser()->get('id'), $recursive = true);
+				
+				$autorised = false;
+				if ( empty($rules[$rule_id]['accesslevel']) or array_sum(array_count_values(array_intersect($user_accesslevels, $rules[$rule_id]['accesslevel'])))>0 ) { // if not set show the data
+					$autorised = true;	
+				}
+				
+				if ($autorised == true) {
+					// check if (data is not empty or that it is a rule tag created) and incase of an image tag if there is an image to show.	
+					if  (  ( !empty($datatoinsert) or $fieldtype=='rule' ) and $datatoinsert != 'no image available')   {
+						$datatoinsert = str_ireplace($paramtofind, ($datatoinsert ), $rules[$rule_id]['htmlcode']);
+					} else {	
+						$datatoinsert =  str_ireplace($paramtofind, ($datatoinsert  ?? ''), $rules[$rule_id]['htmlcode_no'] );
+					}
+				} else {
+					//Set to empty when not autorised
+					$datatoinsert= null;
+				}	
+			}		
+		
+			$after_str = str_ireplace($paramtofind, ($datatoinsert ?? ''), $after_str); // replace the param name with '' if not found.
+			
+	
+		} // end for each fields
+	}//  end while
+	
+	return $after_str;
+	
+}	
 ?>