Search

Methods

Back to PhocacartProduct class

Method checkIfAccessPossible

public static
checkIfAccessPossible
(mixed $id, mixed $catid, mixed $type = array(0, 1))
Class: PhocacartProduct
Project: Phoca Cart

Method checkIfAccessPossible - Source code

/*
 * Check if user has access to this product
 * when adding to cart
 * when ordering
 * NOT USED when displaying, as no products are displayed which cannnot be accessed
 * So this is security feature in case of forgery - server side checking
 * STRICT RULES ARE VALID - if the product is included in
 */
public static function checkIfAccessPossible($id, $catid, $type = array(0, 1))
{
    $typeS = base64_encode(serialize(ksort($type)));
    if (!isset(self::$productAccess[$id][$catid][$typeS])) {
        if ((int) $id > 0) {
            $db = Factory::getDBO();
            $wheres = array();
            $user = PhocacartUser::getUser();
            $userLevels = implode(',', $user->getAuthorisedViewLevels());
            $userGroups = implode(',', PhocacartGroup::getGroupsById($user->id, 1, 1));
            $wheres[] = " a.access IN (" . $userLevels . ")";
            $wheres[] = " c.access IN (" . $userLevels . ")";
            $wheres[] = " (ga.group_id IN (" . $userGroups . ") OR ga.group_id IS NULL)";
            $wheres[] = " (gc.group_id IN (" . $userGroups . ") OR gc.group_id IS NULL)";
            $wheres[] = " a.published = 1";
            $wheres[] = " c.published = 1";
            $wheres[] = ' a.id = ' . (int) $id;
            $wheres[] = ' c.id = ' . (int) $catid;
            //$wheres[] 	= ' c.type IN ('.implode(',', $type).')';
            if (!empty($type) && is_array($type)) {
                $wheres[] = ' c.type IN (' . implode(',', $type) . ')';
                // Category Type (Shop/POS)
            }
            //$wheres[] 	= ' c.id = '.(int)$catid;
            // PRODUCTTYPE
            // 0 ... physical product, 1 ... digital product, 2 ... physical and digital product, 3 ... price on demand product
            $wheres[] = ' a.type != 3';
            // price on demand product cannot be ordered and cannot be added to cart
            $query = ' SELECT a.id' . ' FROM #__phocacart_products AS a' . ' LEFT JOIN #__phocacart_product_categories AS pc ON pc.product_id = a.id' . ' LEFT JOIN #__phocacart_categories AS c ON c.id = pc.category_id' . ' LEFT JOIN #__phocacart_item_groups AS ga ON a.id = ga.item_id AND ga.type = 3' . ' LEFT JOIN #__phocacart_item_groups AS gc ON c.id = gc.item_id AND gc.type = 2' . ' WHERE ' . implode(' AND ', $wheres) . ' ORDER BY a.id' . ' LIMIT 1';
            $db->setQuery($query);
            $product = $db->loadObject();
            if (isset($product->id) && (int) $product->id > 0) {
                //return true;
                self::$productAccess[$id][$catid][$typeS] = true;
            } else {
                //$app	= JFactory::getApplication();
                //$app->enqueueMessage(JText::_('COM_PHOCACART_PRODUCT_ATTRIBUTE_REQUIRED'), 'error');
                //return false;// seems like attribute is required but not selected
                self::$productAccess[$id][$catid][$typeS] = false;
            }
        } else {
            self::$productAccess[$id][$catid][$typeS] = false;
        }
    }
    return self::$productAccess[$id][$catid][$typeS];
}