NYCPHP Meetup

[Hans C. Kaspersetz]

Over the last week I have been developing a site using components 
developed by third parties.  One of the biggest problems I have found is 
the inconsistent or non-existent support of access controls in 
components.  Below you will find two functions I pulled from 
com_comprofiler.  I have been adding these functions to other components 
like com_mtree and com_akoForms to control access to them.  I am 
interested to know if the Mambo core has functions that do what 
allowAccess and userGID do?  I would like to use Mambo core code and not 
access control code placed in each component.  I looked through the API 
documentation on the Mambo site and nothing jumped out at me.

Also, is there a standard way component developers should implement 
access control in their components?  Has the Mambo team documented the 
recommended implementation?

I regularly find it mind numbing that component developers charge for 
incomplete or buggy components.  For example, Mosets Tree offers no 
access controls to their content.  I emailed the developer and he said 
that I should not post the link to the content, to control access.  
Arrgg.......  My one bit of gratitude is that I have to source and can 
add access controls if I like and can submit the patches.

Thanks,
Hans

So here is the source:

/*************************************************************
* Mambo Community Builder
* Author MamboJoe
* @ Released under GNU/GPL License : http://www.gnu.org/copyleft/gpl.html
*************************************************************/


function allowAccess( $accessgroupid,$recurse, $usersgroupid, &$acl)
   {
    // "agroup:".$accessgroupid." ugroupid:".$usersgroupid." recurse 
".$recurse;
      if ($accessgroupid == -2 || ($accessgroupid == -1 && $usersgroupid 
 > 0)  || $usersgroupid == 17 || $usersgroupid == 23|| $usersgroupid == 
24|| $usersgroupid == 25) {
    //grant public access or access to all registered users
         return 1;
      }
      else {
    //need to do more checking based on more restrictions
         if( $usersgroupid == $accessgroupid ) {
         //direct match
         return 1;
         }
         else {
            if ($recurse=='RECURSE') {
               //check if there are children groups
               $groupchildern=array();
               $groupchildren=$acl->get_group_children( $accessgroupid, 
'ARO', $recurse );

               if ( is_array( $groupchildren ) && count( $groupchildren 
) > 0) {
                  if ( in_array($usersgroupid, $groupchildren) ) {
                     //match
                     return 1;
                  }
               }
            }
         }
     //deny access
     return 0;
   }
}

function userGID($oID){
      global $database;
    if($oID > 0) {
    $query = "SELECT gid FROM #__users WHERE id = '".$oID."'";
    $database->setQuery($query);
    $gid = $database->loadResult();
    return $gid;
    }
    else return 0;
}