diff --git a/administrator/components/com_categories/models/fields/categoryedit.php b/administrator/components/com_categories/models/fields/categoryedit.php index 8adbe0508ea3b..821f9c463dd5b 100644 --- a/administrator/components/com_categories/models/fields/categoryedit.php +++ b/administrator/components/com_categories/models/fields/categoryedit.php @@ -140,6 +140,9 @@ protected function getOptions() } $db = JFactory::getDbo(); + $user = JFactory::getUser(); + $groups = implode(',', $user->getAuthorisedViewLevels()); + $query = $db->getQuery(true) ->select('DISTINCT a.id AS value, a.title AS text, a.level, a.published, a.lft'); $subQuery = $db->getQuery(true) @@ -180,6 +183,9 @@ protected function getOptions() $subQuery->where('published IN (' . implode(',', ArrayHelper::toInteger($published)) . ')'); } + // Filter categories on User Access Level + $subQuery->where('access IN (' . $groups . ')'); + $query->from('(' . (string) $subQuery . ') AS a') ->join('LEFT', $db->quoteName('#__categories') . ' AS b ON a.lft > b.lft AND a.rgt < b.rgt'); $query->order('a.lft ASC'); diff --git a/administrator/components/com_content/models/articles.php b/administrator/components/com_content/models/articles.php index 4d544639c262c..9f7e548ed5bcc 100644 --- a/administrator/components/com_content/models/articles.php +++ b/administrator/components/com_content/models/articles.php @@ -226,11 +226,12 @@ protected function getListQuery() $query->where('a.access = ' . (int) $access); } - // Implement View Level Access + // Filter by access level on categories. if (!$user->authorise('core.admin')) { $groups = implode(',', $user->getAuthorisedViewLevels()); $query->where('a.access IN (' . $groups . ')'); + $query->where('c.access IN (' . $groups . ')'); } // Filter by published state diff --git a/administrator/components/com_content/models/featured.php b/administrator/components/com_content/models/featured.php index 3c2200eca901a..d594dd17fdc6f 100644 --- a/administrator/components/com_content/models/featured.php +++ b/administrator/components/com_content/models/featured.php @@ -74,6 +74,7 @@ protected function getListQuery() // Create a new query object. $db = $this->getDbo(); $query = $db->getQuery(true); + $user = JFactory::getUser(); // Select the required fields from the table. $query->select( @@ -123,6 +124,13 @@ protected function getListQuery() $query->where('a.access = ' . (int) $access); } + // Filter by access level on categories. + if (!$user->authorise('core.admin')) + { + $groups = implode(',', $user->getAuthorisedViewLevels()); + $query->where('c.access IN (' . $groups . ')'); + } + // Filter by published state $published = $this->getState('filter.published'); diff --git a/libraries/cms/html/category.php b/libraries/cms/html/category.php index 7c273ec81c571..fc6a35db0b523 100644 --- a/libraries/cms/html/category.php +++ b/libraries/cms/html/category.php @@ -44,7 +44,10 @@ public static function options($extension, $config = array('filter.published' => if (!isset(static::$items[$hash])) { $config = (array) $config; - $db = JFactory::getDbo(); + $db = JFactory::getDbo(); + $user = JFactory::getUser(); + $groups = implode(',', $user->getAuthorisedViewLevels()); + $query = $db->getQuery(true) ->select('a.id, a.title, a.level') ->from('#__categories AS a') @@ -52,6 +55,9 @@ public static function options($extension, $config = array('filter.published' => // Filter on extension. $query->where('extension = ' . $db->quote($extension)); + + // Filter on user access level + $query->where('a.access IN (' . $groups . ')'); // Filter on the published state if (isset($config['filter.published'])) @@ -139,6 +145,7 @@ public static function categories($extension, $config = array('filter.published' if (!isset(static::$items[$hash])) { $config = (array) $config; + $user = JFactory::getUser(); $db = JFactory::getDbo(); $query = $db->getQuery(true) ->select('a.id, a.title, a.level, a.parent_id') @@ -147,6 +154,10 @@ public static function categories($extension, $config = array('filter.published' // Filter on extension. $query->where('extension = ' . $db->quote($extension)); + + // Filter on user level. + $groups = implode(',', $user->getAuthorisedViewLevels()); + $query->where('a.access IN (' . $groups . ')'); // Filter on the published state if (isset($config['filter.published']))