[4.0] Use unset filter to unset created_by data if needed (#34303)

Author: joomdonation

administrator/components/com_banners/src/Model/BannerModel.php

@@ -210,6 +210,12 @@ public function getForm($data = array(), $loadData = true)
 			$form->setFieldAttribute('sticky', 'filter', 'unset');
 		}
 
+		// Don't allow to change the created_by user if not allowed to access com_users.
+		if (!Factory::getUser()->authorise('core.manage', 'com_users'))
+		{
+			$form->setFieldAttribute('created_by', 'filter', 'unset');
+		}
+
 		return $form;
 	}
 
@@ -460,31 +466,4 @@ private function canCreateCategory()
 	{
 		return Factory::getUser()->authorise('core.create', 'com_banners');
 	}
-
-	/**
-	 * Method to validate the form data.
-	 *
-	 * @param   Form    $form   The form to validate against.
-	 * @param   array   $data   The data to validate.
-	 * @param   string  $group  The name of the field group to validate.
-	 *
-	 * @return  array|boolean  Array of filtered data if valid, false otherwise.
-	 *
-	 * @see     JFormRule
-	 * @see     JFilterInput
-	 * @since   3.9.25
-	 */
-	public function validate($form, $data, $group = null)
-	{
-		// Don't allow to change the users if not allowed to access com_users.
-		if (!Factory::getUser()->authorise('core.manage', 'com_users'))
-		{
-			if (isset($data['created_by']))
-			{
-				unset($data['created_by']);
-			}
-		}
-
-		return parent::validate($form, $data, $group);
-	}
 }

administrator/components/com_categories/src/Model/CategoryModel.php

@@ -289,6 +289,12 @@ public function getForm($data = array(), $loadData = true)
 			$form->setFieldAttribute('published', 'filter', 'unset');
 		}
 
+		// Don't allow to change the created_user_id user if not allowed to access com_users.
+		if (!Factory::getUser()->authorise('core.manage', 'com_users'))
+		{
+			$form->setFieldAttribute('created_user_id', 'filter', 'unset');
+		}
+
 		return $form;
 	}
 
@@ -368,15 +374,6 @@ protected function loadFormData()
 	 */
 	public function validate($form, $data, $group = null)
 	{
-		// Don't allow to change the users if not allowed to access com_users.
-		if (!Factory::getUser()->authorise('core.manage', 'com_users'))
-		{
-			if (isset($data['created_user_id']))
-			{
-				unset($data['created_user_id']);
-			}
-		}
-
 		if (!Factory::getUser()->authorise('core.admin', $data['extension']))
 		{
 			if (isset($data['rules']))

administrator/components/com_contact/src/Model/ContactModel.php

@@ -196,6 +196,12 @@ public function getForm($data = array(), $loadData = true)
 			$form->setFieldAttribute('published', 'filter', 'unset');
 		}
 
+		// Don't allow to change the created_by user if not allowed to access com_users.
+		if (!Factory::getUser()->authorise('core.manage', 'com_users'))
+		{
+			$form->setFieldAttribute('created_by', 'filter', 'unset');
+		}
+
 		return $form;
 	}
 
@@ -543,31 +549,4 @@ private function canCreateCategory()
 	{
 		return Factory::getUser()->authorise('core.create', 'com_contact');
 	}
-
-	/**
-	 * Method to validate the form data.
-	 *
-	 * @param   Form    $form   The form to validate against.
-	 * @param   array   $data   The data to validate.
-	 * @param   string  $group  The name of the field group to validate.
-	 *
-	 * @return  array|boolean  Array of filtered data if valid, false otherwise.
-	 *
-	 * @see     JFormRule
-	 * @see     JFilterInput
-	 * @since   3.9.25
-	 */
-	public function validate($form, $data, $group = null)
-	{
-		// Don't allow to change the users if not allowed to access com_users.
-		if (!Factory::getUser()->authorise('core.manage', 'com_users'))
-		{
-			if (isset($data['created_by']))
-			{
-				unset($data['created_by']);
-			}
-		}
-
-		return parent::validate($form, $data, $group);
-	}
 }

administrator/components/com_content/src/Model/ArticleModel.php

@@ -586,6 +586,12 @@ public function getForm($data = array(), $loadData = true)
 			$form->setFieldAttribute('state', 'filter', 'unset');
 		}
 
+		// Don't allow to change the created_by user if not allowed to access com_users.
+		if (!Factory::getUser()->authorise('core.manage', 'com_users'))
+		{
+			$form->setFieldAttribute('created_by', 'filter', 'unset');
+		}
+
 		return $form;
 	}
 
@@ -656,15 +662,6 @@ protected function loadFormData()
 	 */
 	public function validate($form, $data, $group = null)
 	{
-		// Don't allow to change the users if not allowed to access com_users.
-		if (!Factory::getUser()->authorise('core.manage', 'com_users'))
-		{
-			if (isset($data['created_by']))
-			{
-				unset($data['created_by']);
-			}
-		}
-
 		if (!Factory::getUser()->authorise('core.admin', 'com_content'))
 		{
 			if (isset($data['rules']))

administrator/components/com_fields/src/Model/FieldModel.php

@@ -571,6 +571,12 @@ public function getForm($data = array(), $loadData = true)
 			$form->setFieldAttribute('state', 'filter', 'unset');
 		}
 
+		// Don't allow to change the created_user_id user if not allowed to access com_users.
+		if (!Factory::getUser()->authorise('core.manage', 'com_users'))
+		{
+			$form->setFieldAttribute('created_user_id', 'filter', 'unset');
+		}
+
 		// In case we are editing a field, field type cannot be changed, so some extra handling below is needed
 		if ($fieldId)
 		{
@@ -965,15 +971,6 @@ protected function loadFormData()
 	 */
 	public function validate($form, $data, $group = null)
 	{
-		// Don't allow to change the users if not allowed to access com_users.
-		if (!Factory::getUser()->authorise('core.manage', 'com_users'))
-		{
-			if (isset($data['created_user_id']))
-			{
-				unset($data['created_user_id']);
-			}
-		}
-
 		if (!Factory::getUser()->authorise('core.admin', 'com_fields'))
 		{
 			if (isset($data['rules']))

administrator/components/com_fields/src/Model/GroupModel.php

@@ -125,7 +125,9 @@ public function getForm($data = array(), $loadData = true)
 			$data['context'] = $context;
 		}
 
-		if (!Factory::getUser()->authorise('core.edit.state', $context . '.fieldgroup.' . $jinput->get('id')))
+		$user = Factory::getUser();
+
+		if (!$user->authorise('core.edit.state', $context . '.fieldgroup.' . $jinput->get('id')))
 		{
 			// Disable fields for display.
 			$form->setFieldAttribute('ordering', 'disabled', 'true');
@@ -136,6 +138,12 @@ public function getForm($data = array(), $loadData = true)
 			$form->setFieldAttribute('state', 'filter', 'unset');
 		}
 
+		// Don't allow to change the created_by user if not allowed to access com_users.
+		if (!$user->authorise('core.manage', 'com_users'))
+		{
+			$form->setFieldAttribute('created_by', 'filter', 'unset');
+		}
+
 		return $form;
 	}
 
@@ -280,15 +288,6 @@ protected function preprocessForm(Form $form, $data, $group = 'content')
 	 */
 	public function validate($form, $data, $group = null)
 	{
-		// Don't allow to change the users if not allowed to access com_users.
-		if (!Factory::getUser()->authorise('core.manage', 'com_users'))
-		{
-			if (isset($data['created_by']))
-			{
-				unset($data['created_by']);
-			}
-		}
-
 		if (!Factory::getUser()->authorise('core.admin', 'com_fields'))
 		{
 			if (isset($data['rules']))

administrator/components/com_newsfeeds/src/Model/NewsfeedModel.php

@@ -133,6 +133,12 @@ public function getForm($data = array(), $loadData = true)
 			$form->setFieldAttribute('publish_down', 'filter', 'unset');
 		}
 
+		// Don't allow to change the created_by user if not allowed to access com_users.
+		if (!Factory::getUser()->authorise('core.manage', 'com_users'))
+		{
+			$form->setFieldAttribute('created_by', 'filter', 'unset');
+		}
+
 		return $form;
 	}
 
@@ -448,31 +454,4 @@ private function canCreateCategory()
 	{
 		return Factory::getUser()->authorise('core.create', 'com_newsfeeds');
 	}
-
-	/**
-	 * Method to validate the form data.
-	 *
-	 * @param   Form    $form   The form to validate against.
-	 * @param   array   $data   The data to validate.
-	 * @param   string  $group  The name of the field group to validate.
-	 *
-	 * @return  array|boolean  Array of filtered data if valid, false otherwise.
-	 *
-	 * @see     JFormRule
-	 * @see     JFilterInput
-	 * @since   3.9.25
-	 */
-	public function validate($form, $data, $group = null)
-	{
-		// Don't allow to change the users if not allowed to access com_users.
-		if (!Factory::getUser()->authorise('core.manage', 'com_users'))
-		{
-			if (isset($data['created_by']))
-			{
-				unset($data['created_by']);
-			}
-		}
-
-		return parent::validate($form, $data, $group);
-	}
 }