AmyStephen/$this->authorise($action, $category->asset_name).php

## $this->authorise($action, $category->asset_name).php
/**
 * Method to check JUser object authorisation against an access control
 * object and optionally an access extension object
 *
 * @param   string   $action		The name of the action to check for permission.
 * @param   string   $assetname	The name of the asset on which to perform the action.
 *
 * @return  boolean  True if authorised
 * @since   11.1
 */
public function authorise($action, $assetname = null)
{
    // Make sure we only check for admin once during the run.
    if ($this->isRoot === null) {
        $this->isRoot = false;

        // Check for the configuration file failsafe.
        $config		= JFactory::getConfig();
        $rootUser	= $config->get('root_user');

        // The root_user variable can be a numeric user ID or a username.
        if (is_numeric($rootUser) && $this->id > 0 && $this->id == $rootUser) {
            $this->isRoot = true;
        }
        else if ($this->username && $this->username == $rootUser) {
            $this->isRoot = true;
        }
        else {
            // Get all groups against which the user is mapped.
            $identities = $this->getAuthorisedGroups();
            array_unshift($identities, $this->id * -1);

            if (JAccess::getAssetRules(1)->allow('admin', $identities)) {
                $this->isRoot = true;
                return true;
            }
        }
    }

    return $this->isRoot ? true : JAccess::check($this->id, $action, $assetname);
}

## addToolbar.php
if (!$checkedOut && ($canDo->get('core.edit') || count($user->getAuthorisedCategories('com_banners', 'core.create')) > 0))

## getAuthorisedCategories.php
/**
 * Method to return a list of all categories that a user has permission for a given action
 *
 * @param   string   $component	The component from which to retrieve the categories
 * @param   string   $action		The name of the section within the component from which to retrieve the actions.
 *
 * @return  array    List of categories that this group can do this action to (empty array if none). Categories must be published.
 * @since   11.1
 */
public function getAuthorisedCategories($component, $action) {
    // Brute force method: get all published category rows for the component and check each one
    // TODO: Modify the way permissions are stored in the db to allow for faster implementation and better scaling
    $db = JFactory::getDbo();
    $query	= $db->getQuery(true)
        ->select('c.id AS id, a.name as asset_name')
        ->from('#__categories c')
        ->innerJoin('#__assets a ON c.asset_id = a.id')
        ->where('c.extension = ' . $db->quote($component))
        ->where('c.published = 1');
    $db->setQuery($query);
    $allCategories = $db->loadObjectList('id');
    $allowedCategories = array();
    foreach ($allCategories as $category) {
        if ($this->authorise($action, $category->asset_name)) {
            $allowedCategories[] = (int) $category->id;
        }
    }
    return $allowedCategories;
}

## getAuthorisedGroups
/**
 * Gets an array of the authorised user groups
 *
 * @return  array
 * @since   11.1
 */
public function getAuthorisedGroups()
{
    if ($this->_authGroups === null) {
        $this->_authGroups = array();
    }

    if (empty($this->_authGroups)) {
        $this->_authGroups = JAccess::getGroupsByUser($this->id);
    }

    return $this->_authGroups;
}

## JAccess::getGroupsByUser($this->id).php
/**
 * Method to return a list of user groups mapped to a user. The returned list can optionally hold
 * only the groups explicitly mapped to the user or all groups both explicitly mapped and inherited
 * by the user.
 *
 * @param   integer  $userId     Id of the user for which to get the list of groups.
 * @param   boolean  $recursive  True to include inherited user groups.
 *
 * @return  array    List of user group ids to which the user is mapped.
 *
 * @since   11.1
 */
public static function getGroupsByUser($userId, $recursive = true)
{
    static $results = array();

    // Creates a simple unique string for each parameter combination:
    $storeId = $userId.':'.(int) $recursive;

    if (!isset($results[$storeId])) {
        // Guest user
        if (empty($userId)) {
            $result = array(JComponentHelper::getParams('com_users')->get('guest_usergroup', 1));
        }
        // Registered user
        else {
            $db = JFactory::getDbo();

            // Build the database query to get the rules for the asset.
            $query	= $db->getQuery(true);
            $query->select($recursive ? 'b.id' : 'a.id');
            $query->from('#__user_usergroup_map AS map');
            $query->where('map.user_id = '.(int) $userId);
            $query->leftJoin('#__usergroups AS a ON a.id = map.group_id');

            // If we want the rules cascading up to the global asset node we need a self-join.
            if ($recursive) {
                $query->leftJoin('#__usergroups AS b ON b.lft <= a.lft AND b.rgt >= a.rgt');
            }

            // Execute the query and load the rules from the result.
            $db->setQuery($query);
            $result	= $db->loadColumn();

            // Clean up any NULL or duplicate values, just in case
            JArrayHelper::toInteger($result);

            if (empty($result)) {
                $result = array('1');
            }
            else {
                $result = array_unique($result);
            }
        }

        $results[$storeId] = $result;
    }

    return $results[$storeId];
}
	/**
	* Method to check JUser object authorisation against an access control
	* object and optionally an access extension object
	*
	* @param string $action The name of the action to check for permission.
	* @param string $assetname The name of the asset on which to perform the action.
	*
	* @return boolean True if authorised
	* @since 11.1
	*/
	public function authorise($action, $assetname = null)
	{
	// Make sure we only check for admin once during the run.
	if ($this->isRoot === null) {
	$this->isRoot = false;

	// Check for the configuration file failsafe.
	$config = JFactory::getConfig();
	$rootUser = $config->get('root_user');

	// The root_user variable can be a numeric user ID or a username.
	if (is_numeric($rootUser) && $this->id > 0 && $this->id == $rootUser) {
	$this->isRoot = true;
	}
	else if ($this->username && $this->username == $rootUser) {
	$this->isRoot = true;
	}
	else {
	// Get all groups against which the user is mapped.
	$identities = $this->getAuthorisedGroups();
	array_unshift($identities, $this->id * -1);

	if (JAccess::getAssetRules(1)->allow('admin', $identities)) {
	$this->isRoot = true;
	return true;
	}
	}
	}

	return $this->isRoot ? true : JAccess::check($this->id, $action, $assetname);
	}
	/**
	* Method to return a list of all categories that a user has permission for a given action
	*
	* @param string $component The component from which to retrieve the categories
	* @param string $action The name of the section within the component from which to retrieve the actions.
	*
	* @return array List of categories that this group can do this action to (empty array if none). Categories must be published.
	* @since 11.1
	*/
	public function getAuthorisedCategories($component, $action) {
	// Brute force method: get all published category rows for the component and check each one
	// TODO: Modify the way permissions are stored in the db to allow for faster implementation and better scaling
	$db = JFactory::getDbo();
	$query = $db->getQuery(true)
	->select('c.id AS id, a.name as asset_name')
	->from('#__categories c')
	->innerJoin('#__assets a ON c.asset_id = a.id')
	->where('c.extension = ' . $db->quote($component))
	->where('c.published = 1');
	$db->setQuery($query);
	$allCategories = $db->loadObjectList('id');
	$allowedCategories = array();
	foreach ($allCategories as $category) {
	if ($this->authorise($action, $category->asset_name)) {
	$allowedCategories[] = (int) $category->id;
	}
	}
	return $allowedCategories;
	}
	/**
	* Gets an array of the authorised user groups
	*
	* @return array
	* @since 11.1
	*/
	public function getAuthorisedGroups()
	{
	if ($this->_authGroups === null) {
	$this->_authGroups = array();
	}

	if (empty($this->_authGroups)) {
	$this->_authGroups = JAccess::getGroupsByUser($this->id);
	}

	return $this->_authGroups;
	}
	/**
	* Method to return a list of user groups mapped to a user. The returned list can optionally hold
	* only the groups explicitly mapped to the user or all groups both explicitly mapped and inherited
	* by the user.
	*
	* @param integer $userId Id of the user for which to get the list of groups.
	* @param boolean $recursive True to include inherited user groups.
	*
	* @return array List of user group ids to which the user is mapped.
	*
	* @since 11.1
	*/
	public static function getGroupsByUser($userId, $recursive = true)
	{
	static $results = array();

	// Creates a simple unique string for each parameter combination:
	$storeId = $userId.':'.(int) $recursive;

	if (!isset($results[$storeId])) {
	// Guest user
	if (empty($userId)) {
	$result = array(JComponentHelper::getParams('com_users')->get('guest_usergroup', 1));
	}
	// Registered user
	else {
	$db = JFactory::getDbo();

	// Build the database query to get the rules for the asset.
	$query = $db->getQuery(true);
	$query->select($recursive ? 'b.id' : 'a.id');
	$query->from('#__user_usergroup_map AS map');
	$query->where('map.user_id = '.(int) $userId);
	$query->leftJoin('#__usergroups AS a ON a.id = map.group_id');

	// If we want the rules cascading up to the global asset node we need a self-join.
	if ($recursive) {
	$query->leftJoin('#__usergroups AS b ON b.lft <= a.lft AND b.rgt >= a.rgt');
	}

	// Execute the query and load the rules from the result.
	$db->setQuery($query);
	$result = $db->loadColumn();

	// Clean up any NULL or duplicate values, just in case
	JArrayHelper::toInteger($result);

	if (empty($result)) {
	$result = array('1');
	}
	else {
	$result = array_unique($result);
	}
	}

	$results[$storeId] = $result;
	}

	return $results[$storeId];
	}