function check_no_new_page()
{
global $config;
global $id_grupo;
if (!give_acl($config['id_user'], $id_grupo, "WM")) {
return true;
} else {
return false;
}
}
function check_workunit_permission($id_workunit)
{
global $config;
// Delete workunit with ACL / Project manager check
$workunit = get_db_row('tworkunit', 'id', $id_workunit);
if ($workunit === false) {
return false;
}
$id_user = $workunit["id_user"];
$id_task = get_db_value("id_task", "tworkunit_task", "id_workunit", $workunit["id"]);
$id_project = get_db_value("id_project", "ttask", "id", $id_task);
if ($id_user != $config["id_user"] && !give_acl($config["id_user"], 0, "PM") && !project_manager_check($id_project)) {
return false;
}
return true;
}
function print_child_tree($id, $depth = 0)
{
$children = get_inventory_children($id);
if ($children === false || sizeof($children) == 0) {
return;
}
foreach ($children as $child) {
print_inventory_object($child['id'], $children, array(), true, true, $depth);
if ($child['id_contract']) {
/* Only check ACLs if the inventory has a contract */
if (!give_acl($config['id_user'], get_inventory_group($child['id']), "VR")) {
continue;
} else {
print_child_tree($child['id'], $depth + 1);
}
}
}
}
function check_incident_access($id)
{
global $config;
if ($id) {
$incident = get_incident($id);
if ($incident !== false) {
$id_grupo = $incident['id_grupo'];
} else {
echo "<h1>" . __("Ticket") . "</h1>";
echo ui_print_error_message(__("There is no information for this ticket"), '', true, 'h3', true);
echo "<br>";
echo "<a style='margin-left: 90px' href='index.php?sec=incidents&sec2=operation/incidents/incident_search'>" . __("Try the search form to find the ticket") . "</a>";
return false;
}
}
if (isset($incident)) {
//Incident creators must see their incidents
$check_acl = enterprise_hook("incidents_check_incident_acl", array($incident));
$standalone_check = enterprise_hook("manage_standalone", array($incident));
if ($check_acl !== ENTERPRISE_NOT_HOOK && !$check_acl || $standalone_check !== ENTERPRISE_NOT_HOOK && !$standalone_check) {
// Doesn't have access to this page
audit_db($config['id_user'], $config["REMOTE_ADDR"], "ACL Violation", "Trying to access to ticket (External user) " . $id);
include "general/noaccess.php";
return false;
}
} else {
if (!give_acl($config['id_user'], $id_grupo, "IR")) {
// Doesn't have access to this page
audit_db($config['id_user'], $config["REMOTE_ADDR"], "ACL Violation", "Trying to access to ticket " . $id);
include "general/noaccess.php";
return false;
} else {
//No incident but ACLs enabled
echo ui_print_error_message(__("The ticket doesn't exist"), '', true, 'h3', true);
return false;
}
}
return true;
}
if ($get_group_details) {
if (!give_acl($config["id_user"], $id, "IR")) {
return;
}
$default_user = get_db_value('id_user_default', 'tgrupo', 'id_grupo', $id);
$real_name = get_db_value('nombre_real', 'tusuario', 'id_usuario', $default_user);
$group = array();
$group['forced_email'] = get_db_value('forced_email', 'tgrupo', 'id_grupo', $id);
$group['user_real_name'] = $real_name;
$group['id_user_default'] = $default_user;
echo json_encode($group);
if (defined('AJAX')) {
return;
}
}
if (!give_acl($config["id_user"], 0, "UM")) {
audit_db($config["id_user"], $config["REMOTE_ADDR"], "ACL Violation", "Trying to access group management");
require "general/noaccess.php";
exit;
}
echo '<h1>' . __('Group management') . '</h1>';
$create_group = (bool) get_parameter('create_group');
$update_group = (bool) get_parameter('update_group');
$delete_group = (bool) get_parameter('delete_group');
// Create group
if ($create_group) {
$name = (string) get_parameter('name');
$icon = (string) get_parameter('icon');
$parent = (int) get_parameter('parent');
$soft_limit = (int) get_parameter('soft_limit');
$hard_limit = (int) get_parameter('hard_limit');
if($pdf_output == 0) {
// Prev. year
echo "<a href='index.php?sec=users&sec2=operation/user_report/report_annual&year=$prev_year&id_user=$id_user_show&clean_output=$clean_output'><img src='images/control_rewind_blue.png' title='" . __('Previous year') . "' class='calendar_arrow'></a>";
}
echo "<span class='calendar-month' style='font-size: 0.93em; color: #FFFFFF; padding: 3px;'>$year</span>";
if($pdf_output == 0) {
// Next. year
echo "<a href='index.php?sec=users&sec2=operation/user_report/report_annual&year=$next_year&id_user=$id_user_show&clean_output=$clean_output'><img src='images/control_fastforward_blue.png' title='" . __('Next year') . "' class='calendar_arrow'></a>";
}
echo "</td></tr>";
echo "<tr><td colspan=4>";
echo "<form id='form-report_annual' name='xx' method=post action='index.php?sec=users&sec2=operation/user_report/report_annual'>";
echo "<table cellpadding=4 cellspacing=4 style='margin: 0px auto;'>";
echo "<tr><td>";
if (give_acl($config["id_user"], 0, "PM") && $pdf_output == 0){
echo "<input type='hidden' name='year' value='$year'>";
echo "<td>";
// Show user
$params['input_id'] = 'text-id_user';
$params['input_name'] = 'id_user';
$params['return'] = false;
$params['return_help'] = false;
$params['input_value'] = $id_user_show;
user_print_autocomplete_input($params);
echo "</td>";
echo "<td>";
} else {
echo "<a href='index.php?sec=customers&sec2=operation/newsletter/newsletter_definition'>" . __("Newsletters") . "</a></lI>";
}
}
if ($show_people != MENU_HIDDEN) {
// Users
if ($sec == "users") {
echo "<li id='current' class='people'>";
} else {
echo "<li class='people'>";
}
echo "<div>|</div>";
echo "<a href='index.php?sec=users&sec2=operation/user_report/report_monthly'>" . __('People') . "</a></li>";
}
// Wiki
if (give_acl($config["id_user"], 0, "WR") && $show_wiki != MENU_HIDDEN) {
// Wiki
if ($sec == "wiki") {
echo "<li id='current' class='wiki'>";
} else {
echo "<li class='wiki'>";
}
echo "<div>|</div>";
echo "<a href='index.php?sec=wiki&sec2=operation/wiki/wiki'>" . __('Wiki') . "</a>";
echo "<div>|</div></li>";
}
// Custom Screens
if ((int) enterprise_include('custom_screens/CustomScreensManager.php', true) != ENTERPRISE_NOT_HOOK) {
$custom_screens = CustomScreensManager::getInstance()->getCustomScreensList(false);
if (!empty($custom_screens)) {
$custom_link = '';
function combo_download_categories($id_category, $show_any = false, $label = false, $return = false)
{
global $config;
enterprise_include('include/functions_form.php');
$result = enterprise_hook('combo_download_categories_extra', array($id_category, $show_any, $label, true));
if ($result === ENTERPRISE_NOT_HOOK) {
$sql = "SELECT * FROM tdownload_category ORDER BY 2";
$result = process_sql($sql);
if ($result == false) {
$result = array();
}
$categories = array();
foreach ($result as $row) {
if (give_acl($config["id_user"], $row["id_group"], "KR")) {
$categories[$row["id"]] = $row["name"];
}
}
if ($show_any) {
$nothing = __('Any');
} else {
$nothing = '';
}
if ($label) {
$label = __('Category');
} else {
$label = false;
}
$result = print_select($categories, 'id_category', $id_category, '', $nothing, 0, $return, 0, false, $label);
}
if ($return) {
return $result;
} else {
echo $result;
}
}
$data[3] = "<a href='" . $config["base_url"] . "/include/newsletter.php?operation=subscribe&id=" . $newsletter["id"] . "'>" . __("Full form") . "</a><br>";
$data[3] .= "<a href='" . $config["base_url"] . "/include/newsletter.php?operation=subscribe&id=" . $newsletter["id"] . "&clean=1'>" . __("Clean form") . "</a>";
$data[4] = "<a href='" . $config["base_url"] . "/include/newsletter.php?operation=desubscribe&id=" . $newsletter["id"] . "'>" . __("Full form") . "</a><br>";
$data[4] .= "<a href='" . $config["base_url"] . "/include/newsletter.php?operation=desubscribe&id=" . $newsletter["id"] . "&clean=1'>" . __("Clean form") . "</a>";
$validated_addr = get_db_sql("SELECT COUNT(id) FROM tnewsletter_address WHERE id_newsletter = " . $newsletter["id"] . " AND validated = 1 AND status = 0");
$data[5] = "<a href='index.php?sec=customers&sec2=operation/newsletter/address_definition&search_status=0&search_validate=0&search_newsletter=" . $newsletter["id"] . "'>" . $validated_addr . "</a>";
$invalid_addr = get_db_sql("SELECT COUNT(id) FROM tnewsletter_address WHERE id_newsletter = " . $newsletter["id"] . " AND validated = 1 AND status = 1");
$data[6] = "<a href='index.php?sec=customers&sec2=operation/newsletter/address_definition&search_status=1&search_validate=0&search_newsletter=" . $newsletter["id"] . "'>" . $invalid_addr . "</a>";
$pending_validation = get_db_sql("SELECT COUNT(id) FROM tnewsletter_address WHERE id_newsletter = " . $newsletter["id"] . " AND validated = 0");
$data[7] = "<a href='index.php?sec=customers&sec2=operation/newsletter/address_definition&search_validate=1&search_newsletter=" . $newsletter["id"] . "'>" . $pending_validation . "</a>";
$data[8] = '<a href="index.php?sec=customers&sec2=operation/newsletter/newsletter_definition&
validate_newsletter=1&id=' . $newsletter['id'] . '"
onClick="if (!confirm(\'' . __('Are you sure?') . '\'))
return false;">
<img src="images/accept.png" title="Forced email validation of pending addresses" ></a>';
if (give_acl($config["id_user"], $id_group, "CN")) {
$data[8] .= '<a href="index.php?sec=customers&sec2=operation/newsletter/newsletter_definition&
delete=1&id=' . $newsletter['id'] . '"
onClick="if (!confirm(\'' . __('Are you sure?') . '\'))
return false;">
<img src="images/cross.png"></a>';
}
array_push($table->data, $data);
}
print_table($table);
}
if ($manager) {
echo '<form method="post" action="index.php?sec=customers&sec2=operation/newsletter/newsletter_creation&create=1">';
echo '<div class="button" style="width: ' . $table->width . '">';
print_submit_button(__('Create'), 'new_btn', false, 'class="sub next"');
echo '</div>';
// GNU General Public License for more details.
// Load global vars
global $config;
check_login();
include_once 'include/functions_workunits.php';
if (!give_acl($config['id_user'], 0, "IR")) {
audit_db($config['id_user'], $config["REMOTE_ADDR"], "ACL Violation", "Trying to access ticket viewer");
require "general/noaccess.php";
exit;
}
// GET ACTION PARAMETERS
$create_incident = get_parameter('create_incident');
if ($create_incident) {
//Using simple interface an user with IW flag can create incidents
//The incidents are not editable using simple interface
if (!give_acl($config['id_user'], 0, "IW")) {
audit_db($config['id_user'], $config["REMOTE_ADDR"], "ACL Forbidden", "User " . $config["id_user"] . " try to create ticket");
no_permission();
exit;
}
// Read input variables
$title = get_parameter('title');
$priority = get_parameter('priority_form', 2);
$id_incident_type = get_parameter('id_incident_type', 0);
$description = get_parameter('description');
$group_id = get_parameter('group_id');
// Get default variables
$id_creator = $config["id_user"];
$sla_disabled = 0;
$id_task = 0;
// N/A
echo "</h4>";
$search_form = (bool) get_parameter ('search_form');
$create_custom_search = (bool) get_parameter ('save-search');
$delete_custom_search = (bool) get_parameter ('delete_custom_search');
$id_search = get_parameter ('saved_searches');
$serialized_filter = get_parameter("serialized_filter");
//If serialize filter use the filter stored in a file in tmp dir
if ($serialized_filter) {
$filter = unserialize_in_temp($config["id_user"]);
}
//Filter auxiliar array
$filter_form = $filter;
$has_im = give_acl ($config['id_user'], $filter_form['id_group'], "IM");
echo '<div id="msg_ok_hidden" style="display:none;">';
echo ui_print_success_message (__('Custom filter saved'), '', true, 'h3', true);
echo '</div>';
echo '<div id="msg_error_hidden" style="display:none;">';
echo ui_print_error_message (__('Could not create custom filter'), '', true, 'h3', true);
echo '</div>';
/* Get a custom filter*/
if ($id_search && !$delete_custom_search) {
$search = get_custom_search ($id_search, 'incidents');
if ($search) {
function get_incidents_on_inventory($id_inventory, $only_names = true)
{
$sql = sprintf('SELECT tincidencia.*
FROM tincidencia, tincident_inventory
WHERE tincidencia.id_incidencia = tincident_inventory.id_incident
AND tincident_inventory.id_inventory = %d
ORDER BY tincidencia.inicio DESC', $id_inventory);
$all_incidents = get_db_all_rows_sql($sql);
if ($all_incidents == false) {
return array();
}
global $config;
$incidents = array();
foreach ($all_incidents as $incident) {
if (give_acl($config['id_user'], $incident['id_grupo'], 'IR')) {
if ($only_names) {
$incidents[$incident['id']] = $incident['name'];
} else {
array_push($incidents, $incident);
}
}
}
return $incidents;
}
if (!$result['status']) {
$result['message'] = __('Description not updated');
}
echo json_encode($result);
return;
}
if ($get_file_row) {
$id_file = (int) get_parameter("id_attachment");
$id_company = (int) get_parameter("id");
$file = get_db_row_filter('tattachment', array('id_company' => $id_company, 'id_attachment' => $id_file));
$html = "";
if ($file) {
$link = "operation/common/download_file.php?id_attachment=" . $file["id_attachment"] . "&type=company";
$real_filename = $config["homedir"] . "/attachment/" . $file["id_attachment"] . "_" . rawurlencode($file["filename"]);
$html .= "<tr>";
$html .= "<td valign=top>";
$html .= '<a target="_blank" href="' . $link . '">' . $file['filename'] . '</a>';
$html .= "<td valign=top class=f9>" . $file["description"];
//$html .= "<td valign=top>". $file["id_usuario"];
$html .= "<td valign=top>" . byte_convert($file['size']);
$stat = stat($real_filename);
$html .= "<td valign=top class=f9>" . date("Y-m-d H:i:s", $stat['mtime']);
// Delete attachment
if (give_acl($config['id_user'], $incident['id_grupo'], 'IM')) {
$html .= "<td>" . '<a class="delete" name="delete_file_' . $file["id_attachment"] . '" href="index.php?sec=incidents&sec2=operation/incidents/incident_dashboard_detail&id=' . $id . '&tab=files&id_attachment=' . $file["id_attachment"] . '&delete_file=1#incident-operations">
<img src="images/cross.png"></a>';
}
}
echo $html;
return;
}
require "general/noaccess.php";
exit;
}
// Take input parameters
$id = (int) get_parameter('id');
$id_creator = get_parameter('id_creator');
// Delete incident
if (isset($_POST["quick_delete"])) {
$id_inc = $_POST["quick_delete"];
$sql2 = "SELECT * FROM tincidencia WHERE id_incidencia=" . $id_inc;
$result2 = mysql_query($sql2);
$row2 = mysql_fetch_array($result2);
if ($row2) {
$id_author_inc = $row2["id_usuario"];
$email_notify = $row2["notify_email"];
if (give_acl($config['id_user'], $row2["id_grupo"], "IM") || $config['id_user'] == $id_author_inc) {
borrar_incidencia($id_inc);
echo "<h3 class='suc'>" . __('Ticket successfully deleted') . "</h3>";
audit_db($config["id_user"], $config["REMOTE_ADDR"], "Ticket deleted", "User " . $config['id_user'] . " deleted ticket #" . $id_inc);
} else {
audit_db($config["id_user"], $config["REMOTE_ADDR"], "ACL Forbidden", "User " . $config['id_user'] . " try to delete ticket");
echo "<h3 class='error'>" . __('There was a problem deleting ticketticket') . "</h3>";
no_permission();
}
}
}
/* Tabs code */
echo '<div id="tabs">';
/* Tabs list */
echo '<ul class="ui-tabs-nav">';
echo '<li class="ui-tabs-selected"><a href="#ui-tabs-1"><span><img src="images/zoom.png" title="' . __('Search') . '"></span></a></li>';
no_permission ();
}
echo '<h2>'.__('User details').'</h2>';
echo '<h4>'.$id_user.'</h4>';
$upload_avatar = (bool) get_parameter ('upload_avatar');
$update_user = (bool) get_parameter ('update_user');
$has_permission = false;
if ($id_user == $config['id_user']) {
$has_permission = true;
} else {
$groups = get_user_groups ($id_user);
foreach ($groups as $group) {
if (give_acl ($config['id_user'], $group['id'], 'UM')) {
$has_permission = true;
break;
}
}
}
/* Get fields for user */
$email = $user['direccion'];
$phone = $user['telefono'];
$real_name = $user['nombre_real'];
$avatar = $user['avatar'];
$comments = $user['comentarios'];
$lang = $user['lang'];
$id_company = $user['id_company'];
$location = $user['location'];
function api_add_address_to_newsletter($return_type, $user, $params)
{
global $config;
if (!give_acl($user, 0, "CN")) {
audit_db($user, $config["REMOTE_ADDR"], "ACL Violation", "Trying to access newsletter management");
exit;
}
$values['id_newsletter'] = $params[0];
$values['name'] = $params[1];
$values['email'] = $params[2];
$values['status'] = 0;
$values['datetime'] = print_mysql_timestamp();
$values['validated'] = 0;
$check_id_newsletter = get_db_value("id", "tnewsletter", "id", $values['id_newsletter']);
$result = 0;
if (!empty($check_id_newsletter)) {
$result = process_sql_insert('tnewsletter_address', $values);
}
switch ($return_type) {
case "xml":
echo xml_node($result);
break;
case "csv":
echo $result;
break;
}
return;
}
if ((give_acl ($config["id_user"], 0, "IW")) || (give_acl ($config['id_user'], $id_grupo, "SI"))) {
$button .= print_submit_button (__('Create'), 'action2', false, 'class="sub create"', true);
}
$button .= '</div>';
} else {
$button = "<div class='button-form'>";
$button .= print_input_hidden ('id', $id, true);
$button .= print_input_hidden ('action', 'update', true);
$button .= print_submit_button (__('Update'), 'action2', false, 'class="sub upd"', true);
$button .= '</div>';
}
//~ $table->colspan['button'][0] = 4;
//~ $table->data['button'][0] = $button;
if ($has_permission || give_acl ($config['id_user'], $id_grupo, "SI")){
if ($create_incident) {
$action = 'index.php?sec=incidents&sec2=operation/incidents/incident_detail';
echo '<form id="incident_status_form" method="post" enctype="multipart/form-data">';
print_table ($table);
//echo print_container_div('advanced_parameters_incidents_form', __('Advanced parameters'), print_table($table_advanced, true), 'closed', true, false);
//echo "<h4>" . __('File upload')."</h4>";
//echo $html;
echo $button;
echo '</form>';
} else {
echo '<form id="incident_status_form" method="post">';
print_table ($table);
//echo print_container_div('advanced_parameters_incidents_form', __('Advanced parameters'), print_table($table_advanced, true), 'closed', true, false);
echo $button;
check_login();
require_once 'include/functions_user.php';
require_once 'include/functions_workunits.php';
$days_f = array();
$date = date('Y-m-d');
// --------------------
// Workunit report (yearly)
// --------------------
// $now = date("Y-m-d H:i:s");
$year = date("Y");
$year = get_parameter("year", $year);
$prev_year = $year - 1;
$next_year = $year + 1;
$id_user_show = get_parameter("id_user", $config["id_user"]);
$operation = get_parameter('operation');
if ($id_user_show != $config["id_user"] and !give_acl($config["id_user"], 0, "PM")) {
// Doesn't have access to this page
audit_db($id_user, $config["REMOTE_ADDR"], "ACL Violation", "Trying to access to another user yearly report without proper rights");
include "general/noaccess.php";
exit;
}
// Extended ACL check for project manager
// TODO - Move to enteprrise, encapsulate in a general function
$users = get_user_visible_users();
if ($id_user_show == "" || $id_user_show != $config["id_user"] && !in_array($id_user_show, array_keys($users))) {
audit_db("Noauth", $config["REMOTE_ADDR"], "No permission access", "Trying to access user workunit report");
require "general/noaccess.php";
exit;
}
switch ($operation) {
case 'show_work_home':
// GNU General Public License for more details.
include_once "include/functions_graph.php";
global $config;
check_login();
$id_grupo = get_parameter("id_grupo", 0);
$id_user = $config['id_user'];
if (give_acl($id_user, $id_grupo, "PR") != 1 and give_acl($id_user, $id_grupo, "IR") != 1) {
// Doesn't have access to this page
audit_db($id_user, $config["REMOTE_ADDR"], "ACL Violation", "Trying to access to user report without projects access or Incident access permissions");
include "general/noaccess.php";
exit;
}
$id = get_parameter("id", $config["id_user"]);
$users = get_user_visible_users();
if ($id != "" && $id != $id_user && in_array($id, array_keys($users))) {
if (give_acl($id_user, 0, "PW")) {
$id_user = $id;
} else {
audit_db("Noauth", $config["REMOTE_ADDR"], "No permission access", "Trying to access user workunit report");
require "general/noaccess.php";
exit;
}
}
// Get parameters for actual Calendar show
$time = time();
$month = get_parameter("month", date('n', $time));
$year = get_parameter("year", date('y', $time));
$today = date('j', $time);
$days_f = array();
$first_of_month = gmmktime(0, 0, 0, $month, 1, $year);
$days_in_month = gmdate('t', $first_of_month);
function users_can_manage_group_all($id_group = 1, $access = "IR")
{
global $config;
if ($id_group != 1) {
return true;
}
$is_admin = get_admin_user($config['id_user']);
if (give_acl($config['id_user'], 1, $access) || $is_admin) {
return true;
}
return false;
}
// INTEGRIA - the ITIL Management System
// http://integria.sourceforge.net
// ==================================================
// Copyright (c) 2008 Ártica Soluciones Tecnológicas
// http://www.artica.es <*****@*****.**>
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License
// as published by the Free Software Foundation; version 2
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
global $config;
check_login();
if (give_acl($config["id_user"], 0, "KW") == 0) {
audit_db($config["id_user"], $config["REMOTE_ADDR"], "ACL Violation", "Trying to access KB Management");
require "general/noaccess.php";
exit;
}
$id_user = $config["id_user"];
// Database Creation
// ==================
if (isset($_GET["create2"])) {
// Create group
$timestamp = date('Y-m-d H:i:s');
$title = get_parameter("title", "");
$data = get_parameter("data", 0);
$id_product = get_parameter("product", "");
$id_category = get_parameter("category", "");
$id_language = get_parameter("id_language", "");
if ($aux["id_parent"]) {
$aux["parent_name"] = get_db_value("name", "tinventory", "id", $r["id_parent"]);
}
$aux["owner"] = $r["owner"];
$aux["public"] = $r["public"];
$aux["show_list"] = $r["show_list"];
$aux["last_update"] = $r["last_update"];
$aux["status"] = $r["status"];
$aux["receipt_date"] = $r["receipt_date"];
$aux["issue_date"] = $r["issue_date"];
array_push($aux_rows, $aux);
}
$rows = $aux_rows;
}
if ($export_csv_audit) {
$permission = give_acl($config["id_user"], 0, "IM");
if (!$permission) {
exit;
}
$where_clause = clean_output(get_parameter('where_clause'));
$date = get_parameter('date');
$filename = clean_output('audit_export') . '-' . date("YmdHi");
$sql = sprintf('SELECT * FROM tsesion %s ORDER by utimestamp DESC', $where_clause);
$rows = get_db_all_rows_sql($sql);
if ($rows === false) {
return;
}
}
if ($export_csv_tickets) {
$filter = unserialize_in_temp($config["id_user"]);
$rows = incidents_search_result($filter, false, true, false, false, true, false, true);
$table_description = new stdClass();
$table_description->width = '99%';
$table_description->id = 'incident_file_description';
$table_description->class = 'search-table-button';
$table_description->data = array();
$table_description->data[0][0] = print_textarea("file_description", 3, 40, '', '', true, __('Description'));
$table_description->data[1][0] = print_submit_button(__('Add'), 'crt_btn', false, 'class="sub create"', true);
$html .= "<div id='file_description_table_hook' style='display:none;'>";
$html .= print_table($table_description, true);
$html .= "</div>";
$table->colspan[10][0] = 4;
$table->data[10][0] = print_container('file_upload_container', __('File upload'), $html, 'closed', true, false);
}
if ($create_incident) {
$button = print_input_hidden('action', 'insert', true);
if (give_acl($config["id_user"], 0, "IW")) {
$button .= print_submit_button(__('Create'), 'action2', false, 'class="sub create"', true);
}
} else {
$button = print_input_hidden('id', $id, true);
$button .= print_input_hidden('action', 'update', true);
$button .= print_submit_button(__('Update'), 'action2', false, 'class="sub upd"', true);
}
$table->colspan['button'][0] = 4;
$table->data['button'][0] = $button;
if ($has_permission) {
if ($create_incident) {
$action = 'index.php?sec=incidents&sec2=operation/incidents/incident_detail';
echo '<form id="incident_status_form" method="post" enctype="multipart/form-data">';
print_table($table);
echo '</form>';
// Copyright (c) 2007-2008 Esteban Sanchez, estebans@artica.es
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License
// as published by the Free Software Foundation; version 2
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
global $config;
if (check_login() != 0) {
audit_db("Noauth", $config["REMOTE_ADDR"], "No authenticated access", "Trying to access inventory viewer");
require "general/noaccess.php";
exit;
}
$id = (int) get_parameter('id');
if (!give_acl($config['id_user'], get_inventory_group($id), 'VR')) {
audit_db($config['id_user'], $config["REMOTE_ADDR"], "ACL Violation", "Trying to access to inventory " . $id);
include "general/noaccess.php";
return;
}
echo '<h3>' . __('Contract details on inventory object') . ' #' . $id . '</h3>';
$contracts = get_inventory_contracts($id, false);
$table->class = 'inventory-contracts databox';
$table->width = '740px';
$table->colspan = array();
$table->colspan[1][1] = 3;
$table->style = array();
$table->style[0] = 'font-weight: bold';
$table->style[2] = 'font-weight: bold';
foreach ($contracts as $contract) {
$table->data = array();
$nombre_real = dame_nombre_real($usuario);
$id_grupo = $row["id_grupo"];
$id_creator = $row["id_creator"];
$grupo = dame_nombre_grupo($id_grupo);
$result_msg = "";
$id_user = $_SESSION['id_usuario'];
if (give_acl($iduser_temp, $id_grupo, "IR") != 1) {
// Doesn't have access to this page
audit_db($id_user, $REMOTE_ADDR, "ACL Violation", "Trying to access to ticket " . $id_inc . " '" . $titulo . "'");
include "general/noaccess.php";
exit;
}
// Delete note
if (isset($_GET["id_nota"])) {
$note_user = give_note_author($_GET["id_nota"]);
if (give_acl($iduser_temp, $id_grupo, "IM") || $note_user == $iduser_temp || ($usuario = $iduser_temp)) {
// Only admins (manage incident) or owners can modify incidents, including their notes
// But note authors was able to delete this own notes
$id_nota = $_GET["id_nota"];
$id_nota_inc = $_GET["id_nota_inc"];
$query = "DELETE FROM tnota WHERE id_nota = " . $id_nota;
$query2 = "DELETE FROM tnota_inc WHERE id_nota_inc = " . $id_nota_inc;
mysql_query($query);
mysql_query($query2);
if (mysql_query($query)) {
$result_msg = "<h3 class='suc'>" . __('Note successfully deleted') . "</h3>";
}
incident_tracking($id_inc, $id_usuario, INCIDENT_NOTE_DELETED);
}
}
echo "<div id='menu_tab'><ul class='mn'>";
// ---------------
// DELETE Workunit
// ---------------
if ($operation == "delete"){
// Delete workunit with ACL / Project manager check
$id_workunit = get_parameter ("id_workunit");
$sql = "SELECT * FROM tworkunit WHERE id = $id_workunit";
if ($res = mysql_query($sql))
$row=mysql_fetch_array($res);
else
return;
$id_user_wu = $row["id_user"];
if (($id_user_wu == $config["id_user"]) OR (give_acl($config["id_user"], 0,"PM") ==1 ) OR (project_manager_check($id_project) == 1)){
mysql_query ("DELETE FROM tworkunit where id = '$id_workunit'");
if (mysql_query ("DELETE FROM tworkunit_task where id_workunit = '$id_workunit'")){
$result_output = ui_print_success_message (__('Successfully deleted'), '', true, 'h3', true);
audit_db ($id_user, $config["REMOTE_ADDR"], "Work unit deleted", "Workunit for $id_user");
} else {
$result_output = ui_print_error_message (__('Not deleted. Error deleting data'), '', true, 'h3', true);
}
} else {
audit_db($id_user, $config["REMOTE_ADDR"], "ACL Violation","Trying to delete WU $id_workunit without rigths");
include ("general/noaccess.php");
exit;
}
}
// --------------------
if (give_acl($config["id_user"], 0, "CR"))
echo "<a href='index.php?sec=customers&sec2=operation/companies/company_detail'>".__('Customers')."</a></li>";
}
if (($show_people != MENU_HIDDEN) && (get_standalone_user($config["id_user"]) == false)) {
// Users
if ($sec == "users" )
echo "<li id='current' class='people'>";
else
echo "<li class='people'>";
echo "<div>|</div>";
echo "<a href='index.php?sec=users&sec2=operation/user_report/report_monthly'>".__('People')."</a></li>";
}
// Wiki
if (give_acl($config["id_user"], 0, "WR") && $show_wiki != MENU_HIDDEN && (get_standalone_user($config["id_user"]) == false)) {
// Wiki
if ($sec == "wiki" )
echo "<li id='current' class='wiki'>";
else
echo "<li class='wiki'>";
echo "<div>|</div>";
echo "<a href='index.php?sec=wiki&sec2=operation/wiki/wiki'>" . __('Wiki') . "</a>";
echo "<div>|</div></li>";
}
// Custom Screens
if (((int)enterprise_include('custom_screens/CustomScreensManager.php', true) != ENTERPRISE_NOT_HOOK) && (get_standalone_user($config["id_user"]) == false)) {
$custom_screens = CustomScreensManager::getInstance()->getCustomScreensList(false);
if (!empty($custom_screens)) {
$real_filename = $config["homedir"]."/attachment/".$file["id_attachment"]."_".rawurlencode ($file["filename"]);
echo "<tr>";
echo "<td valign=top>";
echo '<a target="_blank" href="'.$link.'">'. $file['filename'].'</a>';
$stat = stat ($real_filename);
echo "<td valign=top class=f9>".date ("Y-m-d H:i:s", $stat['mtime']);
echo "<td valign=top class=f9>". $file["description"];
echo "<td valign=top>". $file["id_usuario"];
echo "<td valign=top>". byte_convert ($file['size']);
// Delete attachment
if (give_acl ($config['id_user'], $incident['id_grupo'], 'IM') && !$clean_output) {
echo "<td>". '<a class="delete" name="delete_file_'.$file["id_attachment"].'" href="index.php?sec=incidents&sec2=operation/incidents/incident_dashboard_detail&id='.$id.'&tab=files&id_attachment='.$file["id_attachment"].'&delete_file=1#incident-operations">
<img src="images/cross.png"></a>';
}
}
echo "</table>";
echo "</div>";
?>
<script src="include/js/jquery.fileupload.js"></script>
<script src="include/js/jquery.iframe-transport.js"></script>
<script src="include/js/jquery.knob.js"></script>
public function checkACL($access = "AR", $group_id = 0)
{
if (give_acl($this->getConfig('id_user'), $group_id, $access)) {
return true;
}
return false;
}
// Integria IMS - http://integriaims.com
// ==================================================
// Copyright (c) 2008-2010 Artica Soluciones Tecnologicas
// This program is free software; you can redistribute it and/or
// modify it under the terms of the GNU General Public License
// as published by the Free Software Foundation; either version 2
// of the License, or (at your option) any later version.
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
global $config;
check_login();
$id = (int) get_parameter('id');
$incident_creator = get_db_value("id_creator", "tincidencia", "id_incidencia", $id);
if (!give_acl($config["id_user"], 0, "IW") && $config['id_user'] != $incident_creator) {
// Doesn't have access to this page
audit_db($config['id_user'], $config["REMOTE_ADDR"], "ACL Violation", "Trying to access to ticket #" . $id);
include "general/noaccess.php";
return;
}
$title = get_db_value("titulo", "tincidencia", "id_incidencia", $id);
echo '<div id="upload_result"></div>';
echo "<div id='upload_control'>";
$table->width = '100%';
$table->data = array();
$table->data[0][0] = "<span style='font-size: 10px'>" . __("Please note that you cannot upload .php or .pl files, as well other source code formats. Please compress that files prior to upload (using zip or gz)") . "</span>";
$table->data[1][0] = print_textarea('file_description', 8, 1, '', "style='resize:none'", true, __('Description'));
if (defined('AJAX')) {
$action = 'ajax.php?page=operation/incidents/incident_detail';
} else {
