if ($docid) {
$query = "select * " . "from doc_data " . "where docid = {$docid}";
$result = db_query($query);
if (db_numrows($result) < 1) {
exit_error($Language->getText('global', 'error'), $Language->getText('docman_display_doc', 'error_nodoc', array($docid)));
} else {
$row = db_fetch_array($result);
}
$from_group_id = $group_id;
// Get group_id of the document group containing the doc.
$res_group = db_query("SELECT group_id FROM doc_groups WHERE doc_group=" . $row['doc_group']);
$object_group_id = db_result($res_group, 0, 'group_id');
// Visual layout should be that of the document group_id
$group_id = $object_group_id;
// Check permissions for document, then document group
if (permission_exist('DOCUMENT_READ', $docid)) {
if (!permission_is_authorized('DOCUMENT_READ', $docid, user_getid(), $object_group_id)) {
exit_error($Language->getText('global', 'perm_denied'), $Language->getText('global', 'error_perm_denied'));
}
} else {
if (!permission_is_authorized('DOCGROUP_READ', $row['doc_group'], user_getid(), $object_group_id)) {
exit_error($Language->getText('global', 'perm_denied'), $Language->getText('global', 'error_perm_denied'));
}
}
if (user_isloggedin()) {
//Insert a new entry in the doc_log table only for restricted documents
$sql = "INSERT INTO doc_log(user_id,docid,time) " . "VALUES ('" . user_getid() . "','" . $docid . "','" . time() . "')";
$res_insert = db_query($sql);
}
// HTML or text files that were copy/pasted are displayed in a Codendi-formatted page.
// Uploaded files are always displayed as-is.
public function permissionExist()
{
if (permission_exist(Wiki_PermissionsManager::WIKI_PERMISSION_READ, $this->id)) {
return true;
} else {
return false;
}
}
/**
*
* @return boolean Return if a permission is set on this Wiki
*/
function permissionExist()
{
return permission_exist('WIKI_READ', $this->gid);
}
/**
* userCanDownload : determine if the user can download the file or not
*
* WARNING : for the moment, user can download the file if the user can view the package and can view the release the file belongs to.
*
* @param int $user_id the ID of the user. If $user_id is 0, then we take the current user.
* @return boolean true if the user has permissions to download the file, false otherwise
*/
function userCanDownload($user_id = 0)
{
if ($user_id == 0) {
$user_id = user_getid();
}
$user = UserManager::instance()->getUserById($user_id);
if ($user) {
if ($user->isSuperUser()) {
return true;
}
}
$user_can_download = false;
if (!$this->isDeleted()) {
$group = $this->getGroup();
$group_id = $group->getID();
if (permission_exist('RELEASE_READ', $this->getReleaseID())) {
if (permission_is_authorized('RELEASE_READ', $this->getReleaseID(), $user_id, $group_id)) {
$user_can_download = true;
}
} else {
if (permission_is_authorized('PACKAGE_READ', $this->getPackageID(), $user_id, $group_id)) {
$user_can_download = true;
}
}
}
return $user_can_download;
}
/**
* _getPackagesForUser
*
* return the packages the user can see
*
* @param user_id
*/
function _getPackagesForUser($user_id)
{
$frspf = $this->getFRSPackageFactory();
$packages = array();
$sql = "SELECT frs_package.package_id,frs_package.name AS package_name,frs_release.name AS release_name,frs_release.release_id AS release_id,frs_release.release_date AS release_date " . "FROM frs_package,frs_release " . "WHERE frs_package.package_id=frs_release.package_id " . "AND frs_package.group_id='" . db_ei($this->getGroupId()) . "' " . "AND frs_release.status_id=' " . db_ei($frspf->STATUS_ACTIVE) . "' " . "ORDER BY frs_package.rank,frs_package.package_id,frs_release.release_date DESC, frs_release.release_id DESC";
$res_files = db_query($sql);
$rows_files = db_numrows($res_files);
if ($res_files && $rows_files >= 1) {
for ($f = 0; $f < $rows_files; $f++) {
$package_id = db_result($res_files, $f, 'package_id');
$release_id = db_result($res_files, $f, 'release_id');
if ($frspf->userCanRead($this->getGroupId(), $package_id, $user_id)) {
if (isset($package_displayed[$package_id]) && $package_displayed[$package_id]) {
//if ($package_id==db_result($res_files,($f-1),'package_id')) {
//same package as last iteration - don't show this release
} else {
$authorized = false;
// check access.
if (permission_exist('RELEASE_READ', $release_id)) {
$authorized = permission_is_authorized('RELEASE_READ', $release_id, $user_id, $this->getGroupId());
} else {
$authorized = permission_is_authorized('PACKAGE_READ', $package_id, $user_id, $this->getGroupId());
}
if ($authorized) {
$packages[] = array('package_name' => db_result($res_files, $f, 'package_name'), 'release_name' => db_result($res_files, $f, 'release_name'), 'release_id' => $release_id, 'package_id' => $package_id);
$package_displayed[$package_id] = true;
}
}
}
}
}
return $packages;
}
/**
* browsePages - private
*/
function _browsePages(&$pageList)
{
print html_build_list_table_top(array('Page', 'Permissions'));
$purifier = Codendi_HTMLPurifier::instance();
sort($pageList);
$i = 0;
foreach ($pageList as $pagename) {
print ' <tr class="' . html_get_alt_row_color($i) . '"> ';
print '<td><a href="' . $this->wikiLink . '&pagename=' . urlencode($pagename) . '">' . $purifier->purify($pagename) . '</a></td>';
$page = new WikiPage($this->gid, $pagename);
$status = $GLOBALS['Language']->getText('wiki_views_wkserviews', 'define_perms');
if (permission_exist('WIKIPAGE_READ', $page->getId())) {
$status = $GLOBALS['Language']->getText('wiki_views_wkserviews', 'edit_perms');
}
$eM =& EventManager::instance();
$referenced = false;
$eM->processEvent('isWikiPageReferenced', array('referenced' => &$referenced, 'wiki_page' => $pagename, 'group_id' => $this->gid));
print '<td align="center">';
if ($referenced) {
$label = '';
$eM->processEvent('getPermsLabelForWiki', array('label' => &$label));
print $purifier->purify($label);
} else {
print '<a href="' . $this->wikiAdminLink . '&view=pagePerms&id=' . urlencode($page->getId()) . '">[' . $purifier->purify($status) . ']</a>';
}
print '</td>';
print ' </tr> ';
$i++;
}
print '</TABLE>';
}
function news_check_permission($forum_id, $group_id)
{
/*
Takes a forum_id and checks if user is authorized to read the piece of news associated to this forum_id
*/
//cast input
if ($group_id == $GLOBALS['sys_news_group']) {
//search for the real group_id of the news
$sql = "SELECT g.access FROM news_bytes AS n INNER JOIN groups AS g USING(group_id) WHERE n.forum_id = " . db_ei($forum_id);
$res = db_query($sql);
if ($res && db_numrows($res)) {
$row = db_fetch_array($res);
//see if it is public to continue permissions check
if ($row['access'] === Project::ACCESS_PRIVATE) {
return false;
}
}
}
if (permission_exist('NEWS_READ', $forum_id) && permission_is_authorized('NEWS_READ', $forum_id, user_getid(), $group_id) || !permission_exist('NEWS_READ', $forum_id)) {
return true;
} else {
return false;
}
}
/**
Display list of docs in administration page
*/
function display_docs($group_id)
{
global $Language;
$query = "select d1.docid, d1.title, d1.doc_group,d1.rank,d1.createdate,d2.groupname " . "from doc_data as d1, doc_groups as d2 " . "where d2.group_id = '" . $group_id . "' " . "and d1.doc_group = d2.doc_group " . "order by group_rank, rank";
$result = db_query($query);
if (db_numrows($result) < 1) {
echo $Language->getText('docman_doc_utils', 'error_nodocyet') . '<p>';
} else {
$title_arr = array();
$title_arr[] = $Language->getText('docman_doc_utils', 'doc_id');
$title_arr[] = $Language->getText('docman_doc_utils', 'doc_name');
$title_arr[] = $Language->getText('docman_doc_utils', 'doc_group');
$title_arr[] = $Language->getText('docman_doc_utils', 'rank_in_group');
$title_arr[] = $Language->getText('docman_doc_utils', 'create_date');
$title_arr[] = $Language->getText('docman_doc_utils', 'permissions');
$title_arr[] = $Language->getText('docman_doc_utils', 'delete_ask');
echo html_build_list_table_top($title_arr);
$i = 0;
while ($row = db_fetch_array($result)) {
$edit_uri = "index.php?docid=" . $row['docid'] . "&mode=docedit&group_id=" . $group_id;
print "<tr class=\"" . util_get_alt_row_color($i) . "\">" . "<td><b><a href=\"" . $edit_uri . "\">" . $row['docid'] . "</b></a></td>" . "<td><a href=\"" . $edit_uri . "\">" . $row['title'] . "</a></td>" . "<td>" . $row['groupname'] . "</td>" . "<td>" . $row['rank'] . "</td>" . "<td>" . format_date($Language->getText('system', 'datefmt'), $row['createdate']) . "</td>" . "<td align='center'><FONT SIZE='-1'><a href='/docman/admin/editdocpermissions.php?docid=" . $row['docid'] . "&group_id={$group_id}'>";
if (permission_exist('DOCUMENT_READ', $row['docid'])) {
print $Language->getText('docman_doc_utils', 'edit_perms');
} else {
print $Language->getText('docman_doc_utils', 'define_perms');
}
print "</a></font></td>" . '<td align="center"><a href="index.php?mode=docdelete&docid=' . $row['docid'] . '&group_id=' . $group_id . '"><img src="' . util_get_image_theme("ic/trash.png") . '" border="0" onClick="return confirm(\'' . $Language->getText('docman_doc_utils', 'delete_doc_confirm') . '\')"></A></td></tr>';
$i++;
}
echo '</table>';
}
//end else
}
/**
* @access public
*/
public function permissionExist()
{
require_once 'www/project/admin/permissions.php';
return permission_exist('PHPWIKIATTACHMENT_READ', $this->id);
}
/**
* @access public
*/
function permissionExist()
{
if (permission_exist('WIKIPAGE_READ', $this->id)) {
return true;
} else {
return false;
}
}