/**
* Delete a role requires deleting all of the ACLs associated with this
* role, and all of the group data for the role.
*
* @return bool|null|string
*/
public function delete()
{
if (canDelete('roles')) {
// Delete all the children from this group
return $this->_perms->deleteRole($this->role_id);
} else {
return false;
//get_class($this) . '::delete failed - You do not have permission to delete this role';
}
}
public function delete()
{
// Delete a role requires deleting all of the ACLs associated
// with this role, and all of the group data for the role.
if (canDelete('roles')) {
// Delete all the children from this group
return $this->perms->deleteRole($this->role_id);
} else {
return false;
//get_class($this) . '::delete failed - You do not have permission to delete this role';
}
}
?>
</strong>
</font>
</td>
</tr>
</form>
</table>
<?php
} else {
// check permissions for this record
$canReadProject = $perms->checkModuleItem('projects', 'view', $project_id);
$canEditProject = $perms->checkModuleItem('projects', 'edit', $project_id);
$canViewTasks = canView('tasks');
$canAddTasks = canAdd('tasks');
$canEditTasks = canEdit('tasks');
$canDeleteTasks = canDelete('tasks');
if (!$canReadProject) {
$AppUI->redirect('m=public&a=access_denied');
}
// check if this record has dependencies to prevent deletion
$msg = '';
$obj = new CProject();
// Now check if the project is editable/viewable.
$denied = $obj->getDeniedRecords($AppUI->user_id);
if (in_array($project_id, $denied)) {
$AppUI->redirect('m=public&a=access_denied');
}
$canDeleteProject = $obj->canDelete($msg, $project_id);
// get critical tasks (criteria: task_end_date)
$criticalTasks = $project_id > 0 ? $obj->getCriticalTasks($project_id) : null;
// get ProjectPriority from sysvals
* not allowed in the request parameters.
*/
$u = $AppUI->checkFileName(w2PgetCleanParam($_GET, 'u', ''));
// load module based locale settings
@(include_once W2P_BASE_DIR . '/locales/' . $AppUI->user_locale . '/locales.php');
include_once W2P_BASE_DIR . '/locales/core.php';
setlocale(LC_TIME, $AppUI->user_lang);
$m_config = w2PgetConfig($m);
// TODO: canRead/Edit assignements should be moved into each file
// check overall module permissions
// these can be further modified by the included action files
$canAccess = canAccess($m);
$canRead = canView($m);
$canEdit = canEdit($m);
$canAuthor = canAdd($m);
$canDelete = canDelete($m);
if (!$suppressHeaders) {
// output the character set header
if (isset($locale_char_set)) {
header('Content-type: text/html;charset=' . $locale_char_set);
}
}
// include the module class file - we use file_exists instead of @ so
// that any parse errors in the file are reported, rather than errors
// further down the track.
$modclass = $AppUI->getModuleClass($m);
if (file_exists($modclass)) {
include_once $modclass;
}
if ($u && file_exists(W2P_BASE_DIR . '/modules/' . $m . '/' . $u . '/' . $u . '.class.php')) {
include_once W2P_BASE_DIR . '/modules/' . $m . '/' . $u . '/' . $u . '.class.php';
if (!defined('W2P_BASE_DIR')) {
die('You should not access this file directly.');
}
$event_id = (int) w2PgetParam($_GET, 'event_id', 0);
// check permissions for this record
$perms =& $AppUI->acl();
$canRead = $perms->checkModuleItem($m, 'view', $event_id);
if (!$canRead) {
$AppUI->redirect('m=public&a=access_denied');
}
$canEdit = $perms->checkModuleItem($m, 'edit', $event_id);
// check if this record has dependencies to prevent deletion
$msg = '';
$event = new CEvent();
$event->loadFull($event_id);
$canDelete = canDelete($m, $event_id);
// load the record data
if (!$event) {
$AppUI->setMsg('Event');
$AppUI->setMsg('invalidID', UI_MSG_ERROR, true);
$AppUI->redirect();
} else {
$AppUI->savePlace();
}
//check if the user has view permission over the project
if ($event->event_project && !$perms->checkModuleItem('projects', 'view', $event->event_project)) {
$AppUI->redirect('m=public&a=access_denied');
}
// load the event types
$types = w2PgetSysVal('EventType');
// load the event recurs types
if (!defined('W2P_BASE_DIR')) {
die('You should not access this file directly.');
}
global $AppUI, $task_id, $sf, $df, $canEdit, $m;
$perms =& $AppUI->acl();
if (!canView('task_log')) {
$AppUI->redirect('m=public&a=access_denied');
}
$problem = (int) w2PgetParam($_GET, 'problem', null);
?>
<script language="javascript" type="text/javascript">
<?php
// security improvement:
// some javascript functions may not appear on client side in case of user not having write permissions
// else users would be able to arbitrarily run 'bad' functions
$canDelete = canDelete('task_log');
if ($canDelete) {
?>
function delIt2(id) {
if (confirm( '<?php
echo $AppUI->_('doDelete', UI_OUTPUT_JS) . ' ' . $AppUI->_('Task Log', UI_OUTPUT_JS) . '?';
?>
' )) {
document.frmDelete2.task_log_id.value = id;
document.frmDelete2.submit();
}
}
<?php
}
?>
</script>
$q->addInsert('history_date', "'" . $q->dbfnNowWithTZ() . "'");
$q->addInsert('history_description', $history_description);
$q->addInsert('history_user', $userid);
$q->addInsert('history_project', $history_project);
$okMsg = 'History added';
} elseif ($action == 'update') {
if (!canEdit('history')) {
$AppUI->redirect('m=public&a=access_denied');
}
$q->addTable('history');
$q->addUpdate('history_description', $history_description);
$q->addUpdate('history_project', $history_project);
$q->addWhere('history_id =' . $history_id);
$okMsg = 'History updated';
} elseif ($action == 'del') {
if (!canDelete('history')) {
$AppUI->redirect('m=public&a=access_denied');
}
$q->setDelete('history');
$q->addWhere('history_id =' . $history_id);
$okMsg = 'History deleted';
}
if (!$q->exec()) {
$AppUI->setMsg(db_error());
} else {
$AppUI->setMsg($okMsg);
if ($action == 'add') {
$q->clear();
}
$q->addTable('history');
$q->addUpdate('history_item = history_id');
<?php
/* $Id$ $URL$ */
if (!defined('W2P_BASE_DIR')) {
die('You should not access this file directly.');
}
$task_id = (int) w2PgetParam($_GET, 'task_id', 0);
$task_log_id = (int) w2PgetParam($_GET, 'task_log_id', 0);
$reminded = (int) w2PgetParam($_GET, 'reminded', 0);
// check permissions for this record
$canRead = canView($m, $task_id);
$canEdit = canEdit($m, $task_id);
$canDelete = canDelete($m, $task_id);
if (!$canRead) {
$AppUI->redirect('m=public&a=access_denied');
}
$perms =& $AppUI->acl();
// check if this record has dependencies to prevent deletion
$msg = '';
$obj = new CTask();
$obj->loadFull(null, $task_id);
if (!$obj) {
$AppUI->setMsg('Task');
$AppUI->setMsg('invalidID', UI_MSG_ERROR, true);
$AppUI->redirect();
} else {
$AppUI->savePlace();
}
if (!$obj->canAccess($AppUI->user_id)) {
$AppUI->redirect('m=public&a=access_denied');
}
<?php
/* $Id$ $URL$ */
if (!defined('W2P_BASE_DIR')) {
die('You should not access this file directly.');
}
//view posts
$forum_id = (int) w2PgetParam($_GET, 'forum_id', 0);
$message_id = (int) w2PgetParam($_GET, 'message_id', 0);
$post_message = (int) w2PgetParam($_GET, 'post_message', 0);
$f = w2PgetParam($_POST, 'f', 0);
// check permissions
$perms =& $AppUI->acl();
$canAuthor = canAdd('forums');
$canDelete = canDelete('forums');
$canRead = $perms->checkModuleItem('forums', 'view', $forum_id);
$canEdit = $perms->checkModuleItem('forums', 'edit', $forum_id);
$canAdminEdit = canEdit('admin');
if (!$canRead) {
$AppUI->redirect('m=public&a=access_denied');
}
$forum = new CForum();
$forum->loadFull($AppUI, $forum_id);
if (!$forum) {
$AppUI->setMsg('Forum');
$AppUI->setMsg('invalidID', UI_MSG_ERROR, true);
$AppUI->redirect();
} else {
$AppUI->savePlace();
}
$df = $AppUI->getPref('SHDATEFORMAT');
/* $Id$ $URL$ */
if (!defined('W2P_BASE_DIR')) {
die('You should not access this file directly.');
}
$AppUI->savePlace();
// pull all the key types
$perms =& $AppUI->acl();
// Get the permissions for this module
$canAccess = canAccess('roles');
if (!$canAccess) {
$AppUI->redirect('m=public&a=access_denied');
}
$canRead = canView('roles');
$canAdd = canAdd('roles');
$canEdit = canEdit('roles');
$canDelete = canDelete('roles');
$crole = new CSystem_Role();
$roles = $crole->getRoles();
$role_id = (int) w2PgetParam($_GET, 'role_id', 0);
// setup the title block
$titleBlock = new w2p_Theme_TitleBlock('Roles', 'main-settings.png', $m, $m . '.' . $a);
$titleBlock->addCrumb('?m=system', 'System Admin');
$titleBlock->show();
$crumbs = array();
$crumbs['?m=system'] = 'System Admin';
?>
<script language="javascript" type="text/javascript">
<?php
// security improvement:
// some javascript functions may not appear on client side in case of user not having write permissions
<?php
if (!defined('W2P_BASE_DIR')) {
die('You should not access this file directly.');
}
// @todo convert to template
//view posts
$forum_id = (int) w2PgetParam($_GET, 'forum_id', 0);
$message_id = (int) w2PgetParam($_GET, 'message_id', 0);
$post_message = (int) w2PgetParam($_GET, 'post_message', 0);
$f = w2PgetParam($_POST, 'f', 0);
// check permissions
$perms =& $AppUI->acl();
$canAuthor = canAdd('forums');
$canDelete = canDelete('forums', $forum_id);
$canRead = $perms->checkModuleItem('forums', 'view', $forum_id);
$canEdit = $perms->checkModuleItem('forums', 'edit', $forum_id);
$canAdminEdit = canEdit('system');
if (!$canRead) {
$AppUI->redirect(ACCESS_DENIED);
}
$message = new CForum_Message();
$message->load($message_id);
if (0 == $forum_id) {
$forum_id = $message->message_forum;
}
$forum = new CForum();
$forum->load($forum_id);
$project = new CProject();
$project->load($forum->forum_project);
if (!$forum) {
public function canDelete($notUsed = null, $notUsed2 = null, $notUsed3 = null)
{
return canDelete('system');
}
/**
* Determines whether the currently logged in user can delete this task log.
*
* @global AppUI $AppUI global user permissions
*
* @param string by ref $msg error msg to be populated on failure
* @param int optional $oid key to check
* @param array $joins optional list of tables to join on
*
* @return bool
*/
public function canDelete(&$msg, $oid = null, $joins = null)
{
global $AppUI;
$q = new w2p_Database_Query();
// First things first. Are we allowed to delete?
$acl =& $AppUI->acl();
if (!canDelete('task_log')) {
$msg = $AppUI->_('noDeletePermission');
return false;
}
$k = $this->_tbl_key;
if ($oid) {
$this->{$k} = (int) $oid;
}
if (is_array($joins)) {
$q->addTable($this->_tbl, 'k');
$q->addQuery($k);
$i = 0;
foreach ($joins as $table) {
$table_alias = 't' . $i++;
$q->leftJoin($table['name'], $table_alias, $table_alias . '.' . $table['joinfield'] . ' = ' . 'k' . '.' . $k);
$q->addQuery('COUNT(DISTINCT ' . $table_alias . '.' . $table['idfield'] . ') AS ' . $table['idfield']);
}
$q->addWhere($k . ' = ' . $this->{$k});
$q->addGroup($k);
$obj = null;
$q->loadObject($obj);
$q->clear();
if (!$obj) {
$msg = db_error();
return false;
}
$msg = array();
foreach ($joins as $table) {
$k = $table['idfield'];
if ($obj->{$k}) {
$msg[] = $AppUI->_($table['label']);
}
}
if (count($msg)) {
$msg = $AppUI->_('noDeleteRecord') . ': ' . implode(', ', $msg);
return false;
}
}
return true;
}
