public function CheckActionEnable(&$STORAGE, $action) { if (check_current_employee_admin($STORAGE)) { return true; } $db = db_class::get_instance(); switch ($action) { case 'view': case 'edit': case 'delete': return true; default: return false; } return false; }
$show_files = array(); if ($include_header_footer) { include SITE_FILE_ROOT . 'template/simple_header.php'; } if ($enable) { $query = ' SELECT * FROM "' . VIEW_FILE_ATTACH . '" WHERE "type"=\'' . $db->str2base($type) . '\' AND "item_id" = \'' . $db->str2base($item_id) . '\' '; $db->query($query); $files = $db->value; $role_ids = array(); $is_admin = true; if (!check_current_employee_admin($STORAGE)) { $is_admin = false; $role_ids = get_current_epmloyee_role_ids($STORAGE); } for ($i = 0; $i < count($files); $i++) { if (!$is_admin) { if (count($role_ids) == 0) { break; } $query = 'SELECT "file_id" FROM ' . TABLE_FILE_ROLE . ' WHERE "file_id"=' . $files[$i]['file_id'] . ' AND role_id IN (' . join(',', $role_ids) . ') LIMIT 1'; $db->query($query); if (count($db->value) == 0) { continue; } } $show_files[] = $files[$i];