* @uses file_api.php
* @uses form_api.php
* @uses html_api.php
* @uses lang_api.php
* @uses utility_api.php
*/
require_once 'core.php';
require_api('access_api.php');
require_api('config_api.php');
require_api('file_api.php');
require_api('form_api.php');
require_api('html_api.php');
require_api('lang_api.php');
require_api('utility_api.php');
# Check if project documentation feature is enabled.
if (OFF == config_get('enable_project_documentation') || !file_is_uploading_enabled() || !file_allow_project_upload()) {
access_denied();
}
access_ensure_project_level(config_get('upload_project_file_threshold'));
$t_max_file_size = (int) min(ini_get_number('upload_max_filesize'), ini_get_number('post_max_size'), config_get('max_file_size'));
html_page_top();
?>
<br />
<div>
<form method="post" enctype="multipart/form-data" action="proj_doc_add.php">
<?php
echo form_security_field('proj_doc_add');
?>
<table class="width75" cellspacing="1">
<tr>
<label for="project-view-state"><span><?php
echo lang_get('view_status');
?>
</span></label>
<span class="select">
<select id="project-view-state" name="view_state">
<?php
print_enum_string_option_list('view_state', config_get('default_project_view_status', null, ALL_USERS, ALL_PROJECTS));
?>
</select>
</span>
<span class="label-style"></span>
</div>
<?php
$g_project_override = ALL_PROJECTS;
if (file_is_uploading_enabled() && DATABASE !== config_get('file_upload_method')) {
$t_file_path = '';
# Don't reveal the absolute path to non-administrators for security reasons
if (current_user_is_administrator()) {
$t_file_path = config_get('absolute_path_default_upload_folder');
}
?>
<div class="field-container">
<label for="project-file-path"><span><?php
echo lang_get('upload_file_path');
?>
</span></label>
<span class="input"><input type="text" id="project-file-path" name="file_path" size="60" maxlength="250" value="<?php
echo $t_file_path;
?>
" /></span>
<?php
echo lang_get('view_status');
?>
</th>
<td>
<select name="view_state">
<?php
print_enum_string_option_list('view_state', $row['view_state']);
?>
</select>
</td>
</tr>
<!-- File upload path (if uploading is enabled) -->
<?php
if (file_is_uploading_enabled()) {
?>
<tr <?php
echo helper_alternate_class();
?>
>
<th class="category">
<?php
echo lang_get('upload_file_path');
?>
</th>
<td>
<input type="text" name="file_path" size="50" maxlength="250" value="<?php
echo string_attribute($row['file_path']);
?>
" />
/**
* Get the attachments that belong to the specified project.
*
* @param string $p_username The name of the user trying to access the versions.
* @param string $p_password The password of the user.
* @param integer $p_project_id The id of the project to retrieve the attachments for.
* @return Array representing a ProjectAttachmentDataArray structure.
*/
function mc_project_get_attachments($p_username, $p_password, $p_project_id)
{
$t_user_id = mci_check_login($p_username, $p_password);
if ($t_user_id === false) {
return mci_soap_fault_login_failed();
}
# Check if project documentation feature is enabled.
if (OFF == config_get('enable_project_documentation') || !file_is_uploading_enabled()) {
return mci_soap_fault_access_denied($t_user_id);
}
if (!project_exists($p_project_id)) {
return new soap_fault('Client', '', "Project '{$p_project_id}' does not exist.");
}
if (!mci_has_readonly_access($t_user_id, $p_project_id)) {
return mci_soap_fault_access_denied($t_user_id);
}
$t_project_file_table = db_get_table('project_file');
$t_project_table = db_get_table('project');
$t_project_user_list_table = db_get_table('project_user_list');
$t_user_table = db_get_table('user');
$t_pub = VS_PUBLIC;
$t_priv = VS_PRIVATE;
$t_admin = config_get_global('admin_site_threshold');
if ($p_project_id == ALL_PROJECTS) {
# Select all the projects that the user has access to
$t_projects = user_get_accessible_projects($t_user_id);
} else {
# Select the specific project
$t_projects = array($p_project_id);
}
$t_projects[] = ALL_PROJECTS;
# add ALL_PROJECTS to the list of projects to fetch
$t_reqd_access = config_get('view_proj_doc_threshold');
if (is_array($t_reqd_access)) {
if (1 == count($t_reqd_access)) {
$t_access_clause = "= " . array_shift($t_reqd_access) . " ";
} else {
$t_access_clause = "IN (" . implode(',', $t_reqd_access) . ")";
}
} else {
$t_access_clause = ">= {$t_reqd_access} ";
}
$query = "SELECT pft.id, pft.project_id, pft.filename, pft.file_type, pft.filesize, pft.title, pft.description, pft.date_added\n\t\tFROM {$t_project_file_table} pft\n\t\tLEFT JOIN {$t_project_table} pt ON pft.project_id = pt.id\n\t\tLEFT JOIN {$t_project_user_list_table} pult\n\t\tON pft.project_id = pult.project_id AND pult.user_id = {$t_user_id}\n\t\tLEFT JOIN {$t_user_table} ut ON ut.id = {$t_user_id}\n\t\tWHERE pft.project_id in (" . implode(',', $t_projects) . ") AND\n\t\t( ( ( pt.view_state = {$t_pub} OR pt.view_state is null ) AND pult.user_id is null AND ut.access_level {$t_access_clause} ) OR\n\t\t( ( pult.user_id = {$t_user_id} ) AND ( pult.access_level {$t_access_clause} ) ) OR\n\t\t( ut.access_level = {$t_admin} ) )\n\t\tORDER BY pt.name ASC, pft.title ASC";
$result = db_query($query);
$num_files = db_num_rows($result);
$t_result = array();
for ($i = 0; $i < $num_files; $i++) {
$row = db_fetch_array($result);
$t_attachment = array();
$t_attachment['id'] = $row['id'];
$t_attachment['filename'] = $row['filename'];
$t_attachment['title'] = $row['title'];
$t_attachment['description'] = $row['description'];
$t_attachment['size'] = $row['filesize'];
$t_attachment['content_type'] = $row['file_type'];
$t_attachment['date_submitted'] = timestamp_to_iso8601($row['date_added']);
$t_attachment['download_url'] = mci_get_mantis_path() . 'file_download.php?file_id=' . $row['id'] . '&type=doc';
$t_result[] = $t_attachment;
}
return $t_result;
}
/**
* Check if the user can upload files for this bug
* return true if they can, false otherwise
* the user defaults to the current user
*
* if the bug null (the default) we answer whether the user can
* upload a file to a new bug in the current project
* @param integer $p_bug_id A bug identifier.
* @param integer $p_user_id A user identifier.
* @return boolean
*/
function file_allow_bug_upload($p_bug_id = null, $p_user_id = null)
{
if (null === $p_user_id) {
$p_user_id = auth_get_current_user_id();
}
# If uploads are disbled just return false
if (!file_is_uploading_enabled()) {
return false;
}
if (null === $p_bug_id) {
# new bug
$t_project_id = helper_get_current_project();
# the user must be the reporter if they're reporting a new bug
$t_reporter = true;
} else {
# existing bug
$t_project_id = bug_get_field($p_bug_id, 'project_id');
# check if the user is the reporter of the bug
$t_reporter = bug_is_user_reporter($p_bug_id, $p_user_id);
}
if ($t_reporter && ON == config_get('allow_reporter_upload')) {
return true;
}
# Check the access level against the config setting
return access_has_project_level(config_get('upload_bug_file_threshold'), $t_project_id, $p_user_id);
}
function file_allow_bug_upload($p_bug_id = null, $p_user_id = null)
{
if (null === $p_user_id) {
$p_user_id = auth_get_current_user_id();
}
# If uploads are disbled just return false
if (!file_is_uploading_enabled()) {
return false;
}
if (null === $p_bug_id) {
# new bug
$t_project_id = helper_get_current_project();
# If reporting a new bug, the user is the reporter by definition
$t_is_reporter = true;
} else {
# existing bug
$t_project_id = bug_get_field($p_bug_id, 'project_id');
# check if the user is the reporter of the bug
# and still has reporter access to it
$t_is_reporter = bug_is_user_reporter($p_bug_id, $p_user_id) && access_has_bug_level(config_get('report_bug_threshold'), $p_bug_id, $p_user_id);
}
# Check the access level against the config setting
$t_can_upload = $t_is_reporter && ON == config_get('allow_reporter_upload') || access_has_project_level(config_get('upload_bug_file_threshold'), $t_project_id, $p_user_id);
return $t_can_upload;
}
/**
* MantisBT Core API's
*/
require_once( 'core.php' );
require_api( 'access_api.php' );
require_api( 'config_api.php' );
require_api( 'file_api.php' );
require_api( 'form_api.php' );
require_api( 'html_api.php' );
require_api( 'lang_api.php' );
require_api( 'utility_api.php' );
# Check if project documentation feature is enabled.
if ( OFF == config_get( 'enable_project_documentation' ) ||
!file_is_uploading_enabled() ||
!file_allow_project_upload() ) {
access_denied();
}
access_ensure_project_level( config_get( 'upload_project_file_threshold' ) );
$t_max_file_size = (int)min( ini_get_number( 'upload_max_filesize' ), ini_get_number( 'post_max_size' ), config_get( 'max_file_size' ) );
html_page_top();
?>
<br />
<div>
<form method="post" enctype="multipart/form-data" action="proj_doc_add.php">
<?php echo form_security_field( 'proj_doc_add' ) ?>
/**
* Get the attachments that belong to the specified project.
*
* @param string $p_username The name of the user trying to access the versions.
* @param string $p_password The password of the user.
* @param integer $p_project_id The id of the project to retrieve the attachments for.
* @return array representing a ProjectAttachmentDataArray structure.
*/
function mc_project_get_attachments($p_username, $p_password, $p_project_id)
{
global $g_project_override;
$t_user_id = mci_check_login($p_username, $p_password);
if ($t_user_id === false) {
return mci_soap_fault_login_failed();
}
$g_project_override = $p_project_id;
# Check if project documentation feature is enabled.
if (OFF == config_get('enable_project_documentation') || !file_is_uploading_enabled()) {
return mci_soap_fault_access_denied($t_user_id);
}
if (!project_exists($p_project_id)) {
return SoapObjectsFactory::newSoapFault('Client', 'Project \'' . $p_project_id . '\' does not exist.');
}
if (!mci_has_readonly_access($t_user_id, $p_project_id)) {
return mci_soap_fault_access_denied($t_user_id);
}
$t_pub = VS_PUBLIC;
$t_priv = VS_PRIVATE;
$t_admin = config_get_global('admin_site_threshold');
if ($p_project_id == ALL_PROJECTS) {
# Select all the projects that the user has access to
$t_projects = user_get_accessible_projects($t_user_id);
} else {
# Select the specific project
$t_projects = array($p_project_id);
}
$t_projects[] = ALL_PROJECTS;
# add ALL_PROJECTS to the list of projects to fetch
$t_reqd_access = config_get('view_proj_doc_threshold');
if (is_array($t_reqd_access)) {
if (1 == count($t_reqd_access)) {
$t_access_clause = '= ' . array_shift($t_reqd_access) . ' ';
} else {
$t_access_clause = 'IN (' . implode(',', $t_reqd_access) . ')';
}
} else {
$t_access_clause = '>= ' . $t_reqd_access;
}
$t_query = 'SELECT pft.id, pft.project_id, pft.filename, pft.file_type, pft.filesize, pft.title, pft.description, pft.date_added, pft.user_id
FROM {project_file} pft
LEFT JOIN {project} pt ON pft.project_id = pt.id
LEFT JOIN {project_user_list} pult
ON pft.project_id = pult.project_id AND pult.user_id = ' . db_param() . '
LEFT JOIN {user} ut ON ut.id = ' . db_param() . '
WHERE pft.project_id in (' . implode(',', $t_projects) . ') AND
( ( ( pt.view_state = ' . db_param() . ' OR pt.view_state is null ) AND pult.user_id is null AND ut.access_level ' . $t_access_clause . ' ) OR
( ( pult.user_id = ' . db_param() . ' ) AND ( pult.access_level ' . $t_access_clause . ' ) ) OR
( ut.access_level = ' . db_param() . ' ) )
ORDER BY pt.name ASC, pft.title ASC';
$t_result = db_query($t_query, array($t_user_id, $t_user_id, $t_pub, $t_user_id, $t_admin));
$t_num_files = db_num_rows($t_result);
$t_attachments = array();
for ($i = 0; $i < $t_num_files; $i++) {
$t_row = db_fetch_array($t_result);
$t_attachment = array();
$t_attachment['id'] = $t_row['id'];
$t_attachment['filename'] = $t_row['filename'];
$t_attachment['title'] = $t_row['title'];
$t_attachment['description'] = $t_row['description'];
$t_attachment['size'] = $t_row['filesize'];
$t_attachment['content_type'] = $t_row['file_type'];
$t_attachment['date_submitted'] = SoapObjectsFactory::newDateTimeVar($t_row['date_added']);
$t_attachment['download_url'] = mci_get_mantis_path() . 'file_download.php?file_id=' . $t_row['id'] . '&type=doc';
$t_attachment['user_id'] = $t_row['user_id'];
$t_attachments[] = $t_attachment;
}
return $t_attachments;
}
