public function checkPermission($id_user, $acl = 'PR', $operation = '', $id_workorder = -1) { $system = System::getInstance(); $permission = false; if (dame_admin($id_user)) { $permission = true; } else { // Section access if ($system->checkACL($acl)) { // With this operations, the WO should have id if (($operation == "" || $operation == "view" || $operation == "update" || $operation == "delete") && $id_workorder > 0) { include_once $system->getConfig('homedir') . "/include/functions_workorders.php"; if ($operation == "delete") { $permission = get_workorder_acl($id_workorder, 'delete', $id_user); } else { $permission = get_workorder_acl($id_workorder, '', $id_user); } } else { $permission = true; } } } if (($operation == "view" || $operation == "update" || $operation == "delete") && $id_workorder <= 0) { $permission = false; } return $permission; }
public function checkPermission($id_user, $acl = 'PR') { $system = System::getInstance(); $permission = false; if (dame_admin($id_user)) { $permission = true; } else { // Section access if ($system->checkACL($acl)) { if ($operation == "delete") { if ($id_workorder > 0) { include_once $system->getConfig('homedir') . "/include/functions_workorders.php"; if ($operation == "delete") { $permission = get_workorder_acl($id_workorder, 'delete', $id_user); } } } else { $permission = true; } } } return $permission; }
// modify it under the terms of the GNU General Public License // as published by the Free Software Foundation; version 2 // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. global $config; check_login (); include_once ('include/functions_projects.php'); $id = get_parameter("id"); if (! get_workorder_acl($id)) { no_permission(); } $add_note = get_parameter("addnote"); $delete = get_parameter("delete"); echo '<h1>'.__('Add a note').'</h1>'; if ($add_note) { $note = get_parameter("note"); $now = print_mysql_timestamp(); $res = workorders_insert_note ($id, $config["id_user"], $note, $now);
$timestamp = date('Y-m-d H:i:s'); mysql_query ("INSERT INTO tdownload_tracking (id_download, id_user, date) VALUES ($id_attachment, 'anonymous','$timestamp')"); $data = get_db_row ("tdownload", "external_id", $id_attachment ); $data["location"] = safe_output($data["location"]); $fileLocation = $config["homedir"]."/".$data["location"]; $short_name = preg_split ("/\//", $data["location"]); $last_name = $short_name[sizeof($short_name)-1]; break; case "workorder": $data = get_db_row ("tattachment", "id_attachment", $id_attachment); $todo = get_db_row ("ttodo", "id", $data["id_todo"]); if (! get_workorder_acl($todo["id"])) { audit_db($config["id_user"],$config["REMOTE_ADDR"], "ACL Violation","Trying to access Downloads browser"); require ($general_error); exit; } $data["filename"] = safe_output($data["filename"]); $fileLocation = $config["homedir"]."/attachment/".$data["id_attachment"]."_".$data["filename"]; $last_name = $data["filename"]; break; case "kb": $data = get_db_row ("tattachment", "id_attachment", $id_attachment); if (! check_kb_item_accessibility($config["id_user"], $id_attachment)) { audit_db($config["id_user"],$config["REMOTE_ADDR"], "ACL Violation","Trying to access Downloads browser");