Example #1
0
$blid = getValue('blid', '-?[0-9]+', true);
$can_delete = false;
// until proven otherwise
$error = $name = $owner = $type = '';
$event_id = -1;
if ($is_admin) {
    $can_delete = true;
}
$res = dbi_execute(Doc::getSQLForDocId($blid));
if (!$res) {
    $error = db_error();
} else {
    if ($row = dbi_fetch_row($res)) {
        $doc = new Doc($row);
        $event_id = $doc->getEventId();
        $name = $doc->getName();
        $owner = $doc->getLogin();
        $type = $doc->getType();
        if ($owner == $login || user_is_assistant($login, $owner)) {
            $can_delete = true;
        }
    } else {
        // document not found
        $error = str_replace('XXX', $blid, translate('Invalid entry id XXX.'));
    }
    dbi_free_result($res);
}
if (empty($error) && !$can_delete && $event_id > 0) {
    // See if current user is creator of associated event
    $res = dbi_execute('SELECT cal_create_by FROM webcal_entry WHERE cal_id = ?', array($event_id));
    if ($res) {
Example #2
0
File: doc.php Project: rhertzog/lcs
    $error = translate('Invalid blob id');
} else {
    $res = dbi_execute(Doc::getSQLForDocId($blid));
    if (!$res) {
        $error = db_error();
    }
}
if (empty($error)) {
    $row = dbi_fetch_row($res);
    if (!$row) {
        $error = str_replace('XXX', $blid, $invalidIDStr);
    } else {
        $doc = new Doc($row);
        $description = $doc->getDescription();
        $filedata = $doc->getData();
        $filename = $doc->getName();
        $id = $doc->getId();
        $mimetype = $doc->getMimeType();
        $owner = $doc->getLogin();
        $size = $doc->getSize();
        $type = $doc->getType();
    }
    dbi_free_result($res);
}
// Make sure this user is allowed to look at this file.
// If the blob is associated with an event, then the user must be able
// to view the event in order to access this file.
// TODO: move all this code (and code in view_entry.php) to a common
// function named can_view_event or something similar.
$can_view = false;
$is_my_event = false;