static function has_permission($folderID, $userObj, $db)
{
$permission = false;
$folder_owner = folder_utils::get_ownerID($folderID, $db);
if ($folder_owner == $userObj->get_user_ID()) {
return true;
}
$result = $db->prepare("SELECT idMod FROM folders_modules_staff WHERE folders_id = ?");
$result->bind_param('i', $folderID);
$result->execute();
$result->bind_result($idMod);
while ($result->fetch()) {
if ($userObj->is_staff_user_on_module($idMod)) {
$permission = true;
break;
}
}
$result->close();
return $permission;
}
<body>
<?php
require '../include/toprightmenu.inc';
echo draw_toprightmenu();
?>
<div id="content">
<div class="head_title">
<div><img src="../artwork/toprightmenu.gif" id="toprightmenu_icon" /></div>
<div class="breadcrumb"><a href="../index.php"><?php
echo $string['home'];
?>
</a>
<?php
if (isset($_GET['folder']) and $_GET['folder'] != '') {
echo '<img src="../artwork/breadcrumb_arrow.png" class="breadcrumb_arrow" alt="-" /><a href="../folder/index.php?folder=' . $_GET['folder'] . '">' . folder_utils::get_folder_name($_GET['folder'], $mysqli) . '</a>';
} elseif (isset($_GET['module']) and $_GET['module'] != '') {
echo '<img src="../artwork/breadcrumb_arrow.png" class="breadcrumb_arrow" alt="-" /><a href="../module/index.php?module=' . $_GET['module'] . '">' . module_utils::get_moduleid_from_id($_GET['module'], $mysqli) . '</a>';
}
echo '<img src="../artwork/breadcrumb_arrow.png" class="breadcrumb_arrow" alt="-" /><a href="../paper/details.php?paperID=' . $paperID . '">' . $paper_title . '</a></div>';
?>
<div class="page_title"><?php
echo $string['sctresponses'];
?>
</div>
</div>
<table cellspacing="0" cellpadding="2" border="0" style="width:100%">
<col width="40"><col>
<?php
//Capture reviewer data
if ($orig_folder_name == '') {
$msg = sprintf($string['furtherassistance'], $configObject->get('support_email'), $configObject->get('support_email'));
$notice->display_notice_and_exit($mysqli, $string['pagenotfound'], $msg, $string['pagenotfound'], '../artwork/page_not_found.png', '#C00000', true, true);
}
if (!folder_utils::has_permission($folder, $userObject, $mysqli)) {
$msg = sprintf($string['furtherassistance'], $configObject->get('support_email'), $configObject->get('support_email'));
$notice->display_notice_and_exit($mysqli, $string['pagenotfound'], $msg, $string['pagenotfound'], '../artwork/page_not_found.png', '#C00000', true, true);
}
$parent_list = folder_utils::get_parent_list($orig_folder_name, $userObject, $mysqli);
$module = '';
if (isset($_POST['submit'])) {
$folder_parent = folder_utils::get_folder_name($folder, $mysqli);
$new_folder_name = $folder_parent . ';' . $_POST['folder_name'];
$duplicate_folder = folder_utils::folder_exists($new_folder_name, $userObject, $mysqli);
if ($duplicate_folder == false) {
folder_utils::create_folder($new_folder_name, $userObject, $mysqli);
}
}
$folders_array = explode(';', $orig_folder_name);
$parts = count($folders_array) - 1;
?>
<!DOCTYPE html>
<html>
<head>
<meta http-equiv="X-UA-Compatible" content="IE=edge" />
<meta http-equiv="content-type" content="text/html;charset=<?php
echo $configObject->get('cfg_page_charset');
?>
" />
<title>Rogō<?php
// You should have received a copy of the GNU General Public License
// along with RogÅ. If not, see <http://www.gnu.org/licenses/>.
/**
*
* Delete a personal folder.
*
* @author Simon Wilkinson
* @version 1.0
* @copyright Copyright (c) 2014 The University of Nottingham
* @package
*/
require '../include/staff_auth.inc';
require '../include/errors.inc';
require '../classes/folderutils.class.php';
$folderID = check_var('folderID', 'POST', true, false, true);
if ($userObject->get_user_ID() != folder_utils::get_ownerID($folderID, $mysqli)) {
$msg = sprintf($string['furtherassistance'], $configObject->get('support_email'), $configObject->get('support_email'));
$notice->display_notice_and_exit($mysqli, $string['pagenotfound'], $msg, $string['pagenotfound'], '../artwork/page_not_found.png', '#C00000', true, true);
}
$result = $mysqli->prepare("SELECT name FROM folders WHERE id = ?");
$result->bind_param('i', $folderID);
$result->execute();
$result->bind_result($name);
$result->fetch();
$result->close();
$directories = explode(';', $name);
$parent = '';
if (count($directories) > 1) {
for ($i = 1; $i < count($directories); $i++) {
if ($parent == '') {
$parent = $directories[$i - 1];
$results->execute();
$results->bind_result($id, $title, $surname);
while ($results->fetch()) {
$user_list[$id] = $title . ' ' . $surname;
}
$results->close();
}
$reference_material = array();
$results = $mysqli->prepare("SELECT id, title FROM reference_material");
$results->execute();
$results->bind_result($id, $title);
while ($results->fetch()) {
$reference_material[$id] = $title;
}
$results->close();
$folders = folder_utils::get_all_folders($mysqli);
echo "<tr><th>" . $string['part'] . "</th><th>" . $string['old'] . "</th><th>" . $string['new'] . "</th><th>" . $string['date'] . "</th><th>" . $string['author'] . "</th></tr>";
// Changes retrieved at beginning of file
$rows = count($changes);
for ($i = 0; $i < $rows; $i++) {
$part = $changes[$i]['part'];
$old = $changes[$i]['old'];
$new = $changes[$i]['new'];
switch ($part) {
case 'startdate':
case 'enddate':
$old = date($configObject->get('cfg_long_date_php') . ' ' . $configObject->get('cfg_short_time_php'), $old);
$new = date($configObject->get('cfg_long_date_php') . ' ' . $configObject->get('cfg_short_time_php'), $new);
break;
case 'folder':
$old = format_folders($old, $folders);
