} if (!$ERROR || !$NOTICE) { $ERROR++; $ERRORSTR[] = "<strong>Unable to download the selected file.</strong><br /><br />The file you have selected cannot be downloaded at this time, " . ($LOGGED_IN ? "please try again later." : "Please log in to continue."); } if ($NOTICE) { echo display_notice(); } if ($ERROR) { echo display_error(); } } else { if (shares_file_module_access($RECORD_ID, "view-file")) { $BREADCRUMB[] = array("url" => COMMUNITY_URL . $COMMUNITY_URL . ":" . $PAGE_URL . "?section=view-folder&id=" . $file_record["cshare_id"], "title" => limit_chars($file_record["folder_title"], 32)); $BREADCRUMB[] = array("url" => COMMUNITY_URL . $COMMUNITY_URL . ":" . $PAGE_URL . "?section=view-file&id=" . $RECORD_ID, "title" => limit_chars($file_record["file_title"], 32)); $ADD_COMMENT = shares_module_access($file_record["cshare_id"], "add-comment"); $ADD_REVISION = shares_file_module_access($file_record["csfile_id"], "add-revision"); $MOVE_FILE = shares_file_module_access($file_record["csfile_id"], "move-file"); $NAVIGATION = shares_file_navigation($file_record["cshare_id"], $RECORD_ID); $community_shares_select = community_shares_in_select($file_record["cshare_id"]); ?> <script type="text/javascript"> function commentDelete(id) { Dialog.confirm('Do you really wish to deactivate this comment on the '+ $('file-<?php echo $RECORD_ID; ?> -title').innerHTML +' file?<br /><br />If you confirm this action, you will be deactivating this comment.', { id: 'requestDialog', width: 350, height: 165,
jQuery(function($) { var file_views_table = $("#file-views-table").DataTable({ "bPaginate": false, "bInfo": false, "bFilter": false }); }); </script> <?php } ?> </div> <?php } else { $NOTICE++; $NOTICESTR[] = "<strong>No files in this shared folder.</strong><br /><br />" . (shares_module_access($RECORD_ID, "add-file") ? "If you would like to upload a new file, <a href=\"" . COMMUNITY_URL . $COMMUNITY_URL . ":" . $PAGE_URL . "?section=add-file&id=" . $RECORD_ID . "\">click here</a>." : "Please check back later."); echo display_notice(); } ?> </div> <?php if ($LOGGED_IN) { add_statistic("community:" . $COMMUNITY_ID . ":shares", "folder_view", "cshare_id", $RECORD_ID); } } else { if ($ERROR) { echo display_error(); } if ($NOTICE) { echo display_notice(); }
function community_module_permissions_check($proxy_id, $module, $module_section, $record_id) { global $db, $COMMUNITY_ID, $LOGGED_IN, $COMMUNITY_MEMBER, $COMMUNITY_ADMIN, $NOTICE, $NOTICESTR, $ERROR, $ERRORSTR, $PAGE_ID; switch ($module) { case "discussions": require_once COMMUNITY_ABSOLUTE . "/modules/discussions.inc.php"; return discussion_module_access($record_id, "view-post"); break; case "galleries": require_once COMMUNITY_ABSOLUTE . "/modules/galleries.inc.php"; return galleries_module_access($record_id, "view-photo"); break; case "shares": require_once COMMUNITY_ABSOLUTE . "/modules/shares.inc.php"; return shares_module_access($record_id, "view-file"); break; case "polls": require_once COMMUNITY_ABSOLUTE . "/modules/polls.inc.php"; return polls_module_access($record_id, "view-poll"); break; default: return true; break; } }
/** * This function handles granular permissions levels (where as communities_module_access handles higer level permissions) * for the actual file version. * * @param int $csfversion_id * @param string $section * @return bool */ function shares_file_version_module_access($csfversion_id = 0, $section = "") { global $db, $COMMUNITY_ID, $LOGGED_IN, $COMMUNITY_MEMBER, $COMMUNITY_ADMIN, $NOTICE, $NOTICESTR, $ERROR, $ERRORSTR, $ENTRADA_USER; $allow_to_load = false; if ((bool) $LOGGED_IN && (bool) $COMMUNITY_MEMBER && (bool) $COMMUNITY_ADMIN) { $allow_to_load = true; } else { if ($csfversion_id = (int) $csfversion_id) { $query = "SELECT * FROM `community_share_file_versions` WHERE `csfversion_id` = " . $db->qstr($csfversion_id) . " AND `community_id` = " . $db->qstr($COMMUNITY_ID); $result = $db->CacheGetRow(CACHE_TIMEOUT, $query); if ($result) { if ($allow_to_load = shares_module_access($result["cshare_id"], $section)) { switch ($section) { case "delete-revision": if ($ENTRADA_USER->getActiveId() != (int) $result["proxy_id"]) { $allow_to_load = false; } break; default: continue; break; } } } } if ($allow_to_load) { if ((int) $result["file_active"]) { /** * You're good to go, no further checks at this time. * If you need to add more checks, this is there they would go. */ } else { $NOTICE++; $NOTICESTR[] = "This file revision was deactivated <strong>" . date(DEFAULT_DATE_FORMAT, $result["updated_date"]) . "</strong> by <strong>" . html_encode(get_account_data("firstlast", $result["updated_by"])) . "</strong>.<br /><br />If there has been a mistake or you have questions relating to this issue please contact the MEdTech Unit directly."; $allow_to_load = false; } } else { if (!$ERROR) { $ERROR++; $ERRORSTR[] = "You do not have access to this file revision.<br /><br />If you believe there has been a mistake, please contact a community administrator for assistance."; } } } return $allow_to_load; }
exit; } elseif (!$COMMUNITY_LOAD) { exit; } $HEAD[] = "<link href=\"" . ENTRADA_URL . "/javascript/calendar/css/xc2_default.css?release=" . html_encode(APPLICATION_VERSION) . "\" rel=\"stylesheet\" type=\"text/css\" media=\"all\" />"; $HEAD[] = "<script type=\"text/javascript\" src=\"" . ENTRADA_URL . "/javascript/calendar/config/xc2_default.js?release=" . html_encode(APPLICATION_VERSION) . "\"></script>"; $HEAD[] = "<script type=\"text/javascript\" src=\"" . ENTRADA_URL . "/javascript/calendar/script/xc2_inpage.js?release=" . html_encode(APPLICATION_VERSION) . "\"></script>"; $HEAD[] = "<script type=\"text/javascript\" src=\"" . COMMUNITY_URL . "/javascript/shares.js?release=" . html_encode(APPLICATION_VERSION) . "\"></script>"; echo "<h1>Upload File</h1>\n"; if ($RECORD_ID) { $query = "SELECT * FROM `community_shares` WHERE `cshare_id` = " . $db->qstr($RECORD_ID) . " AND `cpage_id` = " . $db->qstr($PAGE_ID) . " AND `community_id` = " . $db->qstr($COMMUNITY_ID); $folder_record = $db->GetRow($query); if ($folder_record) { $query = "SELECT COUNT(*) FROM `community_share_files` WHERE `cshare_id` = " . $db->qstr($RECORD_ID) . " AND `community_id` = " . $db->qstr($COMMUNITY_ID) . " AND `proxy_id` = " . $db->qstr($ENTRADA_USER->getActiveId()) . " AND `file_active` = 1"; if (!$db->GetOne($query) || $COMMUNITY_MEMBER && $folder_record["allow_member_read"] || !$COMMUNITY_MEMBER && $folder_record["allow_troll_read"] || $COMMUNITY_ADMIN) { if (shares_module_access($RECORD_ID, "add-file")) { $BREADCRUMB[] = array("url" => COMMUNITY_URL . $COMMUNITY_URL . ":" . $PAGE_URL . "?section=view-folder&id=" . $folder_record["cshare_id"], "title" => limit_chars($folder_record["folder_title"], 32)); $BREADCRUMB[] = array("url" => COMMUNITY_URL . $COMMUNITY_URL . ":" . $PAGE_URL . "?section=add-file&id=" . $RECORD_ID, "title" => "Upload File"); $file_uploads = array(); if (array_count_values($copyright_settings = (array) $translate->_("copyright")) > 1 && isset($copyright_settings["copyright-uploads"]) && strlen($copyright_settings["copyright-uploads"])) { $COPYRIGHT = true; } else { $COPYRIGHT = false; } // Error Checking switch ($STEP) { case 2: //var_dump($_FILES["uploaded_file"]); if (isset($_FILES["uploaded_file"]) && is_array($_FILES["uploaded_file"])) { foreach ($_FILES["uploaded_file"]["name"] as $tmp_file_id => $file_name) { switch ($_FILES["uploaded_file"]["error"][$tmp_file_id]) {
* @copyright Copyright 2010 Queen's University. All Rights Reserved. * */ if (!defined("COMMUNITY_INCLUDED") || !defined("IN_SHARES")) { exit; } elseif (!$COMMUNITY_LOAD) { exit; } $HEAD[] = "<script type=\"text/javascript\" src=\"" . COMMUNITY_URL . "/javascript/shares.js?release=" . html_encode(APPLICATION_VERSION) . "\"></script>"; echo "<h1>Add File Comment</h1>\n"; if ($RECORD_ID) { $query = "\n\t\t\t\t\tSELECT a.*, b.`folder_title`, b.`admin_notifications`\n\t\t\t\t\tFROM `community_share_files` AS a\n\t\t\t\t\tLEFT JOIN `community_shares` AS b\n\t\t\t\t\tON a.`cshare_id` = b.`cshare_id`\n\t\t\t\t\tWHERE a.`community_id` = " . $db->qstr($COMMUNITY_ID) . "\n\t\t\t\t\tAND a.`csfile_id` = " . $db->qstr($RECORD_ID) . "\n\t\t\t\t\tAND b.`cpage_id` = " . $db->qstr($PAGE_ID) . "\n\t\t\t\t\tAND a.`file_active` = '1'\n\t\t\t\t\tAND b.`folder_active` = '1'"; $file_record = $db->GetRow($query); if ($file_record) { if ((int) $file_record["file_active"]) { if (shares_module_access($file_record["cshare_id"], "add-comment")) { $BREADCRUMB[] = array("url" => COMMUNITY_URL . $COMMUNITY_URL . ":" . $PAGE_URL . "?section=view-folder&id=" . $file_record["cshare_id"], "title" => limit_chars($file_record["folder_title"], 32)); $BREADCRUMB[] = array("url" => COMMUNITY_URL . $COMMUNITY_URL . ":" . $PAGE_URL . "?section=view-file&id=" . $RECORD_ID, "title" => limit_chars($file_record["file_title"], 32)); $BREADCRUMB[] = array("url" => COMMUNITY_URL . $COMMUNITY_URL . ":" . $PAGE_URL . "?section=add-comment&id=" . $RECORD_ID, "title" => "Add File Comment"); communities_load_rte(); // Error Checking switch ($STEP) { case 2: /** * Required field "title" / Comment Title. */ if (isset($_POST["comment_title"]) && ($title = clean_input($_POST["comment_title"], array("notags", "trim")))) { $PROCESSED["comment_title"] = $title; } else { $PROCESSED["comment_title"] = ""; }