case 'ADD': $objComm->checkReadWriteAccess($type); if (isset($_REQUEST['btn_submit']) && $_REQUEST['btn_submit'] == 'save') { $objDoc = new document(); $objDoc->setDocument(); $objComm->redirect1('index.php?model=' . $model . '&type=' . $type); } break; case 'EDIT': $objComm->checkReadWriteAccess($type); $objDoc = new document(); if (isset($_REQUEST['btn_submit']) && $_REQUEST['btn_submit'] == 'update') { $objDoc->setDocument($_REQUEST); $objComm->redirect1('index.php?model=' . $model . '&action=edit&type=' . $type . '&id=' . $_REQUEST['pk_id'] . '&parent_id=' . $_REQUEST['parent_id']); } else { $row = $objDoc->getDocument($_REQUEST['id']); $objComm->checkReadWriteAccess($row->CreatedBy); } break; case 'DELETE': $objComm->checkReadWriteAccess($type); $objDoc = new document(); $objDoc->delDocument($_REQUEST['id']); $objComm->redirect1('index.php?model=' . $model . '&type=' . $type); break; default: $objDoc = new document(); $Records = $objDoc->getAllDocument($WorkGroupID); $strTree = $objDoc->makeHierarchy($type); break; }
<?php include_once dirname(__FILE__) . '/bootstrap.php'; $DocID = $_REQUEST['id']; $UserID = $_SESSION['site']['pm_row']->UserID; $WorkGroupID = $_SESSION['site']['pm_row']->WorkgroupID; $objDoc = new document(); $DocRow = $objDoc->getDocument($DocID); if ($_SESSION['admin']['pm_user_row']->IsAdmin == 1) { $objComm->downloadFile($DocRow->DocumentName, $DocRow->DocumentPath); } if ($DocRow->WorkgroupID == 0) { $objComm->downloadFile($DocRow->DocumentName, $DocRow->DocumentPath); } else { if ($DocRow->WorkgroupID == $WorkGroupID) { $objComm->downloadFile($DocRow->DocumentName, $DocRow->DocumentPath); } }