Esempio n. 1
function filedepot_dispatcher($action)
    global $user;
    $filedepot = filedepot_filedepot();
    $nexcloud = filedepot_nexcloud();
    module_load_include('php', 'filedepot', 'lib-theme');
    module_load_include('php', 'filedepot', 'lib-ajaxserver');
    module_load_include('php', 'filedepot', 'lib-common');
    if (function_exists('timer_start')) {
    firelogmsg("AJAX Server code executing - action: {$action}");
    switch ($action) {
        case 'archive':
            if (isset($_GET['checked_files']) && isset($_GET['checked_folders'])) {
                module_load_include('php', 'filedepot', 'filedepot_archiver.class');
                $checked_files = json_decode($_GET['checked_files'], TRUE);
                $checked_folders = json_decode($_GET['checked_folders'], TRUE);
                $fa = new filedepot_archiver();
                $fa->addCheckedObjectArrays($checked_files, $checked_folders);
            } else {
                echo "Invalid Parameters";
        case 'getfilelisting':
            $cid = intval($_POST['cid']);
            if ($cid > 0) {
                if (db_query("SELECT count(*) FROM {filedepot_categories} WHERE cid=:cid", array(':cid' => $cid))->fetchField() == 1) {
                    $filedepot->ajaxBackgroundMode = TRUE;
            $reportmode = check_plain($_POST['reportmode']);
            $filedepot->activeview = $reportmode;
            $filedepot->cid = $cid;
            $cache = ctools_object_cache_set('filedepot', 'folder', $cid);
            $data = filedepotAjaxServer_getfilelisting();
        case 'getfolderlisting':
            $filedepot->ajaxBackgroundMode = TRUE;
            $cid = intval($_POST['cid']);
            $reportmode = check_plain($_POST['reportmode']);
            if ($cid > 0) {
                $cache = ctools_object_cache_set('filedepot', 'folder', $cid);
                $filedepot->cid = $cid;
                $filedepot->activeview = $reportmode;
                $data = filedepotAjaxServer_getfilelisting();
                firelogmsg("Completed generating FileListing");
            } else {
                $data = array('retcode' => 500);
        case 'getleftnavigation':
            $data = filedepotAjaxServer_generateLeftSideNavigation();
        case 'getmorefiledata':
            /** Need to use XML instead of JSON format for return data.
             * It's taking up to 1500ms to interpret (eval) the JSON data into an object in the client code
             * Parsing the XML is about 10ms
            $cid = intval($_POST['cid']);
            $level = intval($_POST['level']);
            $foldernumber = check_plain($_POST['foldernumber']);
            $filedepot->activeview = 'getmoredata';
            $filedepot->cid = $cid;
            $filedepot->lastRenderedFolder = $cid;
            $retval = '<result>';
            $retval .= '<retcode>200</retcode>';
            $retval .= '<displayhtml>' . htmlspecialchars(nexdocsrv_generateFileListing($cid, $level, $foldernumber), ENT_QUOTES, 'utf-8') . '</displayhtml>';
            $retval .= '</result>';
            firelogmsg("Completed generating AJAX return data - cid: {$cid}");
        case 'getmorefolderdata':
            /* Need to use XML instead of JSON format for return data.
               It's taking up to 1500ms to interpret (eval) the JSON data into an object in the client code
               Parsing the XML is about 10ms
            $cid = intval($_POST['cid']);
            $level = intval($_POST['level']);
            // Need to remove the last part of the passed in foldernumber as it's the incremental file number
            // Which we recalculate in template_preprocess_filelisting()
            $x = explode('.', check_plain($_POST['foldernumber']));
            $x2 = array_pop($x);
            $foldernumber = implode('.', $x);
            $filedepot->activeview = 'getmorefolderdata';
            $filedepot->cid = $cid;
            $filedepot->lastRenderedFolder = $cid;
            $retval = '<result>';
            $retval .= '<retcode>200</retcode>';
            $retval .= '<displayhtml>' . htmlspecialchars(nexdocsrv_generateFileListing($cid, $level, $foldernumber), ENT_QUOTES, 'utf-8') . '</displayhtml>';
            $retval .= '</result>';
            firelogmsg("Completed generating AJAX return data - cid: {$cid}");
        case 'rendernewfilefolderoptions':
            $cid = intval($_POST['cid']);
            $data['displayhtml'] = theme('filedepot_newfiledialog_folderoptions', array('cid' => $cid));
        case 'rendernewfolderform':
            $cid = intval($_POST['cid']);
            $data['displayhtml'] = theme('filedepot_newfolderdialog', array('cid' => $cid));
        case 'createfolder':
            $node = (object) array('uid' => $user->uid, 'name' => $user->name, 'type' => 'filedepot_folder', 'title' => $_POST['catname'], 'parentfolder' => intval($_POST['catparent']), 'folderdesc' => $_POST['catdesc'], 'inherit' => intval($_POST['catinherit']));
            if ($node->parentfolder == 0 and !user_access('administer filedepot')) {
                $data['errmsg'] = t('Error creating Folder - invalid parent folder');
                $data['retcode'] = 500;
            } else {
                if ($node->nid) {
                    $data['displaycid'] = $filedepot->cid;
                    $data['retcode'] = 200;
                } else {
                    $data['errmsg'] = t('Error creating Folder');
                    $data['retcode'] = 500;
        case 'deletefolder':
            $data = array();
            $cid = intval($_POST['cid']);
            $token = isset($_POST['token']) ? $_POST['token'] : NULL;
            if ($token == NULL || !drupal_valid_token($token, FILEDEPOT_TOKEN_FOLDERMGMT)) {
                $data['retcode'] = 403;
                // Forbidden
            } else {
                $query = db_query("SELECT cid,pid,nid FROM {filedepot_categories} WHERE cid=:cid", array(':cid' => $cid));
                $A = $query->fetchAssoc();
                if ($cid > 0 and $A['cid'] = $cid) {
                    if ($filedepot->checkPermission($cid, 'admin')) {
                        $filedepot->cid = $A['pid'];
                        // Set the new active directory to the parent folder
                        $data['retcode'] = 200;
                        $data['activefolder'] = theme('filedepot_activefolder');
                        $data['displayhtml'] = filedepot_displayFolderListing($filedepot->cid);
                        $data = filedepotAjaxServer_generateLeftSideNavigation($data);
                    } else {
                        $data['retcode'] = 403;
                        // Forbidden
                } else {
                    $data['retcode'] = 404;
                    // Not Found
        case 'updatefolder':
            $token = isset($_POST['token']) ? $_POST['token'] : NULL;
            if ($token == NULL || !drupal_valid_token($token, FILEDEPOT_TOKEN_FOLDERMGMT)) {
                $data['retcode'] = 403;
                // Forbidden
            } else {
                $data = filedepotAjaxServer_updateFolder();
        case 'setfolderorder':
            $cid = intval($_POST['cid']);
            $filedepot->cid = intval($_POST['listingcid']);
            $token = isset($_POST['ltoken']) ? $_POST['ltoken'] : NULL;
            if ($token == NULL || !drupal_valid_token($token, FILEDEPOT_TOKEN_LISTING)) {
                $data['retcode'] = 403;
                // Forbidden
            } else {
                if ($filedepot->checkPermission($cid, 'admin')) {
                    // Check and see if any subfolders don't yet have a order value - if so correct
                    $maxorder = 0;
                    $pid = db_query("SELECT pid FROM {filedepot_categories} WHERE cid=:cid", array(':cid' => $cid))->fetchField();
                    $maxquery = db_query_range("SELECT folderorder FROM {filedepot_categories} WHERE pid=:pid ORDER BY folderorder ASC", 0, 1, array(':pid' => $pid))->fetchField();
                    $next_folderorder = $maxorder + 10;
                    $query = db_query("SELECT cid FROM {filedepot_categories} WHERE pid=:pid AND folderorder = 0", array(':pid' => $pid));
                    while ($B = $query->fetchAssoc()) {
                        db_query("UPDATE {filedepot_categories} SET folderorder=:folderorder WHERE cid=:cid", array(':folderorder' => $next_folderorder, ':cid' => $B['cid']));
                        $next_folderorder += 10;
                    $itemquery = db_query("SELECT * FROM {filedepot_categories} WHERE cid=:cid", array(':cid' => $cid));
                    $retval = 0;
                    while ($A = $itemquery->fetchAssoc()) {
                        if ($_POST['direction'] == 'down') {
                            $sql = "SELECT folderorder FROM {filedepot_categories} WHERE pid=:pid ";
                            $sql .= "AND folderorder > :folderorder ORDER BY folderorder ASC ";
                            $nextorder = db_query_range($sql, 0, 1, array(':pid' => $A['pid'], ':folderorder' => $A['folderorder']))->fetchField();
                            if ($nextorder > $A['folderorder']) {
                                $folderorder = $nextorder + 5;
                            } else {
                                $folderorder = $A['folderorder'];
                            db_query("UPDATE {filedepot_categories} SET folderorder=:folderorder WHERE cid=:cid", array(':folderorder' => $folderorder, ':cid' => $cid));
                        } elseif ($_POST['direction'] == 'up') {
                            $sql = "SELECT folderorder FROM {filedepot_categories} WHERE pid=:pid ";
                            $sql .= "AND folderorder < :folderorder ORDER BY folderorder DESC ";
                            $nextorder = db_query_range($sql, 0, 1, array(':pid' => $A['pid'], ':folderorder' => $A['folderorder']))->fetchField();
                            $folderorder = $nextorder - 5;
                            if ($folderorder <= 0) {
                                $folderorder = 0;
                            db_query("UPDATE {filedepot_categories} SET folderorder=:folderorder WHERE cid=:cid", array(':folderorder' => $folderorder, ':cid' => $cid));
                    /* Re-order any folders that may have just been moved */
                    $query = db_query("SELECT cid,folderorder from {filedepot_categories} WHERE pid=:pid ORDER BY folderorder", array(':pid' => $pid));
                    $folderorder = 10;
                    $stepnumber = 10;
                    while ($A = $query->fetchAssoc()) {
                        if ($folderorder != $A['folderOrder']) {
                            db_query("UPDATE {filedepot_categories} SET folderorder=:folderorder WHERE cid=:cid", array(':folderorder' => $folderorder, ':cid' => $A['cid']));
                        $folderorder += $stepnumber;
                    $data['retcode'] = 200;
                    $data['displayhtml'] = filedepot_displayFolderListing($filedepot->cid);
                } else {
                    $data['retcode'] = 400;
        case 'updatefoldersettings':
            $cid = intval($_POST['cid']);
            $notifyadd = intval($_POST['fileadded_notify']);
            $notifychange = intval($_POST['filechanged_notify']);
            if ($user->uid > 0 and $cid >= 1) {
                // Update the personal folder notifications for user
                if (db_query("SELECT count(*) FROM {filedepot_notifications} WHERE cid=:cid AND uid=:uid", array(':cid' => $cid, ':uid' => $user->uid))->fetchField() == 0) {
                    $sql = "INSERT INTO {filedepot_notifications} (cid,cid_newfiles,cid_changes,uid,date) ";
                    $sql .= "VALUES (:cid,:notifyadd,:notifychange,:uid,:time)";
                    db_query($sql, array(':cid' => $cid, ':notifyadd' => $notifyadd, ':notifychange' => $notifychange, ':uid' => $user->uid, ':time' => time()));
                } else {
                    $sql = "UPDATE {filedepot_notifications} set cid_newfiles=:notifyadd, ";
                    $sql .= "cid_changes=:notifychange, date=:time ";
                    $sql .= "WHERE uid=:uid and cid=:cid";
                    db_query($sql, array(':notifyadd' => $notifyadd, ':notifychange' => $notifychange, ':time' => time(), ':uid' => $user->uid, ':cid' => $cid));
                $data['retcode'] = 200;
                $data['displayhtml'] = filedepot_displayFolderListing($filedepot->cid);
            } else {
                $data['retcode'] = 500;
        case 'loadfiledetails':
            $data = filedepotAjaxServer_loadFileDetails();
        case 'refreshfiledetails':
            $reportmode = check_plain($_POST['reportmode']);
            $fid = intval($_POST['id']);
            $cid = db_query("SELECT cid FROM {filedepot_files} WHERE fid=:fid", array(':fid' => $fid))->fetchField();
            if ($filedepot->checkPermission($cid, 'view')) {
                $data['retcode'] = 200;
                $data['fid'] = $fid;
                $data['displayhtml'] = theme('filedepot_filedetail', array('fid' => $fid, 'reportmode' => $reportmode));
            } else {
                $data['retcode'] = 400;
                $data['error'] = t('Invalid access');
        case 'updatenote':
            $fid = intval($_POST['fid']);
            $version = intval($_POST['version']);
            $note = check_plain($_POST['note']);
            $reportmode = check_plain($_POST['reportmode']);
            $token = isset($_POST['ftoken']) ? $_POST['ftoken'] : NULL;
            if ($token == NULL || !drupal_valid_token($token, FILEDEPOT_TOKEN_FILEDETAILS)) {
                $data['retcode'] = 403;
                // forbidden
            } elseif ($fid > 0) {
                db_query("UPDATE {filedepot_fileversions} SET notes=:notes WHERE fid=:fid and version=:version", array(':notes' => $note, ':fid' => $fid, ':version' => $version));
                $data['retcode'] = 200;
                $data['fid'] = $fid;
                $data['displayhtml'] = theme('filedepot_filedetail', array('fid' => $fid, 'reportmode' => $reportmode));
            } else {
                $data['retcode'] = 400;
        case 'getfolderperms':
            $cid = intval($_POST['cid']);
            if ($cid > 0) {
                if ($filedepot->ogenabled) {
                    $data['html'] = theme('filedepot_folderperms_ogenabled', array('cid' => $cid, 'token' => drupal_get_token(FILEDEPOT_TOKEN_FOLDERPERMS)));
                } else {
                    $data['html'] = theme('filedepot_folderperms', array('cid' => $cid, 'token' => drupal_get_token(FILEDEPOT_TOKEN_FOLDERPERMS)));
                $data['retcode'] = 200;
            } else {
                $data['retcode'] = 404;
        case 'delfolderperms':
            $id = intval($_POST['id']);
            $token = isset($_POST['token']) ? $_POST['token'] : NULL;
            if ($token == NULL || !drupal_valid_token($token, FILEDEPOT_TOKEN_FOLDERPERMS)) {
                $data['retcode'] = 403;
                // forbidden
            } elseif ($id > 0) {
                $query = db_query("SELECT catid, permtype, permid FROM  {filedepot_access} WHERE accid=:accid", array(':accid' => $id));
                $A = $query->fetchAssoc();
                if ($filedepot->checkPermission($A['catid'], 'admin')) {
                    db_delete('filedepot_access')->condition('accid', $id)->execute();
                    db_update('filedepot_usersettings')->fields(array('allowable_view_folders' => ''))->execute();
                    // For this folder - I need to update the access metrics now that a permission has been removed
                    if ($filedepot->ogenabled) {
                        $data['html'] = theme('filedepot_folderperms_ogenabled', array('cid' => $A['catid'], 'token' => drupal_get_token(FILEDEPOT_TOKEN_FOLDERPERMS)));
                    } else {
                        $data['html'] = theme('filedepot_folderperms', array('cid' => $A['catid'], 'token' => drupal_get_token(FILEDEPOT_TOKEN_FOLDERPERMS)));
                    $data['retcode'] = 200;
                } else {
                    $data['retcode'] = 403;
                    // Forbidden
            } else {
                $data['retcode'] = 404;
                // Not Found
        case 'addfolderperm':
            $cid = intval($_POST['catid']);
            $token = isset($_POST['token']) ? $_POST['token'] : NULL;
            if (!isset($_POST['cb_access'])) {
                $data['retcode'] = 204;
                // No permission options selected - return 'No content' statuscode
            } elseif ($token == NULL || !drupal_valid_token($token, FILEDEPOT_TOKEN_FOLDERPERMS)) {
                $data['retcode'] = 403;
                // forbidden
            } elseif ($filedepot->updatePerms($cid, $_POST['cb_access'], $_POST['selusers'], $_POST['selgroups'], $_POST['selroles'])) {
                if (is_array($_POST['selroles']) and count($_POST['selroles']) > 0) {
                    foreach ($_POST['selroles'] as $roleid) {
                        $roleid = intval($roleid);
                        if ($roleid > 0) {
                if ($filedepot->ogenabled) {
                    if (is_array($_POST['selgroups']) and count($_POST['selgroups']) > 0) {
                        foreach ($_POST['selgroups'] as $groupid) {
                            $groupid = intval($groupid);
                            if ($groupid > 0) {
                    $data['html'] = theme('filedepot_folderperms_ogenabled', array('cid' => $cid, 'token' => drupal_get_token(FILEDEPOT_TOKEN_FOLDERPERMS)));
                } else {
                    $data['html'] = theme('filedepot_folderperms', array('cid' => $cid, 'token' => drupal_get_token(FILEDEPOT_TOKEN_FOLDERPERMS)));
                $data['retcode'] = 200;
            } else {
                $data['retcode'] = 403;
                // Forbidden
        case 'updatefile':
            $fid = intval($_POST['id']);
            $folder_id = intval($_POST['folder']);
            $version = intval($_POST['version']);
            $filetitle = $_POST['filetitle'];
            $description = $_POST['description'];
            $vernote = $_POST['version_note'];
            $approved = check_plain($_POST['approved']);
            $tags = $_POST['tags'];
            $data = array();
            $data['tagerror'] = '';
            $data['errmsg'] = '';
            $token = isset($_POST['ftoken']) ? $_POST['ftoken'] : NULL;
            if ($token == NULL || !drupal_valid_token($token, FILEDEPOT_TOKEN_FILEDETAILS)) {
                $data['retcode'] = 403;
                // forbidden
                $data['errmsg'] = t('Invalid request');
            } elseif ($_POST['cid'] == 'incoming' and $fid > 0) {
                $filemoved = FALSE;
                $sql = "UPDATE {filedepot_import_queue} SET orig_filename=:filename, description=:description,";
                $sql .= "version_note=:notes WHERE id=:fid";
                db_query($sql, array(':filename' => $filetitle, ':description' => $description, ':notes' => $vernote, ':fid' => $fid));
                $data['retcode'] = 200;
                if ($folder_id > 0 and $filedepot->moveIncomingFile($fid, $folder_id)) {
                    $filemoved = TRUE;
                    $filedepot->activeview = 'incoming';
                    $data = filedepotAjaxServer_generateLeftSideNavigation($data);
                    $data['displayhtml'] = filedepot_displayFolderListing();
            } elseif ($fid > 0) {
                $filemoved = FALSE;
                if ($approved == 0) {
                    $sql = "UPDATE {filedepot_filesubmissions} SET title=:title, description=:description,";
                    $sql .= "version_note=:notes, cid=:cid, tags=:tags WHERE id=:fid;";
                    db_query($sql, array(':title' => $filetitle, ':description' => $description, ':notes' => $vernote, ':cid' => $folder_id, ':tags' => $tags, ':fid' => $fid));
                    $data['cid'] = $folder_id;
                    $data['tags'] = '';
                } else {
                    $query = db_query("SELECT fname,cid,version,submitter FROM {filedepot_files} WHERE fid=:fid", array(':fid' => $fid));
                    list($fname, $cid, $current_version, $submitter) = array_values($query->fetchAssoc());
                    // Allow updating the category, title, description and image for the current version and primary file record
                    if ($version == $current_version) {
                        db_query("UPDATE {filedepot_files} SET title=:title,description=:desc,date=:time WHERE fid=:fid", array(':title' => $filetitle, ':desc' => $description, ':time' => time(), ':fid' => $fid));
                        // Test if user has selected a different directory and if they have perms then move else return FALSE;
                        if ($folder_id > 0) {
                            $newcid = $folder_id;
                            if ($cid != $newcid) {
                                $filemoved = $filedepot->moveFile($fid, $newcid);
                                if ($filemoved == FALSE) {
                                    $data['errmsg'] = t('Error moving file');
                            $data['cid'] = $newcid;
                        } else {
                            $data['cid'] = $cid;
                        // Format tags will check this to format tags in case we are doing a search which we are not in this case.
                        $data['tags'] = filedepot_formatfiletags($tags);
                    db_query("UPDATE {filedepot_fileversions} SET notes=:notes WHERE fid=:fid and version=:version", array(':notes' => $vernote, ':fid' => $fid, ':version' => $version));
                    // Update the file tags if role or group permission set -- we don't support tag access perms at the user level.
                    if ($filedepot->checkPermission($folder_id, 'view', 0, FALSE)) {
                        if ($filedepot->checkPermission($folder_id, 'admin', 0, FALSE) or $user->uid == $submitter) {
                            $admin = TRUE;
                        } else {
                            $admin = FALSE;
                        if (!$nexcloud->update_tags($fid, $tags, $admin)) {
                            $data['tagerror'] = t('Tags not added - Group or Role assigned view perms required');
                            $data['tags'] = '';
                    } else {
                        $data['tagerror'] = t('Problem adding or updating tags');
                        $data['tags'] = '';
                $data['retcode'] = 200;
                $data['tagcloud'] = theme('filedepot_tagcloud');
            } else {
                $data['retcode'] = 500;
                $data['errmsg'] = t('Invalid File');
            $data['description'] = nl2br(filter_xss($description));
            $data['fid'] = $fid;
            $data['filename'] = filter_xss($filetitle);
            $data['filemoved'] = $filemoved;
        case 'deletefile':
            $fid = intval($_POST['fid']);
            $token = isset($_POST['ftoken']) ? $_POST['ftoken'] : NULL;
            if ($token == NULL || !drupal_valid_token($token, FILEDEPOT_TOKEN_FILEDETAILS)) {
                $data['retcode'] = 403;
                // forbidden
            } elseif ($user->uid > 0 and $fid > 0) {
                $data = filedepotAjaxServer_deleteFile($fid);
            } else {
                $data['retcode'] = 500;
        case 'deletecheckedfiles':
            $token = isset($_POST['ltoken']) ? $_POST['ltoken'] : NULL;
            if ($token == NULL || !drupal_valid_token($token, FILEDEPOT_TOKEN_LISTING)) {
                $data['retcode'] = 403;
                // forbidden
            } elseif ($user->uid > 0) {
                $data = filedepotAjaxServer_deleteCheckedFiles();
            } else {
                $data['retcode'] = 500;
        case 'deleteversion':
            $fid = intval($_POST['fid']);
            $version = intval($_POST['version']);
            $reportmode = check_plain($_POST['reportmode']);
            $token = isset($_POST['ftoken']) ? $_POST['ftoken'] : NULL;
            if ($token == NULL || !drupal_valid_token($token, FILEDEPOT_TOKEN_FILEDETAILS)) {
                $data['retcode'] = 403;
                // forbidden
            } elseif ($fid > 0 and $version > 0) {
                if ($filedepot->deleteVersion($fid, $version)) {
                    $data['retcode'] = 200;
                    $data['fid'] = $fid;
                    $data['displayhtml'] = theme('filedepot_filedetail', array('fid' => $fid, 'reportmode' => $reportmode));
                } else {
                    $data['retcode'] = 400;
            } else {
                $data['retcode'] = 400;
        case 'togglefavorite':
            $id = intval($_POST['id']);
            $token = isset($_POST['ltoken']) ? $_POST['ltoken'] : NULL;
            if ($token == NULL || !drupal_valid_token($token, FILEDEPOT_TOKEN_LISTING)) {
                $data['retcode'] = 403;
                // forbidden
            } elseif ($user->uid > 0 and $id >= 1) {
                if (db_query("SELECT count(fid) FROM {filedepot_favorites} WHERE uid=:uid AND fid=:fid", array(':uid' => $user->uid, ':fid' => $id))->fetchField() > 0) {
                    $data['favimgsrc'] = base_path() . drupal_get_path('module', 'filedepot') . '/css/images/' . $filedepot->getFileIcon('favorite-off');
                    db_query("DELETE FROM {filedepot_favorites} WHERE uid=:uid AND fid=:fid", array(':uid' => $user->uid, ':fid' => $id));
                } else {
                    $data['favimgsrc'] = base_path() . drupal_get_path('module', 'filedepot') . '/css/images/' . $filedepot->getFileIcon('favorite-on');
                    db_query("INSERT INTO {filedepot_favorites} (uid,fid) VALUES (:uid,:fid)", array(':uid' => $user->uid, ':fid' => $id));
                $data['retcode'] = 200;
            } else {
                $data['retcode'] = 400;
        case 'markfavorite':
            $token = isset($_POST['ltoken']) ? $_POST['ltoken'] : NULL;
            if ($token == NULL || !drupal_valid_token($token, FILEDEPOT_TOKEN_LISTING)) {
                $data['retcode'] = 403;
                // forbidden
            } elseif ($user->uid > 0) {
                $cid = intval($_POST['cid']);
                $reportmode = check_plain($_POST['reportmode']);
                $fileitems = check_plain($_POST['checkeditems']);
                $files = explode(',', $fileitems);
                $filedepot->cid = $cid;
                $filedepot->activeview = $reportmode;
                foreach ($files as $id) {
                    if ($id > 0 and db_query("SELECT COUNT(*) FROM {filedepot_favorites} WHERE uid=:uid AND fid=:fid", array(':uid' => $user->uid, ':fid' => $id))->fetchField() == 0) {
                        db_query("INSERT INTO {filedepot_favorites} (uid,fid) VALUES (:uid,:fid)", array(':uid' => $user->uid, 'fid' => $id));
                $data['retcode'] = 200;
                $data['displayhtml'] = filedepot_displayFolderListing($cid);
        case 'clearfavorite':
            $token = isset($_POST['ltoken']) ? $_POST['ltoken'] : NULL;
            if ($token == NULL || !drupal_valid_token($token, FILEDEPOT_TOKEN_LISTING)) {
                $data['retcode'] = 403;
                // forbidden
            } elseif ($user->uid > 0) {
                $cid = intval($_POST['cid']);
                $reportmode = check_plain($_POST['reportmode']);
                $fileitems = check_plain($_POST['checkeditems']);
                $files = explode(',', $fileitems);
                $filedepot->cid = $cid;
                $filedepot->activeview = $reportmode;
                foreach ($files as $id) {
                    if ($id > 0 and db_query("SELECT COUNT(*) FROM {filedepot_favorites} WHERE uid=:uid AND fid=:fid", array(':uid' => $user->uid, ':fid' => $id))->fetchField() == 1) {
                        db_query("DELETE FROM {filedepot_favorites} WHERE uid=:uid AND fid=:fid", array(':uid' => $user->uid, ':fid' => $id));
                $data['retcode'] = 200;
                $data['displayhtml'] = filedepot_displayFolderListing($cid);
        case 'togglelock':
            $fid = intval($_POST['fid']);
            $token = isset($_POST['ftoken']) ? $_POST['ftoken'] : NULL;
            if ($token == NULL || !drupal_valid_token($token, FILEDEPOT_TOKEN_FILEDETAILS)) {
                $data['error'] = t('Error locking file');
            } else {
                $data['error'] = '';
                $data['fid'] = $fid;
                $query = db_query("SELECT status FROM {filedepot_files} WHERE fid=:fid", array(':fid' => $fid));
                if ($query) {
                    list($status) = array_values($query->fetchAssoc());
                    if ($status == 1) {
                        db_query("UPDATE {filedepot_files} SET status='2', status_changedby_uid=:uid WHERE fid=:fid", array(':uid' => $user->uid, ':fid' => $fid));
                        $stat_user = db_query("SELECT name FROM {users} WHERE uid=:uid", array(':uid' => $user->uid))->fetchField();
                        $data['message'] = 'File Locked successfully';
                        $data['locked_message'] = '* ' . t('Locked by %name', array('%name' => $stat_user));
                        $data['locked'] = TRUE;
                    } else {
                        db_query("UPDATE {filedepot_files} SET status='1', status_changedby_uid=:uid WHERE fid=:fid", array(':uid' => $user->uid, ':fid' => $fid));
                        $data['message'] = 'File Un-Locked successfully';
                        $data['locked'] = FALSE;
                } else {
                    $data['error'] = t('Error locking file');
        case 'movecheckedfiles':
            $token = isset($_POST['ltoken']) ? $_POST['ltoken'] : NULL;
            if ($token == NULL || !drupal_valid_token($token, FILEDEPOT_TOKEN_LISTING)) {
                $data['retcode'] = 403;
                // forbidden
            } elseif ($user->uid > 0) {
                $data = filedepotAjaxServer_moveCheckedFiles();
            } else {
                $data['retcode'] = 500;
        case 'rendermoveform':
            $data['displayhtml'] = theme('filedepot_movefiles_form');
        case 'rendermoveincoming':
            $data['displayhtml'] = theme('filedepot_moveincoming_form');
        case 'togglesubscribe':
            $fid = intval($_POST['fid']);
            $cid = intval($_POST['cid']);
            $token = isset($_POST['ftoken']) ? $_POST['ftoken'] : NULL;
            if ($token == NULL || !drupal_valid_token($token, FILEDEPOT_TOKEN_FILEDETAILS)) {
                $data['error'] = t('Error subscribing');
            } else {
                global $base_url;
                $data['error'] = '';
                $data['fid'] = $fid;
                $ret = filedepotAjaxServer_updateFileSubscription($fid, 'toggle');
                // @TODO: Notifyicon does not appear to be implemented
                if ($ret['retcode'] === TRUE) {
                    $data['retcode'] = 200;
                    if ($ret['subscribed'] === TRUE) {
                        $data['subscribed'] = TRUE;
                        $data['message'] = 'You will be notified of any new versions of this file';
                        $path = drupal_get_path('module', 'filedepot') . '/css/images/email-green.gif';
                        $data['notifyicon'] = $base_url . '/' . $path;
                        $data['notifymsg'] = 'Notification Enabled - Click to change';
                    } elseif ($ret['subscribed'] === FALSE) {
                        $data['subscribed'] = FALSE;
                        $data['message'] = 'You will not be notified of any new versions of this file';
                        $path = drupal_get_path('module', 'filedepot') . '/css/images/email-regular.gif';
                        $data['notifyicon'] = $base_url . '/' . $path;
                        $data['notifymsg'] = 'Notification Disabled - Click to change';
                } else {
                    $data['error'] = t('Error accessing file record');
                    $data['retcode'] = 404;
        case 'updatenotificationsettings':
            if ($user->uid > 0) {
                if (db_query("SELECT count(uid) FROM {filedepot_usersettings} WHERE uid=:uid", array(':uid' => $user->uid))->fetchField() == 0) {
                    db_query("INSERT INTO {filedepot_usersettings} (uid) VALUES ( :uid )", array(':uid' => $user->uid));
                $sql = "UPDATE {filedepot_usersettings} SET notify_newfile=:newfile,notify_changedfile=:changefile,allow_broadcasts=:broadcast WHERE uid=:uid";
                db_query($sql, array(':newfile' => $_POST['fileadded_notify'], ':changefile' => $_POST['fileupdated_notify'], ':broadcast' => $_POST['admin_broadcasts'], ':uid' => $user->uid));
                $data['retcode'] = 200;
                $data['displayhtml'] = theme('filedepot_notifications');
            } else {
                $data['retcode'] = 500;
        case 'deletenotification':
            $id = intval($_POST['id']);
            if ($user->uid > 0 and $id > 0) {
                db_query("DELETE FROM {filedepot_notifications} WHERE id=:id AND uid=:uid", array(':id' => $id, ':uid' => $user->uid));
                $data['retcode'] = 200;
                $data['displayhtml'] = theme('filedepot_notifications');
            } else {
                $data['retcode'] = 500;
        case 'clearnotificationlog':
            db_query("DELETE FROM {filedepot_notificationlog} WHERE target_uid=:uid", array(':uid' => $user->uid));
            $data['retcode'] = 200;
        case 'multisubscribe':
            $token = isset($_POST['ltoken']) ? $_POST['ltoken'] : NULL;
            if ($token == NULL || !drupal_valid_token($token, FILEDEPOT_TOKEN_LISTING)) {
                $data['retcode'] = 403;
                // forbidden
            } elseif ($user->uid > 0) {
                $reportmode = check_plain($_POST['reportmode']);
                $fileitems = check_plain($_POST['checkeditems']);
                $folderitems = check_plain($_POST['checkedfolders']);
                $filedepot->cid = intval($_POST['cid']);
                $filedepot->activeview = check_plain($_POST['reportmode']);
                if (!empty($fileitems)) {
                    $files = explode(',', $fileitems);
                    foreach ($files as $fid) {
                        filedepotAjaxServer_updateFileSubscription($fid, 'add');
                if (!empty($folderitems)) {
                    $folders = explode(',', $folderitems);
                    foreach ($folders as $cid) {
                        if (db_query("SELECT count(id) FROM {filedepot_notifications} WHERE cid=:cid AND uid=:uid", array(':cid' => $cid, ':uid' => $user->uid))->fetchField() == 0) {
                            $sql = "INSERT INTO {filedepot_notifications} (cid,cid_newfiles,cid_changes,uid,date) ";
                            $sql .= "VALUES (:cid,1,1,:uid,:time)";
                            db_query($sql, array(':cid' => $cid, ':uid' => $user->uid, ':time' => time()));
                $data['retcode'] = 200;
                $data = filedepotAjaxServer_generateLeftSideNavigation($data);
                $data['displayhtml'] = filedepot_displayFolderListing($filedepot->cid);
            } else {
                $data['retcode'] = 500;
        case 'autocompletetag':
            $matches = $nexcloud->get_matchingtags($_GET['query']);
            $retval = implode("\n", $matches);
        case 'refreshtagcloud':
            $data['retcode'] = 200;
            $data['tagcloud'] = theme('filedepot_tagcloud');
        case 'search':
            $query = $_POST['query'];
            if (!empty($query)) {
                $filedepot->activeview = 'search';
                $filedepot->cid = 0;
                $data['retcode'] = 200;
                $data['displayhtml'] = filedepot_displaySearchListing($query);
                $data['header'] = theme('filedepot_header');
                $data['activefolder'] = theme('filedepot_activefolder');
            } else {
                $data['retcode'] = 400;
        case 'searchtags':
            if (isset($_POST['tags'])) {
                $tags = stripslashes($_POST['tags']);
            } else {
                $tags = '';
            if (isset($_POST['removetag'])) {
                $removetag = stripslashes($_POST['removetag']);
            } else {
                $removetag = '';
            $current_search_tags = '';
            $filedepot->activeview = 'searchtags';
            $filedepot->cid = 0;
            if (!empty($tags)) {
                if (!empty($removetag)) {
                    $removetag = stripslashes($removetag);
                    $atags = explode(',', $tags);
                    $key = array_search($removetag, $atags);
                    if ($key !== FALSE) {
                    $tags = implode(',', $atags);
                    $_POST['tags'] = $tags;
                } else {
                    $removetag = '';
                if (!empty($tags)) {
                    $data['searchtags'] = stripslashes($tags);
                    $atags = explode(',', $tags);
                    if (count($atags) >= 1) {
                        foreach ($atags as $tag) {
                            $tag = trim($tag);
                            // added to handle extra space thats added when removing a tag - thats between 2 other tags
                            if (!empty($tag)) {
                                $current_search_tags .= theme('filedepot_searchtag', array('searchtag' => addslashes($tag), 'label' => check_plain($tag)));
                    $data['retcode'] = 200;
                    $data['currentsearchtags'] = $current_search_tags;
                    $data['displayhtml'] = filedepot_displayTagSearchListing($tags);
                    $data['tagcloud'] = theme('filedepot_tagcloud');
                    $data['header'] = theme('filedepot_header');
                    $data['activefolder'] = theme('filedepot_activefolder');
                } else {
                    $filedepot->activeview = 'latestfiles';
                    $data['retcode'] = 200;
                    $data['currentsearchtags'] = '';
                    $data['tagcloud'] = theme('filedepot_tagcloud');
                    $data['displayhtml'] = filedepot_displayFolderListing($filedepot->cid);
                    $data['header'] = theme('filedepot_header');
                    $data['activefolder'] = theme('filedepot_activefolder');
            } else {
                $data['tagcloud'] = theme('filedepot_tagcloud');
                $data['retcode'] = 203;
                // Partial Information
        case 'approvefile':
            $id = intval($_POST['id']);
            $token = isset($_POST['ltoken']) ? $_POST['ltoken'] : NULL;
            if ($token == NULL || !drupal_valid_token($token, FILEDEPOT_TOKEN_LISTING)) {
                $data['retcode'] = 403;
                // forbidden
            } elseif ($user->uid > 0 and $filedepot->approveFileSubmission($id)) {
                $filedepot->cid = 0;
                $filedepot->activeview = 'approvals';
                $data = filedepotAjaxServer_getfilelisting();
                $data = filedepotAjaxServer_generateLeftSideNavigation($data);
                $data['retcode'] = 200;
            } else {
                $data['retcode'] = 400;
        case 'approvesubmissions':
            $token = isset($_POST['ltoken']) ? $_POST['ltoken'] : NULL;
            if ($token == NULL || !drupal_valid_token($token, FILEDEPOT_TOKEN_LISTING)) {
                $data['retcode'] = 403;
                // forbidden
            } elseif ($user->uid > 0) {
                $reportmode = check_plain($_POST['reportmode']);
                $fileitems = check_plain($_POST['checkeditems']);
                $files = explode(',', $fileitems);
                $approved_files = 0;
                $filedepot->activeview = 'approvals';
                foreach ($files as $id) {
                    // Check if this is a valid submission record
                    if ($id > 0 and db_query("SELECT COUNT(*) FROM {filedepot_filesubmissions} WHERE id=:id", array(':id' => $id))->fetchField() == 1) {
                        // Verify that user has Admin Access to approve this file
                        $cid = db_query("SELECT cid FROM {filedepot_filesubmissions} WHERE id=:id", array(':id' => $id))->fetchField();
                        if ($cid > 0 and $filedepot->checkPermission($cid, array('admin', 'approval'), 0, FALSE)) {
                            if ($filedepot->approveFileSubmission($id)) {
                if ($approved_files > 0) {
                    $data['retcode'] = 200;
                    $data = filedepotAjaxServer_generateLeftSideNavigation($data);
                    $data['displayhtml'] = filedepot_displayFolderListing();
                } else {
                    $data['retcode'] = 400;
        case 'deletesubmissions':
            $token = isset($_POST['ltoken']) ? $_POST['ltoken'] : NULL;
            if ($token == NULL || !drupal_valid_token($token, FILEDEPOT_TOKEN_LISTING)) {
                $data['retcode'] = 403;
                // forbidden
            } elseif ($user->uid > 0) {
                $reportmode = check_plain($_POST['reportmode']);
                $fileitems = check_plain($_POST['checkeditems']);
                $files = explode(',', $fileitems);
                $deleted_files = 0;
                $filedepot->activeview = 'approvals';
                foreach ($files as $id) {
                    // Check if this is a valid submission record
                    if ($id > 0 and db_query("SELECT COUNT(*) FROM {filedepot_filesubmissions} WHERE id=:id", array(':id' => $id))->fetchField() == 1) {
                        // Verify that user has Admin Access to approve this file
                        $cid = db_query("SELECT cid FROM {filedepot_filesubmissions} WHERE id=:id", array(':id' => $id))->fetchField();
                        if ($cid > 0 and $filedepot->checkPermission($cid, array('admin', 'approval'), 0, FALSE)) {
                            if ($filedepot->deleteSubmission($id)) {
                if ($deleted_files > 0) {
                    $data['retcode'] = 200;
                    $data = filedepotAjaxServer_generateLeftSideNavigation($data);
                    $data['displayhtml'] = filedepot_displayFolderListing();
                } else {
                    $data['retcode'] = 400;
        case 'deleteincomingfile':
            $id = intval($_POST['id']);
            $message = '';
            $token = isset($_POST['token']) ? $_POST['token'] : NULL;
            if ($token == NULL || !drupal_valid_token($token, FILEDEPOT_TOKEN_FOLDERMGMT)) {
                $data['retcode'] = 403;
                // forbidden
            } else {
                $fid = db_query("SELECT drupal_fid FROM {filedepot_import_queue} WHERE id=:id", array(':id' => $id))->fetchField();
                if ($fid > 0) {
                    $filepath = db_query("SELECT filepath FROM {files} WHERE fid=:fid", array(':fid' => $fid))->fetchField();
                    if (!empty($filepath) and file_exists($filepath)) {
                    db_query("DELETE FROM {files} WHERE fid=:fid", array(':fid' => $fid));
                    db_query("DELETE FROM {filedepot_import_queue} WHERE id=:id", array(':id' => $id));
                    $data['retcode'] = 200;
                    $filedepot->activeview = 'incoming';
                    $data = filedepotAjaxServer_generateLeftSideNavigation($data);
                    $data['displayhtml'] = filedepot_displayFolderListing();
                } else {
                    $data['retcode'] = 500;
                $retval = json_encode($data);
        case 'moveincomingfile':
            $newcid = intval($_POST['newcid']);
            $id = intval($_POST['id']);
            $filedepot->activeview = 'incoming';
            $data = array();
            $token = isset($_POST['token']) ? $_POST['token'] : NULL;
            if ($token == NULL || !drupal_valid_token($token, FILEDEPOT_TOKEN_FOLDERMGMT)) {
                $data['retcode'] = 403;
                // forbidden
            } elseif ($newcid > 0 and $id > 0 and $filedepot->moveIncomingFile($id, $newcid)) {
                // Send out email notifications of new file added to all users subscribed  -  Get fileid for the new file record
                $fid = db_query("SELECT fid FROM {filedepot_files} WHERE cid=:cid AND submitter=:uid ORDER BY fid DESC", array(':cid' => $newcid, ':uid' => $user->uid), 0, 1)->fetchField();
                filedepot_sendNotification($fid, FILEDEPOT_NOTIFY_NEWFILE);
                $data['retcode'] = 200;
                $data = filedepotAjaxServer_generateLeftSideNavigation($data);
                $data['displayhtml'] = filedepot_displayFolderListing();
            } else {
                $data['retcode'] = 500;
        case 'broadcastalert':
            $data = array();
            if (variable_get('filedepot_default_allow_broadcasts', 1) == 0) {
                $data['retcode'] = 204;
            } else {
                $fid = intval($_POST['fid']);
                $message = check_plain($_POST['message']);
                $token = isset($_POST['ftoken']) ? $_POST['ftoken'] : NULL;
                if ($token == NULL || !drupal_valid_token($token, FILEDEPOT_TOKEN_FILEDETAILS)) {
                    $data['retcode'] = 403;
                } elseif (!empty($message) and $fid > 0) {
                    $data = filedepotAjaxServer_broadcastAlert($fid, $message);
                } else {
                    $data['retcode'] = 500;
    if ($action != 'autocompletetag') {
        if ($action != 'getmorefiledata' and $action != 'getmorefolderdata') {
            $retval = json_encode($data);
        header('Cache-Control: no-store, no-cache, must-revalidate');
        header('content-type: application/xml', TRUE);
        echo "<?xml version=\"1.0\" encoding=\"UTF-8\" ?>\n";
    echo $retval;
Esempio n. 2
 public function approveFileSubmission($id)
     $nexcloud = filedepot_nexcloud();
     $query = db_query("SELECT * FROM {filedepot_filesubmissions} WHERE id=:fid", array('fid' => $id));
     $rec = $query->fetchObject();
     $newfid = 0;
     // @TODO: Check if there have been multiple submission requests for the same file and thus have same new version #
     if ($rec->version == 1) {
         $private_destination = "private://filedepot/{$rec->cid}/";
         // Best to call file_prepare_directory() - even if you believe directory exists
         file_prepare_directory($private_destination, FILE_CREATE_DIRECTORY);
         $file = file_load($rec->drupal_fid);
         $private_uri = $private_destination . $rec->fname;
         $file = file_move($file, $private_uri, FILE_EXISTS_RENAME);
         // Get name of new file in case it was renamed after the file_move()
         list($scheme, $target) = explode('://', $file->uri, 2);
         $filename = str_replace("filedepot/{$rec->cid}/", '', $target);
         if (isset($rec->title) and !empty($rec->title)) {
             $filetitle = $rec->title;
         } else {
             $filetitle = $rec->fname;
         // Load the node for the folder and then update the file usage table
         $nid = db_query("SELECT nid FROM {filedepot_categories} WHERE cid=:cid", array(':cid' => $rec->cid))->fetchField();
         $node = node_load($nid);
         file_usage_add($file, 'filedepot', 'node', $node->nid);
         // Remove the record for the core file module from the file usage table
         file_usage_delete($file, 'file');
         $query = db_insert('filedepot_files');
         $query->fields(array('cid', 'fname', 'title', 'description', 'version', 'drupal_fid', 'size', 'mimetype', 'submitter', 'status', 'date', 'version_ctl', 'extension'));
         $query->values(array('cid' => $rec->cid, 'fname' => $filename, 'title' => $filetitle, 'description' => $rec->description, 'version' => $rec->version, 'drupal_fid' => $file->fid, 'size' => $file->filesize, 'mimetype' => $file->filemime, 'submitter' => $rec->submitter, 'status' => 1, 'date' => $rec->date, 'version_ctl' => $rec->version_ctl, 'extension' => $rec->extension));
         // Get fileid for the new file record
         $newfid = db_query_range("SELECT fid FROM {filedepot_files} WHERE cid=:cid AND submitter=:uid ORDER BY fid DESC", 0, 1, array(':cid' => $rec->cid, ':uid' => $rec->submitter))->fetchField();
         $query = db_insert('filedepot_fileversions');
         $query->fields(array('fid', 'fname', 'drupal_fid', 'version', 'notes', 'size', 'date', 'uid', 'status'));
         $query->values(array('fid' => $newfid, 'fname' => $filename, 'drupal_fid' => $file->fid, 'version' => 1, 'notes' => $rec->version_note, 'size' => $file->filesize, 'date' => time(), 'uid' => $rec->submitter, 'status' => 1));
         if (!empty($rec->tags) and $this->checkPermission($rec->cid, 'view', 0, FALSE)) {
             $nexcloud->update_tags($newfid, $rec->tags);
     if ($newfid > 0) {
         if ($rec->notify == 1) {
             filedepot_sendNotification($newfid, FILEDEPOT_NOTIFY_APPROVED);
         db_delete('filedepot_filesubmissions')->condition('id', $id)->execute();
         // Send out notifications of update to all subscribed users
         filedepot_sendNotification($newfid, FILEDEPOT_NOTIFY_NEWFILE);
         // Update related folders last_modified_date
         $workspaceParentFolder = filedepot_getTopLevelParent($rec->cid);
         return TRUE;
     } else {
         return FALSE;
Esempio n. 3
function filedepotAjaxServer_loadFileDetails()
    global $user;
    $filedepot = filedepot_filedepot();
    $nexcloud = filedepot_nexcloud();
    $reportmode = check_plain($_POST['reportmode']);
    $retval = array();
    $retval['editperm'] = FALSE;
    $retval['token'] = drupal_get_token(FILEDEPOT_TOKEN_FILEDETAILS);
    $retval['deleteperm'] = FALSE;
    $retval['addperm'] = FALSE;
    $retval['lockperm'] = FALSE;
    $retval['notifyperm'] = FALSE;
    $retval['broadcastperm'] = FALSE;
    $retval['tags'] = '';
    $validfile = FALSE;
    if ($reportmode == 'approvals') {
        $id = intval($_POST['id']);
        if (db_query("SELECT count(*) FROM {filedepot_filesubmissions} WHERE id=:id", array(':id' => $id))->fetchField() == 1) {
            $validfile = TRUE;
            $sql = "SELECT as fid,file.cid,file.title,file.fname,,file.size,file.version,file.submitter,file.tags,, ";
            $sql .= "file.status,file.description,, as folder,category.nid,file.version_note,tags ";
            $sql .= "FROM {filedepot_filesubmissions} file ";
            $sql .= "LEFT JOIN {filedepot_categories} category ON file.cid=category.cid ";
            $sql .= "LEFT JOIN {users} u ON u.uid=file.submitter ";
            $sql .= "WHERE ";
            $rec = db_query($sql, array(':id' => $id))->fetchAssoc();
            $retval = array_merge($retval, $rec);
            $retval['displayhtml'] = theme('filedepot_filedetail', array('fid' => $id, 'reportmode' => $reportmode));
            $retval['locked'] = FALSE;
            $retval['subscribed'] = FALSE;
    } elseif ($reportmode == 'incoming') {
        $id = intval($_POST['id']);
        if (db_result(db_query("SELECT count(*) FROM {filedepot_import_queue} WHERE id=:id", array(':id' => $id))) == 1) {
            $validfile = TRUE;
            $sql = "SELECT as fid,file.orig_filename as title,file.description,file.version_note, ";
            $sql .= "FROM {filedepot_import_queue} file ";
            $sql .= "LEFT JOIN {users} u ON u.uid=file.uid ";
            $sql .= "WHERE ";
            $rec = db_query($sql, array(':id' => $id))->fetchAssoc();
            $retval = array_merge($retval, $rec);
            if (empty($retval['version_note'])) {
                $retval['version_note'] = '';
            $retval['displayhtml'] = theme('filedepot_filedetail', array('fid' => $id, 'reportmode' => $reportmode));
            $retval['locked'] = FALSE;
            $retval['subscribed'] = FALSE;
            // Need to reference a valid filedepot_folder node for the filedepot_download callback to work - required for the File Details 'Download' menuitem
            $retval['nid'] = db_query_range("SELECT nid FROM {filedepot_categories} WHERE pid=0", 0, 1, array())->fetchField();
    } else {
        // Check that record exists
        $fid = intval($_POST['id']);
        $cid = db_query("SELECT cid FROM {filedepot_files} WHERE fid=:fid", array(':fid' => $fid))->fetchField();
        if ($filedepot->checkPermission($cid, 'view') and db_query("SELECT count(*) FROM {filedepot_files} WHERE fid=:fid", array(':fid' => $fid))->fetchField() == 1) {
            $validfile = TRUE;
            $sql = "SELECT file.fid,file.cid,file.title,file.description,file.fname,,file.size,file.version,file.submitter,, ";
            $sql .= "file.status,, as folder,category.nid,v.notes as version_note,file.status_changedby_uid ";
            $sql .= "FROM {filedepot_files} file ";
            $sql .= "LEFT JOIN {filedepot_categories} category ON file.cid=category.cid ";
            $sql .= "LEFT JOIN {filedepot_fileversions} v ON v.fid=file.fid ";
            $sql .= "LEFT JOIN {users} u ON u.uid=file.submitter ";
            $sql .= "WHERE file.fid=:fid ORDER BY v.version DESC";
            $rec = db_query($sql, array(':fid' => $fid))->fetchAssoc();
            $retval = array_merge($retval, $rec);
            $retval['tags'] = $nexcloud->get_itemtags($fid);
            $retval['displayhtml'] = theme('filedepot_filedetail', array('fid' => $fid, 'reportmode' => $reportmode));
            // Check if file is locked
            if ($retval['status'] == FILEDEPOT_LOCKED_STATUS) {
                $retval['locked'] = TRUE;
            } else {
                $retval['locked'] = FALSE;
            // Check and see if user has subscribed to this file
            $direct = FALSE;
            $ignorefilechanges = FALSE;
            // Check if user has an ignore file changes record or a subscribe to changes record for this file
            $query = db_query("SELECT fid,ignore_filechanges FROM {filedepot_notifications} WHERE fid=:fid and uid=:uid", array(':fid' => $fid, ':uid' => $user->uid));
            $A = $query->fetchAssoc();
            if ($A['ignore_filechanges'] == 1) {
                $ignorefilechanges = TRUE;
            } elseif ($A['fid'] == $fid) {
                $direct = TRUE;
            // Check and see if user has indirectly subscribed to file by subscribing to folder
            $sql = "SELECT count(*) FROM {filedepot_notifications} WHERE cid_changes=1 AND cid=:cid AND uid=:uid";
            $indirect = db_query($sql, array(':cid' => $rec['cid'], ':uid' => $user->uid))->fetchField();
            if (($direct or $indirect) and !$ignorefilechanges) {
                $retval['subscribed'] = TRUE;
            } else {
                $retval['subscribed'] = FALSE;
    if ($validfile) {
        $retval['error'] = '';
        $retval['retcode'] = 200;
        if ($reportmode == 'incoming') {
            $retval['downloadperm'] = TRUE;
            $retval['editperm'] = TRUE;
            $retval['deleteperm'] = TRUE;
            $retval['addperm'] = FALSE;
            $retval['lockperm'] = FALSE;
            $retval['notifyperm'] = FALSE;
            $retval['broadcastperm'] = FALSE;
            $folderoptions = filedepot_recursiveAccessOptions('admin', 0);
            $retval['folderoptions'] = '<select name="folder" style="width:220px;">' . $folderoptions . '</select>';
        } else {
            $retval['dispfolder'] = $retval['folder'];
            $retval['description'] = nl2br($retval['description']);
            $retval['version_note'] = nl2br($retval['version_note']);
            $retval['date'] = strftime('%b %d %Y %I:%M %p', $retval['date']);
            $retval['size'] = filedepot_formatFileSize($retval['size']);
            // Setup the folder option select HTML options
            $cid = intval($retval['cid']);
            $folderoptions = filedepot_recursiveAccessOptions('admin', $cid, 0, 1, FALSE);
            if (!empty($folderoptions) and $filedepot->checkPermission($retval['cid'], 'admin')) {
                $retval['folderoptions'] = '<select name="folder" style="width:220px;">' . $folderoptions . '</select>';
            } else {
                $retval['folderoptions'] = '<input type="text" name="folder" value="' . $retval['folder'] . '" READONLY />';
            if ($filedepot->checkPermission($retval['cid'], 'admin')) {
                $retval['downloadperm'] = TRUE;
                $retval['editperm'] = TRUE;
                $retval['deleteperm'] = TRUE;
                $retval['addperm'] = TRUE;
                $retval['lockperm'] = TRUE;
                $retval['notifyperm'] = TRUE;
                $retval['broadcastperm'] = TRUE;
            } elseif ($retval['locked']) {
                if ($retval['status_changedby_uid'] == $user->uid) {
                    $retval['lockperm'] = TRUE;
                    if ($filedepot->checkPermission($retval['cid'], 'upload_ver')) {
                        $retval['addperm'] = TRUE;
                    if ($retval['submitter'] == $user->uid) {
                        $retval['deleteperm'] = TRUE;
                } elseif ($retval['status_changedby_uid'] > 0) {
                    if ($retval['submitter'] == $user->uid) {
                        $retval['lockperm'] = TRUE;
                    } else {
                        $retval['downloadperm'] = FALSE;
                $retval['notifyperm'] = TRUE;
            } elseif ($user->uid > 0) {
                if ($retval['submitter'] == $user->uid) {
                    $retval['deleteperm'] = TRUE;
                    $retval['lockperm'] = TRUE;
                if ($filedepot->checkPermission($retval['cid'], 'upload_ver')) {
                    $retval['addperm'] = TRUE;
                $retval['notifyperm'] = TRUE;
            // Changed
            if ($filedepot->checkPermission($retval['cid'], 'view', 0, TRUE)) {
                $retval['tagperms'] = TRUE;
                // Able to set or change tags
                if ($retval['locked']) {
                    if ($retval['submitter'] == $user->uid or $retval['status_changedby_uid'] == $user->uid) {
                        $retval['downloadperm'] = TRUE;
                    } elseif (variable_get('filedepot_locked_file_download_enabled', 0) == 1) {
                        // Check admin config setting
                        $retval['downloadperm'] = TRUE;
                    } else {
                        $retval['downloadperm'] = FALSE;
                } else {
                    $retval['downloadperm'] = TRUE;
                    if ($retval['submitter'] == $user->uid) {
                        $retval['editperm'] = TRUE;
            } else {
                $retval['tagperms'] = FALSE;
                $retval['downloadperm'] = FALSE;
    } else {
        $retval['retcode'] = 400;
        $retval['error'] = t('Invalid access');
    return $retval;
Esempio n. 4
function template_preprocess_filedepot_filedetail(&$variables)
    $filedepot = filedepot_filedepot();
    $nexcloud = filedepot_nexcloud();
    $fid = $variables['fid'];
    $variables['site_url'] = base_path();
    $variables['ajax_server_url'] = url('filedepot_ajax');
    $variables['LANG_download'] = t('Download File');
    $variables['LANG_lastupated'] = t('Last Updated');
    $variables['show_statusmsg'] = 'none';
    $limit = FALSE;
    if ($variables['reportmode'] == 'approvals') {
        $sql = "SELECT file.cid,file.title,file.fname,,file.version,file.size, ";
        $sql .= "file.description,file.submitter,file.status,file.version_note as notes,tags ";
        $sql .= "FROM {filedepot_filesubmissions} file ";
        $sql .= "WHERE";
    } elseif ($variables['reportmode'] == 'incoming') {
        $sql = "SELECT 0,file.orig_filename as title,file.orig_filename as fname,file.timestamp,1,file.size, ";
        $sql .= "file.description,file.uid,9,file.version_note,'' ";
        $sql .= "FROM {filedepot_import_queue} file ";
        $sql .= "WHERE";
    } else {
        $sql = "SELECT file.cid, file.title, v.fname,, file.version, file.size, ";
        $sql .= "file.description, file.submitter, file.status, v.notes, '' as tags ";
        $sql .= "FROM {filedepot_files} file ";
        $sql .= "LEFT JOIN {filedepot_fileversions} v ON v.fid=file.fid ";
        $sql .= "WHERE file.fid=:fid ORDER BY v.version DESC ";
        $limit = 1;
    $filedetail = FALSE;
    if ($limit !== FALSE) {
        $query = db_query_range($sql, 0, 1, array(':fid' => $fid));
    } else {
        $query = db_query($sql, array(':fid' => $fid));
    $A = $query->fetchAssoc();
    if ($A != NULL) {
        list($cid, $title, $fname, $date, $cur_version, $size, $description, $submitter, $status, $cur_notes, $tags) = array_values($A);
        $variables['cid'] = $cid;
        $variables['shortdate'] = strftime($filedepot->shortdate, $date);
        $variables['size'] = filedepot_formatFileSize($size);
        $icon = $filedepot->getFileIcon($fname);
        $variables['fileicon'] = "{$variables['layout_url']}/css/images/{$icon}";
        $author = db_query("SELECT name FROM {users} WHERE uid=:uid", array(':uid' => $submitter))->fetchField();
        $catname = db_query("SELECT name FROM {filedepot_categories} WHERE cid=:cid", array(':cid' => $cid))->fetchField();
        $nid = db_query("SELECT nid FROM {filedepot_categories} WHERE cid=:cid", array(':cid' => $cid))->fetchField();
        $variables['fname'] = filter_xss($fname);
        $variables['current_version'] = "(V{$cur_version})";
        $variables['filetitle'] = filter_xss($title);
        $variables['real_filename'] = filter_xss($fname);
        $variables['author'] = $author;
        $variables['description'] = nl2br(filter_xss($description));
        $variables['foldername'] = filter_xss($catname);
        $variables['current_ver_note'] = nl2br(filter_xss($cur_notes));
        $variables['tags'] = $nexcloud->get_itemtags($fid);
        $variables['disable_download'] = '';
        if ($status == FILEDEPOT_UNAPPROVED_STATUS) {
            $variables['show_statusmsg'] = '';
            $variables['status_image'] = '<img src="' . $variables['layout_url'] . '/css/images/padlock.gif">';
            $variables['statusmessage'] = '* ' . t('File Submission to Approve');
        } elseif ($status == FILEDEPOT_INCOMING_STATUS) {
            $variables['show_statusmsg'] = '';
            $variables['status_image'] = '&nbsp;';
            $variables['statusmessage'] = '* ' . t('Incoming File - needs to be moved or deleted');
            $variables['disable_download'] = 'onClick="return false;"';
        } elseif ($status == FILEDEPOT_LOCKED_STATUS) {
            $variables['show_statusmsg'] = '';
            $stat_userid = db_query("SELECT status_changedby_uid FROM {filedepot_files} WHERE fid=:fid", array(':fid' => $fid))->fetchField();
            $stat_user = db_query("SELECT name FROM {users} WHERE uid=:uid", array(':uid' => $stat_userid))->fetchField();
            $variables['status_image'] = '<img src="' . $variables['layout_url'] . '/css/images/padlock.gif">';
            $variables['statusmessage'] = '* ' . t('Locked by %name', array('%name' => $stat_user));
            $variables['LANG_DOWNLOAD_MESSAGE'] = t('File Locked by: %name', array('%name' => $stat_user));
            $variables['disable_download'] = 'onClick="return FALSE;"';
        } else {
            $variables['status_image'] = '&nbsp;';
            $variables['statusmessage'] = '&nbsp;';
        if (function_exists('spaces_get_space')) {
            $space = spaces_get_space();
            if ($space && $space->type === 'og') {
                $urlprefix = '';
                switch (variable_get('purl_method_spaces_og', 'path')) {
                    case 'path':
                        $urlprefix = "{$space->group->purl}";
                    case 'pair':
                        $urlprefix = "{$key}/{$space->id}";
        $clean_urls_on = variable_get('clean_url', 0);
        if ($clean_urls_on == 1) {
            $url_separator = "/";
        } else {
            $url_separator = "?q=";
        if (isset($urlprefix) and !empty($urlprefix)) {
            $variables['download_url'] = base_path() . "index.php{$url_separator}{$urlprefix}/filedepot&cid={$cid}&fid={$fid}";
        } else {
            $variables['download_url'] = base_path() . "index.php{$url_separator}filedepot&cid={$cid}&fid={$fid}";
        // Retrieve file versions
        $sql = "SELECT fid,fname,version,notes,size,date,uid FROM {filedepot_fileversions} " . "WHERE fid=:fid AND version < :version ORDER by version DESC";
        $query = db_query($sql, array(':fid' => $fid, ':version' => $cur_version));
        $version_records = '';
        if ($query) {
            while ($rec = $query->fetchAssoc()) {
                $rec['nid'] = $nid;
                $version_records .= theme('filedepot_fileversion', array('versionRec' => $rec));
        $variables['version_records'] = $version_records;