/** * Returns a formatted listbox of categories user has access * First checks for View access so that delegated admin can be just for sub-categories * * @param string|array $perms Single perm 'admin' or array of permissions as required by fm_getPermission() * @param int $selected Will make this item the selected item in the listbox * @param string $cid Parent category to start at and then recursively check * @param string $level Used by this function as it calls itself to control the ident formatting * @param string $selectlist Used by this function to be able to append to the formatted select list * @param string $restricted Used if you do not want to show this categories subfolders * @return string Return a formatted HTML Select listbox of categories */ function nexdoc_recursiveAccessOptions($perms, $selected = '', $cid = '0', $level = '1', $selectlist = '', $restricted = '') { global $_TABLES, $LANG_FM02; if (empty($selectlist) and $level == 1) { if (SEC_hasRights('nexfile.admin')) { $selectlist = '<option value="0">' . $LANG_FM02['TOP_CAT'] . '</option>' . LB; } } $query = DB_QUERY("SELECT cid,pid,name FROM {$_TABLES['nxfile_categories']} WHERE PID='{$cid}' ORDER BY CID"); while (list($cid, $pid, $name, $description) = DB_fetchARRAY($query)) { $indent = ' '; // Check if user has access to this category if ($cid != $restricted and fm_getPermission($cid, 'view')) { // Check and see if this category has any sub categories - where a category record has this cid as it's parent if (DB_COUNT($_TABLES['nxfile_categories'], 'pid', $cid) > 0) { if ($level > 1) { for ($i = 2; $i <= $level; $i++) { $indent .= "--"; } $indent .= ' '; } if (fm_getPermission($cid, $perms)) { if ($indent != '') { $name = " {$name}"; } $selectlist .= '<option value="' . $cid; if ($cid == $selected) { $selectlist .= '" selected="selected">' . $indent . $name . '</option>' . LB; } else { $selectlist .= '">' . $indent . $name . '</option>' . LB; } $selectlist = nexdoc_recursiveAccessOptions($perms, $selected, $cid, $level + 1, $selectlist, $restricted); } elseif ($perms == 'admin') { // Need to check for any folders with admin even subfolders of parents that user does not have access $selectlist = nexdoc_recursiveAccessOptions($perms, $selected, $cid, $level + 1, $selectlist, $restricted); } } else { if ($level > 1) { for ($i = 2; $i <= $level; $i++) { $indent .= "--"; } $indent .= ' '; } if (fm_getPermission($cid, $perms)) { if ($indent != '') { $name = " {$name}"; } $selectlist .= '<option value="' . $cid; if ($cid == $selected) { $selectlist .= '" selected="selected">' . $indent . $name . '</option>' . LB; } else { $selectlist .= '">' . $indent . $name . '</option>' . LB; } } } } } return $selectlist; }
$tpl->parse('output', 'form'); $data['displayhtml'] = $tpl->finish($tpl->get_var('output')); $retval = json_encode($data); break; case 'rendermoveform': $tpl = new Template($_CONF['path_layout'] . 'nexfile'); $tpl->set_file('form', 'movefiles_form.thtml'); $tpl->set_var('movefolder_options', nexdoc_recursiveAccessOptions('admin')); $tpl->parse('output', 'form'); $data['displayhtml'] = $tpl->finish($tpl->get_var('output')); $retval = json_encode($data); break; case 'rendermovefileform': $tpl = new Template($_CONF['path_layout'] . 'nexfile'); $tpl->set_file('form', 'movefile_form.thtml'); $tpl->set_var('movefolder_options', nexdoc_recursiveAccessOptions('admin')); $tpl->parse('output', 'form'); $data['displayhtml'] = $tpl->finish($tpl->get_var('output')); $retval = json_encode($data); break; case 'setfolderorder': $filter->cleanData('int', array('cid' => $_GET['cid'], 'listingcid' => $_GET['listingcid'])); $_CLEAN = $filter->normalize($filter->getDbData()); if (fm_getPermission($_CLEAN['cid'], 'admin')) { // Check and see if any subfolders don't yet have a order value - if so correct $maxorder = 0; $pid = DB_getItem($_TABLES['nxfile_categories'], 'pid', "cid={$_CLEAN['cid']}"); $maxquery = DB_query("SELECT folderorder FROM {$_TABLES['nxfile_categories']} WHERE pid={$pid} ORDER BY folderorder ASC LIMIT 1"); list($maxorder) = DB_fetchArray($maxquery); $nextFolderOrder = $maxorder + 10; $query = DB_query("SELECT cid,folderorder FROM {$_TABLES['nxfile_categories']} WHERE pid={$pid} AND folderorder = 0");
$tpl->set_var('alert_message', $alertMsg); } else { $tpl->set_var('show_alert', 'none'); } $tpl->set_var('user_options', NXCOM_listUsers()); $tpl->set_var('group_options', nexdoc_getGroupOptions()); $tpl->set_var('newfolder_options', nexdoc_recursiveAccessOptions('admin')); $tpl->set_var('movefolder_options', nexdoc_recursiveAccessOptions(array('upload_dir'))); $tpl->set_var('newfile_category_options', nexdoc_recursiveAccessOptions(array('upload', 'upload_dir'))); $adminFolders = nexdoc_recursiveAccessOptions('admin'); if ($adminFolders != '') { $tpl->set_var('newfolder_options', $adminFolders); $tpl->parse('newfolder_dialog', 'newfolderdiv'); $tpl->parse('newfolder_menuitem', 'newfolderlink'); } $uploadFolders = nexdoc_recursiveAccessOptions(array('upload', 'upload_dir')); if ($uploadFolders != '') { $tpl->set_var('newfile_category_options', $uploadFolders); $tpl->parse('newfile_dialog', 'newfilediv'); $tpl->parse('newfile_menuitem', 'newfilelink'); } if (SEC_hasRights('nexfile.edit')) { $tpl->parse('folderadmin_link', 'folderadminlink'); } $tagcloud = new nexfileTagCloud(); $tpl->set_var('tag_cloud', $tagcloud->displaycloud()); $tpl->parse('toolbar', 'toolbar'); $tpl->parse('filelisting_header', 'header'); $tpl->parse('file_details_panel', 'filedetails'); $tpl->parse('newfolder_dialog', 'newfolderdiv'); $tpl->parse('newfile_dialog', 'newfilediv');