<?php
/* TASKS $Id: tasks_tab.files.php 6149 2012-01-09 11:58:40Z ajdonnison $ */
if (!defined('DP_BASE_DIR')) {
die('You should not access this file directly.');
}
global $AppUI, $project_id, $task_id, $deny, $canRead, $canEdit, $dPconfig, $cfObj, $m, $obj;
require_once $AppUI->getModuleClass('files');
global $allowed_folders_ary, $denied_folders_ary, $limited;
$cfObj = new CFileFolder();
$allowed_folders_ary = $cfObj->getAllowedRecords($AppUI->user_id);
$denied_folders_ary = $cfObj->getDeniedRecords($AppUI->user_id);
$limited = count($allowed_folders_ary) < $cfObj->countFolders() ? true : false;
if (!$limited) {
$canEdit = true;
} else {
if ($limited && array_key_exists($folder, $allowed_folders_ary)) {
$canEdit = true;
} else {
$canEdit = false;
}
}
$showProject = false;
$project_id = $obj->task_project;
if (getPermission('files', 'edit')) {
echo '<a href="?m=files&a=addedit&project_id=' . $project_id . '&file_task=' . $task_id . '">' . $AppUI->_('Attach a file') . '</a>';
echo dPshowImage(dPfindImage('stock_attach-16.png', $m), 16, 16, '');
}
$canAccess_folders = getPermission('file_folders', 'access');
if ($canAccess_folders) {
$folder = (int) dPgetParam($_GET, 'folder', 0);
$AppUI->setState('FileIdxProject', $_REQUEST['project_id']);
}
$project_id = $AppUI->getState('FileIdxProject', 0);
/*
* get "Allowed" projects for filter list
* ("All" is always allowed when basing permission on projects)
*/
$project = new CProject();
$extra = array('from' => 'files', 'where' => 'project_id = file_project');
$projects = $project->getAllowedRecords($AppUI->user_id, 'project_id,project_name', 'project_name', null, $extra);
$projects = arrayMerge(array('0' => $AppUI->_('All', UI_OUTPUT_RAW)), $projects);
// get SQL for allowed projects/tasks and folders
$task = new CTask();
$allowedProjects = $project->getAllowedSQL($AppUI->user_id, 'file_project');
$allowedTasks = $task->getAllowedSQL($AppUI->user_id, 'file_task');
$cfObj = new CFileFolder();
$allowedFolders = $cfObj->getAllowedSQL($AppUI->user_id, 'file_folder');
//get permissions for folder tab
$canAccess_folders = getPermission('file_folders', 'access');
// setup the title block
$titleBlock = new CTitleBlock('Files', 'folder5.png', $m, $m . '.' . $a);
$titleBlock->addCell($AppUI->_('Filter') . ':');
$titleBlock->addCell(arraySelect($projects, 'project_id', 'onchange="javascript:document.pickProject.submit()" size="1" class="text"', $project_id), '', '<form name="pickProject" action="?m=files" method="post">', '</form>');
/*
* override the file module's $canEdit variable passed from the main index.php
* in order to check on file folder permissions
*/
$canAuthor_folders = getPermission('file_folders', 'add');
if ($canAuthor) {
$titleBlock->addCell('<input type="submit" class="button" value="' . $AppUI->_('new file') . '" />', '', '<form action="?m=files&a=addedit&folder=' . $folder . '" method="post">', '</form>');
}
include_once $AppUI->getModuleClass('projects');
include_once $AppUI->getModuleClass('tasks');
if (!isset($project_id)) {
$project_id = dPgetParam($_REQUEST, 'project_id', 0);
}
if (!$project_id) {
$showProject = true;
}
global $allowedCompanies, $allowedProjects, $allowedTasks, $allowedFolders;
$company = new CCompany();
$allowedCompanies = $company->getAllowedSQL($AppUI->user_id, 'co.company_id');
$project = new CProject();
$allowedProjects = $project->getAllowedSQL($AppUI->user_id, 'f.file_project');
$task = new CTask();
$allowedTasks = $task->getAllowedSQL($AppUI->user_id, 'f.file_task');
$cfObj = new CFileFolder();
$allowedFolderIDs = $cfObj->getAllowedSQL($AppUI->user_id, 'ff.file_folder_id');
$allowedFolders = $cfObj->getAllowedSQL($AppUI->user_id, 'f.file_folder');
// $parent_id is the parent of the children we want to see
// $level is increased when we go deeper into the tree, used to display a nice indented tree
function displayFolders($folder_id = 0, $level = 0)
{
global $AppUI, $m, $a, $tab;
global $current_uri;
global $canAccess_folders, $canRead_folders, $canEdit_folders;
global $canAuthor_folders, $canDelete_folders;
global $company_id, $project_id, $task_id;
global $allowedCompanies, $allowedProjects, $allowedTasks, $allowedFolders;
$q = new DBQuery();
$folders = array();
// retrieve all info of $folder_id
if (!$perms->checkModule('files', 'delete')) {
$AppUI->redirect('m=public&a=access_denied');
}
} elseif ($isNotNew) {
if (!$perms->checkModule('files', 'edit')) {
$AppUI->redirect('m=public&a=access_denied');
}
} else {
if (!$perms->checkModule('files', 'add')) {
$AppUI->redirect('m=public&a=access_denied');
}
}
$obj = new CFileFolder();
if ($file_folder_id) {
$obj->_message = 'updated';
$oldObj = new CFileFolder();
$oldObj->load($file_folder_id);
} else {
$obj->_message = 'added';
}
if (!$obj->bind($_POST)) {
$AppUI->setMsg($obj->getError(), UI_MSG_ERROR);
$AppUI->redirect($redirect);
}
// prepare (and translate) the module name ready for the suffix
$AppUI->setMsg('File Folder');
// delete the file folder
if ($del) {
$obj->load($file_folder_id);
if ($msg = $obj->delete()) {
$AppUI->setMsg($msg, UI_MSG_ERROR);
function getFolders($parent, $level = 0)
{
global $AppUI, $allowed_folders_ary, $denied_folders_ary, $tab, $m, $a, $company_id, $allowed_companies, $project_id, $task_id, $current_uri, $file_types;
// retrieve all children of $parent
$file_folder = new CFileFolder();
$folders = $file_folder->getFoldersByParent($parent);
$s = '';
// display each child
foreach ($folders as $row) {
if (array_key_exists($row['file_folder_id'], $allowed_folders_ary) or array_key_exists($parent, $allowed_folders_ary)) {
$file_count = countFiles($row['file_folder_id']);
$s .= '<tr><td colspan="20">';
if ($m == 'files') {
$s .= '<a href="./index.php?m=' . $m . '&a=' . $a . '&tab=' . $tab . '&folder=' . $row['file_folder_id'] . '" name="ff' . $row['file_folder_id'] . '">';
}
$s .= '<img src="' . w2PfindImage('folder5_small.png', 'files') . '" width="16" height="16" style="float: left; border: 0px;" />';
$s .= $row['file_folder_name'];
if ($m == 'files') {
$s .= '</a>';
}
if ($file_count > 0) {
$s .= ' <a href="javascript: void(0);" onClick="expand(\'files_' . $row['file_folder_id'] . '\')" class="has-files">(' . $file_count . ' files) +</a>';
}
$s .= '<form name="frm_remove_folder_' . $row['file_folder_id'] . '" action="?m=files" method="post" accept-charset="utf-8">
<input type="hidden" name="dosql" value="do_folder_aed" />
<input type="hidden" name="del" value="1" />
<input type="hidden" name="file_folder_id" value="' . $row['file_folder_id'] . '" />
</form>';
$s .= '<a style="float:left;" href="./index.php?m=files&a=addedit_folder&folder=' . $row['file_folder_id'] . '">' . w2PshowImage('filesaveas.png', '16', '16', 'edit icon', 'edit this folder', 'files') . '</a>' . '<a style="float:left;" href="./index.php?m=files&a=addedit_folder&file_folder_parent=' . $row['file_folder_id'] . '&file_folder_id=0">' . w2PshowImage('edit_add.png', '', '', 'new folder', 'add a new subfolder', 'files') . '</a>' . '<a style="float:right;" href="javascript: void(0);" onclick="if (confirm(\'Are you sure you want to delete this folder?\')) {document.frm_remove_folder_' . $row['file_folder_id'] . '.submit()}">' . w2PshowImage('remove.png', '', '', 'delete icon', 'delete this folder', 'files') . '</a>' . '<a style="float:left;" href="./index.php?m=files&a=addedit&folder=' . $row['file_folder_id'] . '&project_id=' . $project_id . '&file_id=0">' . w2PshowImage('folder_new.png', '', '', 'new file', 'add new file to this folder', 'files') . '</a>';
$s .= '</td></tr>';
if ($file_count > 0) {
$s .= '<div class="files-list" id="files_' . $row['file_folder_id'] . '" style="display: none;">';
$s .= displayFiles($AppUI, $row['file_folder_id'], $task_id, $project_id, $company_id);
$s .= "</div>";
}
}
}
return $s;
}
function getFolderSelectList()
{
global $AppUI;
$folder = new CFileFolder();
$allowed_folders = array();
$allowed_folders_pre = $folder->getAllowedRecords($AppUI->user_id, 'file_folder_id, file_folder_name' . ', file_folder_parent', 'file_folder_name', 'file_folder_id');
//get array in proper "format" for tree
foreach ($allowed_folders_pre as $results) {
$folder_id = $results['file_folder_id'];
$allowed_folders[$folder_id] = array($results['file_folder_id'], $results['file_folder_name'], $results['file_folder_parent']);
}
$folders = arrayMerge(array(array(0, $AppUI->_('Root'), -1)), $allowed_folders);
return $folders;
}
$extra = array('from' => 'files', 'where' => 'project_id = file_project');
//get "Allowed" projects for filter list ("All" is always allowed when basing permission on projects)
$project = new CProject();
$projects = $project->getAllowedRecords($AppUI->user_id, 'project_id,project_name', 'project_name', null, $extra);
$projects = arrayMerge(array('0' => $AppUI->_('All', UI_OUTPUT_RAW)), $projects);
// get SQL for allowed projects/tasks
$task = new CTask();
$allowedProjects = $project->getAllowedSQL($AppUI->user_id, 'file_project');
$allowedTasks = $task->getAllowedSQL($AppUI->user_id, 'file_task');
// setup the title block
$titleBlock = new CTitleBlock('Files', 'folder5.png', $m, "{$m}.{$a}");
$titleBlock->addCell($AppUI->_('Filter') . ':');
$titleBlock->addCell(arraySelect($projects, 'project_id', 'onChange="document.pickProject.submit()" size="1" class="text"', $project_id), '', '<form name="pickProject" action="?m=files" method="post">', '</form>');
// override the $canEdit variable passed from the main index.php in order to check folder permissions
/** get permitted folders **/
$cfObj = new CFileFolder();
$allowed_folders_ary = $cfObj->getAllowedRecords($AppUI->user_id);
$denied_folders_ary = $cfObj->getDeniedRecords($AppUI->user_id);
if (count($allowed_folders_ary) < $cfObj->countFolders()) {
$limited = true;
}
if (!$limited) {
$canEdit = true;
} elseif ($limited and array_key_exists($folder, $allowed_folders_ary)) {
$canEdit = true;
} else {
$canEdit = false;
}
if ($canEdit) {
$titleBlock->addCell('<input type="submit" class="button" value="' . $AppUI->_('new file') . '">', '', '<form action="?m=files&a=addedit&folder=' . $folder . '" method="post">', '</form>');
$titleBlock->addCell('<input type="submit" class="button" value="' . $AppUI->_('new folder') . '">', '', '<form action="?m=files&a=addedit_folder" method="post">', '</form>');
if (!$canAuthor && !$folder) {
$AppUI->redirect('m=public&a=access_denied');
}
if (!$canEdit && $folder) {
$AppUI->redirect('m=public&a=access_denied');
}
// check permissions for this record
if ($folder == 0) {
$canEdit = $canAuthor;
}
if (!$canEdit) {
$AppUI->redirect('m=public&a=access_denied');
}
// check if this record has dependancies to prevent deletion
$msg = '';
$obj = new CFileFolder();
if ($folder > 0) {
$canDelete = $obj->canDelete($msg, $folder);
}
$q = new DBQuery();
$q->addTable('file_folders');
$q->addQuery('file_folders.*');
$q->addWhere('file_folder_id=' . $folder);
$obj = null;
$q->loadObject($obj);
// load the record data
if (!$obj && $folder > 0) {
$AppUI->setMsg('File Folder');
$AppUI->setMsg('invalidID', UI_MSG_ERROR, true);
$AppUI->redirect();
}
$showProject = true;
}
if (!isset($company_id)) {
$company_id = (int) w2PgetParam($_REQUEST, 'company_id', 0);
}
$obj = new CCompany();
$allowed_companies_ary = $obj->getAllowedRecords($AppUI->user_id, 'company_id,company_name', 'company_name');
$allowed_companies = implode(',', array_keys($allowed_companies_ary));
if (!isset($task_id)) {
$task_id = (int) w2PgetParam($_REQUEST, 'task_id', 0);
}
$xpg_pagesize = w2PgetConfig('page_size', 50);
$xpg_min = $xpg_pagesize * ($page - 1);
// This is where we start our record set from
$file_types = w2PgetSysVal('FileType');
$myFolder = new CFileFolder();
$xpg_totalrecs = $myFolder->getFileCountByFolder($AppUI, $folder_id, $task_id, $project_id, $company_id);
?>
<script language="javascript" type="text/javascript">
function expand(id){
var element = document.getElementById(id);
element.style.display = (element.style.display == '' || element.style.display == 'none') ? 'block' : 'none';
}
function addBulkComponent(li) {
//IE
if (document.all || navigator.appName == 'Microsoft Internet Explorer') {
var form = document.frm_bulk;
var ni = document.getElementById('tbl_bulk');
var newitem = document.createElement('input');
var htmltxt = '';
newitem.id = 'bulk_selected_file['+li+']';
<?php
/* FILES $Id$ */
if (!defined('DP_BASE_DIR')) {
die('You should not access this file directly.');
}
$file_folder_parent = intval(dPgetParam($_GET, 'file_folder_parent', 0));
$folder = intval(dPgetParam($_GET, 'folder', 0));
// add to allow for returning to other modules besides Files
$referrerArray = parse_url($_SERVER['HTTP_REFERER']);
$referrer = $referrerArray['query'] . $referrerArray['fragment'];
$obj = new CFileFolder();
// load the record data
if ($folder && !$obj->load($folder)) {
$AppUI->setMsg('File Folder');
$AppUI->setMsg("invalidID", UI_MSG_ERROR, true);
$AppUI->redirect();
}
// check permissions for this record
if ($folder) {
$canRead_folder = getPermission('file_folders', 'view', $folder);
$canEdit_folder = getPermission('file_folders', 'edit', $folder);
} else {
$canAuthor_folder = getPermission('file_folders', 'add', $folder);
}
if ($folder && !($canEdit_folder && $canRead_folder) || !$folder && !$canAuthor_folder) {
$AppUI->redirect("m=public&a=access_denied");
}
$msg = '';
// check if this record has dependancies to prevent deletion
if ($folder > 0) {
function getFolders($parent, $level = 0)
{
global $AppUI, $allowed_folders_ary, $denied_folders_ary, $tab, $m, $a, $company_id, $allowed_companies, $project_id, $task_id, $current_uri, $file_types;
// retrieve all children of $parent
$file_folder = new CFileFolder();
$folders = $file_folder->getFoldersByParent($parent);
$s = '';
// display each child
foreach ($folders as $row) {
if (array_key_exists($row['file_folder_id'], $allowed_folders_ary) or array_key_exists($parent, $allowed_folders_ary)) {
$file_count = countFiles($row['file_folder_id']);
$s .= '<tr><td colspan="20">';
if ($m == 'files') {
$s .= '<a href="./index.php?m=' . $m . '&a=' . $a . '&tab=' . $tab . '&folder=' . $row['file_folder_id'] . '" name="ff' . $row['file_folder_id'] . '">';
}
$s .= '<img src="' . w2PfindImage('folder5_small.png', 'files') . '" width="16" height="16" style="float: left; border: 0px;" />';
$s .= $row['file_folder_name'];
if ($m == 'files') {
$s .= '</a>';
}
if ($file_count > 0) {
$s .= ' <a href="javascript: void(0);" onClick="expand(\'files_' . $row['file_folder_id'] . '\')" class="has-files">(' . $file_count . ' files) +</a>';
}
$s .= '<form name="frm_remove_folder_' . $row['file_folder_id'] . '" action="?m=files" method="post" accept-charset="utf-8">
<input type="hidden" name="dosql" value="do_folder_aed" />
<input type="hidden" name="del" value="1" />
<input type="hidden" name="file_folder_id" value="' . $row['file_folder_id'] . '" />
</form>';
$s .= '<a style="float:left;" href="./index.php?m=files&a=addedit_folder&folder=' . $row['file_folder_id'] . '">' . w2PshowImage('filesaveas.png', '16', '16', 'edit icon', 'edit this folder', 'files') . '</a>' . '<a style="float:left;" href="./index.php?m=files&a=addedit_folder&file_folder_parent=' . $row['file_folder_id'] . '&file_folder_id=0">' . w2PshowImage('edit_add.png', '', '', 'new folder', 'add a new subfolder', 'files') . '</a>' . '<a style="float:right;" href="javascript: void(0);" onclick="if (confirm(\'Are you sure you want to delete this folder?\')) {document.frm_remove_folder_' . $row['file_folder_id'] . '.submit()}">' . w2PshowImage('remove.png', '', '', 'delete icon', 'delete this folder', 'files') . '</a>' . '<a style="float:left;" href="./index.php?m=files&a=addedit&folder=' . $row['file_folder_id'] . '&project_id=' . $project_id . '&file_id=0">' . w2PshowImage('folder_new.png', '', '', 'new file', 'add new file to this folder', 'files') . '</a>';
$s .= '</td></tr>';
if ($file_count > 0) {
$s .= '<div class="files-list" id="files_' . $row['file_folder_id'] . '" style="display: none;">';
$s .= displayFiles($AppUI, $row['file_folder_id'], $task_id, $project_id, $company_id);
$s .= "</div>";
}
}
// call this function again to display this
// child's children
// getFolders *always* returns true, so there's no point in checking it
//$s .= getFolders($row['file_folder_id'], $level + 1).'</li></ul>';
}
/*
* getFolders would *alway* return true and would echo the results. It
* makes more sense to simply return the results. Then the calling code can
* echo it, capture it for parsing, or whatever else needs to be done. There
* should be less inadvertent actions as a result.
*/
return $s;
}
