$blid = getValue('blid', '-?[0-9]+', true);
$can_delete = false;
// until proven otherwise
$error = $name = $owner = $type = '';
$event_id = -1;
if ($is_admin) {
$can_delete = true;
}
$res = dbi_execute(Doc::getSQLForDocId($blid));
if (!$res) {
$error = db_error();
} else {
if ($row = dbi_fetch_row($res)) {
$doc = new Doc($row);
$event_id = $doc->getEventId();
$name = $doc->getName();
$owner = $doc->getLogin();
$type = $doc->getType();
if ($owner == $login || user_is_assistant($login, $owner)) {
$can_delete = true;
}
} else {
// document not found
$error = str_replace('XXX', $blid, translate('Invalid entry id XXX.'));
}
dbi_free_result($res);
}
if (empty($error) && !$can_delete && $event_id > 0) {
// See if current user is creator of associated event
$res = dbi_execute('SELECT cal_create_by FROM webcal_entry WHERE cal_id = ?', array($event_id));
if ($res) {
$error = translate('Invalid blob id');
} else {
$res = dbi_execute(Doc::getSQLForDocId($blid));
if (!$res) {
$error = db_error();
}
}
if (empty($error)) {
$row = dbi_fetch_row($res);
if (!$row) {
$error = str_replace('XXX', $blid, $invalidIDStr);
} else {
$doc = new Doc($row);
$description = $doc->getDescription();
$filedata = $doc->getData();
$filename = $doc->getName();
$id = $doc->getId();
$mimetype = $doc->getMimeType();
$owner = $doc->getLogin();
$size = $doc->getSize();
$type = $doc->getType();
}
dbi_free_result($res);
}
// Make sure this user is allowed to look at this file.
// If the blob is associated with an event, then the user must be able
// to view the event in order to access this file.
// TODO: move all this code (and code in view_entry.php) to a common
// function named can_view_event or something similar.
$can_view = false;
$is_my_event = false;