static function has_permission($folderID, $userObj, $db) { $permission = false; $folder_owner = folder_utils::get_ownerID($folderID, $db); if ($folder_owner == $userObj->get_user_ID()) { return true; } $result = $db->prepare("SELECT idMod FROM folders_modules_staff WHERE folders_id = ?"); $result->bind_param('i', $folderID); $result->execute(); $result->bind_result($idMod); while ($result->fetch()) { if ($userObj->is_staff_user_on_module($idMod)) { $permission = true; break; } } $result->close(); return $permission; }
<body> <?php require '../include/toprightmenu.inc'; echo draw_toprightmenu(); ?> <div id="content"> <div class="head_title"> <div><img src="../artwork/toprightmenu.gif" id="toprightmenu_icon" /></div> <div class="breadcrumb"><a href="../index.php"><?php echo $string['home']; ?> </a> <?php if (isset($_GET['folder']) and $_GET['folder'] != '') { echo '<img src="../artwork/breadcrumb_arrow.png" class="breadcrumb_arrow" alt="-" /><a href="../folder/index.php?folder=' . $_GET['folder'] . '">' . folder_utils::get_folder_name($_GET['folder'], $mysqli) . '</a>'; } elseif (isset($_GET['module']) and $_GET['module'] != '') { echo '<img src="../artwork/breadcrumb_arrow.png" class="breadcrumb_arrow" alt="-" /><a href="../module/index.php?module=' . $_GET['module'] . '">' . module_utils::get_moduleid_from_id($_GET['module'], $mysqli) . '</a>'; } echo '<img src="../artwork/breadcrumb_arrow.png" class="breadcrumb_arrow" alt="-" /><a href="../paper/details.php?paperID=' . $paperID . '">' . $paper_title . '</a></div>'; ?> <div class="page_title"><?php echo $string['sctresponses']; ?> </div> </div> <table cellspacing="0" cellpadding="2" border="0" style="width:100%"> <col width="40"><col> <?php //Capture reviewer data
if ($orig_folder_name == '') { $msg = sprintf($string['furtherassistance'], $configObject->get('support_email'), $configObject->get('support_email')); $notice->display_notice_and_exit($mysqli, $string['pagenotfound'], $msg, $string['pagenotfound'], '../artwork/page_not_found.png', '#C00000', true, true); } if (!folder_utils::has_permission($folder, $userObject, $mysqli)) { $msg = sprintf($string['furtherassistance'], $configObject->get('support_email'), $configObject->get('support_email')); $notice->display_notice_and_exit($mysqli, $string['pagenotfound'], $msg, $string['pagenotfound'], '../artwork/page_not_found.png', '#C00000', true, true); } $parent_list = folder_utils::get_parent_list($orig_folder_name, $userObject, $mysqli); $module = ''; if (isset($_POST['submit'])) { $folder_parent = folder_utils::get_folder_name($folder, $mysqli); $new_folder_name = $folder_parent . ';' . $_POST['folder_name']; $duplicate_folder = folder_utils::folder_exists($new_folder_name, $userObject, $mysqli); if ($duplicate_folder == false) { folder_utils::create_folder($new_folder_name, $userObject, $mysqli); } } $folders_array = explode(';', $orig_folder_name); $parts = count($folders_array) - 1; ?> <!DOCTYPE html> <html> <head> <meta http-equiv="X-UA-Compatible" content="IE=edge" /> <meta http-equiv="content-type" content="text/html;charset=<?php echo $configObject->get('cfg_page_charset'); ?> " /> <title>Rogō<?php
// You should have received a copy of the GNU General Public License // along with Rogō. If not, see <http://www.gnu.org/licenses/>. /** * * Delete a personal folder. * * @author Simon Wilkinson * @version 1.0 * @copyright Copyright (c) 2014 The University of Nottingham * @package */ require '../include/staff_auth.inc'; require '../include/errors.inc'; require '../classes/folderutils.class.php'; $folderID = check_var('folderID', 'POST', true, false, true); if ($userObject->get_user_ID() != folder_utils::get_ownerID($folderID, $mysqli)) { $msg = sprintf($string['furtherassistance'], $configObject->get('support_email'), $configObject->get('support_email')); $notice->display_notice_and_exit($mysqli, $string['pagenotfound'], $msg, $string['pagenotfound'], '../artwork/page_not_found.png', '#C00000', true, true); } $result = $mysqli->prepare("SELECT name FROM folders WHERE id = ?"); $result->bind_param('i', $folderID); $result->execute(); $result->bind_result($name); $result->fetch(); $result->close(); $directories = explode(';', $name); $parent = ''; if (count($directories) > 1) { for ($i = 1; $i < count($directories); $i++) { if ($parent == '') { $parent = $directories[$i - 1];
$results->execute(); $results->bind_result($id, $title, $surname); while ($results->fetch()) { $user_list[$id] = $title . ' ' . $surname; } $results->close(); } $reference_material = array(); $results = $mysqli->prepare("SELECT id, title FROM reference_material"); $results->execute(); $results->bind_result($id, $title); while ($results->fetch()) { $reference_material[$id] = $title; } $results->close(); $folders = folder_utils::get_all_folders($mysqli); echo "<tr><th>" . $string['part'] . "</th><th>" . $string['old'] . "</th><th>" . $string['new'] . "</th><th>" . $string['date'] . "</th><th>" . $string['author'] . "</th></tr>"; // Changes retrieved at beginning of file $rows = count($changes); for ($i = 0; $i < $rows; $i++) { $part = $changes[$i]['part']; $old = $changes[$i]['old']; $new = $changes[$i]['new']; switch ($part) { case 'startdate': case 'enddate': $old = date($configObject->get('cfg_long_date_php') . ' ' . $configObject->get('cfg_short_time_php'), $old); $new = date($configObject->get('cfg_long_date_php') . ' ' . $configObject->get('cfg_short_time_php'), $new); break; case 'folder': $old = format_folders($old, $folders);