* @uses file_api.php * @uses form_api.php * @uses html_api.php * @uses lang_api.php * @uses utility_api.php */ require_once 'core.php'; require_api('access_api.php'); require_api('config_api.php'); require_api('file_api.php'); require_api('form_api.php'); require_api('html_api.php'); require_api('lang_api.php'); require_api('utility_api.php'); # Check if project documentation feature is enabled. if (OFF == config_get('enable_project_documentation') || !file_is_uploading_enabled() || !file_allow_project_upload()) { access_denied(); } access_ensure_project_level(config_get('upload_project_file_threshold')); $t_max_file_size = (int) min(ini_get_number('upload_max_filesize'), ini_get_number('post_max_size'), config_get('max_file_size')); html_page_top(); ?> <br /> <div> <form method="post" enctype="multipart/form-data" action="proj_doc_add.php"> <?php echo form_security_field('proj_doc_add'); ?> <table class="width75" cellspacing="1"> <tr>
<label for="project-view-state"><span><?php echo lang_get('view_status'); ?> </span></label> <span class="select"> <select id="project-view-state" name="view_state"> <?php print_enum_string_option_list('view_state', config_get('default_project_view_status', null, ALL_USERS, ALL_PROJECTS)); ?> </select> </span> <span class="label-style"></span> </div> <?php $g_project_override = ALL_PROJECTS; if (file_is_uploading_enabled() && DATABASE !== config_get('file_upload_method')) { $t_file_path = ''; # Don't reveal the absolute path to non-administrators for security reasons if (current_user_is_administrator()) { $t_file_path = config_get('absolute_path_default_upload_folder'); } ?> <div class="field-container"> <label for="project-file-path"><span><?php echo lang_get('upload_file_path'); ?> </span></label> <span class="input"><input type="text" id="project-file-path" name="file_path" size="60" maxlength="250" value="<?php echo $t_file_path; ?> " /></span>
<?php echo lang_get('view_status'); ?> </th> <td> <select name="view_state"> <?php print_enum_string_option_list('view_state', $row['view_state']); ?> </select> </td> </tr> <!-- File upload path (if uploading is enabled) --> <?php if (file_is_uploading_enabled()) { ?> <tr <?php echo helper_alternate_class(); ?> > <th class="category"> <?php echo lang_get('upload_file_path'); ?> </th> <td> <input type="text" name="file_path" size="50" maxlength="250" value="<?php echo string_attribute($row['file_path']); ?> " />
/** * Get the attachments that belong to the specified project. * * @param string $p_username The name of the user trying to access the versions. * @param string $p_password The password of the user. * @param integer $p_project_id The id of the project to retrieve the attachments for. * @return Array representing a ProjectAttachmentDataArray structure. */ function mc_project_get_attachments($p_username, $p_password, $p_project_id) { $t_user_id = mci_check_login($p_username, $p_password); if ($t_user_id === false) { return mci_soap_fault_login_failed(); } # Check if project documentation feature is enabled. if (OFF == config_get('enable_project_documentation') || !file_is_uploading_enabled()) { return mci_soap_fault_access_denied($t_user_id); } if (!project_exists($p_project_id)) { return new soap_fault('Client', '', "Project '{$p_project_id}' does not exist."); } if (!mci_has_readonly_access($t_user_id, $p_project_id)) { return mci_soap_fault_access_denied($t_user_id); } $t_project_file_table = db_get_table('project_file'); $t_project_table = db_get_table('project'); $t_project_user_list_table = db_get_table('project_user_list'); $t_user_table = db_get_table('user'); $t_pub = VS_PUBLIC; $t_priv = VS_PRIVATE; $t_admin = config_get_global('admin_site_threshold'); if ($p_project_id == ALL_PROJECTS) { # Select all the projects that the user has access to $t_projects = user_get_accessible_projects($t_user_id); } else { # Select the specific project $t_projects = array($p_project_id); } $t_projects[] = ALL_PROJECTS; # add ALL_PROJECTS to the list of projects to fetch $t_reqd_access = config_get('view_proj_doc_threshold'); if (is_array($t_reqd_access)) { if (1 == count($t_reqd_access)) { $t_access_clause = "= " . array_shift($t_reqd_access) . " "; } else { $t_access_clause = "IN (" . implode(',', $t_reqd_access) . ")"; } } else { $t_access_clause = ">= {$t_reqd_access} "; } $query = "SELECT pft.id, pft.project_id, pft.filename, pft.file_type, pft.filesize, pft.title, pft.description, pft.date_added\n\t\tFROM {$t_project_file_table} pft\n\t\tLEFT JOIN {$t_project_table} pt ON pft.project_id = pt.id\n\t\tLEFT JOIN {$t_project_user_list_table} pult\n\t\tON pft.project_id = pult.project_id AND pult.user_id = {$t_user_id}\n\t\tLEFT JOIN {$t_user_table} ut ON ut.id = {$t_user_id}\n\t\tWHERE pft.project_id in (" . implode(',', $t_projects) . ") AND\n\t\t( ( ( pt.view_state = {$t_pub} OR pt.view_state is null ) AND pult.user_id is null AND ut.access_level {$t_access_clause} ) OR\n\t\t( ( pult.user_id = {$t_user_id} ) AND ( pult.access_level {$t_access_clause} ) ) OR\n\t\t( ut.access_level = {$t_admin} ) )\n\t\tORDER BY pt.name ASC, pft.title ASC"; $result = db_query($query); $num_files = db_num_rows($result); $t_result = array(); for ($i = 0; $i < $num_files; $i++) { $row = db_fetch_array($result); $t_attachment = array(); $t_attachment['id'] = $row['id']; $t_attachment['filename'] = $row['filename']; $t_attachment['title'] = $row['title']; $t_attachment['description'] = $row['description']; $t_attachment['size'] = $row['filesize']; $t_attachment['content_type'] = $row['file_type']; $t_attachment['date_submitted'] = timestamp_to_iso8601($row['date_added']); $t_attachment['download_url'] = mci_get_mantis_path() . 'file_download.php?file_id=' . $row['id'] . '&type=doc'; $t_result[] = $t_attachment; } return $t_result; }
/** * Check if the user can upload files for this bug * return true if they can, false otherwise * the user defaults to the current user * * if the bug null (the default) we answer whether the user can * upload a file to a new bug in the current project * @param integer $p_bug_id A bug identifier. * @param integer $p_user_id A user identifier. * @return boolean */ function file_allow_bug_upload($p_bug_id = null, $p_user_id = null) { if (null === $p_user_id) { $p_user_id = auth_get_current_user_id(); } # If uploads are disbled just return false if (!file_is_uploading_enabled()) { return false; } if (null === $p_bug_id) { # new bug $t_project_id = helper_get_current_project(); # the user must be the reporter if they're reporting a new bug $t_reporter = true; } else { # existing bug $t_project_id = bug_get_field($p_bug_id, 'project_id'); # check if the user is the reporter of the bug $t_reporter = bug_is_user_reporter($p_bug_id, $p_user_id); } if ($t_reporter && ON == config_get('allow_reporter_upload')) { return true; } # Check the access level against the config setting return access_has_project_level(config_get('upload_bug_file_threshold'), $t_project_id, $p_user_id); }
function file_allow_bug_upload($p_bug_id = null, $p_user_id = null) { if (null === $p_user_id) { $p_user_id = auth_get_current_user_id(); } # If uploads are disbled just return false if (!file_is_uploading_enabled()) { return false; } if (null === $p_bug_id) { # new bug $t_project_id = helper_get_current_project(); # If reporting a new bug, the user is the reporter by definition $t_is_reporter = true; } else { # existing bug $t_project_id = bug_get_field($p_bug_id, 'project_id'); # check if the user is the reporter of the bug # and still has reporter access to it $t_is_reporter = bug_is_user_reporter($p_bug_id, $p_user_id) && access_has_bug_level(config_get('report_bug_threshold'), $p_bug_id, $p_user_id); } # Check the access level against the config setting $t_can_upload = $t_is_reporter && ON == config_get('allow_reporter_upload') || access_has_project_level(config_get('upload_bug_file_threshold'), $t_project_id, $p_user_id); return $t_can_upload; }
/** * MantisBT Core API's */ require_once( 'core.php' ); require_api( 'access_api.php' ); require_api( 'config_api.php' ); require_api( 'file_api.php' ); require_api( 'form_api.php' ); require_api( 'html_api.php' ); require_api( 'lang_api.php' ); require_api( 'utility_api.php' ); # Check if project documentation feature is enabled. if ( OFF == config_get( 'enable_project_documentation' ) || !file_is_uploading_enabled() || !file_allow_project_upload() ) { access_denied(); } access_ensure_project_level( config_get( 'upload_project_file_threshold' ) ); $t_max_file_size = (int)min( ini_get_number( 'upload_max_filesize' ), ini_get_number( 'post_max_size' ), config_get( 'max_file_size' ) ); html_page_top(); ?> <br /> <div> <form method="post" enctype="multipart/form-data" action="proj_doc_add.php"> <?php echo form_security_field( 'proj_doc_add' ) ?>
/** * Get the attachments that belong to the specified project. * * @param string $p_username The name of the user trying to access the versions. * @param string $p_password The password of the user. * @param integer $p_project_id The id of the project to retrieve the attachments for. * @return array representing a ProjectAttachmentDataArray structure. */ function mc_project_get_attachments($p_username, $p_password, $p_project_id) { global $g_project_override; $t_user_id = mci_check_login($p_username, $p_password); if ($t_user_id === false) { return mci_soap_fault_login_failed(); } $g_project_override = $p_project_id; # Check if project documentation feature is enabled. if (OFF == config_get('enable_project_documentation') || !file_is_uploading_enabled()) { return mci_soap_fault_access_denied($t_user_id); } if (!project_exists($p_project_id)) { return SoapObjectsFactory::newSoapFault('Client', 'Project \'' . $p_project_id . '\' does not exist.'); } if (!mci_has_readonly_access($t_user_id, $p_project_id)) { return mci_soap_fault_access_denied($t_user_id); } $t_pub = VS_PUBLIC; $t_priv = VS_PRIVATE; $t_admin = config_get_global('admin_site_threshold'); if ($p_project_id == ALL_PROJECTS) { # Select all the projects that the user has access to $t_projects = user_get_accessible_projects($t_user_id); } else { # Select the specific project $t_projects = array($p_project_id); } $t_projects[] = ALL_PROJECTS; # add ALL_PROJECTS to the list of projects to fetch $t_reqd_access = config_get('view_proj_doc_threshold'); if (is_array($t_reqd_access)) { if (1 == count($t_reqd_access)) { $t_access_clause = '= ' . array_shift($t_reqd_access) . ' '; } else { $t_access_clause = 'IN (' . implode(',', $t_reqd_access) . ')'; } } else { $t_access_clause = '>= ' . $t_reqd_access; } $t_query = 'SELECT pft.id, pft.project_id, pft.filename, pft.file_type, pft.filesize, pft.title, pft.description, pft.date_added, pft.user_id FROM {project_file} pft LEFT JOIN {project} pt ON pft.project_id = pt.id LEFT JOIN {project_user_list} pult ON pft.project_id = pult.project_id AND pult.user_id = ' . db_param() . ' LEFT JOIN {user} ut ON ut.id = ' . db_param() . ' WHERE pft.project_id in (' . implode(',', $t_projects) . ') AND ( ( ( pt.view_state = ' . db_param() . ' OR pt.view_state is null ) AND pult.user_id is null AND ut.access_level ' . $t_access_clause . ' ) OR ( ( pult.user_id = ' . db_param() . ' ) AND ( pult.access_level ' . $t_access_clause . ' ) ) OR ( ut.access_level = ' . db_param() . ' ) ) ORDER BY pt.name ASC, pft.title ASC'; $t_result = db_query($t_query, array($t_user_id, $t_user_id, $t_pub, $t_user_id, $t_admin)); $t_num_files = db_num_rows($t_result); $t_attachments = array(); for ($i = 0; $i < $t_num_files; $i++) { $t_row = db_fetch_array($t_result); $t_attachment = array(); $t_attachment['id'] = $t_row['id']; $t_attachment['filename'] = $t_row['filename']; $t_attachment['title'] = $t_row['title']; $t_attachment['description'] = $t_row['description']; $t_attachment['size'] = $t_row['filesize']; $t_attachment['content_type'] = $t_row['file_type']; $t_attachment['date_submitted'] = SoapObjectsFactory::newDateTimeVar($t_row['date_added']); $t_attachment['download_url'] = mci_get_mantis_path() . 'file_download.php?file_id=' . $t_row['id'] . '&type=doc'; $t_attachment['user_id'] = $t_row['user_id']; $t_attachments[] = $t_attachment; } return $t_attachments; }