public function checkPermission($id_user, $acl = 'PR', $operation = '', $id_workorder = -1)
{
$system = System::getInstance();
$permission = false;
if (dame_admin($id_user)) {
$permission = true;
} else {
// Section access
if ($system->checkACL($acl)) {
// With this operations, the WO should have id
if (($operation == "" || $operation == "view" || $operation == "update" || $operation == "delete") && $id_workorder > 0) {
include_once $system->getConfig('homedir') . "/include/functions_workorders.php";
if ($operation == "delete") {
$permission = get_workorder_acl($id_workorder, 'delete', $id_user);
} else {
$permission = get_workorder_acl($id_workorder, '', $id_user);
}
} else {
$permission = true;
}
}
}
if (($operation == "view" || $operation == "update" || $operation == "delete") && $id_workorder <= 0) {
$permission = false;
}
return $permission;
}
public function checkPermission($id_user, $acl = 'PR')
{
$system = System::getInstance();
$permission = false;
if (dame_admin($id_user)) {
$permission = true;
} else {
// Section access
if ($system->checkACL($acl)) {
if ($operation == "delete") {
if ($id_workorder > 0) {
include_once $system->getConfig('homedir') . "/include/functions_workorders.php";
if ($operation == "delete") {
$permission = get_workorder_acl($id_workorder, 'delete', $id_user);
}
}
} else {
$permission = true;
}
}
}
return $permission;
}
// modify it under the terms of the GNU General Public License
// as published by the Free Software Foundation; version 2
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU General Public License for more details.
global $config;
check_login ();
include_once ('include/functions_projects.php');
$id = get_parameter("id");
if (! get_workorder_acl($id)) {
no_permission();
}
$add_note = get_parameter("addnote");
$delete = get_parameter("delete");
echo '<h1>'.__('Add a note').'</h1>';
if ($add_note) {
$note = get_parameter("note");
$now = print_mysql_timestamp();
$res = workorders_insert_note ($id, $config["id_user"], $note, $now);
$timestamp = date('Y-m-d H:i:s');
mysql_query ("INSERT INTO tdownload_tracking (id_download, id_user, date) VALUES ($id_attachment, 'anonymous','$timestamp')");
$data = get_db_row ("tdownload", "external_id", $id_attachment );
$data["location"] = safe_output($data["location"]);
$fileLocation = $config["homedir"]."/".$data["location"];
$short_name = preg_split ("/\//", $data["location"]);
$last_name = $short_name[sizeof($short_name)-1];
break;
case "workorder":
$data = get_db_row ("tattachment", "id_attachment", $id_attachment);
$todo = get_db_row ("ttodo", "id", $data["id_todo"]);
if (! get_workorder_acl($todo["id"])) {
audit_db($config["id_user"],$config["REMOTE_ADDR"], "ACL Violation","Trying to access Downloads browser");
require ($general_error);
exit;
}
$data["filename"] = safe_output($data["filename"]);
$fileLocation = $config["homedir"]."/attachment/".$data["id_attachment"]."_".$data["filename"];
$last_name = $data["filename"];
break;
case "kb":
$data = get_db_row ("tattachment", "id_attachment", $id_attachment);
if (! check_kb_item_accessibility($config["id_user"], $id_attachment)) {
audit_db($config["id_user"],$config["REMOTE_ADDR"], "ACL Violation","Trying to access Downloads browser");
