function check_no_new_page() { global $config; global $id_grupo; if (!give_acl($config['id_user'], $id_grupo, "WM")) { return true; } else { return false; } }
function check_workunit_permission($id_workunit) { global $config; // Delete workunit with ACL / Project manager check $workunit = get_db_row('tworkunit', 'id', $id_workunit); if ($workunit === false) { return false; } $id_user = $workunit["id_user"]; $id_task = get_db_value("id_task", "tworkunit_task", "id_workunit", $workunit["id"]); $id_project = get_db_value("id_project", "ttask", "id", $id_task); if ($id_user != $config["id_user"] && !give_acl($config["id_user"], 0, "PM") && !project_manager_check($id_project)) { return false; } return true; }
function print_child_tree($id, $depth = 0) { $children = get_inventory_children($id); if ($children === false || sizeof($children) == 0) { return; } foreach ($children as $child) { print_inventory_object($child['id'], $children, array(), true, true, $depth); if ($child['id_contract']) { /* Only check ACLs if the inventory has a contract */ if (!give_acl($config['id_user'], get_inventory_group($child['id']), "VR")) { continue; } else { print_child_tree($child['id'], $depth + 1); } } } }
function check_incident_access($id) { global $config; if ($id) { $incident = get_incident($id); if ($incident !== false) { $id_grupo = $incident['id_grupo']; } else { echo "<h1>" . __("Ticket") . "</h1>"; echo ui_print_error_message(__("There is no information for this ticket"), '', true, 'h3', true); echo "<br>"; echo "<a style='margin-left: 90px' href='index.php?sec=incidents&sec2=operation/incidents/incident_search'>" . __("Try the search form to find the ticket") . "</a>"; return false; } } if (isset($incident)) { //Incident creators must see their incidents $check_acl = enterprise_hook("incidents_check_incident_acl", array($incident)); $standalone_check = enterprise_hook("manage_standalone", array($incident)); if ($check_acl !== ENTERPRISE_NOT_HOOK && !$check_acl || $standalone_check !== ENTERPRISE_NOT_HOOK && !$standalone_check) { // Doesn't have access to this page audit_db($config['id_user'], $config["REMOTE_ADDR"], "ACL Violation", "Trying to access to ticket (External user) " . $id); include "general/noaccess.php"; return false; } } else { if (!give_acl($config['id_user'], $id_grupo, "IR")) { // Doesn't have access to this page audit_db($config['id_user'], $config["REMOTE_ADDR"], "ACL Violation", "Trying to access to ticket " . $id); include "general/noaccess.php"; return false; } else { //No incident but ACLs enabled echo ui_print_error_message(__("The ticket doesn't exist"), '', true, 'h3', true); return false; } } return true; }
if ($get_group_details) { if (!give_acl($config["id_user"], $id, "IR")) { return; } $default_user = get_db_value('id_user_default', 'tgrupo', 'id_grupo', $id); $real_name = get_db_value('nombre_real', 'tusuario', 'id_usuario', $default_user); $group = array(); $group['forced_email'] = get_db_value('forced_email', 'tgrupo', 'id_grupo', $id); $group['user_real_name'] = $real_name; $group['id_user_default'] = $default_user; echo json_encode($group); if (defined('AJAX')) { return; } } if (!give_acl($config["id_user"], 0, "UM")) { audit_db($config["id_user"], $config["REMOTE_ADDR"], "ACL Violation", "Trying to access group management"); require "general/noaccess.php"; exit; } echo '<h1>' . __('Group management') . '</h1>'; $create_group = (bool) get_parameter('create_group'); $update_group = (bool) get_parameter('update_group'); $delete_group = (bool) get_parameter('delete_group'); // Create group if ($create_group) { $name = (string) get_parameter('name'); $icon = (string) get_parameter('icon'); $parent = (int) get_parameter('parent'); $soft_limit = (int) get_parameter('soft_limit'); $hard_limit = (int) get_parameter('hard_limit');
if($pdf_output == 0) { // Prev. year echo "<a href='index.php?sec=users&sec2=operation/user_report/report_annual&year=$prev_year&id_user=$id_user_show&clean_output=$clean_output'><img src='images/control_rewind_blue.png' title='" . __('Previous year') . "' class='calendar_arrow'></a>"; } echo "<span class='calendar-month' style='font-size: 0.93em; color: #FFFFFF; padding: 3px;'>$year</span>"; if($pdf_output == 0) { // Next. year echo "<a href='index.php?sec=users&sec2=operation/user_report/report_annual&year=$next_year&id_user=$id_user_show&clean_output=$clean_output'><img src='images/control_fastforward_blue.png' title='" . __('Next year') . "' class='calendar_arrow'></a>"; } echo "</td></tr>"; echo "<tr><td colspan=4>"; echo "<form id='form-report_annual' name='xx' method=post action='index.php?sec=users&sec2=operation/user_report/report_annual'>"; echo "<table cellpadding=4 cellspacing=4 style='margin: 0px auto;'>"; echo "<tr><td>"; if (give_acl($config["id_user"], 0, "PM") && $pdf_output == 0){ echo "<input type='hidden' name='year' value='$year'>"; echo "<td>"; // Show user $params['input_id'] = 'text-id_user'; $params['input_name'] = 'id_user'; $params['return'] = false; $params['return_help'] = false; $params['input_value'] = $id_user_show; user_print_autocomplete_input($params); echo "</td>"; echo "<td>";
} else { echo "<a href='index.php?sec=customers&sec2=operation/newsletter/newsletter_definition'>" . __("Newsletters") . "</a></lI>"; } } if ($show_people != MENU_HIDDEN) { // Users if ($sec == "users") { echo "<li id='current' class='people'>"; } else { echo "<li class='people'>"; } echo "<div>|</div>"; echo "<a href='index.php?sec=users&sec2=operation/user_report/report_monthly'>" . __('People') . "</a></li>"; } // Wiki if (give_acl($config["id_user"], 0, "WR") && $show_wiki != MENU_HIDDEN) { // Wiki if ($sec == "wiki") { echo "<li id='current' class='wiki'>"; } else { echo "<li class='wiki'>"; } echo "<div>|</div>"; echo "<a href='index.php?sec=wiki&sec2=operation/wiki/wiki'>" . __('Wiki') . "</a>"; echo "<div>|</div></li>"; } // Custom Screens if ((int) enterprise_include('custom_screens/CustomScreensManager.php', true) != ENTERPRISE_NOT_HOOK) { $custom_screens = CustomScreensManager::getInstance()->getCustomScreensList(false); if (!empty($custom_screens)) { $custom_link = '';
function combo_download_categories($id_category, $show_any = false, $label = false, $return = false) { global $config; enterprise_include('include/functions_form.php'); $result = enterprise_hook('combo_download_categories_extra', array($id_category, $show_any, $label, true)); if ($result === ENTERPRISE_NOT_HOOK) { $sql = "SELECT * FROM tdownload_category ORDER BY 2"; $result = process_sql($sql); if ($result == false) { $result = array(); } $categories = array(); foreach ($result as $row) { if (give_acl($config["id_user"], $row["id_group"], "KR")) { $categories[$row["id"]] = $row["name"]; } } if ($show_any) { $nothing = __('Any'); } else { $nothing = ''; } if ($label) { $label = __('Category'); } else { $label = false; } $result = print_select($categories, 'id_category', $id_category, '', $nothing, 0, $return, 0, false, $label); } if ($return) { return $result; } else { echo $result; } }
$data[3] = "<a href='" . $config["base_url"] . "/include/newsletter.php?operation=subscribe&id=" . $newsletter["id"] . "'>" . __("Full form") . "</a><br>"; $data[3] .= "<a href='" . $config["base_url"] . "/include/newsletter.php?operation=subscribe&id=" . $newsletter["id"] . "&clean=1'>" . __("Clean form") . "</a>"; $data[4] = "<a href='" . $config["base_url"] . "/include/newsletter.php?operation=desubscribe&id=" . $newsletter["id"] . "'>" . __("Full form") . "</a><br>"; $data[4] .= "<a href='" . $config["base_url"] . "/include/newsletter.php?operation=desubscribe&id=" . $newsletter["id"] . "&clean=1'>" . __("Clean form") . "</a>"; $validated_addr = get_db_sql("SELECT COUNT(id) FROM tnewsletter_address WHERE id_newsletter = " . $newsletter["id"] . " AND validated = 1 AND status = 0"); $data[5] = "<a href='index.php?sec=customers&sec2=operation/newsletter/address_definition&search_status=0&search_validate=0&search_newsletter=" . $newsletter["id"] . "'>" . $validated_addr . "</a>"; $invalid_addr = get_db_sql("SELECT COUNT(id) FROM tnewsletter_address WHERE id_newsletter = " . $newsletter["id"] . " AND validated = 1 AND status = 1"); $data[6] = "<a href='index.php?sec=customers&sec2=operation/newsletter/address_definition&search_status=1&search_validate=0&search_newsletter=" . $newsletter["id"] . "'>" . $invalid_addr . "</a>"; $pending_validation = get_db_sql("SELECT COUNT(id) FROM tnewsletter_address WHERE id_newsletter = " . $newsletter["id"] . " AND validated = 0"); $data[7] = "<a href='index.php?sec=customers&sec2=operation/newsletter/address_definition&search_validate=1&search_newsletter=" . $newsletter["id"] . "'>" . $pending_validation . "</a>"; $data[8] = '<a href="index.php?sec=customers&sec2=operation/newsletter/newsletter_definition& validate_newsletter=1&id=' . $newsletter['id'] . '" onClick="if (!confirm(\'' . __('Are you sure?') . '\')) return false;"> <img src="images/accept.png" title="Forced email validation of pending addresses" ></a>'; if (give_acl($config["id_user"], $id_group, "CN")) { $data[8] .= '<a href="index.php?sec=customers&sec2=operation/newsletter/newsletter_definition& delete=1&id=' . $newsletter['id'] . '" onClick="if (!confirm(\'' . __('Are you sure?') . '\')) return false;"> <img src="images/cross.png"></a>'; } array_push($table->data, $data); } print_table($table); } if ($manager) { echo '<form method="post" action="index.php?sec=customers&sec2=operation/newsletter/newsletter_creation&create=1">'; echo '<div class="button" style="width: ' . $table->width . '">'; print_submit_button(__('Create'), 'new_btn', false, 'class="sub next"'); echo '</div>';
// GNU General Public License for more details. // Load global vars global $config; check_login(); include_once 'include/functions_workunits.php'; if (!give_acl($config['id_user'], 0, "IR")) { audit_db($config['id_user'], $config["REMOTE_ADDR"], "ACL Violation", "Trying to access ticket viewer"); require "general/noaccess.php"; exit; } // GET ACTION PARAMETERS $create_incident = get_parameter('create_incident'); if ($create_incident) { //Using simple interface an user with IW flag can create incidents //The incidents are not editable using simple interface if (!give_acl($config['id_user'], 0, "IW")) { audit_db($config['id_user'], $config["REMOTE_ADDR"], "ACL Forbidden", "User " . $config["id_user"] . " try to create ticket"); no_permission(); exit; } // Read input variables $title = get_parameter('title'); $priority = get_parameter('priority_form', 2); $id_incident_type = get_parameter('id_incident_type', 0); $description = get_parameter('description'); $group_id = get_parameter('group_id'); // Get default variables $id_creator = $config["id_user"]; $sla_disabled = 0; $id_task = 0; // N/A
echo "</h4>"; $search_form = (bool) get_parameter ('search_form'); $create_custom_search = (bool) get_parameter ('save-search'); $delete_custom_search = (bool) get_parameter ('delete_custom_search'); $id_search = get_parameter ('saved_searches'); $serialized_filter = get_parameter("serialized_filter"); //If serialize filter use the filter stored in a file in tmp dir if ($serialized_filter) { $filter = unserialize_in_temp($config["id_user"]); } //Filter auxiliar array $filter_form = $filter; $has_im = give_acl ($config['id_user'], $filter_form['id_group'], "IM"); echo '<div id="msg_ok_hidden" style="display:none;">'; echo ui_print_success_message (__('Custom filter saved'), '', true, 'h3', true); echo '</div>'; echo '<div id="msg_error_hidden" style="display:none;">'; echo ui_print_error_message (__('Could not create custom filter'), '', true, 'h3', true); echo '</div>'; /* Get a custom filter*/ if ($id_search && !$delete_custom_search) { $search = get_custom_search ($id_search, 'incidents'); if ($search) {
function get_incidents_on_inventory($id_inventory, $only_names = true) { $sql = sprintf('SELECT tincidencia.* FROM tincidencia, tincident_inventory WHERE tincidencia.id_incidencia = tincident_inventory.id_incident AND tincident_inventory.id_inventory = %d ORDER BY tincidencia.inicio DESC', $id_inventory); $all_incidents = get_db_all_rows_sql($sql); if ($all_incidents == false) { return array(); } global $config; $incidents = array(); foreach ($all_incidents as $incident) { if (give_acl($config['id_user'], $incident['id_grupo'], 'IR')) { if ($only_names) { $incidents[$incident['id']] = $incident['name']; } else { array_push($incidents, $incident); } } } return $incidents; }
if (!$result['status']) { $result['message'] = __('Description not updated'); } echo json_encode($result); return; } if ($get_file_row) { $id_file = (int) get_parameter("id_attachment"); $id_company = (int) get_parameter("id"); $file = get_db_row_filter('tattachment', array('id_company' => $id_company, 'id_attachment' => $id_file)); $html = ""; if ($file) { $link = "operation/common/download_file.php?id_attachment=" . $file["id_attachment"] . "&type=company"; $real_filename = $config["homedir"] . "/attachment/" . $file["id_attachment"] . "_" . rawurlencode($file["filename"]); $html .= "<tr>"; $html .= "<td valign=top>"; $html .= '<a target="_blank" href="' . $link . '">' . $file['filename'] . '</a>'; $html .= "<td valign=top class=f9>" . $file["description"]; //$html .= "<td valign=top>". $file["id_usuario"]; $html .= "<td valign=top>" . byte_convert($file['size']); $stat = stat($real_filename); $html .= "<td valign=top class=f9>" . date("Y-m-d H:i:s", $stat['mtime']); // Delete attachment if (give_acl($config['id_user'], $incident['id_grupo'], 'IM')) { $html .= "<td>" . '<a class="delete" name="delete_file_' . $file["id_attachment"] . '" href="index.php?sec=incidents&sec2=operation/incidents/incident_dashboard_detail&id=' . $id . '&tab=files&id_attachment=' . $file["id_attachment"] . '&delete_file=1#incident-operations"> <img src="images/cross.png"></a>'; } } echo $html; return; }
require "general/noaccess.php"; exit; } // Take input parameters $id = (int) get_parameter('id'); $id_creator = get_parameter('id_creator'); // Delete incident if (isset($_POST["quick_delete"])) { $id_inc = $_POST["quick_delete"]; $sql2 = "SELECT * FROM tincidencia WHERE id_incidencia=" . $id_inc; $result2 = mysql_query($sql2); $row2 = mysql_fetch_array($result2); if ($row2) { $id_author_inc = $row2["id_usuario"]; $email_notify = $row2["notify_email"]; if (give_acl($config['id_user'], $row2["id_grupo"], "IM") || $config['id_user'] == $id_author_inc) { borrar_incidencia($id_inc); echo "<h3 class='suc'>" . __('Ticket successfully deleted') . "</h3>"; audit_db($config["id_user"], $config["REMOTE_ADDR"], "Ticket deleted", "User " . $config['id_user'] . " deleted ticket #" . $id_inc); } else { audit_db($config["id_user"], $config["REMOTE_ADDR"], "ACL Forbidden", "User " . $config['id_user'] . " try to delete ticket"); echo "<h3 class='error'>" . __('There was a problem deleting ticketticket') . "</h3>"; no_permission(); } } } /* Tabs code */ echo '<div id="tabs">'; /* Tabs list */ echo '<ul class="ui-tabs-nav">'; echo '<li class="ui-tabs-selected"><a href="#ui-tabs-1"><span><img src="images/zoom.png" title="' . __('Search') . '"></span></a></li>';
no_permission (); } echo '<h2>'.__('User details').'</h2>'; echo '<h4>'.$id_user.'</h4>'; $upload_avatar = (bool) get_parameter ('upload_avatar'); $update_user = (bool) get_parameter ('update_user'); $has_permission = false; if ($id_user == $config['id_user']) { $has_permission = true; } else { $groups = get_user_groups ($id_user); foreach ($groups as $group) { if (give_acl ($config['id_user'], $group['id'], 'UM')) { $has_permission = true; break; } } } /* Get fields for user */ $email = $user['direccion']; $phone = $user['telefono']; $real_name = $user['nombre_real']; $avatar = $user['avatar']; $comments = $user['comentarios']; $lang = $user['lang']; $id_company = $user['id_company']; $location = $user['location'];
function api_add_address_to_newsletter($return_type, $user, $params) { global $config; if (!give_acl($user, 0, "CN")) { audit_db($user, $config["REMOTE_ADDR"], "ACL Violation", "Trying to access newsletter management"); exit; } $values['id_newsletter'] = $params[0]; $values['name'] = $params[1]; $values['email'] = $params[2]; $values['status'] = 0; $values['datetime'] = print_mysql_timestamp(); $values['validated'] = 0; $check_id_newsletter = get_db_value("id", "tnewsletter", "id", $values['id_newsletter']); $result = 0; if (!empty($check_id_newsletter)) { $result = process_sql_insert('tnewsletter_address', $values); } switch ($return_type) { case "xml": echo xml_node($result); break; case "csv": echo $result; break; } return; }
if ((give_acl ($config["id_user"], 0, "IW")) || (give_acl ($config['id_user'], $id_grupo, "SI"))) { $button .= print_submit_button (__('Create'), 'action2', false, 'class="sub create"', true); } $button .= '</div>'; } else { $button = "<div class='button-form'>"; $button .= print_input_hidden ('id', $id, true); $button .= print_input_hidden ('action', 'update', true); $button .= print_submit_button (__('Update'), 'action2', false, 'class="sub upd"', true); $button .= '</div>'; } //~ $table->colspan['button'][0] = 4; //~ $table->data['button'][0] = $button; if ($has_permission || give_acl ($config['id_user'], $id_grupo, "SI")){ if ($create_incident) { $action = 'index.php?sec=incidents&sec2=operation/incidents/incident_detail'; echo '<form id="incident_status_form" method="post" enctype="multipart/form-data">'; print_table ($table); //echo print_container_div('advanced_parameters_incidents_form', __('Advanced parameters'), print_table($table_advanced, true), 'closed', true, false); //echo "<h4>" . __('File upload')."</h4>"; //echo $html; echo $button; echo '</form>'; } else { echo '<form id="incident_status_form" method="post">'; print_table ($table); //echo print_container_div('advanced_parameters_incidents_form', __('Advanced parameters'), print_table($table_advanced, true), 'closed', true, false); echo $button;
check_login(); require_once 'include/functions_user.php'; require_once 'include/functions_workunits.php'; $days_f = array(); $date = date('Y-m-d'); // -------------------- // Workunit report (yearly) // -------------------- // $now = date("Y-m-d H:i:s"); $year = date("Y"); $year = get_parameter("year", $year); $prev_year = $year - 1; $next_year = $year + 1; $id_user_show = get_parameter("id_user", $config["id_user"]); $operation = get_parameter('operation'); if ($id_user_show != $config["id_user"] and !give_acl($config["id_user"], 0, "PM")) { // Doesn't have access to this page audit_db($id_user, $config["REMOTE_ADDR"], "ACL Violation", "Trying to access to another user yearly report without proper rights"); include "general/noaccess.php"; exit; } // Extended ACL check for project manager // TODO - Move to enteprrise, encapsulate in a general function $users = get_user_visible_users(); if ($id_user_show == "" || $id_user_show != $config["id_user"] && !in_array($id_user_show, array_keys($users))) { audit_db("Noauth", $config["REMOTE_ADDR"], "No permission access", "Trying to access user workunit report"); require "general/noaccess.php"; exit; } switch ($operation) { case 'show_work_home':
// GNU General Public License for more details. include_once "include/functions_graph.php"; global $config; check_login(); $id_grupo = get_parameter("id_grupo", 0); $id_user = $config['id_user']; if (give_acl($id_user, $id_grupo, "PR") != 1 and give_acl($id_user, $id_grupo, "IR") != 1) { // Doesn't have access to this page audit_db($id_user, $config["REMOTE_ADDR"], "ACL Violation", "Trying to access to user report without projects access or Incident access permissions"); include "general/noaccess.php"; exit; } $id = get_parameter("id", $config["id_user"]); $users = get_user_visible_users(); if ($id != "" && $id != $id_user && in_array($id, array_keys($users))) { if (give_acl($id_user, 0, "PW")) { $id_user = $id; } else { audit_db("Noauth", $config["REMOTE_ADDR"], "No permission access", "Trying to access user workunit report"); require "general/noaccess.php"; exit; } } // Get parameters for actual Calendar show $time = time(); $month = get_parameter("month", date('n', $time)); $year = get_parameter("year", date('y', $time)); $today = date('j', $time); $days_f = array(); $first_of_month = gmmktime(0, 0, 0, $month, 1, $year); $days_in_month = gmdate('t', $first_of_month);
function users_can_manage_group_all($id_group = 1, $access = "IR") { global $config; if ($id_group != 1) { return true; } $is_admin = get_admin_user($config['id_user']); if (give_acl($config['id_user'], 1, $access) || $is_admin) { return true; } return false; }
// INTEGRIA - the ITIL Management System // http://integria.sourceforge.net // ================================================== // Copyright (c) 2008 Ártica Soluciones Tecnológicas // http://www.artica.es <*****@*****.**> // This program is free software; you can redistribute it and/or // modify it under the terms of the GNU General Public License // as published by the Free Software Foundation; version 2 // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. global $config; check_login(); if (give_acl($config["id_user"], 0, "KW") == 0) { audit_db($config["id_user"], $config["REMOTE_ADDR"], "ACL Violation", "Trying to access KB Management"); require "general/noaccess.php"; exit; } $id_user = $config["id_user"]; // Database Creation // ================== if (isset($_GET["create2"])) { // Create group $timestamp = date('Y-m-d H:i:s'); $title = get_parameter("title", ""); $data = get_parameter("data", 0); $id_product = get_parameter("product", ""); $id_category = get_parameter("category", ""); $id_language = get_parameter("id_language", "");
if ($aux["id_parent"]) { $aux["parent_name"] = get_db_value("name", "tinventory", "id", $r["id_parent"]); } $aux["owner"] = $r["owner"]; $aux["public"] = $r["public"]; $aux["show_list"] = $r["show_list"]; $aux["last_update"] = $r["last_update"]; $aux["status"] = $r["status"]; $aux["receipt_date"] = $r["receipt_date"]; $aux["issue_date"] = $r["issue_date"]; array_push($aux_rows, $aux); } $rows = $aux_rows; } if ($export_csv_audit) { $permission = give_acl($config["id_user"], 0, "IM"); if (!$permission) { exit; } $where_clause = clean_output(get_parameter('where_clause')); $date = get_parameter('date'); $filename = clean_output('audit_export') . '-' . date("YmdHi"); $sql = sprintf('SELECT * FROM tsesion %s ORDER by utimestamp DESC', $where_clause); $rows = get_db_all_rows_sql($sql); if ($rows === false) { return; } } if ($export_csv_tickets) { $filter = unserialize_in_temp($config["id_user"]); $rows = incidents_search_result($filter, false, true, false, false, true, false, true);
$table_description = new stdClass(); $table_description->width = '99%'; $table_description->id = 'incident_file_description'; $table_description->class = 'search-table-button'; $table_description->data = array(); $table_description->data[0][0] = print_textarea("file_description", 3, 40, '', '', true, __('Description')); $table_description->data[1][0] = print_submit_button(__('Add'), 'crt_btn', false, 'class="sub create"', true); $html .= "<div id='file_description_table_hook' style='display:none;'>"; $html .= print_table($table_description, true); $html .= "</div>"; $table->colspan[10][0] = 4; $table->data[10][0] = print_container('file_upload_container', __('File upload'), $html, 'closed', true, false); } if ($create_incident) { $button = print_input_hidden('action', 'insert', true); if (give_acl($config["id_user"], 0, "IW")) { $button .= print_submit_button(__('Create'), 'action2', false, 'class="sub create"', true); } } else { $button = print_input_hidden('id', $id, true); $button .= print_input_hidden('action', 'update', true); $button .= print_submit_button(__('Update'), 'action2', false, 'class="sub upd"', true); } $table->colspan['button'][0] = 4; $table->data['button'][0] = $button; if ($has_permission) { if ($create_incident) { $action = 'index.php?sec=incidents&sec2=operation/incidents/incident_detail'; echo '<form id="incident_status_form" method="post" enctype="multipart/form-data">'; print_table($table); echo '</form>';
// Copyright (c) 2007-2008 Esteban Sanchez, estebans@artica.es // This program is free software; you can redistribute it and/or // modify it under the terms of the GNU General Public License // as published by the Free Software Foundation; version 2 // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. global $config; if (check_login() != 0) { audit_db("Noauth", $config["REMOTE_ADDR"], "No authenticated access", "Trying to access inventory viewer"); require "general/noaccess.php"; exit; } $id = (int) get_parameter('id'); if (!give_acl($config['id_user'], get_inventory_group($id), 'VR')) { audit_db($config['id_user'], $config["REMOTE_ADDR"], "ACL Violation", "Trying to access to inventory " . $id); include "general/noaccess.php"; return; } echo '<h3>' . __('Contract details on inventory object') . ' #' . $id . '</h3>'; $contracts = get_inventory_contracts($id, false); $table->class = 'inventory-contracts databox'; $table->width = '740px'; $table->colspan = array(); $table->colspan[1][1] = 3; $table->style = array(); $table->style[0] = 'font-weight: bold'; $table->style[2] = 'font-weight: bold'; foreach ($contracts as $contract) { $table->data = array();
$nombre_real = dame_nombre_real($usuario); $id_grupo = $row["id_grupo"]; $id_creator = $row["id_creator"]; $grupo = dame_nombre_grupo($id_grupo); $result_msg = ""; $id_user = $_SESSION['id_usuario']; if (give_acl($iduser_temp, $id_grupo, "IR") != 1) { // Doesn't have access to this page audit_db($id_user, $REMOTE_ADDR, "ACL Violation", "Trying to access to ticket " . $id_inc . " '" . $titulo . "'"); include "general/noaccess.php"; exit; } // Delete note if (isset($_GET["id_nota"])) { $note_user = give_note_author($_GET["id_nota"]); if (give_acl($iduser_temp, $id_grupo, "IM") || $note_user == $iduser_temp || ($usuario = $iduser_temp)) { // Only admins (manage incident) or owners can modify incidents, including their notes // But note authors was able to delete this own notes $id_nota = $_GET["id_nota"]; $id_nota_inc = $_GET["id_nota_inc"]; $query = "DELETE FROM tnota WHERE id_nota = " . $id_nota; $query2 = "DELETE FROM tnota_inc WHERE id_nota_inc = " . $id_nota_inc; mysql_query($query); mysql_query($query2); if (mysql_query($query)) { $result_msg = "<h3 class='suc'>" . __('Note successfully deleted') . "</h3>"; } incident_tracking($id_inc, $id_usuario, INCIDENT_NOTE_DELETED); } } echo "<div id='menu_tab'><ul class='mn'>";
// --------------- // DELETE Workunit // --------------- if ($operation == "delete"){ // Delete workunit with ACL / Project manager check $id_workunit = get_parameter ("id_workunit"); $sql = "SELECT * FROM tworkunit WHERE id = $id_workunit"; if ($res = mysql_query($sql)) $row=mysql_fetch_array($res); else return; $id_user_wu = $row["id_user"]; if (($id_user_wu == $config["id_user"]) OR (give_acl($config["id_user"], 0,"PM") ==1 ) OR (project_manager_check($id_project) == 1)){ mysql_query ("DELETE FROM tworkunit where id = '$id_workunit'"); if (mysql_query ("DELETE FROM tworkunit_task where id_workunit = '$id_workunit'")){ $result_output = ui_print_success_message (__('Successfully deleted'), '', true, 'h3', true); audit_db ($id_user, $config["REMOTE_ADDR"], "Work unit deleted", "Workunit for $id_user"); } else { $result_output = ui_print_error_message (__('Not deleted. Error deleting data'), '', true, 'h3', true); } } else { audit_db($id_user, $config["REMOTE_ADDR"], "ACL Violation","Trying to delete WU $id_workunit without rigths"); include ("general/noaccess.php"); exit; } } // --------------------
if (give_acl($config["id_user"], 0, "CR")) echo "<a href='index.php?sec=customers&sec2=operation/companies/company_detail'>".__('Customers')."</a></li>"; } if (($show_people != MENU_HIDDEN) && (get_standalone_user($config["id_user"]) == false)) { // Users if ($sec == "users" ) echo "<li id='current' class='people'>"; else echo "<li class='people'>"; echo "<div>|</div>"; echo "<a href='index.php?sec=users&sec2=operation/user_report/report_monthly'>".__('People')."</a></li>"; } // Wiki if (give_acl($config["id_user"], 0, "WR") && $show_wiki != MENU_HIDDEN && (get_standalone_user($config["id_user"]) == false)) { // Wiki if ($sec == "wiki" ) echo "<li id='current' class='wiki'>"; else echo "<li class='wiki'>"; echo "<div>|</div>"; echo "<a href='index.php?sec=wiki&sec2=operation/wiki/wiki'>" . __('Wiki') . "</a>"; echo "<div>|</div></li>"; } // Custom Screens if (((int)enterprise_include('custom_screens/CustomScreensManager.php', true) != ENTERPRISE_NOT_HOOK) && (get_standalone_user($config["id_user"]) == false)) { $custom_screens = CustomScreensManager::getInstance()->getCustomScreensList(false); if (!empty($custom_screens)) {
$real_filename = $config["homedir"]."/attachment/".$file["id_attachment"]."_".rawurlencode ($file["filename"]); echo "<tr>"; echo "<td valign=top>"; echo '<a target="_blank" href="'.$link.'">'. $file['filename'].'</a>'; $stat = stat ($real_filename); echo "<td valign=top class=f9>".date ("Y-m-d H:i:s", $stat['mtime']); echo "<td valign=top class=f9>". $file["description"]; echo "<td valign=top>". $file["id_usuario"]; echo "<td valign=top>". byte_convert ($file['size']); // Delete attachment if (give_acl ($config['id_user'], $incident['id_grupo'], 'IM') && !$clean_output) { echo "<td>". '<a class="delete" name="delete_file_'.$file["id_attachment"].'" href="index.php?sec=incidents&sec2=operation/incidents/incident_dashboard_detail&id='.$id.'&tab=files&id_attachment='.$file["id_attachment"].'&delete_file=1#incident-operations"> <img src="images/cross.png"></a>'; } } echo "</table>"; echo "</div>"; ?> <script src="include/js/jquery.fileupload.js"></script> <script src="include/js/jquery.iframe-transport.js"></script> <script src="include/js/jquery.knob.js"></script>
public function checkACL($access = "AR", $group_id = 0) { if (give_acl($this->getConfig('id_user'), $group_id, $access)) { return true; } return false; }
// Integria IMS - http://integriaims.com // ================================================== // Copyright (c) 2008-2010 Artica Soluciones Tecnologicas // This program is free software; you can redistribute it and/or // modify it under the terms of the GNU General Public License // as published by the Free Software Foundation; either version 2 // of the License, or (at your option) any later version. // This program is distributed in the hope that it will be useful, // but WITHOUT ANY WARRANTY; without even the implied warranty of // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the // GNU General Public License for more details. global $config; check_login(); $id = (int) get_parameter('id'); $incident_creator = get_db_value("id_creator", "tincidencia", "id_incidencia", $id); if (!give_acl($config["id_user"], 0, "IW") && $config['id_user'] != $incident_creator) { // Doesn't have access to this page audit_db($config['id_user'], $config["REMOTE_ADDR"], "ACL Violation", "Trying to access to ticket #" . $id); include "general/noaccess.php"; return; } $title = get_db_value("titulo", "tincidencia", "id_incidencia", $id); echo '<div id="upload_result"></div>'; echo "<div id='upload_control'>"; $table->width = '100%'; $table->data = array(); $table->data[0][0] = "<span style='font-size: 10px'>" . __("Please note that you cannot upload .php or .pl files, as well other source code formats. Please compress that files prior to upload (using zip or gz)") . "</span>"; $table->data[1][0] = print_textarea('file_description', 8, 1, '', "style='resize:none'", true, __('Description')); if (defined('AJAX')) { $action = 'ajax.php?page=operation/incidents/incident_detail'; } else {