public function canCreate() { return canAdd('system'); }
if (canAdd('companies')) { $newItem['companies'] = 'Company'; } if (canAdd('contacts')) { $newItem['contacts'] = 'Contact'; } if (canAdd('calendar')) { $newItem['calendar'] = 'Event'; } if (canAdd('files')) { $newItem['files'] = 'File'; } if (canAdd('projects')) { $newItem['projects'] = 'Project'; } if (canAdd('admin')) { $newItem['admin'] = 'User'; } echo arraySelect($newItem, 'm', 'style="font-size:10px" onchange="f=document.frm_new;mod=f.m.options[f.m.selectedIndex].value;if (mod == \'admin\') document.frm_new.a.value=\'addedituser\';if(mod) f.submit();"', '', true); } ?> </td> </tr> <tr> <td colspan="2" valign="top" style="background: url(style/<?php echo $uistyle; ?> /images/nav_shadow.jpg);" align="left"> <img width="1" height="13" border="0" src="./style/<?php echo $uistyle; ?>
* Also it won't be possible to run modules/module/abc.zyz.class.php for that dots are * not allowed in the request parameters. */ $u = $AppUI->checkFileName(w2PgetCleanParam($_GET, 'u', '')); // load module based locale settings @(include_once W2P_BASE_DIR . '/locales/' . $AppUI->user_locale . '/locales.php'); include_once W2P_BASE_DIR . '/locales/core.php'; setlocale(LC_TIME, $AppUI->user_lang); $m_config = w2PgetConfig($m); // TODO: canRead/Edit assignements should be moved into each file // check overall module permissions // these can be further modified by the included action files $canAccess = canAccess($m); $canRead = canView($m); $canEdit = canEdit($m); $canAuthor = canAdd($m); $canDelete = canDelete($m); if (!$suppressHeaders) { // output the character set header if (isset($locale_char_set)) { header('Content-type: text/html;charset=' . $locale_char_set); } } // include the module class file - we use file_exists instead of @ so // that any parse errors in the file are reported, rather than errors // further down the track. $modclass = $AppUI->getModuleClass($m); if (file_exists($modclass)) { include_once $modclass; } if ($u && file_exists(W2P_BASE_DIR . '/modules/' . $m . '/' . $u . '/' . $u . '.class.php')) {
$query_string = '?m=tasks&a=view&task_id=' . $task_id; $tabBox = new CTabBox('?m=tasks&a=view&task_id=' . $task_id, '', $tab); $tabBox_show = 0; if ($obj->task_dynamic != 1 && 0 == $obj->task_represents_project) { // tabbed information boxes $tabBox_show = 1; if (canView('task_log')) { $tabBox->add(W2P_BASE_DIR . '/modules/tasks/vw_logs', 'Task Logs'); } if ($task_log_id == 0) { if (canAdd('task_log')) { $tabBox->add(W2P_BASE_DIR . '/modules/tasks/vw_log_update', 'Log'); } } elseif (canEdit('task_log')) { $tabBox->add(W2P_BASE_DIR . '/modules/tasks/vw_log_update', 'Edit Log'); } elseif (canAdd('task_log')) { $tabBox_show = 1; $tabBox->add(W2P_BASE_DIR . '/modules/tasks/vw_log_update', 'Log'); } } if (count($obj->getChildren()) > 0) { // Has children // settings for tasks $f = 'children'; $min_view = true; $tabBox_show = 1; // in the tasks file there is an if that checks // $_GET[task_status]; this patch is to be able to see // child tasks withing an inactive task $_GET['task_status'] = $obj->task_status; $tabBox->add(W2P_BASE_DIR . '/modules/tasks/tasks', 'Child Tasks');
$contact = new CContact(); if (!$contact->bind($_POST)) { $AppUI->setMsg($contact->getError(), UI_MSG_ERROR); $AppUI->redirect(); } $action = $del ? 'deleted' : 'stored'; $contact_id = (int) w2PgetParam($_POST, 'contact_id', 0); $user_id = (int) w2PgetParam($_POST, 'user_id', 0); $isNewUser = !$user_id; $perms =& $AppUI->acl(); if ($del) { } elseif ($isNewUser) { if (!canAdd('admin')) { $AppUI->redirect('m=public&a=access_denied'); } if (!canAdd('users')) { $AppUI->redirect('m=public&a=access_denied'); } } else { if ($user_id != $AppUI->user_id) { if (!canEdit('admin')) { $AppUI->redirect('m=public&a=access_denied'); } if (!canEdit('users')) { $AppUI->redirect('m=public&a=access_denied'); } } } $obj->user_username = strtolower($obj->user_username); // !User's contact information not deleted - left for history. if ($del) {
<?php /* $Id$ $URL$ */ if (!defined('W2P_BASE_DIR')) { die('You should not access this file directly.'); } // Add / Edit Company $dept_id = (int) w2PgetParam($_GET, 'dept_id', 0); $company_id = (int) w2PgetParam($_GET, 'company_id', 0); // check permissions for this record $perms =& $AppUI->acl(); $canAuthor = canAdd('departments'); $canEdit = $perms->checkModuleItem('departments', 'edit', $dept_id); // check permissions if (!$canAuthor && !$dept_id) { $AppUI->redirect('m=public&a=access_denied'); } if (!$canEdit && $dept_id) { $AppUI->redirect('m=public&a=access_denied'); } // load the department types $types = w2PgetSysVal('DepartmentType'); $countries = array('' => $AppUI->_('(Select a Country)')) + w2PgetSysVal('GlobalCountriesPreferred') + array('-' => '----') + w2PgetSysVal('GlobalCountries'); // load the record data $department = new CDepartment(); $obj = $AppUI->restoreObject(); if ($obj) { $department = $obj; $dept_id = $department->dept_id; } else { $department->loadFull($AppUI, $dept_id);
<?php /* $Id$ $URL$ */ if (!defined('W2P_BASE_DIR')) { die('You should not access this file directly.'); } $obj = new CResource(); $resource_id = w2PgetParam($_GET, 'resource_id', 0); $perms =& $AppUI->acl(); $canView = $perms->checkModuleItem('resources', 'view', $resource_id); $canEdit = $perms->checkModuleItem('resources', 'edit', $resource_id); $canDelete = $perms->checkModuleItem('resources', 'delete', $resource_id); $canAdd = canAdd('resources'); if (!$canView) { $AppUI->redirect('m=public&a=access_denied'); } if (!$resource_id) { $AppUI->setMsg('invalid ID', UI_MSG_ERROR); $AppUI->redirect(); } // TODO: tab stuff $obj = new CResource(); if (!$obj->load($resource_id)) { $AppUI->setMsg('Resource'); $AppUI->setMsg('invalidID', UI_MSG_ERROR, true); $AppUI->redirect(); } else { $AppUI->savePlace(); } $titleBlock = new CTitleBlock('View Resource', 'resources.png', $m, $m . '.' . $a); if ($canAdd) {
<?php if (!defined('W2P_BASE_DIR')) { die('You should not access this file directly.'); } $canAuthor = canAdd('projects'); if (!$canAuthor) { $AppUI->redirect("m=public&a=access_denied"); } $AppUI->savePlace(); $tab = 0; $AppUI->setState("msimportIdxTab", $tab); $titleBlock = new CTitleBlock('importers', 'projectimporter.png', $m, "{$m}.{$a}"); $titleBlock->show(); echo $AppUI->_('msinfo'); $tabBox = new CTabBox("?m={$m}", W2P_BASE_DIR . "/modules/{$m}/", $tab); $tabBox->add('vw_idx_import', $AppUI->_('Import')); $tabBox->show();
<?php /* $Id$ $URL$ */ if (!defined('W2P_BASE_DIR')) { die('You should not access this file directly.'); } // Copyright 2004 Adam Donnison <*****@*****.**> $resource_id = (int) w2PgetParam($_GET, 'resource_id', null); $perms =& $AppUI->acl(); $canDelete = $perms->checkModuleItem('resources', 'delete', $resource_id); if (!$resource_id && !canAdd('resources') || !$canEdit) { $AppUI->redirect('m=public&a=access_denied'); } $obj = new CResource(); if ($resource_id && !$obj->load($resource_id)) { $AppUI->setMsg('Resource'); $AppUI->setMsg('invalidID', UI_MSG_ERROR, true); $AppUI->redirect(); } $titleBlock = new CTitleBlock($resource_id ? 'Edit Resource' : 'Add Resource', 'resources.png', $m, $m . '.' . $a); $titleBlock->addCrumb('?m=resources', 'resource list'); if ($resource_id) { $titleBlock->addCrumb('?m=resources&a=view&resource_id=' . $resource_id, 'view this resource'); } $titleBlock->show(); $typelist = $obj->typeSelect(); ?> <form name="editfrm" action="?m=resources" method="post" accept-charset="utf-8"> <input type="hidden" name="dosql" value="do_resource_aed" /> <input type="hidden" name="resource_id" value="<?php echo w2PformSafe($resource_id);
<?php /* $Id$ $URL$ */ if (!defined('W2P_BASE_DIR')) { die('You should not access this file directly.'); } $AppUI->savePlace(); // pull all the key types $perms =& $AppUI->acl(); // Get the permissions for this module $canAccess = canAccess('roles'); if (!$canAccess) { $AppUI->redirect('m=public&a=access_denied'); } $canRead = canView('roles'); $canAdd = canAdd('roles'); $canEdit = canEdit('roles'); $canDelete = canDelete('roles'); $crole = new CSystem_Role(); $roles = $crole->getRoles(); $role_id = (int) w2PgetParam($_GET, 'role_id', 0); // setup the title block $titleBlock = new w2p_Theme_TitleBlock('Roles', 'main-settings.png', $m, $m . '.' . $a); $titleBlock->addCrumb('?m=system', 'System Admin'); $titleBlock->show(); $crumbs = array(); $crumbs['?m=system'] = 'System Admin'; ?> <script language="javascript" type="text/javascript"> <?php
$notifyContacts = $notifyContacts != '0' ? '1' : '0'; $perms =& $AppUI->acl(); if ($del) { if (!$perms->checkModuleItem('files', 'delete', $file_id)) { $AppUI->redirect(ACCESS_DENIED); } } elseif ($cancel) { if (!$perms->checkModuleItem('files', 'delete', $file_id)) { $AppUI->redirect(ACCESS_DENIED); } } elseif ($isNotNew) { if (!$perms->checkModuleItem('files', 'edit', $file_id)) { $AppUI->redirect(ACCESS_DENIED); } } else { if (!canAdd('files')) { $AppUI->redirect(ACCESS_DENIED); } } if ($file_id) { $obj->_message = 'updated'; $oldObj = new CFile(); $oldObj->load($file_id); } else { $obj->_message = 'added'; } $obj->file_category = (int) w2PgetParam($_POST, 'file_category', 0); $version = w2PgetParam($_POST, 'file_version', 0); $revision_type = w2PgetParam($_POST, 'revision_type', 0); if (strcasecmp('major', $revision_type) == 0) { $major_num = strtok($version, '.') + 1;
/* $Id: addedit.php 1926 2011-05-10 06:03:08Z caseydk $ $URL: https://web2project.svn.sourceforge.net/svnroot/web2project/tags/version2.4/modules/contacts/addedit.php $ */ if (!defined('W2P_BASE_DIR')) { die('You should not access this file directly.'); } $contact_id = (int) w2PgetParam($_GET, 'contact_id', 0); $company_id = (int) w2PgetParam($_GET, 'company_id', $AppUI->user_company); $dept_id = (int) w2PgetParam($_GET, 'dept_id', 0); $company = new CCompany(); $company->load($company_id); $company_name = $company->company_name; $dept = new CDepartment(); $dept->load($dept_id); $dept_name = $dept->dept_name; // check permissions for this record $perms =& $AppUI->acl(); $canAuthor = canAdd('contacts'); $canEdit = $perms->checkModuleItem('contacts', 'edit', $contact_id); // check permissions if (!$canAuthor && !$contact_id) { $AppUI->redirect('m=public&a=access_denied'); } if (!$canEdit && $contact_id) { $AppUI->redirect('m=public&a=access_denied'); } if ($msg == $AppUI->_('contactsDeleteUserError', UI_OUTPUT_JS)) { $userDeleteProtect = true; } // load the record data $row = new CContact(); $obj = $AppUI->restoreObject(); if ($obj) {
<?php /* $Id: do_addtasks_aed.php 2016 2011-08-07 07:08:46Z caseydk $ $URL: https://web2project.svn.sourceforge.net/svnroot/web2project/tags/version2.4/modules/projectdesigner/do_addtasks_aed.php $ */ if (!defined('W2P_BASE_DIR')) { die('You should not access this file directly.'); } global $AppUI; $perms =& $AppUI->acl(); if (!canAdd('tasks')) { $AppUI->redirect('m=public&a=access_denied'); } //Lets store the panels view options of the user: $pdo = new CProjectDesignerOptions(); $pdo->pd_option_user = $AppUI->user_id; $pdo->pd_option_view_project = w2PgetParam($_POST, 'opt_view_project', 0); $pdo->pd_option_view_gantt = w2PgetParam($_POST, 'opt_view_gantt', 0); $pdo->pd_option_view_tasks = w2PgetParam($_POST, 'opt_view_tasks', 0); $pdo->pd_option_view_actions = w2PgetParam($_POST, 'opt_view_actions', 0); $pdo->pd_option_view_addtasks = w2PgetParam($_POST, 'opt_view_addtsks', 0); $pdo->pd_option_view_files = w2PgetParam($_POST, 'opt_view_files', 0); $pdo->store(); //Lets store the task lines $elements = $_POST; $project_id = (int) w2PgetParam($_POST, 'project', 0); $taskErrors = array(); foreach ($elements as $element => $on) { if (substr($element, 0, 14) == 'add_task_line_' && $on != '') { $tline = new CTask(); //TODO: clean this whole thing up.. $tline->task_id = 0; $tline->task_name = $elements['add_task_name_' . $on];
<?php /* $Id: addedit.php 1499 2010-11-27 22:45:12Z caseydk $ $URL: https://web2project.svn.sourceforge.net/svnroot/web2project/trunk/modules/calendar/addedit.php $ */ if (!defined('W2P_BASE_DIR')) { die('You should not access this file directly.'); } global $AppUI, $cal_sdf; $AppUI->loadCalendarJS(); $event_id = intval(w2PgetParam($_GET, 'event_id', 0)); $is_clash = isset($_SESSION['event_is_clash']) ? $_SESSION['event_is_clash'] : false; $perms =& $AppUI->acl(); $canAuthor = canAdd('calendar'); $canEdit = $perms->checkModuleItem('calendar', 'edit', $event_id); // check permissions if (!$canAuthor && !$event_id) { $AppUI->redirect('m=public&a=access_denied'); } if (!$canEdit && $event_id) { $AppUI->redirect('m=public&a=access_denied'); } // get the passed timestamp (today if none) $date = w2PgetParam($_GET, 'date', null); // load the record data $obj = new CEvent(); if ($is_clash) { $obj->bind($_SESSION['add_event_post']); } else { if (!$obj->load($event_id) && $event_id) { $AppUI->setMsg('Event'); $AppUI->setMsg('invalidID', UI_MSG_ERROR, true); $AppUI->redirect();
<?php /* $Id$ $URL$ */ if (!defined('W2P_BASE_DIR')) { die('You should not access this file directly.'); } global $AppUI, $obj, $percent, $can_edit_time_information, $cal_sdf; $AppUI->loadCalendarJS(); $perms =& $AppUI->acl(); // check permissions $canEditTask = $perms->checkModuleItem('tasks', 'edit', $obj->task_id); $canViewTask = $perms->checkModuleItem('tasks', 'view', $obj->task_id); $canEdit = canEdit('task_log'); $canAdd = canAdd('task_log'); $task_log_id = (int) w2PgetParam($_GET, 'task_log_id', 0); $log = new CTaskLog(); if ($task_log_id) { if (!$canEdit || !$canViewTask) { $AppUI->redirect('m=public&a=access_denied'); } $log->load($task_log_id); } else { if (!$canAdd || !$canViewTask) { $AppUI->redirect('m=public&a=access_denied'); } $log->task_log_task = $obj->task_id; $log->task_log_name = $obj->task_name; } $proj = new CProject(); $proj->load($obj->task_project); $q = new w2p_Database_Query();
$task_project = (int) w2PgetParam($_REQUEST, 'task_project', 0); if (!$task_project) { $AppUI->setMsg('badTaskProject', UI_MSG_ERROR); $AppUI->redirect(); } } // check permissions if ($task_id) { // we are editing an existing task $canEdit = $perms->checkModuleItem('tasks', 'edit', $task_id); } else { // do we have access on this project? $canEdit = $perms->checkModuleItem('projects', 'view', $task_project); // And do we have add permission to tasks? if ($canEdit) { $canEdit = canAdd('tasks'); } } if (!$canEdit) { $AppUI->redirect('m=public&a=access_denied&err=noedit'); } if ($task->task_represents_project) { $AppUI->setMsg('The selected task represents a subproject. Please view/edit this project instead.', UI_MSG_ERROR); $AppUI->redirect('m=projects&a=view&project_id=' . $task->task_represents_project); } //check permissions for the associated project $canReadProject = $perms->checkModuleItem('projects', 'view', $task->task_project); $durnTypes = w2PgetSysVal('TaskDurationType'); // check the document access (public, participant, private) if (!$task->canAccess($AppUI->user_id)) { $AppUI->redirect('m=public&a=access_denied&err=noaccess');
die('You should not access this file directly.'); } $resource_id = (int) w2PgetParam($_POST, 'resource_id', 0); $del = (int) w2PgetParam($_POST, 'del', 0); $isNotNew = $resource_id; $perms =& $AppUI->acl(); if ($del) { if (!$perms->checkModuleItem('resources', 'delete', $resource_id)) { $AppUI->redirect('m=public&a=access_denied'); } } elseif ($isNotNew) { if (!$perms->checkModuleItem('resources', 'edit', $resource_id)) { $AppUI->redirect('m=public&a=access_denied'); } } else { if (!canAdd('resources')) { $AppUI->redirect('m=public&a=access_denied'); } } $obj = new CResource(); $msg = ''; if (!$obj->bind($_POST)) { $AppUI->setMsg($obj->getError(), UI_MSG_ERROR); $AppUI->redirect(); } $AppUI->setMsg('Resource'); if ($del) { if (!$obj->canDelete($msg)) { $AppUI->setMsg($msg, UI_MSG_ERROR); $AppUI->redirect('m=resources'); }
<?php /* $Id: addedit_folder.php 2016 2011-08-07 07:08:46Z caseydk $ $URL: https://web2project.svn.sourceforge.net/svnroot/web2project/tags/version2.4/modules/files/addedit_folder.php $ */ if (!defined('W2P_BASE_DIR')) { die('You should not access this file directly.'); } $file_folder_parent = intval(w2PgetParam($_GET, 'file_folder_parent', 0)); $folder = intval(w2PgetParam($_GET, 'folder', 0)); // add to allow for returning to other modules besides Files $referrerArray = parse_url($_SERVER['HTTP_REFERER']); $referrer = $referrerArray['query'] . $referrerArray['fragment']; // check permissions for this record $perms =& $AppUI->acl(); $canAuthor = canAdd('files'); $canEdit = canEdit('files'); // check permissions if (!$canAuthor && !$folder) { $AppUI->redirect('m=public&a=access_denied'); } if (!$canEdit && $folder) { $AppUI->redirect('m=public&a=access_denied'); } // check permissions for this record if ($folder == 0) { $canEdit = $canAuthor; } if (!$canEdit) { $AppUI->redirect('m=public&a=access_denied'); } // check if this record has dependancies to prevent deletion $msg = '';
<?php /* $Id: addedit.php 1483 2010-10-26 17:11:59Z pedroix $ $URL: https://web2project.svn.sourceforge.net/svnroot/web2project/trunk/modules/forums/addedit.php $ */ if (!defined('W2P_BASE_DIR')) { die('You should not access this file directly.'); } $forum_id = (int) w2PgetParam($_GET, 'forum_id', 0); // check permissions for this record $perms =& $AppUI->acl(); $canAuthor = canAdd('forums'); $canEdit = $perms->checkModuleItem('forums', 'edit', $forum_id); // check permissions if (!$canAuthor && !$forum_id) { $AppUI->redirect('m=public&a=access_denied'); } if (!$canEdit && $forum_id) { $AppUI->redirect('m=public&a=access_denied'); } // load the record data $forum = new CForum(); $obj = $AppUI->restoreObject(); if ($obj) { $forum = $obj; $forum_id = $forum->forum_id; } else { $forum->load($AppUI, $forum_id); } if (!$forum && $forum_id > 0) { $AppUI->setMsg('Forum'); $AppUI->setMsg('invalidID', UI_MSG_ERROR, true); $AppUI->redirect();
<?php if (!defined('W2P_BASE_DIR')) { die('You should not access this file directly.'); } global $AppUI, $m, $obj, $task_id, $w2Pconfig; if (canView('files')) { if (canAdd('files')) { echo '<a href="./index.php?m=files&a=addedit&project_id=' . $obj->task_project . '&file_task=' . $task_id . '">' . $AppUI->_('Attach a file') . '</a>'; } echo w2PshowImage('stock_attach-16.png', 16, 16, ''); $showProject = false; $project_id = $obj->task_project; include W2P_BASE_DIR . '/modules/files/index_table.php'; }
public function store(CAppUI $AppUI) { $perms = $AppUI->acl(); $stored = false; $this->_error = $this->check(); if (count($this->_error)) { return $this->_error; } $this->company_id = (int) $this->company_id; /* * TODO: I don't like the duplication on each of these two branches, but I * don't have a good idea on how to fix it at the moment... */ if ($this->company_id && canEdit('companies', $this->company_id)) { if ($msg = parent::store()) { return $msg; } $stored = true; } if (0 == $this->company_id && canAdd('companies')) { if ($msg = parent::store()) { return $msg; } $stored = true; } if ($stored) { $custom_fields = new w2p_Core_CustomFields('companies', 'addedit', $this->company_id, 'edit'); $custom_fields->bind($_POST); $sql = $custom_fields->store($this->company_id); // Store Custom Fields } return $stored; }
<?php /* $Id: contacts_crumb.view.newuserfromcontact.php 1022 2010-04-24 03:53:00Z caseydk $ $URL: https://web2project.svn.sourceforge.net/svnroot/web2project/tags/version2.4/modules/admin/contacts_crumb.view.newuserfromcontact.php $ */ if (!defined('W2P_BASE_DIR')) { die('You should not access this file directly.'); } global $AppUI, $titleBlock, $contact_id, $is_user; $perms =& $AppUI->acl(); $canAddUsers = canAdd('admin'); if ($canAddUsers && $contact_id && !$is_user) { $titleBlock->addCrumb('?m=admin&a=addedituser&contact_id=' . $contact_id, 'create a user'); }
if (!defined('W2P_BASE_DIR')) { die('You should not access this file directly.'); } $history_id = (int) w2PgetParam($_GET, 'history_id', 0); if (!$canEdit) { $AppUI->redirect('m=public&a=access_denied'); } $action = $_REQUEST['action']; $q = new w2p_Database_Query(); if ($action) { $history_description = w2PgetParam($_POST, 'history_description', ''); $history_project = (int) w2PgetParam($_POST, 'history_project', 0); $userid = $AppUI->user_id; $perms =& $AppUI->acl(); if ($action == 'add') { if (!canAdd('history')) { $AppUI->redirect('m=public&a=access_denied'); } $q->addTable('history'); $q->addInsert('history_table', "history"); $q->addInsert('history_action', "add"); $q->addInsert('history_date', "'" . $q->dbfnNowWithTZ() . "'"); $q->addInsert('history_description', $history_description); $q->addInsert('history_user', $userid); $q->addInsert('history_project', $history_project); $okMsg = 'History added'; } elseif ($action == 'update') { if (!canEdit('history')) { $AppUI->redirect('m=public&a=access_denied'); } $q->addTable('history');
$actual_end_date = intval($criticalTasks[0]['task_end_date']) ? new w2p_Utilities_Date($criticalTasks[0]['task_end_date']) : null; } $style = $actual_end_date > $end_date && !empty($end_date) ? 'style="color:red; font-weight:bold"' : ''; // setup the title block $titleBlock = new w2p_Theme_TitleBlock('View Project', 'icon.png', $m); $titleBlock->addCrumb('?m=' . $m, $m . ' list'); if ($canEdit) { $titleBlock->addButton('new link', '?m=links&a=addedit&project_id=' . $project_id); $titleBlock->addButton('new event', '?m=events&a=addedit&project_id=' . $project_id); $titleBlock->addButton('new file', '?m=files&a=addedit&project_id=' . $project_id); $titleBlock->addCrumb('?m=projects&a=addedit&project_id=' . $project_id, 'edit this project'); if ($canDelete) { $titleBlock->addCrumbDelete('delete project', $canDelete); } } if (canAdd('tasks')) { $titleBlock->addButton('new task', '?m=tasks&a=addedit&task_project=' . $project_id); } $titleBlock->show(); $view = new w2p_Controllers_View($AppUI, $project, 'Project'); echo $view->renderDelete(); ?> <script language="javascript" type="text/javascript"> function expand_multiproject(id, table_name) { var trs = document.getElementsByTagName('tr'); for (var i=0, i_cmp=trs.length;i < i_cmp;i++) { var tr_name = trs.item(i).id; if (tr_name.indexOf(id) >= 0) { var tr = document.getElementById(tr_name);
} $id = $_GET['id']; if ($_SESSION['login_user'] == $id) { ?> <!-- <div class="row" align = "center"> <div class="row"> --> <div class="alert alert-danger alert-dismissable" align="center"> <strong>ขออภัย </strong> <a class="alert-link">ไม่สามารถเพิ่มตัวเองได้</a> <!-- </div> </div> --> <?php die; } if (!canAdd($id, $pdo)) { ?> <!-- <div class="row" align = "center"> --> <div class="alert alert-danger alert-dismissable" align="center"> <strong>รหัสนิสิต </strong> <a class="alert-link"><?php echo $id; ?> </a></b>ถูกเพิ่มไปก่อนหน้านี่แล้ว</a> <!-- </div> --> <?php die; } if (count_member($pdo) == 3) { ?>
} ?> <div class="header"> <div class="left nav"> <?php echo $theme->buildHeaderNavigation('ul', 'li'); ?> </div> <div class="right" style="margin: 4px;"> <?php if ($AppUI->user_id > 0) { //Do this check in case we are not using any user id, for example for external uses $newItem = array('' => '- New Item -'); $items = array('companies' => 'Company', 'projects' => 'Project', 'contacts' => 'Contact', 'events' => 'Events', 'files' => 'File', 'users' => 'User'); foreach ($items as $module => $name) { if (canAdd($module)) { $newItem[$module] = $name; } } echo arraySelect($newItem, 'm', 'style="font-size:10px" onchange="f=document.frm_new;mod=f.m.options[f.m.selectedIndex].value;if (mod == \'admin\') document.frm_new.a.value=\'addedituser\';if(mod) f.submit();"', '', true); } ?> </div> </div> <div class="std shadow"> </div> </form> <div style="padding-left: 5px;"> <div class="left"> <?php echo $AppUI->_('Welcome') . ' ' . ($AppUI->user_id > 0 ? $AppUI->user_display_name : $outsider); echo '<br />';
<?php /* $Id$ $URL$ */ if (!defined('W2P_BASE_DIR')) { die('You should not access this file directly.'); } $link_id = (int) w2PgetParam($_GET, 'link_id', 0); // We are adding, so load task and project if available if (0 == $link_id) { $task_id = (int) w2PgetParam($_GET, 'task_id', 0); $project_id = (int) w2PgetParam($_GET, 'project_id', 0); } // check permissions for this record $perms =& $AppUI->acl(); $canAuthor = canAdd('links'); $canEdit = $perms->checkModuleItem('links', 'edit', $link_id); // check permissions if (!$canAuthor && !$link_id) { $AppUI->redirect('m=public&a=access_denied'); } if (!$canEdit && $link_id) { $AppUI->redirect('m=public&a=access_denied'); } // load the record data $link = new CLink(); $obj = $AppUI->restoreObject(); if ($obj) { $link = $obj; $link_id = $link->link_id; } else { $link->loadFull($AppUI, $link_id);
<?php if (!defined('W2P_BASE_DIR')) { die('You should not access this file directly.'); } global $AppUI, $titleBlock, $contact_id, $is_user; $perms =& $AppUI->acl(); $canAddUsers = canAdd('users'); if ($canAddUsers && $contact_id && !$is_user) { $titleBlock->addButton('create user', '?m=users&a=addedit&contact_id=' . $contact_id); }
: <?php echo arraySelect($projects, 'project_id', 'onchange="submitIt()" class="text" style="width:500px"', 0); ?> </strong> </font> </td> </tr> </form> </table> <?php } else { // check permissions for this record $canReadProject = $perms->checkModuleItem('projects', 'view', $project_id); $canEditProject = $perms->checkModuleItem('projects', 'edit', $project_id); $canViewTasks = canView('tasks'); $canAddTasks = canAdd('tasks'); $canEditTasks = canEdit('tasks'); $canDeleteTasks = canDelete('tasks'); if (!$canReadProject) { $AppUI->redirect('m=public&a=access_denied'); } // check if this record has dependencies to prevent deletion $msg = ''; $obj = new CProject(); // Now check if the project is editable/viewable. $denied = $obj->getDeniedRecords($AppUI->user_id); if (in_array($project_id, $denied)) { $AppUI->redirect('m=public&a=access_denied'); } $canDeleteProject = $obj->canDelete($msg, $project_id); // get critical tasks (criteria: task_end_date)
<?php /* $Id$ $URL$ */ if (!defined('W2P_BASE_DIR')) { die('You should not access this file directly.'); } $company_id = (int) w2PgetParam($_GET, 'company_id', 0); // check permissions for this company $perms =& $AppUI->acl(); // If the company exists we need edit permission, // If it is a new company we need add permission on the module. if ($company_id) { $canEdit = $perms->checkModuleItem('companies', 'edit', $company_id); } else { $canEdit = canAdd('companies'); } if (!$canEdit) { $AppUI->redirect('m=public&a=access_denied'); } // load the company types $types = w2PgetSysVal('CompanyType'); $countries = array('' => $AppUI->_('(Select a Country)')) + w2PgetSysVal('GlobalCountriesPreferred') + array('-' => '----') + w2PgetSysVal('GlobalCountries'); // load the record data $company = new CCompany(); $obj = $AppUI->restoreObject(); if ($obj) { $company = $obj; $company_id = $company->company_id; } else { $company->loadFull($AppUI, $company_id); }