public function canCreate()
{
return canAdd('system');
}
if (canAdd('companies')) {
$newItem['companies'] = 'Company';
}
if (canAdd('contacts')) {
$newItem['contacts'] = 'Contact';
}
if (canAdd('calendar')) {
$newItem['calendar'] = 'Event';
}
if (canAdd('files')) {
$newItem['files'] = 'File';
}
if (canAdd('projects')) {
$newItem['projects'] = 'Project';
}
if (canAdd('admin')) {
$newItem['admin'] = 'User';
}
echo arraySelect($newItem, 'm', 'style="font-size:10px" onchange="f=document.frm_new;mod=f.m.options[f.m.selectedIndex].value;if (mod == \'admin\') document.frm_new.a.value=\'addedituser\';if(mod) f.submit();"', '', true);
}
?>
</td>
</tr>
<tr>
<td colspan="2" valign="top" style="background: url(style/<?php
echo $uistyle;
?>
/images/nav_shadow.jpg);" align="left">
<img width="1" height="13" border="0" src="./style/<?php
echo $uistyle;
?>
* Also it won't be possible to run modules/module/abc.zyz.class.php for that dots are
* not allowed in the request parameters.
*/
$u = $AppUI->checkFileName(w2PgetCleanParam($_GET, 'u', ''));
// load module based locale settings
@(include_once W2P_BASE_DIR . '/locales/' . $AppUI->user_locale . '/locales.php');
include_once W2P_BASE_DIR . '/locales/core.php';
setlocale(LC_TIME, $AppUI->user_lang);
$m_config = w2PgetConfig($m);
// TODO: canRead/Edit assignements should be moved into each file
// check overall module permissions
// these can be further modified by the included action files
$canAccess = canAccess($m);
$canRead = canView($m);
$canEdit = canEdit($m);
$canAuthor = canAdd($m);
$canDelete = canDelete($m);
if (!$suppressHeaders) {
// output the character set header
if (isset($locale_char_set)) {
header('Content-type: text/html;charset=' . $locale_char_set);
}
}
// include the module class file - we use file_exists instead of @ so
// that any parse errors in the file are reported, rather than errors
// further down the track.
$modclass = $AppUI->getModuleClass($m);
if (file_exists($modclass)) {
include_once $modclass;
}
if ($u && file_exists(W2P_BASE_DIR . '/modules/' . $m . '/' . $u . '/' . $u . '.class.php')) {
$query_string = '?m=tasks&a=view&task_id=' . $task_id;
$tabBox = new CTabBox('?m=tasks&a=view&task_id=' . $task_id, '', $tab);
$tabBox_show = 0;
if ($obj->task_dynamic != 1 && 0 == $obj->task_represents_project) {
// tabbed information boxes
$tabBox_show = 1;
if (canView('task_log')) {
$tabBox->add(W2P_BASE_DIR . '/modules/tasks/vw_logs', 'Task Logs');
}
if ($task_log_id == 0) {
if (canAdd('task_log')) {
$tabBox->add(W2P_BASE_DIR . '/modules/tasks/vw_log_update', 'Log');
}
} elseif (canEdit('task_log')) {
$tabBox->add(W2P_BASE_DIR . '/modules/tasks/vw_log_update', 'Edit Log');
} elseif (canAdd('task_log')) {
$tabBox_show = 1;
$tabBox->add(W2P_BASE_DIR . '/modules/tasks/vw_log_update', 'Log');
}
}
if (count($obj->getChildren()) > 0) {
// Has children
// settings for tasks
$f = 'children';
$min_view = true;
$tabBox_show = 1;
// in the tasks file there is an if that checks
// $_GET[task_status]; this patch is to be able to see
// child tasks withing an inactive task
$_GET['task_status'] = $obj->task_status;
$tabBox->add(W2P_BASE_DIR . '/modules/tasks/tasks', 'Child Tasks');
$contact = new CContact();
if (!$contact->bind($_POST)) {
$AppUI->setMsg($contact->getError(), UI_MSG_ERROR);
$AppUI->redirect();
}
$action = $del ? 'deleted' : 'stored';
$contact_id = (int) w2PgetParam($_POST, 'contact_id', 0);
$user_id = (int) w2PgetParam($_POST, 'user_id', 0);
$isNewUser = !$user_id;
$perms =& $AppUI->acl();
if ($del) {
} elseif ($isNewUser) {
if (!canAdd('admin')) {
$AppUI->redirect('m=public&a=access_denied');
}
if (!canAdd('users')) {
$AppUI->redirect('m=public&a=access_denied');
}
} else {
if ($user_id != $AppUI->user_id) {
if (!canEdit('admin')) {
$AppUI->redirect('m=public&a=access_denied');
}
if (!canEdit('users')) {
$AppUI->redirect('m=public&a=access_denied');
}
}
}
$obj->user_username = strtolower($obj->user_username);
// !User's contact information not deleted - left for history.
if ($del) {
<?php
/* $Id$ $URL$ */
if (!defined('W2P_BASE_DIR')) {
die('You should not access this file directly.');
}
// Add / Edit Company
$dept_id = (int) w2PgetParam($_GET, 'dept_id', 0);
$company_id = (int) w2PgetParam($_GET, 'company_id', 0);
// check permissions for this record
$perms =& $AppUI->acl();
$canAuthor = canAdd('departments');
$canEdit = $perms->checkModuleItem('departments', 'edit', $dept_id);
// check permissions
if (!$canAuthor && !$dept_id) {
$AppUI->redirect('m=public&a=access_denied');
}
if (!$canEdit && $dept_id) {
$AppUI->redirect('m=public&a=access_denied');
}
// load the department types
$types = w2PgetSysVal('DepartmentType');
$countries = array('' => $AppUI->_('(Select a Country)')) + w2PgetSysVal('GlobalCountriesPreferred') + array('-' => '----') + w2PgetSysVal('GlobalCountries');
// load the record data
$department = new CDepartment();
$obj = $AppUI->restoreObject();
if ($obj) {
$department = $obj;
$dept_id = $department->dept_id;
} else {
$department->loadFull($AppUI, $dept_id);
<?php
/* $Id$ $URL$ */
if (!defined('W2P_BASE_DIR')) {
die('You should not access this file directly.');
}
$obj = new CResource();
$resource_id = w2PgetParam($_GET, 'resource_id', 0);
$perms =& $AppUI->acl();
$canView = $perms->checkModuleItem('resources', 'view', $resource_id);
$canEdit = $perms->checkModuleItem('resources', 'edit', $resource_id);
$canDelete = $perms->checkModuleItem('resources', 'delete', $resource_id);
$canAdd = canAdd('resources');
if (!$canView) {
$AppUI->redirect('m=public&a=access_denied');
}
if (!$resource_id) {
$AppUI->setMsg('invalid ID', UI_MSG_ERROR);
$AppUI->redirect();
}
// TODO: tab stuff
$obj = new CResource();
if (!$obj->load($resource_id)) {
$AppUI->setMsg('Resource');
$AppUI->setMsg('invalidID', UI_MSG_ERROR, true);
$AppUI->redirect();
} else {
$AppUI->savePlace();
}
$titleBlock = new CTitleBlock('View Resource', 'resources.png', $m, $m . '.' . $a);
if ($canAdd) {
<?php
if (!defined('W2P_BASE_DIR')) {
die('You should not access this file directly.');
}
$canAuthor = canAdd('projects');
if (!$canAuthor) {
$AppUI->redirect("m=public&a=access_denied");
}
$AppUI->savePlace();
$tab = 0;
$AppUI->setState("msimportIdxTab", $tab);
$titleBlock = new CTitleBlock('importers', 'projectimporter.png', $m, "{$m}.{$a}");
$titleBlock->show();
echo $AppUI->_('msinfo');
$tabBox = new CTabBox("?m={$m}", W2P_BASE_DIR . "/modules/{$m}/", $tab);
$tabBox->add('vw_idx_import', $AppUI->_('Import'));
$tabBox->show();
<?php
/* $Id$ $URL$ */
if (!defined('W2P_BASE_DIR')) {
die('You should not access this file directly.');
}
// Copyright 2004 Adam Donnison <*****@*****.**>
$resource_id = (int) w2PgetParam($_GET, 'resource_id', null);
$perms =& $AppUI->acl();
$canDelete = $perms->checkModuleItem('resources', 'delete', $resource_id);
if (!$resource_id && !canAdd('resources') || !$canEdit) {
$AppUI->redirect('m=public&a=access_denied');
}
$obj = new CResource();
if ($resource_id && !$obj->load($resource_id)) {
$AppUI->setMsg('Resource');
$AppUI->setMsg('invalidID', UI_MSG_ERROR, true);
$AppUI->redirect();
}
$titleBlock = new CTitleBlock($resource_id ? 'Edit Resource' : 'Add Resource', 'resources.png', $m, $m . '.' . $a);
$titleBlock->addCrumb('?m=resources', 'resource list');
if ($resource_id) {
$titleBlock->addCrumb('?m=resources&a=view&resource_id=' . $resource_id, 'view this resource');
}
$titleBlock->show();
$typelist = $obj->typeSelect();
?>
<form name="editfrm" action="?m=resources" method="post" accept-charset="utf-8">
<input type="hidden" name="dosql" value="do_resource_aed" />
<input type="hidden" name="resource_id" value="<?php
echo w2PformSafe($resource_id);
<?php
/* $Id$ $URL$ */
if (!defined('W2P_BASE_DIR')) {
die('You should not access this file directly.');
}
$AppUI->savePlace();
// pull all the key types
$perms =& $AppUI->acl();
// Get the permissions for this module
$canAccess = canAccess('roles');
if (!$canAccess) {
$AppUI->redirect('m=public&a=access_denied');
}
$canRead = canView('roles');
$canAdd = canAdd('roles');
$canEdit = canEdit('roles');
$canDelete = canDelete('roles');
$crole = new CSystem_Role();
$roles = $crole->getRoles();
$role_id = (int) w2PgetParam($_GET, 'role_id', 0);
// setup the title block
$titleBlock = new w2p_Theme_TitleBlock('Roles', 'main-settings.png', $m, $m . '.' . $a);
$titleBlock->addCrumb('?m=system', 'System Admin');
$titleBlock->show();
$crumbs = array();
$crumbs['?m=system'] = 'System Admin';
?>
<script language="javascript" type="text/javascript">
<?php
$notifyContacts = $notifyContacts != '0' ? '1' : '0';
$perms =& $AppUI->acl();
if ($del) {
if (!$perms->checkModuleItem('files', 'delete', $file_id)) {
$AppUI->redirect(ACCESS_DENIED);
}
} elseif ($cancel) {
if (!$perms->checkModuleItem('files', 'delete', $file_id)) {
$AppUI->redirect(ACCESS_DENIED);
}
} elseif ($isNotNew) {
if (!$perms->checkModuleItem('files', 'edit', $file_id)) {
$AppUI->redirect(ACCESS_DENIED);
}
} else {
if (!canAdd('files')) {
$AppUI->redirect(ACCESS_DENIED);
}
}
if ($file_id) {
$obj->_message = 'updated';
$oldObj = new CFile();
$oldObj->load($file_id);
} else {
$obj->_message = 'added';
}
$obj->file_category = (int) w2PgetParam($_POST, 'file_category', 0);
$version = w2PgetParam($_POST, 'file_version', 0);
$revision_type = w2PgetParam($_POST, 'revision_type', 0);
if (strcasecmp('major', $revision_type) == 0) {
$major_num = strtok($version, '.') + 1;
/* $Id: addedit.php 1926 2011-05-10 06:03:08Z caseydk $ $URL: https://web2project.svn.sourceforge.net/svnroot/web2project/tags/version2.4/modules/contacts/addedit.php $ */
if (!defined('W2P_BASE_DIR')) {
die('You should not access this file directly.');
}
$contact_id = (int) w2PgetParam($_GET, 'contact_id', 0);
$company_id = (int) w2PgetParam($_GET, 'company_id', $AppUI->user_company);
$dept_id = (int) w2PgetParam($_GET, 'dept_id', 0);
$company = new CCompany();
$company->load($company_id);
$company_name = $company->company_name;
$dept = new CDepartment();
$dept->load($dept_id);
$dept_name = $dept->dept_name;
// check permissions for this record
$perms =& $AppUI->acl();
$canAuthor = canAdd('contacts');
$canEdit = $perms->checkModuleItem('contacts', 'edit', $contact_id);
// check permissions
if (!$canAuthor && !$contact_id) {
$AppUI->redirect('m=public&a=access_denied');
}
if (!$canEdit && $contact_id) {
$AppUI->redirect('m=public&a=access_denied');
}
if ($msg == $AppUI->_('contactsDeleteUserError', UI_OUTPUT_JS)) {
$userDeleteProtect = true;
}
// load the record data
$row = new CContact();
$obj = $AppUI->restoreObject();
if ($obj) {
<?php
/* $Id: do_addtasks_aed.php 2016 2011-08-07 07:08:46Z caseydk $ $URL: https://web2project.svn.sourceforge.net/svnroot/web2project/tags/version2.4/modules/projectdesigner/do_addtasks_aed.php $ */
if (!defined('W2P_BASE_DIR')) {
die('You should not access this file directly.');
}
global $AppUI;
$perms =& $AppUI->acl();
if (!canAdd('tasks')) {
$AppUI->redirect('m=public&a=access_denied');
}
//Lets store the panels view options of the user:
$pdo = new CProjectDesignerOptions();
$pdo->pd_option_user = $AppUI->user_id;
$pdo->pd_option_view_project = w2PgetParam($_POST, 'opt_view_project', 0);
$pdo->pd_option_view_gantt = w2PgetParam($_POST, 'opt_view_gantt', 0);
$pdo->pd_option_view_tasks = w2PgetParam($_POST, 'opt_view_tasks', 0);
$pdo->pd_option_view_actions = w2PgetParam($_POST, 'opt_view_actions', 0);
$pdo->pd_option_view_addtasks = w2PgetParam($_POST, 'opt_view_addtsks', 0);
$pdo->pd_option_view_files = w2PgetParam($_POST, 'opt_view_files', 0);
$pdo->store();
//Lets store the task lines
$elements = $_POST;
$project_id = (int) w2PgetParam($_POST, 'project', 0);
$taskErrors = array();
foreach ($elements as $element => $on) {
if (substr($element, 0, 14) == 'add_task_line_' && $on != '') {
$tline = new CTask();
//TODO: clean this whole thing up..
$tline->task_id = 0;
$tline->task_name = $elements['add_task_name_' . $on];
<?php
/* $Id: addedit.php 1499 2010-11-27 22:45:12Z caseydk $ $URL: https://web2project.svn.sourceforge.net/svnroot/web2project/trunk/modules/calendar/addedit.php $ */
if (!defined('W2P_BASE_DIR')) {
die('You should not access this file directly.');
}
global $AppUI, $cal_sdf;
$AppUI->loadCalendarJS();
$event_id = intval(w2PgetParam($_GET, 'event_id', 0));
$is_clash = isset($_SESSION['event_is_clash']) ? $_SESSION['event_is_clash'] : false;
$perms =& $AppUI->acl();
$canAuthor = canAdd('calendar');
$canEdit = $perms->checkModuleItem('calendar', 'edit', $event_id);
// check permissions
if (!$canAuthor && !$event_id) {
$AppUI->redirect('m=public&a=access_denied');
}
if (!$canEdit && $event_id) {
$AppUI->redirect('m=public&a=access_denied');
}
// get the passed timestamp (today if none)
$date = w2PgetParam($_GET, 'date', null);
// load the record data
$obj = new CEvent();
if ($is_clash) {
$obj->bind($_SESSION['add_event_post']);
} else {
if (!$obj->load($event_id) && $event_id) {
$AppUI->setMsg('Event');
$AppUI->setMsg('invalidID', UI_MSG_ERROR, true);
$AppUI->redirect();
<?php
/* $Id$ $URL$ */
if (!defined('W2P_BASE_DIR')) {
die('You should not access this file directly.');
}
global $AppUI, $obj, $percent, $can_edit_time_information, $cal_sdf;
$AppUI->loadCalendarJS();
$perms =& $AppUI->acl();
// check permissions
$canEditTask = $perms->checkModuleItem('tasks', 'edit', $obj->task_id);
$canViewTask = $perms->checkModuleItem('tasks', 'view', $obj->task_id);
$canEdit = canEdit('task_log');
$canAdd = canAdd('task_log');
$task_log_id = (int) w2PgetParam($_GET, 'task_log_id', 0);
$log = new CTaskLog();
if ($task_log_id) {
if (!$canEdit || !$canViewTask) {
$AppUI->redirect('m=public&a=access_denied');
}
$log->load($task_log_id);
} else {
if (!$canAdd || !$canViewTask) {
$AppUI->redirect('m=public&a=access_denied');
}
$log->task_log_task = $obj->task_id;
$log->task_log_name = $obj->task_name;
}
$proj = new CProject();
$proj->load($obj->task_project);
$q = new w2p_Database_Query();
$task_project = (int) w2PgetParam($_REQUEST, 'task_project', 0);
if (!$task_project) {
$AppUI->setMsg('badTaskProject', UI_MSG_ERROR);
$AppUI->redirect();
}
}
// check permissions
if ($task_id) {
// we are editing an existing task
$canEdit = $perms->checkModuleItem('tasks', 'edit', $task_id);
} else {
// do we have access on this project?
$canEdit = $perms->checkModuleItem('projects', 'view', $task_project);
// And do we have add permission to tasks?
if ($canEdit) {
$canEdit = canAdd('tasks');
}
}
if (!$canEdit) {
$AppUI->redirect('m=public&a=access_denied&err=noedit');
}
if ($task->task_represents_project) {
$AppUI->setMsg('The selected task represents a subproject. Please view/edit this project instead.', UI_MSG_ERROR);
$AppUI->redirect('m=projects&a=view&project_id=' . $task->task_represents_project);
}
//check permissions for the associated project
$canReadProject = $perms->checkModuleItem('projects', 'view', $task->task_project);
$durnTypes = w2PgetSysVal('TaskDurationType');
// check the document access (public, participant, private)
if (!$task->canAccess($AppUI->user_id)) {
$AppUI->redirect('m=public&a=access_denied&err=noaccess');
die('You should not access this file directly.');
}
$resource_id = (int) w2PgetParam($_POST, 'resource_id', 0);
$del = (int) w2PgetParam($_POST, 'del', 0);
$isNotNew = $resource_id;
$perms =& $AppUI->acl();
if ($del) {
if (!$perms->checkModuleItem('resources', 'delete', $resource_id)) {
$AppUI->redirect('m=public&a=access_denied');
}
} elseif ($isNotNew) {
if (!$perms->checkModuleItem('resources', 'edit', $resource_id)) {
$AppUI->redirect('m=public&a=access_denied');
}
} else {
if (!canAdd('resources')) {
$AppUI->redirect('m=public&a=access_denied');
}
}
$obj = new CResource();
$msg = '';
if (!$obj->bind($_POST)) {
$AppUI->setMsg($obj->getError(), UI_MSG_ERROR);
$AppUI->redirect();
}
$AppUI->setMsg('Resource');
if ($del) {
if (!$obj->canDelete($msg)) {
$AppUI->setMsg($msg, UI_MSG_ERROR);
$AppUI->redirect('m=resources');
}
<?php
/* $Id: addedit_folder.php 2016 2011-08-07 07:08:46Z caseydk $ $URL: https://web2project.svn.sourceforge.net/svnroot/web2project/tags/version2.4/modules/files/addedit_folder.php $ */
if (!defined('W2P_BASE_DIR')) {
die('You should not access this file directly.');
}
$file_folder_parent = intval(w2PgetParam($_GET, 'file_folder_parent', 0));
$folder = intval(w2PgetParam($_GET, 'folder', 0));
// add to allow for returning to other modules besides Files
$referrerArray = parse_url($_SERVER['HTTP_REFERER']);
$referrer = $referrerArray['query'] . $referrerArray['fragment'];
// check permissions for this record
$perms =& $AppUI->acl();
$canAuthor = canAdd('files');
$canEdit = canEdit('files');
// check permissions
if (!$canAuthor && !$folder) {
$AppUI->redirect('m=public&a=access_denied');
}
if (!$canEdit && $folder) {
$AppUI->redirect('m=public&a=access_denied');
}
// check permissions for this record
if ($folder == 0) {
$canEdit = $canAuthor;
}
if (!$canEdit) {
$AppUI->redirect('m=public&a=access_denied');
}
// check if this record has dependancies to prevent deletion
$msg = '';
<?php
/* $Id: addedit.php 1483 2010-10-26 17:11:59Z pedroix $ $URL: https://web2project.svn.sourceforge.net/svnroot/web2project/trunk/modules/forums/addedit.php $ */
if (!defined('W2P_BASE_DIR')) {
die('You should not access this file directly.');
}
$forum_id = (int) w2PgetParam($_GET, 'forum_id', 0);
// check permissions for this record
$perms =& $AppUI->acl();
$canAuthor = canAdd('forums');
$canEdit = $perms->checkModuleItem('forums', 'edit', $forum_id);
// check permissions
if (!$canAuthor && !$forum_id) {
$AppUI->redirect('m=public&a=access_denied');
}
if (!$canEdit && $forum_id) {
$AppUI->redirect('m=public&a=access_denied');
}
// load the record data
$forum = new CForum();
$obj = $AppUI->restoreObject();
if ($obj) {
$forum = $obj;
$forum_id = $forum->forum_id;
} else {
$forum->load($AppUI, $forum_id);
}
if (!$forum && $forum_id > 0) {
$AppUI->setMsg('Forum');
$AppUI->setMsg('invalidID', UI_MSG_ERROR, true);
$AppUI->redirect();
<?php
if (!defined('W2P_BASE_DIR')) {
die('You should not access this file directly.');
}
global $AppUI, $m, $obj, $task_id, $w2Pconfig;
if (canView('files')) {
if (canAdd('files')) {
echo '<a href="./index.php?m=files&a=addedit&project_id=' . $obj->task_project . '&file_task=' . $task_id . '">' . $AppUI->_('Attach a file') . '</a>';
}
echo w2PshowImage('stock_attach-16.png', 16, 16, '');
$showProject = false;
$project_id = $obj->task_project;
include W2P_BASE_DIR . '/modules/files/index_table.php';
}
public function store(CAppUI $AppUI)
{
$perms = $AppUI->acl();
$stored = false;
$this->_error = $this->check();
if (count($this->_error)) {
return $this->_error;
}
$this->company_id = (int) $this->company_id;
/*
* TODO: I don't like the duplication on each of these two branches, but I
* don't have a good idea on how to fix it at the moment...
*/
if ($this->company_id && canEdit('companies', $this->company_id)) {
if ($msg = parent::store()) {
return $msg;
}
$stored = true;
}
if (0 == $this->company_id && canAdd('companies')) {
if ($msg = parent::store()) {
return $msg;
}
$stored = true;
}
if ($stored) {
$custom_fields = new w2p_Core_CustomFields('companies', 'addedit', $this->company_id, 'edit');
$custom_fields->bind($_POST);
$sql = $custom_fields->store($this->company_id);
// Store Custom Fields
}
return $stored;
}
<?php
/* $Id: contacts_crumb.view.newuserfromcontact.php 1022 2010-04-24 03:53:00Z caseydk $ $URL: https://web2project.svn.sourceforge.net/svnroot/web2project/tags/version2.4/modules/admin/contacts_crumb.view.newuserfromcontact.php $ */
if (!defined('W2P_BASE_DIR')) {
die('You should not access this file directly.');
}
global $AppUI, $titleBlock, $contact_id, $is_user;
$perms =& $AppUI->acl();
$canAddUsers = canAdd('admin');
if ($canAddUsers && $contact_id && !$is_user) {
$titleBlock->addCrumb('?m=admin&a=addedituser&contact_id=' . $contact_id, 'create a user');
}
if (!defined('W2P_BASE_DIR')) {
die('You should not access this file directly.');
}
$history_id = (int) w2PgetParam($_GET, 'history_id', 0);
if (!$canEdit) {
$AppUI->redirect('m=public&a=access_denied');
}
$action = $_REQUEST['action'];
$q = new w2p_Database_Query();
if ($action) {
$history_description = w2PgetParam($_POST, 'history_description', '');
$history_project = (int) w2PgetParam($_POST, 'history_project', 0);
$userid = $AppUI->user_id;
$perms =& $AppUI->acl();
if ($action == 'add') {
if (!canAdd('history')) {
$AppUI->redirect('m=public&a=access_denied');
}
$q->addTable('history');
$q->addInsert('history_table', "history");
$q->addInsert('history_action', "add");
$q->addInsert('history_date', "'" . $q->dbfnNowWithTZ() . "'");
$q->addInsert('history_description', $history_description);
$q->addInsert('history_user', $userid);
$q->addInsert('history_project', $history_project);
$okMsg = 'History added';
} elseif ($action == 'update') {
if (!canEdit('history')) {
$AppUI->redirect('m=public&a=access_denied');
}
$q->addTable('history');
$actual_end_date = intval($criticalTasks[0]['task_end_date']) ? new w2p_Utilities_Date($criticalTasks[0]['task_end_date']) : null;
}
$style = $actual_end_date > $end_date && !empty($end_date) ? 'style="color:red; font-weight:bold"' : '';
// setup the title block
$titleBlock = new w2p_Theme_TitleBlock('View Project', 'icon.png', $m);
$titleBlock->addCrumb('?m=' . $m, $m . ' list');
if ($canEdit) {
$titleBlock->addButton('new link', '?m=links&a=addedit&project_id=' . $project_id);
$titleBlock->addButton('new event', '?m=events&a=addedit&project_id=' . $project_id);
$titleBlock->addButton('new file', '?m=files&a=addedit&project_id=' . $project_id);
$titleBlock->addCrumb('?m=projects&a=addedit&project_id=' . $project_id, 'edit this project');
if ($canDelete) {
$titleBlock->addCrumbDelete('delete project', $canDelete);
}
}
if (canAdd('tasks')) {
$titleBlock->addButton('new task', '?m=tasks&a=addedit&task_project=' . $project_id);
}
$titleBlock->show();
$view = new w2p_Controllers_View($AppUI, $project, 'Project');
echo $view->renderDelete();
?>
<script language="javascript" type="text/javascript">
function expand_multiproject(id, table_name) {
var trs = document.getElementsByTagName('tr');
for (var i=0, i_cmp=trs.length;i < i_cmp;i++) {
var tr_name = trs.item(i).id;
if (tr_name.indexOf(id) >= 0) {
var tr = document.getElementById(tr_name);
}
$id = $_GET['id'];
if ($_SESSION['login_user'] == $id) {
?>
<!-- <div class="row" align = "center">
<div class="row"> -->
<div class="alert alert-danger alert-dismissable" align="center">
<strong>ขออภัย </strong>
<a class="alert-link">ไม่สามารถเพิ่มตัวเองได้</a>
<!-- </div>
</div> -->
<?php
die;
}
if (!canAdd($id, $pdo)) {
?>
<!-- <div class="row" align = "center"> -->
<div class="alert alert-danger alert-dismissable" align="center">
<strong>รหัสนิสิต </strong>
<a class="alert-link"><?php
echo $id;
?>
</a></b>ถูกเพิ่มไปก่อนหน้านี่แล้ว</a>
<!-- </div> -->
<?php
die;
}
if (count_member($pdo) == 3) {
?>
}
?>
<div class="header">
<div class="left nav">
<?php
echo $theme->buildHeaderNavigation('ul', 'li');
?>
</div>
<div class="right" style="margin: 4px;">
<?php
if ($AppUI->user_id > 0) {
//Do this check in case we are not using any user id, for example for external uses
$newItem = array('' => '- New Item -');
$items = array('companies' => 'Company', 'projects' => 'Project', 'contacts' => 'Contact', 'events' => 'Events', 'files' => 'File', 'users' => 'User');
foreach ($items as $module => $name) {
if (canAdd($module)) {
$newItem[$module] = $name;
}
}
echo arraySelect($newItem, 'm', 'style="font-size:10px" onchange="f=document.frm_new;mod=f.m.options[f.m.selectedIndex].value;if (mod == \'admin\') document.frm_new.a.value=\'addedituser\';if(mod) f.submit();"', '', true);
}
?>
</div>
</div>
<div class="std shadow"> </div>
</form>
<div style="padding-left: 5px;">
<div class="left">
<?php
echo $AppUI->_('Welcome') . ' ' . ($AppUI->user_id > 0 ? $AppUI->user_display_name : $outsider);
echo '<br />';
<?php
/* $Id$ $URL$ */
if (!defined('W2P_BASE_DIR')) {
die('You should not access this file directly.');
}
$link_id = (int) w2PgetParam($_GET, 'link_id', 0);
// We are adding, so load task and project if available
if (0 == $link_id) {
$task_id = (int) w2PgetParam($_GET, 'task_id', 0);
$project_id = (int) w2PgetParam($_GET, 'project_id', 0);
}
// check permissions for this record
$perms =& $AppUI->acl();
$canAuthor = canAdd('links');
$canEdit = $perms->checkModuleItem('links', 'edit', $link_id);
// check permissions
if (!$canAuthor && !$link_id) {
$AppUI->redirect('m=public&a=access_denied');
}
if (!$canEdit && $link_id) {
$AppUI->redirect('m=public&a=access_denied');
}
// load the record data
$link = new CLink();
$obj = $AppUI->restoreObject();
if ($obj) {
$link = $obj;
$link_id = $link->link_id;
} else {
$link->loadFull($AppUI, $link_id);
<?php
if (!defined('W2P_BASE_DIR')) {
die('You should not access this file directly.');
}
global $AppUI, $titleBlock, $contact_id, $is_user;
$perms =& $AppUI->acl();
$canAddUsers = canAdd('users');
if ($canAddUsers && $contact_id && !$is_user) {
$titleBlock->addButton('create user', '?m=users&a=addedit&contact_id=' . $contact_id);
}
: <?php
echo arraySelect($projects, 'project_id', 'onchange="submitIt()" class="text" style="width:500px"', 0);
?>
</strong>
</font>
</td>
</tr>
</form>
</table>
<?php
} else {
// check permissions for this record
$canReadProject = $perms->checkModuleItem('projects', 'view', $project_id);
$canEditProject = $perms->checkModuleItem('projects', 'edit', $project_id);
$canViewTasks = canView('tasks');
$canAddTasks = canAdd('tasks');
$canEditTasks = canEdit('tasks');
$canDeleteTasks = canDelete('tasks');
if (!$canReadProject) {
$AppUI->redirect('m=public&a=access_denied');
}
// check if this record has dependencies to prevent deletion
$msg = '';
$obj = new CProject();
// Now check if the project is editable/viewable.
$denied = $obj->getDeniedRecords($AppUI->user_id);
if (in_array($project_id, $denied)) {
$AppUI->redirect('m=public&a=access_denied');
}
$canDeleteProject = $obj->canDelete($msg, $project_id);
// get critical tasks (criteria: task_end_date)
<?php
/* $Id$ $URL$ */
if (!defined('W2P_BASE_DIR')) {
die('You should not access this file directly.');
}
$company_id = (int) w2PgetParam($_GET, 'company_id', 0);
// check permissions for this company
$perms =& $AppUI->acl();
// If the company exists we need edit permission,
// If it is a new company we need add permission on the module.
if ($company_id) {
$canEdit = $perms->checkModuleItem('companies', 'edit', $company_id);
} else {
$canEdit = canAdd('companies');
}
if (!$canEdit) {
$AppUI->redirect('m=public&a=access_denied');
}
// load the company types
$types = w2PgetSysVal('CompanyType');
$countries = array('' => $AppUI->_('(Select a Country)')) + w2PgetSysVal('GlobalCountriesPreferred') + array('-' => '----') + w2PgetSysVal('GlobalCountries');
// load the record data
$company = new CCompany();
$obj = $AppUI->restoreObject();
if ($obj) {
$company = $obj;
$company_id = $company->company_id;
} else {
$company->loadFull($AppUI, $company_id);
}
