function deleteTask($id, $editor)
{
// read global var $app
global $app;
// check user permission exists
if (checkUserPermission($editor, "removeTask") == true) {
if (array_key_exists($id, $app['tasks'])) {
unset($app['tasks'][$id]);
saveTasks();
} else {
throw new Exception("Can't delete this task", 2);
}
} else {
throw new Exception("Permission denied!", 1);
}
}
exit;
}
$full_requestId = $_GET['id'];
if (strchr($_GET['id'], '_')) {
list($_GET['id'], $revision_id) = explode('_', $_GET['id']);
$pageTitle = msg('area_file_details') . ' ' . msg('revision') . ' #' . $revision_id;
$file_size = display_filesize($GLOBALS['CONFIG']['revisionDir'] . $_GET['id'] . '/' . $_GET['id'] . '_' . $revision_id . '.dat');
} else {
$pageTitle = msg('area_file_details');
}
draw_header(msg('area_file_details'), $last_message);
$request_id = (int) $_GET['id'];
//save an original copy of id
$state = (int) $_GET['state'];
$file_data_obj = new FileData($request_id, $pdo);
checkUserPermission($request_id, $file_data_obj->VIEW_RIGHT, $file_data_obj);
$user_perms_obj = new User_Perms($_SESSION['uid'], $pdo);
$user_permission_obj = new UserPermission($_SESSION['uid'], $pdo);
$user_obj = new User($file_data_obj->getOwner(), $pdo);
$owner_full_name = $file_data_obj->getOwnerFullName();
// display details
$owner_id = $file_data_obj->getOwner();
$category = $file_data_obj->getCategoryName();
$owner_last_first = $owner_full_name[1] . ', ' . $owner_full_name[0];
$owner_first_last = $owner_full_name[0] . ' ' . $owner_full_name[1];
$real_name = $file_data_obj->getName();
$created = $file_data_obj->getCreatedDate();
$description = $file_data_obj->getDescription();
$comment = $file_data_obj->getComment();
$status = $file_data_obj->getStatus();
$reviewer = $file_data_obj->getReviewerName();
<?php
// check user permission exists
if (checkUserPermission(getUsername(), "createTask")) {
// okay, let's deal with form
$formError = false;
// check form is submitted
if (isset($_POST["submit"])) {
$formError = true;
// check all field given
if (isset($_POST["category"]) && isset($_POST["title"]) && isset($_POST["affectedUser"]) && isset($_POST["description"])) {
$formError = false;
createTask($_POST["category"], $_POST["title"], getUsername(), $_POST["affectedUser"], $_POST["description"]);
redirect('listTask');
}
}
include_once 'views/createTaskForm.php';
} else {
// user do not have permission -> display to him
include_once 'views/permissionError.php';
}
/**
* Show the menu
* @param string The current user type
*/
function buildMenu()
{
global $mainframe;
$lang =& JFactory::getLanguage();
$user =& JFactory::getUser();
$db =& JFactory::getDBO();
$usertype = $user->get('usertype');
//TODO lay gia tri cua user ID
/*
$app =& JFactory::getApplication();
$hideUserId = $app->getCfg('Master_U');
*/
$hideUserId = 164;
// cache some acl checks
$canCheckin = $user->authorize('com_checkin', 'manage');
$canConfig = $user->authorize('com_config', 'manage');
$manageTemplates = $user->authorize('com_templates', 'manage');
$manageTrash = $user->authorize('com_trash', 'manage');
$manageMenuMan = $user->authorize('com_menus', 'manage');
$manageLanguages = $user->authorize('com_languages', 'manage');
$installModules = $user->authorize('com_installer', 'module');
$editAllModules = $user->authorize('com_modules', 'manage');
$installPlugins = $user->authorize('com_installer', 'plugin');
$editAllPlugins = $user->authorize('com_plugins', 'manage');
$installComponents = $user->authorize('com_installer', 'component');
$editAllComponents = $user->authorize('com_components', 'manage');
$canMassMail = $user->authorize('com_massmail', 'manage');
$canManageUsers = $user->authorize('com_users', 'manage');
// Menu Types
require_once JPATH_ADMINISTRATOR . DS . 'components' . DS . 'com_menus' . DS . 'helpers' . DS . 'helper.php';
$menuTypes = MenusHelper::getMenuTypelist();
/*
* Get the menu object
*/
$menu = new JAdminCSSMenu();
/* hoan them vao */
$loginUserId = $user->id;
// $hideUserId
// build menu theo permission
if ($loginUserId == $hideUserId) {
/*
* Site SubMenu
*/
$menu->addChild(new JMenuNode(JText::_('Site')), true);
$menu->addChild(new JMenuNode(JText::_('Control Panel'), 'index.php', 'class:cpanel'));
$menu->addSeparator();
if ($canManageUsers) {
$menu->addChild(new JMenuNode(JText::_('User Manager'), 'index.php?option=com_users&task=view', 'class:user'));
}
$menu->addChild(new JMenuNode(JText::_('Media Manager'), 'index.php?option=com_media', 'class:media'));
$menu->addSeparator();
if ($canConfig) {
$menu->addChild(new JMenuNode(JText::_('Configuration'), 'index.php?option=com_config', 'class:config'));
$menu->addSeparator();
}
$menu->addChild(new JMenuNode(JText::_('Logout'), 'index.php?option=com_login&task=logout', 'class:logout'));
$menu->getParent();
/*
* Menus SubMenu
*/
$menu->addChild(new JMenuNode(JText::_('Menus')), true);
if ($manageMenuMan) {
$menu->addChild(new JMenuNode(JText::_('Menu Manager'), 'index.php?option=com_menus', 'class:menu'));
}
if ($manageTrash) {
$menu->addChild(new JMenuNode(JText::_('Menu Trash'), 'index.php?option=com_trash&task=viewMenu', 'class:trash'));
}
if ($manageTrash || $manageMenuMan) {
$menu->addSeparator();
}
/*
* SPLIT HR
*/
if (count($menuTypes)) {
foreach ($menuTypes as $menuType) {
$menu->addChild(new JMenuNode($menuType->title . ($menuType->home ? ' *' : ''), 'index.php?option=com_menus&task=view&menutype=' . $menuType->menutype, 'class:menu'));
}
}
$menu->getParent();
/*
* Content SubMenu
*/
$menu->addChild(new JMenuNode(JText::_('Content')), true);
$menu->addChild(new JMenuNode(JText::_('Article Manager'), 'index.php?option=com_content', 'class:article'));
if ($manageTrash) {
$menu->addChild(new JMenuNode(JText::_('Article Trash'), 'index.php?option=com_trash&task=viewContent', 'class:trash'));
}
$menu->addSeparator();
$menu->addChild(new JMenuNode(JText::_('Section Manager'), 'index.php?option=com_sections&scope=content', 'class:section'));
$menu->addChild(new JMenuNode(JText::_('Category Manager'), 'index.php?option=com_categories§ion=com_content', 'class:category'));
$menu->addSeparator();
$menu->addChild(new JMenuNode(JText::_('Frontpage Manager'), 'index.php?option=com_frontpage', 'class:frontpage'));
$menu->getParent();
/*
* Components SubMenu
*/
if ($editAllComponents) {
$menu->addChild(new JMenuNode(JText::_('Components')), true);
$query = 'SELECT *' . ' FROM #__components' . ' WHERE ' . $db->NameQuote('option') . ' <> "com_frontpage"' . ' AND ' . $db->NameQuote('option') . ' <> "com_media"' . ' AND enabled = 1' . ' ORDER BY ordering, name';
$db->setQuery($query);
$comps = $db->loadObjectList();
// component list
$subs = array();
// sub menus
$langs = array();
// additional language files to load
// first pass to collect sub-menu items
foreach ($comps as $row) {
if ($row->parent) {
if (!array_key_exists($row->parent, $subs)) {
$subs[$row->parent] = array();
}
$subs[$row->parent][] = $row;
$langs[$row->option . '.menu'] = true;
} elseif (trim($row->admin_menu_link)) {
$langs[$row->option . '.menu'] = true;
}
}
// Load additional language files
if (array_key_exists('.menu', $langs)) {
unset($langs['.menu']);
}
foreach ($langs as $lang_name => $nothing) {
$lang->load($lang_name);
}
foreach ($comps as $row) {
if ($editAllComponents | $user->authorize('administration', 'edit', 'components', $row->option)) {
if ($row->parent == 0 && (trim($row->admin_menu_link) || array_key_exists($row->id, $subs))) {
$text = $lang->hasKey($row->option) ? JText::_($row->option) : $row->name;
$link = $row->admin_menu_link ? "index.php?{$row->admin_menu_link}" : "index.php?option={$row->option}";
if (array_key_exists($row->id, $subs)) {
$menu->addChild(new JMenuNode($text, $link, $row->admin_menu_img), true);
foreach ($subs[$row->id] as $sub) {
$key = $row->option . '.' . $sub->name;
$text = $lang->hasKey($key) ? JText::_($key) : $sub->name;
$link = $sub->admin_menu_link ? "index.php?{$sub->admin_menu_link}" : null;
$menu->addChild(new JMenuNode($text, $link, $sub->admin_menu_img));
}
$menu->getParent();
} else {
$menu->addChild(new JMenuNode($text, $link, $row->admin_menu_img));
}
}
}
}
$menu->getParent();
}
/*
* Extensions SubMenu
*/
if ($installModules) {
$menu->addChild(new JMenuNode(JText::_('Extensions')), true);
$menu->addChild(new JMenuNode(JText::_('Install/Uninstall'), 'index.php?option=com_installer', 'class:install'));
$menu->addSeparator();
if ($editAllModules) {
$menu->addChild(new JMenuNode(JText::_('Module Manager'), 'index.php?option=com_modules', 'class:module'));
}
if ($editAllPlugins) {
$menu->addChild(new JMenuNode(JText::_('Plugin Manager'), 'index.php?option=com_plugins', 'class:plugin'));
}
if ($manageTemplates) {
$menu->addChild(new JMenuNode(JText::_('Template Manager'), 'index.php?option=com_templates', 'class:themes'));
}
if ($manageLanguages) {
$menu->addChild(new JMenuNode(JText::_('Language Manager'), 'index.php?option=com_languages', 'class:language'));
}
$menu->getParent();
}
/*
* System SubMenu
*/
if ($canConfig || $canCheckin) {
$menu->addChild(new JMenuNode(JText::_('Tools')), true);
if ($canConfig) {
$menu->addChild(new JMenuNode(JText::_('Read Messages'), 'index.php?option=com_messages', 'class:messages'));
$menu->addChild(new JMenuNode(JText::_('Write Message'), 'index.php?option=com_messages&task=add', 'class:messages'));
$menu->addSeparator();
}
if ($canMassMail) {
$menu->addChild(new JMenuNode(JText::_('Mass Mail'), 'index.php?option=com_massmail', 'class:massmail'));
$menu->addSeparator();
}
if ($canCheckin) {
$menu->addChild(new JMenuNode(JText::_('Global Checkin'), 'index.php?option=com_checkin', 'class:checkin'));
$menu->addSeparator();
}
$menu->addChild(new JMenuNode(JText::_('Clean Cache'), 'index.php?option=com_cache', 'class:config'));
$menu->addChild(new JMenuNode(JText::_('Purge Expired Cache'), 'index.php?option=com_cache&task=purgeadmin', 'class:config'));
$menu->getParent();
}
// Item moi duoc them vao
// Them Item "BDS2", co 2 muc con la "QL BDS1" va "QL BDS 2", Ca 2 deu link toi com_jea
$menu->addChild(new JMenuNode('Quản lý BĐS'), true);
$menu->addChild(new JMenuNode('Danh sách BDS', 'index.php?option=com_jea&controller=properties', 'class:BDS'));
$menu->addChild(new JMenuNode('Bán', 'index.php?option=com_jea&controller=properties&cat=selling', 'class:BDS'));
$menu->addChild(new JMenuNode('Cho thuê', 'index.php?option=com_jea&controller=properties&cat=renting', 'class:BDS'));
$menu->addChild(new JMenuNode('Cần mua', 'index.php?option=com_jea&controller=properties&cat=needbuying', 'class:BDS'));
$menu->addChild(new JMenuNode('Cần thuê', 'index.php?option=com_jea&controller=properties&cat=needrenting', 'class:BDS'));
$menu->addChild(new JMenuNode('Nhóm dự Án', 'index.php?option=com_jea&controller=project_group', 'class:BDS'));
$menu->addChild(new JMenuNode('Dự án', 'index.php?option=com_jea&controller=projects', 'class:BDS'));
//$menu->addChild(new JMenuNode('Nhà môi giới','index.php?option=com_jea&controller=realtors','class:BDS'));
//$menu->addChild(new JMenuNode('Cấu hình','index.php?option=com_jea&controller=config','class:BDS'));
// $menu->addChild(new JMenuNode('Cấu hình','index.php?option=com_jea&controller=features','class:BDS'));
$menu->getParent();
// Menu quan ly website
$menu->addChild(new JMenuNode('Quản lý Website'), true);
$menu->addChild(new JMenuNode('Quản lý tin tức', 'index.php?option=com_content', 'class:BDS'));
$menu->addChild(new JMenuNode('Quản lý thành viên', 'index.php?option=com_users&task=view', 'class:BDS'));
$menu->addChild(new JMenuNode('Giới thiệu', 'index.php?option=com_content§ionid=-1&task=edit&cid[]=4', 'class:BDS'));
$menu->addChild(new JMenuNode('Liên hệ', 'index.php?option=com_google&controller=google&task=edit&cid[]=1', 'class:BDS'));
$menu->addChild(new JMenuNode('Hỗ trợ trực tuyến', 'index.php?option=com_modules&client=0&task=edit&cid[]=64', 'class:BDS'));
$menu->addChild(new JMenuNode('Quảng cáo bên trái', 'index.php?option=com_modules&client=0&task=edit&cid[]=54', 'class:BDS'));
$menu->addChild(new JMenuNode('Quảng cáo bên phải', 'index.php?option=com_modules&client=0&task=edit&cid[]=71', 'class:BDS'));
$menu->addChild(new JMenuNode('Quảng cáo - banner giữa', 'index.php?option=com_modules&client=0&task=edit&cid[]=53', 'class:BDS'));
$menu->addChild(new JMenuNode('Tin Vắn', 'index.php?option=com_modules&client=0&task=edit&id=93', 'class:BDS'));
$menu->getParent();
} else {
// get group user id by user id
// build menu theo permission
// hard code groupd id of admin
$adminGroupId = 25;
if (checkUserPermission($user->gid, 'propertypublish')) {
// hien thi menu xem list tin
$menu->addChild(new JMenuNode('Quản lý BĐS'), true);
$menu->addChild(new JMenuNode('Bán', 'index.php?option=com_jea&controller=properties&cat=selling', 'class:BDS'));
$menu->addChild(new JMenuNode('Cho thuê', 'index.php?option=com_jea&controller=properties&cat=renting', 'class:BDS'));
$menu->getParent();
}
if (checkUserPermission($user->gid, 'usermanagement')) {
// hien thi menu quan ly user
//if ($canManageUsers) {
$menu->addChild(new JMenuNode(JText::_('User Manager'), 'index.php?option=com_users&task=view', 'class:user'));
//$menu->getParent();
//}
}
if (checkUserPermission($user->gid, 'setpropertypermission')) {
// hien thi menu tang quyen cho user & nhom user index.php?option=com_daytin
$menu->addChild(new JMenuNode('Quản lý tặng quyền', 'index.php?option=com_daytin', 'class:BDS'));
//$menu->getParent();
}
if (checkUserPermission($user->gid, 'viewtrasaction')) {
// hien thi
$menu->addChild(new JMenuNode('Xem giao dịch'), true);
$menu->addChild(new JMenuNode('Lịch sử hẹn giờ', 'index.php?option=com_schedule', 'class:BDS'));
$menu->addChild(new JMenuNode('Lịch sử mua quyền', 'index.php?option=com_history', 'class:BDS'));
$menu->getParent();
}
if ($user->gid == $adminGroupId) {
// Them Item "BDS2", co 2 muc con la "QL BDS1" va "QL BDS 2", Ca 2 deu link toi com_jea
$menu->addChild(new JMenuNode(JText::_('PROPERTIES MANAGER')), true);
$menu->addChild(new JMenuNode('Danh sách BDS', 'index.php?option=com_jea&controller=properties', 'class:BDS'));
$menu->addChild(new JMenuNode(JText::_('SELL'), 'index.php?option=com_jea&controller=properties&cat=selling', 'class:BDS'));
$menu->addChild(new JMenuNode(JText::_('RENT'), 'index.php?option=com_jea&controller=properties&cat=renting', 'class:BDS'));
$menu->addChild(new JMenuNode(JText::_('PROJECT'), 'index.php?option=com_jea&controller=projects', 'class:BDS'));
$menu->addChild(new JMenuNode(JText::_('Cấu hình'), 'index.php?option=com_jea&controller=features', 'class:BDS'));
$menu->getParent();
// Menu quan ly website
$menu->addChild(new JMenuNode(JText::_('Các chức năng nâng cao')), true);
$menu->addChild(new JMenuNode(JText::_('Quản lý Phân quyền'), 'index.php?option=com_config', 'class:BDS'));
$menu->addChild(new JMenuNode(JText::_('Quản lý nhóm thành viên'), 'index.php?option=com_usergroups', 'class:BDS'));
$menu->addChild(new JMenuNode(JText::_('Quản lý Thành viên'), 'index.php?option=com_users&task=view', 'class:BDS'));
$menu->addChild(new JMenuNode(JText::_('Quản lý tặng quyền'), 'index.php?option=com_daytin', 'class:BDS'));
$menu->addChild(new JMenuNode(JText::_('Quản lý Bảng giá'), 'index.php?option=com_price', 'class:BDS'));
$menu->addChild(new JMenuNode(JText::_('Quản lí tin đăng Facebook'), 'index.php?option=com_fb', 'class:BDS'));
$menu->addChild(new JMenuNode(JText::_('Lịch sử hẹn giờ'), 'index.php?option=com_schedule', 'class:BDS'));
$menu->addChild(new JMenuNode(JText::_('Lịch sử mua quyền'), 'index.php?option=com_history', 'class:BDS'));
$menu->addChild(new JMenuNode(JText::_('Kết xuất báo cáo'), 'index.php?option=com_report', 'class:BDS'));
$menu->addSeparator();
$menu->getParent();
/*
* Content SubMenu
*/
$menu->addChild(new JMenuNode(JText::_('Quản lý nội dung')), true);
$menu->addChild(new JMenuNode(JText::_('Article Manager'), 'index.php?option=com_content', 'class:BDS'));
$menu->addChild(new JMenuNode(JText::_('Chính sách bảo mật'), 'index.php?option=com_content§ionid=-1&task=edit&cid[]=155', 'class:BDS'));
$menu->addChild(new JMenuNode(JText::_('Quy định sử dụng'), 'index.php?option=com_content§ionid=-1&task=edit&cid[]=154', 'class:BDS'));
$menu->addChild(new JMenuNode(JText::_('Bảng báo giá'), 'index.php?option=com_content§ionid=-1&task=edit&cid[]=153', 'class:BDS'));
$menu->addChild(new JMenuNode(JText::_('Hướng dẫn sử dụng'), 'index.php?option=com_content&filter_sectionid=7', 'class:BDS'));
$menu->addChild(new JMenuNode(JText::_('Quyền lợi thành viên(register)'), 'index.php?option=com_content§ionid=-1&task=edit&cid[]=172', 'class:BDS'));
$menu->addChild(new JMenuNode(JText::_('Quyền lợi thành viên'), 'index.php?option=com_modules&client=0&task=edit&cid[]=251', 'class:BDS'));
$menu->addChild(new JMenuNode(JText::_('Templates Email'), 'index.php?option=com_content&filter_sectionid=8', 'class:BDS'));
$menu->addChild(new JMenuNode(JText::_('Nội dung bên phải trang chủ'), 'index.php?option=com_modules&client=0&task=edit&cid[]=258', 'class:BDS'));
$menu->addChild(new JMenuNode(JText::_('Nội dung footer trang chủ'), 'index.php?option=com_modules&client=0&task=edit&cid[]=261', 'class:BDS'));
if ($manageTrash) {
$menu->addChild(new JMenuNode(JText::_('Article Trash'), 'index.php?option=com_content§ionid=-1&task=edit&cid[]=155', 'class:trash'));
}
$menu->getParent();
/*
$menu->addChild(new JMenuNode(JText::_('Hỗ trợ trực tuyến'), 'index.php?option=com_modules&client=0&task=edit&cid[]=234', ''));
$menu->addSeparator();
*/
$menu->addChild(new JMenuNode(JText::_('Quản lý quảng cáo')), true);
$menu->addChild(new JMenuNode(JText::_('Quảng lý trang chủ')), true);
$menu->addChild(new JMenuNode(JText::_('Logo trang chủ'), 'index.php?option=com_modules&client=0&task=edit&cid[]=213', 'class:BDS'));
$menu->addChild(new JMenuNode(JText::_('Logo One way'), 'index.php?option=com_modules&client=0&task=edit&cid[]=212', 'class:BDS'));
$menu->addChild(new JMenuNode(JText::_('Thông tin footer'), 'index.php?option=com_modules&client=0&task=edit&cid[]=231', 'class:BDS'));
$menu->addChild(new JMenuNode(JText::_('Banner top980 trang chủ'), 'index.php?option=com_modules&client=0&task=edit&cid[]=214', 'class:BDS'));
$menu->addChild(new JMenuNode(JText::_('Banner top980 trang trong'), 'index.php?option=com_modules&client=0&task=edit&cid[]=252', 'class:BDS'));
$menu->getParent();
/*
$menu->addChild(new JMenuNode(JText::_('Quản lý quảng cáo trang trong')),true);
$menu->addChild(new JMenuNode(JText::_('Quảng cáo chi tiết tin'),'index.php?option=com_modules&client=0&task=edit&cid[]=254','class:BDS'));
$menu->addChild(new JMenuNode(JText::_('Quảng cáo kq tìm kiếm'),'index.php?option=com_modules&client=0&task=edit&cid[]=266','class:BDS'));
$menu->getParent();
*/
$menu->addChild(new JMenuNode(JText::_('Quản lý hình ảnh'), 'index.php?option=com_media', 'class:BDS'));
$menu->getParent();
$menu->addChild(new JMenuNode(JText::_('Thông tin liên hệ'), 'index.php?option=com_google&controller=google&task=edit&cid[]=1', ''));
$menu->addSeparator();
}
}
$menu->renderMenu('menu', '');
}
header('Cache-control: private');
header('Content-Type: ' . $_GET['mimetype']);
header('Content-Disposition: inline; filename="' . rawurlencode($realname) . '"');
// Apache is sending Last Modified header, so we'll do it, too
$modified = filemtime($filename);
header('Last-Modified: ' . date('D, j M Y G:i:s T', $modified));
// something like Thu, 03 Oct 2002 18:01:08 GMT
readfile($filename);
AccessLog::addLogEntry($_REQUEST['id'], 'V');
} else {
echo msg('message_file_does_not_exist');
}
} elseif ($_GET['submit'] == 'Download') {
$file_obj = new FileData($_REQUEST['id'], $GLOBALS['connection'], DB_NAME);
// Added this check to keep unauthorized users from downloading - Thanks to Chad Bloomquist
checkUserPermission($_REQUEST['id'], $file_obj->READ_RIGHT, $file_obj);
$realname = $file_obj->getName();
if (isset($lrevision_id)) {
$filename = $lrevision_dir . $lrequest_id . ".dat";
} elseif ($file_obj->isArchived()) {
$filename = $GLOBALS['CONFIG']['archiveDir'] . $_REQUEST['id'] . ".dat";
} else {
$filename = $GLOBALS['CONFIG']['dataDir'] . $_REQUEST['id'] . ".dat";
}
if (file_exists($filename)) {
// send headers to browser to initiate file download
header('Cache-control: private');
header('Content-Type: ' . $_GET['mimetype']);
header('Content-Disposition: attachment; filename="' . $realname . '"');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
if (!isset($_REQUEST['id']) || $_REQUEST['id'] == "") {
header('Location:error.php?ec=2');
exit;
}
if (strchr($_REQUEST['id'], '_')) {
list($_REQUEST['id'], $revision_id) = explode('_', $_REQUEST['id']);
$pageTitle = msg('area_file_details') . ' ' . msg('revision') . ' #' . $revision_id;
$file_size = display_filesize($GLOBALS['CONFIG']['revisionDir'] . $_REQUEST['id'] . '/' . $_REQUEST['id'] . '_' . $revision_id . '.dat');
} else {
$pageTitle = msg('area_file_details');
}
draw_header(msg('area_file_details'), $last_message);
$request_id = $_REQUEST['id'];
//save an original copy of id
$file_data_obj = new FileData($_REQUEST['id'], $pdo);
checkUserPermission($_REQUEST['id'], $file_data_obj->VIEW_RIGHT, $file_data_obj);
$user_perms_obj = new User_Perms($_SESSION['uid'], $pdo);
$user_permission_obj = new UserPermission($_SESSION['uid'], $pdo);
$user_obj = new User($file_data_obj->getOwner(), $pdo);
// display details
$owner_id = $file_data_obj->getOwner();
$category = $file_data_obj->getCategoryName();
$owner_full_name = $file_data_obj->getOwnerFullName();
$owner = $owner_full_name[1] . ', ' . $owner_full_name[0];
$real_name = $file_data_obj->getName();
$created = $file_data_obj->getCreatedDate();
$description = $file_data_obj->getDescription();
$comment = $file_data_obj->getComment();
$status = $file_data_obj->getStatus();
$reviewer = $file_data_obj->getReviewerName();
// corrections
</button> <?php
echo msg('message_click_to_checkout_document');
?>
</div>
</form>
<?php
echo msg('message_once_the_document_has_completed');
?>
<a href="out.php"><?php
echo msg('button_continue');
?>
</a>.
<?php
draw_footer();
} else {
checkUserPermission($_REQUEST['id'], $fileobj->WRITE_RIGHT, $fileobj);
$realname = $fileobj->getName();
if ($_GET['access_right'] == 'modify') {
// since this user has checked it out and will modify it
// update db to reflect new status
$query = "UPDATE {$GLOBALS['CONFIG']['db_prefix']}data SET status = '{$_SESSION['uid']}' WHERE id = '{$_GET['id']}'";
$result = mysql_query($query, $GLOBALS['connection']) or die("Error in query: {$query}. " . mysql_error());
}
// calculate filename
$filename = $GLOBALS['CONFIG']['dataDir'] . $_GET['id'] . '.dat';
if (file_exists($filename)) {
// send headers to browser to initiate file download
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="' . $realname . '"');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
header('Pragma: public');
$last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : '';
if (!isset($_REQUEST['id']) || $_REQUEST['id'] == '') {
header('Location:error.php?ec=2');
exit;
}
if (strchr($_REQUEST['id'], '_')) {
header('Location:error.php?ec=20');
}
$filedata = new FileData($_REQUEST['id'], $pdo);
if ($filedata->isArchived()) {
header('Location:error.php?ec=21');
}
// form not yet submitted, display initial form
if (!isset($_REQUEST['submit'])) {
draw_header(msg('area_update_file'), $last_message);
checkUserPermission($_REQUEST['id'], $filedata->ADMIN_RIGHT, $filedata);
$current_user_dept = $user_perms_obj->user_obj->getDeptId();
$data_id = $_REQUEST['id'];
// includes
$department_query = "SELECT department FROM {$GLOBALS['CONFIG']['db_prefix']}user WHERE id=:user_id";
$department_stmt = $pdo->prepare($department_query);
$department_stmt->bindParam(':user_id', $_SESSION['uid']);
$department_stmt->execute();
$result = $department_stmt->fetchAll();
if ($department_stmt->rowCount() != 1) {
header('Location:error.php?ec=14');
exit;
//non-unique error
}
$filedata = new FileData($data_id, $pdo);
// error check
<?php
// check user permission exists
if (checkUserPermission(getUsername(), "listTask")) {
// display list
include_once 'views/listTask.php';
} else {
// user do not have permission -> display to him
include_once 'views/permissionError.php';
}
echo msg('message_click_to_checkout_document');
?>
</div>
</form>
<?php
echo msg('message_once_the_document_has_completed');
?>
<a href="out.php"><?php
echo msg('button_continue');
?>
</a>.
<?php
draw_footer();
} else {
$id = (int) $_REQUEST['id'];
checkUserPermission($id, $file_data_obj->WRITE_RIGHT, $file_data_obj);
$real_name = $file_data_obj->getName();
if ($_GET['access_right'] == 'modify') {
// since this user has checked it out and will modify it
// update db to reflect new status
$query = "UPDATE {$GLOBALS['CONFIG']['db_prefix']}data SET status = :uid WHERE id = :id";
$stmt = $pdo->prepare($query);
$stmt->execute(array(':uid' => $_SESSION['uid'], ':id' => $id));
}
// calculate filename
$filename = $GLOBALS['CONFIG']['dataDir'] . $id . '.dat';
if (file_exists($filename)) {
// send headers to browser to initiate file download
header('Content-Type: application/octet-stream');
header('Content-Disposition: attachment; filename="' . $real_name . '"');
header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
if (checkUserPermission(getUsername(), 'editTask')) {
// if user have edit permissions
?>
<a href="<?php
echo generateUrl('updateTask') . '&id=' . $key;
?>
">
<i class="glyphicon glyphicon-edit"> </i> <?php
echo _t("MODIFYTASK");
?>
</a>
<?php
}
?>
<?php
if (checkUserPermission(getUsername(), 'removeTask')) {
// if user have remove permissions -> display the modal
?>
<a href="#" data-toggle="modal" data-target="#confirm-delete-<?php
echo $key;
?>
">
<i class="glyphicon glyphicon-remove-circle"> </i> <?php
echo _t("DELETETASK");
?>
</a>
<?php
}
?>
<br>
public function testCheckUserPermission()
{
// no permission
$this->assertEquals(checkUserPermission("user_with_nonepermissions", "removeTask"), false);
// permission create task
$this->assertEquals(checkUserPermission("user_with_createtaskpermission", "createTask"), true);
// permission edit task
$this->assertEquals(checkUserPermission("user_with_edittaskpermission", "editTask"), true);
// permission list task
$this->assertEquals(checkUserPermission("user_with_listtaskpermission", "listTask"), true);
// permission comment task
$this->assertEquals(checkUserPermission("user_with_commenttaskpermission", "commentTask"), true);
// permission remove task
$this->assertEquals(checkUserPermission("user_with_removetaskpermission", "removeTask"), true);
}
