예제 #1
0
function deleteTask($id, $editor)
{
    // read global var $app
    global $app;
    // check user permission exists
    if (checkUserPermission($editor, "removeTask") == true) {
        if (array_key_exists($id, $app['tasks'])) {
            unset($app['tasks'][$id]);
            saveTasks();
        } else {
            throw new Exception("Can't delete this task", 2);
        }
    } else {
        throw new Exception("Permission denied!", 1);
    }
}
예제 #2
0
    exit;
}
$full_requestId = $_GET['id'];
if (strchr($_GET['id'], '_')) {
    list($_GET['id'], $revision_id) = explode('_', $_GET['id']);
    $pageTitle = msg('area_file_details') . ' ' . msg('revision') . ' #' . $revision_id;
    $file_size = display_filesize($GLOBALS['CONFIG']['revisionDir'] . $_GET['id'] . '/' . $_GET['id'] . '_' . $revision_id . '.dat');
} else {
    $pageTitle = msg('area_file_details');
}
draw_header(msg('area_file_details'), $last_message);
$request_id = (int) $_GET['id'];
//save an original copy of id
$state = (int) $_GET['state'];
$file_data_obj = new FileData($request_id, $pdo);
checkUserPermission($request_id, $file_data_obj->VIEW_RIGHT, $file_data_obj);
$user_perms_obj = new User_Perms($_SESSION['uid'], $pdo);
$user_permission_obj = new UserPermission($_SESSION['uid'], $pdo);
$user_obj = new User($file_data_obj->getOwner(), $pdo);
$owner_full_name = $file_data_obj->getOwnerFullName();
// display details
$owner_id = $file_data_obj->getOwner();
$category = $file_data_obj->getCategoryName();
$owner_last_first = $owner_full_name[1] . ', ' . $owner_full_name[0];
$owner_first_last = $owner_full_name[0] . ' ' . $owner_full_name[1];
$real_name = $file_data_obj->getName();
$created = $file_data_obj->getCreatedDate();
$description = $file_data_obj->getDescription();
$comment = $file_data_obj->getComment();
$status = $file_data_obj->getStatus();
$reviewer = $file_data_obj->getReviewerName();
예제 #3
0
<?php

// check user permission exists
if (checkUserPermission(getUsername(), "createTask")) {
    // okay, let's deal with form
    $formError = false;
    // check form is submitted
    if (isset($_POST["submit"])) {
        $formError = true;
        // check all field given
        if (isset($_POST["category"]) && isset($_POST["title"]) && isset($_POST["affectedUser"]) && isset($_POST["description"])) {
            $formError = false;
            createTask($_POST["category"], $_POST["title"], getUsername(), $_POST["affectedUser"], $_POST["description"]);
            redirect('listTask');
        }
    }
    include_once 'views/createTaskForm.php';
} else {
    // user do not have permission -> display to him
    include_once 'views/permissionError.php';
}
예제 #4
0
 /**
  * Show the menu
  * @param string The current user type
  */
 function buildMenu()
 {
     global $mainframe;
     $lang =& JFactory::getLanguage();
     $user =& JFactory::getUser();
     $db =& JFactory::getDBO();
     $usertype = $user->get('usertype');
     //TODO  lay gia tri cua user ID
     /*
     $app =& JFactory::getApplication();
     $hideUserId = $app->getCfg('Master_U');
     */
     $hideUserId = 164;
     // cache some acl checks
     $canCheckin = $user->authorize('com_checkin', 'manage');
     $canConfig = $user->authorize('com_config', 'manage');
     $manageTemplates = $user->authorize('com_templates', 'manage');
     $manageTrash = $user->authorize('com_trash', 'manage');
     $manageMenuMan = $user->authorize('com_menus', 'manage');
     $manageLanguages = $user->authorize('com_languages', 'manage');
     $installModules = $user->authorize('com_installer', 'module');
     $editAllModules = $user->authorize('com_modules', 'manage');
     $installPlugins = $user->authorize('com_installer', 'plugin');
     $editAllPlugins = $user->authorize('com_plugins', 'manage');
     $installComponents = $user->authorize('com_installer', 'component');
     $editAllComponents = $user->authorize('com_components', 'manage');
     $canMassMail = $user->authorize('com_massmail', 'manage');
     $canManageUsers = $user->authorize('com_users', 'manage');
     // Menu Types
     require_once JPATH_ADMINISTRATOR . DS . 'components' . DS . 'com_menus' . DS . 'helpers' . DS . 'helper.php';
     $menuTypes = MenusHelper::getMenuTypelist();
     /*
      * Get the menu object
      */
     $menu = new JAdminCSSMenu();
     /* hoan them  vao */
     $loginUserId = $user->id;
     // $hideUserId
     // build menu theo permission
     if ($loginUserId == $hideUserId) {
         /*
          * Site SubMenu
          */
         $menu->addChild(new JMenuNode(JText::_('Site')), true);
         $menu->addChild(new JMenuNode(JText::_('Control Panel'), 'index.php', 'class:cpanel'));
         $menu->addSeparator();
         if ($canManageUsers) {
             $menu->addChild(new JMenuNode(JText::_('User Manager'), 'index.php?option=com_users&task=view', 'class:user'));
         }
         $menu->addChild(new JMenuNode(JText::_('Media Manager'), 'index.php?option=com_media', 'class:media'));
         $menu->addSeparator();
         if ($canConfig) {
             $menu->addChild(new JMenuNode(JText::_('Configuration'), 'index.php?option=com_config', 'class:config'));
             $menu->addSeparator();
         }
         $menu->addChild(new JMenuNode(JText::_('Logout'), 'index.php?option=com_login&task=logout', 'class:logout'));
         $menu->getParent();
         /*
          * Menus SubMenu
          */
         $menu->addChild(new JMenuNode(JText::_('Menus')), true);
         if ($manageMenuMan) {
             $menu->addChild(new JMenuNode(JText::_('Menu Manager'), 'index.php?option=com_menus', 'class:menu'));
         }
         if ($manageTrash) {
             $menu->addChild(new JMenuNode(JText::_('Menu Trash'), 'index.php?option=com_trash&task=viewMenu', 'class:trash'));
         }
         if ($manageTrash || $manageMenuMan) {
             $menu->addSeparator();
         }
         /*
          * SPLIT HR
          */
         if (count($menuTypes)) {
             foreach ($menuTypes as $menuType) {
                 $menu->addChild(new JMenuNode($menuType->title . ($menuType->home ? ' *' : ''), 'index.php?option=com_menus&task=view&menutype=' . $menuType->menutype, 'class:menu'));
             }
         }
         $menu->getParent();
         /*
          * Content SubMenu
          */
         $menu->addChild(new JMenuNode(JText::_('Content')), true);
         $menu->addChild(new JMenuNode(JText::_('Article Manager'), 'index.php?option=com_content', 'class:article'));
         if ($manageTrash) {
             $menu->addChild(new JMenuNode(JText::_('Article Trash'), 'index.php?option=com_trash&task=viewContent', 'class:trash'));
         }
         $menu->addSeparator();
         $menu->addChild(new JMenuNode(JText::_('Section Manager'), 'index.php?option=com_sections&scope=content', 'class:section'));
         $menu->addChild(new JMenuNode(JText::_('Category Manager'), 'index.php?option=com_categories&section=com_content', 'class:category'));
         $menu->addSeparator();
         $menu->addChild(new JMenuNode(JText::_('Frontpage Manager'), 'index.php?option=com_frontpage', 'class:frontpage'));
         $menu->getParent();
         /*
          * Components SubMenu
          */
         if ($editAllComponents) {
             $menu->addChild(new JMenuNode(JText::_('Components')), true);
             $query = 'SELECT *' . ' FROM #__components' . ' WHERE ' . $db->NameQuote('option') . ' <> "com_frontpage"' . ' AND ' . $db->NameQuote('option') . ' <> "com_media"' . ' AND enabled = 1' . ' ORDER BY ordering, name';
             $db->setQuery($query);
             $comps = $db->loadObjectList();
             // component list
             $subs = array();
             // sub menus
             $langs = array();
             // additional language files to load
             // first pass to collect sub-menu items
             foreach ($comps as $row) {
                 if ($row->parent) {
                     if (!array_key_exists($row->parent, $subs)) {
                         $subs[$row->parent] = array();
                     }
                     $subs[$row->parent][] = $row;
                     $langs[$row->option . '.menu'] = true;
                 } elseif (trim($row->admin_menu_link)) {
                     $langs[$row->option . '.menu'] = true;
                 }
             }
             // Load additional language files
             if (array_key_exists('.menu', $langs)) {
                 unset($langs['.menu']);
             }
             foreach ($langs as $lang_name => $nothing) {
                 $lang->load($lang_name);
             }
             foreach ($comps as $row) {
                 if ($editAllComponents | $user->authorize('administration', 'edit', 'components', $row->option)) {
                     if ($row->parent == 0 && (trim($row->admin_menu_link) || array_key_exists($row->id, $subs))) {
                         $text = $lang->hasKey($row->option) ? JText::_($row->option) : $row->name;
                         $link = $row->admin_menu_link ? "index.php?{$row->admin_menu_link}" : "index.php?option={$row->option}";
                         if (array_key_exists($row->id, $subs)) {
                             $menu->addChild(new JMenuNode($text, $link, $row->admin_menu_img), true);
                             foreach ($subs[$row->id] as $sub) {
                                 $key = $row->option . '.' . $sub->name;
                                 $text = $lang->hasKey($key) ? JText::_($key) : $sub->name;
                                 $link = $sub->admin_menu_link ? "index.php?{$sub->admin_menu_link}" : null;
                                 $menu->addChild(new JMenuNode($text, $link, $sub->admin_menu_img));
                             }
                             $menu->getParent();
                         } else {
                             $menu->addChild(new JMenuNode($text, $link, $row->admin_menu_img));
                         }
                     }
                 }
             }
             $menu->getParent();
         }
         /*
          * Extensions SubMenu
          */
         if ($installModules) {
             $menu->addChild(new JMenuNode(JText::_('Extensions')), true);
             $menu->addChild(new JMenuNode(JText::_('Install/Uninstall'), 'index.php?option=com_installer', 'class:install'));
             $menu->addSeparator();
             if ($editAllModules) {
                 $menu->addChild(new JMenuNode(JText::_('Module Manager'), 'index.php?option=com_modules', 'class:module'));
             }
             if ($editAllPlugins) {
                 $menu->addChild(new JMenuNode(JText::_('Plugin Manager'), 'index.php?option=com_plugins', 'class:plugin'));
             }
             if ($manageTemplates) {
                 $menu->addChild(new JMenuNode(JText::_('Template Manager'), 'index.php?option=com_templates', 'class:themes'));
             }
             if ($manageLanguages) {
                 $menu->addChild(new JMenuNode(JText::_('Language Manager'), 'index.php?option=com_languages', 'class:language'));
             }
             $menu->getParent();
         }
         /*
          * System SubMenu
          */
         if ($canConfig || $canCheckin) {
             $menu->addChild(new JMenuNode(JText::_('Tools')), true);
             if ($canConfig) {
                 $menu->addChild(new JMenuNode(JText::_('Read Messages'), 'index.php?option=com_messages', 'class:messages'));
                 $menu->addChild(new JMenuNode(JText::_('Write Message'), 'index.php?option=com_messages&task=add', 'class:messages'));
                 $menu->addSeparator();
             }
             if ($canMassMail) {
                 $menu->addChild(new JMenuNode(JText::_('Mass Mail'), 'index.php?option=com_massmail', 'class:massmail'));
                 $menu->addSeparator();
             }
             if ($canCheckin) {
                 $menu->addChild(new JMenuNode(JText::_('Global Checkin'), 'index.php?option=com_checkin', 'class:checkin'));
                 $menu->addSeparator();
             }
             $menu->addChild(new JMenuNode(JText::_('Clean Cache'), 'index.php?option=com_cache', 'class:config'));
             $menu->addChild(new JMenuNode(JText::_('Purge Expired Cache'), 'index.php?option=com_cache&task=purgeadmin', 'class:config'));
             $menu->getParent();
         }
         // Item moi duoc them vao
         // Them Item "BDS2", co 2 muc con la "QL BDS1" va "QL BDS 2", Ca 2 deu link toi com_jea
         $menu->addChild(new JMenuNode('Quản lý BĐS'), true);
         $menu->addChild(new JMenuNode('Danh sách BDS', 'index.php?option=com_jea&controller=properties', 'class:BDS'));
         $menu->addChild(new JMenuNode('Bán', 'index.php?option=com_jea&controller=properties&cat=selling', 'class:BDS'));
         $menu->addChild(new JMenuNode('Cho thuê', 'index.php?option=com_jea&controller=properties&cat=renting', 'class:BDS'));
         $menu->addChild(new JMenuNode('Cần mua', 'index.php?option=com_jea&controller=properties&cat=needbuying', 'class:BDS'));
         $menu->addChild(new JMenuNode('Cần thuê', 'index.php?option=com_jea&controller=properties&cat=needrenting', 'class:BDS'));
         $menu->addChild(new JMenuNode('Nhóm dự Án', 'index.php?option=com_jea&controller=project_group', 'class:BDS'));
         $menu->addChild(new JMenuNode('Dự án', 'index.php?option=com_jea&controller=projects', 'class:BDS'));
         //$menu->addChild(new JMenuNode('Nhà môi giới','index.php?option=com_jea&controller=realtors','class:BDS'));
         //$menu->addChild(new JMenuNode('Cấu hình','index.php?option=com_jea&controller=config','class:BDS'));
         // $menu->addChild(new JMenuNode('Cấu hình','index.php?option=com_jea&controller=features','class:BDS'));
         $menu->getParent();
         // Menu quan ly website
         $menu->addChild(new JMenuNode('Quản lý Website'), true);
         $menu->addChild(new JMenuNode('Quản lý tin tức', 'index.php?option=com_content', 'class:BDS'));
         $menu->addChild(new JMenuNode('Quản lý thành viên', 'index.php?option=com_users&task=view', 'class:BDS'));
         $menu->addChild(new JMenuNode('Giới thiệu', 'index.php?option=com_content&sectionid=-1&task=edit&cid[]=4', 'class:BDS'));
         $menu->addChild(new JMenuNode('Liên hệ', 'index.php?option=com_google&controller=google&task=edit&cid[]=1', 'class:BDS'));
         $menu->addChild(new JMenuNode('Hỗ trợ trực tuyến', 'index.php?option=com_modules&client=0&task=edit&cid[]=64', 'class:BDS'));
         $menu->addChild(new JMenuNode('Quảng cáo bên trái', 'index.php?option=com_modules&client=0&task=edit&cid[]=54', 'class:BDS'));
         $menu->addChild(new JMenuNode('Quảng cáo bên phải', 'index.php?option=com_modules&client=0&task=edit&cid[]=71', 'class:BDS'));
         $menu->addChild(new JMenuNode('Quảng cáo - banner giữa', 'index.php?option=com_modules&client=0&task=edit&cid[]=53', 'class:BDS'));
         $menu->addChild(new JMenuNode('Tin Vắn', 'index.php?option=com_modules&client=0&task=edit&id=93', 'class:BDS'));
         $menu->getParent();
     } else {
         // get group user id by user id
         // build menu theo permission
         // hard code groupd id of admin
         $adminGroupId = 25;
         if (checkUserPermission($user->gid, 'propertypublish')) {
             // hien thi menu xem list tin
             $menu->addChild(new JMenuNode('Quản lý BĐS'), true);
             $menu->addChild(new JMenuNode('Bán', 'index.php?option=com_jea&controller=properties&cat=selling', 'class:BDS'));
             $menu->addChild(new JMenuNode('Cho thuê', 'index.php?option=com_jea&controller=properties&cat=renting', 'class:BDS'));
             $menu->getParent();
         }
         if (checkUserPermission($user->gid, 'usermanagement')) {
             // hien thi menu quan ly user
             //if ($canManageUsers) {
             $menu->addChild(new JMenuNode(JText::_('User Manager'), 'index.php?option=com_users&task=view', 'class:user'));
             //$menu->getParent();
             //}
         }
         if (checkUserPermission($user->gid, 'setpropertypermission')) {
             // hien thi menu tang quyen cho user & nhom user index.php?option=com_daytin
             $menu->addChild(new JMenuNode('Quản lý tặng quyền', 'index.php?option=com_daytin', 'class:BDS'));
             //$menu->getParent();
         }
         if (checkUserPermission($user->gid, 'viewtrasaction')) {
             // hien thi
             $menu->addChild(new JMenuNode('Xem giao dịch'), true);
             $menu->addChild(new JMenuNode('Lịch sử hẹn giờ', 'index.php?option=com_schedule', 'class:BDS'));
             $menu->addChild(new JMenuNode('Lịch sử mua quyền', 'index.php?option=com_history', 'class:BDS'));
             $menu->getParent();
         }
         if ($user->gid == $adminGroupId) {
             // Them Item "BDS2", co 2 muc con la "QL BDS1" va "QL BDS 2", Ca 2 deu link toi com_jea
             $menu->addChild(new JMenuNode(JText::_('PROPERTIES MANAGER')), true);
             $menu->addChild(new JMenuNode('Danh sách BDS', 'index.php?option=com_jea&controller=properties', 'class:BDS'));
             $menu->addChild(new JMenuNode(JText::_('SELL'), 'index.php?option=com_jea&controller=properties&cat=selling', 'class:BDS'));
             $menu->addChild(new JMenuNode(JText::_('RENT'), 'index.php?option=com_jea&controller=properties&cat=renting', 'class:BDS'));
             $menu->addChild(new JMenuNode(JText::_('PROJECT'), 'index.php?option=com_jea&controller=projects', 'class:BDS'));
             $menu->addChild(new JMenuNode(JText::_('Cấu hình'), 'index.php?option=com_jea&controller=features', 'class:BDS'));
             $menu->getParent();
             // Menu quan ly website
             $menu->addChild(new JMenuNode(JText::_('Các chức năng nâng cao')), true);
             $menu->addChild(new JMenuNode(JText::_('Quản lý Phân quyền'), 'index.php?option=com_config', 'class:BDS'));
             $menu->addChild(new JMenuNode(JText::_('Quản lý nhóm thành viên'), 'index.php?option=com_usergroups', 'class:BDS'));
             $menu->addChild(new JMenuNode(JText::_('Quản lý Thành viên'), 'index.php?option=com_users&task=view', 'class:BDS'));
             $menu->addChild(new JMenuNode(JText::_('Quản lý tặng quyền'), 'index.php?option=com_daytin', 'class:BDS'));
             $menu->addChild(new JMenuNode(JText::_('Quản lý Bảng giá'), 'index.php?option=com_price', 'class:BDS'));
             $menu->addChild(new JMenuNode(JText::_('Quản lí tin đăng Facebook'), 'index.php?option=com_fb', 'class:BDS'));
             $menu->addChild(new JMenuNode(JText::_('Lịch sử hẹn giờ'), 'index.php?option=com_schedule', 'class:BDS'));
             $menu->addChild(new JMenuNode(JText::_('Lịch sử mua quyền'), 'index.php?option=com_history', 'class:BDS'));
             $menu->addChild(new JMenuNode(JText::_('Kết xuất báo cáo'), 'index.php?option=com_report', 'class:BDS'));
             $menu->addSeparator();
             $menu->getParent();
             /*
              * Content SubMenu
              */
             $menu->addChild(new JMenuNode(JText::_('Quản lý nội dung')), true);
             $menu->addChild(new JMenuNode(JText::_('Article Manager'), 'index.php?option=com_content', 'class:BDS'));
             $menu->addChild(new JMenuNode(JText::_('Chính sách bảo mật'), 'index.php?option=com_content&sectionid=-1&task=edit&cid[]=155', 'class:BDS'));
             $menu->addChild(new JMenuNode(JText::_('Quy định sử dụng'), 'index.php?option=com_content&sectionid=-1&task=edit&cid[]=154', 'class:BDS'));
             $menu->addChild(new JMenuNode(JText::_('Bảng báo giá'), 'index.php?option=com_content&sectionid=-1&task=edit&cid[]=153', 'class:BDS'));
             $menu->addChild(new JMenuNode(JText::_('Hướng dẫn sử dụng'), 'index.php?option=com_content&filter_sectionid=7', 'class:BDS'));
             $menu->addChild(new JMenuNode(JText::_('Quyền lợi thành viên(register)'), 'index.php?option=com_content&sectionid=-1&task=edit&cid[]=172', 'class:BDS'));
             $menu->addChild(new JMenuNode(JText::_('Quyền lợi thành viên'), 'index.php?option=com_modules&client=0&task=edit&cid[]=251', 'class:BDS'));
             $menu->addChild(new JMenuNode(JText::_('Templates Email'), 'index.php?option=com_content&filter_sectionid=8', 'class:BDS'));
             $menu->addChild(new JMenuNode(JText::_('Nội dung bên phải trang chủ'), 'index.php?option=com_modules&client=0&task=edit&cid[]=258', 'class:BDS'));
             $menu->addChild(new JMenuNode(JText::_('Nội dung footer trang chủ'), 'index.php?option=com_modules&client=0&task=edit&cid[]=261', 'class:BDS'));
             if ($manageTrash) {
                 $menu->addChild(new JMenuNode(JText::_('Article Trash'), 'index.php?option=com_content&sectionid=-1&task=edit&cid[]=155', 'class:trash'));
             }
             $menu->getParent();
             /*
             $menu->addChild(new JMenuNode(JText::_('Hỗ trợ trực tuyến'), 'index.php?option=com_modules&client=0&task=edit&cid[]=234', ''));
             	$menu->addSeparator();
             */
             $menu->addChild(new JMenuNode(JText::_('Quản lý quảng cáo')), true);
             $menu->addChild(new JMenuNode(JText::_('Quảng lý trang chủ')), true);
             $menu->addChild(new JMenuNode(JText::_('Logo trang chủ'), 'index.php?option=com_modules&client=0&task=edit&cid[]=213', 'class:BDS'));
             $menu->addChild(new JMenuNode(JText::_('Logo One way'), 'index.php?option=com_modules&client=0&task=edit&cid[]=212', 'class:BDS'));
             $menu->addChild(new JMenuNode(JText::_('Thông tin footer'), 'index.php?option=com_modules&client=0&task=edit&cid[]=231', 'class:BDS'));
             $menu->addChild(new JMenuNode(JText::_('Banner top980 trang chủ'), 'index.php?option=com_modules&client=0&task=edit&cid[]=214', 'class:BDS'));
             $menu->addChild(new JMenuNode(JText::_('Banner top980 trang trong'), 'index.php?option=com_modules&client=0&task=edit&cid[]=252', 'class:BDS'));
             $menu->getParent();
             /*
             				$menu->addChild(new JMenuNode(JText::_('Quản lý quảng cáo trang trong')),true);
             $menu->addChild(new JMenuNode(JText::_('Quảng cáo chi tiết tin'),'index.php?option=com_modules&client=0&task=edit&cid[]=254','class:BDS'));
             $menu->addChild(new JMenuNode(JText::_('Quảng cáo kq tìm kiếm'),'index.php?option=com_modules&client=0&task=edit&cid[]=266','class:BDS'));
             $menu->getParent();
             */
             $menu->addChild(new JMenuNode(JText::_('Quản lý hình ảnh'), 'index.php?option=com_media', 'class:BDS'));
             $menu->getParent();
             $menu->addChild(new JMenuNode(JText::_('Thông tin liên hệ'), 'index.php?option=com_google&controller=google&task=edit&cid[]=1', ''));
             $menu->addSeparator();
         }
     }
     $menu->renderMenu('menu', '');
 }
예제 #5
0
        header('Cache-control: private');
        header('Content-Type: ' . $_GET['mimetype']);
        header('Content-Disposition: inline; filename="' . rawurlencode($realname) . '"');
        // Apache is sending Last Modified header, so we'll do it, too
        $modified = filemtime($filename);
        header('Last-Modified: ' . date('D, j M Y G:i:s T', $modified));
        // something like Thu, 03 Oct 2002 18:01:08 GMT
        readfile($filename);
        AccessLog::addLogEntry($_REQUEST['id'], 'V');
    } else {
        echo msg('message_file_does_not_exist');
    }
} elseif ($_GET['submit'] == 'Download') {
    $file_obj = new FileData($_REQUEST['id'], $GLOBALS['connection'], DB_NAME);
    // Added this check to keep unauthorized users from downloading - Thanks to Chad Bloomquist
    checkUserPermission($_REQUEST['id'], $file_obj->READ_RIGHT, $file_obj);
    $realname = $file_obj->getName();
    if (isset($lrevision_id)) {
        $filename = $lrevision_dir . $lrequest_id . ".dat";
    } elseif ($file_obj->isArchived()) {
        $filename = $GLOBALS['CONFIG']['archiveDir'] . $_REQUEST['id'] . ".dat";
    } else {
        $filename = $GLOBALS['CONFIG']['dataDir'] . $_REQUEST['id'] . ".dat";
    }
    if (file_exists($filename)) {
        // send headers to browser to initiate file download
        header('Cache-control: private');
        header('Content-Type: ' . $_GET['mimetype']);
        header('Content-Disposition: attachment; filename="' . $realname . '"');
        header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
        header('Pragma: public');
예제 #6
0
if (!isset($_REQUEST['id']) || $_REQUEST['id'] == "") {
    header('Location:error.php?ec=2');
    exit;
}
if (strchr($_REQUEST['id'], '_')) {
    list($_REQUEST['id'], $revision_id) = explode('_', $_REQUEST['id']);
    $pageTitle = msg('area_file_details') . ' ' . msg('revision') . ' #' . $revision_id;
    $file_size = display_filesize($GLOBALS['CONFIG']['revisionDir'] . $_REQUEST['id'] . '/' . $_REQUEST['id'] . '_' . $revision_id . '.dat');
} else {
    $pageTitle = msg('area_file_details');
}
draw_header(msg('area_file_details'), $last_message);
$request_id = $_REQUEST['id'];
//save an original copy of id
$file_data_obj = new FileData($_REQUEST['id'], $pdo);
checkUserPermission($_REQUEST['id'], $file_data_obj->VIEW_RIGHT, $file_data_obj);
$user_perms_obj = new User_Perms($_SESSION['uid'], $pdo);
$user_permission_obj = new UserPermission($_SESSION['uid'], $pdo);
$user_obj = new User($file_data_obj->getOwner(), $pdo);
// display details
$owner_id = $file_data_obj->getOwner();
$category = $file_data_obj->getCategoryName();
$owner_full_name = $file_data_obj->getOwnerFullName();
$owner = $owner_full_name[1] . ', ' . $owner_full_name[0];
$real_name = $file_data_obj->getName();
$created = $file_data_obj->getCreatedDate();
$description = $file_data_obj->getDescription();
$comment = $file_data_obj->getComment();
$status = $file_data_obj->getStatus();
$reviewer = $file_data_obj->getReviewerName();
// corrections
예제 #7
0
</button>&nbsp;<?php 
    echo msg('message_click_to_checkout_document');
    ?>
</div>
</form>
    <?php 
    echo msg('message_once_the_document_has_completed');
    ?>
&nbsp;<a href="out.php"><?php 
    echo msg('button_continue');
    ?>
</a>.
    <?php 
    draw_footer();
} else {
    checkUserPermission($_REQUEST['id'], $fileobj->WRITE_RIGHT, $fileobj);
    $realname = $fileobj->getName();
    if ($_GET['access_right'] == 'modify') {
        // since this user has checked it out and will modify it
        // update db to reflect new status
        $query = "UPDATE {$GLOBALS['CONFIG']['db_prefix']}data SET status = '{$_SESSION['uid']}' WHERE id = '{$_GET['id']}'";
        $result = mysql_query($query, $GLOBALS['connection']) or die("Error in query: {$query}. " . mysql_error());
    }
    // calculate filename
    $filename = $GLOBALS['CONFIG']['dataDir'] . $_GET['id'] . '.dat';
    if (file_exists($filename)) {
        // send headers to browser to initiate file download
        header('Content-Type: application/octet-stream');
        header('Content-Disposition: attachment; filename="' . $realname . '"');
        header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
        header('Pragma: public');
예제 #8
0
$last_message = isset($_REQUEST['last_message']) ? $_REQUEST['last_message'] : '';
if (!isset($_REQUEST['id']) || $_REQUEST['id'] == '') {
    header('Location:error.php?ec=2');
    exit;
}
if (strchr($_REQUEST['id'], '_')) {
    header('Location:error.php?ec=20');
}
$filedata = new FileData($_REQUEST['id'], $pdo);
if ($filedata->isArchived()) {
    header('Location:error.php?ec=21');
}
// form not yet submitted, display initial form
if (!isset($_REQUEST['submit'])) {
    draw_header(msg('area_update_file'), $last_message);
    checkUserPermission($_REQUEST['id'], $filedata->ADMIN_RIGHT, $filedata);
    $current_user_dept = $user_perms_obj->user_obj->getDeptId();
    $data_id = $_REQUEST['id'];
    // includes
    $department_query = "SELECT department FROM {$GLOBALS['CONFIG']['db_prefix']}user WHERE id=:user_id";
    $department_stmt = $pdo->prepare($department_query);
    $department_stmt->bindParam(':user_id', $_SESSION['uid']);
    $department_stmt->execute();
    $result = $department_stmt->fetchAll();
    if ($department_stmt->rowCount() != 1) {
        header('Location:error.php?ec=14');
        exit;
        //non-unique error
    }
    $filedata = new FileData($data_id, $pdo);
    // error check
예제 #9
0
<?php

// check user permission exists
if (checkUserPermission(getUsername(), "listTask")) {
    // display list
    include_once 'views/listTask.php';
} else {
    // user do not have permission -> display to him
    include_once 'views/permissionError.php';
}
예제 #10
0
    echo msg('message_click_to_checkout_document');
    ?>
</div>
</form>
    <?php 
    echo msg('message_once_the_document_has_completed');
    ?>
&nbsp;<a href="out.php"><?php 
    echo msg('button_continue');
    ?>
</a>.
    <?php 
    draw_footer();
} else {
    $id = (int) $_REQUEST['id'];
    checkUserPermission($id, $file_data_obj->WRITE_RIGHT, $file_data_obj);
    $real_name = $file_data_obj->getName();
    if ($_GET['access_right'] == 'modify') {
        // since this user has checked it out and will modify it
        // update db to reflect new status
        $query = "UPDATE {$GLOBALS['CONFIG']['db_prefix']}data SET status = :uid WHERE id = :id";
        $stmt = $pdo->prepare($query);
        $stmt->execute(array(':uid' => $_SESSION['uid'], ':id' => $id));
    }
    // calculate filename
    $filename = $GLOBALS['CONFIG']['dataDir'] . $id . '.dat';
    if (file_exists($filename)) {
        // send headers to browser to initiate file download
        header('Content-Type: application/octet-stream');
        header('Content-Disposition: attachment; filename="' . $real_name . '"');
        header('Cache-Control: must-revalidate, post-check=0, pre-check=0');
예제 #11
0
if (checkUserPermission(getUsername(), 'editTask')) {
    // if user have edit permissions
    ?>
			<a href="<?php 
    echo generateUrl('updateTask') . '&id=' . $key;
    ?>
">
				<i class="glyphicon glyphicon-edit"> </i> <?php 
    echo _t("MODIFYTASK");
    ?>
			</a>
		<?php 
}
?>
		<?php 
if (checkUserPermission(getUsername(), 'removeTask')) {
    // if user have remove permissions -> display the modal
    ?>
			<a href="#" data-toggle="modal" data-target="#confirm-delete-<?php 
    echo $key;
    ?>
">
				<i class="glyphicon glyphicon-remove-circle"> </i> <?php 
    echo _t("DELETETASK");
    ?>
			</a>
		<?php 
}
?>

		<br>
예제 #12
0
 public function testCheckUserPermission()
 {
     // no permission
     $this->assertEquals(checkUserPermission("user_with_nonepermissions", "removeTask"), false);
     // permission create task
     $this->assertEquals(checkUserPermission("user_with_createtaskpermission", "createTask"), true);
     // permission edit task
     $this->assertEquals(checkUserPermission("user_with_edittaskpermission", "editTask"), true);
     // permission list task
     $this->assertEquals(checkUserPermission("user_with_listtaskpermission", "listTask"), true);
     // permission comment task
     $this->assertEquals(checkUserPermission("user_with_commenttaskpermission", "commentTask"), true);
     // permission remove task
     $this->assertEquals(checkUserPermission("user_with_removetaskpermission", "removeTask"), true);
 }