function getAllowedProjects()
{
global $AppUI, $HELPDESK_CONFIG;
//if helpdeskUseProjectPerms is true, get a list of Projects based on the users standard project permissions
if ($HELPDESK_CONFIG['helpdeskUseProjectPerms']) {
require_once $AppUI->getModuleClass('projects');
$project = new CProject();
$allowedProjects = $project->getAllowedRecords($AppUI->user_id, 'project_id, project_name', 'project_name');
//echo "!".implode(" AND ",$rowproject>getAllowedSQL( $AppUI->user_id))."!";
return $allowedProjects;
} else {
//otherwise, get a list of all projects associated with the user's permitted companies.
//the use case here would be that the person assigning or updating the Helpdesk item may not have access to all Projects. They might just be traffic control. This will minimise perm maintenance.
$sql = "SELECT project_id, project_name FROM projects WHERE project_company in (" . implode(",", array_keys(getAllowedCompanies())) . ") ORDER BY project_name";
return db_loadList($sql);
}
}
}
}
$AppUI =& $_SESSION['AppUI'];
require_once DP_BASE_DIR . '/includes/permissions.php';
$perms =& $AppUI->acl();
$canRead = $perms->checkModule('files', 'view');
if (!$canRead) {
$AppUI->redirect('m=public&a=access_denied');
}
$file_id = isset($_GET['file_id']) ? (int) $_GET['file_id'] : 0;
if ($file_id) {
// projects tat are denied access
require_once $AppUI->getModuleClass('projects');
require_once $AppUI->getModuleClass('files');
$project = new CProject();
$allowedProjects = $project->getAllowedRecords($AppUI->user_id, 'project_id, project_name');
$fileclass = new CFile();
$fileclass->load($file_id);
$allowedFiles = $fileclass->getAllowedRecords($AppUI->user_id, 'file_id, file_name');
if (count($allowedFiles) && !array_key_exists($file_id, $allowedFiles)) {
$AppUI->redirect('m=public&a=access_denied');
}
$q = new DBQuery();
$q->addTable('files');
if ($fileclass->file_project) {
$project->setAllowedSQL($AppUI->user_id, $q, 'file_project');
}
$q->addWhere('file_id = ' . $file_id);
$sql = $q->prepare();
if (!db_loadHash($sql, $file)) {
$AppUI->redirect('m=public&a=access_denied');
// to pass to "new file" button
$folder = intval(dPgetParam($_GET, 'folder', 0));
// "Project" filters info
require_once $AppUI->getModuleClass('projects');
// retrieve any state parameters
if (isset($_REQUEST['project_id'])) {
$AppUI->setState('FileIdxProject', $_REQUEST['project_id']);
}
$project_id = $AppUI->getState('FileIdxProject', 0);
/*
* get "Allowed" projects for filter list
* ("All" is always allowed when basing permission on projects)
*/
$project = new CProject();
$extra = array('from' => 'files', 'where' => 'project_id = file_project');
$projects = $project->getAllowedRecords($AppUI->user_id, 'project_id,project_name', 'project_name', null, $extra);
$projects = arrayMerge(array('0' => $AppUI->_('All', UI_OUTPUT_RAW)), $projects);
// get SQL for allowed projects/tasks and folders
$task = new CTask();
$allowedProjects = $project->getAllowedSQL($AppUI->user_id, 'file_project');
$allowedTasks = $task->getAllowedSQL($AppUI->user_id, 'file_task');
$cfObj = new CFileFolder();
$allowedFolders = $cfObj->getAllowedSQL($AppUI->user_id, 'file_folder');
//get permissions for folder tab
$canAccess_folders = getPermission('file_folders', 'access');
// setup the title block
$titleBlock = new CTitleBlock('Files', 'folder5.png', $m, $m . '.' . $a);
$titleBlock->addCell($AppUI->_('Filter') . ':');
$titleBlock->addCell(arraySelect($projects, 'project_id', 'onchange="javascript:document.pickProject.submit()" size="1" class="text"', $project_id), '', '<form name="pickProject" action="?m=files" method="post">', '</form>');
/*
* override the file module's $canEdit variable passed from the main index.php
public function getAllowedRecords($uid, $fields = '*', $orderby = '', $index = null, $extra = null)
{
global $AppUI;
$oPrj = new CProject();
$aPrjs = $oPrj->getAllowedRecords($uid, 'projects.project_id, project_name', '', null, null, 'projects');
if (count($aPrjs)) {
$buffer = '(task_project IN (' . implode(',', array_keys($aPrjs)) . '))';
if ($extra['where'] != '') {
$extra['where'] = $extra['where'] . ' AND ' . $buffer;
} else {
$extra['where'] = $buffer;
}
} else {
// There are no allowed projects, so don't allow tasks.
if ($extra['where'] != '') {
$extra['where'] = $extra['where'] . ' AND 1 = 0 ';
} else {
$extra['where'] = '1 = 0';
}
}
return parent::getAllowedRecords($uid, $fields, $orderby, $index, $extra);
}
public function getAllowedRecords($uid, $fields = '*', $orderby = '', $index = null, $extra = null)
{
global $AppUI;
$oPrj = new CProject();
$aPrjs = $oPrj->getAllowedRecords($uid, 'projects.project_id, project_name', '', null, null, 'projects');
if (count($aPrjs)) {
$buffer = '(forum_project IN (' . implode(',', array_keys($aPrjs)) . ') OR forum_project IS NULL OR forum_project = \'\' OR forum_project = 0)';
if ($extra['where'] != '') {
$extra['where'] = $extra['where'] . ' AND ' . $buffer;
} else {
$extra['where'] = $buffer;
}
} else {
// There are no allowed projects, so only allow forums with no project associated.
if ($extra['where'] != '') {
$extra['where'] = $extra['where'] . ' AND (forum_project IS NULL OR forum_project = \'\' OR forum_project = 0) ';
} else {
$extra['where'] = '(forum_project IS NULL OR forum_project = \'\' OR forum_project = 0)';
}
}
return parent::getAllowedRecords($uid, $fields, $orderby, $index, $extra);
}
session_destroy();
exit;
}
}
$AppUI =& $_SESSION['AppUI'];
include_once W2P_BASE_DIR . '/locales/core.php';
$perms =& $AppUI->acl();
$canRead = $perms->checkModule('files', 'view');
if (!$canRead) {
$AppUI->redirect('m=public&a=access_denied');
}
$file_id = (int) w2PgetParam($_GET, 'file_id', 0);
if ($file_id) {
// projects tat are denied access
$project = new CProject();
$allowedProjects = $project->getAllowedRecords($AppUI->user_id, 'projects.project_id, project_name', '', null, null, 'projects');
$fileclass = new CFile();
$fileclass->load($file_id);
$allowedFiles = $fileclass->getAllowedRecords($AppUI->user_id, 'file_id, file_name');
if (count($allowedFiles) && !array_key_exists($file_id, $allowedFiles)) {
$AppUI->redirect('m=public&a=access_denied');
}
$q = new DBQuery();
$q->addTable('files');
if ($fileclass->file_project) {
$project->setAllowedSQL($AppUI->user_id, $q, 'file_project');
}
$q->addWhere('file_id = ' . $file_id);
$file = $q->loadHash();
if (!$file) {
$AppUI->redirect('m=public&a=access_denied');
public function getAllowedRecords($uid, $fields = '*', $orderby = '', $index = null, $extra = null, $unused = '')
{
$oPrj = new CProject();
$oPrj->overrideDatabase($this->_query);
$aPrjs = $oPrj->getAllowedRecords($uid, 'projects.project_id, project_name', '', null, null, 'projects');
if (count($aPrjs)) {
$buffer = '(event_project IN (' . implode(',', array_keys($aPrjs)) . ') OR event_project IS NULL OR event_project = \'\' OR event_project = 0)';
if ($extra['where'] != '') {
$extra['where'] = $extra['where'] . ' AND ' . $buffer;
} else {
$extra['where'] = $buffer;
}
} else {
// There are no allowed projects, so only allow events with no project.
if ($extra['where'] != '') {
$extra['where'] = $extra['where'] . ' AND (event_project IS NULL OR event_project = \'\' OR event_project = 0) ';
} else {
$extra['where'] = '(event_project IS NULL OR event_project = \'\' OR event_project = 0)';
}
}
return parent::getAllowedRecords($uid, $fields, $orderby, $index, $extra);
}
}
$projectStatus = dPgetSysVal('ProjectStatus');
//ina
$project = new CProject();
//
if (isset($_POST['proFilter2'])) {
$proFilter2 = $_POST['proFilter2'];
$pro_list = implode(',', $proFilter2);
}
if (isset($_POST['proFilter'])) {
$AppUI->setState('ProjectIdxFilter', $_POST['proFilter']);
}
$proFilter = $AppUI->getState('ProjectIdxFilter') !== NULL ? $AppUI->getState('ProjectIdxFilter') : '-1';
if ($proFilter > -1) {
$ps['where'] = 'project_status=' . $proFilter;
$allowedProjects = $project->getAllowedRecords($AppUI->user_id, 'project_id,project_name', 'project_name', '', $ps);
} else {
$allowedProjects = $project->getAllowedRecords($AppUI->user_id, 'project_id,project_name', 'project_name');
}
if (isset($_POST["clientes"])) {
$filtro_cliente = $_POST["clientes"];
} else {
$filtro_cliente = '-1';
}
$projFilter = arrayMerge(array('-1' => 'All Status'), $projectStatus);
natsort($projFilter);
// months to scroll
$scroll_date = 1;
$display_option = dPgetParam($_POST, 'display_option', 'this_month');
// format dates
$df = $AppUI->getPref('SHDATEFORMAT');
