require_once "utils.php";
require_once "security.php";
require_once "page_blocks.php";
require_once "not_a_power_user.php";
require_once "no_access_to_project.php";
if (!IsPower()) {
    die(GetNotAPowerUserPage());
}
StartAccessToDB();
if (array_key_exists("Id", $_GET)) {
    $itemId = $_GET["Id"];
} else {
    $itemId = "";
}
if (is_numeric($itemId)) {
    $itemInfos = GetSubmittedItemInfos($_GET["Id"]);
    if (is_string($itemInfos)) {
        echo $itemInfos;
        exit;
    }
    $unitInfos = GetUnitInfos($itemInfos["UnitId"]);
    $originalItemId = $itemInfos["ItemId"];
} else {
    echo "Error, the Id of the item MUST be indicated.";
    exit;
}
$projectId = GetProjectIdForUnit($unitInfos["Id"]);
if (!LoggedUserHasAccessToProject($projectId)) {
    die(GetNoAccessToProjectPage($projectId));
}
$tpl = new HTML_Template_IT("./");
Exemplo n.º 2
0
    if ($msg != "") {
        $msg .= "<br>";
    }
    // delete the accepted item only if there were no errors
    if ($msg == "") {
        $msg .= DeleteSubmittedItem($_POST["item_id"]);
    }
    if ($msg == "") {
        $msg = "Item accepted successfuly";
    } else {
        $msg = "Error while accepting item: " . $msg;
    }
} elseif ($action == "reject") {
    if (array_key_exists("items", $_POST) && is_array($_POST["items"])) {
        foreach ($_POST["items"] as $item) {
            $subItemInfos = GetSubmittedItemInfos($item);
            $projectId = GetProjectIdForUnit($subItemInfos["UnitId"]);
            if (!LoggedUserHasAccessToProject($projectId)) {
                $projectInfos = GetProjectInfos($projectId);
                $error = "You do not have access to project '" . $projectInfos["Name"] . "'";
            } else {
                $error = DeleteSubmittedItem($item);
            }
            if ($error != "") {
                if ($msg != "") {
                    $msg .= "<br>";
                }
                $msg .= $error;
            }
        }
        if ($msg == "") {