/**
* This function handles granular permissions levels (where as communities_module_access handles higer level permissions)
* for the actual gallery comments.
*
* @param int $cgallery_id
* @param string $section
* @return bool
*/
function galleries_comment_module_access($cgcomment_id = 0, $section = "")
{
global $db, $COMMUNITY_ID, $LOGGED_IN, $COMMUNITY_MEMBER, $COMMUNITY_ADMIN, $NOTICE, $NOTICESTR, $ERROR, $ERRORSTR, $ENTRADA_USER;
$allow_to_load = false;
if ((bool) $LOGGED_IN && (bool) $COMMUNITY_MEMBER && (bool) $COMMUNITY_ADMIN) {
$allow_to_load = true;
} else {
if ($cgcomment_id = (int) $cgcomment_id) {
$query = "SELECT * FROM `community_gallery_comments` WHERE `cgcomment_id` = " . $db->qstr($cgcomment_id) . " AND `community_id` = " . $db->qstr($COMMUNITY_ID);
$result = $db->CacheGetRow(CACHE_TIMEOUT, $query);
if ($result) {
if ($allow_to_load = galleries_module_access($result["cgallery_id"], $section)) {
switch ($section) {
case "delete-comment":
case "edit-comment":
if ($ENTRADA_USER->getActiveId() != (int) $result["proxy_id"]) {
$allow_to_load = false;
}
break;
default:
continue;
break;
}
}
}
}
if ($allow_to_load) {
if ((int) $result["comment_active"]) {
/**
* You're good to go, no further checks at this time.
* If you need to add more checks, this is there they would go.
*/
} else {
$NOTICE++;
$NOTICESTR[] = "This comment was deactivated <strong>" . date(DEFAULT_DATE_FORMAT, $result["updated_date"]) . "</strong> by <strong>" . html_encode(get_account_data("firstlast", $result["updated_by"])) . "</strong>.<br /><br />If there has been a mistake or you have questions relating to this issue please contact the MEdTech Unit directly.";
$allow_to_load = false;
}
} else {
if (!$ERROR) {
$ERROR++;
$ERRORSTR[] = "You do not have access to this comment.<br /><br />If you believe there has been a mistake, please contact a community administrator for assistance.";
}
}
}
return $allow_to_load;
}
if ($progress + 1 == $total_photos && $column != 3) {
echo "<td colspan=\"" . (3 - $column) . "\"> </td>\n";
} elseif ($column == 3) {
$column = 0;
echo "</tr>\n";
echo "<tr>\n";
}
}
?>
</tr>
</tbody>
</table>
<?php
} else {
$NOTICE++;
$NOTICESTR[] = "<strong>No photos in this gallery.</strong><br /><br />" . (galleries_module_access($RECORD_ID, "add-photo") ? "If you would like to upload a new photo, <a href=\"" . COMMUNITY_URL . $COMMUNITY_URL . ":" . $PAGE_URL . "?section=add-photo&id=" . $RECORD_ID . "\">click here</a>." : "Please check back later.");
echo display_notice();
}
?>
</div>
<?php
if ($LOGGED_IN) {
add_statistic("community:" . $COMMUNITY_ID . ":galleries", "gallery_view", "cgallery_id", $RECORD_ID);
}
} else {
if ($ERROR) {
echo display_error();
}
if ($NOTICE) {
echo display_notice();
}
*/
if (!defined("COMMUNITY_INCLUDED") || !defined("IN_GALLERIES")) {
exit;
} elseif (!$COMMUNITY_LOAD) {
exit;
}
$HEAD[] = "<link href=\"" . ENTRADA_URL . "/javascript/calendar/css/xc2_default.css?release=" . html_encode(APPLICATION_VERSION) . "\" rel=\"stylesheet\" type=\"text/css\" media=\"all\" />";
$HEAD[] = "<script type=\"text/javascript\" src=\"" . ENTRADA_URL . "/javascript/calendar/config/xc2_default.js?release=" . html_encode(APPLICATION_VERSION) . "\"></script>";
$HEAD[] = "<script type=\"text/javascript\" src=\"" . ENTRADA_URL . "/javascript/calendar/script/xc2_inpage.js?release=" . html_encode(APPLICATION_VERSION) . "\"></script>";
$HEAD[] = "<script type=\"text/javascript\" src=\"" . COMMUNITY_URL . "/javascript/galleries.js?release=" . html_encode(APPLICATION_VERSION) . "\"></script>";
echo "<h1>Upload Photo</h1>\n";
if ($RECORD_ID) {
$query = "SELECT * FROM `community_galleries` WHERE `cgallery_id` = " . $db->qstr($RECORD_ID) . " AND `cpage_id` = " . $db->qstr($PAGE_ID) . " AND `community_id` = " . $db->qstr($COMMUNITY_ID);
$gallery_record = $db->GetRow($query);
if ($gallery_record) {
if (galleries_module_access($RECORD_ID, "add-photo")) {
$BREADCRUMB[] = array("url" => COMMUNITY_URL . $COMMUNITY_URL . ":" . $PAGE_URL . "?section=view-gallery&id=" . $gallery_record["cgallery_id"], "title" => limit_chars($gallery_record["gallery_title"], 32));
$BREADCRUMB[] = array("url" => COMMUNITY_URL . $COMMUNITY_URL . ":" . $PAGE_URL . "?section=add-photo&id=" . $RECORD_ID, "title" => "Upload Photo");
$photo_uploads = array();
if (array_count_values($copyright_settings = (array) $translate->_("copyright")) > 1 && isset($copyright_settings["copyright-uploads"]) && strlen($copyright_settings["copyright-uploads"])) {
$COPYRIGHT = true;
} else {
$COPYRIGHT = false;
}
// Error Checking
switch ($STEP) {
case 2:
if (isset($_FILES["photo_files"]) && is_array($_FILES["photo_files"])) {
if (!defined("COMMUNITY_STORAGE_GALLERIES") || !@is_dir(COMMUNITY_STORAGE_GALLERIES) || !@is_writable(COMMUNITY_STORAGE_GALLERIES)) {
$error_current++;
$ERROR++;
function community_module_permissions_check($proxy_id, $module, $module_section, $record_id)
{
global $db, $COMMUNITY_ID, $LOGGED_IN, $COMMUNITY_MEMBER, $COMMUNITY_ADMIN, $NOTICE, $NOTICESTR, $ERROR, $ERRORSTR, $PAGE_ID;
switch ($module) {
case "discussions":
require_once COMMUNITY_ABSOLUTE . "/modules/discussions.inc.php";
return discussion_module_access($record_id, "view-post");
break;
case "galleries":
require_once COMMUNITY_ABSOLUTE . "/modules/galleries.inc.php";
return galleries_module_access($record_id, "view-photo");
break;
case "shares":
require_once COMMUNITY_ABSOLUTE . "/modules/shares.inc.php";
return shares_module_access($record_id, "view-file");
break;
case "polls":
require_once COMMUNITY_ABSOLUTE . "/modules/polls.inc.php";
return polls_module_access($record_id, "view-poll");
break;
default:
return true;
break;
}
}
*/
@ob_end_clean();
@ob_end_clean();
header("Cache-Control: max-age=2592000");
header("Content-Type: " . $photo_record["photo_mimetype"]);
header("Content-Length: " . @filesize($display_file));
header("Content-Disposition: inline; filename=\"thumbnail-" . $photo_record["photo_filename"] . "\"");
header("Content-Transfer-Encoding: binary\n");
echo @file_get_contents($display_file, FILE_BINARY);
exit;
break;
default:
if (galleries_photo_module_access($RECORD_ID, "view-photo")) {
$BREADCRUMB[] = array("url" => COMMUNITY_URL . $COMMUNITY_URL . ":" . $PAGE_URL . "?section=view-gallery&id=" . $photo_record["cgallery_id"], "title" => limit_chars($photo_record["gallery_title"], 32));
$BREADCRUMB[] = array("url" => COMMUNITY_URL . $COMMUNITY_URL . ":" . $PAGE_URL . "?section=view-photo&id=" . $RECORD_ID, "title" => limit_chars($photo_record["photo_title"], 32));
$ADD_COMMENT = galleries_module_access($photo_record["cgallery_id"], "add-comment");
$NAVIGATION = galleries_photo_navigation($photo_record["cgallery_id"], $RECORD_ID);
$community_galleries_select = community_galleries_in_select($photo_record["cgallery_id"]);
?>
<script type="text/javascript">
function photoDelete(id) {
Dialog.confirm('Do you really wish to remove the '+ $('photo-' + id + '-title').innerHTML +' photo?<br /><br />If you confirm this action, you will be deactivating this photo and any comments.',
{
id: 'requestDialog',
width: 350,
height: 125,
title: 'Delete Confirmation',
className: 'medtech',
okLabel: 'Yes',
cancelLabel: 'No',
closable: 'true',
* @copyright Copyright 2010 Queen's University. All Rights Reserved.
*
*/
if (!defined("COMMUNITY_INCLUDED") || !defined("IN_GALLERIES")) {
exit;
} elseif (!$COMMUNITY_LOAD) {
exit;
}
$HEAD[] = "<script type=\"text/javascript\" src=\"" . COMMUNITY_URL . "/javascript/galleries.js?release=" . html_encode(APPLICATION_VERSION) . "\"></script>";
echo "<h1>Add Photo Comment</h1>\n";
if ($RECORD_ID) {
$query = "\tSELECT a.*, b.`gallery_title`, b.`admin_notifications`\n\t\t\t\tFROM `community_gallery_photos` AS a\n\t\t\t\tLEFT JOIN `community_galleries` AS b\n\t\t\t\tON a.`cgallery_id` = b.`cgallery_id`\n\t\t\t\tWHERE a.`community_id` = " . $db->qstr($COMMUNITY_ID) . "\n\t\t\t\tAND b.`cpage_id` = " . $db->qstr($PAGE_ID) . "\n\t\t\t\tAND a.`cgphoto_id` = " . $db->qstr($RECORD_ID) . "\n\t\t\t\tAND a.`photo_active` = '1'\n\t\t\t\tAND b.`gallery_active` = '1'";
$photo_record = $db->GetRow($query);
if ($photo_record) {
if ((int) $photo_record["photo_active"]) {
if (galleries_module_access($photo_record["cgallery_id"], "add-comment")) {
$BREADCRUMB[] = array("url" => COMMUNITY_URL . $COMMUNITY_URL . ":" . $PAGE_URL . "?section=view-gallery&id=" . $photo_record["cgallery_id"], "title" => limit_chars($photo_record["gallery_title"], 32));
$BREADCRUMB[] = array("url" => COMMUNITY_URL . $COMMUNITY_URL . ":" . $PAGE_URL . "?section=view-photo&id=" . $RECORD_ID, "title" => limit_chars($photo_record["photo_title"], 32));
$BREADCRUMB[] = array("url" => COMMUNITY_URL . $COMMUNITY_URL . ":" . $PAGE_URL . "?section=add-comment&id=" . $RECORD_ID, "title" => "Add Photo Comment");
communities_load_rte();
// Error Checking
switch ($STEP) {
case 2:
/**
* Required field "title" / Comment Title.
*/
if (isset($_POST["comment_title"]) && ($title = clean_input($_POST["comment_title"], array("notags", "trim")))) {
$PROCESSED["comment_title"] = $title;
} else {
$PROCESSED["comment_title"] = "";
}
