function getViewPerm($news)
{
global $_G;
//自己发布的有权限
if ($news['authorid'] == $_G['uid']) {
return true;
}
//管理员有权限
if (getPermByUid($_G['uid']) > 1) {
return true;
}
//游客时,只要设置了范围,就没有权限;
if ($_G['uid'] < 1 && ($news['orgids'] || $news['uids'])) {
return false;
}
//转换为数组
if ($news['orgids']) {
$news['orgids'] = explode(',', $news['orgids']);
} else {
$news['orgids'] = array();
}
//转换为数组
if ($news['uids']) {
$news['uids'] = explode(',', $news['uids']);
} else {
$news['uids'] = array();
}
//判断普通用户权限
if (!$news['uids'] && !$news['orgids']) {
return true;
}
//未设置范围,全部有权限
if ($news['uids'] && in_array($_G['uid'], $news['uids'])) {
//用户在用户列表内,允许查看
return true;
}
//当未加入机构和部门在部门列表中时,单独判断;
if (in_array('other', $news['orgids']) && !DB::result_first("SELECT COUNT(*) from %t where uid=%d", array('organization_user', $_G['uid']))) {
return true;
}
//获取用户所在的机构或部门
$orgids = C::t('organization_user')->fetch_orgids_by_uid($_G['uid']);
if (array_intersect($orgids, $news['orgids'])) {
return true;
}
//检查每个部门的下级
include_once libfile('function/organization');
foreach ($orgids as $orgid) {
$upids = getUpOrgidTree($orgid, true);
if ($upids && array_intersect($upids, $news['orgids'])) {
return true;
}
}
return false;
}
* @package DzzOffice
* @link http://www.dzzoffice.com
* @author zyx(zyx@dzz.cc)
*/
if (!defined('IN_DZZ')) {
exit('Access Denied');
}
$ismobile = helper_browser::ismobile();
//error_reporting(E_ALL);
$newid = empty($_GET['newid']) ? 0 : intval($_GET['newid']);
if (!($news = C::t('news')->fetch($newid))) {
showmessage('信息不存在或已删除', dreferer());
}
include libfile('function/news');
//根据信息发布权限判断用户是否有查看权限
$perm = getPermByUid($_G['uid']);
if (!getViewPerm($news)) {
showmessage('您没有查看此信息的权限,请联系管理员', dreferer());
}
//获取分类名称
if ($news['catid']) {
$news['catname'] = DB::result_first("select name from %t where catid=%d", array('news_cat', $news['catid']));
}
if ($news['opuid'] && ($opuser = getuserbyuid($news['opuid']))) {
$news['opauthor'] = $opuser['username'];
}
if ($news['moduid'] && ($moduser = getuserbyuid($news['moduid']))) {
$news['modusername'] = $moduser['username'];
}
$navtitle = $news['subject'];
$navlast = getstr($news['subject'], 15);
