Exemplos de Document::canViewFile em PHP

canViewFile() public method

Check is the curent user is allowed to see the file

public canViewFile ( $options ) : boolean
$options		array of options (only 'tickets_id' used)
return	boolean

Exemplo n.º 1

Arquivo: document.send.php Projeto: remicollet/glpi

*/
include '../inc/includes.php';
if (!$CFG_GLPI["use_public_faq"]) {
    Session::checkLoginUser();
}
$doc = new Document();
if (isset($_GET['docid'])) {
    // docid for document
    if (!$doc->getFromDB($_GET['docid'])) {
        Html::displayErrorAndDie(__('Unknown file'), true);
    }
    if (!file_exists(GLPI_DOC_DIR . "/" . $doc->fields['filepath'])) {
        Html::displayErrorAndDie(__('File not found'), true);
        // Not found
    } else {
        if ($doc->canViewFile($_GET)) {
            if ($doc->fields['sha1sum'] && $doc->fields['sha1sum'] != sha1_file(GLPI_DOC_DIR . "/" . $doc->fields['filepath'])) {
                Html::displayErrorAndDie(__('File is altered (bad checksum)'), true);
                // Doc alterated
            } else {
                $doc->send();
            }
        } else {
            Html::displayErrorAndDie(__('Unauthorized access to this file'), true);
            // No right
        }
    }
} else {
    if (isset($_GET["file"])) {
        // for other file
        $splitter = explode("/", $_GET["file"]);

Exemplo n.º 2

Arquivo: methodinventaire.class.php Projeto: JULIO8/respaldo_glpi

 /**
  * Get a Document the authenticated user can view or anonymous (for public FAQ)
  *
  * @param $params    array of options (document, ticket)
  * @param $protocol        the commonication protocol used
  *
  * @return a hashtable
  **/
 static function methodGetDocument($params, $protocol)
 {
     if (isset($params['help'])) {
         return array('document' => 'integer,mandatory', 'ticket' => 'interger,optional', 'id2name' => 'bool,optional', 'help' => 'bool,optional');
     }
     // Allowed for anonymous user for public FAQ (right check in canViewFile)
     $doc = new Document();
     // Option parameter ticket
     if (isset($params['ticket']) && !is_numeric($params['ticket'])) {
         return self::Error($protocol, WEBSERVICES_ERROR_BADPARAMETER, '', 'ticket=' . $params['ticket']);
     }
     $options = array();
     if (isset($params['ticket'])) {
         $options['tickets_id'] = $params['ticket'];
     }
     // Mandatory parameter document
     if (!isset($params['document'])) {
         return self::Error($protocol, WEBSERVICES_ERROR_MISSINGPARAMETER, '', 'document');
     }
     if (!is_numeric($params['document'])) {
         return self::Error($protocol, WEBSERVICES_ERROR_BADPARAMETER, '', 'document=' . $params['document']);
     }
     if (!$doc->getFromDB($params['document'])) {
         return self::Error($protocol, WEBSERVICES_ERROR_NOTFOUND);
     }
     if (!$doc->canViewFile($options)) {
         return self::Error($protocol, WEBSERVICES_ERROR_NOTALLOWED);
     }
     $resp = $doc->fields;
     $resp['base64'] = base64_encode(file_get_contents(GLPI_DOC_DIR . "/" . $doc->fields['filepath']));
     if (isset($params['id2name'])) {
         $resp['users_name'] = Html::clean(getUserName($doc->fields['users_id']));
         $resp['documentcategories_name'] = Html::clean(Dropdown::getDropdownName('glpi_documentcategories', $doc->fields['documentcategories_id']));
     }
     return $resp;
 }