Пример #1
0
/**
 * Node section
 *
 * @param array $§
 *
 * @return string
 */
function section_node(array &$§) : string
{
    if (empty($§['vars']['crit']) || !($menu = one('menu', $§['vars']['crit'])) || !($data = all('node', ['root_id' => $menu['id'], 'project_id' => $menu['project_id']]))) {
        return '';
    }
    $data = array_filter($data, function ($item) use($data) {
        if (strpos($item['target'], 'http') === 0) {
            return true;
        }
        if ($item['target']) {
            return allowed(privilege_url($item['target']));
        }
        foreach ($data as $i) {
            if ($i['lft'] > $item['lft'] && $i['rgt'] < $item['rgt'] && $i['target'] && allowed(privilege_url($i['target']))) {
                return true;
            }
        }
        return false;
    });
    $count = count($data);
    $level = 0;
    $i = 0;
    $html = '';
    foreach ($data as $item) {
        $attrs = [];
        $class = '';
        if ($item['target'] === request('path')) {
            $attrs['class'] = 'active';
            $class .= ' class="active"';
        }
        if ($item['level'] > $level) {
            $html .= '<ul><li' . $class . '>';
        } elseif ($item['level'] < $level) {
            $html .= '</li>' . str_repeat('</ul></li>', $level - $item['level']) . '<li' . $class . '>';
        } else {
            $html .= '</li><li' . $class . '>';
        }
        if ($item['target']) {
            $attrs['href'] = $item['target'];
            $html .= html_tag('a', $attrs, $item['name']);
        } else {
            $html .= html_tag('span', [], $item['name']);
        }
        $html .= ++$i === $count ? str_repeat('</li></ul>', $item['level']) : '';
        $level = $item['level'];
    }
    return $html;
}
Пример #2
0
 function printEdit()
 {
     global $prefs;
     $admin = allowed($this->getDataInt('id_case'), 'a');
     // FIXME
     $edit = allowed($this->getDataInt('id_case'), 'e');
     // FIXME
     $write = allowed($this->getDataInt('id_case'), 'w');
     // FIXME (put in constructor)
     // FIXME: not sure whether this works as previously
     $dis = isDisabled(!($admin || $edit));
     echo '<table class="tbl_usr_dtl" width="99%">' . "\n";
     echo '<tr><td>';
     echo f_err_star('date_start') . _T('fu_input_date_start');
     echo "</td>\n";
     echo "<td>";
     $name = $admin || $edit ? 'start' : '';
     echo get_date_inputs($name, $this->data['date_start'], false);
     echo ' ' . _T('time_input_time_at') . ' ';
     echo get_time_inputs($name, $this->data['date_start']);
     echo "</td>\n";
     echo "</tr>\n";
     echo "<tr><td>";
     echo f_err_star('date_end') . ($prefs['time_intervals'] == 'absolute' ? _T('fu_input_date_end') : _T('fu_input_time_length'));
     echo "</td>\n";
     echo '<td>';
     if ($prefs['time_intervals'] == 'absolute') {
         // Buggy code, so isolated most important cases
         if ($this->data['id_followup'] == 0) {
             $name = 'end';
         } elseif ($edit) {
             $name = 'end';
         } else {
             // user can 'finish' entering data
             $name = $admin || $edit && $this->data['date_end'] == '0000-00-00 00:00:00' ? 'end' : '';
         }
         echo get_date_inputs($name, $this->data['date_end']);
         echo ' ';
         echo _T('time_input_time_at') . ' ';
         echo get_time_inputs($name, $this->data['date_end']);
     } else {
         $name = '';
         // Buggy code, so isolated most important cases
         if ($this->getDataInt('id_followup') == 0) {
             $name = 'delta';
         } elseif ($edit) {
             $name = 'delta';
         } else {
             // user can 'finish' entering data
             $name = $admin || $edit && $this->getDataString('date_end') == '0000-00-00 00:00:00' ? 'delta' : '';
         }
         if (empty($_SESSION['errors'])) {
             $interval = $this->getDataString('date_end') != '0000-00-00 00:00:00' ? strtotime($this->getDataString('date_end')) - strtotime($this->getDataString('date_start')) : 0;
             echo get_time_interval_inputs($name, $interval);
         } else {
             echo get_time_interval_inputs_from_array($name, $this->data);
         }
     }
     echo "</td>\n";
     echo "</tr>\n";
     // Show 'conclusion' options
     if ($this->show_conclusion) {
         $kws_conclusion = get_keywords_in_group_name('conclusion');
         $kws_result = get_keywords_in_group_name('_crimresults');
         echo "<tr>\n";
         echo "<td>" . _Ti('fu_input_conclusion') . "</td>\n";
         echo '<td>';
         // Result
         if (read_meta('case_result') == 'yes') {
             echo '<select ' . $dis . ' name="result" size="1" class="sel_frm">' . "\n";
             $default = '';
             if ($this->data['result']) {
                 $default = $this->data['result'];
             }
             foreach ($kws_result as $kw) {
                 $sel = isSelected($kw['name'] == $default);
                 echo '<option ' . $sel . ' value="' . $kw['name'] . '">' . _T(remove_number_prefix($kw['title'])) . "</option>\n";
             }
             echo "</select><br/>\n";
         }
         // Conclusion
         echo '<select ' . $dis . ' name="conclusion" size="1" class="sel_frm">' . "\n";
         $default = '';
         if ($this->data['conclusion']) {
             $default = $this->data['conclusion'];
         }
         foreach ($kws_conclusion as $kw) {
             $sel = isSelected($kw['name'] == $default);
             echo '<option ' . $sel . ' value="' . $kw['name'] . '">' . _T(remove_number_prefix($kw['title'])) . "</option>\n";
         }
         echo "</select>\n";
         echo "</td>\n";
         echo "</tr>\n";
         // If guilty, what sentence?
         $kws_sentence = get_keywords_in_group_name('sentence');
         echo "<tr>\n";
         echo "<td>" . _Ti('fu_input_sentence') . "</td>\n";
         echo '<td>';
         echo '<select ' . $dis . ' name="sentence" size="1" class="sel_frm">' . "\n";
         $default = '';
         if ($this->data['sentence']) {
             $default = $this->data['sentence'];
         }
         echo "<!-- " . $default . " -->\n";
         foreach ($kws_sentence as $kw) {
             $sel = $kw['name'] == $default ? ' selected="selected"' : '';
             echo '<option ' . $sel . ' value="' . $kw['name'] . '">' . _T(remove_number_prefix($kw['title']), array('currency' => read_meta('currency'))) . "</option>\n";
         }
         echo "</select>\n";
         // If sentence, for how much?
         echo '<input type="text" name="sentence_val" size="10" value="' . $this->data['sentence_val'] . '" />';
         echo "</td>\n";
         echo "</tr>\n";
     }
     if (_request('submit') == 'set_status' || is_status_change($this->getDataString('type'))) {
         // Change status
         echo "<tr>\n";
         echo "<td>" . _T('case_input_status') . "</td>\n";
         echo "<td>";
         echo '<input type="hidden" name="type" value="' . $this->getDataString('type') . '" />' . "\n";
         echo _T('kw_followups_' . $this->data['type'] . '_title');
         echo "</td>\n";
         echo "</tr>\n";
     } elseif (_request('submit') == 'set_stage' || $this->getDataString('type') == 'stage_change') {
         // Change stage
         echo "<tr>\n";
         echo "<td>" . _T('fu_input_next_stage') . "</td>\n";
         echo "<td>";
         echo '<input type="hidden" name="type" value="' . $this->getDataString('type') . '" />' . "\n";
         // This is to compensate an old bug, when 'case stage' was not stored in fu.description
         // and therefore editing a follow-up would not give correct information.
         // Bug was in CVS of 0.4.3 between 19-20 April 2005. Should not affect many people.
         if ($s = $this->getDataString('new_stage')) {
             echo '<input type="hidden" name="new_stage" value="' . $s . '" />' . "\n";
             echo _Tkw('stage', $s);
         } else {
             echo "New stage information not available";
         }
         echo "</td>\n";
         echo "</tr>\n";
         if ($s = $this->getDataString('new_stage')) {
             // Update stage keywords (if any)
             $stage = get_kw_from_name('stage', $s);
             $id_stage = $stage['id_keyword'];
             show_edit_keywords_form('stage', $this->data['id_case'], $id_stage);
         }
     } elseif ($this->getDataString('type') == 'assignment' || $this->getDataString('type') == 'unassignment') {
         // Do not allow assignment/un-assignment follow-ups to be changed
         echo "<tr>\n";
         echo "<td>" . _T('fu_input_next_stage') . "</td>\n";
         echo "<td>";
         echo '<input type="hidden" name="type" value="' . $this->getDataString('type') . '" />' . "\n";
         echo _Tkw('followups', $this->getDataString('type'));
         echo "</td>\n";
         echo "</tr>\n";
     } else {
         // The usual follow-up
         echo "<tr>\n";
         echo "<td>" . _T('fu_input_type') . "</td>\n";
         echo "<td>";
         echo '<select ' . $dis . ' name="type" size="1" class="sel_frm">' . "\n";
         $default_fu = get_suggest_in_group_name('followups');
         $futype_kws = get_keywords_in_group_name('followups');
         $kw_found = false;
         foreach ($futype_kws as $kw) {
             $sel = isSelected($kw['name'] == $default_fu);
             if ($sel) {
                 $kw_found = true;
             }
             echo '<option value="' . $kw['name'] . '"' . $sel . '>' . _T(remove_number_prefix($kw['title'])) . "</option>\n";
         }
         // Exotic case where the FU keyword was hidden by the administrator,
         // but an old follow-up using that keyword is being edited.
         if (!$kw_found) {
             echo '<option selected="selected" value="' . $default_fu . '">' . _Tkw('followups', $default_fu) . "</option>\n";
         }
         echo "</select>\n";
         echo "</td>\n";
         echo "</tr>\n";
     }
     // Keywords (if any)
     show_edit_keywords_form('followup', $this->getDataInt('id_followup'));
     // Description
     echo "<tr>\n";
     echo '<td valign="top">' . f_err_star('description') . _T('fu_input_description') . "</td>\n";
     echo '<td>';
     if ($this->getDataString('type') == 'assignment' || $this->getDataString('type') == 'unassignment') {
         // Do not allow edit of assignment
         echo '<input type="hidden" name="description" value="' . $this->getDataString('description') . '" />' . "\n";
         echo get_fu_description($this->data);
     } else {
         echo '<textarea ' . $dis . ' name="description" rows="15" cols="60" class="frm_tarea">';
         echo clean_output($this->getDataString('description'));
         echo "</textarea>";
     }
     echo "</td></tr>\n";
     // Sum billed field
     if ($this->show_sum_billed == "yes") {
         echo '<tr>';
         echo '<td>' . _T('fu_input_sum_billed') . "</td>\n";
         echo '<td>';
         echo '<input ' . $dis . ' name="sumbilled" ' . 'value="' . clean_output($this->getDataString('sumbilled')) . '" ' . 'class="search_form_txt" size="10" />';
         // [ML] If we do this we may as well make a function
         // out of it, but not sure where to place it :-)
         // This code is also in config_site.php
         $currency = read_meta('currency');
         if (empty($currency)) {
             $current_lang = $GLOBALS['lang'];
             $GLOBALS['lang'] = read_meta('default_language');
             $currency = _T('currency_default_format');
             $GLOBALS['lang'] = $current_lang;
         }
         echo htmlspecialchars($currency);
         echo "</td></tr>\n";
     }
     echo "</table>\n\n";
     // XXX FIXME: Should probably be in some function "is_system_fu"
     // or even "is_deletable"
     if ($this->getDataInt('id_followup') && allowed($this->data['id_case'], 'a') && !(is_status_change($this->data['type']) || $this->data['type'] == 'assignment' || $this->data['type'] == 'unassignment')) {
         $checked = $this->getDataString('hidden') == 'Y' ? ' checked="checked" ' : '';
         echo '<p class="normal_text">';
         echo '<input type="checkbox"' . $checked . ' name="delete" id="box_delete" />';
         echo '<label for="box_delete">' . _T('fu_info_delete') . '</label>';
         echo "</p>\n";
     }
     // Add followup appointment
     if (!_request('followup')) {
         echo "<!-- Add appointment? -->\n";
         echo '<p class="normal_text">';
         echo '<input type="checkbox" name="add_appointment" id="box_new_app" onclick="display_block(\'new_app\', \'flip\')" />';
         echo '<label for="box_new_app">' . _T('fu_info_add_future_activity') . '</label>';
         echo "</p>\n";
         echo '<div id="new_app" style="display: none;">';
         echo '<table class="tbl_usr_dtl" width="99%">' . "\n";
         echo "<!-- Start time -->\n\t\t<tr><td>";
         echo _T('time_input_date_start');
         echo "</td><td>";
         echo get_date_inputs('app_start', $this->data['app_start_time'], false);
         echo ' ' . _T('time_input_time_at') . ' ';
         echo get_time_inputs('app_start', $this->data['app_start_time']);
         echo f_err_star('app_start_time');
         echo "</td></tr>\n";
         echo "<!-- End time -->\n\t\t<tr><td>";
         echo $prefs['time_intervals'] == 'absolute' ? _T('time_input_date_end') : _T('app_input_time_length');
         echo "</td><td>";
         if ($prefs['time_intervals'] == 'absolute') {
             echo get_date_inputs('app_end', $this->data['app_end_time']);
             echo ' ' . _T('time_input_time_at') . ' ';
             echo get_time_inputs('app_end', $this->data['app_end_time']);
             echo f_err_star('app_end_time');
         } else {
             $interval = $this->data['app_end_time'] != '0000-00-00 00:00:00' ? strtotime($this->data['app_end_time']) - strtotime($this->data['app_start_time']) : 0;
             //	echo _T('calendar_info_time') . ' ';
             echo get_time_interval_inputs('app_delta', $interval);
             echo f_err_star('app_end_time');
         }
         echo "</td></tr>\n";
         /* [ML] Removing, not useful for now
         			   echo "<!-- Reminder -->\n\t\t<tr><td>";
         			   echo (($prefs['time_intervals'] == 'absolute') ? _T('app_input_reminder_time') : _T('app_input_reminder_offset'));
         			   echo "</td><td>";
         			   if ($prefs['time_intervals'] == 'absolute') {
         			   echo get_date_inputs('app_reminder', $this->data['app_reminder']);
         			   echo ' ' . _T('time_input_time_at') . ' ';
         			   echo get_time_inputs('app_reminder', $this->data['app_reminder']);
         			   echo f_err_star('app_reminder');
         			   } else {
         			   $interval = ( ($this->data['app_end_time']!='0000-00-00 00:00:00') ?
         			   strtotime($this->data['app_start_time']) - strtotime($this->data['app_reminder']) : 0);
         			//	echo _T('calendar_info_time') . ' ';
         			echo get_time_interval_inputs('app_rem_offset', $interval);
         			echo " " . _T('time_info_before_start');
         			echo f_err_star('app_reminder');
         			}
         			echo "</td></tr>\n";
         			 */
         // TODO: [ML] a bit of testing to see if this survives an error on new case
         // I suspect it doesn't..
         echo "<!-- Appointment title -->\n\t\t<tr><td>";
         echo f_err_star('app_title') . _T('app_input_title');
         echo "</td><td>";
         echo '<input type="text" ' . $dis . ' name="app_title" size="50" value="';
         echo clean_output($this->getDataString('app_title')) . '" class="search_form_txt" />';
         echo "</td></tr>\n";
         echo "<!-- Appointment type -->\n\t\t<tr><td>";
         echo _T('app_input_type');
         echo "</td><td>";
         echo '<select ' . $dis . ' name="app_type" size="1" class="sel_frm">';
         global $system_kwg;
         if ($_SESSION['fu_app_data']['type']) {
             $default_app = $_SESSION['fu_app_data']['type'];
         } else {
             $app_kwg = get_kwg_from_name('appointments');
             $default_app = $app_kwg['suggest'];
         }
         $opts = array();
         foreach ($system_kwg['appointments']['keywords'] as $kw) {
             $opts[$kw['name']] = _T(remove_number_prefix($kw['title']));
         }
         asort($opts);
         foreach ($opts as $k => $opt) {
             $sel = isSelected($k == $default_app);
             echo "<option value='{$k}'{$sel}>{$opt}</option>\n";
         }
         echo '</select>';
         echo "</td></tr>\n";
         echo "<!-- Appointment description -->\n";
         echo "<tr><td valign=\"top\">";
         echo _T('app_input_description');
         echo "</td><td>";
         echo '<textarea ' . $dis . ' name="app_description" rows="5" cols="60" class="frm_tarea">';
         echo clean_output($this->getDataString('app_description'));
         echo '</textarea>';
         echo "</td></tr>\n";
         echo "</table>\n";
         echo "</div>\n";
     }
 }
Пример #3
0
/**
 * View Action
 *
 * @param array $entity
 *
 * @return void
 */
function action_view(array $entity) : void
{
    // Item does not exist or is inactive
    if (!($item = one($entity['id'], ['id' => request('id')])) || !empty($entity['attr']['active']) && empty($item['active']) && !allowed('edit')) {
        action_error();
        return;
    }
    // Preview
    if (!empty($entity['attr']['active']) && empty($item['active'])) {
        message(_('Preview'));
    }
    layout_load();
    vars('content', ['item' => $item]);
    vars('head', ['title' => $item['name']]);
}
Пример #4
0
function show_attachments_list($type, $id_type, $id_author = 0)
{
    if (!($type == 'case' || $type == 'client' || $type == 'org')) {
        lcm_panic("unknown type -" . $type . "-");
    }
    $q = "SELECT * \n\t\t\tFROM lcm_" . $type . "_attachment \n\t\t\tWHERE content IS NOT NULL ";
    if ($id_type) {
        $q .= " AND id_" . $type . " = " . intval($id_type);
    }
    if ($id_author) {
        $q .= " AND id_author = " . intval($id_author);
    }
    $result = lcm_query($q);
    $i = lcm_num_rows($result);
    if ($i > 0) {
        echo '<table border="0" align="center" class="tbl_usr_dtl" width="99%">' . "\n";
        echo "<tr>\n";
        if ($id_author) {
            echo '<th class="heading" width="1%">' . _Th($type . '_input_id') . "</th>\n";
        }
        echo '<th class="heading">' . _Th('file_input_type') . "</th>\n";
        echo '<th class="heading">' . _Th('file_input_description') . "</th>\n";
        echo '<th class="heading">' . _Th('file_input_size') . "</th>\n";
        echo '<th class="heading">' . "</th>\n";
        echo "</tr>\n";
        for ($i = 0; $row = lcm_fetch_array($result); $i++) {
            echo "<tr>\n";
            if ($id_author) {
                echo '<td class="tbl_cont_' . ($i % 2 ? "dark" : "light") . '" align="left">';
                echo '<a href="' . $type . '_det.php?' . $type . '=' . $row['id_' . $type] . '" class="content_link">' . $row['id_' . $type] . '</a>';
                echo "</td>\n";
            }
            // Mimetype
            // [ML] We were using the mimetype sent by the browser, but it
            // ends up being rather useless, since MSIE and Firefox don't agree on
            // the mimetypes.. ex: .jpg = image/jpeg (FFx), but under MSIE is image/pjeg
            // So may as well just use the extention of the file, even if not reliable.
            echo '<td class="tbl_cont_' . ($i % 2 ? "dark" : "light") . '" align="left">';
            echo '<a title="' . $row['type'] . '" ' . 'href="view_file.php?type=' . $type . '&amp;file_id=' . $row['id_attachment'] . '">';
            if (preg_match("/\\.([a-zA-Z0-9]+)\$/", $row['filename'], $regs) && is_file("images/mimetypes/" . strtolower($regs[1]) . ".png")) {
                echo '<img src="images/mimetypes/' . $regs[1] . '.png" border="0" alt="' . $row['type'] . '" />';
            } else {
                echo '<img src="images/mimetypes/unknown.png" border="0" alt="' . $row['type'] . '" />';
            }
            echo '</a>';
            echo '</td>';
            // File name (or description, if any)
            echo '<td class="tbl_cont_' . ($i % 2 ? "dark" : "light") . '">' . '<a title="' . $row['filename'] . '" ' . 'href="view_file.php?type=' . $type . '&amp;file_id=' . $row['id_attachment'] . '" class="content_link">';
            echo trim($row['description']) ? $row['description'] : $row['filename'];
            echo '</a></td>';
            // Size
            echo '<td class="tbl_cont_' . ($i % 2 ? "dark" : "light") . '">' . size_in_bytes($row['size']) . '</td>';
            // Delete icon
            echo '<td class="tbl_cont_' . ($i % 2 ? "dark" : "light") . '">';
            if ($GLOBALS['author_session']['status'] == 'admin' || $row['id_author'] == $GLOBALS['author_session']['id_author'] && ($type == 'case' ? allowed($id_type, 'e') : true)) {
                echo '<label for="id_rem_file' . $row['id_attachment'] . '">';
                echo '<img src="images/jimmac/stock_trash-16.png" width="16" height="16" ' . 'alt="' . _T('file_info_delete') . '" title="' . _T('file_info_delete') . '" />';
                echo '</label>&nbsp;';
                echo '<input type="checkbox" onclick="lcm_show(\'btn_delete\')" ' . 'id="id_rem_file' . $row['id_attachment'] . '" name="rem_file[]" ' . 'value="' . $row['id_attachment'] . '" />';
            }
            echo '</td>';
            echo "</tr>\n";
        }
        echo "</table>\n";
        echo '<p align="right" style="visibility: hidden">';
        echo '<input type="submit" name="submit" id="btn_delete" value="' . _T('button_validate') . '" class="search_form_btn" />';
        echo "</p>\n";
    } else {
        echo '<p class="normal_text">' . _T('file_info_emptylist') . "</p>\n";
    }
}
Пример #5
0
                    <div class="span12">
                        <div class="span3">
                            <label for="form-field-select-1">Station name</label>
                            <select class="span12" id="station"  name="station">
                                <option value="" />  
                                <option value="<?php 
echo $this->session->userdata('stationname');
?>
" ><?php 
echo $this->session->userdata('stationname');
?>
</option>

                                <?php 
if (allowed($see, 'manage')) {
    if (is_array($stations) && count($stations)) {
        foreach ($stations as $loop) {
            ?>
 
                                            <option value="<?php 
            echo $loop->name;
            ?>
" /><?php 
            echo $loop->name;
            ?>
                      



Пример #6
0
function include_all($x)
{
    extract($x);
    #add a few extra variables that will be usefull in the output;
    #x = array('elements'=>, 'element_info'=>, 'user_id'=>, 'db'=>)
    #Example: $data = include_all(compact('elements', 'element_info', 'user_id', 'db'));
    #when there is no resource_class_id, find it from the project where instance was created. WILL ASSUME THAT RESOURCE_CLASS_ID FILLED OUT IS A REQUIREMENT FOR ALL S3DB THAT SHARE RULES
    if ($_REQUEST['project_id'] == '') {
        $project_id = $element_info['project_id'];
    } else {
        $project_id = $_REQUEST['project_id'];
    }
    if (!$model) {
        $model = 'nsy';
    }
    if ($letter == '') {
        $letter = strtoupper(substr($elements, 0, 1));
    }
    if (is_array($GLOBALS['s3map'][$GLOBALS['plurals'][$GLOBALS['s3codes'][$letter]]])) {
        foreach ($GLOBALS['s3map'][$GLOBALS['plurals'][$GLOBALS['s3codes'][$letter]]] as $replace => $with) {
            $element_info[$replace] = $element_info[$with];
        }
    }
    #if element is a class, return the class id
    if ($letter == 'D') {
        $element_info['acl'] = $user_id == '1' ? '222' : (user_is_admin($user_id, $db) ? '212' : (user_is_public($user_id, $db) ? '210' : '211'));
        $element_info['created_by'] = $user_id;
        $element_info['description'] = $GLOBALS['s3db_info']['server']['site_intro'];
        $element_info['name'] = $GLOBALS['s3db_info']['server']['site_title'];
        if ($element_info['deployment_id'] == $GLOBALS['s3db_info']['deployment']['Did']) {
            $element_info['self'] = 1;
        }
    }
    if ($letter == 'G') {
        #echo '<pre>';print_r($x);exit;
        $e = 'groups';
        #$element_info['group_id'] = $element_info['account_id'];
        #$element_info['groupname'] = $element_info['account_uname'];
        #$element_info['acl'] = groupAcl($element_info, $user_id, $db);
        $uid_info = uid($element_info['account_id']);
        $element_info['deployment_id'] = ereg_replace('^D', '', $uid_info['Did']);
        $strictuid = 1;
        $strictsharedwith = 1;
        $uid = 'G' . $element_info['group_id'];
        $shared_with = 'U' . $user_id;
        #$element_info['acl'] = permissionOnResource(compact('user_id', 'shared_with', 'db', 'uid','key','strictsharedwith','strictuid'));
        $element_info['acl'] = groupAcl($element_info, $user_id, $db, $timer);
        if ($timer) {
            $timer->setMarker('Included resource information for ' . $letter);
        }
        #echo '<pre>';print_r($element_info);exit;
    }
    if ($letter == 'U') {
        if ($element_info['account_addr_id'] != '') {
            $sql = "select * from s3db_addr where addr_id = '" . $element_info['account_addr_id'] . "'";
            $fields = array('addr1', 'addr2', 'city', 'state', 'postal_code', 'country');
            $db->query($sql);
            while ($db->next_record()) {
                for ($i = 0; $i < count($fields); $i++) {
                    $element_info[$fields[$i]] = $db->f($fields[$i]);
                }
            }
            $element_info = array_delete($element_info, 'account_addr_id');
        }
        $element_info['user_id'] = $element_info['account_id'];
        $element_info['username'] = $element_info['account_uname'];
        $element_info['login'] = $element_info['account_lid'];
        $element_info['address'] = $element_info['addr1'];
        $uid_info = uid($element_info['account_id']);
        $element_info['deployment_id'] = ereg_replace('^D', '', $uid_info['Did']);
        if ($user_id != '1' && $element_info['created_by'] != $user_id && $element_info['account_id'] != $user_id) {
            #if user is not seing himself and user is not admin and user was not the creator of element, then hide address, email, phone, etc.
            $keys2Remove = array('account_email' => '', 'account_phone' => '', 'addr1' => '', 'addr2' => '', 'city' => '', 'state' => '', 'postal_code' => '', 'country' => '');
            if (is_array($element_info)) {
                $element_info = array_diff_key($element_info, $keys2Remove);
            }
        }
        if ($user_id != '1' && $element_info['created_by'] != $user_id && $user_id != $element_info['account_id']) {
            if (is_array($element_info)) {
                $element_info = array_diff_key($element_info, array('account_type' => '', 'account_status' => ''));
            }
        } else {
            //if this user has been created with a filter, what is that filter
            $permission_info = array('uid' => 'U' . $element_info['created_by'], 'shared_with' => 'U' . $element_info['account_id']);
            $hp = has_permission($permission_info, $db);
            if ($hp) {
                $element_info['filter'] = $hp;
            }
        }
        if (is_array($element_info)) {
            $element_info = array_diff_key($element_info, array('account_pwd' => ''));
        }
        $user_id_who_asks = $user_id;
        $uid = 'U' . $element_info['user_id'];
        $shared_with = $user_id_who_asks;
        $strictuid = 1;
        $strictsharedwith = 1;
        $onPermissions = compact('user_id', 'shared_with', 'db', 'uid', 'key', 'strictsharedwith', 'strictuid');
        if ($element_info['acl'] == '') {
            $element_info['acl'] = userAcl(compact('key', 'element_info', 'user_id_who_asks', 'db'));
        }
    }
    if ($letter == 'P') {
        $element_info['name'] = $element_info['project_name'];
        $element_info['description'] = $element_info['project_description'];
        $id = 'P' . $element_info['project_id'];
        $uid = 'P' . $element_info['project_id'];
    }
    if ($letter == 'C') {
        $element_info['class_id'] = $element_info['resource_id'];
        $element_info['collection_id'] = $element_info['class_id'];
        $element_info['name'] = $element_info['entity'];
        $element_info['description'] = $element_info['notes'];
        #project_id to search for rule_id will be the same from the class
        $uid = 'C' . $element_info['resource_id'];
    }
    #if element is a rule, return the class_id of the subject. If the object is a class, return the object_id... to discuss with jonas
    if ($letter == 'R') {
        $uid = 'R' . $element_info['rule_id'];
    }
    #if this is an instance, return the class_id => ASSUMING THAT EVERY S3DB THAT HAS SHARED RULES HAS RESOURCECLASSID IN INSTANCE.
    if ($letter == 'I') {
        if ($element_info['resource_class_id'] != '') {
            $element_info['class_id'] = $element_info['resource_class_id'];
        }
        $element_info['instance_id'] = $element_info['resource_id'];
        $element_info['item_id'] = $element_info['instance_id'];
        $element_info['collection_id'] = $element_info['class_id'];
        $instance_id = $element_info['instance_id'];
        $uid = 'I' . $element_info['instance_id'];
    }
    if ($letter == 'S') {
        $uid = 'S' . $element_info['statement_id'];
        $info[$id] = $element_info;
        $statement_id = $element_info['statement_id'];
        $element_info['instance_id'] = $element_info['resource_id'];
        $element_info['item_id'] = $element_info['instance_id'];
        $element_info['instance_notes'] = $info['I' . $element_info['instance_id']]['notes'];
        if ($info['R' . $element_info['rule_id']] == '') {
            $info['R' . $element_info['rule_id']] = s3info('rule', $element_info['rule_id'], $db);
        }
        $element_info['object_notes'] = notes($element_info['value'], $db);
        $element_info['project_folder'] = $element_info['value'];
        $element_info = include_fileLinks($element_info, $db);
        $element_info['subject'] = $info['R' . $element_info['rule_id']]['subject'];
        $element_info['verb'] = $info['R' . $element_info['rule_id']]['verb'];
        $element_info['object'] = $info['R' . $element_info['rule_id']]['object'];
        $element_info['subject_id'] = $info['R' . $element_info['rule_id']]['subject_id'];
        $element_info['verb_id'] = $info['R' . $element_info['rule_id']]['verb_id'];
        $element_info['object_id'] = $info['R' . $element_info['rule_id']]['object_id'];
    }
    $strictuid = 1;
    $strictsharedwith = 1;
    $shared_with = 'U' . $user_id;
    $toFindInfo = $element_info;
    $onPermissions = compact('user_id', 'shared_with', 'db', 'uid', 'key', 'strictsharedwith', 'strictuid', 'timer', 'toFindInfo');
    if ($element_info['acl'] == '') {
        $element_info['acl'] = permission4Resource($onPermissions);
    }
    $element_info['permission_level'] = $element_info['acl'];
    if (!$element_info['effective_permission']) {
        $element_info['effective_permission'] = $element_info['acl'];
    }
    if (!$element_info['assigned_permission']) {
        $pp = array('uid' => $uid, 'shared_with' => $shared_with);
        $tmp = has_permission($pp, $db);
        if ($tmp) {
            $element_info['assigned_permission'] = $tmp;
        } else {
            $element_info['assigned_permission'] = '---';
        }
    }
    #Define if ser can view or not view data. View is the first number in the 3d code.
    $permission2user = permissionModelComp($element_info['permission_level']);
    ##According to the model, change the values of assigned_permission from prevous versions
    $element_info['assigned_permission'] = str_replace(array('0', '1', '2'), str_split($model), $element_info['assigned_permission']);
    $isOwner = $element_info['created_by'] == $user_id;
    $element_info['view'] = allowed($permission2user, 0, $isOwner, $state = 3, $model);
    $element_info['change'] = allowed($permission2user, 1, $isOwner, $state = 3, $model);
    $element_info['propagate'] = allowed($permission2user, 2, $isOwner, $state = 3, $model);
    #create the element "delete", in case it is eventually created...For now it is the same as change
    $element_info['delete'] = $element_info['change'];
    $element_info['delete_data'] = $element_info['add_data'];
    $element_info['add_data'] = $element_info['propagate'];
    return $element_info;
}
Пример #7
0
<!DOCTYPE html>
<html>
<head lang="en">
<?php 
include 'php/security.php';
session_start();
$allowed = allowed();
if ($allowed == true) {
} else {
    header("Location: login.html");
}
?>
    <script src="javascript/jquery.js"></script>
    <script src="javascript/bootstrap/bootstrap.js"></script>
    <script src="javascript/dashboard.js"></script>
    <script src="javascript/sweetalert.min.js"></script>
    <link rel="stylesheet" href="css/style.css" />
    <link rel="stylesheet" href="css/sweetalert.css" />
    <link rel="stylesheet" href="css/bootstrap/bootstrap.css" />
    <link rel="stylesheet" href="css/bootstrap/bootstrap-theme.css" />	
    <meta charset="UTF-8">
    <title>Dashboard</title>
    <script>
        $(document).ready(function() {
            $("#editAgentDiv, #newPropertyDiv, #editPropertyDiv, #generateURLDiv").css("display", "none");

            // Loads the options for the edit agent select
            loadAgentList("#editAgentSelect");
            loadAgentList("#propertyAgentSelect");
            loadPropertyList();
Пример #8
0
<?php

/* Another admin page, so admin rights are checked right off the bat. If everything checks out, the manufacturers and cars are loaded from database and placed
   in $carsarray and $manarray variables */
Atomik::needed('logincheck');
allowed();
$manufacturers = A("db: select manufacturerid as manid, name from manufacturer");
$cars = A("db: select carid, name from car");
$carsarray = $cars->fetchAll();
$manarray = $manufacturers->fetchAll();
Пример #9
0
    $q = "SELECT fu.*, a.name_first, a.name_middle, a.name_last, " . lcm_query_subst_time('fu.date_start', 'fu.date_end') . " as length\n\t\tFROM lcm_followup as fu, lcm_author as a\n\t\tWHERE id_followup = {$followup}\n\t\t\tAND fu.id_author = a.id_author";
    $result = lcm_query($q);
    if ($row = lcm_fetch_array($result)) {
        foreach ($row as $key => $value) {
            $fu_data[$key] = $value;
        }
    } else {
        die("There's no such follow-up!");
    }
} else {
    die("Which follow-up?");
}
// For 'edit case' button + 'undelete' message
$case_allow_modif = read_meta('case_allow_modif');
$edit = allowed($fu_data['id_case'], 'e');
$admin = allowed($fu_data['id_case'], 'a');
lcm_page_start(_T('title_fu_view'), '', '', 'cases_followups');
echo '<fieldset class="info_box">';
// Show a bit of background on the case
$case = $fu_data['id_case'];
show_context_start();
show_context_case_title($fu_data['id_case']);
show_context_case_stage($fu_data['id_case'], $fu_data['id_followup']);
show_context_case_involving($fu_data['id_case']);
// Show parent appointment, if any
// [ML] todo put in inc_presentation
$q = "SELECT app.*\n\t\tFROM lcm_app_fu as af, lcm_app as app\n\t\tWHERE af.id_followup = {$followup} \n\t\t  AND af.id_app = app.id_app \n\t\t  AND af.relation = 'child'";
$res_app = lcm_query($q);
if ($app = lcm_fetch_array($res_app)) {
    echo '<li style="list-style-type: none;">' . _T('fu_input_parent_appointment') . ' ';
    echo '<a class="content_link" href="app_det.php?app=' . $app['id_app'] . '">' . _Tkw('appointments', $app['type']) . ' (' . $app['title'] . ') from ' . format_date($app['start_time']) . "</a></li>\n";
Пример #10
0
<?php

echo "<div id=\"navi\">\n";
echo "<h2>Navigation</h2>\n";
echo "<ul>\n";
echo "<li id=\"tab_record\">";
echo "<a href=\"index.php?page=record1\">recording</a></li>\n";
echo "<li id=\"tab_postings\"><a href=\"index.php?page=postings\">";
echo "postings</a></li>\n";
if (allowed(3, "")) {
    echo "<li id=\"tab_comments\"><a href=\"index.php?page=comments\">";
    echo "comments</a></li>\n";
    echo "<li id=\"tab_organisation\">";
    echo "<a href=\"index.php?page=organisation\">organisation</a></li>\n";
    echo "<li id=\"tab_settings\">";
    echo "<a href=\"index.php?page=settings\">settings</a></li>\n";
}
echo "<li id=\"tab_logout\"><a href=\"index.php?do=logout\">logout</a></li>\n";
echo "</ul>\n";
echo "</div>\n";
?>


Пример #11
0
 function printEdit()
 {
     // Read site configuration preferences
     $case_assignment_date = read_meta('case_assignment_date');
     $case_alledged_crime = read_meta('case_alledged_crime');
     $case_legal_reason = read_meta('case_legal_reason');
     $case_allow_modif = read_meta('case_allow_modif');
     echo '<table class="tbl_usr_dtl">' . "\n";
     // Case ID (if editing existing case)
     if ($this->getDataInt('id_case')) {
         echo "<tr>" . "<td>" . _T('case_input_id') . "</td>" . "<td>" . $this->getDataInt('id_case') . '<input type="hidden" name="id_case" value="' . $this->getDataInt('id_case') . '" />' . "</td></tr>\n";
     }
     echo '<tr><td><label for="input_case_title">' . f_err_star('title') . _T('case_input_title') . "</label></td>\n";
     echo '<td><input size="35" name="title" id="input_case_title" value="' . clean_output($this->getDataString('title')) . '" class="search_form_txt" />';
     echo "</td></tr>\n";
     // Date of earlier assignment
     if ($case_assignment_date == 'yes') {
         echo "<tr>\n";
         echo "<td>" . f_err_star('date_assignment') . _Ti('case_input_date_assigned') . "</td>\n";
         echo "<td>" . get_date_inputs('assignment', $this->getDataString('date_assignment'), false) . "</td>\n";
         echo "</tr>\n";
     }
     // Legal reason
     if (substr($case_legal_reason, 0, 3) == 'yes') {
         echo '<tr><td><label for="input_legal_reason">' . f_err_star('legal_reason') . _T('case_input_legal_reason') . "</label>" . ($case_legal_reason == 'yes_mandatory' ? '<br/>(' . _T('keywords_input_policy_mandatory') . ')' : '') . "</td>\n";
         echo '<td>';
         echo '<textarea name="legal_reason" id="input_legal_reason" class="frm_tarea" rows="2" cols="60">';
         echo clean_output($this->getDataString('legal_reason'));
         echo "</textarea>";
         echo "</td>\n";
         echo "</tr>\n";
     }
     // Alledged crime
     if (substr($case_alledged_crime, 0, 3) == 'yes') {
         echo '<tr><td><label for="input_alledged_crime">' . f_err_star('alledged_crime') . _T('case_input_alledged_crime') . "</label>" . ($case_alledged_crime == 'yes_mandatory' ? '<br/>(' . _T('keywords_input_policy_mandatory') . ')' : '') . "</td>\n";
         echo '<td>';
         echo '<textarea name="alledged_crime" id="input_alledged_crime" class="frm_tarea" rows="2" cols="60">';
         echo clean_output($this->getDataString('alledged_crime'));
         echo '</textarea>';
         echo "</td>\n";
         echo "</tr>\n";
     }
     // Keywords (if any)
     show_edit_keywords_form('case', $this->getDataInt('id_case'));
     $id_stage = 0;
     // new case, stage not yet known
     if ($this->getDataString('stage')) {
         $stage = get_kw_from_name('stage', $this->getDataString('stage', '__ASSERT__'));
         $id_stage = $stage['id_keyword'];
     }
     show_edit_keywords_form('stage', $this->getDataInt('id_case'), $id_stage);
     // Notes
     echo "<tr>\n";
     echo "<td><label for='input_case_notes'>" . f_err_star('case_notes') . _Ti('case_input_notes') . "</label></td>\n";
     echo '<td><textarea name="case_notes" id="input_case_notes" class="frm_tarea" rows="3" cols="60">' . clean_output($this->getDataString('notes')) . "</textarea>\n" . "</td>\n";
     echo "</tr>\n";
     // Case status
     echo '<tr><td><label for="input_status">' . f_err_star('status') . _Ti('case_input_status') . "</label></td>\n";
     echo '<td>';
     echo '<select name="status" id="input_status" class="sel_frm">' . "\n";
     $statuses = $this->getDataInt('id_case') ? array('draft', 'open', 'suspended', 'closed', 'merged') : array('draft', 'open');
     foreach ($statuses as $s) {
         $sel = $s == $this->getDataString('status') ? ' selected="selected"' : '';
         echo '<option value="' . $s . '"' . $sel . ">" . _T('case_status_option_' . $s) . "</option>\n";
     }
     echo "</select></td>\n";
     echo "</tr>\n";
     // Case stage
     if (!$this->getDataString('stage')) {
         $this->data['stage'] = get_suggest_in_group_name('stage');
     }
     $kws = get_keywords_in_group_name('stage');
     echo '<tr><td><label for="input_stage">' . f_err_star('stage') . _T('case_input_stage') . "</label></td>\n";
     echo '<td><select name="stage" id="input_stage" class="sel_frm">' . "\n";
     foreach ($kws as $kw) {
         $sel = $kw['name'] == $this->data['stage'] ? ' selected="selected"' : '';
         echo "\t\t\t\t<option value='" . $kw['name'] . "'" . "{$sel}>" . _T(remove_number_prefix($kw['title'])) . "</option>\n";
     }
     echo "</select></td>\n";
     echo "</tr>\n";
     // Public access rights
     // FIXME FIXME FIXME
     if ($this->data['admin'] || read_meta('case_read_always') != 'yes' || read_meta('case_write_always') != 'yes') {
         $dis = isDisabled(!allowed($this->getDataInt('id_case'), 'a'));
         echo '<tr><td colspan="2">' . _T('case_input_collaboration') . ' <br /><ul>';
         if (read_meta('case_read_always') != 'yes' || $GLOBALS['author_session']['status'] == 'admin') {
             echo '<li style="list-style-type: none;">';
             echo '<input type="checkbox" name="public" id="case_public_read" value="yes"';
             if ($_SESSION['form_data']['public']) {
                 echo ' checked="checked"';
             }
             echo "{$dis} />";
             echo '<label for="case_public_read">' . _T('case_input_collaboration_read') . "</label></li>\n";
         }
         if (read_meta('case_write_always') != 'yes' || _session('admin')) {
             echo '<li style="list-style-type: none;">';
             echo '<input type="checkbox" name="pub_write" id="case_public_write" value="yes"';
             if (_session('pub_write')) {
                 echo ' checked="checked"';
             }
             echo "{$dis} />";
             echo '<label for="case_public_write">' . _T('case_input_collaboration_write') . "</label></li>\n";
         }
         echo "</ul>\n";
         echo "</td>\n";
         echo "</tr>\n";
     }
     echo "</table>\n";
 }
Пример #12
0
	or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License
	for more details.

	You should have received a copy of the GNU General Public License along
	with this program; if not, write to the Free Software Foundation, Inc.,
	59 Temple Place, Suite 330, Boston, MA  02111-1307, USA

	$Id: add_client.php,v 1.9 2007/11/16 16:29:08 mlutfy Exp $
*/
include 'inc/inc.php';
include_lcm('inc_acc');
$case = intval(_request('case'));
$_SESSION['errors'] = array();
$destination = "case_det.php?case={$case}";
// Test access rights (unlikely to happen, unless hack attempt)
if (!($case && allowed($case, 'a'))) {
    $_SESSION['errors']['generic'] = "Access denied";
    // TRAD
    header("Location: " . $destination);
    exit;
}
// Add client to case
if (isset($_REQUEST['clients'])) {
    foreach ($_REQUEST['clients'] as $key => $value) {
        $clients[$key] = intval($value);
    }
    if ($clients) {
        foreach ($clients as $client) {
            $q = "INSERT INTO lcm_case_client_org\n\t\t\t\tSET id_case={$case},id_client={$client}";
            $result = lcm_query($q);
        }
Пример #13
0
include_lcm('inc_acc');
// Get request parameters
$file_id = intval($_REQUEST['file_id']);
$type = clean_input($_REQUEST['type']);
switch ($type) {
    //
    // View case attachment
    //
    case 'case':
        $q = "SELECT ca.*, c.public\n\t\t\tFROM lcm_case_attachment as ca, lcm_case as c\n\t\t\tWHERE ca.id_case = c.id_case\n\t\t\t\tAND id_attachment = {$file_id}";
        $result = lcm_query($q);
        if (lcm_num_rows($result) == 0) {
            die("There is no such file");
        }
        $row = lcm_fetch_array($result);
        if (!($GLOBALS['author_session']['status'] == 'admin' || $row['public'] || allowed($row['id_case'], 'r'))) {
            die(_T('error_no_read_permission'));
        }
        break;
        //
        // View client attachment
        //
    //
    // View client attachment
    //
    case 'client':
        $q = "SELECT *\n\t\t\tFROM lcm_client_attachment\n\t\t\tWHERE id_attachment={$file_id}";
        $result = lcm_query($q);
        if (lcm_num_rows($result) == 0) {
            die("There is no such file!");
        }
Пример #14
0
	59 Temple Place, Suite 330, Boston, MA  02111-1307, USA

	$Id: edit_auth.php,v 1.18 2006/07/27 15:31:22 mlutfy Exp $
*/
include 'inc/inc.php';
include_lcm('inc_acc');
include_lcm('inc_filters');
// Initialise variables
$case = intval($_GET['case']);
if (!($case > 0)) {
    lcm_page_start(_T('title_error'));
    echo "<p>" . _T('error_no_case_specified') . "</p>\n";
    lcm_page_end();
    exit;
}
if (!allowed($case, 'a')) {
    die("You don't have permission to edit this case's access rights.");
}
$q = "SELECT *\n\tFROM lcm_case_author,lcm_author\n\tWHERE (id_case={$case}\n\t  AND lcm_case_author.id_author=lcm_author.id_author";
if ($author > 0) {
    $q .= " AND lcm_author.id_author={$author}";
}
$q .= ')';
$result = lcm_query($q);
lcm_page_start(_T('title_case_edit_ac'));
lcm_bubble('case_ac');
show_context_start();
show_context_case_title($case);
show_context_case_involving($case);
show_context_end();
?>
Пример #15
0
function includeAllData($pack)
{
    extract($pack);
    $element2query = $element2query == '' ? $s3ql['from'] : $element2query;
    #echo '<pre>';print_r($data);exit;
    $letter = letter($element2query);
    $element = $GLOBALS['s3codes'][$letter];
    if ($user_id != '1') {
        if (count($data) >= 4) {
            if (!ereg('^U|^G', $letter)) {
                $Z = compact('user_id', 'db', 'uidQuery', 'timer', 'WhereInfo', 'shared_with_query');
                $Z['toFind'] = $letter;
                $Z['shared_with_user'] = '******' . $user_id;
                $ids = permissionPropagation($Z);
            }
        }
    }
    if (ereg('^U|^G', $letter) && $WhereInfo) {
        $whereId = array_keys($WhereInfo);
        if (count($whereId) > 1) {
            $array = array();
            return $array;
        } else {
            $whereId = $whereId[0];
            #Tlist provides the list of resources that are shared with the uid of interest, including users & groups
            $Hlist = bottom_up_propagation_list($whereId, $db);
            $Tlist = user_included_bottom_up_propagation_list('U', $whereId, $user_id, $db);
            $resourceUsers = s3dbPercolate($Hlist, $Tlist, $letter);
            if ($_REQUEST['su3d']) {
            }
        }
    }
    ##Remove from data the uids that do not exist in ids
    $str = $GLOBALS['s3ids'][$GLOBALS['s3codes'][$letter]];
    $re_issued = array();
    if (is_array($data)) {
        foreach ($data as $ind => $array) {
            $uid = $letter . $array[$str];
            if ($uid != '') {
                if ($user_id != '1') {
                    if (is_array($ids)) {
                        if (!ereg('^U|^G', $letter)) {
                            if ($ids[$uid] != '') {
                                $array['acl'] = $ids[$uid];
                            } else {
                                $array = array();
                            }
                        } else {
                            if ($resourceUsers) {
                                if (in_array($uid, array_keys($resourceUsers))) {
                                    $array['permissionOnResource'] = $resourceUsers[$uid];
                                } else {
                                    $array = array();
                                }
                            }
                            #else {
                            #	 $array=array();
                            #}
                        }
                    } else {
                        $strictuid = 1;
                        $strictsharedwith = 1;
                        $shared_with = 'U' . $user_id;
                        $P = compact('uid', 'shared_with', 'user_id', 'db', 'strictuid', 'strictsharedwith', 'stream', 'timer');
                        if (!ereg('^U|^G', $letter)) {
                            $array['acl'] = permission4Resource($P);
                            $array['permission_level'] = $array['acl'];
                            $permission2user = permissionModelComp($array['permission_level']);
                            $isOwner = $array['created_by'] == $user_id;
                            $array['view'] = allowed($permission2user, 0, $isOwner);
                            $array['change'] = allowed($permission2user, 1, $isOwner);
                            $array['propagate'] = allowed($permission2user, 2, $isOwner);
                            #create the element "delete", in case it is eventually created...For now it is the same as change
                            $array['delete'] = $array['change'];
                            $array['add_data'] = $array['propagate'];
                            $array['delete_data'] = $array['add_data'];
                        } else {
                            if ($resourceUsers) {
                                if (in_array($uid, array_keys($resourceUsers))) {
                                    $array['permissionOnResource'] = $resourceUsers[$uid];
                                } else {
                                    $array = array();
                                }
                            }
                            #else {
                            #	 $array=array();
                            #}
                        }
                    }
                } else {
                    $array['acl'] = 'yyy';
                    if (ereg('^U|^G', $letter) && $resourceUsers) {
                        if ($resourceUsers) {
                            if (in_array($uid, array_keys($resourceUsers))) {
                                $array['permissionOnResource'] = $resourceUsers[$uid];
                            } else {
                                $array = array();
                            }
                        }
                        #else {
                        #	 $array=array();
                        #}
                    }
                }
            }
            if (!empty($array)) {
                $re_issued[$uid] = $array;
                $element_info = $re_issued[$uid];
                $info = $WhereInfo;
                $C = compact('letter', 'info', 'elements', 'element_info', 'user_id', 'db', 'key', 'timer', 'model');
                $element_info = include_all($C);
                $element_info['uri'] = S3DB_URI_BASE . '/' . $letter . $array[$str];
                #$element_info['uri'] = str_replace('central', 'TCGA', S3DB_URI_BASE.'/'.$letter.$array[$str]);
                $pack['uid'] = $uid;
                $pack['info'] = $element_info;
                $element_info = filterDataForQuery($pack);
                if ($timer) {
                    $timer->setMarker('Filter Data For The Query');
                }
                $re_issued[$uid] = $element_info;
            }
        }
    }
    $data = array_values(array_filter($re_issued));
    return $data;
}
Пример #16
0
function readonly($posting)
{
    if (!allowed(1, $posting)) {
        return "readonly=\"readonly\"";
    }
}
Пример #17
0
    if ($auth_info['stat'] == 'ok') {
        /* STEP 3 Continued: Extract the 'identifier' from the response */
        $profile = $auth_info['profile'];
        $identifier = $profile['identifier'];
        if (isset($profile['photo'])) {
            $photo_url = $profile['photo'];
        }
        if (isset($profile['displayName'])) {
            $name = $profile['displayName'];
        }
        if (isset($profile['email'])) {
            $email = $profile['email'];
        }
        /* STEP 4: Use the identifier as the unique key to sign the user into your system.
        This will depend on your website implementation, and you should add your own
        code here.
        */
        if (strpos($email, '@gmail.com')) {
            $email = substr($email, 0, strlen($email) - 10);
        }
        if (allowed($email)) {
            updateID($email, $identifier);
        }
        header('Location: ' . $_REQUEST["return"] . '?identifier=' . $identifier);
        /* Make sure that code below does not get executed when we redirect. */
        /* an error occurred */
    } else {
        // gracefully handle the error. Hook this into your native error handling system.
        echo 'An error occured: ' . $auth_info['err']['msg'];
    }
}
<?php

echo "<h1>Organisation</h1>\n";
include 'inc/navigation.php';
include 'inc/functions_organisation.php';
//check the rights
if (!allowed(3, "")) {
    die("<p class=\"msg\">Administrators do some wild party in here. You are not invited :-(</p>");
}
//what do we get from url? go to appropiate function(s)!
if (!isset($_GET['do'])) {
    showcatsandauthors();
} else {
    if ($_GET['do'] == "editauthor") {
        showauthor($_GET['id'], false);
    }
    if ($_GET['do'] == "newauthor") {
        showauthor(0, true);
    }
    if ($_GET['do'] == "delauthor") {
        if ($_GET['id'] != $_SESSION['authorid']) {
            deleteauthor($_GET['id']);
        } else {
            echo "<p class=\"msg\">You cannot delete yourself!</p>";
        }
        showcatsandauthors();
    }
    if ($_GET['do'] == "saveauthor") {
        if (savepostedauthordata($_GET['id'])) {
            showcatsandauthors();
        } else {
Пример #19
0
// Get input values
$type = clean_input($_POST['type']);
$destination = intval($_POST['destination']);
$case = intval($_POST['id_case']);
$sumbilled = $_POST['sumbilled'] ? $_POST['sumbilled'] : 0;
$ref_edit_fu = clean_input($_POST['ref_edit_fu']);
$id_author = $GLOBALS['author_session']['id_author'];
// Check incoming data
if ($type != 'merge') {
    die("This module is used for case merging only!");
}
if (!($case > 0)) {
    die("Which case?");
}
// Check access rights
if (!allowed($case, 'w')) {
    die("You don't have permission to add information to this case!");
}
// Create new case if $destination is 0
if ($destination == 0) {
    // Create new case
    $q = "INSERT INTO lcm_case SET\n\t\t\tid_case=0,\n\t\t\tdate_creation=NOW(),\n\t\t\tstatus='open'";
    $result = lcm_query($q);
    $destination = lcm_insert_id('lcm_case', 'id_case');
    // Insert new case_author relation
    $q = "INSERT INTO lcm_case_author SET\n\t\t\tid_case={$destination},\n\t\t\tid_author={$id_author},\n\t\t\tac_read=1,\n\t\t\tac_write=1,\n\t\t\tac_admin=1";
    $result = lcm_query($q);
}
// Add "merged to" follow-up to the old case
$q = "INSERT INTO lcm_followup SET id_followup=0,\n\t\tid_case={$case},\n\t\tid_author={$id_author},\n\t\tdate_start=NOW(),\n\t\tdate_end=NOW(),\n\t\ttype='{$type}',\n\t\tsumbilled={$sumbilled},\n\t\tdescription='Merged to case ID:{$destination}\\n{$description}'";
$result = lcm_query($q);
        echo "<td class=\"center\"><input " . readonly($edit_id) . " type=\"text\" value=\"" . $links[$i]['title'];
        echo "\" name=\"linktit" . $i . "\" /></td>\n";
        echo "<td class=\"right\"><input " . readonly($edit_id) . " type=\"text\" value=\"" . $links[$i]['description'];
        echo "\" name=\"linkdes" . $i . "\" /></td>\n";
        echo "</tr>";
    }
    ?>
</table>

</div>



<!--                                      submit-button  -->
<div class="submit">

<?php 
    if (allowed(1, $edit_id)) {
        echo "<input class=\"save\" type=\"submit\" value=\"save all\" />";
    }
    ?>
</div>



</form>

<?php 
} else {
    echo "<p class=\"msg\">No audio file defined!</p>\n\n";
}
Пример #21
0
$result = lcm_query($q);
// Process the output of the query
if ($row = lcm_fetch_array($result)) {
    // Check for access rights
    if (!allowed($case, 'r')) {
        // [ML] I usually would not care about such errors, since they happen
        // only when the user messes around with URLs, but since I modified the
        // access control test, I am paranoid :-) Feel free to scrap later.
        lcm_page_start(_T('title_error'));
        echo _T('error_no_read_permission');
        lcm_page_end();
        exit;
    }
    $add = allowed($case, 'w');
    $edit = allowed($case, 'e');
    $admin = allowed($case, 'a');
    // Show case details
    lcm_page_start(_T('title_case_details') . " #" . $row['id_case'] . ' ' . $row['title'], '', '', 'cases_intro');
    // [ML] This will probably never be implemented
    // echo "<div id=\"breadcrumb\"><a href=\"". getenv("HTTP_REFERER") ."\">List of cases</a> &gt; ". $row['title'] ."</div>";
    // Show tabs
    $groups = array('general' => array('name' => _T('generic_tab_general'), 'tooltip' => _T('case_subtitle_general')), 'appointments' => array('name' => _T('generic_tab_agenda'), 'tooltip' => _T('case_subtitle_appointments')), 'exps' => array('name' => 'Requests', 'tooltip' => 'Internal requests'), 'times' => array('name' => _T('generic_tab_reports'), 'tooltip' => _T('case_subtitle_times')), 'attachments' => array('name' => _T('generic_tab_documents'), 'tooltip' => _T('case_subtitle_attachments')));
    $tab = isset($_GET['tab']) ? $_GET['tab'] : 'general';
    show_tabs($groups, $tab, $_SERVER['REQUEST_URI']);
    echo show_all_errors();
    switch ($tab) {
        //
        // General tab
        //
        case 'general':
            echo "<fieldset class='info_box'>";
Пример #22
0
        }
    }
    //showing audio length in minutes
    echo "<td>" . getminutes($showtable[$i]['audio_length']) . "</td>\n";
    //the status radio buttons
    $temp = $showtable[$i]['status'];
    echo "<td>\n";
    if ($temp == 1) {
        echo "<span style=\"color:#dd0067;\">" . bla("draft") . "</span>";
    }
    if ($temp == 2) {
        echo "<span style=\"color:#090;\">" . bla("finished") . "</span>";
    }
    if ($temp == 3) {
        echo bla("onair");
    }
    echo "</td>\n";
    //a beautiful button for deleting
    echo "<td class=\"right\">\n";
    if (allowed(1, $showtable[$i]['id'])) {
        echo "<form method=\"post\" enctype=\"multipart/form-data\" ";
        echo "action=\"index.php?page=postings&amp;do=x&amp;";
        echo "id=" . $showtable[$i]['id'] . "\" ";
        echo "onSubmit=\"return yesno('" . bla("alert_deleteposting") . "')\">\n";
        echo "<input type=\"submit\" value=\"" . bla("but_delete") . "\" />\n";
        echo "</form>\n";
    }
    echo "</td>\n";
    echo "</tr>\n\n";
}
echo "</table>";
Пример #23
0
    // it will send back to "case_det.php?case=NNN" after update.
    $_SESSION['form_data']['ref_edit_case'] = _request('ref');
    $id_case = intval(_request('case'));
    if ($id_case) {
        // Check access rights
        if (!allowed($id_case, 'e')) {
            die(_T('error_no_edit_permission'));
        }
        $q = "SELECT *\n\t\t\tFROM lcm_case\n\t\t\tWHERE id_case = {$id_case}";
        $result = lcm_query($q);
        if ($row = lcm_fetch_array($result)) {
            foreach ($row as $key => $value) {
                $_SESSION['form_data'][$key] = $value;
            }
        }
        $_SESSION['form_data']['admin'] = allowed($id_case, 'a');
    } else {
        // Set default values for the new case
        $_SESSION['form_data']['date_assignment'] = date('Y-m-d H:i:s');
        $_SESSION['form_data']['public'] = (int) (read_meta('case_default_read') == 'yes');
        $_SESSION['form_data']['pub_write'] = (int) (read_meta('case_default_write') == 'yes');
        if (isset($GLOBALS['case_default_status']) && $GLOBALS['case_default_status'] == 'draft') {
            $_SESSION['form_data']['status'] = 'draft';
        } else {
            $_SESSION['form_data']['status'] = 'open';
        }
        $_SESSION['form_data']['admin'] = true;
    }
}
$attach_client = 0;
$attach_org = 0;
Пример #24
0
        }
        $_SESSION['form_data']['id_app'] = $app;
        if (empty($_SESSION['errors'])) {
            // Propose a description based on the appointment
            $_SESSION['form_data']['description'] = _T('fu_info_after_event', array('title' => _Ti(_Tkw('appointments', $row['type'])) . $row['title'], 'date' => format_date($row['start_time']), 'participants' => join(', ', $participants)));
            $_SESSION['form_data']['date_start'] = $row['start_time'];
            $_SESSION['form_data']['date_end'] = $row['end_time'];
            $_SESSION['form_data']['description'] = str_replace('&nbsp;', ' ', $_SESSION['form_data']['description']);
        }
    }
}
//
// Check for access rights
//
$edit = allowed($_SESSION['form_data']['id_case'], 'e');
$write = allowed($_SESSION['form_data']['id_case'], 'w');
if (!($admin || $write)) {
    lcm_panic("You don't have permission to add follow-ups to this case");
}
if (isset($_SESSION['followup']) && !$edit) {
    lcm_panic("You do not have the permission to edit existing follow-ups");
}
//
// Change status/stage: check for if case status/stage is different than current
//
$statuses = get_possible_case_statuses();
// yes, stupid patch because of annoying PHP warnings
// the whole code needs a rewrite anyway.. too much spagetti!
if (!isset($_REQUEST['submit'])) {
    $_REQUEST['submit'] = '';
}
Пример #25
0
	59 Temple Place, Suite 330, Boston, MA  02111-1307, USA

	$Id: set_case_stage.php,v 1.2 2005/04/08 05:59:41 mlutfy Exp $
*/
include 'inc/inc.php';
include_lcm('inc_acc');
include_lcm('inc_filters');
// Get input values
$case = intval($_GET['case']);
$stage = clean_input($_GET['stage']);
// Check if case_id is set
if (!($case > 0)) {
    die("Which case?");
}
// Check access rights
if (!($GLOBALS['author_session']['status'] == 'admin' || allowed($case, 'we'))) {
    die("You don't have rights to set this case status!");
}
// Get site preferences
//$fu_sum_billed = read_meta('fu_sum_billed');
// Check if there are no errors - new followup
if (!count($_SESSION['errors'])) {
    // Clear followup data
    $_SESSION['fu_data'] = array();
}
// Get case details
$q = "SELECT * FROM lcm_case WHERE id_case={$case}";
$result = lcm_query($q);
// Check if the case exists
if (!($row = lcm_fetch_array($result))) {
    die("There is no such case.");