function checkUserPermission($file_id, $permittable_right, $obj) { global $pdo; $userperm_obj = new UserPermission($_SESSION['uid'], $pdo); if (!$userperm_obj->user_obj->isAdmin() && $userperm_obj->getAuthority($file_id, $obj) < $permittable_right) { echo msg('error') . ': ' . msg('message_unable_to_find_file') . PHP_EOL; echo ' ' . msg('message_please_email') . ' <a href="mailto:' . $GLOBALS['CONFIG']['site_mail'] . '">' . msg('area_admin') . '</a>'; exit; } }
// query to find out who... $checkout_person_obj = $file_data_obj->getCheckerOBJ(); $full_name = $checkout_person_obj->getFullName(); $GLOBALS['smarty']->assign('checkout_person_full_name', $full_name); $GLOBALS['smarty']->assign('checkout_person_email', $checkout_person_obj->getEmailAddress()); } // Can they Read? if ($user_permission_obj->getAuthority($request_id, $file_data_obj) >= $user_permission_obj->READ_RIGHT) { $view_link = 'view_file.php?id=' . e::h($full_requestId) . '&state=' . ($state + 1); $GLOBALS['smarty']->assign('view_link', $view_link); } // Lets figure out which buttons to show if ($status == 0 || $status == -1 && $file_data_obj->isOwner($_SESSION['uid'])) { // check if user has modify rights $user_perms = new UserPermission($_SESSION['uid'], $GLOBALS['pdo']); if ($user_perms->getAuthority($request_id, $file_data_obj) >= $user_perms->WRITE_RIGHT && !isset($revision_id) && !$file_data_obj->isArchived()) { // if so, display link for checkout $check_out_link = "check-out.php?id={$request_id}" . '&state=' . ($state + 1) . '&access_right=modify'; $GLOBALS['smarty']->assign('check_out_link', $check_out_link); } if ($user_permission_obj->getAuthority($request_id, $file_data_obj) >= $user_permission_obj->ADMIN_RIGHT && !@isset($revision_id) && !$file_data_obj->isArchived()) { // if user is also the owner of the file AND file is not checked out // additional actions are available $edit_link = "edit.php?id={$request_id}&state=" . ($state + 1); $GLOBALS['smarty']->assign('edit_link', $edit_link); } } ////end if ($status == 0) // ability to view revision history is always available // put it outside the block $history_link = "history.php?id={$request_id}&state=" . ($state + 1);
// query to find out who... $checkout_person_obj = $file_data_obj->getCheckerOBJ(); $full_name = $checkout_person_obj->getFullName(); $GLOBALS['smarty']->assign('checkout_person_full_name', $full_name); $GLOBALS['smarty']->assign('checkout_person_email', $checkout_person_obj->getEmailAddress()); } // Can they Read? if ($user_permission_obj->getAuthority($_REQUEST['id'], $file_data_obj) >= $user_permission_obj->READ_RIGHT) { $view_link = "view_file.php?id={$full_requestId}" . '&state=' . ($_REQUEST['state'] + 1); $GLOBALS['smarty']->assign('view_link', $view_link); } // Lets figure out which buttons to show if ($status == 0 || $status == -1 && $file_data_obj->isOwner($_SESSION['uid'])) { // check if user has modify rights $user_perms = new UserPermission($_SESSION['uid'], $GLOBALS['pdo']); if ($user_perms->getAuthority($_REQUEST['id'], $file_data_obj) >= $user_perms->WRITE_RIGHT && !isset($revision_id) && !$file_data_obj->isArchived()) { // if so, display link for checkout $check_out_link = "check-out.php?id={$request_id}" . '&state=' . ($_REQUEST['state'] + 1) . '&access_right=modify'; $GLOBALS['smarty']->assign('check_out_link', $check_out_link); } if ($user_permission_obj->getAuthority($_REQUEST['id'], $file_data_obj) >= $user_permission_obj->ADMIN_RIGHT && !@isset($revision_id) && !$file_data_obj->isArchived()) { // if user is also the owner of the file AND file is not checked out // additional actions are available $edit_link = "edit.php?id={$_REQUEST['id']}&state=" . ($_REQUEST['state'] + 1); $GLOBALS['smarty']->assign('edit_link', $edit_link); } } ////end if ($status == 0) // ability to view revision history is always available // put it outside the block $history_link = "history.php?id={$request_id}&state=" . ($_REQUEST['state'] + 1);