function checkUserPermission($file_id, $permittable_right, $obj)
{
global $pdo;
$userperm_obj = new UserPermission($_SESSION['uid'], $pdo);
if (!$userperm_obj->user_obj->isAdmin() && $userperm_obj->getAuthority($file_id, $obj) < $permittable_right) {
echo msg('error') . ': ' . msg('message_unable_to_find_file') . PHP_EOL;
echo ' ' . msg('message_please_email') . ' <a href="mailto:' . $GLOBALS['CONFIG']['site_mail'] . '">' . msg('area_admin') . '</a>';
exit;
}
}
// query to find out who...
$checkout_person_obj = $file_data_obj->getCheckerOBJ();
$full_name = $checkout_person_obj->getFullName();
$GLOBALS['smarty']->assign('checkout_person_full_name', $full_name);
$GLOBALS['smarty']->assign('checkout_person_email', $checkout_person_obj->getEmailAddress());
}
// Can they Read?
if ($user_permission_obj->getAuthority($request_id, $file_data_obj) >= $user_permission_obj->READ_RIGHT) {
$view_link = 'view_file.php?id=' . e::h($full_requestId) . '&state=' . ($state + 1);
$GLOBALS['smarty']->assign('view_link', $view_link);
}
// Lets figure out which buttons to show
if ($status == 0 || $status == -1 && $file_data_obj->isOwner($_SESSION['uid'])) {
// check if user has modify rights
$user_perms = new UserPermission($_SESSION['uid'], $GLOBALS['pdo']);
if ($user_perms->getAuthority($request_id, $file_data_obj) >= $user_perms->WRITE_RIGHT && !isset($revision_id) && !$file_data_obj->isArchived()) {
// if so, display link for checkout
$check_out_link = "check-out.php?id={$request_id}" . '&state=' . ($state + 1) . '&access_right=modify';
$GLOBALS['smarty']->assign('check_out_link', $check_out_link);
}
if ($user_permission_obj->getAuthority($request_id, $file_data_obj) >= $user_permission_obj->ADMIN_RIGHT && !@isset($revision_id) && !$file_data_obj->isArchived()) {
// if user is also the owner of the file AND file is not checked out
// additional actions are available
$edit_link = "edit.php?id={$request_id}&state=" . ($state + 1);
$GLOBALS['smarty']->assign('edit_link', $edit_link);
}
}
////end if ($status == 0)
// ability to view revision history is always available
// put it outside the block
$history_link = "history.php?id={$request_id}&state=" . ($state + 1);
// query to find out who...
$checkout_person_obj = $file_data_obj->getCheckerOBJ();
$full_name = $checkout_person_obj->getFullName();
$GLOBALS['smarty']->assign('checkout_person_full_name', $full_name);
$GLOBALS['smarty']->assign('checkout_person_email', $checkout_person_obj->getEmailAddress());
}
// Can they Read?
if ($user_permission_obj->getAuthority($_REQUEST['id'], $file_data_obj) >= $user_permission_obj->READ_RIGHT) {
$view_link = "view_file.php?id={$full_requestId}" . '&state=' . ($_REQUEST['state'] + 1);
$GLOBALS['smarty']->assign('view_link', $view_link);
}
// Lets figure out which buttons to show
if ($status == 0 || $status == -1 && $file_data_obj->isOwner($_SESSION['uid'])) {
// check if user has modify rights
$user_perms = new UserPermission($_SESSION['uid'], $GLOBALS['pdo']);
if ($user_perms->getAuthority($_REQUEST['id'], $file_data_obj) >= $user_perms->WRITE_RIGHT && !isset($revision_id) && !$file_data_obj->isArchived()) {
// if so, display link for checkout
$check_out_link = "check-out.php?id={$request_id}" . '&state=' . ($_REQUEST['state'] + 1) . '&access_right=modify';
$GLOBALS['smarty']->assign('check_out_link', $check_out_link);
}
if ($user_permission_obj->getAuthority($_REQUEST['id'], $file_data_obj) >= $user_permission_obj->ADMIN_RIGHT && !@isset($revision_id) && !$file_data_obj->isArchived()) {
// if user is also the owner of the file AND file is not checked out
// additional actions are available
$edit_link = "edit.php?id={$_REQUEST['id']}&state=" . ($_REQUEST['state'] + 1);
$GLOBALS['smarty']->assign('edit_link', $edit_link);
}
}
////end if ($status == 0)
// ability to view revision history is always available
// put it outside the block
$history_link = "history.php?id={$request_id}&state=" . ($_REQUEST['state'] + 1);
