static function has_permission($folderID, $userObj, $db) { $permission = false; $folder_owner = folder_utils::get_ownerID($folderID, $db); if ($folder_owner == $userObj->get_user_ID()) { return true; } $result = $db->prepare("SELECT idMod FROM folders_modules_staff WHERE folders_id = ?"); $result->bind_param('i', $folderID); $result->execute(); $result->bind_result($idMod); while ($result->fetch()) { if ($userObj->is_staff_user_on_module($idMod)) { $permission = true; break; } } $result->close(); return $permission; }
// You should have received a copy of the GNU General Public License // along with Rogō. If not, see <http://www.gnu.org/licenses/>. /** * * Delete a personal folder. * * @author Simon Wilkinson * @version 1.0 * @copyright Copyright (c) 2014 The University of Nottingham * @package */ require '../include/staff_auth.inc'; require '../include/errors.inc'; require '../classes/folderutils.class.php'; $folderID = check_var('folderID', 'POST', true, false, true); if ($userObject->get_user_ID() != folder_utils::get_ownerID($folderID, $mysqli)) { $msg = sprintf($string['furtherassistance'], $configObject->get('support_email'), $configObject->get('support_email')); $notice->display_notice_and_exit($mysqli, $string['pagenotfound'], $msg, $string['pagenotfound'], '../artwork/page_not_found.png', '#C00000', true, true); } $result = $mysqli->prepare("SELECT name FROM folders WHERE id = ?"); $result->bind_param('i', $folderID); $result->execute(); $result->bind_result($name); $result->fetch(); $result->close(); $directories = explode(';', $name); $parent = ''; if (count($directories) > 1) { for ($i = 1; $i < count($directories); $i++) { if ($parent == '') { $parent = $directories[$i - 1];