public function updateFileProperties($p)
{
if (empty($p['id'])) {
return array('success' => false, 'msg' => L\get('Wrong_input_data'));
}
if (!Security::canWrite($p['id'])) {
return array('success' => false, 'msg' => L\get('Access_denied'));
}
$p['title'] = strip_tags(@$p['title']);
DM\Files::update(array('id' => $p['id'], 'date' => Util\dateISOToMysql($p['date']), 'title' => @$p['title'], 'uid' => User::getId(), 'udate' => 'CURRENT_TIMESTAMP'));
Objects::updateCaseUpdateInfo($p['id']);
return array('success' => true);
}
/**
* create shorcut(s)
* @param object $p input params
* @return json responce
*/
public function shortcut($p)
{
if (!$this->validateParams($p)) {
return array('success' => false, 'msg' => L\get('ErroneousInputData'));
}
/* security checks */
foreach ($p['sourceIds'] as $sourceId) {
if (!\CB\Security::canRead($sourceId)) {
return array('success' => false, 'msg' => L\get('Access_denied'));
}
}
if (!\CB\Security::canWrite($p['targetId'])) {
return array('success' => false, 'msg' => L\get('Access_denied'));
}
$rez = array('success' => true, 'targetId' => $p['targetId'], 'processedIds' => array());
$shortcutObject = new Objects\Shortcut();
foreach ($p['sourceIds'] as $id) {
$rez['processedIds'][] = $shortcutObject->create(array('id' => null, 'pid' => $p['targetId'], 'target_id' => $id));
}
Solr\Client::runCron();
return $rez;
}
/**
* move an object to $pid or over $targetId
*
* we'll use the same principle as for copy
*
* @param int $pid if not specified then will be set to pid of targetId
* @param int $targetId
* @return int the id of moved object or false
*/
public function moveTo($pid = false, $targetId = false)
{
// check input params
if (!is_numeric($this->id) || !is_numeric($pid) && !is_numeric($targetId)) {
return false;
}
/* security check */
if (!\CB\Security::canRead($this->id)) {
return false;
}
/* end of security check */
//load current object from db into a variable to be passed to log and events
$this->oldObject = clone $this;
$this->oldObject->load($this->id);
if (is_numeric($targetId)) {
/* target security check */
if (!\CB\Security::canWrite($targetId)) {
return false;
}
/* end of target security check */
// marking overwriten object with dstatus = 3
DB\dbQuery('UPDATE tree
SET updated = 1
,dstatus = 3
,did = $2
WHERE id = $1', array($targetId, $_SESSION['user']['id'])) or die(DB\dbQueryError());
//get pid from target if not specified
$res = DB\dbQuery('SELECT pid FROM tree WHERE id = $1', $targetId) or die(DB\dbQueryError());
if ($r = $res->fetch_assoc()) {
$pid = $r['pid'];
}
$res->close();
} else {
/* pid security check */
if (!\CB\Security::canWrite($pid)) {
return false;
}
/* end of pid security check */
}
/* check again if we have pid set
It can be unset when not existent $targetId is specified
*/
if (!is_numeric($pid)) {
return false;
}
// moving the object to $pid
DB\dbQuery('UPDATE tree
SET updated = 1
,pid = $2
WHERE id = $1', array($this->id, $pid)) or die(DB\dbQueryError());
$this->moveCustomDataTo($pid);
// move childs from overwriten targetId (which has been marked with dstatus = 3)
// to newly copied object
if (is_numeric($targetId)) {
DB\dbQuery('UPDATE tree
SET updated = 1
,pid = $2
WHERE pid = $1 AND
dstatus = 0', array($targetId, $this->id)) or die(DB\dbQueryError());
}
$this->load();
$this->logAction('move', array('old' => $this->oldObject));
return $this->id;
}
public function updateFileProperties($p)
{
if (empty($p['id'])) {
return array('success' => false, 'msg' => L\get('Wrong_input_data'));
}
if (!Security::canWrite($p['id'])) {
return array('success' => false, 'msg' => L\get('Access_denied'));
}
$p['title'] = strip_tags(@$p['title']);
DB\dbQuery('UPDATE files
SET `date` = $2
,title = $3
,uid = $4
,udate = CURRENT_TIMESTAMP
WHERE id = $1', array($p['id'], Util\dateISOToMysql($p['date']), @$p['title'], $_SESSION['user']['id'])) or die(DB\dbQueryError());
Objects::updateCaseUpdateInfo($p['id']);
return array('success' => true);
}
/**
* save or create an object
* @param array $p object properties
* @return json responce
*/
public function save($p)
{
$d = Util\toJSONArray($p['data']);
// check if need to create object instead of update
if (empty($d['id']) || !is_numeric($d['id'])) {
return $this->create($d);
}
// SECURITY: check if current user has write access to this action
if (!Security::canWrite($d['id'])) {
throw new \Exception(L\get('Access_denied'));
}
/* prepare params */
if (empty($d['date']) && !empty($d['date_start'])) {
$d['date'] = $d['date_start'];
}
/* end of prepare params */
// update object
$object = $this->getCachedObject($d['id']);
//set sys_data from object, it can contain custom data
//that shouldn't be overwritten
$d['sys_data'] = $object->getSysData();
$object->update($d);
Objects::updateCaseUpdateInfo($d['id']);
/* updating saved document into solr directly (before runing background cron)
so that it'll be displayed with new name without delay */
if (!\CB\Config::getFlag('disableSolrIndexing')) {
$solrClient = new Solr\Client();
$solrClient->updateTree(array('id' => $d['id']));
//running background cron to index other nodes
$solrClient->runBackgroundCron();
}
return $this->load($d);
}
public function saveFile($p)
{
$incommingFilesDir = Config::get('incomming_files_dir');
$files = new Files();
/* clean previous unhandled uploads if any */
$a = $files->getUploadParams();
if ($a !== false && !empty($a['files'])) {
@unlink($incommingFilesDir . $_SESSION['key']);
$files->removeIncomingFiles($a['files']);
}
/* end of clean previous unhandled uploads if any */
$F =& $_FILES;
if (empty($p['pid'])) {
return array('success' => false, 'msg' => L\get('Error_uploading_file'));
}
$p['pid'] = Path::detectRealTargetId($p['pid']);
if (empty($F)) {
//update only file properties (no files were uploaded)
return $files->updateFileProperties($p);
} else {
foreach ($F as $k => $v) {
$F[$k]['name'] = Purify::filename(@$F[$k]['name']);
}
}
if (!Objects::idExists($p['pid'])) {
return array('success' => false, 'msg' => L\get('TargetFolderDoesNotExist'));
}
/*checking if there is no upload error (for any type of upload: single, multiple, archive) */
foreach ($F as $fn => $f) {
if (!in_array($f['error'], array(UPLOAD_ERR_OK, UPLOAD_ERR_NO_FILE))) {
return array('success' => false, 'msg' => L\get('Error_uploading_file') . ': ' . $f['error']);
}
}
/* retreiving files list */
switch (@$p['uploadType']) {
case 'archive':
$archiveFiles = array();
foreach ($F as $fk => $f) {
$files->extractUploadedArchive($F[$fk]);
$archiveFiles = array_merge($archiveFiles, $F[$fk]);
}
$F = $archiveFiles;
break;
default:
$files->moveUploadedFilesToIncomming($F) or die('cannot move file to incomming dir');
break;
}
$p['existentFilenames'] = $files->getExistentFilenames($F, $p['pid']);
$p['files'] =& $F;
if (!empty($p['existentFilenames'])) {
//check if can write target file
if (!Security::canWrite($p['existentFilenames'][0]['existentFileId'])) {
return array('success' => false, 'msg' => L\get('Access_denied'));
}
// store current state serialized in a local file in incomming folder
$files->saveUploadParams($p);
if (!empty($p['response'])) {
//it is supposed to work only for single files upload
return $this->confirmUploadRequest($p);
}
$allow_new_version = false;
foreach ($p['existentFilenames'] as $f) {
$mfvc = Files::getMFVC($f['name']);
if ($mfvc > 0) {
$allow_new_version = true;
}
}
$rez = array('success' => false, 'type' => 'filesexist', 'allow_new_version' => $allow_new_version, 'count' => sizeof($p['existentFilenames']));
if ($rez['count'] == 1) {
$rez['msg'] = empty($p['existentFilenames'][0]['msg']) ? str_replace('{filename}', '"' . $p['existentFilenames'][0]['name'] . '"', L\get('FilenameExistsInTarget')) : $p['existentFilenames'][0]['msg'];
//$rez['filename'] = $p['existentFilenames'][0]['name'];
$rez['suggestedFilename'] = $p['existentFilenames'][0]['suggestedFilename'];
} else {
$rez['msg'] = L\get('SomeFilenamesExistsInTarget');
}
return $rez;
} else {
//check if can write in target folder
if (!Security::canWrite($p['pid'])) {
return array('success' => false, 'msg' => L\get('Access_denied'));
}
}
$files->storeFiles($p);
//if everithing is ok then store files
Solr\Client::runCron();
$rez = array('success' => true, 'data' => array('pid' => $p['pid']));
$files->attachPostUploadInfo($F, $rez);
return $rez;
}
/**
* move an object to $pid or over $targetId
*
* we'll use the same principle as for copy
*
* @param int $pid if not specified then will be set to pid of targetId
* @param int $targetId
* @return int the id of moved object or false
*/
public function moveTo($pid = false, $targetId = false)
{
// check input params
if (!is_numeric($this->id) || !is_numeric($pid) && !is_numeric($targetId)) {
return false;
}
/* security check */
if (!\CB\Security::canRead($this->id)) {
return false;
}
/* end of security check */
//load current object from db into a variable to be passed to log and events
$this->oldObject = clone $this;
$this->oldObject->load($this->id);
if (is_numeric($targetId)) {
/* target security check */
if (!\CB\Security::canWrite($targetId)) {
return false;
}
/* end of target security check */
// marking overwriten object with dstatus = 3
DM\Tree::update(array('id' => $targetId, 'updated' => 1, 'dstatus' => 3, 'did' => User::getId()));
$r = DM\Tree::read($targetId);
if (!empty($r)) {
$pid = $r['pid'];
}
} else {
/* pid security check */
if (!\CB\Security::canWrite($pid)) {
return false;
}
/* end of pid security check */
}
/* check again if we have pid set
It can be unset when not existent $targetId is specified
*/
if (!is_numeric($pid)) {
return false;
}
// moving the object to $pid
DM\Tree::update(array('id' => $this->id, 'pid' => $pid, 'updated' => 1));
$this->moveCustomDataTo($pid);
// move childs from overwriten targetId (which has been marked with dstatus = 3)
// to newly copied object
if (is_numeric($targetId)) {
DM\Tree::moveActiveChildren($targetId, $this->id);
}
$this->load();
$this->logAction('move', array('old' => $this->oldObject));
return $this->id;
}