/** * Node section * * @param array $§ * * @return string */ function section_node(array &$§) : string { if (empty($§['vars']['crit']) || !($menu = one('menu', $§['vars']['crit'])) || !($data = all('node', ['root_id' => $menu['id'], 'project_id' => $menu['project_id']]))) { return ''; } $data = array_filter($data, function ($item) use($data) { if (strpos($item['target'], 'http') === 0) { return true; } if ($item['target']) { return allowed(privilege_url($item['target'])); } foreach ($data as $i) { if ($i['lft'] > $item['lft'] && $i['rgt'] < $item['rgt'] && $i['target'] && allowed(privilege_url($i['target']))) { return true; } } return false; }); $count = count($data); $level = 0; $i = 0; $html = ''; foreach ($data as $item) { $attrs = []; $class = ''; if ($item['target'] === request('path')) { $attrs['class'] = 'active'; $class .= ' class="active"'; } if ($item['level'] > $level) { $html .= '<ul><li' . $class . '>'; } elseif ($item['level'] < $level) { $html .= '</li>' . str_repeat('</ul></li>', $level - $item['level']) . '<li' . $class . '>'; } else { $html .= '</li><li' . $class . '>'; } if ($item['target']) { $attrs['href'] = $item['target']; $html .= html_tag('a', $attrs, $item['name']); } else { $html .= html_tag('span', [], $item['name']); } $html .= ++$i === $count ? str_repeat('</li></ul>', $item['level']) : ''; $level = $item['level']; } return $html; }
function printEdit() { global $prefs; $admin = allowed($this->getDataInt('id_case'), 'a'); // FIXME $edit = allowed($this->getDataInt('id_case'), 'e'); // FIXME $write = allowed($this->getDataInt('id_case'), 'w'); // FIXME (put in constructor) // FIXME: not sure whether this works as previously $dis = isDisabled(!($admin || $edit)); echo '<table class="tbl_usr_dtl" width="99%">' . "\n"; echo '<tr><td>'; echo f_err_star('date_start') . _T('fu_input_date_start'); echo "</td>\n"; echo "<td>"; $name = $admin || $edit ? 'start' : ''; echo get_date_inputs($name, $this->data['date_start'], false); echo ' ' . _T('time_input_time_at') . ' '; echo get_time_inputs($name, $this->data['date_start']); echo "</td>\n"; echo "</tr>\n"; echo "<tr><td>"; echo f_err_star('date_end') . ($prefs['time_intervals'] == 'absolute' ? _T('fu_input_date_end') : _T('fu_input_time_length')); echo "</td>\n"; echo '<td>'; if ($prefs['time_intervals'] == 'absolute') { // Buggy code, so isolated most important cases if ($this->data['id_followup'] == 0) { $name = 'end'; } elseif ($edit) { $name = 'end'; } else { // user can 'finish' entering data $name = $admin || $edit && $this->data['date_end'] == '0000-00-00 00:00:00' ? 'end' : ''; } echo get_date_inputs($name, $this->data['date_end']); echo ' '; echo _T('time_input_time_at') . ' '; echo get_time_inputs($name, $this->data['date_end']); } else { $name = ''; // Buggy code, so isolated most important cases if ($this->getDataInt('id_followup') == 0) { $name = 'delta'; } elseif ($edit) { $name = 'delta'; } else { // user can 'finish' entering data $name = $admin || $edit && $this->getDataString('date_end') == '0000-00-00 00:00:00' ? 'delta' : ''; } if (empty($_SESSION['errors'])) { $interval = $this->getDataString('date_end') != '0000-00-00 00:00:00' ? strtotime($this->getDataString('date_end')) - strtotime($this->getDataString('date_start')) : 0; echo get_time_interval_inputs($name, $interval); } else { echo get_time_interval_inputs_from_array($name, $this->data); } } echo "</td>\n"; echo "</tr>\n"; // Show 'conclusion' options if ($this->show_conclusion) { $kws_conclusion = get_keywords_in_group_name('conclusion'); $kws_result = get_keywords_in_group_name('_crimresults'); echo "<tr>\n"; echo "<td>" . _Ti('fu_input_conclusion') . "</td>\n"; echo '<td>'; // Result if (read_meta('case_result') == 'yes') { echo '<select ' . $dis . ' name="result" size="1" class="sel_frm">' . "\n"; $default = ''; if ($this->data['result']) { $default = $this->data['result']; } foreach ($kws_result as $kw) { $sel = isSelected($kw['name'] == $default); echo '<option ' . $sel . ' value="' . $kw['name'] . '">' . _T(remove_number_prefix($kw['title'])) . "</option>\n"; } echo "</select><br/>\n"; } // Conclusion echo '<select ' . $dis . ' name="conclusion" size="1" class="sel_frm">' . "\n"; $default = ''; if ($this->data['conclusion']) { $default = $this->data['conclusion']; } foreach ($kws_conclusion as $kw) { $sel = isSelected($kw['name'] == $default); echo '<option ' . $sel . ' value="' . $kw['name'] . '">' . _T(remove_number_prefix($kw['title'])) . "</option>\n"; } echo "</select>\n"; echo "</td>\n"; echo "</tr>\n"; // If guilty, what sentence? $kws_sentence = get_keywords_in_group_name('sentence'); echo "<tr>\n"; echo "<td>" . _Ti('fu_input_sentence') . "</td>\n"; echo '<td>'; echo '<select ' . $dis . ' name="sentence" size="1" class="sel_frm">' . "\n"; $default = ''; if ($this->data['sentence']) { $default = $this->data['sentence']; } echo "<!-- " . $default . " -->\n"; foreach ($kws_sentence as $kw) { $sel = $kw['name'] == $default ? ' selected="selected"' : ''; echo '<option ' . $sel . ' value="' . $kw['name'] . '">' . _T(remove_number_prefix($kw['title']), array('currency' => read_meta('currency'))) . "</option>\n"; } echo "</select>\n"; // If sentence, for how much? echo '<input type="text" name="sentence_val" size="10" value="' . $this->data['sentence_val'] . '" />'; echo "</td>\n"; echo "</tr>\n"; } if (_request('submit') == 'set_status' || is_status_change($this->getDataString('type'))) { // Change status echo "<tr>\n"; echo "<td>" . _T('case_input_status') . "</td>\n"; echo "<td>"; echo '<input type="hidden" name="type" value="' . $this->getDataString('type') . '" />' . "\n"; echo _T('kw_followups_' . $this->data['type'] . '_title'); echo "</td>\n"; echo "</tr>\n"; } elseif (_request('submit') == 'set_stage' || $this->getDataString('type') == 'stage_change') { // Change stage echo "<tr>\n"; echo "<td>" . _T('fu_input_next_stage') . "</td>\n"; echo "<td>"; echo '<input type="hidden" name="type" value="' . $this->getDataString('type') . '" />' . "\n"; // This is to compensate an old bug, when 'case stage' was not stored in fu.description // and therefore editing a follow-up would not give correct information. // Bug was in CVS of 0.4.3 between 19-20 April 2005. Should not affect many people. if ($s = $this->getDataString('new_stage')) { echo '<input type="hidden" name="new_stage" value="' . $s . '" />' . "\n"; echo _Tkw('stage', $s); } else { echo "New stage information not available"; } echo "</td>\n"; echo "</tr>\n"; if ($s = $this->getDataString('new_stage')) { // Update stage keywords (if any) $stage = get_kw_from_name('stage', $s); $id_stage = $stage['id_keyword']; show_edit_keywords_form('stage', $this->data['id_case'], $id_stage); } } elseif ($this->getDataString('type') == 'assignment' || $this->getDataString('type') == 'unassignment') { // Do not allow assignment/un-assignment follow-ups to be changed echo "<tr>\n"; echo "<td>" . _T('fu_input_next_stage') . "</td>\n"; echo "<td>"; echo '<input type="hidden" name="type" value="' . $this->getDataString('type') . '" />' . "\n"; echo _Tkw('followups', $this->getDataString('type')); echo "</td>\n"; echo "</tr>\n"; } else { // The usual follow-up echo "<tr>\n"; echo "<td>" . _T('fu_input_type') . "</td>\n"; echo "<td>"; echo '<select ' . $dis . ' name="type" size="1" class="sel_frm">' . "\n"; $default_fu = get_suggest_in_group_name('followups'); $futype_kws = get_keywords_in_group_name('followups'); $kw_found = false; foreach ($futype_kws as $kw) { $sel = isSelected($kw['name'] == $default_fu); if ($sel) { $kw_found = true; } echo '<option value="' . $kw['name'] . '"' . $sel . '>' . _T(remove_number_prefix($kw['title'])) . "</option>\n"; } // Exotic case where the FU keyword was hidden by the administrator, // but an old follow-up using that keyword is being edited. if (!$kw_found) { echo '<option selected="selected" value="' . $default_fu . '">' . _Tkw('followups', $default_fu) . "</option>\n"; } echo "</select>\n"; echo "</td>\n"; echo "</tr>\n"; } // Keywords (if any) show_edit_keywords_form('followup', $this->getDataInt('id_followup')); // Description echo "<tr>\n"; echo '<td valign="top">' . f_err_star('description') . _T('fu_input_description') . "</td>\n"; echo '<td>'; if ($this->getDataString('type') == 'assignment' || $this->getDataString('type') == 'unassignment') { // Do not allow edit of assignment echo '<input type="hidden" name="description" value="' . $this->getDataString('description') . '" />' . "\n"; echo get_fu_description($this->data); } else { echo '<textarea ' . $dis . ' name="description" rows="15" cols="60" class="frm_tarea">'; echo clean_output($this->getDataString('description')); echo "</textarea>"; } echo "</td></tr>\n"; // Sum billed field if ($this->show_sum_billed == "yes") { echo '<tr>'; echo '<td>' . _T('fu_input_sum_billed') . "</td>\n"; echo '<td>'; echo '<input ' . $dis . ' name="sumbilled" ' . 'value="' . clean_output($this->getDataString('sumbilled')) . '" ' . 'class="search_form_txt" size="10" />'; // [ML] If we do this we may as well make a function // out of it, but not sure where to place it :-) // This code is also in config_site.php $currency = read_meta('currency'); if (empty($currency)) { $current_lang = $GLOBALS['lang']; $GLOBALS['lang'] = read_meta('default_language'); $currency = _T('currency_default_format'); $GLOBALS['lang'] = $current_lang; } echo htmlspecialchars($currency); echo "</td></tr>\n"; } echo "</table>\n\n"; // XXX FIXME: Should probably be in some function "is_system_fu" // or even "is_deletable" if ($this->getDataInt('id_followup') && allowed($this->data['id_case'], 'a') && !(is_status_change($this->data['type']) || $this->data['type'] == 'assignment' || $this->data['type'] == 'unassignment')) { $checked = $this->getDataString('hidden') == 'Y' ? ' checked="checked" ' : ''; echo '<p class="normal_text">'; echo '<input type="checkbox"' . $checked . ' name="delete" id="box_delete" />'; echo '<label for="box_delete">' . _T('fu_info_delete') . '</label>'; echo "</p>\n"; } // Add followup appointment if (!_request('followup')) { echo "<!-- Add appointment? -->\n"; echo '<p class="normal_text">'; echo '<input type="checkbox" name="add_appointment" id="box_new_app" onclick="display_block(\'new_app\', \'flip\')" />'; echo '<label for="box_new_app">' . _T('fu_info_add_future_activity') . '</label>'; echo "</p>\n"; echo '<div id="new_app" style="display: none;">'; echo '<table class="tbl_usr_dtl" width="99%">' . "\n"; echo "<!-- Start time -->\n\t\t<tr><td>"; echo _T('time_input_date_start'); echo "</td><td>"; echo get_date_inputs('app_start', $this->data['app_start_time'], false); echo ' ' . _T('time_input_time_at') . ' '; echo get_time_inputs('app_start', $this->data['app_start_time']); echo f_err_star('app_start_time'); echo "</td></tr>\n"; echo "<!-- End time -->\n\t\t<tr><td>"; echo $prefs['time_intervals'] == 'absolute' ? _T('time_input_date_end') : _T('app_input_time_length'); echo "</td><td>"; if ($prefs['time_intervals'] == 'absolute') { echo get_date_inputs('app_end', $this->data['app_end_time']); echo ' ' . _T('time_input_time_at') . ' '; echo get_time_inputs('app_end', $this->data['app_end_time']); echo f_err_star('app_end_time'); } else { $interval = $this->data['app_end_time'] != '0000-00-00 00:00:00' ? strtotime($this->data['app_end_time']) - strtotime($this->data['app_start_time']) : 0; // echo _T('calendar_info_time') . ' '; echo get_time_interval_inputs('app_delta', $interval); echo f_err_star('app_end_time'); } echo "</td></tr>\n"; /* [ML] Removing, not useful for now echo "<!-- Reminder -->\n\t\t<tr><td>"; echo (($prefs['time_intervals'] == 'absolute') ? _T('app_input_reminder_time') : _T('app_input_reminder_offset')); echo "</td><td>"; if ($prefs['time_intervals'] == 'absolute') { echo get_date_inputs('app_reminder', $this->data['app_reminder']); echo ' ' . _T('time_input_time_at') . ' '; echo get_time_inputs('app_reminder', $this->data['app_reminder']); echo f_err_star('app_reminder'); } else { $interval = ( ($this->data['app_end_time']!='0000-00-00 00:00:00') ? strtotime($this->data['app_start_time']) - strtotime($this->data['app_reminder']) : 0); // echo _T('calendar_info_time') . ' '; echo get_time_interval_inputs('app_rem_offset', $interval); echo " " . _T('time_info_before_start'); echo f_err_star('app_reminder'); } echo "</td></tr>\n"; */ // TODO: [ML] a bit of testing to see if this survives an error on new case // I suspect it doesn't.. echo "<!-- Appointment title -->\n\t\t<tr><td>"; echo f_err_star('app_title') . _T('app_input_title'); echo "</td><td>"; echo '<input type="text" ' . $dis . ' name="app_title" size="50" value="'; echo clean_output($this->getDataString('app_title')) . '" class="search_form_txt" />'; echo "</td></tr>\n"; echo "<!-- Appointment type -->\n\t\t<tr><td>"; echo _T('app_input_type'); echo "</td><td>"; echo '<select ' . $dis . ' name="app_type" size="1" class="sel_frm">'; global $system_kwg; if ($_SESSION['fu_app_data']['type']) { $default_app = $_SESSION['fu_app_data']['type']; } else { $app_kwg = get_kwg_from_name('appointments'); $default_app = $app_kwg['suggest']; } $opts = array(); foreach ($system_kwg['appointments']['keywords'] as $kw) { $opts[$kw['name']] = _T(remove_number_prefix($kw['title'])); } asort($opts); foreach ($opts as $k => $opt) { $sel = isSelected($k == $default_app); echo "<option value='{$k}'{$sel}>{$opt}</option>\n"; } echo '</select>'; echo "</td></tr>\n"; echo "<!-- Appointment description -->\n"; echo "<tr><td valign=\"top\">"; echo _T('app_input_description'); echo "</td><td>"; echo '<textarea ' . $dis . ' name="app_description" rows="5" cols="60" class="frm_tarea">'; echo clean_output($this->getDataString('app_description')); echo '</textarea>'; echo "</td></tr>\n"; echo "</table>\n"; echo "</div>\n"; } }
/** * View Action * * @param array $entity * * @return void */ function action_view(array $entity) : void { // Item does not exist or is inactive if (!($item = one($entity['id'], ['id' => request('id')])) || !empty($entity['attr']['active']) && empty($item['active']) && !allowed('edit')) { action_error(); return; } // Preview if (!empty($entity['attr']['active']) && empty($item['active'])) { message(_('Preview')); } layout_load(); vars('content', ['item' => $item]); vars('head', ['title' => $item['name']]); }
function show_attachments_list($type, $id_type, $id_author = 0) { if (!($type == 'case' || $type == 'client' || $type == 'org')) { lcm_panic("unknown type -" . $type . "-"); } $q = "SELECT * \n\t\t\tFROM lcm_" . $type . "_attachment \n\t\t\tWHERE content IS NOT NULL "; if ($id_type) { $q .= " AND id_" . $type . " = " . intval($id_type); } if ($id_author) { $q .= " AND id_author = " . intval($id_author); } $result = lcm_query($q); $i = lcm_num_rows($result); if ($i > 0) { echo '<table border="0" align="center" class="tbl_usr_dtl" width="99%">' . "\n"; echo "<tr>\n"; if ($id_author) { echo '<th class="heading" width="1%">' . _Th($type . '_input_id') . "</th>\n"; } echo '<th class="heading">' . _Th('file_input_type') . "</th>\n"; echo '<th class="heading">' . _Th('file_input_description') . "</th>\n"; echo '<th class="heading">' . _Th('file_input_size') . "</th>\n"; echo '<th class="heading">' . "</th>\n"; echo "</tr>\n"; for ($i = 0; $row = lcm_fetch_array($result); $i++) { echo "<tr>\n"; if ($id_author) { echo '<td class="tbl_cont_' . ($i % 2 ? "dark" : "light") . '" align="left">'; echo '<a href="' . $type . '_det.php?' . $type . '=' . $row['id_' . $type] . '" class="content_link">' . $row['id_' . $type] . '</a>'; echo "</td>\n"; } // Mimetype // [ML] We were using the mimetype sent by the browser, but it // ends up being rather useless, since MSIE and Firefox don't agree on // the mimetypes.. ex: .jpg = image/jpeg (FFx), but under MSIE is image/pjeg // So may as well just use the extention of the file, even if not reliable. echo '<td class="tbl_cont_' . ($i % 2 ? "dark" : "light") . '" align="left">'; echo '<a title="' . $row['type'] . '" ' . 'href="view_file.php?type=' . $type . '&file_id=' . $row['id_attachment'] . '">'; if (preg_match("/\\.([a-zA-Z0-9]+)\$/", $row['filename'], $regs) && is_file("images/mimetypes/" . strtolower($regs[1]) . ".png")) { echo '<img src="images/mimetypes/' . $regs[1] . '.png" border="0" alt="' . $row['type'] . '" />'; } else { echo '<img src="images/mimetypes/unknown.png" border="0" alt="' . $row['type'] . '" />'; } echo '</a>'; echo '</td>'; // File name (or description, if any) echo '<td class="tbl_cont_' . ($i % 2 ? "dark" : "light") . '">' . '<a title="' . $row['filename'] . '" ' . 'href="view_file.php?type=' . $type . '&file_id=' . $row['id_attachment'] . '" class="content_link">'; echo trim($row['description']) ? $row['description'] : $row['filename']; echo '</a></td>'; // Size echo '<td class="tbl_cont_' . ($i % 2 ? "dark" : "light") . '">' . size_in_bytes($row['size']) . '</td>'; // Delete icon echo '<td class="tbl_cont_' . ($i % 2 ? "dark" : "light") . '">'; if ($GLOBALS['author_session']['status'] == 'admin' || $row['id_author'] == $GLOBALS['author_session']['id_author'] && ($type == 'case' ? allowed($id_type, 'e') : true)) { echo '<label for="id_rem_file' . $row['id_attachment'] . '">'; echo '<img src="images/jimmac/stock_trash-16.png" width="16" height="16" ' . 'alt="' . _T('file_info_delete') . '" title="' . _T('file_info_delete') . '" />'; echo '</label> '; echo '<input type="checkbox" onclick="lcm_show(\'btn_delete\')" ' . 'id="id_rem_file' . $row['id_attachment'] . '" name="rem_file[]" ' . 'value="' . $row['id_attachment'] . '" />'; } echo '</td>'; echo "</tr>\n"; } echo "</table>\n"; echo '<p align="right" style="visibility: hidden">'; echo '<input type="submit" name="submit" id="btn_delete" value="' . _T('button_validate') . '" class="search_form_btn" />'; echo "</p>\n"; } else { echo '<p class="normal_text">' . _T('file_info_emptylist') . "</p>\n"; } }
<div class="span12"> <div class="span3"> <label for="form-field-select-1">Station name</label> <select class="span12" id="station" name="station"> <option value="" /> <option value="<?php echo $this->session->userdata('stationname'); ?> " ><?php echo $this->session->userdata('stationname'); ?> </option> <?php if (allowed($see, 'manage')) { if (is_array($stations) && count($stations)) { foreach ($stations as $loop) { ?> <option value="<?php echo $loop->name; ?> " /><?php echo $loop->name; ?>
function include_all($x) { extract($x); #add a few extra variables that will be usefull in the output; #x = array('elements'=>, 'element_info'=>, 'user_id'=>, 'db'=>) #Example: $data = include_all(compact('elements', 'element_info', 'user_id', 'db')); #when there is no resource_class_id, find it from the project where instance was created. WILL ASSUME THAT RESOURCE_CLASS_ID FILLED OUT IS A REQUIREMENT FOR ALL S3DB THAT SHARE RULES if ($_REQUEST['project_id'] == '') { $project_id = $element_info['project_id']; } else { $project_id = $_REQUEST['project_id']; } if (!$model) { $model = 'nsy'; } if ($letter == '') { $letter = strtoupper(substr($elements, 0, 1)); } if (is_array($GLOBALS['s3map'][$GLOBALS['plurals'][$GLOBALS['s3codes'][$letter]]])) { foreach ($GLOBALS['s3map'][$GLOBALS['plurals'][$GLOBALS['s3codes'][$letter]]] as $replace => $with) { $element_info[$replace] = $element_info[$with]; } } #if element is a class, return the class id if ($letter == 'D') { $element_info['acl'] = $user_id == '1' ? '222' : (user_is_admin($user_id, $db) ? '212' : (user_is_public($user_id, $db) ? '210' : '211')); $element_info['created_by'] = $user_id; $element_info['description'] = $GLOBALS['s3db_info']['server']['site_intro']; $element_info['name'] = $GLOBALS['s3db_info']['server']['site_title']; if ($element_info['deployment_id'] == $GLOBALS['s3db_info']['deployment']['Did']) { $element_info['self'] = 1; } } if ($letter == 'G') { #echo '<pre>';print_r($x);exit; $e = 'groups'; #$element_info['group_id'] = $element_info['account_id']; #$element_info['groupname'] = $element_info['account_uname']; #$element_info['acl'] = groupAcl($element_info, $user_id, $db); $uid_info = uid($element_info['account_id']); $element_info['deployment_id'] = ereg_replace('^D', '', $uid_info['Did']); $strictuid = 1; $strictsharedwith = 1; $uid = 'G' . $element_info['group_id']; $shared_with = 'U' . $user_id; #$element_info['acl'] = permissionOnResource(compact('user_id', 'shared_with', 'db', 'uid','key','strictsharedwith','strictuid')); $element_info['acl'] = groupAcl($element_info, $user_id, $db, $timer); if ($timer) { $timer->setMarker('Included resource information for ' . $letter); } #echo '<pre>';print_r($element_info);exit; } if ($letter == 'U') { if ($element_info['account_addr_id'] != '') { $sql = "select * from s3db_addr where addr_id = '" . $element_info['account_addr_id'] . "'"; $fields = array('addr1', 'addr2', 'city', 'state', 'postal_code', 'country'); $db->query($sql); while ($db->next_record()) { for ($i = 0; $i < count($fields); $i++) { $element_info[$fields[$i]] = $db->f($fields[$i]); } } $element_info = array_delete($element_info, 'account_addr_id'); } $element_info['user_id'] = $element_info['account_id']; $element_info['username'] = $element_info['account_uname']; $element_info['login'] = $element_info['account_lid']; $element_info['address'] = $element_info['addr1']; $uid_info = uid($element_info['account_id']); $element_info['deployment_id'] = ereg_replace('^D', '', $uid_info['Did']); if ($user_id != '1' && $element_info['created_by'] != $user_id && $element_info['account_id'] != $user_id) { #if user is not seing himself and user is not admin and user was not the creator of element, then hide address, email, phone, etc. $keys2Remove = array('account_email' => '', 'account_phone' => '', 'addr1' => '', 'addr2' => '', 'city' => '', 'state' => '', 'postal_code' => '', 'country' => ''); if (is_array($element_info)) { $element_info = array_diff_key($element_info, $keys2Remove); } } if ($user_id != '1' && $element_info['created_by'] != $user_id && $user_id != $element_info['account_id']) { if (is_array($element_info)) { $element_info = array_diff_key($element_info, array('account_type' => '', 'account_status' => '')); } } else { //if this user has been created with a filter, what is that filter $permission_info = array('uid' => 'U' . $element_info['created_by'], 'shared_with' => 'U' . $element_info['account_id']); $hp = has_permission($permission_info, $db); if ($hp) { $element_info['filter'] = $hp; } } if (is_array($element_info)) { $element_info = array_diff_key($element_info, array('account_pwd' => '')); } $user_id_who_asks = $user_id; $uid = 'U' . $element_info['user_id']; $shared_with = $user_id_who_asks; $strictuid = 1; $strictsharedwith = 1; $onPermissions = compact('user_id', 'shared_with', 'db', 'uid', 'key', 'strictsharedwith', 'strictuid'); if ($element_info['acl'] == '') { $element_info['acl'] = userAcl(compact('key', 'element_info', 'user_id_who_asks', 'db')); } } if ($letter == 'P') { $element_info['name'] = $element_info['project_name']; $element_info['description'] = $element_info['project_description']; $id = 'P' . $element_info['project_id']; $uid = 'P' . $element_info['project_id']; } if ($letter == 'C') { $element_info['class_id'] = $element_info['resource_id']; $element_info['collection_id'] = $element_info['class_id']; $element_info['name'] = $element_info['entity']; $element_info['description'] = $element_info['notes']; #project_id to search for rule_id will be the same from the class $uid = 'C' . $element_info['resource_id']; } #if element is a rule, return the class_id of the subject. If the object is a class, return the object_id... to discuss with jonas if ($letter == 'R') { $uid = 'R' . $element_info['rule_id']; } #if this is an instance, return the class_id => ASSUMING THAT EVERY S3DB THAT HAS SHARED RULES HAS RESOURCECLASSID IN INSTANCE. if ($letter == 'I') { if ($element_info['resource_class_id'] != '') { $element_info['class_id'] = $element_info['resource_class_id']; } $element_info['instance_id'] = $element_info['resource_id']; $element_info['item_id'] = $element_info['instance_id']; $element_info['collection_id'] = $element_info['class_id']; $instance_id = $element_info['instance_id']; $uid = 'I' . $element_info['instance_id']; } if ($letter == 'S') { $uid = 'S' . $element_info['statement_id']; $info[$id] = $element_info; $statement_id = $element_info['statement_id']; $element_info['instance_id'] = $element_info['resource_id']; $element_info['item_id'] = $element_info['instance_id']; $element_info['instance_notes'] = $info['I' . $element_info['instance_id']]['notes']; if ($info['R' . $element_info['rule_id']] == '') { $info['R' . $element_info['rule_id']] = s3info('rule', $element_info['rule_id'], $db); } $element_info['object_notes'] = notes($element_info['value'], $db); $element_info['project_folder'] = $element_info['value']; $element_info = include_fileLinks($element_info, $db); $element_info['subject'] = $info['R' . $element_info['rule_id']]['subject']; $element_info['verb'] = $info['R' . $element_info['rule_id']]['verb']; $element_info['object'] = $info['R' . $element_info['rule_id']]['object']; $element_info['subject_id'] = $info['R' . $element_info['rule_id']]['subject_id']; $element_info['verb_id'] = $info['R' . $element_info['rule_id']]['verb_id']; $element_info['object_id'] = $info['R' . $element_info['rule_id']]['object_id']; } $strictuid = 1; $strictsharedwith = 1; $shared_with = 'U' . $user_id; $toFindInfo = $element_info; $onPermissions = compact('user_id', 'shared_with', 'db', 'uid', 'key', 'strictsharedwith', 'strictuid', 'timer', 'toFindInfo'); if ($element_info['acl'] == '') { $element_info['acl'] = permission4Resource($onPermissions); } $element_info['permission_level'] = $element_info['acl']; if (!$element_info['effective_permission']) { $element_info['effective_permission'] = $element_info['acl']; } if (!$element_info['assigned_permission']) { $pp = array('uid' => $uid, 'shared_with' => $shared_with); $tmp = has_permission($pp, $db); if ($tmp) { $element_info['assigned_permission'] = $tmp; } else { $element_info['assigned_permission'] = '---'; } } #Define if ser can view or not view data. View is the first number in the 3d code. $permission2user = permissionModelComp($element_info['permission_level']); ##According to the model, change the values of assigned_permission from prevous versions $element_info['assigned_permission'] = str_replace(array('0', '1', '2'), str_split($model), $element_info['assigned_permission']); $isOwner = $element_info['created_by'] == $user_id; $element_info['view'] = allowed($permission2user, 0, $isOwner, $state = 3, $model); $element_info['change'] = allowed($permission2user, 1, $isOwner, $state = 3, $model); $element_info['propagate'] = allowed($permission2user, 2, $isOwner, $state = 3, $model); #create the element "delete", in case it is eventually created...For now it is the same as change $element_info['delete'] = $element_info['change']; $element_info['delete_data'] = $element_info['add_data']; $element_info['add_data'] = $element_info['propagate']; return $element_info; }
<!DOCTYPE html> <html> <head lang="en"> <?php include 'php/security.php'; session_start(); $allowed = allowed(); if ($allowed == true) { } else { header("Location: login.html"); } ?> <script src="javascript/jquery.js"></script> <script src="javascript/bootstrap/bootstrap.js"></script> <script src="javascript/dashboard.js"></script> <script src="javascript/sweetalert.min.js"></script> <link rel="stylesheet" href="css/style.css" /> <link rel="stylesheet" href="css/sweetalert.css" /> <link rel="stylesheet" href="css/bootstrap/bootstrap.css" /> <link rel="stylesheet" href="css/bootstrap/bootstrap-theme.css" /> <meta charset="UTF-8"> <title>Dashboard</title> <script> $(document).ready(function() { $("#editAgentDiv, #newPropertyDiv, #editPropertyDiv, #generateURLDiv").css("display", "none"); // Loads the options for the edit agent select loadAgentList("#editAgentSelect"); loadAgentList("#propertyAgentSelect"); loadPropertyList();
<?php /* Another admin page, so admin rights are checked right off the bat. If everything checks out, the manufacturers and cars are loaded from database and placed in $carsarray and $manarray variables */ Atomik::needed('logincheck'); allowed(); $manufacturers = A("db: select manufacturerid as manid, name from manufacturer"); $cars = A("db: select carid, name from car"); $carsarray = $cars->fetchAll(); $manarray = $manufacturers->fetchAll();
$q = "SELECT fu.*, a.name_first, a.name_middle, a.name_last, " . lcm_query_subst_time('fu.date_start', 'fu.date_end') . " as length\n\t\tFROM lcm_followup as fu, lcm_author as a\n\t\tWHERE id_followup = {$followup}\n\t\t\tAND fu.id_author = a.id_author"; $result = lcm_query($q); if ($row = lcm_fetch_array($result)) { foreach ($row as $key => $value) { $fu_data[$key] = $value; } } else { die("There's no such follow-up!"); } } else { die("Which follow-up?"); } // For 'edit case' button + 'undelete' message $case_allow_modif = read_meta('case_allow_modif'); $edit = allowed($fu_data['id_case'], 'e'); $admin = allowed($fu_data['id_case'], 'a'); lcm_page_start(_T('title_fu_view'), '', '', 'cases_followups'); echo '<fieldset class="info_box">'; // Show a bit of background on the case $case = $fu_data['id_case']; show_context_start(); show_context_case_title($fu_data['id_case']); show_context_case_stage($fu_data['id_case'], $fu_data['id_followup']); show_context_case_involving($fu_data['id_case']); // Show parent appointment, if any // [ML] todo put in inc_presentation $q = "SELECT app.*\n\t\tFROM lcm_app_fu as af, lcm_app as app\n\t\tWHERE af.id_followup = {$followup} \n\t\t AND af.id_app = app.id_app \n\t\t AND af.relation = 'child'"; $res_app = lcm_query($q); if ($app = lcm_fetch_array($res_app)) { echo '<li style="list-style-type: none;">' . _T('fu_input_parent_appointment') . ' '; echo '<a class="content_link" href="app_det.php?app=' . $app['id_app'] . '">' . _Tkw('appointments', $app['type']) . ' (' . $app['title'] . ') from ' . format_date($app['start_time']) . "</a></li>\n";
<?php echo "<div id=\"navi\">\n"; echo "<h2>Navigation</h2>\n"; echo "<ul>\n"; echo "<li id=\"tab_record\">"; echo "<a href=\"index.php?page=record1\">recording</a></li>\n"; echo "<li id=\"tab_postings\"><a href=\"index.php?page=postings\">"; echo "postings</a></li>\n"; if (allowed(3, "")) { echo "<li id=\"tab_comments\"><a href=\"index.php?page=comments\">"; echo "comments</a></li>\n"; echo "<li id=\"tab_organisation\">"; echo "<a href=\"index.php?page=organisation\">organisation</a></li>\n"; echo "<li id=\"tab_settings\">"; echo "<a href=\"index.php?page=settings\">settings</a></li>\n"; } echo "<li id=\"tab_logout\"><a href=\"index.php?do=logout\">logout</a></li>\n"; echo "</ul>\n"; echo "</div>\n"; ?>
function printEdit() { // Read site configuration preferences $case_assignment_date = read_meta('case_assignment_date'); $case_alledged_crime = read_meta('case_alledged_crime'); $case_legal_reason = read_meta('case_legal_reason'); $case_allow_modif = read_meta('case_allow_modif'); echo '<table class="tbl_usr_dtl">' . "\n"; // Case ID (if editing existing case) if ($this->getDataInt('id_case')) { echo "<tr>" . "<td>" . _T('case_input_id') . "</td>" . "<td>" . $this->getDataInt('id_case') . '<input type="hidden" name="id_case" value="' . $this->getDataInt('id_case') . '" />' . "</td></tr>\n"; } echo '<tr><td><label for="input_case_title">' . f_err_star('title') . _T('case_input_title') . "</label></td>\n"; echo '<td><input size="35" name="title" id="input_case_title" value="' . clean_output($this->getDataString('title')) . '" class="search_form_txt" />'; echo "</td></tr>\n"; // Date of earlier assignment if ($case_assignment_date == 'yes') { echo "<tr>\n"; echo "<td>" . f_err_star('date_assignment') . _Ti('case_input_date_assigned') . "</td>\n"; echo "<td>" . get_date_inputs('assignment', $this->getDataString('date_assignment'), false) . "</td>\n"; echo "</tr>\n"; } // Legal reason if (substr($case_legal_reason, 0, 3) == 'yes') { echo '<tr><td><label for="input_legal_reason">' . f_err_star('legal_reason') . _T('case_input_legal_reason') . "</label>" . ($case_legal_reason == 'yes_mandatory' ? '<br/>(' . _T('keywords_input_policy_mandatory') . ')' : '') . "</td>\n"; echo '<td>'; echo '<textarea name="legal_reason" id="input_legal_reason" class="frm_tarea" rows="2" cols="60">'; echo clean_output($this->getDataString('legal_reason')); echo "</textarea>"; echo "</td>\n"; echo "</tr>\n"; } // Alledged crime if (substr($case_alledged_crime, 0, 3) == 'yes') { echo '<tr><td><label for="input_alledged_crime">' . f_err_star('alledged_crime') . _T('case_input_alledged_crime') . "</label>" . ($case_alledged_crime == 'yes_mandatory' ? '<br/>(' . _T('keywords_input_policy_mandatory') . ')' : '') . "</td>\n"; echo '<td>'; echo '<textarea name="alledged_crime" id="input_alledged_crime" class="frm_tarea" rows="2" cols="60">'; echo clean_output($this->getDataString('alledged_crime')); echo '</textarea>'; echo "</td>\n"; echo "</tr>\n"; } // Keywords (if any) show_edit_keywords_form('case', $this->getDataInt('id_case')); $id_stage = 0; // new case, stage not yet known if ($this->getDataString('stage')) { $stage = get_kw_from_name('stage', $this->getDataString('stage', '__ASSERT__')); $id_stage = $stage['id_keyword']; } show_edit_keywords_form('stage', $this->getDataInt('id_case'), $id_stage); // Notes echo "<tr>\n"; echo "<td><label for='input_case_notes'>" . f_err_star('case_notes') . _Ti('case_input_notes') . "</label></td>\n"; echo '<td><textarea name="case_notes" id="input_case_notes" class="frm_tarea" rows="3" cols="60">' . clean_output($this->getDataString('notes')) . "</textarea>\n" . "</td>\n"; echo "</tr>\n"; // Case status echo '<tr><td><label for="input_status">' . f_err_star('status') . _Ti('case_input_status') . "</label></td>\n"; echo '<td>'; echo '<select name="status" id="input_status" class="sel_frm">' . "\n"; $statuses = $this->getDataInt('id_case') ? array('draft', 'open', 'suspended', 'closed', 'merged') : array('draft', 'open'); foreach ($statuses as $s) { $sel = $s == $this->getDataString('status') ? ' selected="selected"' : ''; echo '<option value="' . $s . '"' . $sel . ">" . _T('case_status_option_' . $s) . "</option>\n"; } echo "</select></td>\n"; echo "</tr>\n"; // Case stage if (!$this->getDataString('stage')) { $this->data['stage'] = get_suggest_in_group_name('stage'); } $kws = get_keywords_in_group_name('stage'); echo '<tr><td><label for="input_stage">' . f_err_star('stage') . _T('case_input_stage') . "</label></td>\n"; echo '<td><select name="stage" id="input_stage" class="sel_frm">' . "\n"; foreach ($kws as $kw) { $sel = $kw['name'] == $this->data['stage'] ? ' selected="selected"' : ''; echo "\t\t\t\t<option value='" . $kw['name'] . "'" . "{$sel}>" . _T(remove_number_prefix($kw['title'])) . "</option>\n"; } echo "</select></td>\n"; echo "</tr>\n"; // Public access rights // FIXME FIXME FIXME if ($this->data['admin'] || read_meta('case_read_always') != 'yes' || read_meta('case_write_always') != 'yes') { $dis = isDisabled(!allowed($this->getDataInt('id_case'), 'a')); echo '<tr><td colspan="2">' . _T('case_input_collaboration') . ' <br /><ul>'; if (read_meta('case_read_always') != 'yes' || $GLOBALS['author_session']['status'] == 'admin') { echo '<li style="list-style-type: none;">'; echo '<input type="checkbox" name="public" id="case_public_read" value="yes"'; if ($_SESSION['form_data']['public']) { echo ' checked="checked"'; } echo "{$dis} />"; echo '<label for="case_public_read">' . _T('case_input_collaboration_read') . "</label></li>\n"; } if (read_meta('case_write_always') != 'yes' || _session('admin')) { echo '<li style="list-style-type: none;">'; echo '<input type="checkbox" name="pub_write" id="case_public_write" value="yes"'; if (_session('pub_write')) { echo ' checked="checked"'; } echo "{$dis} />"; echo '<label for="case_public_write">' . _T('case_input_collaboration_write') . "</label></li>\n"; } echo "</ul>\n"; echo "</td>\n"; echo "</tr>\n"; } echo "</table>\n"; }
or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program; if not, write to the Free Software Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307, USA $Id: add_client.php,v 1.9 2007/11/16 16:29:08 mlutfy Exp $ */ include 'inc/inc.php'; include_lcm('inc_acc'); $case = intval(_request('case')); $_SESSION['errors'] = array(); $destination = "case_det.php?case={$case}"; // Test access rights (unlikely to happen, unless hack attempt) if (!($case && allowed($case, 'a'))) { $_SESSION['errors']['generic'] = "Access denied"; // TRAD header("Location: " . $destination); exit; } // Add client to case if (isset($_REQUEST['clients'])) { foreach ($_REQUEST['clients'] as $key => $value) { $clients[$key] = intval($value); } if ($clients) { foreach ($clients as $client) { $q = "INSERT INTO lcm_case_client_org\n\t\t\t\tSET id_case={$case},id_client={$client}"; $result = lcm_query($q); }
include_lcm('inc_acc'); // Get request parameters $file_id = intval($_REQUEST['file_id']); $type = clean_input($_REQUEST['type']); switch ($type) { // // View case attachment // case 'case': $q = "SELECT ca.*, c.public\n\t\t\tFROM lcm_case_attachment as ca, lcm_case as c\n\t\t\tWHERE ca.id_case = c.id_case\n\t\t\t\tAND id_attachment = {$file_id}"; $result = lcm_query($q); if (lcm_num_rows($result) == 0) { die("There is no such file"); } $row = lcm_fetch_array($result); if (!($GLOBALS['author_session']['status'] == 'admin' || $row['public'] || allowed($row['id_case'], 'r'))) { die(_T('error_no_read_permission')); } break; // // View client attachment // // // View client attachment // case 'client': $q = "SELECT *\n\t\t\tFROM lcm_client_attachment\n\t\t\tWHERE id_attachment={$file_id}"; $result = lcm_query($q); if (lcm_num_rows($result) == 0) { die("There is no such file!"); }
59 Temple Place, Suite 330, Boston, MA 02111-1307, USA $Id: edit_auth.php,v 1.18 2006/07/27 15:31:22 mlutfy Exp $ */ include 'inc/inc.php'; include_lcm('inc_acc'); include_lcm('inc_filters'); // Initialise variables $case = intval($_GET['case']); if (!($case > 0)) { lcm_page_start(_T('title_error')); echo "<p>" . _T('error_no_case_specified') . "</p>\n"; lcm_page_end(); exit; } if (!allowed($case, 'a')) { die("You don't have permission to edit this case's access rights."); } $q = "SELECT *\n\tFROM lcm_case_author,lcm_author\n\tWHERE (id_case={$case}\n\t AND lcm_case_author.id_author=lcm_author.id_author"; if ($author > 0) { $q .= " AND lcm_author.id_author={$author}"; } $q .= ')'; $result = lcm_query($q); lcm_page_start(_T('title_case_edit_ac')); lcm_bubble('case_ac'); show_context_start(); show_context_case_title($case); show_context_case_involving($case); show_context_end(); ?>
function includeAllData($pack) { extract($pack); $element2query = $element2query == '' ? $s3ql['from'] : $element2query; #echo '<pre>';print_r($data);exit; $letter = letter($element2query); $element = $GLOBALS['s3codes'][$letter]; if ($user_id != '1') { if (count($data) >= 4) { if (!ereg('^U|^G', $letter)) { $Z = compact('user_id', 'db', 'uidQuery', 'timer', 'WhereInfo', 'shared_with_query'); $Z['toFind'] = $letter; $Z['shared_with_user'] = '******' . $user_id; $ids = permissionPropagation($Z); } } } if (ereg('^U|^G', $letter) && $WhereInfo) { $whereId = array_keys($WhereInfo); if (count($whereId) > 1) { $array = array(); return $array; } else { $whereId = $whereId[0]; #Tlist provides the list of resources that are shared with the uid of interest, including users & groups $Hlist = bottom_up_propagation_list($whereId, $db); $Tlist = user_included_bottom_up_propagation_list('U', $whereId, $user_id, $db); $resourceUsers = s3dbPercolate($Hlist, $Tlist, $letter); if ($_REQUEST['su3d']) { } } } ##Remove from data the uids that do not exist in ids $str = $GLOBALS['s3ids'][$GLOBALS['s3codes'][$letter]]; $re_issued = array(); if (is_array($data)) { foreach ($data as $ind => $array) { $uid = $letter . $array[$str]; if ($uid != '') { if ($user_id != '1') { if (is_array($ids)) { if (!ereg('^U|^G', $letter)) { if ($ids[$uid] != '') { $array['acl'] = $ids[$uid]; } else { $array = array(); } } else { if ($resourceUsers) { if (in_array($uid, array_keys($resourceUsers))) { $array['permissionOnResource'] = $resourceUsers[$uid]; } else { $array = array(); } } #else { # $array=array(); #} } } else { $strictuid = 1; $strictsharedwith = 1; $shared_with = 'U' . $user_id; $P = compact('uid', 'shared_with', 'user_id', 'db', 'strictuid', 'strictsharedwith', 'stream', 'timer'); if (!ereg('^U|^G', $letter)) { $array['acl'] = permission4Resource($P); $array['permission_level'] = $array['acl']; $permission2user = permissionModelComp($array['permission_level']); $isOwner = $array['created_by'] == $user_id; $array['view'] = allowed($permission2user, 0, $isOwner); $array['change'] = allowed($permission2user, 1, $isOwner); $array['propagate'] = allowed($permission2user, 2, $isOwner); #create the element "delete", in case it is eventually created...For now it is the same as change $array['delete'] = $array['change']; $array['add_data'] = $array['propagate']; $array['delete_data'] = $array['add_data']; } else { if ($resourceUsers) { if (in_array($uid, array_keys($resourceUsers))) { $array['permissionOnResource'] = $resourceUsers[$uid]; } else { $array = array(); } } #else { # $array=array(); #} } } } else { $array['acl'] = 'yyy'; if (ereg('^U|^G', $letter) && $resourceUsers) { if ($resourceUsers) { if (in_array($uid, array_keys($resourceUsers))) { $array['permissionOnResource'] = $resourceUsers[$uid]; } else { $array = array(); } } #else { # $array=array(); #} } } } if (!empty($array)) { $re_issued[$uid] = $array; $element_info = $re_issued[$uid]; $info = $WhereInfo; $C = compact('letter', 'info', 'elements', 'element_info', 'user_id', 'db', 'key', 'timer', 'model'); $element_info = include_all($C); $element_info['uri'] = S3DB_URI_BASE . '/' . $letter . $array[$str]; #$element_info['uri'] = str_replace('central', 'TCGA', S3DB_URI_BASE.'/'.$letter.$array[$str]); $pack['uid'] = $uid; $pack['info'] = $element_info; $element_info = filterDataForQuery($pack); if ($timer) { $timer->setMarker('Filter Data For The Query'); } $re_issued[$uid] = $element_info; } } } $data = array_values(array_filter($re_issued)); return $data; }
function readonly($posting) { if (!allowed(1, $posting)) { return "readonly=\"readonly\""; } }
if ($auth_info['stat'] == 'ok') { /* STEP 3 Continued: Extract the 'identifier' from the response */ $profile = $auth_info['profile']; $identifier = $profile['identifier']; if (isset($profile['photo'])) { $photo_url = $profile['photo']; } if (isset($profile['displayName'])) { $name = $profile['displayName']; } if (isset($profile['email'])) { $email = $profile['email']; } /* STEP 4: Use the identifier as the unique key to sign the user into your system. This will depend on your website implementation, and you should add your own code here. */ if (strpos($email, '@gmail.com')) { $email = substr($email, 0, strlen($email) - 10); } if (allowed($email)) { updateID($email, $identifier); } header('Location: ' . $_REQUEST["return"] . '?identifier=' . $identifier); /* Make sure that code below does not get executed when we redirect. */ /* an error occurred */ } else { // gracefully handle the error. Hook this into your native error handling system. echo 'An error occured: ' . $auth_info['err']['msg']; } }
<?php echo "<h1>Organisation</h1>\n"; include 'inc/navigation.php'; include 'inc/functions_organisation.php'; //check the rights if (!allowed(3, "")) { die("<p class=\"msg\">Administrators do some wild party in here. You are not invited :-(</p>"); } //what do we get from url? go to appropiate function(s)! if (!isset($_GET['do'])) { showcatsandauthors(); } else { if ($_GET['do'] == "editauthor") { showauthor($_GET['id'], false); } if ($_GET['do'] == "newauthor") { showauthor(0, true); } if ($_GET['do'] == "delauthor") { if ($_GET['id'] != $_SESSION['authorid']) { deleteauthor($_GET['id']); } else { echo "<p class=\"msg\">You cannot delete yourself!</p>"; } showcatsandauthors(); } if ($_GET['do'] == "saveauthor") { if (savepostedauthordata($_GET['id'])) { showcatsandauthors(); } else {
// Get input values $type = clean_input($_POST['type']); $destination = intval($_POST['destination']); $case = intval($_POST['id_case']); $sumbilled = $_POST['sumbilled'] ? $_POST['sumbilled'] : 0; $ref_edit_fu = clean_input($_POST['ref_edit_fu']); $id_author = $GLOBALS['author_session']['id_author']; // Check incoming data if ($type != 'merge') { die("This module is used for case merging only!"); } if (!($case > 0)) { die("Which case?"); } // Check access rights if (!allowed($case, 'w')) { die("You don't have permission to add information to this case!"); } // Create new case if $destination is 0 if ($destination == 0) { // Create new case $q = "INSERT INTO lcm_case SET\n\t\t\tid_case=0,\n\t\t\tdate_creation=NOW(),\n\t\t\tstatus='open'"; $result = lcm_query($q); $destination = lcm_insert_id('lcm_case', 'id_case'); // Insert new case_author relation $q = "INSERT INTO lcm_case_author SET\n\t\t\tid_case={$destination},\n\t\t\tid_author={$id_author},\n\t\t\tac_read=1,\n\t\t\tac_write=1,\n\t\t\tac_admin=1"; $result = lcm_query($q); } // Add "merged to" follow-up to the old case $q = "INSERT INTO lcm_followup SET id_followup=0,\n\t\tid_case={$case},\n\t\tid_author={$id_author},\n\t\tdate_start=NOW(),\n\t\tdate_end=NOW(),\n\t\ttype='{$type}',\n\t\tsumbilled={$sumbilled},\n\t\tdescription='Merged to case ID:{$destination}\\n{$description}'"; $result = lcm_query($q);
echo "<td class=\"center\"><input " . readonly($edit_id) . " type=\"text\" value=\"" . $links[$i]['title']; echo "\" name=\"linktit" . $i . "\" /></td>\n"; echo "<td class=\"right\"><input " . readonly($edit_id) . " type=\"text\" value=\"" . $links[$i]['description']; echo "\" name=\"linkdes" . $i . "\" /></td>\n"; echo "</tr>"; } ?> </table> </div> <!-- submit-button --> <div class="submit"> <?php if (allowed(1, $edit_id)) { echo "<input class=\"save\" type=\"submit\" value=\"save all\" />"; } ?> </div> </form> <?php } else { echo "<p class=\"msg\">No audio file defined!</p>\n\n"; }
$result = lcm_query($q); // Process the output of the query if ($row = lcm_fetch_array($result)) { // Check for access rights if (!allowed($case, 'r')) { // [ML] I usually would not care about such errors, since they happen // only when the user messes around with URLs, but since I modified the // access control test, I am paranoid :-) Feel free to scrap later. lcm_page_start(_T('title_error')); echo _T('error_no_read_permission'); lcm_page_end(); exit; } $add = allowed($case, 'w'); $edit = allowed($case, 'e'); $admin = allowed($case, 'a'); // Show case details lcm_page_start(_T('title_case_details') . " #" . $row['id_case'] . ' ' . $row['title'], '', '', 'cases_intro'); // [ML] This will probably never be implemented // echo "<div id=\"breadcrumb\"><a href=\"". getenv("HTTP_REFERER") ."\">List of cases</a> > ". $row['title'] ."</div>"; // Show tabs $groups = array('general' => array('name' => _T('generic_tab_general'), 'tooltip' => _T('case_subtitle_general')), 'appointments' => array('name' => _T('generic_tab_agenda'), 'tooltip' => _T('case_subtitle_appointments')), 'exps' => array('name' => 'Requests', 'tooltip' => 'Internal requests'), 'times' => array('name' => _T('generic_tab_reports'), 'tooltip' => _T('case_subtitle_times')), 'attachments' => array('name' => _T('generic_tab_documents'), 'tooltip' => _T('case_subtitle_attachments'))); $tab = isset($_GET['tab']) ? $_GET['tab'] : 'general'; show_tabs($groups, $tab, $_SERVER['REQUEST_URI']); echo show_all_errors(); switch ($tab) { // // General tab // case 'general': echo "<fieldset class='info_box'>";
} } //showing audio length in minutes echo "<td>" . getminutes($showtable[$i]['audio_length']) . "</td>\n"; //the status radio buttons $temp = $showtable[$i]['status']; echo "<td>\n"; if ($temp == 1) { echo "<span style=\"color:#dd0067;\">" . bla("draft") . "</span>"; } if ($temp == 2) { echo "<span style=\"color:#090;\">" . bla("finished") . "</span>"; } if ($temp == 3) { echo bla("onair"); } echo "</td>\n"; //a beautiful button for deleting echo "<td class=\"right\">\n"; if (allowed(1, $showtable[$i]['id'])) { echo "<form method=\"post\" enctype=\"multipart/form-data\" "; echo "action=\"index.php?page=postings&do=x&"; echo "id=" . $showtable[$i]['id'] . "\" "; echo "onSubmit=\"return yesno('" . bla("alert_deleteposting") . "')\">\n"; echo "<input type=\"submit\" value=\"" . bla("but_delete") . "\" />\n"; echo "</form>\n"; } echo "</td>\n"; echo "</tr>\n\n"; } echo "</table>";
// it will send back to "case_det.php?case=NNN" after update. $_SESSION['form_data']['ref_edit_case'] = _request('ref'); $id_case = intval(_request('case')); if ($id_case) { // Check access rights if (!allowed($id_case, 'e')) { die(_T('error_no_edit_permission')); } $q = "SELECT *\n\t\t\tFROM lcm_case\n\t\t\tWHERE id_case = {$id_case}"; $result = lcm_query($q); if ($row = lcm_fetch_array($result)) { foreach ($row as $key => $value) { $_SESSION['form_data'][$key] = $value; } } $_SESSION['form_data']['admin'] = allowed($id_case, 'a'); } else { // Set default values for the new case $_SESSION['form_data']['date_assignment'] = date('Y-m-d H:i:s'); $_SESSION['form_data']['public'] = (int) (read_meta('case_default_read') == 'yes'); $_SESSION['form_data']['pub_write'] = (int) (read_meta('case_default_write') == 'yes'); if (isset($GLOBALS['case_default_status']) && $GLOBALS['case_default_status'] == 'draft') { $_SESSION['form_data']['status'] = 'draft'; } else { $_SESSION['form_data']['status'] = 'open'; } $_SESSION['form_data']['admin'] = true; } } $attach_client = 0; $attach_org = 0;
} $_SESSION['form_data']['id_app'] = $app; if (empty($_SESSION['errors'])) { // Propose a description based on the appointment $_SESSION['form_data']['description'] = _T('fu_info_after_event', array('title' => _Ti(_Tkw('appointments', $row['type'])) . $row['title'], 'date' => format_date($row['start_time']), 'participants' => join(', ', $participants))); $_SESSION['form_data']['date_start'] = $row['start_time']; $_SESSION['form_data']['date_end'] = $row['end_time']; $_SESSION['form_data']['description'] = str_replace(' ', ' ', $_SESSION['form_data']['description']); } } } // // Check for access rights // $edit = allowed($_SESSION['form_data']['id_case'], 'e'); $write = allowed($_SESSION['form_data']['id_case'], 'w'); if (!($admin || $write)) { lcm_panic("You don't have permission to add follow-ups to this case"); } if (isset($_SESSION['followup']) && !$edit) { lcm_panic("You do not have the permission to edit existing follow-ups"); } // // Change status/stage: check for if case status/stage is different than current // $statuses = get_possible_case_statuses(); // yes, stupid patch because of annoying PHP warnings // the whole code needs a rewrite anyway.. too much spagetti! if (!isset($_REQUEST['submit'])) { $_REQUEST['submit'] = ''; }
59 Temple Place, Suite 330, Boston, MA 02111-1307, USA $Id: set_case_stage.php,v 1.2 2005/04/08 05:59:41 mlutfy Exp $ */ include 'inc/inc.php'; include_lcm('inc_acc'); include_lcm('inc_filters'); // Get input values $case = intval($_GET['case']); $stage = clean_input($_GET['stage']); // Check if case_id is set if (!($case > 0)) { die("Which case?"); } // Check access rights if (!($GLOBALS['author_session']['status'] == 'admin' || allowed($case, 'we'))) { die("You don't have rights to set this case status!"); } // Get site preferences //$fu_sum_billed = read_meta('fu_sum_billed'); // Check if there are no errors - new followup if (!count($_SESSION['errors'])) { // Clear followup data $_SESSION['fu_data'] = array(); } // Get case details $q = "SELECT * FROM lcm_case WHERE id_case={$case}"; $result = lcm_query($q); // Check if the case exists if (!($row = lcm_fetch_array($result))) { die("There is no such case.");