gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-02-06 15:14:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

use post, use formField() for form fieldѕ

Browse Source
This commit is contained in:
Uwe Steinmann 2018-06-20 20:40:13 +02:00
parent 798ef49f23
commit 0a841b22aa
2 changed files with 75 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

26
op/op.DocumentNotify.php
View File

@ -27,39 +27,43 @@ include("../inc/inc.DBInit.php");
include("../inc/inc.ClassUI.php");
include("../inc/inc.Authentication.php");
if (!isset($_GET["documentid"]) || !is_numeric($_GET["documentid"]) || intval($_GET["documentid"])<1) {
if(!checkFormKey('documentnotify')) {
UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("invalid_request_token"));
}
if (!isset($_POST["documentid"]) || !is_numeric($_POST["documentid"]) || intval($_POST["documentid"])<1) {
UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id"));
}
$documentid = $_GET["documentid"];
$documentid = $_POST["documentid"];
$document = $dms->getDocument($documentid);
if (!is_object($document)) {
UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id"));
}
if (!isset($_GET["action"]) || (strcasecmp($_GET["action"], "delnotify") && strcasecmp($_GET["action"],"addnotify"))) {
if (!isset($_POST["action"]) || (strcasecmp($_POST["action"], "delnotify") && strcasecmp($_POST["action"],"addnotify"))) {
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_action"));
}
$action = $_GET["action"];
$action = $_POST["action"];
if (isset($_GET["userid"]) && (!is_numeric($_GET["userid"]) || $_GET["userid"]<-1)) {
if (isset($_POST["userid"]) && (!is_numeric($_POST["userid"]) || $_POST["userid"]<-1)) {
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("unknown_user"));
}
$userid = 0;
if(isset($_GET["userid"]))
$userid = $_GET["userid"];
if(isset($_POST["userid"]))
$userid = $_POST["userid"];
if (isset($_GET["groupid"]) && (!is_numeric($_GET["groupid"]) || $_GET["groupid"]<-1)) {
if (isset($_POST["groupid"]) && (!is_numeric($_POST["groupid"]) || $_POST["groupid"]<-1)) {
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("unknown_group"));
}
if(isset($_GET["groupid"]))
$groupid = $_GET["groupid"];
if(isset($_POST["groupid"]))
$groupid = $_POST["groupid"];
if (isset($_GET["groupid"])&&$_GET["groupid"]!=-1){
if (isset($_POST["groupid"])&&$_POST["groupid"]!=-1){
$group=$dms->getGroup($groupid);
if (!$group->isMember($user,true) && !$user->isAdmin())
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));

105
views/bootstrap/class.DocumentNotify.php
View File

@ -71,7 +71,7 @@ $(document).ready( function() {
$document = $this->params['document'];
$sortusersinlist = $this->params['sortusersinlist'];
$notifyList = $document->getNotifyList();
$notifyList = $document->getNotifyList(0, true);
$this->htmlStartPage(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))));
$this->globalNavigation($folder);
@ -94,7 +94,15 @@ $(document).ready( function() {
print "<td><i class=\"icon-user\"></i></td>";
print "<td>" . htmlspecialchars($userNotify->getLogin() . " - " . $userNotify->getFullName()) . "</td>";
if ($user->isAdmin() || $user->getID() == $userNotify->getID()) {
print "<td><a href=\"../op/op.DocumentNotify.php?documentid=". $document->getID() . "&action=delnotify&userid=".$userNotify->getID()."\" class=\"btn btn-mini\"><i class=\"icon-remove\"></i> ".getMLText("delete")."</a></td>";
print "<form action=\"../op/op.DocumentNotify.php\" method=\"post\">\n";
echo createHiddenFieldWithKey('documentnotify')."\n";
print "<input type=\"hidden\" name=\"documentid\" value=\"".$document->getID()."\">\n";
print "<input type=\"hidden\" name=\"action\" value=\"delnotify\">\n";
print "<input type=\"hidden\" name=\"userid\" value=\"".$userNotify->getID()."\">\n";
print "<td>";
print "<button type=\"submit\" class=\"btn btn-mini\"><i class=\"icon-remove\"></i> ".getMLText("delete")."</button>";
print "</td>";
print "</form>\n";
}else print "<td></td>";
print "</tr>";
$userNotifyIDs[] = $userNotify->getID();
@ -104,7 +112,15 @@ $(document).ready( function() {
print "<td><i class=\"icon-group\"></i></td>";
print "<td>" . htmlspecialchars($groupNotify->getName()) . "</td>";
if ($user->isAdmin() || $groupNotify->isMember($user,true)) {
print "<td><a href=\"../op/op.DocumentNotify.php?documentid=". $document->getID() . "&action=delnotify&groupid=".$groupNotify->getID()."\" class=\"btn btn-mini\"><i class=\"icon-remove\"></i> ".getMLText("delete")."</a></td>";
print "<form action=\"../op/op.DocumentNotify.php\" method=\"post\">\n";
echo createHiddenFieldWithKey('documentnotify')."\n";
print "<input type=\"hidden\" name=\"documentid\" value=\"".$document->getID()."\">\n";
print "<input type=\"hidden\" name=\"action\" value=\"delnotify\">\n";
print "<input type=\"hidden\" name=\"groupid\" value=\"".$groupNotify->getID()."\">\n";
print "<td>";
print "<button type=\"submit\" class=\"btn btn-mini\"><i class=\"icon-remove\"></i> ".getMLText("delete")."</button>";
print "</form>\n";
print "</td>";
}else print "<td></td>";
print "</tr>";
$groupNotifyIDs[] = $groupNotify->getID();
@ -115,51 +131,50 @@ $(document).ready( function() {
?>
<br>
<form class=form-horizontal" action="../op/op.DocumentNotify.php" name="form1" id="form1">
<form class=form-horizontal" action="../op/op.DocumentNotify.php" method="post" name="form1" id="form1">
<?php echo createHiddenFieldWithKey('documentnotify'); ?>
<input type="hidden" name="documentid" value="<?php print $document->getID()?>">
<input type="hidden" name="action" value="addnotify">
<div class="control-group">
<label class="control-label"><?php printMLText("user");?>:</label>
<div class="controls">
<select name="userid">
<option value="-1"><?php printMLText("select_one");?>
<?php
if ($user->isAdmin()) {
$allUsers = $dms->getAllUsers($sortusersinlist);
foreach ($allUsers as $userObj) {
if (!$userObj->isGuest() && ($document->getAccessMode($userObj) >= M_READ) && !in_array($userObj->getID(), $userNotifyIDs))
print "<option value=\"".$userObj->getID()."\">" . htmlspecialchars($userObj->getLogin() . " - " . $userObj->getFullName()) . "\n";
}
}
elseif (!$user->isGuest() && !in_array($user->getID(), $userNotifyIDs)) {
print "<option value=\"".$user->getID()."\">" . htmlspecialchars($user->getLogin() . " - " . $user->getFullName()) . "\n";
}
?>
</select>
</div>
</div>
<div class="control-group">
<label class="control-label"><?php printMLText("group");?>:</label>
<div class="controls">
<select name="groupid">
<option value="-1"><?php printMLText("select_one");?>
<?php
$allGroups = $dms->getAllGroups();
foreach ($allGroups as $groupObj) {
if (($user->isAdmin() || $groupObj->isMember($user,true)) && $document->getGroupAccessMode($groupObj) >= M_READ && !in_array($groupObj->getID(), $groupNotifyIDs)) {
print "<option value=\"".$groupObj->getID()."\">" . htmlspecialchars($groupObj->getName()) . "\n";
}
}
?>
</select>
</div>
</div>
<?php
$this->formSubmit(getMLText('add'));
$options = array();
$options[] = array('-1', getMLText("select_one"));
if ($user->isAdmin()) {
$allUsers = $dms->getAllUsers($sortusersinlist);
foreach ($allUsers as $userObj) {
if (!$userObj->isGuest() && !$userObj->isDisabled() && ($document->getAccessMode($userObj) >= M_READ) && !in_array($userObj->getID(), $userNotifyIDs))
$options[] = array($userObj->getID(), htmlspecialchars($userObj->getLogin() . " - " . $userObj->getFullName()));
}
} elseif (!$user->isGuest() && !in_array($user->getID(), $userNotifyIDs)) {
$options[] = array($user->getID(), htmlspecialchars($user->getLogin() . " - " .$user->getFullName()));
}
$this->formField(
getMLText("user"),
array(
'element'=>'select',
'id'=>'userid',
'name'=>'userid',
'options'=>$options
)
);
$options = array();
$options[] = array('-1', getMLText("select_one"));
$allGroups = $dms->getAllGroups();
foreach ($allGroups as $groupObj) {
if (($user->isAdmin() || $groupObj->isMember($user,true)) && $document->getGroupAccessMode($groupObj) >= M_READ && !in_array($groupObj->getID(), $groupNotifyIDs)) {
$options[] = array($groupObj->getID(), htmlspecialchars($groupObj->getName()));
}
}
$this->formField(
getMLText("group"),
array(
'element'=>'select',
'id'=>'groupid',
'name'=>'groupid',
'options'=>$options
)
);
$this->formSubmit(getMLText('add'));
?>
</form>