gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-03-12 08:55:54 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

check access on folder in 'searchfolder'

Browse Source
This commit is contained in:
Uwe Steinmann 2022-09-14 18:07:57 +02:00
parent fc68b025ef
commit 100b0bfa26
1 changed files with 20 additions and 15 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
op/op.Ajax.php
View File

@ -152,11 +152,13 @@ switch($command) {
if(count($hits['folders']) == 1) { if(count($hits['folders']) == 1) {
$hit = $hits['folders'][0]; $hit = $hits['folders'][0];
$basefolder = $dms->getFolder($hit->getID()); $basefolder = $dms->getFolder($hit->getID());
if($basefolder->getAccessMode($user, 'search') >= M_READ) {
if($subquery = substr($query, $pos+1)) { if($subquery = substr($query, $pos+1)) {
$hits = $dms->search($subquery, $limit=0, $offset=0, $logicalmode='AND', $searchin=array(), $startFolder=$basefolder, $owner=null, $status = array(), $creationstartdate=array(), $creationenddate=array(), $modificationstartdate=array(), $modificationenddate=array(), $categories=array(), $attributes=array(), $mode=0x2, $expirationstartdate=array(), $expirationenddate=array()); $hits = $dms->search($subquery, $limit=0, $offset=0, $logicalmode='AND', $searchin=array(), $startFolder=$basefolder, $owner=null, $status = array(), $creationstartdate=array(), $creationenddate=array(), $modificationstartdate=array(), $modificationenddate=array(), $categories=array(), $attributes=array(), $mode=0x2, $expirationstartdate=array(), $expirationenddate=array());
if($hits) { if($hits) {
$result = array(); $result = array();
foreach($hits['folders'] as $hit) { foreach($hits['folders'] as $hit) {
if($hit->getAccessMode($user, 'search') >= M_READ)
$result[] = $hit->getID().'#'.$basefolder->getName().'/'.$hit->getName(); $result[] = $hit->getID().'#'.$basefolder->getName().'/'.$hit->getName();
} }
header('Content-Type: application/json'); header('Content-Type: application/json');
@ -165,6 +167,7 @@ switch($command) {
} }
} else { } else {
$subfolders = $basefolder->getSubFolders(); $subfolders = $basefolder->getSubFolders();
$subfolders = SeedDMS_Core_DMS::filterAccess($subfolders, $user, M_READ);
$result = array(); $result = array();
foreach($subfolders as $subfolder) { foreach($subfolders as $subfolder) {
$result[] = $subfolder->getID().'#'.$basefolder->getName().'/'.$subfolder->getName(); $result[] = $subfolder->getID().'#'.$basefolder->getName().'/'.$subfolder->getName();
@ -176,10 +179,12 @@ switch($command) {
} }
} }
} }
}
$hits = $dms->search($query, $limit=0, $offset=0, $logicalmode='AND', $searchin=array(), $startFolder=$dms->getRootFolder(), $owner=null, $status = array(), $creationstartdate=array(), $creationenddate=array(), $modificationstartdate=array(), $modificationenddate=array(), $categories=array(), $attributes=array(), $mode=0x2, $expirationstartdate=array(), $expirationenddate=array()); $hits = $dms->search($query, $limit=0, $offset=0, $logicalmode='AND', $searchin=array(), $startFolder=$dms->getRootFolder(), $owner=null, $status = array(), $creationstartdate=array(), $creationenddate=array(), $modificationstartdate=array(), $modificationenddate=array(), $categories=array(), $attributes=array(), $mode=0x2, $expirationstartdate=array(), $expirationenddate=array());
if($hits) { if($hits) {
$result = array(); $result = array();
foreach($hits['folders'] as $hit) { foreach($hits['folders'] as $hit) {
if($hit->getAccessMode($user, 'search') >= M_READ)
$result[] = $hit->getID().'#'.$hit->getName(); $result[] = $hit->getID().'#'.$hit->getName();
} }
header('Content-Type: application/json'); header('Content-Type: application/json');