mirror of
https://git.code.sf.net/p/seeddms/code
synced 2025-05-11 20:21:16 +00:00
use access check
This commit is contained in:
Uwe Steinmann
parent
4c15aa7c49
commit
23e3011d82
|
|
@ -28,7 +28,7 @@ include("../inc/inc.Authentication.php");
|
|||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||
$accessop = new SeedDMS_AccessOperation($dms, $user, $settings);
|
||||
if (!$accessop->check_view_access($view, $_GET) && !$user->isAdmin()) {
|
||||
if (!$accessop->check_view_access($view, $_GET)) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -27,7 +27,7 @@ include("../inc/inc.Authentication.php");
|
|||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||
$accessop = new SeedDMS_AccessOperation($dms, $user, $settings);
|
||||
if (!$accessop->check_view_access($view, $_GET) && !$user->isAdmin()) {
|
||||
if (!$accessop->check_view_access($view, $_GET)) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -32,7 +32,10 @@ include("../inc/inc.Authentication.php");
|
|||
*/
|
||||
require_once("SeedDMS/Preview.php");
|
||||
|
||||
if (!$user->isAdmin()) {
|
||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||
$accessop = new SeedDMS_AccessOperation($dms, $user, $settings);
|
||||
if (!$accessop->check_view_access($view, $_GET)) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
|
|
@ -44,8 +47,6 @@ if(isset($_GET['attrdefid']) && $_GET['attrdefid']) {
|
|||
$selattrdef = null;
|
||||
}
|
||||
|
||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||
if($view) {
|
||||
$view->setParam('attrdefs', $attrdefs);
|
||||
$view->setParam('selattrdef', $selattrdef);
|
||||
|
|
@ -55,6 +56,7 @@ if($view) {
|
|||
$view->setParam('maxRecursiveCount', $settings->_maxRecursiveCount);
|
||||
$view->setParam('previewWidthList', $settings->_previewWidthList);
|
||||
$view->setParam('timeout', $settings->_cmdTimeout);
|
||||
$view->setParam('accessobject', $accessop);
|
||||
$view($_GET);
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -25,17 +25,19 @@ include("../inc/inc.Utils.php");
|
|||
include("../inc/inc.ClassUI.php");
|
||||
include("../inc/inc.Authentication.php");
|
||||
|
||||
if (!$user->isAdmin()) {
|
||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||
$accessop = new SeedDMS_AccessOperation($dms, $user, $settings);
|
||||
if (!$accessop->check_view_access($view, $_GET)) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||
if($view) {
|
||||
if($settings->_backupDir && file_exists($settings->_backupDir))
|
||||
$view->setParam('backupdir', $settings->_backupDir);
|
||||
else
|
||||
$view->setParam('backupdir', $settings->_contentDir);
|
||||
$view->setParam('accessobject', $accessop);
|
||||
$view($_GET);
|
||||
exit;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -25,6 +25,13 @@ include("../inc/inc.DBInit.php");
|
|||
include("../inc/inc.ClassUI.php");
|
||||
include("../inc/inc.Authentication.php");
|
||||
|
||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||
$accessop = new SeedDMS_AccessOperation($dms, $user, $settings);
|
||||
if (!$accessop->check_view_access($view, $_GET)) {
|
||||
UI::exitError(getMLText("calendar"),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
if ($_GET["mode"]) $mode=$_GET["mode"];
|
||||
|
||||
// get required date else use current
|
||||
|
|
@ -37,8 +44,6 @@ else $month = (int)date("m", $currDate);
|
|||
if (isset($_GET["day"])&&is_numeric($_GET["day"])) $day=$_GET["day"];
|
||||
else $day = (int)date("d", $currDate);
|
||||
|
||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||
if($view) {
|
||||
$view->setParam('mode', $mode);
|
||||
$view->setParam('year', $year);
|
||||
|
|
|
|||
|
|
@ -29,7 +29,7 @@ include("../inc/inc.Authentication.php");
|
|||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||
$accessop = new SeedDMS_AccessOperation($dms, $user, $settings);
|
||||
if (!$accessop->check_view_access($view, $_GET) && !$user->isAdmin()) {
|
||||
if (!$accessop->check_view_access($view, $_GET)) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
|
|
@ -44,5 +44,6 @@ if(isset($_GET['categoryid']) && $_GET['categoryid']) {
|
|||
if($view) {
|
||||
$view->setParam('categories', $categories);
|
||||
$view->setParam('selcategory', $selcat);
|
||||
$view->setParam('accessobject', $accessop);
|
||||
$view($_GET);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -27,10 +27,11 @@ include("../inc/inc.Authentication.php");
|
|||
|
||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||
|
||||
if (!$user->isAdmin()) {
|
||||
$accessop = new SeedDMS_AccessOperation($dms, $user, $settings);
|
||||
if (!$accessop->check_view_access($view, $_GET)) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
$rootfolder = $dms->getFolder($settings->_rootFolderID);
|
||||
|
||||
$type = 'docsperuser';
|
||||
|
|
@ -50,6 +51,7 @@ if($view) {
|
|||
$view->setParam('rootfolder', $rootfolder);
|
||||
$view->setParam('type', $type);
|
||||
$view->setParam('data', $data);
|
||||
$view->setParam('accessobject', $accessop);
|
||||
$view($_GET);
|
||||
exit;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -29,7 +29,10 @@ include("../inc/inc.DBInit.php");
|
|||
include("../inc/inc.ClassUI.php");
|
||||
include("../inc/inc.Authentication.php");
|
||||
|
||||
if (!$user->isAdmin()) {
|
||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||
$accessop = new SeedDMS_AccessOperation($dms, $user, $settings);
|
||||
if (!$accessop->check_view_access($view, $_GET)) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
|
|
@ -37,10 +40,9 @@ if(!$settings->_enableFullSearch) {
|
|||
UI::exitError(getMLText("admin_tools"),getMLText("fulltextsearch_disabled"));
|
||||
}
|
||||
|
||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||
if($view) {
|
||||
$view->setParam('enablefullsearch', $settings->_enableFullSearch);
|
||||
$view->setParam('accessobject', $accessop);
|
||||
$view($_GET);
|
||||
exit;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -26,7 +26,10 @@ include("../inc/inc.DBInit.php");
|
|||
include("../inc/inc.ClassUI.php");
|
||||
include("../inc/inc.Authentication.php");
|
||||
|
||||
if (!$user->isAdmin()) {
|
||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||
$accessop = new SeedDMS_AccessOperation($dms, $user, $settings);
|
||||
if (!$accessop->check_view_access($view, $_GET)) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
|
|
@ -37,9 +40,10 @@ else
|
|||
|
||||
$categories = $dms->getAllUserKeywordCategories($user->getID());
|
||||
|
||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user, 'categories'=>$categories, 'selcategoryid'=>$selcategoryid));
|
||||
if($view) {
|
||||
$view->setParam('categories', $categories);
|
||||
$view->setParam('selcategoryid', $selcategoryid);
|
||||
$view->setParam('accessobject', $accessop);
|
||||
$view($_GET);
|
||||
exit;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -25,17 +25,19 @@ include("../inc/inc.DBInit.php");
|
|||
include("../inc/inc.ClassUI.php");
|
||||
include("../inc/inc.Authentication.php");
|
||||
|
||||
if (!$user->isAdmin()) {
|
||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||
$accessop = new SeedDMS_AccessOperation($dms, $user, $settings);
|
||||
if (!$accessop->check_view_access($view, $_GET)) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
$v = new SeedDMS_Version;
|
||||
|
||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||
if($view) {
|
||||
$view->setParam('httproot', $settings->_httpRoot);
|
||||
$view->setParam('version', $v);
|
||||
$view->setParam('accessobject', $accessop);
|
||||
$view($_GET);
|
||||
exit;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -35,7 +35,7 @@ require_once("SeedDMS/Preview.php");
|
|||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||
$accessop = new SeedDMS_AccessOperation($dms, $user, $settings);
|
||||
if (!$accessop->check_view_access($view, $_GET) && !$user->isAdmin()) {
|
||||
if (!$accessop->check_view_access($view, $_GET)) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
|
|
@ -64,5 +64,6 @@ if($view) {
|
|||
$view->setParam('previewWidthList', $settings->_previewWidthList);
|
||||
$view->setParam('workflowmode', $settings->_workflowMode);
|
||||
$view->setParam('timeout', $settings->_cmdTimeout);
|
||||
$view->setParam('accessobject', $accessop);
|
||||
$view($_GET);
|
||||
}
|
||||
|
|
|
|||
|
|
@ -24,13 +24,16 @@ include("../inc/inc.DBInit.php");
|
|||
include("../inc/inc.ClassUI.php");
|
||||
include("../inc/inc.Authentication.php");
|
||||
|
||||
if (!$user->isAdmin()) {
|
||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||
$accessop = new SeedDMS_AccessOperation($dms, $user, $settings);
|
||||
if (!$accessop->check_view_access($view, $_GET)) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user, 'settings'=>$settings));
|
||||
if($view) {
|
||||
$view->setParam('settings', $settings);
|
||||
$view->setParam('accessobject', $accessop);
|
||||
$view($_GET);
|
||||
exit;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -23,13 +23,15 @@ include("../inc/inc.Language.php");
|
|||
include("../inc/inc.ClassUI.php");
|
||||
include("../inc/inc.Authentication.php");
|
||||
|
||||
if (!$user->isAdmin()) {
|
||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||
$accessop = new SeedDMS_AccessOperation($dms, $user, $settings);
|
||||
if (!$accessop->check_view_access($view, $_GET)) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user, 'dropfolderdir'=>$settings->_dropFolderDir));
|
||||
if($view) {
|
||||
$view->setParam('dropfolderdir', $settings->_dropFolderDir);
|
||||
$view($_GET);
|
||||
exit;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -28,7 +28,10 @@ include("../inc/inc.DBInit.php");
|
|||
include("../inc/inc.ClassUI.php");
|
||||
include("../inc/inc.Authentication.php");
|
||||
|
||||
if (!$user->isAdmin()) {
|
||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||
$accessop = new SeedDMS_AccessOperation($dms, $user, $settings);
|
||||
if (!$accessop->check_view_access($view, $_GET)) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
|
|
@ -41,12 +44,11 @@ if(!$index) {
|
|||
UI::exitError(getMLText("admin_tools"),getMLText("no_fulltextindex"));
|
||||
}
|
||||
|
||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||
if($view) {
|
||||
$view->setParam('luceneclassdir', $settings->_luceneClassDir);
|
||||
$view->setParam('lucenedir', $settings->_luceneDir);
|
||||
$view->setParam('index', $index);
|
||||
$view->setParam('accessobject', $accessop);
|
||||
$view($_GET);
|
||||
exit;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -29,7 +29,10 @@ include("../inc/inc.DBInit.php");
|
|||
include("../inc/inc.ClassUI.php");
|
||||
include("../inc/inc.Authentication.php");
|
||||
|
||||
if (!$user->isAdmin()) {
|
||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||
$accessop = new SeedDMS_AccessOperation($dms, $user, $settings);
|
||||
if (!$accessop->check_view_access($view, $_GET)) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
|
|
@ -64,8 +67,6 @@ else {
|
|||
}
|
||||
$folder = $dms->getFolder($folderid);
|
||||
|
||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||
if($view) {
|
||||
$view->setParam('index', $index);
|
||||
$view->setParam('indexconf', $indexconf);
|
||||
|
|
@ -73,6 +74,7 @@ if($view) {
|
|||
$view->setParam('folder', $folder);
|
||||
$view->setParam('converters', $settings->_converters['fulltext']);
|
||||
$view->setParam('timeout', $settings->_cmdTimeout);
|
||||
$view->setParam('accessobject', $accessop);
|
||||
$view($_GET);
|
||||
exit;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -30,7 +30,7 @@ include("../inc/inc.Authentication.php");
|
|||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||
$accessop = new SeedDMS_AccessOperation($dms, $user, $settings);
|
||||
if (!$accessop->check_view_access($view, $_GET) && !$user->isAdmin()) {
|
||||
if (!$accessop->check_view_access($view, $_GET)) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -25,7 +25,10 @@ include("../inc/inc.DBInit.php");
|
|||
include("../inc/inc.ClassUI.php");
|
||||
include("../inc/inc.Authentication.php");
|
||||
|
||||
if (!$user->isAdmin()) {
|
||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||
$accessop = new SeedDMS_AccessOperation($dms, $user, $settings);
|
||||
if (!$accessop->check_view_access($view, $_GET)) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
|
|
@ -35,9 +38,11 @@ else $logname=NULL;
|
|||
if (isset($_GET["mode"])) $mode=$_GET["mode"];
|
||||
else $mode='web';
|
||||
|
||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user, 'logname'=>$logname, 'mode'=>$mode, 'contentdir'=>$settings->_contentDir));
|
||||
if($view) {
|
||||
$view->setParam('logname', $logname);
|
||||
$view->setParam('mode', $mode);
|
||||
$view->setParam('contentdir', $settings->_contentDir);
|
||||
$view->setParam('accessobject', $accessop);
|
||||
$view($_GET);
|
||||
exit;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -31,7 +31,7 @@ include("../inc/inc.Authentication.php");
|
|||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||
$accessop = new SeedDMS_AccessOperation($dms, $user, $settings);
|
||||
if (!$accessop->check_view_access($view, $_GET) && !$user->isAdmin()) {
|
||||
if (!$accessop->check_view_access($view, $_GET)) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
|
|
@ -81,6 +81,7 @@ if($view) {
|
|||
$view->setParam('setchecksum', $setchecksum);
|
||||
$view->setParam('repair', $repair);
|
||||
$view->setParam('rootfolder', $rootfolder);
|
||||
$view->setParam('accessobject', $accessop);
|
||||
$view($_GET);
|
||||
exit;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -24,7 +24,10 @@ include("../inc/inc.DBInit.php");
|
|||
include("../inc/inc.ClassUI.php");
|
||||
include("../inc/inc.Authentication.php");
|
||||
|
||||
if (!$user->isAdmin()) {
|
||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||
$accessop = new SeedDMS_AccessOperation($dms, $user, $settings);
|
||||
if (!$accessop->check_view_access($view, $_GET)) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
|
|
@ -34,8 +37,6 @@ if (!isset($_GET["arkname"]) || !file_exists($settings->_contentDir.$_GET["arkna
|
|||
|
||||
$arkname = $_GET["arkname"];
|
||||
|
||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||
if($view) {
|
||||
$view->setParam('archive', $arkname);
|
||||
$view($_GET);
|
||||
|
|
|
|||
|
|
@ -24,7 +24,10 @@ include("../inc/inc.DBInit.php");
|
|||
include("../inc/inc.ClassUI.php");
|
||||
include("../inc/inc.Authentication.php");
|
||||
|
||||
if (!$user->isAdmin()) {
|
||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||
$accessop = new SeedDMS_AccessOperation($dms, $user, $settings);
|
||||
if (!$accessop->check_view_access($view, $_GET)) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
|
|
@ -34,8 +37,6 @@ if (!isset($_GET["dumpname"]) || !file_exists($settings->_contentDir.$_GET["dump
|
|||
|
||||
$dumpname = $_GET["dumpname"];
|
||||
|
||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||
if($view) {
|
||||
$view->setParam('dumpfile', $dumpname);
|
||||
$view($_GET);
|
||||
|
|
|
|||
|
|
@ -24,7 +24,10 @@ include("../inc/inc.DBInit.php");
|
|||
include("../inc/inc.ClassUI.php");
|
||||
include("../inc/inc.Authentication.php");
|
||||
|
||||
if (!$user->isAdmin()) {
|
||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||
$accessop = new SeedDMS_AccessOperation($dms, $user, $settings);
|
||||
if (!$accessop->check_view_access($view, $_GET)) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
|
|
@ -38,8 +41,6 @@ if (!is_object($folder)) {
|
|||
UI::exitError(getMLText("admin_tools"),getMLText("invalid_folder_id"));
|
||||
}
|
||||
|
||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||
if($view) {
|
||||
$view->setParam('folder', $folder);
|
||||
$view($_GET);
|
||||
|
|
|
|||
|
|
@ -26,7 +26,10 @@ include("../inc/inc.DBInit.php");
|
|||
include("../inc/inc.ClassUI.php");
|
||||
include("../inc/inc.Authentication.php");
|
||||
|
||||
if (!$user->isAdmin()) {
|
||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||
$accessop = new SeedDMS_AccessOperation($dms, $user, $settings);
|
||||
if (!$accessop->check_view_access($view, $_GET)) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
|
|
@ -39,8 +42,6 @@ if (!is_object($group)) {
|
|||
UI::exitError(getMLText("rm_group"),getMLText("invalid_group_id"));
|
||||
}
|
||||
|
||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||
if($view) {
|
||||
$view->setParam('group', $group);
|
||||
$view($_GET);
|
||||
|
|
|
|||
|
|
@ -24,7 +24,10 @@ include("../inc/inc.DBInit.php");
|
|||
include("../inc/inc.ClassUI.php");
|
||||
include("../inc/inc.Authentication.php");
|
||||
|
||||
if (!$user->isAdmin()) {
|
||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||
$accessop = new SeedDMS_AccessOperation($dms, $user, $settings);
|
||||
if (!$accessop->check_view_access($view, $_GET)) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
|
|
@ -48,8 +51,6 @@ foreach($lognames as $file) {
|
|||
}
|
||||
}
|
||||
|
||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||
if($view) {
|
||||
$view->setParam('lognames', $lognames);
|
||||
$view->setParam('mode', $mode);
|
||||
|
|
|
|||
|
|
@ -26,7 +26,10 @@ include("../inc/inc.DBInit.php");
|
|||
include("../inc/inc.ClassUI.php");
|
||||
include("../inc/inc.Authentication.php");
|
||||
|
||||
if (!$user->isAdmin()) {
|
||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||
$accessop = new SeedDMS_AccessOperation($dms, $user, $settings);
|
||||
if (!$accessop->check_view_access($view, $_GET)) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
|
|
@ -49,8 +52,6 @@ if ($rmuser->getID()==$user->getID()) {
|
|||
|
||||
$allusers = $dms->getAllUsers($settings->_sortUsersInList);
|
||||
|
||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||
if($view) {
|
||||
$view->setParam('rmuser', $rmuser);
|
||||
$view->setParam('allusers', $allusers);
|
||||
|
|
|
|||
|
|
@ -27,7 +27,10 @@ include("../inc/inc.DBInit.php");
|
|||
include("../inc/inc.ClassUI.php");
|
||||
include("../inc/inc.Authentication.php");
|
||||
|
||||
if (!$user->isAdmin()) {
|
||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||
$accessop = new SeedDMS_AccessOperation($dms, $user, $settings);
|
||||
if (!$accessop->check_view_access($view, $_GET)) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
|
|
@ -40,8 +43,6 @@ if (!is_object($workflow)) {
|
|||
UI::exitError(getMLText("workflow_title"),getMLText("invalid_workflow_id"));
|
||||
}
|
||||
|
||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||
if($view) {
|
||||
$view->setParam('workflow', $workflow);
|
||||
$view($_GET);
|
||||
|
|
|
|||
|
|
@ -28,7 +28,10 @@ include("../inc/inc.ClassUI.php");
|
|||
include("../inc/inc.ClassAccessOperation.php");
|
||||
include("../inc/inc.Authentication.php");
|
||||
|
||||
if (!$user->isAdmin()) {
|
||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||
$accessop = new SeedDMS_AccessOperation($dms, $user, $settings);
|
||||
if (!$accessop->check_view_access($view, $_GET)) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
|
|
@ -59,11 +62,6 @@ if (!is_object($workflow)) {
|
|||
|
||||
$folder = $document->getFolder();
|
||||
|
||||
/* Create object for checking access to certain operations */
|
||||
$accessop = new SeedDMS_AccessOperation($dms, $user, $settings);
|
||||
|
||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||
if($view) {
|
||||
$view->setParam('folder', $folder);
|
||||
$view->setParam('document', $document);
|
||||
|
|
|
|||
|
|
@ -28,7 +28,10 @@ include("../inc/inc.ClassUI.php");
|
|||
include("../inc/inc.ClassAccessOperation.php");
|
||||
include("../inc/inc.Authentication.php");
|
||||
|
||||
if (!$user->isAdmin()) {
|
||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||
$accessop = new SeedDMS_AccessOperation($dms, $user, $settings);
|
||||
if (!$accessop->check_view_access($view, $_GET)) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
|
|
@ -59,11 +62,6 @@ if (!is_object($workflow)) {
|
|||
|
||||
$folder = $document->getFolder();
|
||||
|
||||
/* Create object for checking access to certain operations */
|
||||
$accessop = new SeedDMS_AccessOperation($dms, $user, $settings);
|
||||
|
||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||
if($view) {
|
||||
$view->setParam('folder', $folder);
|
||||
$view->setParam('document', $document);
|
||||
|
|
|
|||
|
|
@ -29,7 +29,7 @@ include("../inc/inc.Authentication.php");
|
|||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||
$accessop = new SeedDMS_AccessOperation($dms, $user, $settings);
|
||||
if (!$accessop->check_view_access($view, $_GET) && !$user->isAdmin()) {
|
||||
if (!$accessop->check_view_access($view, $_GET)) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -24,7 +24,10 @@ include("../inc/inc.DBInit.php");
|
|||
include("../inc/inc.ClassUI.php");
|
||||
include("../inc/inc.Authentication.php");
|
||||
|
||||
if (!$user->isAdmin()) {
|
||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||
$accessop = new SeedDMS_AccessOperation($dms, $user, $settings);
|
||||
if (!$accessop->check_view_access($view, $_GET)) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
|
|
@ -32,9 +35,9 @@ if (!$user->isAdmin()) {
|
|||
if(!trim($settings->_encryptionKey))
|
||||
$settings->_encryptionKey = md5(uniqid());
|
||||
|
||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user, 'settings'=>$settings, 'currenttab'=>(isset($_REQUEST['currenttab']) ? $_REQUEST['currenttab'] : '')));
|
||||
if($view) {
|
||||
$view->setParam('settings', $settings);
|
||||
$view->setParam('currenttab', (isset($_REQUEST['currenttab']) ? $_REQUEST['currenttab'] : ''));
|
||||
$view($_GET);
|
||||
exit;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -25,14 +25,17 @@ include("../inc/inc.DBInit.php");
|
|||
include("../inc/inc.ClassUI.php");
|
||||
include("../inc/inc.Authentication.php");
|
||||
|
||||
if (!$user->isAdmin()) {
|
||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||
$accessop = new SeedDMS_AccessOperation($dms, $user, $settings);
|
||||
if (!$accessop->check_view_access($view, $_GET)) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
|
||||
}
|
||||
$rootfolder = $dms->getFolder($settings->_rootFolderID);
|
||||
|
||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user, 'rootfolder'=>$rootfolder));
|
||||
if($view) {
|
||||
$view->setParam('rootfolder', $rootfolder);
|
||||
$view->setParam('accessobject', $accessop);
|
||||
$view($_GET);
|
||||
exit;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -30,7 +30,10 @@ include("../inc/inc.Authentication.php");
|
|||
*/
|
||||
require_once("SeedDMS/Preview.php");
|
||||
|
||||
if (!$user->isAdmin()) {
|
||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||
$accessop = new SeedDMS_AccessOperation($dms, $user, $settings);
|
||||
if (!$accessop->check_view_access($view, $_GET)) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
|
||||
}
|
||||
$rootfolder = $dms->getFolder($settings->_rootFolderID);
|
||||
|
|
@ -53,8 +56,6 @@ if(isset($_GET['version']) && $_GET['version'] && is_numeric($_GET['version']))
|
|||
} else
|
||||
$content = null;
|
||||
|
||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||
if($view) {
|
||||
$view->setParam('fromdate', isset($_GET['fromdate']) ? $_GET['fromdate'] : '');
|
||||
$view->setParam('todate', isset($_GET['todate']) ? $_GET['todate'] : '');
|
||||
|
|
@ -65,6 +66,7 @@ if($view) {
|
|||
$view->setParam('previewWidthList', $settings->_previewWidthList);
|
||||
$view->setParam('previewWidthDetail', $settings->_previewWidthDetail);
|
||||
$view->setParam('timeout', $settings->_cmdTimeout);
|
||||
$view->setParam('accessobject', $accessop);
|
||||
$view($_GET);
|
||||
exit;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -28,7 +28,7 @@ include("../inc/inc.ClassPasswordStrength.php");
|
|||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||
$accessop = new SeedDMS_AccessOperation($dms, $user, $settings);
|
||||
if (!$accessop->check_view_access($view, $_GET) && !$user->isAdmin()) {
|
||||
if (!$accessop->check_view_access($view, $_GET)) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
|
|
@ -39,6 +39,7 @@ if($view) {
|
|||
$view->setParam('httproot', $settings->_httpRoot);
|
||||
$view->setParam('quota', $settings->_quota);
|
||||
$view->setParam('pwdexpiration', $settings->_passwordExpiration);
|
||||
$view->setParam('accessobject', $accessop);
|
||||
$view($_GET);
|
||||
exit;
|
||||
}
|
||||
|
|
|
|||
|
|
@ -29,7 +29,7 @@ include("../inc/inc.Authentication.php");
|
|||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||
$accessop = new SeedDMS_AccessOperation($dms, $user, $settings);
|
||||
if (!$accessop->check_view_access($view, $_GET) && !$user->isAdmin()) {
|
||||
if (!$accessop->check_view_access($view, $_GET)) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -27,7 +27,10 @@ include("../inc/inc.DBInit.php");
|
|||
include("../inc/inc.ClassUI.php");
|
||||
include("../inc/inc.Authentication.php");
|
||||
|
||||
if (!$user->isAdmin()) {
|
||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||
$accessop = new SeedDMS_AccessOperation($dms, $user, $settings);
|
||||
if (!$accessop->check_view_access($view, $_GET)) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
|
|
@ -42,8 +45,6 @@ if (is_bool($workflowactions)) {
|
|||
UI::exitError(getMLText("admin_tools"),getMLText("internal_error"));
|
||||
}
|
||||
|
||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||
if($view) {
|
||||
$view->setParam('allworkflowactions', $workflowactions);
|
||||
$view->setParam('selworkflowaction', $selworkflowaction);
|
||||
|
|
|
|||
|
|
@ -27,7 +27,10 @@ include("../inc/inc.DBInit.php");
|
|||
include("../inc/inc.ClassUI.php");
|
||||
include("../inc/inc.Authentication.php");
|
||||
|
||||
if (!$user->isAdmin()) {
|
||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||
$accessop = new SeedDMS_AccessOperation($dms, $user, $settings);
|
||||
if (!$accessop->check_view_access($view, $_GET)) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
|
|
@ -47,8 +50,6 @@ if(isset($_GET['workflowid']) && $_GET['workflowid']) {
|
|||
$selworkflow = null;
|
||||
}
|
||||
|
||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||
if($view) {
|
||||
$view->setParam('selworkflow', $selworkflow);
|
||||
$view->setParam('allworkflows', $workflows);
|
||||
|
|
|
|||
|
|
@ -27,7 +27,10 @@ include("../inc/inc.DBInit.php");
|
|||
include("../inc/inc.ClassUI.php");
|
||||
include("../inc/inc.Authentication.php");
|
||||
|
||||
if (!$user->isAdmin()) {
|
||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||
$accessop = new SeedDMS_AccessOperation($dms, $user, $settings);
|
||||
if (!$accessop->check_view_access($view, $_GET)) {
|
||||
UI::exitError(getMLText("admin_tools"),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
|
|
@ -37,8 +40,6 @@ if(isset($_GET['workflowstateid']) && $_GET['workflowstateid']) {
|
|||
$selworkflowstate = null;
|
||||
}
|
||||
|
||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||
if($view) {
|
||||
$view->setParam('selworkflowstate', $selworkflowstate);
|
||||
$view($_GET);
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user