gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-02-11 17:44:56 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge branch 'seeddms-5.1.x' into seeddms-6.0.x

Browse Source
This commit is contained in:
Uwe Steinmann 2018-07-13 11:01:36 +02:00
commit 3958714bff
25 changed files with 132 additions and 65 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGELOG
View File

@ -112,6 +112,8 @@
-------------------------------------------------------------------------------- --------------------------------------------------------------------------------
Changes in version 5.1.9 Changes in version 5.1.9
-------------------------------------------------------------------------------- --------------------------------------------------------------------------------
- fix output of status on approval/review summary page
- pass context to getAccessMode()
-------------------------------------------------------------------------------- --------------------------------------------------------------------------------
Changes in version 5.1.8 Changes in version 5.1.8

13
SeedDMS_Core/Core/inc.ClassDocument.php
View File

@ -1339,17 +1339,26 @@ class SeedDMS_Core_Document extends SeedDMS_Core_Object { /* {{{ */
* a callback function defined by the application. If the callback * a callback function defined by the application. If the callback
* function is not set, access on the content is always granted. * function is not set, access on the content is always granted.
* *
* Before checking the access in the method itself a callback 'onCheckAccessDocument'
* is called. If it returns a value > 0, then this will be returned by this
* method without any further checks. The optional paramater $context
* will be passed as a third parameter to the callback. It contains
* the operation for which the access mode is retrieved. It is for example
* set to 'removeDocument' if the access mode is used to check for sufficient
* permission on deleting a document.
*
* @param $user object instance of class SeedDMS_Core_User * @param $user object instance of class SeedDMS_Core_User
* @param string $context context in which the access mode is requested
* @return integer access mode * @return integer access mode
*/ */
function getAccessMode($user) { /* {{{ */ function getAccessMode($user, $context='') { /* {{{ */
if(!$user) if(!$user)
return M_NONE; return M_NONE;
/* Check if 'onCheckAccessDocument' callback is set */ /* Check if 'onCheckAccessDocument' callback is set */
if(isset($this->_dms->callbacks['onCheckAccessDocument'])) { if(isset($this->_dms->callbacks['onCheckAccessDocument'])) {
foreach($this->_dms->callbacks['onCheckAccessDocument'] as $callback) { foreach($this->_dms->callbacks['onCheckAccessDocument'] as $callback) {
if(($ret = call_user_func($callback[0], $callback[1], $this, $user)) > 0) { if(($ret = call_user_func($callback[0], $callback[1], $this, $user, $context)) > 0) {
return $ret; return $ret;
} }
} }

20
SeedDMS_Core/Core/inc.ClassFolder.php
View File

@ -1262,13 +1262,31 @@ class SeedDMS_Core_Folder extends SeedDMS_Core_Object {
* recursive check for access rights of parent folders if access rights * recursive check for access rights of parent folders if access rights
* are inherited. * are inherited.
* *
* Before checking the access in the method itself a callback 'onCheckAccessFolder'
* is called. If it returns a value > 0, then this will be returned by this
* method without any further checks. The optional paramater $context
* will be passed as a third parameter to the callback. It contains
* the operation for which the access mode is retrieved. It is for example
* set to 'removeDocument' if the access mode is used to check for sufficient
* permission on deleting a document.
*
* @param object $user user for which access shall be checked * @param object $user user for which access shall be checked
* @param string $context context in which the access mode is requested
* @return integer access mode * @return integer access mode
*/ */
function getAccessMode($user) { /* {{{ */ function getAccessMode($user, $context='') { /* {{{ */
if(!$user) if(!$user)
return M_NONE; return M_NONE;
/* Check if 'onCheckAccessFolder' callback is set */
if(isset($this->_dms->callbacks['onCheckAccessFolder'])) {
foreach($this->_dms->callbacks['onCheckAccessFolder'] as $callback) {
if(($ret = call_user_func($callback[0], $callback[1], $this, $user, $context)) > 0) {
return $ret;
}
}
}
/* Administrators have unrestricted access */ /* Administrators have unrestricted access */
if ($user->isAdmin()) return M_ALL; if ($user->isAdmin()) return M_ALL;

17
SeedDMS_Core/package.xml
View File

@ -1621,6 +1621,23 @@ SeedDMS_Core_Document::getNotifyList() has new parameter to include disabled use
fix possible sql injection in SeedDMS_Core_User fix possible sql injection in SeedDMS_Core_User
</notes> </notes>
</release> </release>
<release>
<date>2018-07-13</date>
<time>09:19:24</time>
<version>
<release>5.1.9</release>
<api>5.1.9</api>
</version>
<stability>
<release>stable</release>
<api>stable</api>
</stability>
<license uri="http://opensource.org/licenses/gpl-license">GPL License</license>
<notes>
context can be passed to getAccessMode()
call hook in SeedDMS_Core_Folder::getAccessMode()
</notes>
</release>
<release> <release>
<date>2017-02-28</date> <date>2017-02-28</date>
<time>06:34:50</time> <time>06:34:50</time>

2
op/op.AddDocument.php
View File

@ -51,7 +51,7 @@ if (!is_object($folder)) {
$folderPathHTML = getFolderPathHTML($folder, true); $folderPathHTML = getFolderPathHTML($folder, true);
if ($folder->getAccessMode($user) < M_READWRITE) { if ($folder->getAccessMode($user, 'addDocument') < M_READWRITE) {
UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("access_denied")); UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("access_denied"));
} }

2
op/op.AddFile.php
View File

@ -40,7 +40,7 @@ if (!is_object($document)) {
$folder = $document->getFolder(); $folder = $document->getFolder();
if ($document->getAccessMode($user) < M_READWRITE) { if ($document->getAccessMode($user, 'addDocumentFile') < M_READWRITE) {
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied")); UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
} }

2
op/op.AddSubFolder.php
View File

@ -50,7 +50,7 @@ if (!is_object($folder)) {
$folderPathHTML = getFolderPathHTML($folder, true); $folderPathHTML = getFolderPathHTML($folder, true);
if ($folder->getAccessMode($user) < M_READWRITE) { if ($folder->getAccessMode($user, 'addFolder') < M_READWRITE) {
UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("access_denied")); UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("access_denied"));
} }

14
op/op.Ajax.php
View File

@ -273,9 +273,9 @@ switch($command) {
} else { } else {
$mfolder = $dms->getFolder($_REQUEST['folderid']); $mfolder = $dms->getFolder($_REQUEST['folderid']);
if($mfolder) { if($mfolder) {
if ($mfolder->getAccessMode($user) >= M_READWRITE) { if ($mfolder->getAccessMode($user, 'moveFolder') >= M_READWRITE) {
if($folder = $dms->getFolder($_REQUEST['targetfolderid'])) { if($folder = $dms->getFolder($_REQUEST['targetfolderid'])) {
if($folder->getAccessMode($user) >= M_READWRITE) { if($folder->getAccessMode($user, 'moveFolder') >= M_READWRITE) {
if($mfolder->setParent($folder)) { if($mfolder->setParent($folder)) {
header('Content-Type: application/json'); header('Content-Type: application/json');
echo json_encode(array('success'=>true, 'message'=>getMLText('splash_move_folder'), 'data'=>'')); echo json_encode(array('success'=>true, 'message'=>getMLText('splash_move_folder'), 'data'=>''));
@ -312,9 +312,9 @@ switch($command) {
} else { } else {
$mdocument = $dms->getDocument($_REQUEST['docid']); $mdocument = $dms->getDocument($_REQUEST['docid']);
if($mdocument) { if($mdocument) {
if ($mdocument->getAccessMode($user) >= M_READWRITE) { if ($mdocument->getAccessMode($user, 'moveDocument') >= M_READWRITE) {
if($folder = $dms->getFolder($_REQUEST['targetfolderid'])) { if($folder = $dms->getFolder($_REQUEST['targetfolderid'])) {
if($folder->getAccessMode($user) >= M_READWRITE) { if($folder->getAccessMode($user, 'moveDocument') >= M_READWRITE) {
if($mdocument->setFolder($folder)) { if($mdocument->setFolder($folder)) {
header('Content-Type: application/json'); header('Content-Type: application/json');
echo json_encode(array('success'=>true, 'message'=>getMLText('splash_move_document'), 'data'=>'')); echo json_encode(array('success'=>true, 'message'=>getMLText('splash_move_document'), 'data'=>''));
@ -351,7 +351,7 @@ switch($command) {
} else { } else {
$folder = $dms->getFolder($_REQUEST['id']); $folder = $dms->getFolder($_REQUEST['id']);
if($folder) { if($folder) {
if ($folder->getAccessMode($user) >= M_READWRITE) { if ($folder->getAccessMode($user, 'removeFolder') >= M_READWRITE) {
$parent=$folder->getParent(); $parent=$folder->getParent();
$nl = $folder->getNotifyList(); $nl = $folder->getNotifyList();
$foldername = $folder->getName(); $foldername = $folder->getName();
@ -398,7 +398,7 @@ switch($command) {
} else { } else {
$document = $dms->getDocument($_REQUEST['id']); $document = $dms->getDocument($_REQUEST['id']);
if($document) { if($document) {
if ($document->getAccessMode($user) >= M_READWRITE) { if ($document->getAccessMode($user, 'removeDocument') >= M_READWRITE) {
$folder = $document->getFolder(); $folder = $document->getFolder();
/* Get the notify list before removing the document */ /* Get the notify list before removing the document */
$dnl = $document->getNotifyList(); $dnl = $document->getNotifyList();
@ -529,7 +529,7 @@ switch($command) {
exit; exit;
} }
if ($folder->getAccessMode($user) < M_READWRITE) { if ($folder->getAccessMode($user, 'addDocument') < M_READWRITE) {
header('Content-Type: application/json'); header('Content-Type: application/json');
echo json_encode(array('success'=>false, 'message'=>getMLText("access_denied"))); echo json_encode(array('success'=>false, 'message'=>getMLText("access_denied")));
exit; exit;

2
op/op.EditAttributes.php
View File

@ -48,7 +48,7 @@ if (!is_object($document)) {
$folder = $document->getFolder(); $folder = $document->getFolder();
$docPathHTML = getFolderPathHTML($folder, true). " / <a href=\"../out/out.ViewDocument.php?documentid=".$documentid."\">".$document->getName()."</a>"; $docPathHTML = getFolderPathHTML($folder, true). " / <a href=\"../out/out.ViewDocument.php?documentid=".$documentid."\">".$document->getName()."</a>";
if ($document->getAccessMode($user) < M_READWRITE) { if ($document->getAccessMode($user, 'editDocumentContentAttributes') < M_READWRITE) {
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied")); UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
} }

4
op/op.EditDocument.php
View File

@ -46,13 +46,13 @@ if (!is_object($document)) {
$folder = $document->getFolder(); $folder = $document->getFolder();
$docPathHTML = getFolderPathHTML($folder, true). " / <a href=\"../out/out.ViewDocument.php?documentid=".$documentid."\">".$document->getName()."</a>"; $docPathHTML = getFolderPathHTML($folder, true). " / <a href=\"../out/out.ViewDocument.php?documentid=".$documentid."\">".$document->getName()."</a>";
if ($document->getAccessMode($user) < M_READWRITE) { if ($document->getAccessMode($user, 'editDocument') < M_READWRITE) {
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied")); UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
} }
if($document->isLocked()) { if($document->isLocked()) {
$lockingUser = $document->getLockingUser(); $lockingUser = $document->getLockingUser();
if (($lockingUser->getID() != $user->getID()) && ($document->getAccessMode($user) != M_ALL)) { if (($lockingUser->getID() != $user->getID()) && ($document->getAccessMode($user, 'editDocument') != M_ALL)) {
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("lock_message", array("email" => $lockingUser->getEmail(), "username" => htmlspecialchars($lockingUser->getFullName())))); UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("lock_message", array("email" => $lockingUser->getEmail(), "username" => htmlspecialchars($lockingUser->getFullName()))));
} }
} }

2
op/op.EditDocumentFile.php
View File

@ -59,7 +59,7 @@ if (!is_object($file)) {
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("invalid_file_id")); UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("invalid_file_id"));
} }
if (($document->getAccessMode($user) < M_ALL)&&($user->getID()!=$file->getUserID())) { if (($document->getAccessMode($user, 'editDocumentFile') < M_ALL)&&($user->getID()!=$file->getUserID())) {
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("access_denied")); UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("access_denied"));
} }

2
op/op.EditFolder.php
View File

@ -45,7 +45,7 @@ if (!is_object($folder)) {
$folderPathHTML = getFolderPathHTML($folder, true); $folderPathHTML = getFolderPathHTML($folder, true);
if ($folder->getAccessMode($user) < M_READWRITE) { if ($folder->getAccessMode($user, 'editFolder') < M_READWRITE) {
UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("access_denied")); UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("access_denied"));
} }

4
op/op.EditOnline.php
View File

@ -42,13 +42,13 @@ if (!is_object($document)) {
$folder = $document->getFolder(); $folder = $document->getFolder();
$docPathHTML = getFolderPathHTML($folder, true). " / <a href=\"../out/out.ViewDocument.php?documentid=".$documentid."\">".$document->getName()."</a>"; $docPathHTML = getFolderPathHTML($folder, true). " / <a href=\"../out/out.ViewDocument.php?documentid=".$documentid."\">".$document->getName()."</a>";
if ($document->getAccessMode($user) < M_READWRITE) { if ($document->getAccessMode($user, 'editOnline') < M_READWRITE) {
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied")); UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
} }
if($document->isLocked()) { if($document->isLocked()) {
$lockingUser = $document->getLockingUser(); $lockingUser = $document->getLockingUser();
if (($lockingUser->getID() != $user->getID()) && ($document->getAccessMode($user) != M_ALL)) { if (($lockingUser->getID() != $user->getID()) && ($document->getAccessMode($user, 'editOnline') != M_ALL)) {
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("lock_message", array("email" => $lockingUser->getEmail(), "username" => htmlspecialchars($lockingUser->getFullName())))); UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("lock_message", array("email" => $lockingUser->getEmail(), "username" => htmlspecialchars($lockingUser->getFullName()))));
} }
} }

4
op/op.MoveDocument.php
View File

@ -51,13 +51,13 @@ if (!is_object($targetFolder)) {
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_target_folder")); UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_target_folder"));
} }
if (($document->getAccessMode($user) < M_READWRITE) || ($targetFolder->getAccessMode($user) < M_READWRITE)) { if (($document->getAccessMode($user, 'moveDocument') < M_READWRITE) || ($targetFolder->getAccessMode($user, 'moveDocument') < M_READWRITE)) {
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied")); UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
} }
if($document->isLocked()) { if($document->isLocked()) {
$lockingUser = $document->getLockingUser(); $lockingUser = $document->getLockingUser();
if (($lockingUser->getID() != $user->getID()) && ($document->getAccessMode($user) != M_ALL)) { if (($lockingUser->getID() != $user->getID()) && ($document->getAccessMode($user, 'moveDocument') != M_ALL)) {
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("lock_message", array("email" => $lockingUser->getEmail(), "username" => htmlspecialchars($lockingUser->getFullName())))); UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("lock_message", array("email" => $lockingUser->getEmail(), "username" => htmlspecialchars($lockingUser->getFullName()))));
} }
} }

2
op/op.MoveFolder.php
View File

@ -56,7 +56,7 @@ if($folder->isSubFolder($targetFolder)) {
UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("invalid_target_folder")); UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("invalid_target_folder"));
} }
if ($folder->getAccessMode($user) < M_READWRITE || $targetFolder->getAccessMode($user) < M_READWRITE) { if ($folder->getAccessMode($user, 'moveFolder') < M_READWRITE || $targetFolder->getAccessMode($user, 'moveFolder') < M_READWRITE) {
UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("access_denied")); UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("access_denied"));
} }

7
op/op.RemoveDocument.php
View File

@ -46,13 +46,16 @@ if (!is_object($document)) {
UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id")); UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id"));
} }
if ($document->getAccessMode($user) < M_ALL) { if ($document->getAccessMode($user, 'removeDocument') < M_ALL) {
UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("access_denied")); UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("access_denied"));
} }
/* FIXME: whether a document is locked or not, doesn't make a difference,
* because M_ALL access right is used in any case.
*/
if($document->isLocked()) { if($document->isLocked()) {
$lockingUser = $document->getLockingUser(); $lockingUser = $document->getLockingUser();
if (($lockingUser->getID() != $user->getID()) && ($document->getAccessMode($user) != M_ALL)) { if (($lockingUser->getID() != $user->getID()) && ($document->getAccessMode($user, 'removeDocument') != M_ALL)) {
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("lock_message", array("email" => $lockingUser->getEmail(), "username" => htmlspecialchars($lockingUser->getFullName())))); UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("lock_message", array("email" => $lockingUser->getEmail(), "username" => htmlspecialchars($lockingUser->getFullName()))));
} }
} }

2
op/op.RemoveDocumentFile.php
View File

@ -54,7 +54,7 @@ if (!is_object($file)) {
} }
if (($document->getAccessMode($user) < M_ALL)&&($user->getID()!=$file->getUserID())) { if (($document->getAccessMode($user, 'removeDocumentFile') < M_ALL)&&($user->getID()!=$file->getUserID())) {
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied")); UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
} }

2
op/op.RemoveDocumentLink.php
View File

@ -54,7 +54,7 @@ if (!is_object($link)) {
} }
$responsibleUser = $link->getUser(); $responsibleUser = $link->getUser();
$accessMode = $document->getAccessMode($user); $accessMode = $document->getAccessMode($user, 'removeDocumentLink');
if ( if (
($accessMode < M_READ) ($accessMode < M_READ)

2
op/op.RemoveFolder.php
View File

@ -50,7 +50,7 @@ if ($folderid == $settings->_rootFolderID || !$folder->getParent()) {
UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("cannot_rm_root")); UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("cannot_rm_root"));
} }
if ($folder->getAccessMode($user) < M_ALL) { if ($folder->getAccessMode($user, 'removeFolder') < M_ALL) {
UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("access_denied")); UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("access_denied"));
} }

2
op/op.RemoveVersion.php
View File

@ -46,7 +46,7 @@ if (!$settings->_enableVersionDeletion && !$user->isAdmin()) {
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("access_denied")); UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("access_denied"));
} }
if ($document->getAccessMode($user) < M_ALL) { if ($document->getAccessMode($user, 'removeVersion') < M_ALL) {
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied")); UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
} }

2
op/op.UpdateDocument.php
View File

@ -48,7 +48,7 @@ if (!is_object($document)) {
UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id")); UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id"));
} }
if ($document->getAccessMode($user) < M_READWRITE) { if ($document->getAccessMode($user, 'updateDocument') < M_READWRITE) {
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("access_denied")); UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("access_denied"));
} }

24
restapi/index.php
View File

@ -411,7 +411,7 @@ function createFolder($id) { /* {{{ */
} }
$parent = $dms->getFolder($id); $parent = $dms->getFolder($id);
if($parent) { if($parent) {
if($parent->getAccessMode($userobj) >= M_READWRITE) { if($parent->getAccessMode($userobj, 'addFolder') >= M_READWRITE) {
if($name = $app->request()->post('name')) { if($name = $app->request()->post('name')) {
$comment = $app->request()->post('comment'); $comment = $app->request()->post('comment');
$attributes = $app->request()->post('attributes'); $attributes = $app->request()->post('attributes');
@ -478,9 +478,9 @@ function moveFolder($id, $folderid) { /* {{{ */
$mfolder = $dms->getFolder($id); $mfolder = $dms->getFolder($id);
if($mfolder) { if($mfolder) {
if ($mfolder->getAccessMode($userobj) >= M_READ) { if ($mfolder->getAccessMode($userobj, 'moveFolder') >= M_READ) {
if($folder = $dms->getFolder($folderid)) { if($folder = $dms->getFolder($folderid)) {
if($folder->getAccessMode($userobj) >= M_READWRITE) { if($folder->getAccessMode($userobj, 'moveFolder') >= M_READWRITE) {
if($mfolder->setParent($folder)) { if($mfolder->setParent($folder)) {
$app->response()->header('Content-Type', 'application/json'); $app->response()->header('Content-Type', 'application/json');
echo json_encode(array('success'=>true, 'message'=>'', 'data'=>'')); echo json_encode(array('success'=>true, 'message'=>'', 'data'=>''));
@ -535,7 +535,7 @@ function deleteFolder($id) { /* {{{ */
} }
$mfolder = $dms->getFolder($id); $mfolder = $dms->getFolder($id);
if($mfolder) { if($mfolder) {
if ($mfolder->getAccessMode($userobj) >= M_READWRITE) { if ($mfolder->getAccessMode($userobj, 'removeFolder') >= M_READWRITE) {
if($mfolder->remove()) { if($mfolder->remove()) {
$app->response()->header('Content-Type', 'application/json'); $app->response()->header('Content-Type', 'application/json');
echo json_encode(array('success'=>true, 'message'=>'', 'data'=>'')); echo json_encode(array('success'=>true, 'message'=>'', 'data'=>''));
@ -577,7 +577,7 @@ function uploadDocument($id) { /* {{{ */
} }
$mfolder = $dms->getFolder($id); $mfolder = $dms->getFolder($id);
if($mfolder) { if($mfolder) {
if ($mfolder->getAccessMode($userobj) >= M_READWRITE) { if ($mfolder->getAccessMode($userobj, 'addDocument') >= M_READWRITE) {
$docname = $app->request()->params('name'); $docname = $app->request()->params('name');
$keywords = $app->request()->params('keywords'); $keywords = $app->request()->params('keywords');
// $categories = $app->request()->params('categories') ? $app->request()->params('categories') : []; // $categories = $app->request()->params('categories') ? $app->request()->params('categories') : [];
@ -650,7 +650,7 @@ function uploadDocumentPut($id) { /* {{{ */
} }
$mfolder = $dms->getFolder($id); $mfolder = $dms->getFolder($id);
if($mfolder) { if($mfolder) {
if ($mfolder->getAccessMode($userobj) >= M_READWRITE) { if ($mfolder->getAccessMode($userobj, 'addDocument') >= M_READWRITE) {
$docname = $app->request()->get('name'); $docname = $app->request()->get('name');
$origfilename = $app->request()->get('origfilename'); $origfilename = $app->request()->get('origfilename');
$content = $app->getInstance()->request()->getBody(); $content = $app->getInstance()->request()->getBody();
@ -706,7 +706,7 @@ function uploadDocumentFile($documentId) { /* {{{ */
} }
$document = $dms->getDocument($documentId); $document = $dms->getDocument($documentId);
if($document) { if($document) {
if ($document->getAccessMode($userobj) >= M_READWRITE) { if ($document->getAccessMode($userobj, 'addDocumentFile') >= M_READWRITE) {
$docname = $app->request()->params('name'); $docname = $app->request()->params('name');
$keywords = $app->request()->params('keywords'); $keywords = $app->request()->params('keywords');
$origfilename = $app->request()->params('origfilename'); $origfilename = $app->request()->params('origfilename');
@ -791,7 +791,7 @@ function deleteDocument($id) { /* {{{ */
global $app, $dms, $userobj; global $app, $dms, $userobj;
$document = $dms->getDocument($id); $document = $dms->getDocument($id);
if($document) { if($document) {
if ($document->getAccessMode($userobj) >= M_READWRITE) { if ($document->getAccessMode($userobj, 'deleteDocument') >= M_READWRITE) {
if($document->remove()) { if($document->remove()) {
$app->response()->header('Content-Type', 'application/json'); $app->response()->header('Content-Type', 'application/json');
echo json_encode(array('success'=>true, 'message'=>'', 'data'=>'')); echo json_encode(array('success'=>true, 'message'=>'', 'data'=>''));
@ -819,9 +819,9 @@ function moveDocument($id, $folderid) { /* {{{ */
global $app, $dms, $userobj; global $app, $dms, $userobj;
$document = $dms->getDocument($id); $document = $dms->getDocument($id);
if($document) { if($document) {
if ($document->getAccessMode($userobj) >= M_READ) { if ($document->getAccessMode($userobj, 'moveDocument') >= M_READ) {
if($folder = $dms->getFolder($folderid)) { if($folder = $dms->getFolder($folderid)) {
if($folder->getAccessMode($userobj) >= M_READWRITE) { if($folder->getAccessMode($userobj, 'moveDocument') >= M_READWRITE) {
if($document->setFolder($folder)) { if($document->setFolder($folder)) {
$app->response()->header('Content-Type', 'application/json'); $app->response()->header('Content-Type', 'application/json');
echo json_encode(array('success'=>true, 'message'=>'', 'data'=>'')); echo json_encode(array('success'=>true, 'message'=>'', 'data'=>''));
@ -1151,7 +1151,7 @@ function removeDocumentCategory($id, $categoryId) { /* {{{ */
$category = $dms->getDocumentCategory($categoryId); $category = $dms->getDocumentCategory($categoryId);
if($document && $category) { if($document && $category) {
if ($document->getAccessMode($userobj) >= M_READWRITE) { if ($document->getAccessMode($userobj, 'removeDocumentCategory') >= M_READWRITE) {
$ret = $document->removeCategories(array($category)); $ret = $document->removeCategories(array($category));
$app->response()->header('Content-Type', 'application/json'); $app->response()->header('Content-Type', 'application/json');
@ -1179,7 +1179,7 @@ function removeDocumentCategories($id) { /* {{{ */
$document = $dms->getDocument($id); $document = $dms->getDocument($id);
if($document) { if($document) {
if ($document->getAccessMode($userobj) >= M_READWRITE) { if ($document->getAccessMode($userobj, 'removeDocumentCategory') >= M_READWRITE) {
$app->response()->header('Content-Type', 'application/json'); $app->response()->header('Content-Type', 'application/json');
if($document->setCategories(array())) if($document->setCategories(array()))
echo json_encode(array('success'=>true, 'message'=>'Deleted categories successfully.', 'data'=>'')); echo json_encode(array('success'=>true, 'message'=>'Deleted categories successfully.', 'data'=>''));

25
views/bootstrap/class.ApprovalSummary.php
View File

@ -51,7 +51,10 @@ class SeedDMS_View_ApprovalSummary extends SeedDMS_Bootstrap_Style {
$this->globalNavigation(); $this->globalNavigation();
$this->contentStart(); $this->contentStart();
$this->pageNavigation(getMLText("my_documents"), "my_documents"); $this->pageNavigation(getMLText("my_documents"), "my_documents");
echo "<div class=\"row-fluid\">\n";
echo "<div class=\"span6\">\n";
$this->contentHeading(getMLText("approval_summary")); $this->contentHeading(getMLText("approval_summary"));
// $this->contentContainerStart();
// Get document list for the current user. // Get document list for the current user.
$approvalStatus = $user->getApprovalStatus(); $approvalStatus = $user->getApprovalStatus();
@ -65,7 +68,6 @@ class SeedDMS_View_ApprovalSummary extends SeedDMS_Bootstrap_Style {
foreach ($approvalStatus["indstatus"] as $st) { foreach ($approvalStatus["indstatus"] as $st) {
$document = $dms->getDocument($st['documentID']); $document = $dms->getDocument($st['documentID']);
$version = $document->getContentByVersion($st['version']); $version = $document->getContentByVersion($st['version']);
$previewer->createPreview($version);
$moduser = $dms->getUser($st['required']); $moduser = $dms->getUser($st['required']);
if ($document && $version) { if ($document && $version) {
@ -86,10 +88,11 @@ class SeedDMS_View_ApprovalSummary extends SeedDMS_Bootstrap_Style {
if(is_string($txt)) if(is_string($txt))
echo $txt; echo $txt;
else { else {
echo "<tr id=\"table-row-document-".$document->getID()."\" class=\"table-row-document\" rel=\"document_".$document->getID()."\" formtoken=\"".createFormKey('movedocument')."\" draggable=\"true\">"; $class = $st['status'] == 1 ? ' success' : ($st['status'] == -1 ? ' error' : ( $st['status'] == -2 ? ' info' : ''));
print "<tr id=\"table-row-document-".$st['documentID']."\" class=\"table-row-document".$class."\" rel=\"document_".$st['documentID']."\" formtoken=\"".createFormKey('movedocument')."\" draggable=\"true\">";
echo $this->documentListRow($document, $previewer, true, $st['version']); echo $this->documentListRow($document, $previewer, true, $st['version']);
print "<td>".$st["date"]." ". htmlspecialchars($moduser->getFullName()) ."</td>"; print "<td><small>".getApprovalStatusText($st['status'])."<br />".$st["date"]."<br />". htmlspecialchars($moduser->getFullName()) ."</small></td>";
echo "</tr>"; print "</tr>\n";
} }
} }
if ($st["status"]!=-2) { if ($st["status"]!=-2) {
@ -102,7 +105,11 @@ class SeedDMS_View_ApprovalSummary extends SeedDMS_Bootstrap_Style {
printMLText("no_approval_needed"); printMLText("no_approval_needed");
} }
// $this->contentContainerEnd();
echo "</div>\n";
echo "<div class=\"span6\">\n";
$this->contentHeading(getMLText("group_approval_summary")); $this->contentHeading(getMLText("group_approval_summary"));
// $this->contentContainerStart();
$printheader = true; $printheader = true;
foreach ($approvalStatus["grpstatus"] as $st) { foreach ($approvalStatus["grpstatus"] as $st) {
@ -128,10 +135,11 @@ class SeedDMS_View_ApprovalSummary extends SeedDMS_Bootstrap_Style {
if(is_string($txt)) if(is_string($txt))
echo $txt; echo $txt;
else { else {
echo "<tr id=\"table-row-document-".$document->getID()."\" class=\"table-row-document\" rel=\"document_".$document->getID()."\" formtoken=\"".createFormKey('movedocument')."\" draggable=\"true\">"; $class = $st['status'] == 1 ? ' success' : ($st['status'] == -1 ? ' error' : ( $st['status'] == -2 ? ' info' : ''));
print "<tr id=\"table-row-document-".$st['documentID']."\" class=\"table-row-document".$class."\" rel=\"document_".$st['documentID']."\" formtoken=\"".createFormKey('movedocument')."\" draggable=\"true\">";
echo $this->documentListRow($document, $previewer, true, $st['version']); echo $this->documentListRow($document, $previewer, true, $st['version']);
print "<td>".$st["date"]." ". htmlspecialchars($modgroup->getName()) ."</td>"; print "<td><small>".getApprovalStatusText($st["status"])."<br />".$st["date"]."<br />". htmlspecialchars($moduser->getFullName()) ."</small></td>";
echo "</tr>"; print "</tr>\n";
} }
} }
} }
@ -141,6 +149,9 @@ class SeedDMS_View_ApprovalSummary extends SeedDMS_Bootstrap_Style {
printMLText("no_approval_needed"); printMLText("no_approval_needed");
} }
// $this->contentContainerEnd();
echo "</div>\n";
echo "</div>\n";
$this->contentEnd(); $this->contentEnd();
$this->htmlEndPage(); $this->htmlEndPage();
} /* }}} */ } /* }}} */

21
views/bootstrap/class.ReviewSummary.php
View File

@ -52,6 +52,8 @@ class SeedDMS_View_ReviewSummary extends SeedDMS_Bootstrap_Style {
$this->contentStart(); $this->contentStart();
$this->pageNavigation(getMLText("my_documents"), "my_documents"); $this->pageNavigation(getMLText("my_documents"), "my_documents");
echo "<div class=\"row-fluid\">\n";
echo "<div class=\"span6\">\n";
$this->contentHeading(getMLText("review_summary")); $this->contentHeading(getMLText("review_summary"));
// $this->contentContainerStart(); // $this->contentContainerStart();
@ -84,15 +86,15 @@ class SeedDMS_View_ReviewSummary extends SeedDMS_Bootstrap_Style {
print "</tr>\n</thead>\n<tbody>\n"; print "</tr>\n</thead>\n<tbody>\n";
$printheader=false; $printheader=false;
} }
$txt = $this->callHook('documentListItem', $document, $previewer); $txt = $this->callHook('documentListItem', $document, $previewer);
if(is_string($txt)) if(is_string($txt))
echo $txt; echo $txt;
else { else {
echo "<tr id=\"table-row-document-".$document->getID()."\" class=\"table-row-document\" rel=\"document_".$document->getID()."\" formtoken=\"".createFormKey('movedocument')."\" draggable=\"true\">"; $class = $st['status'] == 1 ? ' success' : ($st['status'] == -1 ? ' error' : ( $st['status'] == -2 ? ' info' : ''));
print "<tr id=\"table-row-document-".$st['documentID']."\" class=\"table-row-document".$class."\" rel=\"document_".$st['documentID']."\" formtoken=\"".createFormKey('movedocument')."\" draggable=\"true\">";
echo $this->documentListRow($document, $previewer, true, $st['version']); echo $this->documentListRow($document, $previewer, true, $st['version']);
print "<td>".$st["date"]." ". htmlspecialchars($moduser->getFullName()) ."</td>"; print "<td><small>".getReviewStatusText($st['status'])."<br />".$st["date"]."<br />". htmlspecialchars($moduser->getFullName()) ."</small></td>";
echo "</tr>"; print "</tr>\n";
} }
} }
if ($st["status"]!=-2) { if ($st["status"]!=-2) {
@ -106,6 +108,8 @@ class SeedDMS_View_ReviewSummary extends SeedDMS_Bootstrap_Style {
} }
// $this->contentContainerEnd(); // $this->contentContainerEnd();
echo "</div>\n";
echo "<div class=\"span6\">\n";
$this->contentHeading(getMLText("group_review_summary")); $this->contentHeading(getMLText("group_review_summary"));
// $this->contentContainerStart(); // $this->contentContainerStart();
@ -133,10 +137,11 @@ class SeedDMS_View_ReviewSummary extends SeedDMS_Bootstrap_Style {
if(is_string($txt)) if(is_string($txt))
echo $txt; echo $txt;
else { else {
echo "<tr id=\"table-row-document-".$document->getID()."\" class=\"table-row-document\" rel=\"document_".$document->getID()."\" formtoken=\"".createFormKey('movedocument')."\" draggable=\"true\">"; $class = $st['status'] == 1 ? ' success' : ($st['status'] == -1 ? ' error' : ( $st['status'] == -2 ? ' info' : ''));
print "<tr id=\"table-row-document-".$st['documentID']."\" class=\"table-row-document".$class."\" rel=\"document_".$st['documentID']."\" formtoken=\"".createFormKey('movedocument')."\" draggable=\"true\">";
echo $this->documentListRow($document, $previewer, true, $st['version']); echo $this->documentListRow($document, $previewer, true, $st['version']);
print "<td>".$st["date"]." ". htmlspecialchars($modgroup->getName()) ."</td>"; print "<td><small>".getReviewStatusText($st['status'])."<br />".$st["date"]."<br />". htmlspecialchars($moduser->getFullName()) ."</small></td>";
echo "</tr>"; print "</tr>\n";
} }
} }
} }
@ -147,6 +152,8 @@ class SeedDMS_View_ReviewSummary extends SeedDMS_Bootstrap_Style {
} }
// $this->contentContainerEnd(); // $this->contentContainerEnd();
echo "</div>\n";
echo "</div>\n";
$this->contentEnd(); $this->contentEnd();
$this->htmlEndPage(); $this->htmlEndPage();
} /* }}} */ } /* }}} */

8
webdav/webdav.php
View File

@ -602,7 +602,7 @@ class HTTP_WebDAV_Server_SeedDMS extends HTTP_WebDAV_Server
if($document) { if($document) {
if($this->logger) if($this->logger)
$this->logger->log('PUT: replacing document id='.$document->getID(), PEAR_LOG_INFO); $this->logger->log('PUT: replacing document id='.$document->getID(), PEAR_LOG_INFO);
if ($document->getAccessMode($this->user) < M_READWRITE) { if ($document->getAccessMode($this->user, 'updateDocument') < M_READWRITE) {
if($this->logger) if($this->logger)
$this->logger->log('PUT: no access on document', PEAR_LOG_ERR); $this->logger->log('PUT: no access on document', PEAR_LOG_ERR);
unlink($tmpFile); unlink($tmpFile);
@ -645,7 +645,7 @@ class HTTP_WebDAV_Server_SeedDMS extends HTTP_WebDAV_Server
} else { } else {
if($this->logger) if($this->logger)
$this->logger->log('PUT: adding new document', PEAR_LOG_INFO); $this->logger->log('PUT: adding new document', PEAR_LOG_INFO);
if ($folder->getAccessMode($this->user) < M_READWRITE) { if ($folder->getAccessMode($this->user, 'addDocument') < M_READWRITE) {
if($this->logger) if($this->logger)
$this->logger->log('PUT: no access on folder', PEAR_LOG_ERR); $this->logger->log('PUT: no access on folder', PEAR_LOG_ERR);
unlink($tmpFile); unlink($tmpFile);
@ -753,7 +753,7 @@ class HTTP_WebDAV_Server_SeedDMS extends HTTP_WebDAV_Server
return "403 Forbidden"; return "403 Forbidden";
} }
if ($folder->getAccessMode($this->user) < M_READWRITE) { if ($folder->getAccessMode($this->user, 'addFolder') < M_READWRITE) {
if($this->logger) if($this->logger)
$this->logger->log('MKCOL: access forbidden', PEAR_LOG_ERR); $this->logger->log('MKCOL: access forbidden', PEAR_LOG_ERR);
return "403 Forbidden"; return "403 Forbidden";
@ -800,7 +800,7 @@ class HTTP_WebDAV_Server_SeedDMS extends HTTP_WebDAV_Server
if (!$obj) return "404 Not found"; if (!$obj) return "404 Not found";
// check for access rights // check for access rights
if($obj->getAccessMode($this->user) < M_ALL) { if($obj->getAccessMode($this->user, get_class($obj) == $this->dms->getClassname('folder') ? 'removeFolder' : 'removeDocument') < M_ALL) {
if($this->logger) if($this->logger)
$this->logger->log('DELETE: access forbidden', PEAR_LOG_ERR); $this->logger->log('DELETE: access forbidden', PEAR_LOG_ERR);
return "403 Forbidden"; return "403 Forbidden";