diff --git a/op/op.AddDocument.php b/op/op.AddDocument.php
index 630958934..eb1def9d7 100644
--- a/op/op.AddDocument.php
+++ b/op/op.AddDocument.php
@@ -51,7 +51,7 @@ if (!is_object($folder)) {
$folderPathHTML = getFolderPathHTML($folder, true);
-if ($folder->getAccessMode($user) < M_READWRITE) {
+if ($folder->getAccessMode($user, 'addDocument') < M_READWRITE) {
UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("access_denied"));
}
diff --git a/op/op.AddFile.php b/op/op.AddFile.php
index 80f0e6c31..944028eea 100644
--- a/op/op.AddFile.php
+++ b/op/op.AddFile.php
@@ -40,7 +40,7 @@ if (!is_object($document)) {
$folder = $document->getFolder();
-if ($document->getAccessMode($user) < M_READWRITE) {
+if ($document->getAccessMode($user, 'addDocumentFile') < M_READWRITE) {
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
}
diff --git a/op/op.AddSubFolder.php b/op/op.AddSubFolder.php
index d9576d97f..ca9260b56 100644
--- a/op/op.AddSubFolder.php
+++ b/op/op.AddSubFolder.php
@@ -50,7 +50,7 @@ if (!is_object($folder)) {
$folderPathHTML = getFolderPathHTML($folder, true);
-if ($folder->getAccessMode($user) < M_READWRITE) {
+if ($folder->getAccessMode($user, 'addFolder') < M_READWRITE) {
UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("access_denied"));
}
diff --git a/op/op.Ajax.php b/op/op.Ajax.php
index b9092b8c0..6eede8bfe 100644
--- a/op/op.Ajax.php
+++ b/op/op.Ajax.php
@@ -267,9 +267,9 @@ switch($command) {
} else {
$mfolder = $dms->getFolder($_REQUEST['folderid']);
if($mfolder) {
- if ($mfolder->getAccessMode($user) >= M_READWRITE) {
+ if ($mfolder->getAccessMode($user, 'moveFolder') >= M_READWRITE) {
if($folder = $dms->getFolder($_REQUEST['targetfolderid'])) {
- if($folder->getAccessMode($user) >= M_READWRITE) {
+ if($folder->getAccessMode($user, 'moveFolder') >= M_READWRITE) {
if($mfolder->setParent($folder)) {
header('Content-Type: application/json');
echo json_encode(array('success'=>true, 'message'=>getMLText('splash_move_folder'), 'data'=>''));
@@ -306,9 +306,9 @@ switch($command) {
} else {
$mdocument = $dms->getDocument($_REQUEST['docid']);
if($mdocument) {
- if ($mdocument->getAccessMode($user) >= M_READWRITE) {
+ if ($mdocument->getAccessMode($user, 'moveDocument') >= M_READWRITE) {
if($folder = $dms->getFolder($_REQUEST['targetfolderid'])) {
- if($folder->getAccessMode($user) >= M_READWRITE) {
+ if($folder->getAccessMode($user, 'moveDocument') >= M_READWRITE) {
if($mdocument->setFolder($folder)) {
header('Content-Type: application/json');
echo json_encode(array('success'=>true, 'message'=>getMLText('splash_move_document'), 'data'=>''));
@@ -345,7 +345,7 @@ switch($command) {
} else {
$folder = $dms->getFolder($_REQUEST['id']);
if($folder) {
- if ($folder->getAccessMode($user) >= M_READWRITE) {
+ if ($folder->getAccessMode($user, 'removeFolder') >= M_READWRITE) {
$parent=$folder->getParent();
$nl = $folder->getNotifyList();
$foldername = $folder->getName();
@@ -392,7 +392,7 @@ switch($command) {
} else {
$document = $dms->getDocument($_REQUEST['id']);
if($document) {
- if ($document->getAccessMode($user) >= M_READWRITE) {
+ if ($document->getAccessMode($user, 'removeDocument') >= M_READWRITE) {
$folder = $document->getFolder();
/* Get the notify list before removing the document */
$dnl = $document->getNotifyList();
@@ -523,7 +523,7 @@ switch($command) {
exit;
}
- if ($folder->getAccessMode($user) < M_READWRITE) {
+ if ($folder->getAccessMode($user, 'addDocument') < M_READWRITE) {
header('Content-Type: application/json');
echo json_encode(array('success'=>false, 'message'=>getMLText("access_denied")));
exit;
diff --git a/op/op.EditAttributes.php b/op/op.EditAttributes.php
index 46b013974..dce009239 100644
--- a/op/op.EditAttributes.php
+++ b/op/op.EditAttributes.php
@@ -48,7 +48,7 @@ if (!is_object($document)) {
$folder = $document->getFolder();
$docPathHTML = getFolderPathHTML($folder, true). " / ".$document->getName()."";
-if ($document->getAccessMode($user) < M_READWRITE) {
+if ($document->getAccessMode($user, 'editDocumentContentAttributes') < M_READWRITE) {
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
}
diff --git a/op/op.EditDocument.php b/op/op.EditDocument.php
index 8717d39ff..54aaf7763 100644
--- a/op/op.EditDocument.php
+++ b/op/op.EditDocument.php
@@ -46,13 +46,13 @@ if (!is_object($document)) {
$folder = $document->getFolder();
$docPathHTML = getFolderPathHTML($folder, true). " / ".$document->getName()."";
-if ($document->getAccessMode($user) < M_READWRITE) {
+if ($document->getAccessMode($user, 'editDocument') < M_READWRITE) {
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
}
if($document->isLocked()) {
$lockingUser = $document->getLockingUser();
- if (($lockingUser->getID() != $user->getID()) && ($document->getAccessMode($user) != M_ALL)) {
+ if (($lockingUser->getID() != $user->getID()) && ($document->getAccessMode($user, 'editDocument') != M_ALL)) {
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("lock_message", array("email" => $lockingUser->getEmail(), "username" => htmlspecialchars($lockingUser->getFullName()))));
}
}
diff --git a/op/op.EditDocumentFile.php b/op/op.EditDocumentFile.php
index 780e51f76..441ce6964 100644
--- a/op/op.EditDocumentFile.php
+++ b/op/op.EditDocumentFile.php
@@ -59,7 +59,7 @@ if (!is_object($file)) {
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("invalid_file_id"));
}
-if (($document->getAccessMode($user) < M_ALL)&&($user->getID()!=$file->getUserID())) {
+if (($document->getAccessMode($user, 'editDocumentFile') < M_ALL)&&($user->getID()!=$file->getUserID())) {
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("access_denied"));
}
diff --git a/op/op.EditFolder.php b/op/op.EditFolder.php
index 616046764..2648c4e08 100644
--- a/op/op.EditFolder.php
+++ b/op/op.EditFolder.php
@@ -45,7 +45,7 @@ if (!is_object($folder)) {
$folderPathHTML = getFolderPathHTML($folder, true);
-if ($folder->getAccessMode($user) < M_READWRITE) {
+if ($folder->getAccessMode($user, 'editFolder') < M_READWRITE) {
UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("access_denied"));
}
diff --git a/op/op.EditOnline.php b/op/op.EditOnline.php
index e0c4d3065..b19eb420b 100644
--- a/op/op.EditOnline.php
+++ b/op/op.EditOnline.php
@@ -42,13 +42,13 @@ if (!is_object($document)) {
$folder = $document->getFolder();
$docPathHTML = getFolderPathHTML($folder, true). " / ".$document->getName()."";
-if ($document->getAccessMode($user) < M_READWRITE) {
+if ($document->getAccessMode($user, 'editOnline') < M_READWRITE) {
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
}
if($document->isLocked()) {
$lockingUser = $document->getLockingUser();
- if (($lockingUser->getID() != $user->getID()) && ($document->getAccessMode($user) != M_ALL)) {
+ if (($lockingUser->getID() != $user->getID()) && ($document->getAccessMode($user, 'editOnline') != M_ALL)) {
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("lock_message", array("email" => $lockingUser->getEmail(), "username" => htmlspecialchars($lockingUser->getFullName()))));
}
}
diff --git a/op/op.MoveDocument.php b/op/op.MoveDocument.php
index 8fa4d9e95..7c834cd39 100644
--- a/op/op.MoveDocument.php
+++ b/op/op.MoveDocument.php
@@ -51,13 +51,13 @@ if (!is_object($targetFolder)) {
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_target_folder"));
}
-if (($document->getAccessMode($user) < M_READWRITE) || ($targetFolder->getAccessMode($user) < M_READWRITE)) {
+if (($document->getAccessMode($user, 'moveDocument') < M_READWRITE) || ($targetFolder->getAccessMode($user, 'moveDocument') < M_READWRITE)) {
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
}
if($document->isLocked()) {
$lockingUser = $document->getLockingUser();
- if (($lockingUser->getID() != $user->getID()) && ($document->getAccessMode($user) != M_ALL)) {
+ if (($lockingUser->getID() != $user->getID()) && ($document->getAccessMode($user, 'moveDocument') != M_ALL)) {
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("lock_message", array("email" => $lockingUser->getEmail(), "username" => htmlspecialchars($lockingUser->getFullName()))));
}
}
diff --git a/op/op.MoveFolder.php b/op/op.MoveFolder.php
index 2519b551f..cdc0525b7 100644
--- a/op/op.MoveFolder.php
+++ b/op/op.MoveFolder.php
@@ -56,7 +56,7 @@ if($folder->isSubFolder($targetFolder)) {
UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("invalid_target_folder"));
}
-if ($folder->getAccessMode($user) < M_READWRITE || $targetFolder->getAccessMode($user) < M_READWRITE) {
+if ($folder->getAccessMode($user, 'moveFolder') < M_READWRITE || $targetFolder->getAccessMode($user, 'moveFolder') < M_READWRITE) {
UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("access_denied"));
}
diff --git a/op/op.RemoveDocument.php b/op/op.RemoveDocument.php
index df5359a73..771728464 100644
--- a/op/op.RemoveDocument.php
+++ b/op/op.RemoveDocument.php
@@ -46,13 +46,16 @@ if (!is_object($document)) {
UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id"));
}
-if ($document->getAccessMode($user) < M_ALL) {
+if ($document->getAccessMode($user, 'removeDocument') < M_ALL) {
UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("access_denied"));
}
+/* FIXME: whether a document is locked or not, doesn't make a difference,
+ * because M_ALL access right is used in any case.
+ */
if($document->isLocked()) {
$lockingUser = $document->getLockingUser();
- if (($lockingUser->getID() != $user->getID()) && ($document->getAccessMode($user) != M_ALL)) {
+ if (($lockingUser->getID() != $user->getID()) && ($document->getAccessMode($user, 'removeDocument') != M_ALL)) {
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("lock_message", array("email" => $lockingUser->getEmail(), "username" => htmlspecialchars($lockingUser->getFullName()))));
}
}
diff --git a/op/op.RemoveDocumentFile.php b/op/op.RemoveDocumentFile.php
index c2126e3a8..9887c5dd2 100644
--- a/op/op.RemoveDocumentFile.php
+++ b/op/op.RemoveDocumentFile.php
@@ -54,7 +54,7 @@ if (!is_object($file)) {
}
-if (($document->getAccessMode($user) < M_ALL)&&($user->getID()!=$file->getUserID())) {
+if (($document->getAccessMode($user, 'removeDocumentFile') < M_ALL)&&($user->getID()!=$file->getUserID())) {
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
}
diff --git a/op/op.RemoveDocumentLink.php b/op/op.RemoveDocumentLink.php
index d89c41bb2..87d088d54 100644
--- a/op/op.RemoveDocumentLink.php
+++ b/op/op.RemoveDocumentLink.php
@@ -54,7 +54,7 @@ if (!is_object($link)) {
}
$responsibleUser = $link->getUser();
-$accessMode = $document->getAccessMode($user);
+$accessMode = $document->getAccessMode($user, 'removeDocumentLink');
if (
($accessMode < M_READ)
diff --git a/op/op.RemoveFolder.php b/op/op.RemoveFolder.php
index 0ba444b8d..91385908d 100644
--- a/op/op.RemoveFolder.php
+++ b/op/op.RemoveFolder.php
@@ -50,7 +50,7 @@ if ($folderid == $settings->_rootFolderID || !$folder->getParent()) {
UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("cannot_rm_root"));
}
-if ($folder->getAccessMode($user) < M_ALL) {
+if ($folder->getAccessMode($user, 'removeFolder') < M_ALL) {
UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("access_denied"));
}
diff --git a/op/op.RemoveVersion.php b/op/op.RemoveVersion.php
index f2d25bc75..95917380a 100644
--- a/op/op.RemoveVersion.php
+++ b/op/op.RemoveVersion.php
@@ -46,7 +46,7 @@ if (!$settings->_enableVersionDeletion && !$user->isAdmin()) {
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("access_denied"));
}
-if ($document->getAccessMode($user) < M_ALL) {
+if ($document->getAccessMode($user, 'removeVersion') < M_ALL) {
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
}
diff --git a/op/op.UpdateDocument.php b/op/op.UpdateDocument.php
index eeba7227d..654c192c2 100644
--- a/op/op.UpdateDocument.php
+++ b/op/op.UpdateDocument.php
@@ -48,7 +48,7 @@ if (!is_object($document)) {
UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id"));
}
-if ($document->getAccessMode($user) < M_READWRITE) {
+if ($document->getAccessMode($user, 'updateDocument') < M_READWRITE) {
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("access_denied"));
}
diff --git a/restapi/index.php b/restapi/index.php
index 39e8ffe9a..f19be2a1e 100644
--- a/restapi/index.php
+++ b/restapi/index.php
@@ -411,7 +411,7 @@ function createFolder($id) { /* {{{ */
}
$parent = $dms->getFolder($id);
if($parent) {
- if($parent->getAccessMode($userobj) >= M_READWRITE) {
+ if($parent->getAccessMode($userobj, 'addFolder') >= M_READWRITE) {
if($name = $app->request()->post('name')) {
$comment = $app->request()->post('comment');
$attributes = $app->request()->post('attributes');
@@ -478,9 +478,9 @@ function moveFolder($id, $folderid) { /* {{{ */
$mfolder = $dms->getFolder($id);
if($mfolder) {
- if ($mfolder->getAccessMode($userobj) >= M_READ) {
+ if ($mfolder->getAccessMode($userobj, 'moveFolder') >= M_READ) {
if($folder = $dms->getFolder($folderid)) {
- if($folder->getAccessMode($userobj) >= M_READWRITE) {
+ if($folder->getAccessMode($userobj, 'moveFolder') >= M_READWRITE) {
if($mfolder->setParent($folder)) {
$app->response()->header('Content-Type', 'application/json');
echo json_encode(array('success'=>true, 'message'=>'', 'data'=>''));
@@ -535,7 +535,7 @@ function deleteFolder($id) { /* {{{ */
}
$mfolder = $dms->getFolder($id);
if($mfolder) {
- if ($mfolder->getAccessMode($userobj) >= M_READWRITE) {
+ if ($mfolder->getAccessMode($userobj, 'removeFolder') >= M_READWRITE) {
if($mfolder->remove()) {
$app->response()->header('Content-Type', 'application/json');
echo json_encode(array('success'=>true, 'message'=>'', 'data'=>''));
@@ -577,7 +577,7 @@ function uploadDocument($id) { /* {{{ */
}
$mfolder = $dms->getFolder($id);
if($mfolder) {
- if ($mfolder->getAccessMode($userobj) >= M_READWRITE) {
+ if ($mfolder->getAccessMode($userobj, 'addDocument') >= M_READWRITE) {
$docname = $app->request()->params('name');
$keywords = $app->request()->params('keywords');
// $categories = $app->request()->params('categories') ? $app->request()->params('categories') : [];
@@ -650,7 +650,7 @@ function uploadDocumentPut($id) { /* {{{ */
}
$mfolder = $dms->getFolder($id);
if($mfolder) {
- if ($mfolder->getAccessMode($userobj) >= M_READWRITE) {
+ if ($mfolder->getAccessMode($userobj, 'addDocument') >= M_READWRITE) {
$docname = $app->request()->get('name');
$origfilename = $app->request()->get('origfilename');
$content = $app->getInstance()->request()->getBody();
@@ -706,7 +706,7 @@ function uploadDocumentFile($documentId) { /* {{{ */
}
$document = $dms->getDocument($documentId);
if($document) {
- if ($document->getAccessMode($userobj) >= M_READWRITE) {
+ if ($document->getAccessMode($userobj, 'addDocumentFile') >= M_READWRITE) {
$docname = $app->request()->params('name');
$keywords = $app->request()->params('keywords');
$origfilename = $app->request()->params('origfilename');
@@ -791,7 +791,7 @@ function deleteDocument($id) { /* {{{ */
global $app, $dms, $userobj;
$document = $dms->getDocument($id);
if($document) {
- if ($document->getAccessMode($userobj) >= M_READWRITE) {
+ if ($document->getAccessMode($userobj, 'deleteDocument') >= M_READWRITE) {
if($document->remove()) {
$app->response()->header('Content-Type', 'application/json');
echo json_encode(array('success'=>true, 'message'=>'', 'data'=>''));
@@ -819,9 +819,9 @@ function moveDocument($id, $folderid) { /* {{{ */
global $app, $dms, $userobj;
$document = $dms->getDocument($id);
if($document) {
- if ($document->getAccessMode($userobj) >= M_READ) {
+ if ($document->getAccessMode($userobj, 'moveDocument') >= M_READ) {
if($folder = $dms->getFolder($folderid)) {
- if($folder->getAccessMode($userobj) >= M_READWRITE) {
+ if($folder->getAccessMode($userobj, 'moveDocument') >= M_READWRITE) {
if($document->setFolder($folder)) {
$app->response()->header('Content-Type', 'application/json');
echo json_encode(array('success'=>true, 'message'=>'', 'data'=>''));
@@ -1151,7 +1151,7 @@ function removeDocumentCategory($id, $categoryId) { /* {{{ */
$category = $dms->getDocumentCategory($categoryId);
if($document && $category) {
- if ($document->getAccessMode($userobj) >= M_READWRITE) {
+ if ($document->getAccessMode($userobj, 'removeDocumentCategory') >= M_READWRITE) {
$ret = $document->removeCategories(array($category));
$app->response()->header('Content-Type', 'application/json');
@@ -1179,7 +1179,7 @@ function removeDocumentCategories($id) { /* {{{ */
$document = $dms->getDocument($id);
if($document) {
- if ($document->getAccessMode($userobj) >= M_READWRITE) {
+ if ($document->getAccessMode($userobj, 'removeDocumentCategory') >= M_READWRITE) {
$app->response()->header('Content-Type', 'application/json');
if($document->setCategories(array()))
echo json_encode(array('success'=>true, 'message'=>'Deleted categories successfully.', 'data'=>''));
diff --git a/webdav/webdav.php b/webdav/webdav.php
index e077e4858..cc372ecae 100644
--- a/webdav/webdav.php
+++ b/webdav/webdav.php
@@ -602,7 +602,7 @@ class HTTP_WebDAV_Server_SeedDMS extends HTTP_WebDAV_Server
if($document) {
if($this->logger)
$this->logger->log('PUT: replacing document id='.$document->getID(), PEAR_LOG_INFO);
- if ($document->getAccessMode($this->user) < M_READWRITE) {
+ if ($document->getAccessMode($this->user, 'updateDocument') < M_READWRITE) {
if($this->logger)
$this->logger->log('PUT: no access on document', PEAR_LOG_ERR);
unlink($tmpFile);
@@ -645,7 +645,7 @@ class HTTP_WebDAV_Server_SeedDMS extends HTTP_WebDAV_Server
} else {
if($this->logger)
$this->logger->log('PUT: adding new document', PEAR_LOG_INFO);
- if ($folder->getAccessMode($this->user) < M_READWRITE) {
+ if ($folder->getAccessMode($this->user, 'addDocument') < M_READWRITE) {
if($this->logger)
$this->logger->log('PUT: no access on folder', PEAR_LOG_ERR);
unlink($tmpFile);
@@ -753,7 +753,7 @@ class HTTP_WebDAV_Server_SeedDMS extends HTTP_WebDAV_Server
return "403 Forbidden";
}
- if ($folder->getAccessMode($this->user) < M_READWRITE) {
+ if ($folder->getAccessMode($this->user, 'addFolder') < M_READWRITE) {
if($this->logger)
$this->logger->log('MKCOL: access forbidden', PEAR_LOG_ERR);
return "403 Forbidden";
@@ -800,7 +800,7 @@ class HTTP_WebDAV_Server_SeedDMS extends HTTP_WebDAV_Server
if (!$obj) return "404 Not found";
// check for access rights
- if($obj->getAccessMode($this->user) < M_ALL) {
+ if($obj->getAccessMode($this->user, get_class($obj) == $this->dms->getClassname('folder') ? 'removeFolder' : 'removeDocument') < M_ALL) {
if($this->logger)
$this->logger->log('DELETE: access forbidden', PEAR_LOG_ERR);
return "403 Forbidden";