mirror of
https://git.code.sf.net/p/seeddms/code
synced 2025-02-06 15:14:58 +00:00
pass context to getAccessMode()
This commit is contained in:
Uwe Steinmann
parent
951ca85e96
commit
45615be207
|
|
@ -51,7 +51,7 @@ if (!is_object($folder)) {
|
|||
|
||||
$folderPathHTML = getFolderPathHTML($folder, true);
|
||||
|
||||
if ($folder->getAccessMode($user) < M_READWRITE) {
|
||||
if ($folder->getAccessMode($user, 'addDocument') < M_READWRITE) {
|
||||
UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -40,7 +40,7 @@ if (!is_object($document)) {
|
|||
|
||||
$folder = $document->getFolder();
|
||||
|
||||
if ($document->getAccessMode($user) < M_READWRITE) {
|
||||
if ($document->getAccessMode($user, 'addDocumentFile') < M_READWRITE) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -50,7 +50,7 @@ if (!is_object($folder)) {
|
|||
|
||||
$folderPathHTML = getFolderPathHTML($folder, true);
|
||||
|
||||
if ($folder->getAccessMode($user) < M_READWRITE) {
|
||||
if ($folder->getAccessMode($user, 'addFolder') < M_READWRITE) {
|
||||
UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -267,9 +267,9 @@ switch($command) {
|
|||
} else {
|
||||
$mfolder = $dms->getFolder($_REQUEST['folderid']);
|
||||
if($mfolder) {
|
||||
if ($mfolder->getAccessMode($user) >= M_READWRITE) {
|
||||
if ($mfolder->getAccessMode($user, 'moveFolder') >= M_READWRITE) {
|
||||
if($folder = $dms->getFolder($_REQUEST['targetfolderid'])) {
|
||||
if($folder->getAccessMode($user) >= M_READWRITE) {
|
||||
if($folder->getAccessMode($user, 'moveFolder') >= M_READWRITE) {
|
||||
if($mfolder->setParent($folder)) {
|
||||
header('Content-Type: application/json');
|
||||
echo json_encode(array('success'=>true, 'message'=>getMLText('splash_move_folder'), 'data'=>''));
|
||||
|
|
@ -306,9 +306,9 @@ switch($command) {
|
|||
} else {
|
||||
$mdocument = $dms->getDocument($_REQUEST['docid']);
|
||||
if($mdocument) {
|
||||
if ($mdocument->getAccessMode($user) >= M_READWRITE) {
|
||||
if ($mdocument->getAccessMode($user, 'moveDocument') >= M_READWRITE) {
|
||||
if($folder = $dms->getFolder($_REQUEST['targetfolderid'])) {
|
||||
if($folder->getAccessMode($user) >= M_READWRITE) {
|
||||
if($folder->getAccessMode($user, 'moveDocument') >= M_READWRITE) {
|
||||
if($mdocument->setFolder($folder)) {
|
||||
header('Content-Type: application/json');
|
||||
echo json_encode(array('success'=>true, 'message'=>getMLText('splash_move_document'), 'data'=>''));
|
||||
|
|
@ -345,7 +345,7 @@ switch($command) {
|
|||
} else {
|
||||
$folder = $dms->getFolder($_REQUEST['id']);
|
||||
if($folder) {
|
||||
if ($folder->getAccessMode($user) >= M_READWRITE) {
|
||||
if ($folder->getAccessMode($user, 'removeFolder') >= M_READWRITE) {
|
||||
$parent=$folder->getParent();
|
||||
$nl = $folder->getNotifyList();
|
||||
$foldername = $folder->getName();
|
||||
|
|
@ -392,7 +392,7 @@ switch($command) {
|
|||
} else {
|
||||
$document = $dms->getDocument($_REQUEST['id']);
|
||||
if($document) {
|
||||
if ($document->getAccessMode($user) >= M_READWRITE) {
|
||||
if ($document->getAccessMode($user, 'removeDocument') >= M_READWRITE) {
|
||||
$folder = $document->getFolder();
|
||||
/* Get the notify list before removing the document */
|
||||
$dnl = $document->getNotifyList();
|
||||
|
|
@ -523,7 +523,7 @@ switch($command) {
|
|||
exit;
|
||||
}
|
||||
|
||||
if ($folder->getAccessMode($user) < M_READWRITE) {
|
||||
if ($folder->getAccessMode($user, 'addDocument') < M_READWRITE) {
|
||||
header('Content-Type: application/json');
|
||||
echo json_encode(array('success'=>false, 'message'=>getMLText("access_denied")));
|
||||
exit;
|
||||
|
|
|
|||
|
|
@ -48,7 +48,7 @@ if (!is_object($document)) {
|
|||
$folder = $document->getFolder();
|
||||
$docPathHTML = getFolderPathHTML($folder, true). " / <a href=\"../out/out.ViewDocument.php?documentid=".$documentid."\">".$document->getName()."</a>";
|
||||
|
||||
if ($document->getAccessMode($user) < M_READWRITE) {
|
||||
if ($document->getAccessMode($user, 'editDocumentContentAttributes') < M_READWRITE) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -46,13 +46,13 @@ if (!is_object($document)) {
|
|||
$folder = $document->getFolder();
|
||||
$docPathHTML = getFolderPathHTML($folder, true). " / <a href=\"../out/out.ViewDocument.php?documentid=".$documentid."\">".$document->getName()."</a>";
|
||||
|
||||
if ($document->getAccessMode($user) < M_READWRITE) {
|
||||
if ($document->getAccessMode($user, 'editDocument') < M_READWRITE) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
if($document->isLocked()) {
|
||||
$lockingUser = $document->getLockingUser();
|
||||
if (($lockingUser->getID() != $user->getID()) && ($document->getAccessMode($user) != M_ALL)) {
|
||||
if (($lockingUser->getID() != $user->getID()) && ($document->getAccessMode($user, 'editDocument') != M_ALL)) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("lock_message", array("email" => $lockingUser->getEmail(), "username" => htmlspecialchars($lockingUser->getFullName()))));
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -59,7 +59,7 @@ if (!is_object($file)) {
|
|||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("invalid_file_id"));
|
||||
}
|
||||
|
||||
if (($document->getAccessMode($user) < M_ALL)&&($user->getID()!=$file->getUserID())) {
|
||||
if (($document->getAccessMode($user, 'editDocumentFile') < M_ALL)&&($user->getID()!=$file->getUserID())) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -45,7 +45,7 @@ if (!is_object($folder)) {
|
|||
|
||||
$folderPathHTML = getFolderPathHTML($folder, true);
|
||||
|
||||
if ($folder->getAccessMode($user) < M_READWRITE) {
|
||||
if ($folder->getAccessMode($user, 'editFolder') < M_READWRITE) {
|
||||
UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -42,13 +42,13 @@ if (!is_object($document)) {
|
|||
$folder = $document->getFolder();
|
||||
$docPathHTML = getFolderPathHTML($folder, true). " / <a href=\"../out/out.ViewDocument.php?documentid=".$documentid."\">".$document->getName()."</a>";
|
||||
|
||||
if ($document->getAccessMode($user) < M_READWRITE) {
|
||||
if ($document->getAccessMode($user, 'editOnline') < M_READWRITE) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
if($document->isLocked()) {
|
||||
$lockingUser = $document->getLockingUser();
|
||||
if (($lockingUser->getID() != $user->getID()) && ($document->getAccessMode($user) != M_ALL)) {
|
||||
if (($lockingUser->getID() != $user->getID()) && ($document->getAccessMode($user, 'editOnline') != M_ALL)) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("lock_message", array("email" => $lockingUser->getEmail(), "username" => htmlspecialchars($lockingUser->getFullName()))));
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -51,13 +51,13 @@ if (!is_object($targetFolder)) {
|
|||
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_target_folder"));
|
||||
}
|
||||
|
||||
if (($document->getAccessMode($user) < M_READWRITE) || ($targetFolder->getAccessMode($user) < M_READWRITE)) {
|
||||
if (($document->getAccessMode($user, 'moveDocument') < M_READWRITE) || ($targetFolder->getAccessMode($user, 'moveDocument') < M_READWRITE)) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
if($document->isLocked()) {
|
||||
$lockingUser = $document->getLockingUser();
|
||||
if (($lockingUser->getID() != $user->getID()) && ($document->getAccessMode($user) != M_ALL)) {
|
||||
if (($lockingUser->getID() != $user->getID()) && ($document->getAccessMode($user, 'moveDocument') != M_ALL)) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("lock_message", array("email" => $lockingUser->getEmail(), "username" => htmlspecialchars($lockingUser->getFullName()))));
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -56,7 +56,7 @@ if($folder->isSubFolder($targetFolder)) {
|
|||
UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("invalid_target_folder"));
|
||||
}
|
||||
|
||||
if ($folder->getAccessMode($user) < M_READWRITE || $targetFolder->getAccessMode($user) < M_READWRITE) {
|
||||
if ($folder->getAccessMode($user, 'moveFolder') < M_READWRITE || $targetFolder->getAccessMode($user, 'moveFolder') < M_READWRITE) {
|
||||
UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -46,13 +46,16 @@ if (!is_object($document)) {
|
|||
UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id"));
|
||||
}
|
||||
|
||||
if ($document->getAccessMode($user) < M_ALL) {
|
||||
if ($document->getAccessMode($user, 'removeDocument') < M_ALL) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
/* FIXME: whether a document is locked or not, doesn't make a difference,
|
||||
* because M_ALL access right is used in any case.
|
||||
*/
|
||||
if($document->isLocked()) {
|
||||
$lockingUser = $document->getLockingUser();
|
||||
if (($lockingUser->getID() != $user->getID()) && ($document->getAccessMode($user) != M_ALL)) {
|
||||
if (($lockingUser->getID() != $user->getID()) && ($document->getAccessMode($user, 'removeDocument') != M_ALL)) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("lock_message", array("email" => $lockingUser->getEmail(), "username" => htmlspecialchars($lockingUser->getFullName()))));
|
||||
}
|
||||
}
|
||||
|
|
|
|||
|
|
@ -54,7 +54,7 @@ if (!is_object($file)) {
|
|||
}
|
||||
|
||||
|
||||
if (($document->getAccessMode($user) < M_ALL)&&($user->getID()!=$file->getUserID())) {
|
||||
if (($document->getAccessMode($user, 'removeDocumentFile') < M_ALL)&&($user->getID()!=$file->getUserID())) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -54,7 +54,7 @@ if (!is_object($link)) {
|
|||
}
|
||||
|
||||
$responsibleUser = $link->getUser();
|
||||
$accessMode = $document->getAccessMode($user);
|
||||
$accessMode = $document->getAccessMode($user, 'removeDocumentLink');
|
||||
|
||||
if (
|
||||
($accessMode < M_READ)
|
||||
|
|
|
|||
|
|
@ -50,7 +50,7 @@ if ($folderid == $settings->_rootFolderID || !$folder->getParent()) {
|
|||
UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("cannot_rm_root"));
|
||||
}
|
||||
|
||||
if ($folder->getAccessMode($user) < M_ALL) {
|
||||
if ($folder->getAccessMode($user, 'removeFolder') < M_ALL) {
|
||||
UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -46,7 +46,7 @@ if (!$settings->_enableVersionDeletion && !$user->isAdmin()) {
|
|||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
if ($document->getAccessMode($user) < M_ALL) {
|
||||
if ($document->getAccessMode($user, 'removeVersion') < M_ALL) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -48,7 +48,7 @@ if (!is_object($document)) {
|
|||
UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id"));
|
||||
}
|
||||
|
||||
if ($document->getAccessMode($user) < M_READWRITE) {
|
||||
if ($document->getAccessMode($user, 'updateDocument') < M_READWRITE) {
|
||||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("access_denied"));
|
||||
}
|
||||
|
||||
|
|
|
|||
|
|
@ -411,7 +411,7 @@ function createFolder($id) { /* {{{ */
|
|||
}
|
||||
$parent = $dms->getFolder($id);
|
||||
if($parent) {
|
||||
if($parent->getAccessMode($userobj) >= M_READWRITE) {
|
||||
if($parent->getAccessMode($userobj, 'addFolder') >= M_READWRITE) {
|
||||
if($name = $app->request()->post('name')) {
|
||||
$comment = $app->request()->post('comment');
|
||||
$attributes = $app->request()->post('attributes');
|
||||
|
|
@ -478,9 +478,9 @@ function moveFolder($id, $folderid) { /* {{{ */
|
|||
|
||||
$mfolder = $dms->getFolder($id);
|
||||
if($mfolder) {
|
||||
if ($mfolder->getAccessMode($userobj) >= M_READ) {
|
||||
if ($mfolder->getAccessMode($userobj, 'moveFolder') >= M_READ) {
|
||||
if($folder = $dms->getFolder($folderid)) {
|
||||
if($folder->getAccessMode($userobj) >= M_READWRITE) {
|
||||
if($folder->getAccessMode($userobj, 'moveFolder') >= M_READWRITE) {
|
||||
if($mfolder->setParent($folder)) {
|
||||
$app->response()->header('Content-Type', 'application/json');
|
||||
echo json_encode(array('success'=>true, 'message'=>'', 'data'=>''));
|
||||
|
|
@ -535,7 +535,7 @@ function deleteFolder($id) { /* {{{ */
|
|||
}
|
||||
$mfolder = $dms->getFolder($id);
|
||||
if($mfolder) {
|
||||
if ($mfolder->getAccessMode($userobj) >= M_READWRITE) {
|
||||
if ($mfolder->getAccessMode($userobj, 'removeFolder') >= M_READWRITE) {
|
||||
if($mfolder->remove()) {
|
||||
$app->response()->header('Content-Type', 'application/json');
|
||||
echo json_encode(array('success'=>true, 'message'=>'', 'data'=>''));
|
||||
|
|
@ -577,7 +577,7 @@ function uploadDocument($id) { /* {{{ */
|
|||
}
|
||||
$mfolder = $dms->getFolder($id);
|
||||
if($mfolder) {
|
||||
if ($mfolder->getAccessMode($userobj) >= M_READWRITE) {
|
||||
if ($mfolder->getAccessMode($userobj, 'addDocument') >= M_READWRITE) {
|
||||
$docname = $app->request()->params('name');
|
||||
$keywords = $app->request()->params('keywords');
|
||||
// $categories = $app->request()->params('categories') ? $app->request()->params('categories') : [];
|
||||
|
|
@ -650,7 +650,7 @@ function uploadDocumentPut($id) { /* {{{ */
|
|||
}
|
||||
$mfolder = $dms->getFolder($id);
|
||||
if($mfolder) {
|
||||
if ($mfolder->getAccessMode($userobj) >= M_READWRITE) {
|
||||
if ($mfolder->getAccessMode($userobj, 'addDocument') >= M_READWRITE) {
|
||||
$docname = $app->request()->get('name');
|
||||
$origfilename = $app->request()->get('origfilename');
|
||||
$content = $app->getInstance()->request()->getBody();
|
||||
|
|
@ -706,7 +706,7 @@ function uploadDocumentFile($documentId) { /* {{{ */
|
|||
}
|
||||
$document = $dms->getDocument($documentId);
|
||||
if($document) {
|
||||
if ($document->getAccessMode($userobj) >= M_READWRITE) {
|
||||
if ($document->getAccessMode($userobj, 'addDocumentFile') >= M_READWRITE) {
|
||||
$docname = $app->request()->params('name');
|
||||
$keywords = $app->request()->params('keywords');
|
||||
$origfilename = $app->request()->params('origfilename');
|
||||
|
|
@ -791,7 +791,7 @@ function deleteDocument($id) { /* {{{ */
|
|||
global $app, $dms, $userobj;
|
||||
$document = $dms->getDocument($id);
|
||||
if($document) {
|
||||
if ($document->getAccessMode($userobj) >= M_READWRITE) {
|
||||
if ($document->getAccessMode($userobj, 'deleteDocument') >= M_READWRITE) {
|
||||
if($document->remove()) {
|
||||
$app->response()->header('Content-Type', 'application/json');
|
||||
echo json_encode(array('success'=>true, 'message'=>'', 'data'=>''));
|
||||
|
|
@ -819,9 +819,9 @@ function moveDocument($id, $folderid) { /* {{{ */
|
|||
global $app, $dms, $userobj;
|
||||
$document = $dms->getDocument($id);
|
||||
if($document) {
|
||||
if ($document->getAccessMode($userobj) >= M_READ) {
|
||||
if ($document->getAccessMode($userobj, 'moveDocument') >= M_READ) {
|
||||
if($folder = $dms->getFolder($folderid)) {
|
||||
if($folder->getAccessMode($userobj) >= M_READWRITE) {
|
||||
if($folder->getAccessMode($userobj, 'moveDocument') >= M_READWRITE) {
|
||||
if($document->setFolder($folder)) {
|
||||
$app->response()->header('Content-Type', 'application/json');
|
||||
echo json_encode(array('success'=>true, 'message'=>'', 'data'=>''));
|
||||
|
|
@ -1151,7 +1151,7 @@ function removeDocumentCategory($id, $categoryId) { /* {{{ */
|
|||
$category = $dms->getDocumentCategory($categoryId);
|
||||
|
||||
if($document && $category) {
|
||||
if ($document->getAccessMode($userobj) >= M_READWRITE) {
|
||||
if ($document->getAccessMode($userobj, 'removeDocumentCategory') >= M_READWRITE) {
|
||||
$ret = $document->removeCategories(array($category));
|
||||
|
||||
$app->response()->header('Content-Type', 'application/json');
|
||||
|
|
@ -1179,7 +1179,7 @@ function removeDocumentCategories($id) { /* {{{ */
|
|||
$document = $dms->getDocument($id);
|
||||
|
||||
if($document) {
|
||||
if ($document->getAccessMode($userobj) >= M_READWRITE) {
|
||||
if ($document->getAccessMode($userobj, 'removeDocumentCategory') >= M_READWRITE) {
|
||||
$app->response()->header('Content-Type', 'application/json');
|
||||
if($document->setCategories(array()))
|
||||
echo json_encode(array('success'=>true, 'message'=>'Deleted categories successfully.', 'data'=>''));
|
||||
|
|
|
|||
|
|
@ -602,7 +602,7 @@ class HTTP_WebDAV_Server_SeedDMS extends HTTP_WebDAV_Server
|
|||
if($document) {
|
||||
if($this->logger)
|
||||
$this->logger->log('PUT: replacing document id='.$document->getID(), PEAR_LOG_INFO);
|
||||
if ($document->getAccessMode($this->user) < M_READWRITE) {
|
||||
if ($document->getAccessMode($this->user, 'updateDocument') < M_READWRITE) {
|
||||
if($this->logger)
|
||||
$this->logger->log('PUT: no access on document', PEAR_LOG_ERR);
|
||||
unlink($tmpFile);
|
||||
|
|
@ -645,7 +645,7 @@ class HTTP_WebDAV_Server_SeedDMS extends HTTP_WebDAV_Server
|
|||
} else {
|
||||
if($this->logger)
|
||||
$this->logger->log('PUT: adding new document', PEAR_LOG_INFO);
|
||||
if ($folder->getAccessMode($this->user) < M_READWRITE) {
|
||||
if ($folder->getAccessMode($this->user, 'addDocument') < M_READWRITE) {
|
||||
if($this->logger)
|
||||
$this->logger->log('PUT: no access on folder', PEAR_LOG_ERR);
|
||||
unlink($tmpFile);
|
||||
|
|
@ -753,7 +753,7 @@ class HTTP_WebDAV_Server_SeedDMS extends HTTP_WebDAV_Server
|
|||
return "403 Forbidden";
|
||||
}
|
||||
|
||||
if ($folder->getAccessMode($this->user) < M_READWRITE) {
|
||||
if ($folder->getAccessMode($this->user, 'addFolder') < M_READWRITE) {
|
||||
if($this->logger)
|
||||
$this->logger->log('MKCOL: access forbidden', PEAR_LOG_ERR);
|
||||
return "403 Forbidden";
|
||||
|
|
@ -800,7 +800,7 @@ class HTTP_WebDAV_Server_SeedDMS extends HTTP_WebDAV_Server
|
|||
if (!$obj) return "404 Not found";
|
||||
|
||||
// check for access rights
|
||||
if($obj->getAccessMode($this->user) < M_ALL) {
|
||||
if($obj->getAccessMode($this->user, get_class($obj) == $this->dms->getClassname('folder') ? 'removeFolder' : 'removeDocument') < M_ALL) {
|
||||
if($this->logger)
|
||||
$this->logger->log('DELETE: access forbidden', PEAR_LOG_ERR);
|
||||
return "403 Forbidden";
|
||||
|
|
|
|||
Loading…
Reference in New Issue
Block a user