gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2024-11-26 15:32:13 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge branch 'seeddms-5.0.x-attachment' into seeddms-5.1.x

Browse Source
This commit is contained in:
Uwe Steinmann 2017-02-20 15:37:44 +01:00
commit 52deebbf6e
9 changed files with 185 additions and 25 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
SeedDMS_Core/Core/inc.ClassDMS.php
View File

@ -315,6 +315,25 @@ class SeedDMS_Core_DMS {
return $tmp;
} /* }}} */
/**
* Filter out document attachments which can not be accessed by a given user
*
* Returns a filtered list of files which are accessible by the
* given user. A file is only accessible, if it is publically visible,
* owned by the user, or the accessing user is an administrator.
*
* @param array $files list of objects of type SeedDMS_Core_DocumentFile
* @param object $user user for which access is being checked
* @return array filtered list of files
*/
static function filterDocumentFiles($user, $files) { /* {{{ */
$tmp = array();
foreach ($files as $file)
if ($file->isPublic() || ($file->getUser()->getID() == $user->getID()) || $user->isAdmin())
array_push($tmp, $file);
return $tmp;
} /* }}} */
/**
* Create a new instance of the dms
*

40
SeedDMS_Core/Core/inc.ClassDocument.php
View File

@ -1764,33 +1764,41 @@ class SeedDMS_Core_Document extends SeedDMS_Core_Object { /* {{{ */
if ((is_bool($resArr) && !$resArr) || count($resArr)==0) return false;
$resArr = $resArr[0];
return new SeedDMS_Core_DocumentFile($resArr["id"], $this, $resArr["userID"], $resArr["comment"], $resArr["date"], $resArr["dir"], $resArr["fileType"], $resArr["mimeType"], $resArr["orgFileName"], $resArr["name"]);
return new SeedDMS_Core_DocumentFile($resArr["id"], $this, $resArr["userID"], $resArr["comment"], $resArr["date"], $resArr["dir"], $resArr["fileType"], $resArr["mimeType"], $resArr["orgFileName"], $resArr["name"],$resArr["version"],$resArr["public"]);
} /* }}} */
function getDocumentFiles() { /* {{{ */
function getDocumentFiles($version=0) { /* {{{ */
if (!isset($this->_documentFiles)) {
$db = $this->_dms->getDB();
$queryStr = "SELECT * FROM `tblDocumentFiles` WHERE `document` = " . $this->_id." ORDER BY `date` DESC";
$queryStr = "SELECT * FROM `tblDocumentFiles` WHERE `document` = " . $this->_id;
if($version) {
$queryStr .= " AND (`version`=0 OR `version`=".(int) $version.")";
}
$queryStr .= " ORDER BY ";
if($version) {
$queryStr .= "`version` DESC,";
}
$queryStr .= "`date` DESC";
$resArr = $db->getResultArray($queryStr);
if (is_bool($resArr) && !$resArr) return false;
$this->_documentFiles = array();
foreach ($resArr as $row) {
array_push($this->_documentFiles, new SeedDMS_Core_DocumentFile($row["id"], $this, $row["userID"], $row["comment"], $row["date"], $row["dir"], $row["fileType"], $row["mimeType"], $row["orgFileName"], $row["name"]));
array_push($this->_documentFiles, new SeedDMS_Core_DocumentFile($row["id"], $this, $row["userID"], $row["comment"], $row["date"], $row["dir"], $row["fileType"], $row["mimeType"], $row["orgFileName"], $row["name"], $row["version"], $row["public"]));
}
}
return $this->_documentFiles;
} /* }}} */
function addDocumentFile($name, $comment, $user, $tmpFile, $orgFileName,$fileType, $mimeType ) { /* {{{ */
function addDocumentFile($name, $comment, $user, $tmpFile, $orgFileName,$fileType, $mimeType,$version=0,$public=1) { /* {{{ */
$db = $this->_dms->getDB();
$dir = $this->getDir();
$queryStr = "INSERT INTO `tblDocumentFiles` (`comment`, `date`, `dir`, `document`, `fileType`, `mimeType`, `orgFileName`, `userID`, `name`) VALUES ".
"(".$db->qstr($comment).", ".$db->getCurrentTimestamp().", ".$db->qstr($dir).", ".$this->_id.", ".$db->qstr($fileType).", ".$db->qstr($mimeType).", ".$db->qstr($orgFileName).",".$user->getID().",".$db->qstr($name).")";
$queryStr = "INSERT INTO `tblDocumentFiles` (`comment`, `date`, `dir`, `document`, `fileType`, `mimeType`, `orgFileName`, `userID`, `name`, `version`, `public`) VALUES ".
"(".$db->qstr($comment).", ".$db->getCurrentTimestamp().", ".$db->qstr($dir).", ".$this->_id.", ".$db->qstr($fileType).", ".$db->qstr($mimeType).", ".$db->qstr($orgFileName).",".$user->getID().",".$db->qstr($name).", ".((int) $version).", ".($public ? 1 : 0).")";
if (!$db->getResult($queryStr)) return false;
$id = $db->getInsertID('tblDocumentFiles');
@ -4372,6 +4380,16 @@ class SeedDMS_Core_DocumentFile { /* {{{ */
*/
protected $_date;
/**
* @var integer version of document this file is attached to
*/
protected $_version;
/**
* @var integer 1 if this link is public, or 0 if is only visible to the owner
*/
protected $_public;
/**
* @var string directory where the file is stored. This is the
* document id with a proceding '/'.
@ -4400,7 +4418,7 @@ class SeedDMS_Core_DocumentFile { /* {{{ */
*/
protected $_name;
function __construct($id, $document, $userID, $comment, $date, $dir, $fileType, $mimeType, $orgFileName,$name) {
function __construct($id, $document, $userID, $comment, $date, $dir, $fileType, $mimeType, $orgFileName,$name,$version,$public) {
$this->_id = $id;
$this->_document = $document;
$this->_userID = $userID;
@ -4411,6 +4429,8 @@ class SeedDMS_Core_DocumentFile { /* {{{ */
$this->_mimeType = $mimeType;
$this->_orgFileName = $orgFileName;
$this->_name = $name;
$this->_version = $version;
$this->_public = $public;
}
function getID() { return $this->_id; }
@ -4434,6 +4454,10 @@ class SeedDMS_Core_DocumentFile { /* {{{ */
return $this->_document->getDir() . "f" .$this->_id . $this->_fileType;
}
function getVersion() { return $this->_version; }
function isPublic() { return $this->_public; }
} /* }}} */
//

2
install/create_tables-innodb.sql
View File

@ -301,7 +301,9 @@ CREATE TABLE `tblDocumentLinks` (
CREATE TABLE `tblDocumentFiles` (
`id` int(11) NOT NULL auto_increment,
`document` int(11) NOT NULL default '0',
`version` smallint(5) unsigned NOT NULL default '0',
`userID` int(11) NOT NULL default '0',
`public` tinyint(1) NOT NULL default '0',
`comment` text,
`name` varchar(150) default NULL,
`date` int(12) default NULL,

2
install/create_tables-sqlite3.sql
View File

@ -263,7 +263,9 @@ CREATE TABLE `tblDocumentLinks` (
CREATE TABLE `tblDocumentFiles` (
`id` INTEGER PRIMARY KEY AUTOINCREMENT,
`document` INTEGER NOT NULL default 0 REFERENCES `tblDocuments` (`id`),
`version` INTEGER unsigned NOT NULL default '0',
`userID` INTEGER NOT NULL default 0 REFERENCES `tblUsers` (`id`),
`public` INTEGER NOT NULL default '0',
`comment` text,
`name` varchar(150) default NULL,
`date` INTEGER default NULL,

13
op/op.AddFile.php
View File

@ -77,6 +77,15 @@ for ($file_num=0;$file_num<count($_FILES["userfile"]["tmp_name"]);$file_num++){
else
$name = $_FILES["userfile"]['name'][$file_num];
$comment = $_POST["comment"];
$version = (int) $_POST["version"];
$public = (isset($_POST["public"]) && $_POST["public"] == 'true') ? 1 : 0;
if($version) {
$v = $document->getContentByVersion($version);
if(!$v) {
UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("error_occured"));
}
}
$userfiletmp = $_FILES["userfile"]["tmp_name"][$file_num];
$userfiletype = $_FILES["userfile"]["type"][$file_num];
@ -90,8 +99,8 @@ for ($file_num=0;$file_num<count($_FILES["userfile"]["tmp_name"]);$file_num++){
}
$res = $document->addDocumentFile($name, $comment, $user, $userfiletmp,
basename($userfilename),$fileType, $userfiletype );
basename($userfilename),$fileType, $userfiletype, $version, $public);
if (is_bool($res) && !$res) {
UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("error_occured"));
} else {

36
views/bootstrap/class.AddFile.php
View File

@ -143,7 +143,6 @@ $(document).ready( function() {
<form class="form-horizontal" action="../op/op.AddFile.php" enctype="multipart/form-data" method="post" name="form1" id="form1">
<input type="hidden" name="documentid" value="<?php print $document->getId(); ?>">
<div class="control-group">
<label class="control-label"><?php printMLText("local_file");?>:</label>
<div class="controls">
@ -155,28 +154,39 @@ $(document).ready( function() {
?>
</div>
</div>
<div class="control-group">
<label class="control-label"><?php printMLText("link_to_version");?>:</label>
<div class="controls"><select name="version" id="version">
<option value=""></option>
<?php
$versions = $document->getContent();
foreach($versions as $version)
echo "<option value=\"".$version->getVersion()."\">".getMLText('version')." ".$version->getVersion()."</option>";
?>
</select></div>
</div>
<div class="control-group">
<label class="control-label"><?php printMLText("name");?>:</label>
<div class="controls">
<input type="text" name="name" id="name" size="60">
</div>
<div class="controls"><input type="text" name="name" id="name" size="60"></div>
</div>
<div class="control-group">
<label class="control-label"><?php printMLText("comment");?>:</label>
<div class="controls">
<textarea name="comment" id="comment" rows="4" cols="80"<?php echo $strictformcheck ? ' required' : ''; ?>></textarea>
</div>
</div>
<div class="controls">
<input class="btn" type="submit" value="<?php printMLText("add");?>">
<?php
if ($document->getAccessMode($user) >= M_READWRITE) {
print "<div class=\"control-group\"><label class=\"control-label\">".getMLText("document_link_public")."</label>";
print "<div class=\"controls\">";
print "<input type=\"checkbox\" name=\"public\" value=\"true\" checked />";
print "</div></div>";
}
?>
<div class="control-group">
<label class="control-label"></label>
<div class="controls"><input class="btn" type="submit" value="<?php printMLText("add");?>"></div>
</div>
</form>
<?php
$this->contentContainerEnd();

3
views/bootstrap/class.Bootstrap.php
View File

@ -1929,7 +1929,8 @@ $(document).ready( function() {
}
/* Retrieve attacheѕ files */
$files = $document->getDocumentFiles();
$files = $document->getDocumentFiles($latestContent->getVersion());
$files = SeedDMS_Core_DMS::filterDocumentFiles($user, $files);
/* Retrieve linked documents */
$links = $document->getDocumentLinks();

87
views/bootstrap/class.DocumentVersionDetail.php
View File

@ -364,6 +364,93 @@ class SeedDMS_View_DocumentVersionDetail extends SeedDMS_Bootstrap_Style {
$this->contentContainerEnd();
$tmpfiles = $document->getDocumentFiles($version->getVersion());
/* Do the regular filtering by isPublic and access rights */
$tmpfiles = SeedDMS_Core_DMS::filterDocumentFiles($user, $tmpfiles);
/* Also filter only those files belonging to this version and skip files
* belonging to the document (version = 0)
*/
$files = array();
foreach($tmpfiles as $file) {
if($file->getVersion() == $version->getVersion())
$files[] = $file;
}
if (count($files) > 0) {
$this->contentHeading(getMLText("linked_files"));
$this->contentContainerStart();
$documentid = $document->getID();
print "<table class=\"table\">";
print "<thead>\n<tr>\n";
print "<th width='20%'></th>\n";
print "<th width='20%'>".getMLText("file")."</th>\n";
print "<th width='40%'>".getMLText("comment")."</th>\n";
print "<th width='20%'></th>\n";
print "</tr>\n</thead>\n<tbody>\n";
foreach($files as $file) {
if($file->getVersion() != $version->getVersion())
continue;
$file_exists=file_exists($dms->contentDir . $file->getPath());
$responsibleUser = $file->getUser();
print "<tr>";
print "<td>";
$previewer->createPreview($file, $previewwidthdetail);
if($file_exists) {
if ($viewonlinefiletypes && in_array(strtolower($file->getFileType()), $viewonlinefiletypes)) {
print "<a target=\"_blank\" href=\"../op/op.ViewOnline.php?documentid=".$documentid."&file=". $file->getID()."\">";
} else {
print "<a href=\"../op/op.Download.php?documentid=".$documentid."&file=".$file->getID()."\">";
}
}
if($previewer->hasPreview($file)) {
print("<img class=\"mimeicon\" width=\"".$previewwidthdetail."\" src=\"../op/op.Preview.php?documentid=".$document->getID()."&file=".$file->getID()."&width=".$previewwidthdetail."\" title=\"".htmlspecialchars($file->getMimeType())."\">");
} else {
print "<img class=\"mimeicon\" src=\"".$this->getMimeIcon($file->getFileType())."\" title=\"".htmlspecialchars($file->getMimeType())."\">";
}
if($file_exists) {
print "</a>";
}
print "</td>";
print "<td><ul class=\"unstyled\">\n";
print "<li>".htmlspecialchars($file->getName())."</li>\n";
print "<li>".htmlspecialchars($file->getOriginalFileName())."</li>\n";
if ($file_exists)
print "<li>".SeedDMS_Core_File::format_filesize(filesize($dms->contentDir . $file->getPath())) ." bytes, ".htmlspecialchars($file->getMimeType())."</li>";
else print "<li>".htmlspecialchars($file->getMimeType())." - <span class=\"warning\">".getMLText("document_deleted")."</span></li>";
print "<li>".getMLText("uploaded_by")." <a href=\"mailto:".$responsibleUser->getEmail()."\">".htmlspecialchars($responsibleUser->getFullName())."</a></li>";
print "<li>".getLongReadableDate($file->getDate())."</li>";
if($file->getVersion())
print "<li>".getMLText('linked_to_this_version')."</li>";
print "</ul></td>";
print "<td>".htmlspecialchars($file->getComment())."</td>";
print "<td><ul class=\"unstyled actions\">";
if ($file_exists) {
print "<li><a href=\"../op/op.Download.php?documentid=".$documentid."&file=".$file->getID()."\"><i class=\"icon-download\"></i>".getMLText('download')."</a></li>";
if ($viewonlinefiletypes && in_array(strtolower($file->getFileType()), $viewonlinefiletypes)) {
print "<li><a target=\"_blank\" href=\"../op/op.ViewOnline.php?documentid=".$documentid."&file=". $file->getID()."\"><i class=\"icon-star\"></i>" . getMLText("view_online") . "</a></li>";
}
} else print "<li><img class=\"mimeicon\" src=\"images/icons/".$this->getMimeIcon($file->getFileType())."\" title=\"".htmlspecialchars($file->getMimeType())."\">";
echo "</ul><ul class=\"unstyled actions\">";
if (($document->getAccessMode($user) == M_ALL)||($file->getUserID()==$user->getID()))
print "<li><a href=\"out.RemoveDocumentFile.php?documentid=".$documentid."&fileid=".$file->getID()."\"><i class=\"icon-remove\"></i>".getMLText("delete")."</a></li>";
print "</ul></td>";
print "</tr>";
}
print "</tbody>\n</table>\n";
$this->contentContainerEnd();
}
if($user->isAdmin()) {
$this->contentHeading(getMLText("status"));
$this->contentContainerStart();

8
views/bootstrap/class.ViewDocument.php
View File

@ -413,7 +413,9 @@ class SeedDMS_View_ViewDocument extends SeedDMS_Bootstrap_Style {
}
/* Retrieve attacheѕ files */
$files = $document->getDocumentFiles();
$latestContent = $document->getLatestContent();
$files = $document->getDocumentFiles($latestContent->getVersion());
$files = SeedDMS_Core_DMS::filterDocumentFiles($user, $files);
/* Retrieve linked documents */
$links = $document->getDocumentLinks();
@ -1213,6 +1215,10 @@ class SeedDMS_View_ViewDocument extends SeedDMS_Bootstrap_Style {
print "<li>".getMLText("uploaded_by")." <a href=\"mailto:".$responsibleUser->getEmail()."\">".htmlspecialchars($responsibleUser->getFullName())."</a></li>";
print "<li>".getLongReadableDate($file->getDate())."</li>";
if($file->getVersion())
print "<li>".getMLText('linked_to_current_version')."</li>";
else
print "<li>".getMLText('linked_to_document')."</li>";
print "</ul></td>";
print "<td>".htmlspecialchars($file->getComment())."</td>";