From 75f21ddf02dda9531e0e7fd3b3edb19d16629ccf Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Thu, 24 Nov 2016 11:42:37 +0100 Subject: [PATCH 1/7] add filterDocumentFiles() --- SeedDMS_Core/Core/inc.ClassDMS.php | 74 ++++++++++++++++++++++++++++++ 1 file changed, 74 insertions(+) diff --git a/SeedDMS_Core/Core/inc.ClassDMS.php b/SeedDMS_Core/Core/inc.ClassDMS.php index 7319fba43..25834e267 100644 --- a/SeedDMS_Core/Core/inc.ClassDMS.php +++ b/SeedDMS_Core/Core/inc.ClassDMS.php @@ -315,6 +315,80 @@ class SeedDMS_Core_DMS { return $tmp; } /* }}} */ + /** + * Filter out document attachments which can not be accessed by a given user + * + * Returns a filtered list of files which are accessible by the + * given user. A file is only accessible, if it is publically visible, + * owned by the user, or the accessing user is an administrator. + * + * @param array $files list of objects of type SeedDMS_Core_DocumentFile + * @param object $user user for which access is being checked + * @return array filtered list of files + */ + static function filterDocumentFiles($user, $files) { /* {{{ */ + $tmp = array(); + foreach ($files as $file) + if ($file->isPublic() || ($file->getUser()->getID() == $user->getID()) || $user->isAdmin()) + array_push($tmp, $file); + return $tmp; + } /* }}} */ + + /** + * Merge access lists + * + * Merges two access lists. Objects of the second list will override objects + * in the first list. + * + * @param array $first list of access rights as returned by + * SeedDMS_Core_Document:: getAccessList() or SeedDMS_Core_Folder::getAccessList() + * @param array $secont list of access rights + * @return array merged list + */ + static function mergeAccessLists($first, $second) { /* {{{ */ + if($first && !$second) + return $first; + if(!$first && $second) + return $second; + + $tmp = array('users'=>array(), 'groups'=>array()); + if(!isset($first['users']) || !isset($first['groups']) || + !isset($second['users']) || !isset($second['groups'])) + return false; + + foreach ($first['users'] as $f) { + $new = $f; + foreach ($second['users'] as $i=>$s) { + if($f->getUserID() == $s->getUserID()) { + $new = $s; + unset($second['users'][$i]); + break; + } + } + array_push($tmp['users'], $new); + } + foreach ($seconf['users'] as $f) { + array_push($tmp['users'], $f); + } + + foreach ($first['groups'] as $f) { + $new = $f; + foreach ($second['groups'] as $i=>$s) { + if($f->getGroupID() == $s->getGroupID()) { + $new = $s; + unset($second['groups'][$i]); + break; + } + } + array_push($tmp['groups'], $new); + } + foreach ($second['groups'] as $f) { + array_push($tmp['groups'], $f); + } + + return $tmp; + } /* }}} */ + /** * Create a new instance of the dms * From 9346fa6072f9c69d7a9e220704b7ff3730726083 Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Thu, 24 Nov 2016 11:42:53 +0100 Subject: [PATCH 2/7] use new function filterDocumentFiles() --- views/bootstrap/class.Bootstrap.php | 3 +- .../bootstrap/class.DocumentVersionDetail.php | 87 +++++++++++++++++++ views/bootstrap/class.ViewDocument.php | 4 +- 3 files changed, 92 insertions(+), 2 deletions(-) diff --git a/views/bootstrap/class.Bootstrap.php b/views/bootstrap/class.Bootstrap.php index 55e8a374b..9fed9d232 100644 --- a/views/bootstrap/class.Bootstrap.php +++ b/views/bootstrap/class.Bootstrap.php @@ -1929,7 +1929,8 @@ $(document).ready( function() { } /* Retrieve attacheѕ files */ - $files = $document->getDocumentFiles(); + $files = $document->getDocumentFiles($latestContent->getVersion()); + $files = SeedDMS_Core_DMS::filterDocumentFiles($user, $files); /* Retrieve linked documents */ $links = $document->getDocumentLinks(); diff --git a/views/bootstrap/class.DocumentVersionDetail.php b/views/bootstrap/class.DocumentVersionDetail.php index dca652f1d..9e3859242 100644 --- a/views/bootstrap/class.DocumentVersionDetail.php +++ b/views/bootstrap/class.DocumentVersionDetail.php @@ -364,6 +364,93 @@ class SeedDMS_View_DocumentVersionDetail extends SeedDMS_Bootstrap_Style { $this->contentContainerEnd(); + $tmpfiles = $document->getDocumentFiles($version->getVersion()); + /* Do the regular filtering by isPublic and access rights */ + $tmpfiles = SeedDMS_Core_DMS::filterDocumentFiles($user, $tmpfiles); + /* Also filter only those files belonging to this version and skip files + * belonging to the document (version = 0) + */ + $files = array(); + foreach($tmpfiles as $file) { + if($file->getVersion() == $version->getVersion()) + $files[] = $file; + } + + if (count($files) > 0) { + $this->contentHeading(getMLText("linked_files")); + $this->contentContainerStart(); + + $documentid = $document->getID(); + + print ""; + print "\n\n"; + print "\n"; + print "\n"; + print "\n"; + print "\n"; + print "\n\n\n"; + + foreach($files as $file) { + if($file->getVersion() != $version->getVersion()) + continue; + + $file_exists=file_exists($dms->contentDir . $file->getPath()); + + $responsibleUser = $file->getUser(); + + print ""; + print ""; + + print ""; + print ""; + + print ""; + + print ""; + } + print "\n
".getMLText("file")."".getMLText("comment")."
"; + $previewer->createPreview($file, $previewwidthdetail); + if($file_exists) { + if ($viewonlinefiletypes && in_array(strtolower($file->getFileType()), $viewonlinefiletypes)) { + print "getID()."\">"; + } else { + print "getID()."\">"; + } + } + if($previewer->hasPreview($file)) { + print("getID()."&file=".$file->getID()."&width=".$previewwidthdetail."\" title=\"".htmlspecialchars($file->getMimeType())."\">"); + } else { + print "getMimeIcon($file->getFileType())."\" title=\"".htmlspecialchars($file->getMimeType())."\">"; + } + if($file_exists) { + print ""; + } + print "
    \n"; + print "
  • ".htmlspecialchars($file->getName())."
    • \n"; + print "
  • ".htmlspecialchars($file->getOriginalFileName())."
    • \n"; + if ($file_exists) + print "
  • ".SeedDMS_Core_File::format_filesize(filesize($dms->contentDir . $file->getPath())) ." bytes, ".htmlspecialchars($file->getMimeType())."
    • "; + else print "
  • ".htmlspecialchars($file->getMimeType())." - ".getMLText("document_deleted")."
    • "; + + print "
  • ".getMLText("uploaded_by")." getEmail()."\">".htmlspecialchars($responsibleUser->getFullName())."
    • "; + print "
  • ".getLongReadableDate($file->getDate())."
    • "; + if($file->getVersion()) + print "
  • ".getMLText('linked_to_this_version')."
    • "; + print "
".htmlspecialchars($file->getComment())."
\n"; + + $this->contentContainerEnd(); + } + if($user->isAdmin()) { $this->contentHeading(getMLText("status")); $this->contentContainerStart(); diff --git a/views/bootstrap/class.ViewDocument.php b/views/bootstrap/class.ViewDocument.php index b2edfded3..6d0da492e 100644 --- a/views/bootstrap/class.ViewDocument.php +++ b/views/bootstrap/class.ViewDocument.php @@ -413,7 +413,9 @@ class SeedDMS_View_ViewDocument extends SeedDMS_Bootstrap_Style { } /* Retrieve attacheѕ files */ - $files = $document->getDocumentFiles(); + $latestContent = $document->getLatestContent(); + $files = $document->getDocumentFiles($latestContent->getVersion()); + $files = SeedDMS_Core_DMS::filterDocumentFiles($user, $files); /* Retrieve linked documents */ $links = $document->getDocumentLinks(); From 32d484a9245c2a6dd44154515d16de3bfd29855f Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Thu, 24 Nov 2016 12:00:54 +0100 Subject: [PATCH 3/7] remove mergeAccessList() --- SeedDMS_Core/Core/inc.ClassDMS.php | 55 ------------------------------ 1 file changed, 55 deletions(-) diff --git a/SeedDMS_Core/Core/inc.ClassDMS.php b/SeedDMS_Core/Core/inc.ClassDMS.php index 25834e267..e0433bad0 100644 --- a/SeedDMS_Core/Core/inc.ClassDMS.php +++ b/SeedDMS_Core/Core/inc.ClassDMS.php @@ -334,61 +334,6 @@ class SeedDMS_Core_DMS { return $tmp; } /* }}} */ - /** - * Merge access lists - * - * Merges two access lists. Objects of the second list will override objects - * in the first list. - * - * @param array $first list of access rights as returned by - * SeedDMS_Core_Document:: getAccessList() or SeedDMS_Core_Folder::getAccessList() - * @param array $secont list of access rights - * @return array merged list - */ - static function mergeAccessLists($first, $second) { /* {{{ */ - if($first && !$second) - return $first; - if(!$first && $second) - return $second; - - $tmp = array('users'=>array(), 'groups'=>array()); - if(!isset($first['users']) || !isset($first['groups']) || - !isset($second['users']) || !isset($second['groups'])) - return false; - - foreach ($first['users'] as $f) { - $new = $f; - foreach ($second['users'] as $i=>$s) { - if($f->getUserID() == $s->getUserID()) { - $new = $s; - unset($second['users'][$i]); - break; - } - } - array_push($tmp['users'], $new); - } - foreach ($seconf['users'] as $f) { - array_push($tmp['users'], $f); - } - - foreach ($first['groups'] as $f) { - $new = $f; - foreach ($second['groups'] as $i=>$s) { - if($f->getGroupID() == $s->getGroupID()) { - $new = $s; - unset($second['groups'][$i]); - break; - } - } - array_push($tmp['groups'], $new); - } - foreach ($second['groups'] as $f) { - array_push($tmp['groups'], $f); - } - - return $tmp; - } /* }}} */ - /** * Create a new instance of the dms * From 606effb759b78c4c0099032863c07844a9cfe240 Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Fri, 2 Dec 2016 12:24:27 +0100 Subject: [PATCH 4/7] fix sql to retrieve attachments --- SeedDMS_Core/Core/inc.ClassDocument.php | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/SeedDMS_Core/Core/inc.ClassDocument.php b/SeedDMS_Core/Core/inc.ClassDocument.php index eb2a04e05..b9f346bc0 100644 --- a/SeedDMS_Core/Core/inc.ClassDocument.php +++ b/SeedDMS_Core/Core/inc.ClassDocument.php @@ -1769,7 +1769,15 @@ class SeedDMS_Core_Document extends SeedDMS_Core_Object { /* {{{ */ if (!isset($this->_documentFiles)) { $db = $this->_dms->getDB(); - $queryStr = "SELECT * FROM `tblDocumentFiles` WHERE `document` = " . $this->_id." ORDER BY `date` DESC"; + $queryStr = "SELECT * FROM `tblDocumentFiles` WHERE `document` = " . $this->_id; + if($version) { + $queryStr .= " AND (`version`=0 OR `version`=".(int) $version.")"; + } + $queryStr .= " ORDER BY "; + if($version) { + $queryStr .= "`version` DESC,"; + } + $queryStr .= "`date` DESC"; $resArr = $db->getResultArray($queryStr); if (is_bool($resArr) && !$resArr) return false; From 19f77a37c865dc62d09524a53c6424ca200f09e0 Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Thu, 8 Dec 2016 16:15:05 +0100 Subject: [PATCH 5/7] add missing changes which got lost during last rebase --- SeedDMS_Core/Core/inc.ClassDocument.php | 30 ++++++++++++++++----- op/op.AddFile.php | 11 ++++++-- views/bootstrap/class.AddFile.php | 36 ++++++++++++++++--------- views/bootstrap/class.ViewDocument.php | 4 +++ 4 files changed, 59 insertions(+), 22 deletions(-) diff --git a/SeedDMS_Core/Core/inc.ClassDocument.php b/SeedDMS_Core/Core/inc.ClassDocument.php index b9f346bc0..3a872209e 100644 --- a/SeedDMS_Core/Core/inc.ClassDocument.php +++ b/SeedDMS_Core/Core/inc.ClassDocument.php @@ -1762,10 +1762,10 @@ class SeedDMS_Core_Document extends SeedDMS_Core_Object { /* {{{ */ if ((is_bool($resArr) && !$resArr) || count($resArr)==0) return false; $resArr = $resArr[0]; - return new SeedDMS_Core_DocumentFile($resArr["id"], $this, $resArr["userID"], $resArr["comment"], $resArr["date"], $resArr["dir"], $resArr["fileType"], $resArr["mimeType"], $resArr["orgFileName"], $resArr["name"]); + return new SeedDMS_Core_DocumentFile($resArr["id"], $this, $resArr["userID"], $resArr["comment"], $resArr["date"], $resArr["dir"], $resArr["fileType"], $resArr["mimeType"], $resArr["orgFileName"], $resArr["name"],$resArr["version"],$resArr["public"]); } /* }}} */ - function getDocumentFiles() { /* {{{ */ + function getDocumentFiles($version=0) { /* {{{ */ if (!isset($this->_documentFiles)) { $db = $this->_dms->getDB(); @@ -1784,19 +1784,19 @@ class SeedDMS_Core_Document extends SeedDMS_Core_Object { /* {{{ */ $this->_documentFiles = array(); foreach ($resArr as $row) { - array_push($this->_documentFiles, new SeedDMS_Core_DocumentFile($row["id"], $this, $row["userID"], $row["comment"], $row["date"], $row["dir"], $row["fileType"], $row["mimeType"], $row["orgFileName"], $row["name"])); + array_push($this->_documentFiles, new SeedDMS_Core_DocumentFile($row["id"], $this, $row["userID"], $row["comment"], $row["date"], $row["dir"], $row["fileType"], $row["mimeType"], $row["orgFileName"], $row["name"], $row["version"], $row["public"])); } } return $this->_documentFiles; } /* }}} */ - function addDocumentFile($name, $comment, $user, $tmpFile, $orgFileName,$fileType, $mimeType ) { /* {{{ */ + function addDocumentFile($name, $comment, $user, $tmpFile, $orgFileName,$fileType, $mimeType,$version=0,$public=1) { /* {{{ */ $db = $this->_dms->getDB(); $dir = $this->getDir(); - $queryStr = "INSERT INTO `tblDocumentFiles` (`comment`, `date`, `dir`, `document`, `fileType`, `mimeType`, `orgFileName`, `userID`, `name`) VALUES ". - "(".$db->qstr($comment).", ".$db->getCurrentTimestamp().", ".$db->qstr($dir).", ".$this->_id.", ".$db->qstr($fileType).", ".$db->qstr($mimeType).", ".$db->qstr($orgFileName).",".$user->getID().",".$db->qstr($name).")"; + $queryStr = "INSERT INTO `tblDocumentFiles` (`comment`, `date`, `dir`, `document`, `fileType`, `mimeType`, `orgFileName`, `userID`, `name`, `version`, `public`) VALUES ". + "(".$db->qstr($comment).", ".$db->getCurrentTimestamp().", ".$db->qstr($dir).", ".$this->_id.", ".$db->qstr($fileType).", ".$db->qstr($mimeType).", ".$db->qstr($orgFileName).",".$user->getID().",".$db->qstr($name).", ".((int) $version).", ".($public ? 1 : 0).")"; if (!$db->getResult($queryStr)) return false; $id = $db->getInsertID(); @@ -4378,6 +4378,16 @@ class SeedDMS_Core_DocumentFile { /* {{{ */ */ protected $_date; + /** + * @var integer version of document this file is attached to + */ + protected $_version; + + /** + * @var integer 1 if this link is public, or 0 if is only visible to the owner + */ + protected $_public; + /** * @var string directory where the file is stored. This is the * document id with a proceding '/'. @@ -4406,7 +4416,7 @@ class SeedDMS_Core_DocumentFile { /* {{{ */ */ protected $_name; - function __construct($id, $document, $userID, $comment, $date, $dir, $fileType, $mimeType, $orgFileName,$name) { + function __construct($id, $document, $userID, $comment, $date, $dir, $fileType, $mimeType, $orgFileName,$name,$version,$public) { $this->_id = $id; $this->_document = $document; $this->_userID = $userID; @@ -4417,6 +4427,8 @@ class SeedDMS_Core_DocumentFile { /* {{{ */ $this->_mimeType = $mimeType; $this->_orgFileName = $orgFileName; $this->_name = $name; + $this->_version = $version; + $this->_public = $public; } function getID() { return $this->_id; } @@ -4440,6 +4452,10 @@ class SeedDMS_Core_DocumentFile { /* {{{ */ return $this->_document->getDir() . "f" .$this->_id . $this->_fileType; } + function getVersion() { return $this->_version; } + + function isPublic() { return $this->_public; } + } /* }}} */ // diff --git a/op/op.AddFile.php b/op/op.AddFile.php index a1507cf13..05d630bdb 100644 --- a/op/op.AddFile.php +++ b/op/op.AddFile.php @@ -77,6 +77,13 @@ for ($file_num=0;$file_numgetContentByVersion($version); + if(!$v) { + UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("error_occured")); + } $userfiletmp = $_FILES["userfile"]["tmp_name"][$file_num]; $userfiletype = $_FILES["userfile"]["type"][$file_num]; @@ -90,8 +97,8 @@ for ($file_num=0;$file_numaddDocumentFile($name, $comment, $user, $userfiletmp, - basename($userfilename),$fileType, $userfiletype ); - + basename($userfilename),$fileType, $userfiletype, $version, $public); + if (is_bool($res) && !$res) { UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("error_occured")); } else { diff --git a/views/bootstrap/class.AddFile.php b/views/bootstrap/class.AddFile.php index 8804ee128..571e88245 100644 --- a/views/bootstrap/class.AddFile.php +++ b/views/bootstrap/class.AddFile.php @@ -143,7 +143,6 @@ $(document).ready( function() {
-
@@ -155,28 +154,39 @@ $(document).ready( function() { ?>
- - +
+ +
+
-
- -
+
- -
- - -
- "> +getAccessMode($user) >= M_READWRITE) { + print "
"; + print "
"; + print ""; + print "
"; + } +?> +
+ +
">
- contentContainerEnd(); diff --git a/views/bootstrap/class.ViewDocument.php b/views/bootstrap/class.ViewDocument.php index 6d0da492e..e6de33bbc 100644 --- a/views/bootstrap/class.ViewDocument.php +++ b/views/bootstrap/class.ViewDocument.php @@ -1215,6 +1215,10 @@ class SeedDMS_View_ViewDocument extends SeedDMS_Bootstrap_Style { print "
  • ".getMLText("uploaded_by")." getEmail()."\">".htmlspecialchars($responsibleUser->getFullName())."
    • "; print "
  • ".getLongReadableDate($file->getDate())."
    • "; + if($file->getVersion()) + print "
  • ".getMLText('linked_to_current_version')."
    • "; + else + print "
  • ".getMLText('linked_to_document')."
    • "; print ""; print "".htmlspecialchars($file->getComment()).""; From 675648ef2029ca7eabf669539f9ffa6c54d538f9 Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Thu, 8 Dec 2016 17:20:44 +0100 Subject: [PATCH 6/7] =?UTF-8?q?add=20change=D1=95=20to=20database=20tables?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- install/create_tables-innodb.sql | 2 ++ install/create_tables-sqlite3.sql | 2 ++ 2 files changed, 4 insertions(+) diff --git a/install/create_tables-innodb.sql b/install/create_tables-innodb.sql index 88ca4958a..147e5d3b5 100644 --- a/install/create_tables-innodb.sql +++ b/install/create_tables-innodb.sql @@ -301,7 +301,9 @@ CREATE TABLE `tblDocumentLinks` ( CREATE TABLE `tblDocumentFiles` ( `id` int(11) NOT NULL auto_increment, `document` int(11) NOT NULL default '0', + `version` smallint(5) unsigned NOT NULL default '0', `userID` int(11) NOT NULL default '0', + `public` tinyint(1) NOT NULL default '0', `comment` text, `name` varchar(150) default NULL, `date` int(12) default NULL, diff --git a/install/create_tables-sqlite3.sql b/install/create_tables-sqlite3.sql index 64b517fd1..7f8abc821 100644 --- a/install/create_tables-sqlite3.sql +++ b/install/create_tables-sqlite3.sql @@ -263,7 +263,9 @@ CREATE TABLE `tblDocumentLinks` ( CREATE TABLE `tblDocumentFiles` ( `id` INTEGER PRIMARY KEY AUTOINCREMENT, `document` INTEGER NOT NULL default 0 REFERENCES `tblDocuments` (`id`), + `version` INTEGER unsigned NOT NULL default '0', `userID` INTEGER NOT NULL default 0 REFERENCES `tblUsers` (`id`), + `public` INTEGER NOT NULL default '0', `comment` text, `name` varchar(150) default NULL, `date` INTEGER default NULL, From 007f7c7f2c5a59a23a9c3a149ecbab201109036e Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Tue, 17 Jan 2017 06:45:06 +0100 Subject: [PATCH 7/7] check if version is set --- op/op.AddFile.php | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/op/op.AddFile.php b/op/op.AddFile.php index 05d630bdb..0f5eee622 100644 --- a/op/op.AddFile.php +++ b/op/op.AddFile.php @@ -80,9 +80,11 @@ for ($file_num=0;$file_numgetContentByVersion($version); - if(!$v) { - UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("error_occured")); + if($version) { + $v = $document->getContentByVersion($version); + if(!$v) { + UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("error_occured")); + } } $userfiletmp = $_FILES["userfile"]["tmp_name"][$file_num];