check if folder/document is below rootDir can be turned on (default off)

2024-10-04 23:22:24 +00:00 · 2020-12-16 16:47:49 +01:00 · 2020-12-16 16:47:49 +01:00 · 68ae8c17a5
commit 68ae8c17a5
parent c2783c6d70
4 changed files with 58 additions and 9 deletions
--- a/SeedDMS_Core/Core/inc.ClassDMS.php
+++ b/SeedDMS_Core/Core/inc.ClassDMS.php
@ -161,6 +161,13 @@ class SeedDMS_Core_DMS {
 	 */
 	public $noReadForStatus;

+	/**
+	 * @var boolean $checkWithinRootDir check if folder/document being accessed
+	 *      is within the rootdir
+	 * @access public
+	 */
+	public $checkWithinRootDir;
+
 	/**
 	 * @var string $version version of pear package
 	 * @access public
@ -383,6 +390,7 @@ class SeedDMS_Core_DMS {
 		$this->rootFolderID = 1;
 		$this->maxDirID = 0; //31998;
 		$this->forceRename = false;
+		$this->checkWithinRootDir = false;
 		$this->enableConverting = false;
 		$this->convertFileTypes = array();
 		$this->noReadForStatus = array();
@ -1472,6 +1480,10 @@ class SeedDMS_Core_DMS {
 			$searchFolder = "";
 			if ($startFolder) {
 				$searchFolder = "`tblFolders`.`folderList` LIKE '%:".$startFolder->getID().":%'";
+				if($this->checkWithinRootDir)
+					$searchFolder = '('.$searchFolder." AND `tblFolders`.`folderList` LIKE '%:".$this->rootFolderID.":%')";
+			} elseif($this->checkWithinRootDir) {
+				$searchFolder = "`tblFolders`.`folderList` LIKE '%:".$this->rootFolderID.":%'";
 			}

 			// Check to see if the search has been restricted to a particular
@ -1634,6 +1646,10 @@ class SeedDMS_Core_DMS {
 			$searchFolder = "";
 			if ($startFolder) {
 				$searchFolder = "`tblDocuments`.`folderList` LIKE '%:".$startFolder->getID().":%'";
+				if($this->checkWithinRootDir)
+					$searchFolder = '('.$searchFolder." AND `tblDocuments`.`folderList` LIKE '%:".$this->rootFolderID.":%')";
+			} elseif($this->checkWithinRootDir) {
+				$searchFolder = "`tblDocuments`.`folderList` LIKE '%:".$this->rootFolderID.":%'";
 			}

 			// Check to see if the search has been restricted to a particular
@ -1920,6 +1936,9 @@ class SeedDMS_Core_DMS {
 	 * @return SeedDMS_Core_Folder|boolean found folder or false
 	 */
 	function getFolderByName($name, $folder=null) { /* {{{ */
+		$classname = $this->classnames['folder'];
+		return $classname::getInstanceByName($name, $folder, $this);
+
 		if (!$name) return false;

 		$queryStr = "SELECT * FROM `tblFolders` WHERE `name` = " . $this->db->qstr($name);
--- a/SeedDMS_Core/Core/inc.ClassDocument.php
+++ b/SeedDMS_Core/Core/inc.ClassDocument.php
@ -294,6 +294,8 @@ class SeedDMS_Core_Document extends SeedDMS_Core_Object { /* {{{ */

 //		$queryStr = "SELECT * FROM `tblDocuments` WHERE `id` = " . (int) $id;
 		$queryStr = "SELECT `tblDocuments`.*, `tblDocumentLocks`.`userID` as `lock` FROM `tblDocuments` LEFT JOIN `tblDocumentLocks` ON `tblDocuments`.`id` = `tblDocumentLocks`.`document` WHERE `id` = " . (int) $id;
+		if($dms->checkWithinRootDir)
+			$queryStr .= " AND `folderList` LIKE '%:".$dms->rootFolderID.":%'";
 		$resArr = $db->getResultArray($queryStr);
 		if (is_bool($resArr) && $resArr == false)
 			return false;
--- a/SeedDMS_Core/Core/inc.ClassFolder.php
+++ b/SeedDMS_Core/Core/inc.ClassFolder.php
@ -205,21 +205,48 @@ class SeedDMS_Core_Folder extends SeedDMS_Core_Object {
 		$db = $dms->getDB();

 		$queryStr = "SELECT * FROM `tblFolders` WHERE `id` = " . (int) $id;
+		if($dms->checkWithinRootDir && ($id != $dms->rootFolderID))
+			$queryStr .= " AND `folderList` LIKE '%:".$dms->rootFolderID.":%'";
 		$resArr = $db->getResultArray($queryStr);
 		if (is_bool($resArr) && $resArr == false)
 			return false;
-		else if (count($resArr) != 1)
+		elseif (count($resArr) != 1)
 			return null;

 		return self::getInstanceByData($resArr[0], $dms);
-	
-		$resArr = $resArr[0];
-		$classname = $dms->getClassname('folder');
-		/** @var SeedDMS_Core_Folder $folder */
-		$folder = new $classname($resArr["id"], $resArr["name"], $resArr["parent"], $resArr["comment"], $resArr["date"], $resArr["owner"], $resArr["inheritAccess"], $resArr["defaultAccess"], $resArr["sequence"]);
-		$folder->setDMS($dms);
-		$folder = $folder->applyDecorators();
-		return $folder;
+	} /* }}} */
+
+	/**
+	 * Return a folder by its name
+	 *
+	 * This function retrieves a folder from the database by its name. The
+	 * search covers the whole database. If
+	 * the parameter $folder is not null, it will search for the name
+	 * only within this parent folder. It will not be done recursively.
+	 *
+	 * @param string $name name of the folder
+	 * @param SeedDMS_Core_Folder $folder parent folder
+	 * @return SeedDMS_Core_Folder|boolean found folder or false
+	 */
+	public static function getInstanceByName($name, $folder=null, $dms) { /* {{{ */
+		if (!$name) return false;
+
+		$db = $dms->getDB();
+		$queryStr = "SELECT * FROM `tblFolders` WHERE `name` = " . $db->qstr($name);
+		if($folder)
+			$queryStr .= " AND `parent` = ". $folder->getID();
+		if($dms->checkWithinRootDir && ($id != $dms->rootFolderID))
+			$queryStr .= " AND `folderList` LIKE '%:".$dms->rootFolderID.":%'";
+		$queryStr .= " LIMIT 1";
+		$resArr = $db->getResultArray($queryStr);
+
+		if (is_bool($resArr) && $resArr == false)
+			return false;
+
+		if(!$resArr)
+			return false;
+
+		return self::getInstanceByData($resArr[0], $dms);
 	} /* }}} */

 	/**
--- a/SeedDMS_Core/package.xml
+++ b/SeedDMS_Core/package.xml
@ -27,6 +27,7 @@
 - SeedDMS_Folder_DMS::getAccessList() and getDefaultAccess() do not return fals anymore if the parent does not exists. They just stop inheritance.
 - pass attribute value to callback 'onAttributeValidate'
 - new paramter 'new' of methode SeedDMЅ_Core_AttributeDefinition::validate()
+- check if folder/document is below rootDir can be turned on (default off)
 </notes>
 <contents>
  <dir baseinstalldir="SeedDMS" name="/">