mirror of
https://git.code.sf.net/p/seeddms/code
synced 2025-10-10 02:52:40 +00:00
take out access check
This commit is contained in:
parent
0909d43bcf
commit
a3df77e713
|
@ -26,7 +26,6 @@ include("../inc/inc.Extension.php");
|
||||||
include("../inc/inc.DBInit.php");
|
include("../inc/inc.DBInit.php");
|
||||||
include("../inc/inc.Authentication.php");
|
include("../inc/inc.Authentication.php");
|
||||||
include("../inc/inc.ClassUI.php");
|
include("../inc/inc.ClassUI.php");
|
||||||
include("../inc/inc.ClassAccessOperation.php");
|
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Include class to preview documents
|
* Include class to preview documents
|
||||||
|
@ -36,9 +35,6 @@ require_once("SeedDMS/Preview.php");
|
||||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||||
$accessop = new SeedDMS_AccessOperation($dms, $user, $settings);
|
$accessop = new SeedDMS_AccessOperation($dms, $user, $settings);
|
||||||
if(!$accessop->check_view_access($view, $_GET)) {
|
|
||||||
UI::exitError("", getMLText("access_denied"));
|
|
||||||
}
|
|
||||||
|
|
||||||
if (!isset($_GET["folderid"]) || !is_numeric($_GET["folderid"]) || intval($_GET["folderid"])<1) {
|
if (!isset($_GET["folderid"]) || !is_numeric($_GET["folderid"]) || intval($_GET["folderid"])<1) {
|
||||||
$folderid = $settings->_rootFolderID;
|
$folderid = $settings->_rootFolderID;
|
||||||
|
@ -75,6 +71,7 @@ if($view) {
|
||||||
$view->setParam('previewWidthList', $settings->_previewWidthList);
|
$view->setParam('previewWidthList', $settings->_previewWidthList);
|
||||||
$view->setParam('previewconverters', $settings->_converters['preview']);
|
$view->setParam('previewconverters', $settings->_converters['preview']);
|
||||||
$view->setParam('timeout', $settings->_cmdTimeout);
|
$view->setParam('timeout', $settings->_cmdTimeout);
|
||||||
|
$view->setParam('accessobject', $accessop);
|
||||||
$view($_GET);
|
$view($_GET);
|
||||||
exit;
|
exit;
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue
Block a user