gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-02-11 09:35:00 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

add 'deletedocument', 'movedocument' requires a formtoken

Browse Source
This commit is contained in:
Uwe Steinmann 2014-06-04 19:15:28 +02:00
parent 8ec7e3e0f5
commit c09e650c89
1 changed files with 47 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

61
op/op.Ajax.php
View File

@ -215,33 +215,66 @@ switch($command) {
case 'movedocument': /* {{{ */
if($user) {
$mdocument = $dms->getDocument($_REQUEST['docid']);
if($mdocument) {
if ($mdocument->getAccessMode($user) >= M_READ) {
if($folder = $dms->getFolder($_REQUEST['targetfolderid'])) {
if($folder->getAccessMode($user) >= M_READWRITE) {
if($mdocument->setFolder($folder)) {
header('Content-Type', 'application/json');
echo json_encode(array('success'=>true, 'message'=>'Document moved', 'data'=>''));
if(!checkFormKey('movedocument', 'GET')) {
header('Content-Type', 'application/json');
echo json_encode(array('success'=>false, 'message'=>getMLText('invalid_request_token'), 'data'=>''));
} else {
$mdocument = $dms->getDocument($_REQUEST['docid']);
if($mdocument) {
if ($mdocument->getAccessMode($user) >= M_READ) {
if($folder = $dms->getFolder($_REQUEST['targetfolderid'])) {
if($folder->getAccessMode($user) >= M_READWRITE) {
if($mdocument->setFolder($folder)) {
header('Content-Type', 'application/json');
echo json_encode(array('success'=>true, 'message'=>'Document moved', 'data'=>''));
} else {
header('Content-Type', 'application/json');
echo json_encode(array('success'=>false, 'message'=>'Error moving folder', 'data'=>''));
}
} else {
header('Content-Type', 'application/json');
echo json_encode(array('success'=>false, 'message'=>'Error moving folder', 'data'=>''));
echo json_encode(array('success'=>false, 'message'=>'No access on destination folder', 'data'=>''));
}
} else {
header('Content-Type', 'application/json');
echo json_encode(array('success'=>false, 'message'=>'No access on destination folder', 'data'=>''));
echo json_encode(array('success'=>false, 'message'=>'No destination folder', 'data'=>''));
}
} else {
header('Content-Type', 'application/json');
echo json_encode(array('success'=>false, 'message'=>'No destination folder', 'data'=>''));
echo json_encode(array('success'=>false, 'message'=>'No access', 'data'=>''));
}
} else {
header('Content-Type', 'application/json');
echo json_encode(array('success'=>false, 'message'=>'No access', 'data'=>''));
echo json_encode(array('success'=>false, 'message'=>'No folder', 'data'=>''));
}
} else {
}
}
break; /* }}} */
case 'deletedocument': /* {{{ */
if($user) {
if(!checkFormKey('removedocument', 'GET')) {
header('Content-Type', 'application/json');
echo json_encode(array('success'=>false, 'message'=>'No folder', 'data'=>''));
echo json_encode(array('success'=>false, 'message'=>getMLText('invalid_request_token'), 'data'=>''));
} else {
$document = $dms->getDocument($_REQUEST['id']);
if($document) {
if ($document->getAccessMode($user) >= M_READWRITE) {
if($document->remove()) {
header('Content-Type', 'application/json');
echo json_encode(array('success'=>true, 'message'=>'', 'data'=>''.$_REQUEST['formtoken']));
} else {
header('Content-Type', 'application/json');
echo json_encode(array('success'=>false, 'message'=>'Error removing document', 'data'=>''));
}
} else {
header('Content-Type', 'application/json');
echo json_encode(array('success'=>false, 'message'=>'No access', 'data'=>''));
}
} else {
header('Content-Type', 'application/json');
echo json_encode(array('success'=>false, 'message'=>'No document', 'data'=>''));
}
}
}
break; /* }}} */