gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2024-11-26 15:32:13 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge branch 'seeddms-5.1.x' into seeddms-6.0.x

Browse Source
This commit is contained in:
Uwe Steinmann 2024-03-23 11:56:11 +01:00
commit ceaa62f16c
28 changed files with 256 additions and 108 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
CHANGELOG
View File

@ -290,6 +290,12 @@
- documents can be updated by dragging a file on a document list item - documents can be updated by dragging a file on a document list item
- dragging a folder on a folder list item oder the drag and drop area will - dragging a folder on a folder list item oder the drag and drop area will
recursively upload the folder hierarchy including all files recursively upload the folder hierarchy including all files
- fix checking if user is owner when sending notifications
- do not show fast upload area if access on folder is insufficient
- do not send notification mail 'submitted review/approval' to owner of
document, still send it to uploader of version
- set default language in login form if language selector is turned off
- do not show full list of notifiers to none admins
-------------------------------------------------------------------------------- --------------------------------------------------------------------------------
Changes in version 5.1.33 Changes in version 5.1.33

5
inc/inc.ClassDbAuthentication.php
View File

@ -47,6 +47,11 @@ class SeedDMS_DbAuthentication extends SeedDMS_Authentication {
if($user = $dms->getUserByLogin($username)) { if($user = $dms->getUserByLogin($username)) {
$userid = $user->getID(); $userid = $user->getID();
// Check if password matches
if (!seed_pass_verify($password, $user->getPwd())) {
$user = null;
}
} elseif(!empty($this->settings->_enableLoginByEmail) && ($user = $dms->getUserByEmail($username))) {
// Check if password matches // Check if password matches
if (!seed_pass_verify($password, $user->getPwd())) { if (!seed_pass_verify($password, $user->getPwd())) {
$user = null; $user = null;

54
inc/inc.ClassLdapAuthentication.php
View File

@ -126,14 +126,16 @@ class SeedDMS_LdapAuthentication extends SeedDMS_Authentication {
* look like if searching for that user didn't return a dn. * look like if searching for that user didn't return a dn.
*/ */
if (isset($settings->_ldapBaseDN)) { if (isset($settings->_ldapBaseDN)) {
$ldapSearchAttribut = "uid="; $ldapSearchAttribut = "uid";
/* $tmpDN will only be used as a last resort if searching for the user failed */
$tmpDN = "uid=".$username.",".$settings->_ldapBaseDN; $tmpDN = "uid=".$username.",".$settings->_ldapBaseDN;
} }
/* Active directory has a different base dn */ /* Active directory has a different base dn */
if (isset($settings->_ldapType)) { if (isset($settings->_ldapType)) {
if ($settings->_ldapType==1) { if ($settings->_ldapType==1) {
$ldapSearchAttribut = "sAMAccountName="; $ldapSearchAttribut = "sAMAccountName";
/* $tmpDN will only be used as a last resort if searching for the user failed */
$tmpDN = $username.'@'.$settings->_ldapAccountDomainName; $tmpDN = $username.'@'.$settings->_ldapAccountDomainName;
// Add the following if authentication with an Active Dir doesn't work // Add the following if authentication with an Active Dir doesn't work
// See https://sourceforge.net/p/seeddms/discussion/general/thread/19c70d8d/ // See https://sourceforge.net/p/seeddms/discussion/general/thread/19c70d8d/
@ -155,7 +157,21 @@ class SeedDMS_LdapAuthentication extends SeedDMS_Authentication {
} else { } else {
$bind = @ldap_bind($ds); $bind = @ldap_bind($ds);
} }
$dn = false; $dn = false;
/* The simplest search is just the username */
$ldapsearchterm = $ldapSearchAttribut.'='.$username;
/* If login by email is allowed, the search for user name is ored with
* the search for the email.
*/
if($settings->_enableLoginByEmail) {
$ldapsearchterm = "|(".$ldapsearchterm.")(mail=".$username.")";
}
/* If a ldap filter is set, it will be anded */
if($settings->_ldapFilter) {
$ldapsearchterm = "&(".$ldapsearchterm.")".$settings->_ldapFilter;
}
/* If bind succeed, then get the dn of the user. If a filter /* If bind succeed, then get the dn of the user. If a filter
* is set, it will be used to allow only those users to log in * is set, it will be used to allow only those users to log in
* matching the filter criteria. Depending on the type of server, * matching the filter criteria. Depending on the type of server,
@ -163,19 +179,32 @@ class SeedDMS_LdapAuthentication extends SeedDMS_Authentication {
* 'sAMAccountName=' or 'uid='. All other filters are ANDed. * 'sAMAccountName=' or 'uid='. All other filters are ANDed.
* A common filter is '(mail=*)' to ensure a user has an email * A common filter is '(mail=*)' to ensure a user has an email
* address. * address.
* If the previous bind failed, we could try later to bind with
* the user's credentials (this was until 6.0.26 and 5.1.33 the case),
* but if login by email is allowed, it makes no sense to try it. The
* only way to bind is by using a correct dn and that cannot be
* formed with an email.
*/ */
if ($bind) { if ($bind) {
/*
if (!empty($settings->_ldapFilter)) { if (!empty($settings->_ldapFilter)) {
$search = ldap_search($ds, $settings->_ldapBaseDN, "(&(".$ldapSearchAttribut.$username.")".$settings->_ldapFilter.")"); $search = ldap_search($ds, $settings->_ldapBaseDN, "(&(".$ldapSearchAttribut.'='.$username.")".$settings->_ldapFilter.")");
} else { } else {
$search = ldap_search($ds, $settings->_ldapBaseDN, $ldapSearchAttribut.$username); $search = ldap_search($ds, $settings->_ldapBaseDN, $ldapSearchAttribut.'='.$username);
} }
*/
$search = ldap_search($ds, $settings->_ldapBaseDN, "(".$ldapsearchterm.")");
if (!is_bool($search)) { if (!is_bool($search)) {
$info = ldap_get_entries($ds, $search); $info = ldap_get_entries($ds, $search);
if (!is_bool($info) && $info["count"]>0) { if (!is_bool($info) && $info["count"]>0) {
$dn = $info[0]['dn']; $dn = $info[0]['dn'];
/* Set username to login name in case the email was used for authentication */
$username = $info[0][$ldapSearchAttribut][0];
} }
} }
} elseif(!empty($settings->_enableLoginByEmail)) {
ldap_close($ds);
return null;
} }
/* If the previous bind failed, try it with the users creditionals /* If the previous bind failed, try it with the users creditionals
@ -188,8 +217,10 @@ class SeedDMS_LdapAuthentication extends SeedDMS_Authentication {
* If that user was filtered out, because filter was set to '(mail=*)' * If that user was filtered out, because filter was set to '(mail=*)'
* and the user doesn't have a mail address, then $dn will not be * and the user doesn't have a mail address, then $dn will not be
* set and $tmpDN will be used instead, allowing a successfull bind. * set and $tmpDN will be used instead, allowing a successfull bind.
* Also do not take the $tmpDN if login by email is allowed, because
* the username could be the email and that doesn't form a valid dn.
*/ */
if (is_bool($dn) && empty($settings->_ldapFilter)) { if (is_bool($dn) && empty($settings->_ldapFilter) && empty($settings->_enableLoginByEmail)) {
$dn = $tmpDN; $dn = $tmpDN;
} }
@ -201,6 +232,9 @@ class SeedDMS_LdapAuthentication extends SeedDMS_Authentication {
/* Check if user already exists in the database. Return with an error /* Check if user already exists in the database. Return with an error
* only if the sql statements fails, but not if no user was found. * only if the sql statements fails, but not if no user was found.
* The username may not be the one passed to this function anymore. It
* could have been overwritten by uid (or sAMAccountName) derived from
* the above ldap search.
*/ */
$user = $dms->getUserByLogin($username); $user = $dms->getUserByLogin($username);
if($user === false) { if($user === false) {
@ -217,13 +251,15 @@ class SeedDMS_LdapAuthentication extends SeedDMS_Authentication {
// Successfully authenticated. Now check to see if the user exists within // Successfully authenticated. Now check to see if the user exists within
// the database. If not, add them in if _restricted is not set, // the database. If not, add them in if _restricted is not set,
// but do not add their password. // but do not set the password of the user.
if (!$settings->_restricted) { if (!$settings->_restricted) {
// Retrieve the user's LDAP information. /* Retrieve the user's LDAP information. At this time the username is
* the uid or sAMAccountName, even if the email was used for login.
*/
if (isset($settings->_ldapFilter) && strlen($settings->_ldapFilter) > 0) { if (isset($settings->_ldapFilter) && strlen($settings->_ldapFilter) > 0) {
$search = ldap_search($ds, $settings->_ldapBaseDN, "(&(".$ldapSearchAttribut.$username.")".$settings->_ldapFilter.")"); $search = ldap_search($ds, $settings->_ldapBaseDN, "(&(".$ldapSearchAttribut.'='.$username.")".$settings->_ldapFilter.")");
} else { } else {
$search = ldap_search($ds, $settings->_ldapBaseDN, $ldapSearchAttribut.$username); $search = ldap_search($ds, $settings->_ldapBaseDN, $ldapSearchAttribut.'='.$username);
} }
if (!is_bool($search)) { if (!is_bool($search)) {

24
inc/inc.ClassNotificationService.php
View File

@ -439,7 +439,7 @@ class SeedDMS_NotificationService {
* the currently logged in user is not the * the currently logged in user is not the
* owner and the owner is not already in the list of notifiers. * owner and the owner is not already in the list of notifiers.
*/ */
if($user->getID() != $version->getUser()->getID() && $version->getUser()->getID() != $document->getOwner() && false === SeedDMS_Core_DMS::inList($version->getUser(), $nl['users'])) if($user->getID() != $version->getUser()->getID() && $version->getUser()->getID() != $document->getOwner()->getID() && false === SeedDMS_Core_DMS::inList($version->getUser(), $nl['users']))
$this->toIndividual($user, $version->getUser(), $subject, $message, $params, SeedDMS_NotificationService::RECV_UPLOADER); $this->toIndividual($user, $version->getUser(), $subject, $message, $params, SeedDMS_NotificationService::RECV_UPLOADER);
} /* }}} */ } /* }}} */
@ -573,12 +573,12 @@ class SeedDMS_NotificationService {
* the currently logged in user is not the * the currently logged in user is not the
* owner and the owner is not already in the list of notifiers. * owner and the owner is not already in the list of notifiers.
*/ */
if($user->getID() != $content->getUser()->getID() && $content->getUser()->getID() != $document->getOwner() && false === SeedDMS_Core_DMS::inList($content->getUser(), $nl['users'])) if($user->getID() != $content->getUser()->getID() && $content->getUser()->getID() != $document->getOwner()->getID() && false === SeedDMS_Core_DMS::inList($content->getUser(), $nl['users']))
$this->toIndividual($user, $content->getUser(), $subject, $message, $params, SeedDMS_NotificationService::RECV_UPLOADER); $this->toIndividual($user, $content->getUser(), $subject, $message, $params, SeedDMS_NotificationService::RECV_UPLOADER);
} /* }}} */ } /* }}} */
/** /**
* This notification is sent when a new attachment is created. * This notification is sent when an attachment is deleted.
*/ */
public function sendDeleteFileMail($file, $user) { /* {{{ */ public function sendDeleteFileMail($file, $user) { /* {{{ */
$document = $file->getDocument(); $document = $file->getDocument();
@ -816,10 +816,10 @@ class SeedDMS_NotificationService {
$params['sitename'] = $this->settings->_siteName; $params['sitename'] = $this->settings->_siteName;
$params['http_root'] = $this->settings->_httpRoot; $params['http_root'] = $this->settings->_httpRoot;
// if user is not owner send notification to owner // if user is not uploader of the version send notification to uploader
if ($user->getID() != $document->getOwner()->getID() && if ($user->getID() != $content->getUser()->getID() &&
false === SeedDMS_Core_DMS::inList($document->getOwner(), $notifyList['users'])) { false === SeedDMS_Core_DMS::inList($content->getUser(), $notifyList['users'])) {
$this->toIndividual($user, $document->getOwner(), $subject, $message, $params, SeedDMS_NotificationService::RECV_OWNER); $this->toIndividual($user, $content->getUser(), $subject, $message, $params, SeedDMS_NotificationService::RECV_UPLOADER);
} }
$this->toList($user, $notifyList["users"], $subject, $message, $params, SeedDMS_NotificationService::RECV_NOTIFICATION); $this->toList($user, $notifyList["users"], $subject, $message, $params, SeedDMS_NotificationService::RECV_NOTIFICATION);
foreach ($notifyList["groups"] as $grp) { foreach ($notifyList["groups"] as $grp) {
@ -1013,7 +1013,7 @@ class SeedDMS_NotificationService {
* the currently logged in user is not the * the currently logged in user is not the
* owner and the owner is not already in the list of notifiers. * owner and the owner is not already in the list of notifiers.
*/ */
if($user->getID() != $content->getUser()->getID() && $content->getUser()->getID() != $document->getOwner() && false === SeedDMS_Core_DMS::inList($content->getUser(), $nl['users'])) if($user->getID() != $content->getUser()->getID() && $content->getUser()->getID() != $document->getOwner()->getID() && false === SeedDMS_Core_DMS::inList($content->getUser(), $nl['users']))
$this->toIndividual($user, $content->getUser(), $subject, $message, $params, SeedDMS_NotificationService::RECV_UPLOADER); $this->toIndividual($user, $content->getUser(), $subject, $message, $params, SeedDMS_NotificationService::RECV_UPLOADER);
} /* }}} */ } /* }}} */
@ -1125,14 +1125,16 @@ class SeedDMS_NotificationService {
/* Send mail to owner only if the currently logged in user is not the /* Send mail to owner only if the currently logged in user is not the
* owner and the owner is not already in the list of notifiers. * owner and the owner is not already in the list of notifiers.
*/ */
/*
if($user->getID() != $document->getOwner()->getID() && false === SeedDMS_Core_DMS::inList($document->getOwner(), $nl['users'])) if($user->getID() != $document->getOwner()->getID() && false === SeedDMS_Core_DMS::inList($document->getOwner(), $nl['users']))
$this->toIndividual($user, $document->getOwner(), $subject, $message, $params, SeedDMS_NotificationService::RECV_OWNER); $this->toIndividual($user, $document->getOwner(), $subject, $message, $params, SeedDMS_NotificationService::RECV_OWNER);
*/
/* Send mail to uploader of version only if the uploader is not the owner and /* Send mail to uploader of version only if the uploader is not the owner and
* the currently logged in user is not the * the currently logged in user is not the
* owner and the owner is not already in the list of notifiers. * owner and the owner is not already in the list of notifiers.
*/ */
if($user->getID() != $content->getUser()->getID() && $content->getUser()->getID() != $document->getOwner() && false === SeedDMS_Core_DMS::inList($content->getUser(), $nl['users'])) if($user->getID() != $content->getUser()->getID() /* && $content->getUser()->getID() != $document->getOwner()->getID() */ && false === SeedDMS_Core_DMS::inList($content->getUser(), $nl['users']))
$this->toIndividual($user, $content->getUser(), $subject, $message, $params, SeedDMS_NotificationService::RECV_UPLOADER); $this->toIndividual($user, $content->getUser(), $subject, $message, $params, SeedDMS_NotificationService::RECV_UPLOADER);
} /* }}} */ } /* }}} */
@ -1161,14 +1163,16 @@ class SeedDMS_NotificationService {
/* Send mail to owner only if the currently logged in user is not the /* Send mail to owner only if the currently logged in user is not the
* owner and the owner is not already in the list of notifiers. * owner and the owner is not already in the list of notifiers.
*/ */
/*
if($user->getID() != $document->getOwner()->getID() && false === SeedDMS_Core_DMS::inList($document->getOwner(), $nl['users'])) if($user->getID() != $document->getOwner()->getID() && false === SeedDMS_Core_DMS::inList($document->getOwner(), $nl['users']))
$this->toIndividual($user, $document->getOwner(), $subject, $message, $params, SeedDMS_NotificationService::RECV_OWNER); $this->toIndividual($user, $document->getOwner(), $subject, $message, $params, SeedDMS_NotificationService::RECV_OWNER);
*/
/* Send mail to uploader of version only if the uploader is not the owner and /* Send mail to uploader of version only if the uploader is not the owner and
* the currently logged in user is not the * the currently logged in user is not the
* owner and the owner is not already in the list of notifiers. * owner and the owner is not already in the list of notifiers.
*/ */
if($user->getID() != $content->getUser()->getID() && $content->getUser()->getID() != $document->getOwner() && false === SeedDMS_Core_DMS::inList($content->getUser(), $nl['users'])) if($user->getID() != $content->getUser()->getID() /* && $content->getUser()->getID() != $document->getOwner()->getID() */ && false === SeedDMS_Core_DMS::inList($content->getUser(), $nl['users']))
$this->toIndividual($user, $content->getUser(), $subject, $message, $params, SeedDMS_NotificationService::RECV_UPLOADER); $this->toIndividual($user, $content->getUser(), $subject, $message, $params, SeedDMS_NotificationService::RECV_UPLOADER);
} /* }}} */ } /* }}} */

4
inc/inc.ClassSettings.php
View File

@ -47,6 +47,8 @@ class Settings { /* {{{ */
var $_enableGuestAutoLogin = false; var $_enableGuestAutoLogin = false;
// Set to true for 2-factor Authentication // Set to true for 2-factor Authentication
var $_enable2FactorAuthentication = false; var $_enable2FactorAuthentication = false;
// If you want to allow login by email, set the following to true
var $_enableLoginByEmail = false;
// Allow users to reset their password // Allow users to reset their password
var $_enablePasswordForgotten = false; var $_enablePasswordForgotten = false;
// Do not allow users to change password // Do not allow users to change password
@ -680,6 +682,7 @@ class Settings { /* {{{ */
$this->_enableGuestLogin = Settings::boolVal($tab["enableGuestLogin"]); $this->_enableGuestLogin = Settings::boolVal($tab["enableGuestLogin"]);
$this->_enableGuestAutoLogin = Settings::boolVal($tab["enableGuestAutoLogin"]); $this->_enableGuestAutoLogin = Settings::boolVal($tab["enableGuestAutoLogin"]);
$this->_enable2FactorAuthentication = Settings::boolVal($tab["enable2FactorAuthentication"]); $this->_enable2FactorAuthentication = Settings::boolVal($tab["enable2FactorAuthentication"]);
$this->_enableLoginByEmail = Settings::boolVal($tab["enableLoginByEmail"]);
$this->_enablePasswordForgotten = Settings::boolVal($tab["enablePasswordForgotten"]); $this->_enablePasswordForgotten = Settings::boolVal($tab["enablePasswordForgotten"]);
$this->_passwordStrength = intval($tab["passwordStrength"]); $this->_passwordStrength = intval($tab["passwordStrength"]);
$this->_passwordStrengthAlgorithm = strval($tab["passwordStrengthAlgorithm"]); $this->_passwordStrengthAlgorithm = strval($tab["passwordStrengthAlgorithm"]);
@ -1084,6 +1087,7 @@ class Settings { /* {{{ */
$this->setXMLAttributValue($node, "enableGuestLogin", $this->_enableGuestLogin); $this->setXMLAttributValue($node, "enableGuestLogin", $this->_enableGuestLogin);
$this->setXMLAttributValue($node, "enableGuestAutoLogin", $this->_enableGuestAutoLogin); $this->setXMLAttributValue($node, "enableGuestAutoLogin", $this->_enableGuestAutoLogin);
$this->setXMLAttributValue($node, "enable2FactorAuthentication", $this->_enable2FactorAuthentication); $this->setXMLAttributValue($node, "enable2FactorAuthentication", $this->_enable2FactorAuthentication);
$this->setXMLAttributValue($node, "enableLoginByEmail", $this->_enableLoginByEmail);
$this->setXMLAttributValue($node, "enablePasswordForgotten", $this->_enablePasswordForgotten); $this->setXMLAttributValue($node, "enablePasswordForgotten", $this->_enablePasswordForgotten);
$this->setXMLAttributValue($node, "passwordStrength", $this->_passwordStrength); $this->setXMLAttributValue($node, "passwordStrength", $this->_passwordStrength);
$this->setXMLAttributValue($node, "passwordStrengthAlgorithm", $this->_passwordStrengthAlgorithm); $this->setXMLAttributValue($node, "passwordStrengthAlgorithm", $this->_passwordStrengthAlgorithm);

16
inc/inc.Language.php
View File

@ -404,10 +404,24 @@ function getAttributeValidationText($error, $attrname='', $attrvalue='', $regex=
} /* }}} */ } /* }}} */
function getAttributeValidationError($error, $attrname='', $attrvalue='', $regex='') { /* {{{ */ function getAttributeValidationError($error, $attrname='', $attrvalue='', $regex='') { /* {{{ */
if(is_object($attrvalue))
$attrvalue = $attrvalue->getId();
switch($error) { switch($error) {
case 10: case 14:
return array("attr_not_in_valueset", array('attrname'=>$attrname, 'value'=>$attrvalue)); return array("attr_not_in_valueset", array('attrname'=>$attrname, 'value'=>$attrvalue));
break; break;
case 13:
return array("attr_not_a_group", array('attrname'=>$attrname, 'value'=>$attrvalue));
break;
case 12:
return array("attr_not_a_user", array('attrname'=>$attrname, 'value'=>$attrvalue));
break;
case 11:
return array("attr_not_a_folder", array('attrname'=>$attrname, 'value'=>$attrvalue));
break;
case 10:
return array("attr_not_a_document", array('attrname'=>$attrname, 'value'=>$attrvalue));
break;
case 9: case 9:
return array("attr_malformed_date", array('attrname'=>$attrname, 'value'=>$attrvalue)); return array("attr_malformed_date", array('attrname'=>$attrname, 'value'=>$attrvalue));
break; break;

3
op/op.Ajax.php
View File

@ -122,7 +122,8 @@ switch($command) {
foreach($hits['docs'] as $hit) { foreach($hits['docs'] as $hit) {
if($hit->getAccessMode($user, 'search') >= M_READ) { if($hit->getAccessMode($user, 'search') >= M_READ) {
if($hit->getLatestContent()) { if($hit->getLatestContent()) {
$result[] = $hit->getID().'#'.$hit->getName(); //$result[] = $hit->getID().'#'.$hit->getName();
$result[] = array('type'=>'D', 'id'=>$hit->getId(), 'name'=>htmlspecialchars($hit->getName()), 'path'=>htmlspecialchars($hit->getParent()->getFolderPathPlain(true, '/')));
} }
} }
} }

18
op/op.AttributeMgr.php
View File

@ -73,8 +73,13 @@ if ($action == "addattrdef") {
if($minvalues > $maxvalues) { if($minvalues > $maxvalues) {
UI::exitError(getMLText("admin_tools"),getMLText("attrdef_min_greater_max")); UI::exitError(getMLText("admin_tools"),getMLText("attrdef_min_greater_max"));
} }
if($multiple && $valueset == '' && !in_array($type, array(SeedDMS_Core_AttributeDefinition::type_user, SeedDMS_Core_AttributeDefinition::type_group))) { if($multiple) {
UI::exitError(getMLText("admin_tools"),getMLText("attrdef_multiple_needs_valueset")); if(in_array($type, array(SeedDMS_Core_AttributeDefinition::type_document, SeedDMS_Core_AttributeDefinition::type_folder))) {
UI::exitError(getMLText("admin_tools"),getMLText("attrdef_multiple_but_doc_or_folder"));
}
if($valueset == '' && !in_array($type, array(SeedDMS_Core_AttributeDefinition::type_user, SeedDMS_Core_AttributeDefinition::type_group))) {
UI::exitError(getMLText("admin_tools"),getMLText("attrdef_multiple_needs_valueset"));
}
} }
$controller->setParam('name', $name); $controller->setParam('name', $name);
@ -150,8 +155,13 @@ else if ($action == "editattrdef") {
if($minvalues > $maxvalues) { if($minvalues > $maxvalues) {
UI::exitError(getMLText("admin_tools"),getMLText("attrdef_min_greater_max")); UI::exitError(getMLText("admin_tools"),getMLText("attrdef_min_greater_max"));
} }
if($multiple && $valueset == '' && !in_array($type, array(SeedDMS_Core_AttributeDefinition::type_user, SeedDMS_Core_AttributeDefinition::type_group))) { if($multiple) {
UI::exitError(getMLText("admin_tools"),getMLText("attrdef_multiple_needs_valueset")); if(in_array($type, array(SeedDMS_Core_AttributeDefinition::type_document, SeedDMS_Core_AttributeDefinition::type_folder))) {
UI::exitError(getMLText("admin_tools"),getMLText("attrdef_multiple_but_doc_or_folder"));
}
if($valueset == '' && !in_array($type, array(SeedDMS_Core_AttributeDefinition::type_user, SeedDMS_Core_AttributeDefinition::type_group))) {
UI::exitError(getMLText("admin_tools"),getMLText("attrdef_multiple_needs_valueset"));
}
} }
$controller->setParam('name', $name); $controller->setParam('name', $name);

24
op/op.DocumentNotify.php
View File

@ -52,37 +52,39 @@ $action = $_POST["action"];
if (isset($_POST["userid"]) && (!is_numeric($_POST["userid"]) || $_POST["userid"]<-1)) { if (isset($_POST["userid"]) && (!is_numeric($_POST["userid"]) || $_POST["userid"]<-1)) {
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("unknown_user")); UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("unknown_user"));
} }
$userid = isset($_POST["userid"]) ? $_POST["userid"] : -1;
$userid = 0; if ($userid > 0){
if(isset($_POST["userid"])) $u=$dms->getUser($userid);
$userid = $_POST["userid"]; if (($u->getId() != $user->getId()) && !$user->isAdmin())
UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("access_denied"));
}
if (isset($_POST["groupid"]) && (!is_numeric($_POST["groupid"]) || $_POST["groupid"]<-1)) { if (isset($_POST["groupid"]) && (!is_numeric($_POST["groupid"]) || $_POST["groupid"]<-1)) {
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("unknown_group")); UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("unknown_group"));
} }
if(isset($_POST["groupid"])) $groupid = isset($_POST["groupid"]) ? $_POST["groupid"] : -1;
$groupid = $_POST["groupid"];
if (isset($_POST["groupid"])&&$_POST["groupid"]!=-1){ if ($groupid > 0){
$group=$dms->getGroup($groupid); $group=$dms->getGroup($groupid);
if (!$group->isMember($user,true) && !$user->isAdmin()) if (!$group->isMember($user,true) && !$user->isAdmin())
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied")); UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
} }
$folder = $document->getFolder(); $folder = $document->getFolder();
$docPathHTML = getFolderPathHTML($folder, true). " / <a href=\"../out/out.ViewDocument.php?documentid=".$documentid."\">".$document->getName()."</a>";
if ($document->getAccessMode($user) < M_READ) { if ($document->getAccessMode($user) < M_READ) {
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied")); UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
} }
// delete notification // delete notification
if ($action == "delnotify"){ if ($action == "delnotify") {
if ($userid) {
if ($userid > 0) {
$obj = $dms->getUser($userid); $obj = $dms->getUser($userid);
$res = $document->removeNotify($userid, true); $res = $document->removeNotify($userid, true);
} elseif (isset($groupid)) { } elseif ($groupid > 0) {
$obj = $dms->getGroup($groupid); $obj = $dms->getGroup($groupid);
$res = $document->removeNotify($groupid, false); $res = $document->removeNotify($groupid, false);
} }
@ -137,7 +139,7 @@ else if ($action == "addnotify") {
break; break;
} }
} }
if ($groupid != -1) { if ($groupid > 0) {
$res = $document->addNotify($groupid, false); $res = $document->addNotify($groupid, false);
switch ($res) { switch ($res) {
case -1: case -1:

22
op/op.FolderNotify.php
View File

@ -53,19 +53,24 @@ if (isset($_POST["userid"]) && (!is_numeric($_POST["userid"]) || $_POST["userid"
} }
$userid = isset($_POST["userid"]) ? $_POST["userid"] : -1; $userid = isset($_POST["userid"]) ? $_POST["userid"] : -1;
if ($userid > 0){
$u=$dms->getUser($userid);
if (($u->getId() != $user->getId()) && !$user->isAdmin())
UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("access_denied"));
}
if (isset($_POST["groupid"]) && (!is_numeric($_POST["groupid"]) || $_POST["groupid"]<-1)) { if (isset($_POST["groupid"]) && (!is_numeric($_POST["groupid"]) || $_POST["groupid"]<-1)) {
UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("unknown_group")); UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("unknown_group"));
} }
$groupid = isset($_POST["groupid"]) ? $_POST["groupid"] : -1; $groupid = isset($_POST["groupid"]) ? $_POST["groupid"] : -1;
if (isset($_POST["groupid"])&&$_POST["groupid"]!=-1){ if ($groupid > 0){
$group=$dms->getGroup($groupid); $group=$dms->getGroup($groupid);
if (!$group->isMember($user,true) && !$user->isAdmin()) if (!$group->isMember($user,true) && !$user->isAdmin())
UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("access_denied")); UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("access_denied"));
} }
$folderPathHTML = getFolderPathHTML($folder, true);
if ($folder->getAccessMode($user) < M_READ) { if ($folder->getAccessMode($user) < M_READ) {
UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("access_denied")); UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("access_denied"));
} }
@ -74,12 +79,11 @@ if ($folder->getAccessMode($user) < M_READ) {
if ($action == "delnotify") { if ($action == "delnotify") {
if ($userid > 0) { if ($userid > 0) {
$res = $folder->removeNotify($userid, true);
$obj = $dms->getUser($userid); $obj = $dms->getUser($userid);
} $res = $folder->removeNotify($userid, true);
elseif ($groupid > 0) { } elseif ($groupid > 0) {
$res = $folder->removeNotify($groupid, false);
$obj = $dms->getGroup($groupid); $obj = $dms->getGroup($groupid);
$res = $folder->removeNotify($groupid, false);
} }
switch ($res) { switch ($res) {
case -1: case -1:
@ -106,7 +110,7 @@ if ($action == "delnotify") {
// Add notification ---------------------------------------------------------- // Add notification ----------------------------------------------------------
else if ($action == "addnotify") { else if ($action == "addnotify") {
if ($userid != -1) { if ($userid > 0) {
$res = $folder->addNotify($userid, true); $res = $folder->addNotify($userid, true);
switch ($res) { switch ($res) {
case -1: case -1:
@ -132,7 +136,7 @@ else if ($action == "addnotify") {
break; break;
} }
} }
if ($groupid != -1) { if ($groupid > 0) {
$res = $folder->addNotify($groupid, false); $res = $folder->addNotify($groupid, false);
switch ($res) { switch ($res) {
case -1: case -1:

1
op/op.Settings.php
View File

@ -198,6 +198,7 @@ if ($action == "saveSettings")
setBoolValue("enableGuestLogin"); setBoolValue("enableGuestLogin");
setBoolValue("enableGuestAutoLogin"); setBoolValue("enableGuestAutoLogin");
setBoolValue("enable2FactorAuthentication"); setBoolValue("enable2FactorAuthentication");
setBoolValue("enableLoginByEmail");
setBoolValue("restricted"); setBoolValue("restricted");
setBoolValue("enableUserImage"); setBoolValue("enableUserImage");
setBoolValue("disableSelfEdit"); setBoolValue("disableSelfEdit");

1
out/out.DocumentNotify.php
View File

@ -55,6 +55,7 @@ if($view) {
$view->setParam('folder', $folder); $view->setParam('folder', $folder);
$view->setParam('document', $document); $view->setParam('document', $document);
$view->setParam('sortusersinlist', $settings->_sortUsersInList); $view->setParam('sortusersinlist', $settings->_sortUsersInList);
$view->setParam('enableusersview', $settings->_enableUsersView);
$view->setParam('accessobject', $accessop); $view->setParam('accessobject', $accessop);
$view($_GET); $view($_GET);
exit; exit;

11
out/out.FolderNotify.php
View File

@ -27,6 +27,7 @@ require_once("inc/inc.Init.php");
require_once("inc/inc.Extension.php"); require_once("inc/inc.Extension.php");
require_once("inc/inc.DBInit.php"); require_once("inc/inc.DBInit.php");
require_once("inc/inc.ClassUI.php"); require_once("inc/inc.ClassUI.php");
require_once("inc/inc.ClassAccessOperation.php");
require_once("inc/inc.Authentication.php"); require_once("inc/inc.Authentication.php");
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME'])); $tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
@ -36,6 +37,7 @@ $accessop = new SeedDMS_AccessOperation($dms, $user, $settings);
if (!isset($_GET["folderid"]) || !is_numeric($_GET["folderid"]) || intval($_GET["folderid"])<1) { if (!isset($_GET["folderid"]) || !is_numeric($_GET["folderid"]) || intval($_GET["folderid"])<1) {
UI::exitError(getMLText("folder_title", array("foldername" => getMLText("invalid_folder_id"))),getMLText("invalid_folder_id")); UI::exitError(getMLText("folder_title", array("foldername" => getMLText("invalid_folder_id"))),getMLText("invalid_folder_id"));
} }
$folder = $dms->getFolder($_GET["folderid"]); $folder = $dms->getFolder($_GET["folderid"]);
if (!is_object($folder)) { if (!is_object($folder)) {
@ -46,16 +48,15 @@ if ($folder->getAccessMode($user) < M_READ) {
UI::exitError(getMLText("folder_title", array("foldername" => htmlspecialchars($folder->getName()))),getMLText("access_denied")); UI::exitError(getMLText("folder_title", array("foldername" => htmlspecialchars($folder->getName()))),getMLText("access_denied"));
} }
$allUsers = $dms->getAllUsers($settings->_sortUsersInList); /* Create object for checking access to certain operations */
$allGroups = $dms->getAllGroups(); $accessop = new SeedDMS_AccessOperation($dms, null, $user, $settings);
if($view) { if($view) {
$view->setParam('showtree', showtree()); $view->setParam('showtree', showtree());
$view->setParam('folder', $folder); $view->setParam('folder', $folder);
$view->setParam('allusers', $allUsers); $view->setParam('enableusersview', $settings->_enableUsersView);
$view->setParam('allgroups', $allGroups);
$view->setParam('accessobject', $accessop);
$view->setParam('sortusersinlist', $settings->_sortUsersInList); $view->setParam('sortusersinlist', $settings->_sortUsersInList);
$view->setParam('accessobject', $accessop);
$view($_GET); $view($_GET);
exit; exit;
} }

1
out/out.Login.php
View File

@ -60,6 +60,7 @@ if($view) {
$view->setParam('enablelanguageselector', $settings->_enableLanguageSelector); $view->setParam('enablelanguageselector', $settings->_enableLanguageSelector);
$view->setParam('enablethemeselector', $settings->_enableThemeSelector); $view->setParam('enablethemeselector', $settings->_enableThemeSelector);
$view->setParam('enable2factauth', $settings->_enable2FactorAuthentication); $view->setParam('enable2factauth', $settings->_enable2FactorAuthentication);
$view->setParam('defaultlanguage', $settings->_language);
$view($_GET); $view($_GET);
exit; exit;
} }

4
restapi/index.php
View File

@ -728,13 +728,13 @@ class RestapiController { /* {{{ */
if($settings->_workflowMode == 'traditional' || $settings->_workflowMode == 'traditional_only_approval') { if($settings->_workflowMode == 'traditional' || $settings->_workflowMode == 'traditional_only_approval') {
// add mandatory reviewers/approvers // add mandatory reviewers/approvers
if($settings->_workflowMode == 'traditional') { if($settings->_workflowMode == 'traditional') {
$mreviewers = getMandatoryReviewers($mfolder, $userobj); $mreviewers = getMandatoryReviewers($mfolder, null, $userobj);
if($mreviewers['i']) if($mreviewers['i'])
$reviewers['i'] = array_merge($reviewers['i'], $mreviewers['i']); $reviewers['i'] = array_merge($reviewers['i'], $mreviewers['i']);
if($mreviewers['g']) if($mreviewers['g'])
$reviewers['g'] = array_merge($reviewers['g'], $mreviewers['g']); $reviewers['g'] = array_merge($reviewers['g'], $mreviewers['g']);
} }
$mapprovers = getMandatoryApprovers($mfolder, $userobj); $mapprovers = getMandatoryApprovers($mfolder, null, $userobj);
if($mapprovers['i']) if($mapprovers['i'])
$approvers['i'] = array_merge($approvers['i'], $mapprovers['i']); $approvers['i'] = array_merge($approvers['i'], $mapprovers['i']);
if($mapprovers['g']) if($mapprovers['g'])

12
views/bootstrap/class.AttributeMgr.php
View File

@ -142,10 +142,14 @@ $(document).ready( function() {
print $this->folderListHeader(); print $this->folderListHeader();
print "<tbody>\n"; print "<tbody>\n";
foreach($res['folders'] as $subFolder) { foreach($res['folders'] as $subFolder) {
echo $this->folderListRow($subFolder); $extracontent = array();
$extracontent['below_title'] = $this->getListRowPath($subFolder);
echo $this->folderListRow($subFolder, false, $extracontent);
} }
foreach($res['docs'] as $document) { foreach($res['docs'] as $document) {
echo $this->documentListRow($document, $previewer); $extracontent = array();
$extracontent['below_title'] = $this->getListRowPath($document);
echo $this->documentListRow($document, $previewer, false, 0, $extracontent);
} }
echo "</tbody>\n</table>\n"; echo "</tbody>\n</table>\n";
@ -161,7 +165,9 @@ $(document).ready( function() {
print "</tr>\n</thead>\n<tbody>\n"; print "</tr>\n</thead>\n<tbody>\n";
foreach($res['contents'] as $content) { foreach($res['contents'] as $content) {
$doc = $content->getDocument(); $doc = $content->getDocument();
echo $this->documentListRow($doc, $previewer); $extracontent = array();
$extracontent['below_title'] = $this->getListRowPath($doc);
echo $this->documentListRow($doc, $previewer, false, 0, $extracontent);
} }
print "</tbody></table>"; print "</tbody></table>";
} }

6
views/bootstrap/class.Bootstrap.php
View File

@ -796,8 +796,8 @@ background-image: linear-gradient(to bottom, #882222, #111111);;
if ($accessobject->check_view_access('FolderAccess')) if ($accessobject->check_view_access('FolderAccess'))
$menuitems['edit_folder_access'] = array('link'=>$this->params['settings']->_httpRoot."out/out.FolderAccess.php?folderid=".$folderID."&showtree=".showtree(), 'label'=>getMLText('edit_folder_access')); $menuitems['edit_folder_access'] = array('link'=>$this->params['settings']->_httpRoot."out/out.FolderAccess.php?folderid=".$folderID."&showtree=".showtree(), 'label'=>getMLText('edit_folder_access'));
} }
if ($accessobject->check_controller_access('FolderNotify')) if ($accessobject->check_view_access('FolderNotify'))
$menuitems['edit_existing_notify'] = array('link'=>$this->params['settings']->_httpRoot."out/out.FolderNotify.php?folderid=". $folderID ."&showtree=". showtree(), 'label'=>getMLText('edit_existing_notify')); $menuitems['edit_folder_notify'] = array('link'=>$this->params['settings']->_httpRoot."out/out.FolderNotify.php?folderid=". $folderID ."&showtree=". showtree(), 'label'=>getMLText('edit_folder_notify'));
} }
if($enableClipboard) { if($enableClipboard) {
$menuitems['add_to_clipboard'] = array('class'=>'addtoclipboard', 'attributes'=>array(['rel', 'F'.$folder->getId()], ['msg', getMLText('splash_added_to_clipboard')], ['title', getMLText("add_to_clipboard")]), 'label'=>getMLText("add_to_clipboard")); $menuitems['add_to_clipboard'] = array('class'=>'addtoclipboard', 'attributes'=>array(['rel', 'F'.$folder->getId()], ['msg', getMLText('splash_added_to_clipboard')], ['title', getMLText("add_to_clipboard")]), 'label'=>getMLText("add_to_clipboard"));
@ -877,7 +877,7 @@ background-image: linear-gradient(to bottom, #882222, #111111);;
} }
if ($accessMode >= M_READ && !$this->params['user']->isGuest()) { if ($accessMode >= M_READ && !$this->params['user']->isGuest()) {
if ($accessobject->check_view_access('DocumentNotify')) if ($accessobject->check_view_access('DocumentNotify'))
$menuitems['edit_existing_notify'] = array('link'=>$this->params['settings']->_httpRoot."out/out.DocumentNotify". $docid, 'label'=>getMLText('edit_existing_notify')); $menuitems['edit_document_notify'] = array('link'=>$this->params['settings']->_httpRoot."out/out.DocumentNotify". $docid, 'label'=>getMLText('edit_document_notify'));
} }
if($enableClipboard) { if($enableClipboard) {
$menuitems['add_to_clipboard'] = array('class'=>'addtoclipboard', 'attributes'=>array(['rel', 'D'.$document->getId()], ['msg', getMLText('splash_added_to_clipboard')], ['title', getMLText("add_to_clipboard")]), 'label'=>getMLText("add_to_clipboard")); $menuitems['add_to_clipboard'] = array('class'=>'addtoclipboard', 'attributes'=>array(['rel', 'D'.$document->getId()], ['msg', getMLText('splash_added_to_clipboard')], ['title', getMLText("add_to_clipboard")]), 'label'=>getMLText("add_to_clipboard"));

26
views/bootstrap/class.DocumentNotify.php
View File

@ -70,6 +70,7 @@ $(document).ready( function() {
$folder = $this->params['folder']; $folder = $this->params['folder'];
$document = $this->params['document']; $document = $this->params['document'];
$sortusersinlist = $this->params['sortusersinlist']; $sortusersinlist = $this->params['sortusersinlist'];
$enableusersview = $this->params['enableusersview'];
$notifyList = $document->getNotifyList(0, true); $notifyList = $document->getNotifyList(0, true);
@ -151,10 +152,10 @@ $(document).ready( function() {
} else { } else {
print "<table class=\"table table-condensed table-sm mt-4\">\n"; print "<table class=\"table table-condensed table-sm mt-4\">\n";
foreach ($notifyList["users"] as $userNotify) { foreach ($notifyList["users"] as $userNotify) {
print "<tr>"; if ($user->isAdmin() || /*$enableusersview || */$user->getID() == $userNotify->getID()) {
print "<td><i class=\"fa fa-user\"></i></td>"; print "<tr>";
print "<td>" . htmlspecialchars($userNotify->getLogin() . " - " . $userNotify->getFullName()) . "</td>"; print "<td><i class=\"fa fa-user\"></i></td>";
if ($user->isAdmin() || $user->getID() == $userNotify->getID()) { print "<td>" . htmlspecialchars($userNotify->getLogin() . " - " . $userNotify->getFullName()) . "</td>";
print "<form action=\"../op/op.DocumentNotify.php\" method=\"post\">\n"; print "<form action=\"../op/op.DocumentNotify.php\" method=\"post\">\n";
echo createHiddenFieldWithKey('documentnotify')."\n"; echo createHiddenFieldWithKey('documentnotify')."\n";
print "<input type=\"hidden\" name=\"documentid\" value=\"".$document->getID()."\">\n"; print "<input type=\"hidden\" name=\"documentid\" value=\"".$document->getID()."\">\n";
@ -164,14 +165,15 @@ $(document).ready( function() {
print "<button type=\"submit\" class=\"btn btn-danger btn-mini btn-sm\"><i class=\"fa fa-remove\"></i> ".getMLText("delete")."</button>"; print "<button type=\"submit\" class=\"btn btn-danger btn-mini btn-sm\"><i class=\"fa fa-remove\"></i> ".getMLText("delete")."</button>";
print "</td>"; print "</td>";
print "</form>\n"; print "</form>\n";
}else print "<td></td>"; print "</tr>";
print "</tr>"; }
} }
foreach ($notifyList["groups"] as $groupNotify) { foreach ($notifyList["groups"] as $groupNotify) {
print "<tr>"; /* admins and members of a group may see exiting notifications */
print "<td><i class=\"fa fa-group\"></i></td>"; if ($user->isAdmin() || /*$enableusersview || */$groupNotify->isMember($user,false)) {
print "<td>" . htmlspecialchars($groupNotify->getName()) . "</td>"; print "<tr>";
if ($user->isAdmin() || $groupNotify->isMember($user,true)) { print "<td><i class=\"fa fa-group\"></i></td>";
print "<td>" . htmlspecialchars($groupNotify->getName()) . "</td>";
print "<form action=\"../op/op.DocumentNotify.php\" method=\"post\">\n"; print "<form action=\"../op/op.DocumentNotify.php\" method=\"post\">\n";
echo createHiddenFieldWithKey('documentnotify')."\n"; echo createHiddenFieldWithKey('documentnotify')."\n";
print "<input type=\"hidden\" name=\"documentid\" value=\"".$document->getID()."\">\n"; print "<input type=\"hidden\" name=\"documentid\" value=\"".$document->getID()."\">\n";
@ -181,8 +183,8 @@ $(document).ready( function() {
print "<button type=\"submit\" class=\"btn btn-danger btn-mini btn-sm\"><i class=\"fa fa-remove\"></i> ".getMLText("delete")."</button>"; print "<button type=\"submit\" class=\"btn btn-danger btn-mini btn-sm\"><i class=\"fa fa-remove\"></i> ".getMLText("delete")."</button>";
print "</td>"; print "</td>";
print "</form>\n"; print "</form>\n";
}else print "<td></td>"; print "</tr>";
print "</tr>"; }
} }
print "</table>\n"; print "</table>\n";
} }

28
views/bootstrap/class.FolderNotify.php
View File

@ -67,9 +67,8 @@ $(document).ready(function() {
$dms = $this->params['dms']; $dms = $this->params['dms'];
$user = $this->params['user']; $user = $this->params['user'];
$folder = $this->params['folder']; $folder = $this->params['folder'];
$allUsers = $this->params['allusers'];
$allGroups = $this->params['allgroups'];
$sortusersinlist = $this->params['sortusersinlist']; $sortusersinlist = $this->params['sortusersinlist'];
$enableusersview = $this->params['enableusersview'];
$notifyList = $folder->getNotifyList(0, true); $notifyList = $folder->getNotifyList(0, true);
@ -151,10 +150,10 @@ $(document).ready(function() {
} else { } else {
print "<table class=\"table table-condensed table-sm\">\n"; print "<table class=\"table table-condensed table-sm\">\n";
foreach ($notifyList["users"] as $userNotify) { foreach ($notifyList["users"] as $userNotify) {
print "<tr>"; if ($user->isAdmin() || /*$enableusersview || */$user->getID() == $userNotify->getID()) {
print "<td><i class=\"fa fa-user\"></i></td>"; print "<tr>";
print "<td>" . htmlspecialchars($userNotify->getLogin() . " - " . $userNotify->getFullName()) . "</td>"; print "<td><i class=\"fa fa-user\"></i></td>";
if ($user->isAdmin() || $user->getID() == $userNotify->getID()) { print "<td>" . htmlspecialchars($userNotify->getLogin() . " - " . $userNotify->getFullName()) . "</td>";
print "<form action=\"../op/op.FolderNotify.php\" method=\"post\">\n"; print "<form action=\"../op/op.FolderNotify.php\" method=\"post\">\n";
echo createHiddenFieldWithKey('foldernotify')."\n"; echo createHiddenFieldWithKey('foldernotify')."\n";
print "<input type=\"Hidden\" name=\"folderid\" value=\"".$folder->getID()."\">\n"; print "<input type=\"Hidden\" name=\"folderid\" value=\"".$folder->getID()."\">\n";
@ -164,14 +163,15 @@ $(document).ready(function() {
print "<button type=\"submit\" class=\"btn btn-danger btn-mini btn-sm\"><i class=\"fa fa-remove\"></i> ".getMLText("delete")."</button>"; print "<button type=\"submit\" class=\"btn btn-danger btn-mini btn-sm\"><i class=\"fa fa-remove\"></i> ".getMLText("delete")."</button>";
print "</td>"; print "</td>";
print "</form>\n"; print "</form>\n";
}else print "<td></td>"; print "</tr>";
print "</tr>"; }
} }
foreach ($notifyList["groups"] as $groupNotify) { foreach ($notifyList["groups"] as $groupNotify) {
print "<tr>"; /* admins and members of a group may see exiting notifications */
print "<td><i class=\"fa fa-group\"></i></td>"; if ($user->isAdmin() || /*$enableusersview || */$groupNotify->isMember($user,false)) {
print "<td>" . htmlspecialchars($groupNotify->getName()) . "</td>"; print "<tr>";
if ($user->isAdmin() || $groupNotify->isMember($user,true)) { print "<td><i class=\"fa fa-group\"></i></td>";
print "<td>" . htmlspecialchars($groupNotify->getName()) . "</td>";
print "<form action=\"../op/op.FolderNotify.php\" method=\"post\">\n"; print "<form action=\"../op/op.FolderNotify.php\" method=\"post\">\n";
echo createHiddenFieldWithKey('foldernotify')."\n"; echo createHiddenFieldWithKey('foldernotify')."\n";
print "<input type=\"Hidden\" name=\"folderid\" value=\"".$folder->getID()."\">\n"; print "<input type=\"Hidden\" name=\"folderid\" value=\"".$folder->getID()."\">\n";
@ -181,8 +181,8 @@ $(document).ready(function() {
print "<button type=\"submit\" class=\"btn btn-danger btn-mini btn-sm\"><i class=\"fa fa-remove\"></i> ".getMLText("delete")."</button>"; print "<button type=\"submit\" class=\"btn btn-danger btn-mini btn-sm\"><i class=\"fa fa-remove\"></i> ".getMLText("delete")."</button>";
print "</td>"; print "</td>";
print "</form>\n"; print "</form>\n";
}else print "<td></td>"; print "</tr>";
print "</tr>"; }
} }
print "</table>\n"; print "</table>\n";
} }

2
views/bootstrap/class.GroupMgr.php
View File

@ -208,7 +208,7 @@ $(document).ready( function() {
print "<tr>"; print "<tr>";
print "<td><i class=\"fa fa-user\"></i></td>"; print "<td><i class=\"fa fa-user\"></i></td>";
print "<td>" . htmlspecialchars($member->getFullName()) . "</td>"; print "<td>" . htmlspecialchars($member->getFullName()." (".$member->getLogin().")") ."<br>".htmlspecialchars($member->getEmail()). "</td>";
print "<td>" . ($group->isMember($member,true)?getMLText("manager"):"&nbsp;") . "</td>"; print "<td>" . ($group->isMember($member,true)?getMLText("manager"):"&nbsp;") . "</td>";
print "<td>"; print "<td>";
print "<form action=\"../op/op.GroupMgr.php\" method=\"post\" class=\"form-inline\" style=\"display: inline-block; margin-bottom: 0px;\"><input type=\"hidden\" name=\"action\" value=\"rmmember\" /><input type=\"hidden\" name=\"groupid\" value=\"".$group->getID()."\" /><input type=\"hidden\" name=\"userid\" value=\"".$member->getID()."\" />".createHiddenFieldWithKey('rmmember')."<button type=\"submit\" class=\"btn btn-danger btn-mini btn-sm\"><i class=\"fa fa-remove\"></i><span class=\"d-none d-lg-block\"> ".getMLText("delete")."</span></button></form>"; print "<form action=\"../op/op.GroupMgr.php\" method=\"post\" class=\"form-inline\" style=\"display: inline-block; margin-bottom: 0px;\"><input type=\"hidden\" name=\"action\" value=\"rmmember\" /><input type=\"hidden\" name=\"groupid\" value=\"".$group->getID()."\" /><input type=\"hidden\" name=\"userid\" value=\"".$member->getID()."\" />".createHiddenFieldWithKey('rmmember')."<button type=\"submit\" class=\"btn btn-danger btn-mini btn-sm\"><i class=\"fa fa-remove\"></i><span class=\"d-none d-lg-block\"> ".getMLText("delete")."</span></button></form>";

4
views/bootstrap/class.GroupView.php
View File

@ -79,14 +79,14 @@ $(document).ready( function() {
foreach ($members as $member) { foreach ($members as $member) {
$memberids[] = $member->getId(); $memberids[] = $member->getId();
echo "<li>".htmlspecialchars($member->getFullName()); echo "<li>".htmlspecialchars($member->getFullName().", ".$member->getLogin());
if ($member->getEmail()!="") if ($member->getEmail()!="")
echo " (<a href=\"mailto:".htmlspecialchars($member->getEmail())."\">".htmlspecialchars($member->getEmail())."</a>)"; echo " (<a href=\"mailto:".htmlspecialchars($member->getEmail())."\">".htmlspecialchars($member->getEmail())."</a>)";
foreach($managers as $manager) foreach($managers as $manager)
if($manager->getId() == $member->getId()) if($manager->getId() == $member->getId())
echo ", ".getMLText("manager"); echo ", ".getMLText("manager");
if($ismanager && $member->getId() != $user->getId()) { if($ismanager && $member->getId() != $user->getId()) {
echo ' <a href="../op/op.GroupView.php?action=del&groupid='.$group->getId().'&userid='.$member->getId().'" class="btn btn-mini btn-sm"><i class="fa fa-remove"></i> '.getMLText("rm_user").'</a>'; echo ' <a href="../op/op.GroupView.php?action=del&groupid='.$group->getId().'&userid='.$member->getId().'" class="btn btn-danger btn-mini btn-sm"><i class="fa fa-remove"></i> '.getMLText("rm_user").'</a>';
} }
echo "</li>"; echo "</li>";
} }

3
views/bootstrap/class.Login.php
View File

@ -88,6 +88,7 @@ $(document).ready( function() {
$themes = $this->params['themes']; $themes = $this->params['themes'];
$msg = $this->params['msg']; $msg = $this->params['msg'];
$languages = $this->params['languages']; $languages = $this->params['languages'];
$defaultlanguage = $this->params['defaultlanguage'];
$enableLanguageSelector = $this->params['enablelanguageselector']; $enableLanguageSelector = $this->params['enablelanguageselector'];
$enableThemeSelector = $this->params['enablethemeselector']; $enableThemeSelector = $this->params['enablethemeselector'];
$enable2factauth = $this->params['enable2factauth']; $enable2factauth = $this->params['enable2factauth'];
@ -162,6 +163,8 @@ $(document).ready( function() {
'options'=>$options 'options'=>$options
) )
); );
} elseif($defaultlanguage) {
echo "<input type='hidden' name='lang' id='languageselector' value='".htmlspecialchars($defaultlanguage)."'/>";
} }
if($enableThemeSelector) { if($enableThemeSelector) {
$options = array(); $options = array();

1
views/bootstrap/class.Settings.php
View File

@ -499,6 +499,7 @@ if(($kkk = $this->callHook('getFullSearchEngine')) && is_array($kkk))
<?php $this->showConfigCheckbox('settings_enableGuestLogin', 'enableGuestLogin'); ?> <?php $this->showConfigCheckbox('settings_enableGuestLogin', 'enableGuestLogin'); ?>
<?php $this->showConfigCheckbox('settings_enableGuestAutoLogin', 'enableGuestAutoLogin'); ?> <?php $this->showConfigCheckbox('settings_enableGuestAutoLogin', 'enableGuestAutoLogin'); ?>
<?php $this->showConfigCheckbox('settings_enable2FactorAuthentication', 'enable2FactorAuthentication'); ?> <?php $this->showConfigCheckbox('settings_enable2FactorAuthentication', 'enable2FactorAuthentication'); ?>
<?php $this->showConfigCheckbox('settings_enableLoginByEmail', 'enableLoginByEmail'); ?>
<?php $this->showConfigCheckbox('settings_restricted', 'restricted'); ?> <?php $this->showConfigCheckbox('settings_restricted', 'restricted'); ?>
<?php $this->showConfigCheckbox('settings_enableUserImage', 'enableUserImage'); ?> <?php $this->showConfigCheckbox('settings_enableUserImage', 'enableUserImage'); ?>
<?php $this->showConfigCheckbox('settings_disableSelfEdit', 'disableSelfEdit'); ?> <?php $this->showConfigCheckbox('settings_disableSelfEdit', 'disableSelfEdit'); ?>

8
views/bootstrap/class.ViewDocument.php
View File

@ -1944,7 +1944,9 @@ $(document).ready( function() {
if(is_string($txt)) if(is_string($txt))
echo $txt; echo $txt;
else { else {
echo $this->documentListRow($targetDoc, $previewer, true); $extracontent = array();
$extracontent['below_title'] = $this->getListRowPath($targetDoc);
echo $this->documentListRow($targetDoc, $previewer, true, 0, $extracontent);
} }
print "<td><span class=\"actions\">"; print "<td><span class=\"actions\">";
print getMLText("document_link_by")." ".htmlspecialchars($responsibleUser->getFullName()); print getMLText("document_link_by")." ".htmlspecialchars($responsibleUser->getFullName());
@ -2010,7 +2012,9 @@ $(document).ready( function() {
if(is_string($txt)) if(is_string($txt))
echo $txt; echo $txt;
else { else {
echo $this->documentListRow($sourceDoc, $previewer, true); $extracontent = array();
$extracontent['below_title'] = $this->getListRowPath($sourceDoc);
echo $this->documentListRow($sourceDoc, $previewer, true, 0, $extracontent);
} }
print "<td><span class=\"actions\">"; print "<td><span class=\"actions\">";
if (($user->getID() == $responsibleUser->getID()) || ($document->getAccessMode($user) == M_ALL )) if (($user->getID() == $responsibleUser->getID()) || ($document->getAccessMode($user) == M_ALL ))

4
views/bootstrap/class.ViewFolder.php
View File

@ -474,13 +474,13 @@ $('body').on('click', '.order-btn', function(ev) {
$folder = $this->params['folder']; $folder = $this->params['folder'];
$maxuploadsize = $this->params['maxuploadsize']; $maxuploadsize = $this->params['maxuploadsize'];
$this->contentHeading(getMLText("dropupload"), true);
if ($folder->getAccessMode($user) >= M_READWRITE) { if ($folder->getAccessMode($user) >= M_READWRITE) {
$this->contentHeading(getMLText("dropupload"), true);
?> ?>
<div id="draganddrophandler" class="well alert alert-warning" data-droptarget="folder_<?php echo $folder->getID(); ?>" data-target="<?php echo $folder->getID(); ?>" data-uploadformtoken="<?php echo createFormKey(''); ?>"><?php printMLText('drop_files_here', ['maxuploadsize'=>SeedDMS_Core_File::format_filesize($maxuploadsize)]); ?></div> <div id="draganddrophandler" class="well alert alert-warning" data-droptarget="folder_<?php echo $folder->getID(); ?>" data-target="<?php echo $folder->getID(); ?>" data-uploadformtoken="<?php echo createFormKey(''); ?>"><?php printMLText('drop_files_here', ['maxuploadsize'=>SeedDMS_Core_File::format_filesize($maxuploadsize)]); ?></div>
<?php <?php
} else { } else {
$this->errorMsg(getMLText('access_denied')); //$this->errorMsg(getMLText('access_denied'));
} }
} /* }}} */ } /* }}} */

35
views/bootstrap/styles/application.js
View File

@ -186,21 +186,42 @@ function initMost() {
}); });
}, },
/* updater is called when the item in the list is clicked. It is /* updater is called when the item in the list is clicked. It is
* actually provided to update the input field where you type, but here * provided to update the input field where you type. */
* we use it to update a second input field with the doc id. */
updater: function (item) { updater: function (item) {
strarr = item.value.split("#");
target = this.$element.data('target'); target = this.$element.data('target');
$('#'+target).attr('value', strarr[0]); $('#'+target).attr('value', item.id);
return strarr[1]; return item.value;
},
sorter: function(items) {
return items;
}, },
/* Set a matcher that allows any returned value */ /* Set a matcher that allows any returned value */
matcher : function (item) { matcher : function (item) {
return true; return true;
}, },
highlighter : function (item) { highlighter : function (item) {
strarr = item.split("#"); return '<i class="fa fa-file"></i> ' + item.name.replace(/</g, '&lt;') + (typeof(item.path) != 'undefined' ? '<br /><span class="path">' + item.path + '</span>' : '');
return '<i class="fa fa-file"></i> ' + strarr[1].replace(/</g, '&lt;'); },
/* This only works with a modified version of bootstrap typeahead located
* in boostrap-typeahead.js Search for 'render'
* The line
* this.render = this.options.render || this.render
* was added to bootstrap-typeahead.js
* The following function is a copy of the original render function but
* access item.name instead of item
*/
render : function (items) {
var that = this
items = $(items).map(function (i, item) {
i = $(that.options.item).attr('data-value', item.name).attr('data-id', item.id).attr('data-type', item.type);
i.find('a').html(that.highlighter(item))
return i[0]
})
items.first().addClass('active')
this.$menu.html(items)
return this
} }
}); /* }}} */ }); /* }}} */

6
views/bootstrap4/class.Bootstrap4.php
View File

@ -727,8 +727,8 @@ background-image: linear-gradient(to bottom, #882222, #111111);;
if ($accessobject->check_view_access('FolderAccess')) if ($accessobject->check_view_access('FolderAccess'))
$menuitems['edit_folder_access'] = array('link'=>$this->params['settings']->_httpRoot."out/out.FolderAccess.php?folderid=".$folderID."&showtree=".showtree(), 'label'=>getMLText('edit_folder_access')); $menuitems['edit_folder_access'] = array('link'=>$this->params['settings']->_httpRoot."out/out.FolderAccess.php?folderid=".$folderID."&showtree=".showtree(), 'label'=>getMLText('edit_folder_access'));
} }
if ($accessobject->check_controller_access('FolderNotify')) if ($accessobject->check_view_access('FolderNotify'))
$menuitems['edit_existing_notify'] = array('link'=>$this->params['settings']->_httpRoot."out/out.FolderNotify.php?folderid=". $folderID ."&showtree=". showtree(), 'label'=>getMLText('edit_existing_notify')); $menuitems['edit_folder_notify'] = array('link'=>$this->params['settings']->_httpRoot."out/out.FolderNotify.php?folderid=". $folderID ."&showtree=". showtree(), 'label'=>getMLText('edit_folder_notify'));
} }
if($enableClipboard) { if($enableClipboard) {
$menuitems['add_to_clipboard'] = array('class'=>'addtoclipboard', 'attributes'=>array(['rel', 'F'.$folder->getId()], ['msg', getMLText('splash_added_to_clipboard')], ['title', getMLText("add_to_clipboard")]), 'label'=>getMLText("add_to_clipboard")); $menuitems['add_to_clipboard'] = array('class'=>'addtoclipboard', 'attributes'=>array(['rel', 'F'.$folder->getId()], ['msg', getMLText('splash_added_to_clipboard')], ['title', getMLText("add_to_clipboard")]), 'label'=>getMLText("add_to_clipboard"));
@ -804,7 +804,7 @@ background-image: linear-gradient(to bottom, #882222, #111111);;
} }
if ($accessMode >= M_READ && !$this->params['user']->isGuest()) { if ($accessMode >= M_READ && !$this->params['user']->isGuest()) {
if ($accessobject->check_view_access('DocumentNotify')) if ($accessobject->check_view_access('DocumentNotify'))
$menuitems['edit_existing_notify'] = array('link'=>$this->params['settings']->_httpRoot."out/out.DocumentNotify". $docid, 'label'=>getMLText('edit_existing_notify')); $menuitems['edit_document_notify'] = array('link'=>$this->params['settings']->_httpRoot."out/out.DocumentNotify". $docid, 'label'=>getMLText('edit_document_notify'));
} }
if($enableClipboard) { if($enableClipboard) {
$menuitems['add_to_clipboard'] = array('class'=>'addtoclipboard', 'attributes'=>array(['rel', 'D'.$document->getId()], ['msg', getMLText('splash_added_to_clipboard')], ['title', getMLText("add_to_clipboard")]), 'label'=>getMLText("add_to_clipboard")); $menuitems['add_to_clipboard'] = array('class'=>'addtoclipboard', 'attributes'=>array(['rel', 'D'.$document->getId()], ['msg', getMLText('splash_added_to_clipboard')], ['title', getMLText("add_to_clipboard")]), 'label'=>getMLText("add_to_clipboard"));

35
views/bootstrap4/styles/application.js
View File

@ -193,21 +193,42 @@ function initMost() {
}); });
}, },
/* updater is called when the item in the list is clicked. It is /* updater is called when the item in the list is clicked. It is
* actually provided to update the input field where you type, but here * provided to update the input field where you type. */
* we use it to update a second input field with the doc id. */
updater: function (item) { updater: function (item) {
strarr = item.value.split("#");
target = this.$element.data('target'); target = this.$element.data('target');
$('#'+target).attr('value', strarr[0]); $('#'+target).attr('value', item.id);
return strarr[1]; return item.value;
},
sorter: function(items) {
return items;
}, },
/* Set a matcher that allows any returned value */ /* Set a matcher that allows any returned value */
matcher : function (item) { matcher : function (item) {
return true; return true;
}, },
highlighter : function (item) { highlighter : function (item) {
strarr = item.split("#"); return '<i class="fa fa-file"></i> ' + item.name.replace(/</g, '&lt;') + (typeof(item.path) != 'undefined' ? '<br /><span class="path">' + item.path + '</span>' : '');
return '<i class="fa fa-file"></i> ' + strarr[1].replace(/</g, '&lt;'); },
/* This only works with a modified version of bootstrap typeahead located
* in boostrap-typeahead.js Search for 'render'
* The line
* this.render = this.options.render || this.render
* was added to bootstrap-typeahead.js
* The following function is a copy of the original render function but
* access item.name instead of item
*/
render : function (items) {
var that = this
items = $(items).map(function (i, item) {
i = $(that.options.item).attr('data-value', item.name).attr('data-id', item.id).attr('data-type', item.type);
i.find('a').html(that.highlighter(item))
return i[0]
})
items.first().addClass('active')
this.$menu.html(items)
return this
} }
}); /* }}} */ }); /* }}} */