From dd4149e3a6192c76282671403cf388bc11157608 Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Wed, 6 Mar 2024 16:31:02 +0100
Subject: [PATCH] add commands 'updatedocument' and 'addfolder'

---
 op/op.Ajax.php | 249 +++++++++++++++++++++++++++++++++++++++++++++++++
 1 file changed, 249 insertions(+)

diff --git a/op/op.Ajax.php b/op/op.Ajax.php
index f2300781d..7c1078536 100644
--- a/op/op.Ajax.php
+++ b/op/op.Ajax.php
@@ -876,6 +876,255 @@ switch($command) {
 		}
 		break; /* }}} */
 
+	case 'updatedocument': /* {{{ */
+		if($user) {
+			if(checkFormKey('')) {
+				if (!isset($_POST["documentid"]) || !is_numeric($_POST["documentid"]) || intval($_POST["documentid"])<1) {
+					header('Content-Type: application/json');
+					echo json_encode(array('success'=>false, 'message'=>getMLText("invalid_document_id")));
+					exit;
+				}
+
+				$documentid = $_POST["documentid"];
+				$document = $dms->getDocument($documentid);
+
+				if (!is_object($document)) {
+					header('Content-Type: application/json');
+					echo json_encode(array('success'=>false, 'message'=>getMLText("invalid_document_id")));
+					exit;
+				}
+
+				if ($document->getAccessMode($user, 'addDocument') < M_READWRITE) {
+					header('Content-Type: application/json');
+					echo json_encode(array('success'=>false, 'message'=>getMLText("access_denied")));
+					exit;
+				}
+
+				if($settings->_quota > 0) {
+					$remain = checkQuota($user);
+					if ($remain < 0) {
+						header('Content-Type: application/json');
+						echo json_encode(array('success'=>false, 'message'=>getMLText("quota_exceeded", array('bytes'=>SeedDMS_Core_File::format_filesize(abs($remain))))));
+						exit;
+					}
+				}
+
+				if (!is_uploaded_file($_FILES["userfile"]["tmp_name"]) || $_FILES['userfile']['error']!=0){
+					header('Content-Type: application/json');
+					echo json_encode(array('success'=>false, 'message'=>getMLText("uploading_failed")));
+					exit;
+				}
+				if ($_FILES["userfile"]["size"]==0) {
+					header('Content-Type: application/json');
+					echo json_encode(array('success'=>false, 'message'=>getMLText("uploading_zerosize")));
+					exit;
+				} 
+
+				$maxuploadsize = SeedDMS_Core_File::parse_filesize($settings->_maxUploadSize);
+				if ($maxuploadsize && $_FILES["userfile"]["size"] > $maxuploadsize) {
+					header('Content-Type: application/json');
+					echo json_encode(array('success'=>false, 'message'=>getMLText("uploading_maxsize")));
+					exit;
+				}
+
+				$userfiletmp = $_FILES["userfile"]["tmp_name"];
+				$userfiletype = $_FILES["userfile"]["type"];
+				$userfilename = $_FILES["userfile"]["name"];
+
+				$fileType = ".".pathinfo($userfilename, PATHINFO_EXTENSION);
+
+				if($settings->_overrideMimeType) {
+					$userfiletype = SeedDMS_Core_File::mimetype($userfiletmp);
+				}
+
+				if (!empty($_POST["name"]))
+					$name = $_POST["name"];
+				else
+					$name = utf8_basename($userfilename);
+
+				if(isset($_POST["attributes"]))
+					$attributes = $_POST["attributes"];
+				else
+					$attributes = array();
+
+				if(isset($_POST["comment"]))
+					$comment = trim($_POST["comment"]);
+				else
+					$comment = '';
+
+				// Get the list of reviewers and approvers for this document.
+				$reviewers = array();
+				$approvers = array();
+				$reviewers["i"] = array();
+				$reviewers["g"] = array();
+				$approvers["i"] = array();
+				$approvers["g"] = array();
+				$workflow = null;
+
+				if($settings->_workflowMode == 'traditional' || $settings->_workflowMode == 'traditional_only_approval') {
+					// add mandatory reviewers/approvers
+					if($settings->_workflowMode == 'traditional') {
+						$mreviewers = getMandatoryReviewers(null, $document, $user);
+						if($mreviewers['i'])
+							$reviewers['i'] = array_merge($reviewers['i'], $mreviewers['i']);
+						if($mreviewers['g'])
+							$reviewers['g'] = array_merge($reviewers['g'], $mreviewers['g']);
+					}
+					$mapprovers = getMandatoryApprovers(null, $document, $user);
+					if($mapprovers['i'])
+						$approvers['i'] = array_merge($approvers['i'], $mapprovers['i']);
+					if($mapprovers['g'])
+						$approvers['g'] = array_merge($approvers['g'], $mapprovers['g']);
+
+				} elseif($settings->_workflowMode == 'advanced') {
+					$workflow = $user->getMandatoryWorkflow();
+				}
+
+				$expires = false;
+				if($settings->_presetExpirationDate) {
+					$expires = strtotime($settings->_presetExpirationDate);
+				}
+
+				$controller = Controller::factory('UpdateDocument', array('dms'=>$dms, 'user'=>$user));
+				$controller->setParam('documentsource', 'upload');
+				$controller->setParam('fulltextservice', $fulltextservice);
+				$controller->setParam('document', $document);
+				$controller->setParam('folder', $document->getFolder());
+				$controller->setParam('name', $name);
+				$controller->setParam('comment', $comment);
+				$controller->setParam('expires', $expires);
+				$controller->setParam('userfiletmp', $userfiletmp);
+				$controller->setParam('userfilename', $userfilename);
+				$controller->setParam('filetype', $fileType);
+				$controller->setParam('userfiletype', $userfiletype);
+				$controller->setParam('reviewers', $reviewers);
+				$controller->setParam('approvers', $approvers);
+				$controller->setParam('reqversion', 1);
+				$controller->setParam('attributes', $attributes);
+				$controller->setParam('workflow', $workflow);
+				$controller->setParam('maxsizeforfulltext', $settings->_maxSizeForFullText);
+
+				if(!$content = $controller()) {
+					$err = $controller->getErrorMsg();
+					if(is_string($err))
+						$errmsg = getMLText($err);
+					elseif(is_array($err)) {
+						$errmsg = getMLText($err[0], $err[1]);
+					} else {
+						$errmsg = $err;
+					}
+					header('Content-Type: application/json');
+					echo json_encode(array('success'=>false, 'message'=>$errmsg));
+					exit;
+				} else {
+					// Send notification to subscribers of folder.
+					if($notifier) {
+						$notifier->sendNewDocumentVersionMail($document, $user);
+					}
+				}
+				header('Content-Type: application/json');
+				echo json_encode(array('success'=>true, 'message'=>getMLText('splash_document_updated'), 'data'=>$document->getID()));
+				add_log_line("updated document ".$document->getId());
+			} else {
+				header('Content-Type: application/json');
+				echo json_encode(array('success'=>false, 'message'=>getMLText('invalid_request_token'), 'data'=>''));
+			}
+		}
+		break; /* }}} */
+
+	case 'addfolder': /* {{{ */
+		if($user) {
+			if(checkFormKey('')) {
+				if (!isset($_POST["folderid"]) || !is_numeric($_POST["folderid"]) || intval($_POST["folderid"])<1) {
+					header('Content-Type: application/json');
+					echo json_encode(array('success'=>false, 'message'=>getMLText("invalid_folder_id")));
+					exit;
+				}
+
+				$folderid = $_POST["folderid"];
+				$folder = $dms->getFolder($folderid);
+
+				if (!is_object($folder)) {
+					header('Content-Type: application/json');
+					echo json_encode(array('success'=>false, 'message'=>getMLText("invalid_folder_id")));
+					exit;
+				}
+
+				if ($folder->getAccessMode($user, 'addFolder') < M_READWRITE) {
+					header('Content-Type: application/json');
+					echo json_encode(array('success'=>false, 'message'=>getMLText("access_denied")));
+					exit;
+				}
+
+				if (!empty($_POST["name"]))
+					$name = $_POST["name"];
+				else
+					$name = utf8_basename($userfilename);
+
+				/* Check if name already exists in the folder */
+				if(!$settings->_enableDuplicateDocNames) {
+					if($folder->hasDocumentByName($name)) {
+						header('Content-Type: application/json');
+						echo json_encode(array('success'=>false, 'message'=>getMLText("document_duplicate_name")));
+						exit;
+					}
+				}
+
+				if(isset($_POST["attributes"]))
+					$attributes = $_POST["attributes"];
+				else
+					$attributes = array();
+
+				if(isset($_POST["comment"]))
+					$comment = trim($_POST["comment"]);
+				else
+					$comment = '';
+
+				$controller = Controller::factory('AddSubFolder', array('dms'=>$dms, 'user'=>$user));
+				$controller->setParam('documentsource', 'upload');
+				$controller->setParam('folder', $folder);
+				$controller->setParam('fulltextservice', $fulltextservice);
+				$controller->setParam('name', $name);
+				$controller->setParam('comment', $comment);
+				$minmax = $folder->getFoldersMinMax();
+				$deviation = rand(10, 1000)/10;
+				if($settings->_defaultFolderPosition == 'start')
+					$controller->setParam('sequence', $minmax['min'] - $deviation);
+				else
+					$controller->setParam('sequence', $minmax['max'] + $deviation);
+				$controller->setParam('owner', $user);
+				$controller->setParam('attributes', $attributes);
+				$controller->setParam('notificationgroups', array());
+				$controller->setParam('notificationusers', array());
+
+				if(!$subfolder = $controller()) {
+					$err = $controller->getErrorMsg();
+					if(is_string($err))
+						$errmsg = getMLText($err);
+					elseif(is_array($err)) {
+						$errmsg = getMLText($err[0], $err[1]);
+					} else {
+						$errmsg = $err;
+					}
+					header('Content-Type: application/json');
+					echo json_encode(array('success'=>false, 'message'=>$errmsg));
+					exit;
+				} else {
+					// Send notification to subscribers of folder.
+					if($notifier) {
+						$notifier->sendNewFolderMail($subfolder, $user);
+					}
+				}
+				header('Content-Type: application/json');
+				echo json_encode(array('success'=>true, 'message'=>getMLText('splash_folder_added'), 'data'=>$subfolder->getID()));
+				add_log_line("add folder ".$subfolder->getId()." in folder ".$folder->getId());
+			} else {
+				header('Content-Type: application/json');
+				echo json_encode(array('success'=>false, 'message'=>getMLText('invalid_request_token'), 'data'=>''));
+			}
+		}
+		break; /* }}} */
+
 	case 'addfile': /* {{{ */
 		if($user) {
 			if(checkFormKey('addfile')) {