$dms, 'user'=>$user)); /* Check if the form data comes from a trusted request */ if(!checkFormKey('removedocument')) { UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_request_token"))),getMLText("invalid_request_token")); } if (!isset($_POST["documentid"]) || !is_numeric($_POST["documentid"]) || intval($_POST["documentid"])<1) { UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id")); } $documentid = $_POST["documentid"]; $document = $dms->getDocument($documentid); if (!is_object($document)) { UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id")); } if ($document->getAccessMode($user, 'removeDocument') < M_ALL) { UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("access_denied")); } /* FIXME: whether a document is locked or not, doesn't make a difference, * because M_ALL access right is used in any case. */ if($document->isLocked()) { $lockingUser = $document->getLockingUser(); if (($lockingUser->getID() != $user->getID()) && ($document->getAccessMode($user, 'removeDocument') != M_ALL)) { UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("lock_message", array("email" => $lockingUser->getEmail(), "username" => htmlspecialchars($lockingUser->getFullName())))); } } if($settings->_enableFullSearch) { $index = $indexconf['Indexer']::open($settings->_luceneDir); $indexconf['Indexer']::init($settings->_stopWordsFile); } else { $index = null; $indexconf = null; } $folder = $document->getFolder(); /* Remove all preview images. */ require_once("SeedDMS/Preview.php"); $previewer = new SeedDMS_Preview_Previewer($settings->_cacheDir); $previewer->deleteDocumentPreviews($document); /* Get the notify list before removing the document * Also inform the users/groups of the parent folder */ $dnl = $document->getNotifyList(); $fnl = $folder->getNotifyList(); $nl = array( 'users'=>array_unique(array_merge($dnl['users'], $fnl['users']), SORT_REGULAR), 'groups'=>array_unique(array_merge($dnl['groups'], $fnl['groups']), SORT_REGULAR) ); $docname = $document->getName(); $controller->setParam('document', $document); $controller->setParam('index', $index); $controller->setParam('indexconf', $indexconf); if(!$controller->run()) { if ($controller->getErrorMsg() != '') $errormsg = $controller->getErrorMsg(); else $errormsg = "error_remove_document"; UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($docname))),getMLText($errormsg)); } if ($notifier){ $subject = "document_deleted_email_subject"; $message = "document_deleted_email_body"; $params = array(); $params['name'] = $docname; $params['folder_path'] = $folder->getFolderPathPlain(); $params['username'] = $user->getFullName(); $params['sitename'] = $settings->_siteName; $params['http_root'] = $settings->_httpRoot; $params['url'] = "http".((isset($_SERVER['HTTPS']) && (strcmp($_SERVER['HTTPS'],'off')!=0)) ? "s" : "")."://".$_SERVER['HTTP_HOST'].$settings->_httpRoot."out/out.ViewFolder.php?folderid=".$folder->getID(); $notifier->toList($user, $nl["users"], $subject, $message, $params); foreach ($nl["groups"] as $grp) { $notifier->toGroup($user, $grp, $subject, $message, $params); } } $session->setSplashMsg(array('type'=>'success', 'msg'=>getMLText('splash_rm_document'))); add_log_line("?documentid=".$documentid); header("Location:../out/out.ViewFolder.php?folderid=".$folder->getID()); ?>