getMLText("invalid_folder_id"))),getMLText("invalid_folder_id")); } $folderid = $_GET["folderid"]; $folder = $dms->getFolder($folderid); if (!is_object($folder)) { UI::exitError(getMLText("folder_title", array("foldername" => getMLText("invalid_folder_id"))),getMLText("invalid_folder_id")); } $folderPathHTML = getFolderPathHTML($folder, true); if ($folder->getAccessMode($user) < M_ALL) { UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("access_denied")); } /* Check if the form data comes from a trusted request */ /* FIXME: Currently GET request are allowed. */ if(!checkFormKey('folderaccess', 'GET')) { UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("invalid_request_token")); } switch ($_GET["action"]) { case "setowner": case "delaccess": case "inherit": $action = $_GET["action"]; break; case "setdefault": case "editaccess": case "addaccess": $action = $_GET["action"]; if (!isset($_GET["mode"]) || !is_numeric($_GET["mode"]) || $_GET["mode"]M_ALL) { UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("invalid_access_mode")); } $mode = $_GET["mode"]; break; case "notinherit": $action = $_GET["action"]; if (strcasecmp($_GET["mode"], "copy") && strcasecmp($_GET["mode"], "empty")) { UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("invalid_access_mode")); } $mode = $_GET["mode"]; break; default: UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("invalid_action")); break; } if (isset($_GET["userid"])) { if (!is_numeric($_GET["userid"])) { UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("unknown_user")); } if (!strcasecmp($action, "addaccess") && $_GET["userid"]==-1) { $userid = -1; } else { if (!is_object($dms->getUser($_GET["userid"]))) { UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("unknown_user")); } $userid = $_GET["userid"]; } } if (isset($_GET["groupid"])) { if (!is_numeric($_GET["groupid"])) { UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("unknown_group")); } if (!strcasecmp($action, "addaccess") && $_GET["groupid"]==-1) { $groupid = -1; } else { if (!is_object($dms->getGroup($_GET["groupid"]))) { UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("unknown_group")); } $groupid = $_GET["groupid"]; } } // Change owner ----------------------------------------------------------- if ($action == "setowner") { if (!$user->isAdmin()) { UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("access_denied")); } if (!isset($_GET["ownerid"]) || !is_numeric($_GET["ownerid"]) || $_GET["ownerid"]<1) { UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("unknown_user")); } $newOwner = $dms->getUser($_GET["ownerid"]); if (!is_object($newOwner)) { UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("unknown_user")); } $oldOwner = $folder->getOwner(); if($folder->setOwner($newOwner)) { if($notifier) { // Send notification to subscribers. $notifyList = $folder->getNotifyList(); $subject = "ownership_changed_email_subject"; $message = "ownership_changed_email_body"; $params = array(); $params['name'] = $folder->getName(); if($folder->getParent()) $params['folder_path'] = $folder->getParent()->getFolderPathPlain(); else $params['folder_path'] = $folder->getFolderPathPlain(); $params['username'] = $user->getFullName(); $params['old_owner'] = $oldOwner->getFullName(); $params['new_owner'] = $newOwner->getFullName(); $params['url'] = "http".((isset($_SERVER['HTTPS']) && (strcmp($_SERVER['HTTPS'],'off')!=0)) ? "s" : "")."://".$_SERVER['HTTP_HOST'].$settings->_httpRoot."out/out.ViewFolder.php?folderid=".$folder->getID(); $params['sitename'] = $settings->_siteName; $params['http_root'] = $settings->_httpRoot; $notifier->toList($user, $notifyList["users"], $subject, $message, $params); foreach ($notifyList["groups"] as $grp) { $notifier->toGroup($user, $grp, $subject, $message, $params); } } $session->setSplashMsg(array('type'=>'success', 'msg'=>getMLText('splash_setowner'))); } else { UI::exitError(getMLText("folder_title", array("foldername" => $folder->getName())),getMLText("set_owner_error")); } } // Set Permission to no inherit ------------------------------------------- else if ($action == "notinherit") { $defAccess = $folder->getDefaultAccess(); if($folder->setInheritAccess(false)) { if($notifier) { // Send notification to subscribers. $notifyList = $folder->getNotifyList(); $subject = "access_permission_changed_email_subject"; $message = "access_permission_changed_email_body"; $params = array(); $params['name'] = $folder->getName(); if($folder->getParent()) $params['folder_path'] = $folder->getParent()->getFolderPathPlain(); else $params['folder_path'] = $folder->getFolderPathPlain(); $params['username'] = $user->getFullName(); $params['url'] = "http".((isset($_SERVER['HTTPS']) && (strcmp($_SERVER['HTTPS'],'off')!=0)) ? "s" : "")."://".$_SERVER['HTTP_HOST'].$settings->_httpRoot."out/out.ViewFolder.php?folderid=".$folder->getID(); $params['sitename'] = $settings->_siteName; $params['http_root'] = $settings->_httpRoot; $notifier->toList($user, $notifyList["users"], $subject, $message, $params); foreach ($notifyList["groups"] as $grp) { $notifier->toGroup($user, $grp, $subject, $message, $params); } $session->setSplashMsg(array('type'=>'success', 'msg'=>getMLText('splash_notinherit_access'))); } } if($folder->setDefaultAccess($defAccess)) { if($notifier) { // Send notification to subscribers. $notifyList = $folder->getNotifyList(); $subject = "access_permission_changed_email_subject"; $message = "access_permission_changed_email_body"; $params = array(); $params['name'] = $folder->getName(); if($folder->getParent()) $params['folder_path'] = $folder->getParent()->getFolderPathPlain(); else $params['folder_path'] = $folder->getFolderPathPlain(); $params['username'] = $user->getFullName(); $params['url'] = "http".((isset($_SERVER['HTTPS']) && (strcmp($_SERVER['HTTPS'],'off')!=0)) ? "s" : "")."://".$_SERVER['HTTP_HOST'].$settings->_httpRoot."out/out.ViewFolder.php?folderid=".$folder->getID(); $params['sitename'] = $settings->_siteName; $params['http_root'] = $settings->_httpRoot; $notifier->toList($user, $notifyList["users"], $subject, $message, $params); foreach ($notifyList["groups"] as $grp) { $notifier->toGroup($user, $grp, $subject, $message, $params); } } } if ($mode == "copy") { $parent = $folder->getParent(); $accessList = $parent->getAccessList(); foreach ($accessList["users"] as $userAccess) $folder->addAccess($userAccess->getMode(), $userAccess->getUserID(), true); foreach ($accessList["groups"] as $groupAccess) $folder->addAccess($groupAccess->getMode(), $groupAccess->getGroupID(), false); } } // Set permission to inherit ---------------------------------------------- else if ($action == "inherit") { if ($folderid == $settings->_rootFolderID || !$folder->getParent()) return; $folder->clearAccessList(); if($folder->setInheritAccess(true)) { if($notifier) { // Send notification to subscribers. $notifyList = $folder->getNotifyList(); $subject = "access_permission_changed_email_subject"; $message = "access_permission_changed_email_body"; $params = array(); $params['name'] = $folder->getName(); if($folder->getParent()) $params['folder_path'] = $folder->getParent()->getFolderPathPlain(); else $params['folder_path'] = $folder->getFolderPathPlain(); $params['username'] = $user->getFullName(); $params['url'] = "http".((isset($_SERVER['HTTPS']) && (strcmp($_SERVER['HTTPS'],'off')!=0)) ? "s" : "")."://".$_SERVER['HTTP_HOST'].$settings->_httpRoot."out/out.ViewFolder.php?folderid=".$folder->getID(); $params['sitename'] = $settings->_siteName; $params['http_root'] = $settings->_httpRoot; $notifier->toList($user, $notifyList["users"], $subject, $message, $params); foreach ($notifyList["groups"] as $grp) { $notifier->toGroup($user, $grp, $subject, $message, $params); } } $session->setSplashMsg(array('type'=>'success', 'msg'=>getMLText('splash_inherit_access'))); } } // Set default permission ------------------------------------------------- else if ($action == "setdefault") { if($folder->setDefaultAccess($mode)) { if($notifier) { // Send notification to subscribers. $notifyList = $folder->getNotifyList(); $subject = "access_permission_changed_email_subject"; $message = "access_permission_changed_email_body"; $params = array(); $params['name'] = $folder->getName(); if($folder->getParent()) $params['folder_path'] = $folder->getParent()->getFolderPathPlain(); else $params['folder_path'] = $folder->getFolderPathPlain(); $params['username'] = $user->getFullName(); $params['url'] = "http".((isset($_SERVER['HTTPS']) && (strcmp($_SERVER['HTTPS'],'off')!=0)) ? "s" : "")."://".$_SERVER['HTTP_HOST'].$settings->_httpRoot."out/out.ViewFolder.php?folderid=".$folder->getID(); $params['sitename'] = $settings->_siteName; $params['http_root'] = $settings->_httpRoot; $notifier->toList($user, $notifyList["users"], $subject, $message, $params); foreach ($notifyList["groups"] as $grp) { $notifier->toGroup($user, $grp, $subject, $message, $params); } } $session->setSplashMsg(array('type'=>'success', 'msg'=>getMLText('splash_set_default_access'))); } } // Modify permission ------------------------------------------------------ else if ($action == "editaccess") { if (isset($userid)) { $folder->changeAccess($mode, $userid, true); } else if (isset($groupid)) { $folder->changeAccess($mode, $groupid, false); } $session->setSplashMsg(array('type'=>'success', 'msg'=>getMLText('splash_edit_access'))); } // Delete Permission ------------------------------------------------------ else if ($action == "delaccess") { if (isset($userid)) { $folder->removeAccess($userid, true); } else if (isset($groupid)) { $folder->removeAccess($groupid, false); } $session->setSplashMsg(array('type'=>'success', 'msg'=>getMLText('splash_delete_access'))); } // Add new permission ----------------------------------------------------- else if ($action == "addaccess") { if (isset($userid) && $userid != -1) { $folder->addAccess($mode, $userid, true); } if (isset($groupid) && $groupid != -1) { $folder->addAccess($mode, $groupid, false); } $session->setSplashMsg(array('type'=>'success', 'msg'=>getMLText('splash_add_access'))); } add_log_line(); header("Location:../out/out.FolderAccess.php?folderid=".$folderid); ?>