check_controller_access('LockDocument', $_POST)) { UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("access_denied")); } /* Check if the form data comes from a trusted request */ if(!checkFormKey('lockdocument', 'GET')) { UI::exitError(getMLText("document_title"), getMLText("invalid_request_token")); } if (!isset($_GET["documentid"]) || !is_numeric($_GET["documentid"]) || intval($_GET["documentid"])<1) { UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id")); } $documentid = $_GET["documentid"]; $document = $dms->getDocument($documentid); if (!is_object($document)) { UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id")); } $accessop = new SeedDMS_AccessOperation($dms, $user, $settings); if (!$accessop->check_controller_access('LockDocument', $_POST)) { UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("access_denied")); } $folder = $document->getFolder(); $docPathHTML = getFolderPathHTML($folder, true). " / ".$document->getName().""; if ($document->getAccessMode($user) < M_READWRITE) { UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied")); } if ($document->isLocked()) { UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("document_already_locked")); } if (!$document->setLocked($user)) { UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("error_occured")); } $session->setSplashMsg(array('type'=>'success', 'msg'=>getMLText('splash_document_locked'))); add_log_line(); header("Location:../out/out.ViewDocument.php?documentid=".$documentid); ?>