Skip to content
Snippets Groups Projects
Verified Commit 439172f5 authored by Florian Azizian's avatar Florian Azizian
Browse files

FEAT #9141 restriction for document with notes

parent d98c4187
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
modules/attachments/load_toolbar_attachments.php
+ 46
41
View file @ 439172f5
<?php
/**
* Copyright Maarch since 2008 under licence GPLv3.
* See LICENCE.txt file at the root folder for more details.
* This file is part of Maarch software.
* @brief load_toolbar_attachments
* @author dev <dev@maarch.org>
* @ingroup attachments
*/
$targetTab = $_REQUEST['targetTab'];
$res_id = $_REQUEST['resId'];
$coll_id = $_REQUEST['collId'];
$res_id = $_REQUEST['resId'];
$coll_id = $_REQUEST['collId'];
require_once 'core' . DIRECTORY_SEPARATOR . 'class' . DIRECTORY_SEPARATOR . 'class_request.php';
$db = new Database;
$core = new core_tools();
if (!$core->test_service('view_documents_with_notes', 'attachments', false)) {
$exclude = ", 'document_with_notes'";
}
if($_SESSION['req'] == 'details'){
if(isset($_REQUEST['responses'])){
$stmt = $db->query("SELECT res_id, creation_date, title, format FROM "
. $_SESSION['tablename']['attach_res_attachments']
. " WHERE res_id_master = ? and coll_id = ? and status <> 'DEL' and (attachment_type = 'response_project' or attachment_type = 'outgoing_mail_signed' or attachment_type = 'outgoing_mail' or attachment_type = 'signed_response' or attachment_type = 'aihp') and (status <> 'TMP' or (typist = ? and status = 'TMP'))", array($res_id, $coll_id, $_SESSION['user']['UserId']));
}else{
$stmt = $db->query("SELECT res_id, creation_date, title, format FROM "
. $_SESSION['tablename']['attach_res_attachments']
. " WHERE res_id_master = ? and coll_id = ? and status <> 'DEL' and attachment_type NOT IN ('response_project','signed_response','outgoing_mail_signed','converted_pdf','outgoing_mail','print_folder','aihp') and (status <> 'TMP' or (typist = ? and status = 'TMP'))", array($res_id, $coll_id, $_SESSION['user']['UserId']));
if ($_SESSION['req'] == 'details') {
if (isset($_REQUEST['responses'])) {
$stmt = $db->query("SELECT res_id, creation_date, title, format FROM "
. $_SESSION['tablename']['attach_res_attachments']
. " WHERE res_id_master = ? and coll_id = ? and status <> 'DEL' and (attachment_type IN ('response_project', 'outgoing_mail_signed', 'outgoing_mail', 'signed_response', 'aihp')) and (status <> 'TMP' or (typist = ? and status = 'TMP'))", array($res_id, $coll_id, $_SESSION['user']['UserId']));
} else {
$stmt = $db->query("SELECT res_id, creation_date, title, format FROM "
. $_SESSION['tablename']['attach_res_attachments']
. " WHERE res_id_master = ? and coll_id = ? and status <> 'DEL' and attachment_type NOT IN ('response_project','signed_response','outgoing_mail_signed','converted_pdf','outgoing_mail','print_folder','aihp'". $exclude . ") and (status <> 'TMP' or (typist = ? and status = 'TMP'))", array($res_id, $coll_id, $_SESSION['user']['UserId']));
}
}else{
} else {
$stmt = $db->query("SELECT res_id FROM "
. $_SESSION['tablename']['attach_res_attachments']
. " WHERE status <> 'DEL' and attachment_type <> 'converted_pdf' and attachment_type <> 'print_folder' and res_id_master = ? and coll_id = ? and (status <> 'TMP' or (typist = ? and status = 'TMP'))", array($res_id, $coll_id, $_SESSION['user']['UserId']));
. " WHERE status <> 'DEL' and attachment_type NOT IN ('converted_pdf', 'print_folder'". $exclude . ") and res_id_master = ? and coll_id = ? and (status <> 'TMP' or (typist = ? and status = 'TMP'))", array($res_id, $coll_id, $_SESSION['user']['UserId']));
}
$nbAttach = $stmt->rowCount();
if ($nbAttach == 0){
if ($nbAttach == 0) {
$class = 'nbResZero';
$style2 = 'display:none;';
$style = '0.5';
$styleDetail = '#9AA7AB';
}
else{
} else {
$class = 'nbRes';
$style = '';
$style2 = 'display:inherit;';
$styleDetail = '#666';
}
if($_SESSION['save_list']['fromDetail'] == 'true'){
if($nbAttach == 0 && strpos($_SERVER['HTTP_USER_AGENT'], 'Chrome')){
$nav = 'attachments_tab';
if(isset($_REQUEST['responses'])){
$nav = 'responses_tab';
}
$style2 = 'visibility:hidden;';
if ($_SESSION['save_list']['fromDetail'] == 'true') {
if ($nbAttach == 0 && strpos($_SERVER['HTTP_USER_AGENT'], 'Chrome')) {
$nav = 'attachments_tab';
if (isset($_REQUEST['responses'])) {
$nav = 'responses_tab';
}
$style2 = 'visibility:hidden;';
}
if($_REQUEST['origin'] == 'parent'){
if ($_REQUEST['origin'] == 'parent') {
$js .= 'window.parent.top.$(\''.$targetTab.'\').style.color=\''.$styleDetail.'\';window.parent.top.$(\''.$targetTab.'_badge\').innerHTML = \'<span id="nb_'.$targetTab.'" style="'.$style2.'font-size: 10px;" class="'.$class.'">'.$nbAttach.'</span>\'';
}else if($_REQUEST['origin'] == 'document'){
} elseif ($_REQUEST['origin'] == 'document') {
$js .= '$(\''.$targetTab.'\').style.color=\''.$styleDetail.'\';$(\''.$targetTab.'_badge\').innerHTML = \'<span id="nb_'.$targetTab.'" style="'.$style2.'font-size: 10px;" class="'.$class.'">'.$nbAttach.'</span>\'';
} else {
$js .= 'parent.$(\''.$targetTab.'\').style.color=\''.$styleDetail.'\';parent.$(\''.$targetTab.'_badge\').innerHTML = \'<span id="nb_'.$targetTab.'" style="'.$style2.'font-size: 10px;" class="'.$class.'">'.$nbAttach.'</span>\'';
$js .= 'parent.$(\''.$targetTab.'\').style.color=\''.$styleDetail.'\';parent.$(\''.$targetTab.'_badge\').innerHTML = \'<span id="nb_'.$targetTab.'" style="'.$style2.'font-size: 10px;" class="'.$class.'">'.$nbAttach.'</span>\'';
}
}else{
if($_REQUEST['origin'] == 'parent'){
} else {
if ($_REQUEST['origin'] == 'parent') {
$js .= 'window.parent.top.$(\''.$targetTab.'_img\').style.opacity=\''.$style.'\';window.parent.top.$(\''.$targetTab.'_badge\').innerHTML = \'&nbsp;<sup><span id="nb_'.$targetTab.'" style="'.$style2.'" class="'.$class.'">'.$nbAttach.'</span></sup>\'';
}else if($_REQUEST['origin'] == 'document'){
} elseif ($_REQUEST['origin'] == 'document') {
$js .= '$(\''.$targetTab.'_img\').style.opacity=\''.$style.'\';$(\''.$targetTab.'_badge\').innerHTML = \'&nbsp;<sup><span id="nb_'.$targetTab.'" style="'.$style2.'" class="'.$class.'">'.$nbAttach.'</span></sup>\'';
} else {
$js .= 'parent.$(\''.$targetTab.'_img\').style.opacity=\''.$style.'\';parent.$(\''.$targetTab.'_badge\').innerHTML = \'&nbsp;<sup><span id="nb_'.$targetTab.'" style="'.$style2.'" class="'.$class.'">'.$nbAttach.'</span></sup>\'';
$js .= 'parent.$(\''.$targetTab.'_img\').style.opacity=\''.$style.'\';parent.$(\''.$targetTab.'_badge\').innerHTML = \'&nbsp;<sup><span id="nb_'.$targetTab.'" style="'.$style2.'" class="'.$class.'">'.$nbAttach.'</span></sup>\'';
}
}
echo "{status : 0, nav : '".$nav."',content : '', error : '', exec_js : '".addslashes($js)."'}";
exit();
\ No newline at end of file
exit();
modules/attachments/show_attachments_details_tab.php
+ 18
9
View file @ 439172f5
<?php
/**
* Copyright Maarch since 2008 under licence GPLv3.
* See LICENCE.txt file at the root folder for more details.
* This file is part of Maarch software.
* @brief show_attachments_details_tab
* @author dev <dev@maarch.org>
* @ingroup attachments
*/
require_once 'core' . DIRECTORY_SEPARATOR . 'class' . DIRECTORY_SEPARATOR . 'class_request.php';
require_once 'core' . DIRECTORY_SEPARATOR . 'class' . DIRECTORY_SEPARATOR . 'class_security.php';
$res_id = $_REQUEST["resId"];
$coll_id = $_REQUEST["collId"];
$res_id = $_REQUEST["resId"];
$coll_id = $_REQUEST["collId"];
$from_detail = $_REQUEST["fromDetail"];
$extraParam ='';
$extraParam ='';
$security = new security();
$right = $security->test_right_doc($coll_id, $res_id);
if(!$right){
if (!$right) {
exit(_NO_RIGHT_TXT);
}
if(isset($_REQUEST['attach_type_exclude'])){
if (isset($_REQUEST['attach_type_exclude'])) {
$extraParam = '&attach_type_exclude='.$_REQUEST['attach_type_exclude'];
}else if(isset($_REQUEST['attach_type'])){
} elseif (isset($_REQUEST['attach_type'])) {
$extraParam = '&attach_type='.$_REQUEST['attach_type'];
}
......@@ -31,7 +41,6 @@ $core_tools->load_js();
$frm_str .= '<div class="ref-unit">';
$frm_str .= '<center>';
if ($core_tools->is_module_loaded('templates') && ($core_tools->test_service('edit_attachments_from_detail', 'attachments', false))) {
$frm_str .= '<input type="button" name="attach" id="attach" class="button" value="'. _CREATE_PJ.'"
onclick="showAttachmentsForm(\''. $_SESSION['config']['businessappurl']
. 'index.php?display=true&module=attachments&page=attachments_content&fromDetail=create\',\'98%\',\'auto\')" />';
......@@ -40,4 +49,4 @@ $frm_str .= '</center><iframe name="list_attach" id="list_attach" src="'.$_SESSI
. 'frameborder="0" width="100%" height="550px"></iframe>';
$frm_str .= '</div>';
echo $frm_str;
\ No newline at end of file
echo $frm_str;
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment