Skip to content
Snippets Groups Projects
Verified Commit 439172f5 authored by Florian Azizian's avatar Florian Azizian
Browse files

FEAT #9141 restriction for document with notes

parent d98c4187
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
modules/attachments/load_toolbar_attachments.php
+ 46
41
View file @ 439172f5
<?php <?php
/**
* Copyright Maarch since 2008 under licence GPLv3.
* See LICENCE.txt file at the root folder for more details.
* This file is part of Maarch software.
* @brief load_toolbar_attachments
* @author dev <dev@maarch.org>
* @ingroup attachments
*/
$targetTab = $_REQUEST['targetTab']; $targetTab = $_REQUEST['targetTab'];
$res_id = $_REQUEST['resId']; $res_id = $_REQUEST['resId'];
$coll_id = $_REQUEST['collId']; $coll_id = $_REQUEST['collId'];
require_once 'core' . DIRECTORY_SEPARATOR . 'class' . DIRECTORY_SEPARATOR . 'class_request.php'; require_once 'core' . DIRECTORY_SEPARATOR . 'class' . DIRECTORY_SEPARATOR . 'class_request.php';
$db = new Database; $db = new Database;
$core = new core_tools();
if (!$core->test_service('view_documents_with_notes', 'attachments', false)) {
$exclude = ", 'document_with_notes'";
}
if($_SESSION['req'] == 'details'){ if ($_SESSION['req'] == 'details') {
if(isset($_REQUEST['responses'])){ if (isset($_REQUEST['responses'])) {
$stmt = $db->query("SELECT res_id, creation_date, title, format FROM " $stmt = $db->query("SELECT res_id, creation_date, title, format FROM "
. $_SESSION['tablename']['attach_res_attachments'] . $_SESSION['tablename']['attach_res_attachments']
. " WHERE res_id_master = ? and coll_id = ? and status <> 'DEL' and (attachment_type = 'response_project' or attachment_type = 'outgoing_mail_signed' or attachment_type = 'outgoing_mail' or attachment_type = 'signed_response' or attachment_type = 'aihp') and (status <> 'TMP' or (typist = ? and status = 'TMP'))", array($res_id, $coll_id, $_SESSION['user']['UserId'])); . " WHERE res_id_master = ? and coll_id = ? and status <> 'DEL' and (attachment_type IN ('response_project', 'outgoing_mail_signed', 'outgoing_mail', 'signed_response', 'aihp')) and (status <> 'TMP' or (typist = ? and status = 'TMP'))", array($res_id, $coll_id, $_SESSION['user']['UserId']));
}else{ } else {
$stmt = $db->query("SELECT res_id, creation_date, title, format FROM " $stmt = $db->query("SELECT res_id, creation_date, title, format FROM "
. $_SESSION['tablename']['attach_res_attachments'] . $_SESSION['tablename']['attach_res_attachments']
. " WHERE res_id_master = ? and coll_id = ? and status <> 'DEL' and attachment_type NOT IN ('response_project','signed_response','outgoing_mail_signed','converted_pdf','outgoing_mail','print_folder','aihp') and (status <> 'TMP' or (typist = ? and status = 'TMP'))", array($res_id, $coll_id, $_SESSION['user']['UserId'])); . " WHERE res_id_master = ? and coll_id = ? and status <> 'DEL' and attachment_type NOT IN ('response_project','signed_response','outgoing_mail_signed','converted_pdf','outgoing_mail','print_folder','aihp'". $exclude . ") and (status <> 'TMP' or (typist = ? and status = 'TMP'))", array($res_id, $coll_id, $_SESSION['user']['UserId']));
} }
} else {
}else{
$stmt = $db->query("SELECT res_id FROM " $stmt = $db->query("SELECT res_id FROM "
. $_SESSION['tablename']['attach_res_attachments'] . $_SESSION['tablename']['attach_res_attachments']
. " WHERE status <> 'DEL' and attachment_type <> 'converted_pdf' and attachment_type <> 'print_folder' and res_id_master = ? and coll_id = ? and (status <> 'TMP' or (typist = ? and status = 'TMP'))", array($res_id, $coll_id, $_SESSION['user']['UserId'])); . " WHERE status <> 'DEL' and attachment_type NOT IN ('converted_pdf', 'print_folder'". $exclude . ") and res_id_master = ? and coll_id = ? and (status <> 'TMP' or (typist = ? and status = 'TMP'))", array($res_id, $coll_id, $_SESSION['user']['UserId']));
} }
$nbAttach = $stmt->rowCount(); $nbAttach = $stmt->rowCount();
if ($nbAttach == 0){ if ($nbAttach == 0) {
$class = 'nbResZero'; $class = 'nbResZero';
$style2 = 'display:none;'; $style2 = 'display:none;';
$style = '0.5'; $style = '0.5';
$styleDetail = '#9AA7AB'; $styleDetail = '#9AA7AB';
} } else {
else{
$class = 'nbRes'; $class = 'nbRes';
$style = ''; $style = '';
$style2 = 'display:inherit;'; $style2 = 'display:inherit;';
$styleDetail = '#666'; $styleDetail = '#666';
} }
if($_SESSION['save_list']['fromDetail'] == 'true'){ if ($_SESSION['save_list']['fromDetail'] == 'true') {
if ($nbAttach == 0 && strpos($_SERVER['HTTP_USER_AGENT'], 'Chrome')) {
if($nbAttach == 0 && strpos($_SERVER['HTTP_USER_AGENT'], 'Chrome')){ $nav = 'attachments_tab';
$nav = 'attachments_tab'; if (isset($_REQUEST['responses'])) {
if(isset($_REQUEST['responses'])){ $nav = 'responses_tab';
$nav = 'responses_tab';
}
$style2 = 'visibility:hidden;';
} }
$style2 = 'visibility:hidden;';
}
if($_REQUEST['origin'] == 'parent'){ if ($_REQUEST['origin'] == 'parent') {
$js .= 'window.parent.top.$(\''.$targetTab.'\').style.color=\''.$styleDetail.'\';window.parent.top.$(\''.$targetTab.'_badge\').innerHTML = \'<span id="nb_'.$targetTab.'" style="'.$style2.'font-size: 10px;" class="'.$class.'">'.$nbAttach.'</span>\''; $js .= 'window.parent.top.$(\''.$targetTab.'\').style.color=\''.$styleDetail.'\';window.parent.top.$(\''.$targetTab.'_badge\').innerHTML = \'<span id="nb_'.$targetTab.'" style="'.$style2.'font-size: 10px;" class="'.$class.'">'.$nbAttach.'</span>\'';
} elseif ($_REQUEST['origin'] == 'document') {
}else if($_REQUEST['origin'] == 'document'){
$js .= '$(\''.$targetTab.'\').style.color=\''.$styleDetail.'\';$(\''.$targetTab.'_badge\').innerHTML = \'<span id="nb_'.$targetTab.'" style="'.$style2.'font-size: 10px;" class="'.$class.'">'.$nbAttach.'</span>\''; $js .= '$(\''.$targetTab.'\').style.color=\''.$styleDetail.'\';$(\''.$targetTab.'_badge\').innerHTML = \'<span id="nb_'.$targetTab.'" style="'.$style2.'font-size: 10px;" class="'.$class.'">'.$nbAttach.'</span>\'';
} else { } else {
$js .= 'parent.$(\''.$targetTab.'\').style.color=\''.$styleDetail.'\';parent.$(\''.$targetTab.'_badge\').innerHTML = \'<span id="nb_'.$targetTab.'" style="'.$style2.'font-size: 10px;" class="'.$class.'">'.$nbAttach.'</span>\'';
$js .= 'parent.$(\''.$targetTab.'\').style.color=\''.$styleDetail.'\';parent.$(\''.$targetTab.'_badge\').innerHTML = \'<span id="nb_'.$targetTab.'" style="'.$style2.'font-size: 10px;" class="'.$class.'">'.$nbAttach.'</span>\'';
} }
}else{ } else {
if($_REQUEST['origin'] == 'parent'){ if ($_REQUEST['origin'] == 'parent') {
$js .= 'window.parent.top.$(\''.$targetTab.'_img\').style.opacity=\''.$style.'\';window.parent.top.$(\''.$targetTab.'_badge\').innerHTML = \'&nbsp;<sup><span id="nb_'.$targetTab.'" style="'.$style2.'" class="'.$class.'">'.$nbAttach.'</span></sup>\''; $js .= 'window.parent.top.$(\''.$targetTab.'_img\').style.opacity=\''.$style.'\';window.parent.top.$(\''.$targetTab.'_badge\').innerHTML = \'&nbsp;<sup><span id="nb_'.$targetTab.'" style="'.$style2.'" class="'.$class.'">'.$nbAttach.'</span></sup>\'';
} elseif ($_REQUEST['origin'] == 'document') {
}else if($_REQUEST['origin'] == 'document'){
$js .= '$(\''.$targetTab.'_img\').style.opacity=\''.$style.'\';$(\''.$targetTab.'_badge\').innerHTML = \'&nbsp;<sup><span id="nb_'.$targetTab.'" style="'.$style2.'" class="'.$class.'">'.$nbAttach.'</span></sup>\''; $js .= '$(\''.$targetTab.'_img\').style.opacity=\''.$style.'\';$(\''.$targetTab.'_badge\').innerHTML = \'&nbsp;<sup><span id="nb_'.$targetTab.'" style="'.$style2.'" class="'.$class.'">'.$nbAttach.'</span></sup>\'';
} else { } else {
$js .= 'parent.$(\''.$targetTab.'_img\').style.opacity=\''.$style.'\';parent.$(\''.$targetTab.'_badge\').innerHTML = \'&nbsp;<sup><span id="nb_'.$targetTab.'" style="'.$style2.'" class="'.$class.'">'.$nbAttach.'</span></sup>\''; $js .= 'parent.$(\''.$targetTab.'_img\').style.opacity=\''.$style.'\';parent.$(\''.$targetTab.'_badge\').innerHTML = \'&nbsp;<sup><span id="nb_'.$targetTab.'" style="'.$style2.'" class="'.$class.'">'.$nbAttach.'</span></sup>\'';
} }
} }
echo "{status : 0, nav : '".$nav."',content : '', error : '', exec_js : '".addslashes($js)."'}"; echo "{status : 0, nav : '".$nav."',content : '', error : '', exec_js : '".addslashes($js)."'}";
exit(); exit();
\ No newline at end of file
modules/attachments/show_attachments_details_tab.php
+ 18
9
View file @ 439172f5
<?php <?php
/**
* Copyright Maarch since 2008 under licence GPLv3.
* See LICENCE.txt file at the root folder for more details.
* This file is part of Maarch software.
* @brief show_attachments_details_tab
* @author dev <dev@maarch.org>
* @ingroup attachments
*/
require_once 'core' . DIRECTORY_SEPARATOR . 'class' . DIRECTORY_SEPARATOR . 'class_request.php'; require_once 'core' . DIRECTORY_SEPARATOR . 'class' . DIRECTORY_SEPARATOR . 'class_request.php';
require_once 'core' . DIRECTORY_SEPARATOR . 'class' . DIRECTORY_SEPARATOR . 'class_security.php'; require_once 'core' . DIRECTORY_SEPARATOR . 'class' . DIRECTORY_SEPARATOR . 'class_security.php';
$res_id = $_REQUEST["resId"];
$res_id = $_REQUEST["resId"]; $coll_id = $_REQUEST["collId"];
$coll_id = $_REQUEST["collId"];
$from_detail = $_REQUEST["fromDetail"]; $from_detail = $_REQUEST["fromDetail"];
$extraParam =''; $extraParam ='';
$security = new security(); $security = new security();
$right = $security->test_right_doc($coll_id, $res_id); $right = $security->test_right_doc($coll_id, $res_id);
if(!$right){ if (!$right) {
exit(_NO_RIGHT_TXT); exit(_NO_RIGHT_TXT);
} }
if(isset($_REQUEST['attach_type_exclude'])){ if (isset($_REQUEST['attach_type_exclude'])) {
$extraParam = '&attach_type_exclude='.$_REQUEST['attach_type_exclude']; $extraParam = '&attach_type_exclude='.$_REQUEST['attach_type_exclude'];
}else if(isset($_REQUEST['attach_type'])){ } elseif (isset($_REQUEST['attach_type'])) {
$extraParam = '&attach_type='.$_REQUEST['attach_type']; $extraParam = '&attach_type='.$_REQUEST['attach_type'];
} }
...@@ -31,7 +41,6 @@ $core_tools->load_js(); ...@@ -31,7 +41,6 @@ $core_tools->load_js();
$frm_str .= '<div class="ref-unit">'; $frm_str .= '<div class="ref-unit">';
$frm_str .= '<center>'; $frm_str .= '<center>';
if ($core_tools->is_module_loaded('templates') && ($core_tools->test_service('edit_attachments_from_detail', 'attachments', false))) { if ($core_tools->is_module_loaded('templates') && ($core_tools->test_service('edit_attachments_from_detail', 'attachments', false))) {
$frm_str .= '<input type="button" name="attach" id="attach" class="button" value="'. _CREATE_PJ.'" $frm_str .= '<input type="button" name="attach" id="attach" class="button" value="'. _CREATE_PJ.'"
onclick="showAttachmentsForm(\''. $_SESSION['config']['businessappurl'] onclick="showAttachmentsForm(\''. $_SESSION['config']['businessappurl']
. 'index.php?display=true&module=attachments&page=attachments_content&fromDetail=create\',\'98%\',\'auto\')" />'; . 'index.php?display=true&module=attachments&page=attachments_content&fromDetail=create\',\'98%\',\'auto\')" />';
...@@ -40,4 +49,4 @@ $frm_str .= '</center><iframe name="list_attach" id="list_attach" src="'.$_SESSI ...@@ -40,4 +49,4 @@ $frm_str .= '</center><iframe name="list_attach" id="list_attach" src="'.$_SESSI
. 'frameborder="0" width="100%" height="550px"></iframe>'; . 'frameborder="0" width="100%" height="550px"></iframe>';
$frm_str .= '</div>'; $frm_str .= '</div>';
echo $frm_str; echo $frm_str;
\ No newline at end of file
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment