Location: PHPKode > projects > Epiware Document Management > Epiware_4.8.6/epi/epi_lib_folder_user_acc.php
<?
/******************************************************************************
Epiware: Project and Document Management
http://www.epiware.com
Copyright (C) 2006 James Kern

This program is free software; you can redistribute it and/or
modify it under the terms of the GNU General Public License
as published by the Free Software Foundation; either version 2
of the License, or (at your option) any later version. 

This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details. 

You should have received a copy of the GNU General Public License
along with this program; if not, write to the Free Software
Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.

Epiware, Inc. and Praxis Inc, hereby disclaims all copyright
interest in the program 'Epiware' written
by James Kern, Edward Kline, Ryan Gilfether, Ray Gorospe, Patrick Waddingham

06 September 2006
James Kern, President of Epiware 
Jack Chapman, President of Praxis
*****************************************************************************/ 
   require_once("./epi_prepend.php");
 	 require_once("./document_management.inc.php");    
    //----------------------------------------------
   // Do a set/get cookie and then connect to the database 
   //----------------------------------------------
  
   $crypt = new EPI_CRYPT;        
   $user_id = $crypt->WEB_decrypt($enc_user_id);
   $group_id = $crypt->WEB_decrypt($enc_group_id);
   
   if($group_id == "" || $user_id == "") { 
      //-----------------------------------------------------------------------------
      // Either cookie expired or someone is screwing with it .. Do a redicrect to expired
      // and give the option to login from that page and check stuff  
      //-----------------------------------------------------------------------------
      header("Location: expired.php"); 
      exit;
    }


 
 
     $group_access = 1; 
   

//---------------------------------------------------
//  Every page should contain this exact copy in order to ensure  
//  security!!!!!!!!!!!!
//----------------------------------------------------

 

 


   if(isset($f_obj)) {
      // If it sent check to make sure is is valid    
      $enc_f_obj = $f_obj;
      //$enc_f_obj = urlencode($enc_f_obj); 
      $f_obj = $crypt->WEB_decrypt($f_obj);
      if($f_obj != "") {
          $doc_id = $f_obj;
         $access = 1; 
      } else {
          $access = 0;

      }
   }
 



  





 

  //-----------------------------------------------------------------------------------------
  //-----------------------------------------------------------------------------------------
  // OK from here I need to delete from the permission table and then do inserts for both 
  // select lists, included the read and readd_write list 
  //-----------------------------------------------------------------------------------------
  //-----------------------------------------------------------------------------------------

   function do_insert($group_id,$db,$enc_user_id,$doc_id,$access,$crypt) {
        $temp_user_id = $crypt->WEB_decrypt($enc_user_id);
        if($temp_user_id != "") {
          $sql = "insert into permission (user_id,group_id,doc_id,access) values ($temp_user_id,$group_id,$doc_id,$access)";
          $status = $db->perform_action_query($sql);
        }
   }


   //I am wiping out all records that are of user. if user==0 it is a realm 
   //---------------------------------------------------
   $sql="delete from permission where group_id=$group_id and doc_id=$doc_id and user_id>0";
   $result = $db->perform_action_query($sql);   
   if($result) {
        //OK now loop thrugh both lists and do an insert into the permissions table      
		if(isset($read)) {
          for($i = 0; $i < count($read); $i++) {
             do_insert($group_id,$db,$read[$i],$doc_id,1,$crypt);
          }   
		}
		 if(isset($read_write)) {
           for($i = 0; $i < count($read_write); $i++) { 
             do_insert($group_id,$db,$read_write[$i],$doc_id,2,$crypt);
           }     
		 }
         if(isset($folder_read_write)){
           for($i = 0; $i < count($folder_read_write); $i++) { 
             do_insert($group_id,$db,$folder_read_write[$i],$doc_id,3,$crypt);
           }     
         }

   } 




	 

 $realm_id="";
 

 $folder_access=check_folder_access($db,$doc_id,$user_id,$realm_id,$group_id);
 
 if($folder_access==3){
    //--------------------------
    // If this guy has create/read/write access
    // I need to make sure he always has access
	 // TO the folder he creates, or updates...
    //-----------------------------
     ensure_create_priv($db,$doc_id,$user_id,$group_id);
  }
 


 



 $enc_doc_id = $crypt->WEB_encrypt($doc_id);
 $enc_doc_id = urlencode($enc_doc_id);

   if(isset($parent_id)) {
        //$enc_parent_id = $crypt->WEB_encrypt($parent_id);
        // $enc_parent_id = urlencode($enc_parent_id);
        $string = "?f_obj=$enc_doc_id&fm=O&folder_id=$parent_id"; 
    } else {
        $string = "?f_obj=$enc_doc_id&fm=O";
    } 
    if(isset($return_page)){
        header("Location: search_realm.php$string"); 
     } else {
        $return_to=$_POST["return_to"];      
		$loc="search_doc_2.php"; 
        if($return_to!=""){
          $loc=$return_to; 
	    }		 

          //closeWindow();



			$sql = "select name,classification,hits from user_docs where doc_id=$doc_id  and group_id=$group_id";
			$result = $db->perform_looping_query($sql);
			if($row = $db->get_next_row($result)){  
			  $folder_name = $row["name"];
            }


		  $enc_doc_id=$crypt->web_encrypt($doc_id);


          $enc_doc_id=urlencode($enc_doc_id);

          $durl="?doc_id=" . $enc_doc_id;

//		   $durl=htmlspecialchars($durl);

         if(isset($parent_id)){
		    $plain_parent_id=$crypt->web_decrypt($parent_id);
		 } else {
             $plain_parent_id='';
		 }	   

//print "folder_name=$folder_name <BR>";
//print "parent_id=$plain_parent_id <BR>";
//print "mode_general=$mode_general <BR>";
//print "durl=$durl <BR>";
//print "doc_id=$doc_id <BR>";
//exit;

		    closeWindowAddFolder($mode_general,$plain_parent_id,$doc_id,$folder_name,$durl);
    
          // header("Location: $loc$string"); 
     }
   
  exit;


  


function closeWindowAddFolder($mode,$parent_id,$doc_id,$title,$durl) {
      //Create a dummmy HTML paeg that will close on OnLoad



	  //Will assume that if you created folder you have write access.. jkf
	  // ie.. access level 3, for initial draw.
 
      // mode tells me if editing...
	  // if editing, there is a chnace that name is changed....
	  // Need to call function that updates the name that already on the clients..side.

	  // If not editing, we are inserting...  therefore neeed to add folder to tree...


     echo "
      <html>
		  <head>
		  </head>
   	     <body onLoad=\"
      ";      
      if($mode=='edit'){
		 //THis will udpdate the name of follder on clients tree
	     print "window.parent.folderRename($doc_id,'$title');";		  
      } else {
		 //THis will insert new folder
	     print "window.parent.addFolderToTree($parent_id,$doc_id,'$title','f_c_p.gif','3','$durl');";
      }	  		  	 
     echo "
 	   window.parent.window_destroy_target_window(window.parent.pop_window_id);\">
      </body>
      </html>                     
    ";

}


?>
Return current item: Epiware Document Management