Commit 11e3ecda8a4f22ed18ae278b20335fce30a1e8ca
1 parent
60cb29e7
Added php doc comments to file
git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@26 c91229c3-7414-0410-bfa2-8a42b809f60b
Showing
2 changed files
with
156 additions
and
56 deletions
lib/security.lib.php
| @@ -15,47 +15,61 @@ | @@ -15,47 +15,61 @@ | ||
| 15 | 15 | ||
| 16 | */ | 16 | */ |
| 17 | 17 | ||
| 18 | +/** | ||
| 19 | +* Get the security policy for a specified folder | ||
| 20 | +* | ||
| 21 | +* @param id folder id | ||
| 22 | +* | ||
| 23 | +* @return int 1 = permission granted, 0 = permission denied | ||
| 24 | +*/ | ||
| 18 | function getfolderpolicy($id) { | 25 | function getfolderpolicy($id) { |
| 19 | global $default; | 26 | global $default; |
| 20 | $sql = new Owl_DB; $sql->query("select security from $default->owl_folders_table where id = '$id'"); | 27 | $sql = new Owl_DB; $sql->query("select security from $default->owl_folders_table where id = '$id'"); |
| 21 | while ($sql->next_record()) return $sql->f("security"); | 28 | while ($sql->next_record()) return $sql->f("security"); |
| 22 | } | 29 | } |
| 23 | 30 | ||
| 31 | +/** | ||
| 32 | +* Get the security policy for a specified file | ||
| 33 | +* | ||
| 34 | +* @param id file id | ||
| 35 | +* | ||
| 36 | +* @return int security policy | ||
| 37 | +*/ | ||
| 24 | function getfilepolicy($id) { | 38 | function getfilepolicy($id) { |
| 25 | global $default; | 39 | global $default; |
| 26 | $sql = new Owl_DB; $sql->query("select security from $default->owl_files_table where id = '$id'"); | 40 | $sql = new Owl_DB; $sql->query("select security from $default->owl_files_table where id = '$id'"); |
| 27 | while ($sql->next_record()) return $sql->f("security"); | 41 | while ($sql->next_record()) return $sql->f("security"); |
| 28 | } | 42 | } |
| 29 | 43 | ||
| 30 | -// | ||
| 31 | -// This function is simple...it returns either a 1 or 0 | ||
| 32 | -// If the authentication is good, it returns 1 | ||
| 33 | -// If the authentication is bad, it returns 0 | ||
| 34 | -// | ||
| 35 | -// Policy key for FILES: | ||
| 36 | -// | ||
| 37 | -// 0 = World read | ||
| 38 | -// 1 = World edit | ||
| 39 | -// 6 = World edit no delete | ||
| 40 | -// 2 = Group read | ||
| 41 | -// 3 = Group edit | ||
| 42 | -// 5 = Group edit no delete | ||
| 43 | -// 4 = Creator edit | ||
| 44 | -// 7 = Group edit, World read | ||
| 45 | -// 8 = Group edit, World read - no delete | ||
| 46 | -// | ||
| 47 | -// Policy key for FOLDERS: | ||
| 48 | -// | ||
| 49 | -// 50 = Anyone can read | ||
| 50 | -// 51 = Anyone can upload/create folders | ||
| 51 | -// 56 = Anyone can upload/create folders but not delete | ||
| 52 | -// 52 = Only the group can read | ||
| 53 | -// 53 = Only the group can upload/create folders | ||
| 54 | -// 55 = Only the group can upload/create folders but not delete; except the creator | ||
| 55 | -// 54 = Only the creator can upload/create folders | ||
| 56 | -// 57 = Only the group can upload/create folders but anyone can read | ||
| 57 | -// 58 = Only the group can upload/create folders (no delete) but anyone can read | ||
| 58 | -// | 44 | +/** |
| 45 | +* This function is simple...it returns either a 1 or 0 | ||
| 46 | +* If the authentication is good, it returns 1 | ||
| 47 | +* If the authentication is bad, it returns 0 | ||
| 48 | +* | ||
| 49 | +* Policy key for FILES: | ||
| 50 | +* | ||
| 51 | +* 0 = World read | ||
| 52 | +* 1 = World edit | ||
| 53 | +* 2 = Group read | ||
| 54 | +* 3 = Group edit | ||
| 55 | +* 4 = Creator edit | ||
| 56 | +* 5 = Group edit no delete | ||
| 57 | +* 6 = World edit no delete | ||
| 58 | +* 7 = Group edit, World read | ||
| 59 | +* 8 = Group edit, World read - no delete | ||
| 60 | +* | ||
| 61 | +* Policy key for FOLDERS: | ||
| 62 | +* | ||
| 63 | +* 50 = Anyone can read | ||
| 64 | +* 51 = Anyone can upload/create folders | ||
| 65 | +* 56 = Anyone can upload/create folders but not delete | ||
| 66 | +* 52 = Only the group can read | ||
| 67 | +* 53 = Only the group can upload/create folders | ||
| 68 | +* 55 = Only the group can upload/create folders but not delete; except the creator | ||
| 69 | +* 54 = Only the creator can upload/create folders | ||
| 70 | +* 57 = Only the group can upload/create folders but anyone can read | ||
| 71 | +* 58 = Only the group can upload/create folders (no delete) but anyone can read | ||
| 72 | +*/ | ||
| 59 | 73 | ||
| 60 | function check_auth($id, $action, $userid) { | 74 | function check_auth($id, $action, $userid) { |
| 61 | global $default; | 75 | global $default; |
| @@ -64,13 +78,6 @@ function check_auth($id, $action, $userid) { | @@ -64,13 +78,6 @@ function check_auth($id, $action, $userid) { | ||
| 64 | $foldercreator = owlfoldercreator($id); | 78 | $foldercreator = owlfoldercreator($id); |
| 65 | $filegroup = owlfilegroup($id); | 79 | $filegroup = owlfilegroup($id); |
| 66 | $foldergroup = owlfoldergroup($id); | 80 | $foldergroup = owlfoldergroup($id); |
| 67 | -// print "Action is $action<br>"; | ||
| 68 | -// print "filecreation username is $filecreator<br>"; | ||
| 69 | -// print "filecreation groupname is $filegroup<br>"; | ||
| 70 | -// print "folder group is $foldergroup<br>"; | ||
| 71 | -// print "userid is $userid<br>"; | ||
| 72 | -// print "dbusername is $dbuser<br>"; | ||
| 73 | -// print "usergroup is $usergroup<br>"; | ||
| 74 | 81 | ||
| 75 | if (($action == "folder_modify") || | 82 | if (($action == "folder_modify") || |
| 76 | ($action == "folder_view") || | 83 | ($action == "folder_view") || |
| @@ -80,9 +87,12 @@ function check_auth($id, $action, $userid) { | @@ -80,9 +87,12 @@ function check_auth($id, $action, $userid) { | ||
| 80 | } else { | 87 | } else { |
| 81 | $policy = getfilepolicy($id); | 88 | $policy = getfilepolicy($id); |
| 82 | } | 89 | } |
| 83 | -// print "Policy is $policy<br>"; | 90 | + |
| 91 | + //if policy is: world read | ||
| 84 | if ($policy == "0") { | 92 | if ($policy == "0") { |
| 93 | + //if the user want to delete/modify | ||
| 85 | if (($action == "file_delete") || ($action == "file_modify")) { | 94 | if (($action == "file_delete") || ($action == "file_modify")) { |
| 95 | + //if the user is not the file create | ||
| 86 | if ($userid != $filecreator) { | 96 | if ($userid != $filecreator) { |
| 87 | $authorization = "0"; | 97 | $authorization = "0"; |
| 88 | } else { | 98 | } else { |
| @@ -92,10 +102,13 @@ function check_auth($id, $action, $userid) { | @@ -92,10 +102,13 @@ function check_auth($id, $action, $userid) { | ||
| 92 | $authorization = "1"; | 102 | $authorization = "1"; |
| 93 | } | 103 | } |
| 94 | } | 104 | } |
| 105 | + //if the policy is: world edit | ||
| 95 | if ($policy == "1") { | 106 | if ($policy == "1") { |
| 96 | $authorization = "1"; | 107 | $authorization = "1"; |
| 97 | } | 108 | } |
| 109 | + //if the policy is: group read | ||
| 98 | if ($policy == "2") { | 110 | if ($policy == "2") { |
| 111 | + //if the user wants to delete/modify the file | ||
| 99 | if (($action == "file_delete") || ($action == "file_modify")) { | 112 | if (($action == "file_delete") || ($action == "file_modify")) { |
| 100 | if ($userid != $filecreator) { | 113 | if ($userid != $filecreator) { |
| 101 | $authorization = "0"; | 114 | $authorization = "0"; |
| @@ -106,6 +119,7 @@ function check_auth($id, $action, $userid) { | @@ -106,6 +119,7 @@ function check_auth($id, $action, $userid) { | ||
| 106 | // Bozz Change Begin | 119 | // Bozz Change Begin |
| 107 | $sql = new Owl_DB; | 120 | $sql = new Owl_DB; |
| 108 | $sql->query("SELECT * FROM $default->owl_users_grpmem_table WHERE userid = '$userid' and groupid = '$filegroup'"); | 121 | $sql->query("SELECT * FROM $default->owl_users_grpmem_table WHERE userid = '$userid' and groupid = '$filegroup'"); |
| 122 | + //if the user is in the group | ||
| 109 | if ($filegroup == $usergroup || $sql->num_rows($sql) > 0) { | 123 | if ($filegroup == $usergroup || $sql->num_rows($sql) > 0) { |
| 110 | // Bozz Change End | 124 | // Bozz Change End |
| 111 | $authorization = "1"; | 125 | $authorization = "1"; |
| @@ -115,33 +129,38 @@ function check_auth($id, $action, $userid) { | @@ -115,33 +129,38 @@ function check_auth($id, $action, $userid) { | ||
| 115 | } | 129 | } |
| 116 | 130 | ||
| 117 | } | 131 | } |
| 132 | + //if the policy is: group edit | ||
| 118 | if ($policy == "3") { | 133 | if ($policy == "3") { |
| 119 | if (($action == "file_delete") || ($action == "file_modify") || ($action == "file_download")) { | 134 | if (($action == "file_delete") || ($action == "file_modify") || ($action == "file_download")) { |
| 120 | // Bozz Change Begin | 135 | // Bozz Change Begin |
| 121 | $sql = new Owl_DB; | 136 | $sql = new Owl_DB; |
| 122 | $sql->query("SELECT * FROM $default->owl_users_grpmem_table WHERE userid = '$userid' and groupid = '$filegroup'"); | 137 | $sql->query("SELECT * FROM $default->owl_users_grpmem_table WHERE userid = '$userid' and groupid = '$filegroup'"); |
| 123 | // Bozz Change End | 138 | // Bozz Change End |
| 139 | + //if the user is not in the group | ||
| 124 | if ($usergroup != $filegroup && $sql->num_rows($sql) == 0) { | 140 | if ($usergroup != $filegroup && $sql->num_rows($sql) == 0) { |
| 125 | $authorization = "0"; | 141 | $authorization = "0"; |
| 126 | } else { | 142 | } else { |
| 127 | $authorization = "1"; | 143 | $authorization = "1"; |
| 128 | } | 144 | } |
| 129 | - | ||
| 130 | } | 145 | } |
| 131 | } | 146 | } |
| 147 | + //if the policy is: creator edit | ||
| 132 | if ($policy == "4") { | 148 | if ($policy == "4") { |
| 149 | + //if the user is the creator | ||
| 133 | if ($filecreator == $userid) { | 150 | if ($filecreator == $userid) { |
| 134 | $authorization = "1"; | 151 | $authorization = "1"; |
| 135 | } else { | 152 | } else { |
| 136 | $authorization = "0"; | 153 | $authorization = "0"; |
| 137 | } | 154 | } |
| 138 | } | 155 | } |
| 156 | + //if the policy is: group edit no delete | ||
| 139 | if ($policy == "5") { | 157 | if ($policy == "5") { |
| 140 | if (($action == "file_modify") || ($action == "file_download")) { | 158 | if (($action == "file_modify") || ($action == "file_download")) { |
| 141 | // Bozz Change Begin | 159 | // Bozz Change Begin |
| 142 | $sql = new Owl_DB; | 160 | $sql = new Owl_DB; |
| 143 | $sql->query("SELECT * FROM $default->owl_users_grpmem_table WHERE userid = '$userid' and groupid = '$filegroup'"); | 161 | $sql->query("SELECT * FROM $default->owl_users_grpmem_table WHERE userid = '$userid' and groupid = '$filegroup'"); |
| 144 | // Bozz Change End | 162 | // Bozz Change End |
| 163 | + //if the user is in the group | ||
| 145 | if ($usergroup != $filegroup && $sql->num_rows($sql) == 0) { | 164 | if ($usergroup != $filegroup && $sql->num_rows($sql) == 0) { |
| 146 | $authorization = "0"; | 165 | $authorization = "0"; |
| 147 | } else { | 166 | } else { |
| @@ -149,6 +168,7 @@ function check_auth($id, $action, $userid) { | @@ -149,6 +168,7 @@ function check_auth($id, $action, $userid) { | ||
| 149 | } | 168 | } |
| 150 | } | 169 | } |
| 151 | if ($action == "file_delete") { | 170 | if ($action == "file_delete") { |
| 171 | + //if the user is the file creator | ||
| 152 | if ($filecreator == $userid) { | 172 | if ($filecreator == $userid) { |
| 153 | $authorization = "1"; | 173 | $authorization = "1"; |
| 154 | } else { | 174 | } else { |
| @@ -156,9 +176,11 @@ function check_auth($id, $action, $userid) { | @@ -156,9 +176,11 @@ function check_auth($id, $action, $userid) { | ||
| 156 | } | 176 | } |
| 157 | } | 177 | } |
| 158 | } | 178 | } |
| 179 | + //if the policy is: world edit no delete | ||
| 159 | if ($policy == "6") { | 180 | if ($policy == "6") { |
| 160 | $authorization = "1"; | 181 | $authorization = "1"; |
| 161 | if ($action == "file_delete") { | 182 | if ($action == "file_delete") { |
| 183 | + //if the user is the creator | ||
| 162 | if ($filecreator == $userid) { | 184 | if ($filecreator == $userid) { |
| 163 | $authorization = "1"; | 185 | $authorization = "1"; |
| 164 | } else { | 186 | } else { |
| @@ -166,26 +188,28 @@ function check_auth($id, $action, $userid) { | @@ -166,26 +188,28 @@ function check_auth($id, $action, $userid) { | ||
| 166 | } | 188 | } |
| 167 | } | 189 | } |
| 168 | } | 190 | } |
| 191 | + //if the policy is: group edit world read | ||
| 169 | if ($policy == "7") { | 192 | if ($policy == "7") { |
| 170 | if (($action == "file_delete") || ($action == "file_modify")) { | 193 | if (($action == "file_delete") || ($action == "file_modify")) { |
| 171 | $sql = new Owl_DB; | 194 | $sql = new Owl_DB; |
| 172 | - $sql->query("SELECT * FROM $default->owl_users_grpmem_table WHERE userid = '$userid' and groupid = '$filegroup'"); | 195 | + $sql->query("SELECT * FROM $default->owl_users_grpmem_table WHERE userid = '$userid' and groupid = '$filegroup'"); |
| 196 | + //if the user is not in the group | ||
| 173 | if ($usergroup != $filegroup && $sql->num_rows($sql) == 0) { | 197 | if ($usergroup != $filegroup && $sql->num_rows($sql) == 0) { |
| 174 | $authorization = "0"; | 198 | $authorization = "0"; |
| 175 | } else { | 199 | } else { |
| 176 | $authorization = "1"; | 200 | $authorization = "1"; |
| 177 | } | 201 | } |
| 178 | - | ||
| 179 | } | 202 | } |
| 180 | if ($action == "file_download") { | 203 | if ($action == "file_download") { |
| 181 | $authorization = "1"; | 204 | $authorization = "1"; |
| 182 | } | 205 | } |
| 183 | } | 206 | } |
| 184 | - | 207 | + //if the policy is: group edit, world read, no delete |
| 185 | if ($policy == "8") { | 208 | if ($policy == "8") { |
| 186 | if ($action == "file_modify") { | 209 | if ($action == "file_modify") { |
| 187 | $sql = new Owl_DB; | 210 | $sql = new Owl_DB; |
| 188 | - $sql->query("SELECT * FROM $default->owl_users_grpmem_table WHERE userid = '$userid' and groupid = '$filegroup'"); | 211 | + $sql->query("SELECT * FROM $default->owl_users_grpmem_table WHERE userid = '$userid' and groupid = '$filegroup'"); |
| 212 | + //if the user is not in the group | ||
| 189 | if ($usergroup != $filegroup && $sql->num_rows($sql) == 0) { | 213 | if ($usergroup != $filegroup && $sql->num_rows($sql) == 0) { |
| 190 | $authorization = "0"; | 214 | $authorization = "0"; |
| 191 | } else { | 215 | } else { |
| @@ -196,6 +220,7 @@ function check_auth($id, $action, $userid) { | @@ -196,6 +220,7 @@ function check_auth($id, $action, $userid) { | ||
| 196 | $authorization = "1"; | 220 | $authorization = "1"; |
| 197 | } | 221 | } |
| 198 | if ($action == "file_delete") { | 222 | if ($action == "file_delete") { |
| 223 | + //if the user is the creator | ||
| 199 | if ($filecreator == $userid) { | 224 | if ($filecreator == $userid) { |
| 200 | $authorization = "1"; | 225 | $authorization = "1"; |
| 201 | } else { | 226 | } else { |
| @@ -203,11 +228,12 @@ function check_auth($id, $action, $userid) { | @@ -203,11 +228,12 @@ function check_auth($id, $action, $userid) { | ||
| 203 | } | 228 | } |
| 204 | } | 229 | } |
| 205 | } | 230 | } |
| 206 | - | 231 | + //if the policy is: anyone can read |
| 207 | if ($policy == "50") { | 232 | if ($policy == "50") { |
| 208 | if (($action == "folder_delete") || | 233 | if (($action == "folder_delete") || |
| 209 | ($action == "folder_property") || | 234 | ($action == "folder_property") || |
| 210 | ($action == "folder_modify")) { | 235 | ($action == "folder_modify")) { |
| 236 | + //if the user is not the creator | ||
| 211 | if ($userid != $foldercreator) { | 237 | if ($userid != $foldercreator) { |
| 212 | $authorization = "0"; | 238 | $authorization = "0"; |
| 213 | } else { | 239 | } else { |
| @@ -217,9 +243,13 @@ function check_auth($id, $action, $userid) { | @@ -217,9 +243,13 @@ function check_auth($id, $action, $userid) { | ||
| 217 | $authorization = "1"; | 243 | $authorization = "1"; |
| 218 | } | 244 | } |
| 219 | } | 245 | } |
| 246 | + | ||
| 247 | + //if the policy is: anyone can upload/create folders | ||
| 220 | if ($policy == "51") { | 248 | if ($policy == "51") { |
| 221 | $authorization = "1"; | 249 | $authorization = "1"; |
| 222 | } | 250 | } |
| 251 | + | ||
| 252 | + //if the policy is: only the group can read folders | ||
| 223 | if ($policy == "52") { | 253 | if ($policy == "52") { |
| 224 | if (($action == "folder_delete") || | 254 | if (($action == "folder_delete") || |
| 225 | ($action == "folder_property") || | 255 | ($action == "folder_property") || |
| @@ -242,6 +272,8 @@ function check_auth($id, $action, $userid) { | @@ -242,6 +272,8 @@ function check_auth($id, $action, $userid) { | ||
| 242 | } | 272 | } |
| 243 | 273 | ||
| 244 | } | 274 | } |
| 275 | + | ||
| 276 | + //if the policy is: only the group can upload/create folders | ||
| 245 | if ($policy == "53") { | 277 | if ($policy == "53") { |
| 246 | if (($action == "folder_delete") || | 278 | if (($action == "folder_delete") || |
| 247 | ($action == "folder_modify") || | 279 | ($action == "folder_modify") || |
| @@ -250,6 +282,7 @@ function check_auth($id, $action, $userid) { | @@ -250,6 +282,7 @@ function check_auth($id, $action, $userid) { | ||
| 250 | // Bozz Change Begin | 282 | // Bozz Change Begin |
| 251 | $sql = new Owl_DB; | 283 | $sql = new Owl_DB; |
| 252 | $sql->query("SELECT * FROM $default->owl_users_grpmem_table WHERE userid = '$userid' and groupid = '$foldergroup'"); | 284 | $sql->query("SELECT * FROM $default->owl_users_grpmem_table WHERE userid = '$userid' and groupid = '$foldergroup'"); |
| 285 | + //if the user is not in the group | ||
| 253 | if ($usergroup != $foldergroup && $sql->num_rows($sql) == 0) { | 286 | if ($usergroup != $foldergroup && $sql->num_rows($sql) == 0) { |
| 254 | // Bozz Change End | 287 | // Bozz Change End |
| 255 | $authorization = "0"; | 288 | $authorization = "0"; |
| @@ -258,13 +291,18 @@ function check_auth($id, $action, $userid) { | @@ -258,13 +291,18 @@ function check_auth($id, $action, $userid) { | ||
| 258 | } | 291 | } |
| 259 | } | 292 | } |
| 260 | } | 293 | } |
| 294 | + | ||
| 295 | + //if the policy is: only the creator can upload/change files | ||
| 261 | if ($policy == "54") { | 296 | if ($policy == "54") { |
| 297 | + //if the user is the creator | ||
| 262 | if ($foldercreator == $userid) { | 298 | if ($foldercreator == $userid) { |
| 263 | $authorization = "1"; | 299 | $authorization = "1"; |
| 264 | } else { | 300 | } else { |
| 265 | $authorization = "0"; | 301 | $authorization = "0"; |
| 266 | } | 302 | } |
| 267 | } | 303 | } |
| 304 | + | ||
| 305 | + //if the policy is: only the group can upload/create folders but not delete; except the creator | ||
| 268 | if ($policy == "55") { | 306 | if ($policy == "55") { |
| 269 | if (($action == "folder_modify") || ($action == "folder_view")) { | 307 | if (($action == "folder_modify") || ($action == "folder_view")) { |
| 270 | // Bozz Change Begin | 308 | // Bozz Change Begin |
| @@ -286,10 +324,12 @@ function check_auth($id, $action, $userid) { | @@ -286,10 +324,12 @@ function check_auth($id, $action, $userid) { | ||
| 286 | } | 324 | } |
| 287 | } | 325 | } |
| 288 | } | 326 | } |
| 327 | + //if the policy is: anyone can upload/create folders but not delete | ||
| 289 | if ($policy == "56") { | 328 | if ($policy == "56") { |
| 290 | $authorization = "1"; | 329 | $authorization = "1"; |
| 291 | if (($action == "folder_delete") || | 330 | if (($action == "folder_delete") || |
| 292 | ($action == "folder_property")) { | 331 | ($action == "folder_property")) { |
| 332 | + //if the user is the creator | ||
| 293 | if ($foldercreator == $userid) { | 333 | if ($foldercreator == $userid) { |
| 294 | $authorization = "1"; | 334 | $authorization = "1"; |
| 295 | } else { | 335 | } else { |
| @@ -298,10 +338,12 @@ function check_auth($id, $action, $userid) { | @@ -298,10 +338,12 @@ function check_auth($id, $action, $userid) { | ||
| 298 | } | 338 | } |
| 299 | } | 339 | } |
| 300 | 340 | ||
| 341 | + //if the policy is: only the group can upload/create folders but anyone can read | ||
| 301 | if ($policy == "57") { | 342 | if ($policy == "57") { |
| 302 | if (($action == "folder_modify") || ($action == "folder_delete")) { | 343 | if (($action == "folder_modify") || ($action == "folder_delete")) { |
| 303 | $sql = new Owl_DB; | 344 | $sql = new Owl_DB; |
| 304 | - $sql->query("SELECT * FROM $default->owl_users_grpmem_table WHERE userid = '$userid' and groupid = '$foldergroup'"); | 345 | + $sql->query("SELECT * FROM $default->owl_users_grpmem_table WHERE userid = '$userid' and groupid = '$foldergroup'"); |
| 346 | + //if the user is not in the group | ||
| 305 | if (($usergroup != $foldergroup) && ($sql->num_rows($sql) == 0)) { | 347 | if (($usergroup != $foldergroup) && ($sql->num_rows($sql) == 0)) { |
| 306 | $authorization = "0"; | 348 | $authorization = "0"; |
| 307 | } else { | 349 | } else { |
| @@ -309,6 +351,7 @@ function check_auth($id, $action, $userid) { | @@ -309,6 +351,7 @@ function check_auth($id, $action, $userid) { | ||
| 309 | } | 351 | } |
| 310 | } | 352 | } |
| 311 | if ($action == "folder_property") { | 353 | if ($action == "folder_property") { |
| 354 | + //if the user is the creator | ||
| 312 | if ($foldercreator == $userid) { | 355 | if ($foldercreator == $userid) { |
| 313 | $authorization = "1"; | 356 | $authorization = "1"; |
| 314 | } else { | 357 | } else { |
| @@ -319,11 +362,12 @@ function check_auth($id, $action, $userid) { | @@ -319,11 +362,12 @@ function check_auth($id, $action, $userid) { | ||
| 319 | $authorization = "1"; | 362 | $authorization = "1"; |
| 320 | } | 363 | } |
| 321 | } | 364 | } |
| 322 | - | 365 | + //if the policy is: only the group can upload/create folders (no delete) but anyone can read |
| 323 | if ($policy == "58") { | 366 | if ($policy == "58") { |
| 324 | if ($action == "folder_modify") { | 367 | if ($action == "folder_modify") { |
| 325 | $sql = new Owl_DB; | 368 | $sql = new Owl_DB; |
| 326 | - $sql->query("SELECT * FROM $default->owl_users_grpmem_table WHERE userid = '$userid' and groupid = '$foldergroup'"); | 369 | + $sql->query("SELECT * FROM $default->owl_users_grpmem_table WHERE userid = '$userid' and groupid = '$foldergroup'"); |
| 370 | + //if the user is not in the group | ||
| 327 | if ($usergroup != $foldergroup && $sql->num_rows($sql) == 0) { | 371 | if ($usergroup != $foldergroup && $sql->num_rows($sql) == 0) { |
| 328 | $authorization = "0"; | 372 | $authorization = "0"; |
| 329 | } else { | 373 | } else { |
| @@ -331,6 +375,7 @@ function check_auth($id, $action, $userid) { | @@ -331,6 +375,7 @@ function check_auth($id, $action, $userid) { | ||
| 331 | } | 375 | } |
| 332 | } | 376 | } |
| 333 | if ($action == "folder_property") { | 377 | if ($action == "folder_property") { |
| 378 | + //if the user is the creator | ||
| 334 | if ($foldercreator == $userid) { | 379 | if ($foldercreator == $userid) { |
| 335 | $authorization = "1"; | 380 | $authorization = "1"; |
| 336 | } else { | 381 | } else { |
| @@ -338,6 +383,7 @@ function check_auth($id, $action, $userid) { | @@ -338,6 +383,7 @@ function check_auth($id, $action, $userid) { | ||
| 338 | } | 383 | } |
| 339 | } | 384 | } |
| 340 | if ($action == "folder_delete") { | 385 | if ($action == "folder_delete") { |
| 386 | + //if the user is the creator | ||
| 341 | if ($foldercreator == $userid) { | 387 | if ($foldercreator == $userid) { |
| 342 | $authorization = "1"; | 388 | $authorization = "1"; |
| 343 | } else { | 389 | } else { |
move.php
| @@ -3,6 +3,8 @@ | @@ -3,6 +3,8 @@ | ||
| 3 | /* | 3 | /* |
| 4 | * move.php | 4 | * move.php |
| 5 | * | 5 | * |
| 6 | + * Move a folder or a file to a new destination | ||
| 7 | + * | ||
| 6 | * Copyright (c) 1999-2002 The Owl Project Team | 8 | * Copyright (c) 1999-2002 The Owl Project Team |
| 7 | * Licensed under the GNU GPL. For full terms see the file COPYING. | 9 | * Licensed under the GNU GPL. For full terms see the file COPYING. |
| 8 | * | 10 | * |
| @@ -46,14 +48,18 @@ switch ($order) { | @@ -46,14 +48,18 @@ switch ($order) { | ||
| 46 | 48 | ||
| 47 | 49 | ||
| 48 | if($action == "file") { | 50 | if($action == "file") { |
| 51 | + //if the user does not have permission to modify the file | ||
| 49 | if(check_auth($id, "file_modify", $userid) == 0) { | 52 | if(check_auth($id, "file_modify", $userid) == 0) { |
| 50 | include("./lib/header.inc"); | 53 | include("./lib/header.inc"); |
| 51 | print("<TABLE WIDTH=$default->table_expand_width BGCOLOR=$default->main_header_bgcolor CELLSPACING=0 CELLPADDING=0 BORDER=$default->table_border HEIGHT=30>"); | 54 | print("<TABLE WIDTH=$default->table_expand_width BGCOLOR=$default->main_header_bgcolor CELLSPACING=0 CELLPADDING=0 BORDER=$default->table_border HEIGHT=30>"); |
| 52 | ?> | 55 | ?> |
| 53 | <TR><TD ALIGN=LEFT> | 56 | <TR><TD ALIGN=LEFT> |
| 54 | <?php print("$lang_user: "); | 57 | <?php print("$lang_user: "); |
| 58 | + | ||
| 59 | + //if the user has access to his/her preferences | ||
| 60 | + //print a link to the user's preferences | ||
| 55 | if(prefaccess($userid)) { | 61 | if(prefaccess($userid)) { |
| 56 | - print("<A HREF='prefs.php?owluser=$userid&sess=$sess&expand=$expand&order=$order&sortname=$sortname'>"); | 62 | + print("<A HREF='prefs.php?owluser=$userid&sess=$sess&expand=$expand&order=$order&sortname=$sortname'>"); |
| 57 | } | 63 | } |
| 58 | print uid_to_name($userid); | 64 | print uid_to_name($userid); |
| 59 | print ("</A>"); | 65 | print ("</A>"); |
| @@ -69,14 +75,18 @@ if($action == "file") { | @@ -69,14 +75,18 @@ if($action == "file") { | ||
| 69 | exit($lang_nofilemod); | 75 | exit($lang_nofilemod); |
| 70 | } | 76 | } |
| 71 | } else { | 77 | } else { |
| 78 | + //if the user does not have permission to modify the folder | ||
| 72 | if(check_auth($id, "folder_modify", $userid) == 0) { | 79 | if(check_auth($id, "folder_modify", $userid) == 0) { |
| 73 | include("./lib/header.inc"); | 80 | include("./lib/header.inc"); |
| 74 | print("<TABLE WIDTH=$default->table_expand_width BGCOLOR=$default->main_header_bgcolor CELLSPACING=0 CELLPADDING=0 BORDER=$default->table_border HEIGHT=30>"); | 81 | print("<TABLE WIDTH=$default->table_expand_width BGCOLOR=$default->main_header_bgcolor CELLSPACING=0 CELLPADDING=0 BORDER=$default->table_border HEIGHT=30>"); |
| 75 | ?> | 82 | ?> |
| 76 | <TR><TD ALIGN=LEFT> | 83 | <TR><TD ALIGN=LEFT> |
| 77 | <?php print("$lang_user: "); | 84 | <?php print("$lang_user: "); |
| 85 | + | ||
| 86 | + //if the user has access to his/her preferences | ||
| 87 | + //print a link to the user's preferences | ||
| 78 | if(prefaccess($userid)) { | 88 | if(prefaccess($userid)) { |
| 79 | - print("<A HREF='prefs.php?owluser=$userid&sess=$sess&expand=$expand&order=$order&sortname=$sortname'>"); | 89 | + print("<A HREF='prefs.php?owluser=$userid&sess=$sess&expand=$expand&order=$order&sortname=$sortname'>"); |
| 80 | } | 90 | } |
| 81 | print uid_to_name($userid); | 91 | print uid_to_name($userid); |
| 82 | print ("</A>"); | 92 | print ("</A>"); |
| @@ -92,9 +102,17 @@ if($action == "file") { | @@ -92,9 +102,17 @@ if($action == "file") { | ||
| 92 | } | 102 | } |
| 93 | } | 103 | } |
| 94 | 104 | ||
| 105 | + | ||
| 106 | +/** | ||
| 107 | +* Check for new folders. Sets $newFolder to the new folder id | ||
| 108 | +*/ | ||
| 95 | function checkForNewFolder() { | 109 | function checkForNewFolder() { |
| 96 | global $HTTP_POST_VARS, $newFolder; | 110 | global $HTTP_POST_VARS, $newFolder; |
| 97 | - if (!is_array($HTTP_POST_VARS)) return; | 111 | + if (!is_array($HTTP_POST_VARS)) |
| 112 | + { | ||
| 113 | + return; | ||
| 114 | + } | ||
| 115 | + | ||
| 98 | while (list($key, $value) = each ($HTTP_POST_VARS)) { | 116 | while (list($key, $value) = each ($HTTP_POST_VARS)) { |
| 99 | if (substr($key,0,2)=="ID") { | 117 | if (substr($key,0,2)=="ID") { |
| 100 | $newFolder = intval(substr($key,2)); | 118 | $newFolder = intval(substr($key,2)); |
| @@ -103,27 +121,58 @@ function checkForNewFolder() { | @@ -103,27 +121,58 @@ function checkForNewFolder() { | ||
| 103 | } | 121 | } |
| 104 | } | 122 | } |
| 105 | 123 | ||
| 124 | +/** | ||
| 125 | +* Display all the sub-folders in a folder | ||
| 126 | +* | ||
| 127 | +* @param $fid folder id | ||
| 128 | +* @param $folder folder name | ||
| 129 | +* | ||
| 130 | +*/ | ||
| 106 | function showFoldersIn($fid, $folder) { | 131 | function showFoldersIn($fid, $folder) { |
| 107 | global $folderList, $fCount, $fDepth, $excludeID, $action, $id, $default, $userid ; | 132 | global $folderList, $fCount, $fDepth, $excludeID, $action, $id, $default, $userid ; |
| 108 | for ($c=0 ;$c < ($fDepth-1) ; $c++) print "<img src='$default->owl_root_url/locale/$default->owl_lang/graphics/icons/blank.gif' height=16 width=18 align=top>"; | 133 | for ($c=0 ;$c < ($fDepth-1) ; $c++) print "<img src='$default->owl_root_url/locale/$default->owl_lang/graphics/icons/blank.gif' height=16 width=18 align=top>"; |
| 109 | if ($fDepth) print "<img src='$default->owl_root_url/locale/$default->owl_lang/graphics/icons/link.gif' height=16 width=16 align=top>"; | 134 | if ($fDepth) print "<img src='$default->owl_root_url/locale/$default->owl_lang/graphics/icons/link.gif' height=16 width=16 align=top>"; |
| 110 | 135 | ||
| 111 | $gray=0; // Work out when to gray out folders ... | 136 | $gray=0; // Work out when to gray out folders ... |
| 112 | - if ($fid==$excludeID) $gray=1; // current parent for all moves | ||
| 113 | - if (($action=="folder") && ($fid==$id)) $gray=1; // subtree for folder moves | ||
| 114 | - if (check_auth($fid, "folder_modify", $userid) == 0) $gray = 1; // check for permissions | ||
| 115 | - | 137 | + |
| 138 | + //current parent for all moves | ||
| 139 | + if ($fid==$excludeID) | ||
| 140 | + { | ||
| 141 | + $gray=1; | ||
| 142 | + } | ||
| 143 | + //subtree for folder moves | ||
| 144 | + //can't move a folder to itself | ||
| 145 | + if (($action=="folder") && ($fid==$id)) | ||
| 146 | + { | ||
| 147 | + $gray=1; | ||
| 148 | + } | ||
| 149 | + //check for permissions | ||
| 150 | + //if you don't have folder modify permissions | ||
| 151 | + if (check_auth($fid, "folder_modify", $userid) == 0) | ||
| 152 | + { | ||
| 153 | + $gray = 1; | ||
| 154 | + } | ||
| 116 | 155 | ||
| 156 | + | ||
| 117 | if ($gray) { | 157 | if ($gray) { |
| 118 | print "<img src='$default->owl_root_url/locale/$default->owl_lang/graphics/icons/folder_gray.gif' height=16 width=16 align=top>"; | 158 | print "<img src='$default->owl_root_url/locale/$default->owl_lang/graphics/icons/folder_gray.gif' height=16 width=16 align=top>"; |
| 119 | print " <font color=\"silver\">$folder</font><br>\n"; | 159 | print " <font color=\"silver\">$folder</font><br>\n"; |
| 120 | - } else { | 160 | + } |
| 161 | + else | ||
| 162 | + { | ||
| 121 | print "<input type='image' border=0 src='$default->owl_root_url/locale/$default->owl_lang/graphics/icons/folder_closed.gif' height=16 width=16 align=top name=\"ID"; | 163 | print "<input type='image' border=0 src='$default->owl_root_url/locale/$default->owl_lang/graphics/icons/folder_closed.gif' height=16 width=16 align=top name=\"ID"; |
| 122 | print "$fid\"> $folder<br>\n"; | 164 | print "$fid\"> $folder<br>\n"; |
| 123 | } | 165 | } |
| 124 | 166 | ||
| 125 | - if (($action=="folder") && ($fid==$id)) return; // Don't show subtree of selected folder as target for folder move | ||
| 126 | - for ($c=0; $c<$fCount; $c++) { | 167 | + //Don't show subtree of selected folder as target for folder move |
| 168 | + if (($action=="folder") && ($fid==$id)) | ||
| 169 | + { | ||
| 170 | + return; | ||
| 171 | + } | ||
| 172 | + | ||
| 173 | + //recurse through all the folders in the current folder and | ||
| 174 | + //display their sub-folders | ||
| 175 | + for ($c=0; $c < $fCount; $c++) { | ||
| 127 | if ($folderList[$c][2]==$fid) { | 176 | if ($folderList[$c][2]==$fid) { |
| 128 | $fDepth++; | 177 | $fDepth++; |
| 129 | showFoldersIn( $folderList[$c][0] , $folderList[$c][1] ); | 178 | showFoldersIn( $folderList[$c][0] , $folderList[$c][1] ); |
| @@ -138,12 +187,14 @@ if ($action=="$lang_cancel_button") { | @@ -138,12 +187,14 @@ if ($action=="$lang_cancel_button") { | ||
| 138 | } | 187 | } |
| 139 | 188 | ||
| 140 | checkForNewFolder(); | 189 | checkForNewFolder(); |
| 190 | +//if there is a new folder | ||
| 141 | if (isset($newFolder)) { | 191 | if (isset($newFolder)) { |
| 142 | $sql = new Owl_DB; | 192 | $sql = new Owl_DB; |
| 143 | 193 | ||
| 144 | $source=""; | 194 | $source=""; |
| 145 | $fID=$parent; | 195 | $fID=$parent; |
| 146 | do { | 196 | do { |
| 197 | + //build the directory path from the root folder to the current parent folder | ||
| 147 | $sql->query("select name,parent from $default->owl_folders_table where id='$fID'"); | 198 | $sql->query("select name,parent from $default->owl_folders_table where id='$fID'"); |
| 148 | while($sql->next_record()) { | 199 | while($sql->next_record()) { |
| 149 | $tName = $sql->f("name"); | 200 | $tName = $sql->f("name"); |
| @@ -155,6 +206,7 @@ if (isset($newFolder)) { | @@ -155,6 +206,7 @@ if (isset($newFolder)) { | ||
| 155 | $dest=""; | 206 | $dest=""; |
| 156 | $fID=$newFolder; | 207 | $fID=$newFolder; |
| 157 | do { | 208 | do { |
| 209 | + //build the directory path from the root folder to the new folder | ||
| 158 | $sql->query("select name,parent from $default->owl_folders_table where id='$fID'"); | 210 | $sql->query("select name,parent from $default->owl_folders_table where id='$fID'"); |
| 159 | while($sql->next_record()) { | 211 | while($sql->next_record()) { |
| 160 | $tName = $sql->f("name"); | 212 | $tName = $sql->f("name"); |
| @@ -180,6 +232,8 @@ if (isset($newFolder)) { | @@ -180,6 +232,8 @@ if (isset($newFolder)) { | ||
| 180 | } | 232 | } |
| 181 | 233 | ||
| 182 | 234 | ||
| 235 | + //if we're using the file system | ||
| 236 | + //then move the file | ||
| 183 | if($default->owl_use_fs) { | 237 | if($default->owl_use_fs) { |
| 184 | if ($type != "url") { | 238 | if ($type != "url") { |
| 185 | if (!file_exists("$default->owl_FileDir/$dest$fname")) { | 239 | if (!file_exists("$default->owl_FileDir/$dest$fname")) { |