-
Notifications
You must be signed in to change notification settings - Fork 123
/
file_edit.php
100 lines (93 loc) · 3.55 KB
/
file_edit.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
<?php
/* Copyright (c) Anuko International Ltd. https://www.anuko.com
License: See license.txt */
require_once('initialize.php');
import('form.Form');
import('ttFileHelper');
import('ttTimeHelper');
import('ttExpenseHelper');
import('ttTimesheetHelper');
import('ttProjectHelper');
// Access checks.
$cl_file_id = (int)$request->getParameter('id');
$file = ttFileHelper::get($cl_file_id);
if (!$file) {
header('Location: access_denied.php');
exit();
}
// Entity-specific checks.
$entity_type = $file['entity_type'];
if ($entity_type == 'time') {
if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time')) || !ttTimeHelper::getRecord($file['entity_id'])) {
header('Location: access_denied.php');
exit();
}
}
if ($entity_type == 'expense') {
if (!(ttAccessAllowed('track_own_expenses') || ttAccessAllowed('track_expenses')) || !ttExpenseHelper::getItemForFileView($file['entity_id'])) {
header('Location: access_denied.php');
exit();
}
}
if ($entity_type == 'timesheet') {
if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time')) || !ttTimesheetHelper::getTimesheet($file['entity_id'])) {
header('Location: access_denied.php');
exit();
}
}
if ($entity_type == 'project') {
if (!ttAccessAllowed('manage_projects') || !ttProjectHelper::get($file['entity_id'])) {
header('Location: access_denied.php');
exit();
}
}
if (!($entity_type == 'time' || $entity_type != 'expense' || $entity_type != 'timesheet' || $entity_type == 'project')) {
// Currently, files are only associated with time records, expense items, timesheets, and projects.
// Improve access checks when the feature evolves.
header('Location: access_denied.php');
exit();
}
// End of access checks.
if ($request->isPost()) {
$cl_description = trim($request->getParameter('description'));
} else {
$cl_description = $file['description'];
}
$cl_name = $file['file_name'];
$form = new Form('fileForm');
$form->addInput(array('type'=>'hidden','name'=>'id','value'=>$cl_file_id));
$form->addInput(array('type'=>'text','maxlength'=>'100','name'=>'file_name','value'=>$cl_name));
$form->getElement('file_name')->setEnabled(false);
$form->addInput(array('type'=>'textarea','name'=>'description','value'=>$cl_description));
$form->addInput(array('type'=>'submit','name'=>'btn_save','value'=>$i18n->get('button.save')));
if ($request->isPost()) {
// Validate user input.
if (!ttValidString($cl_description, true)) $err->add($i18n->get('error.field'), $i18n->get('label.description'));
if ($err->no()) {
if ($request->getParameter('btn_save')) {
// Update file information.
$updated = ttFileHelper::update(array('id' => $cl_file_id,'description' => $cl_description));
if ($updated) {
if ($entity_type == 'time') {
header('Location: time_files.php?id='.$file['entity_id']);
}
if ($entity_type == 'expense') {
header('Location: expense_files.php?id='.$file['entity_id']);
}
if ($entity_type == 'timesheet') {
header('Location: timesheet_files.php?id='.$file['entity_id']);
}
if ($entity_type == 'project') {
header('Location: project_files.php?id='.$file['entity_id']);
}
exit();
} else
$err->add($i18n->get('error.db'));
}
}
} // isPost
$smarty->assign('forms', array($form->getName()=>$form->toArray()));
$smarty->assign('onload', 'onLoad="document.fileForm.description.focus()"');
$smarty->assign('title', $i18n->get('title.edit_file'));
$smarty->assign('content_page_name', 'file_edit.tpl');
$smarty->display('index.tpl');