-
Notifications
You must be signed in to change notification settings - Fork 123
/
file_delete.php
102 lines (96 loc) · 3.56 KB
/
file_delete.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
<?php
/* Copyright (c) Anuko International Ltd. https://www.anuko.com
License: See license.txt */
require_once('initialize.php');
import('form.Form');
import('ttFileHelper');
import('ttTimeHelper');
import('ttExpenseHelper');
import('ttTimesheetHelper');
import('ttProjectHelper');
// Access checks.
$cl_file_id = (int)$request->getParameter('id');
$file = ttFileHelper::get($cl_file_id);
if (!$file) {
header('Location: access_denied.php');
exit();
}
// Entity-specific checks.
$entity_type = $file['entity_type'];
if ($entity_type == 'time') {
if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time')) || !ttTimeHelper::getRecord($file['entity_id'])) {
header('Location: access_denied.php');
exit();
}
}
if ($entity_type == 'expense') {
if (!(ttAccessAllowed('track_own_expenses') || ttAccessAllowed('track_expenses')) || !ttExpenseHelper::getItemForFileView($file['entity_id'])) {
header('Location: access_denied.php');
exit();
}
}
if ($entity_type == 'timesheet') {
if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time')) || !ttTimesheetHelper::getTimesheet($file['entity_id'])) {
header('Location: access_denied.php');
exit();
}
}
if ($entity_type == 'project') {
if (!ttAccessAllowed('manage_projects') || !ttProjectHelper::get($file['entity_id'])) {
header('Location: access_denied.php');
exit();
}
}
if (!($entity_type == 'time' || $entity_type != 'expense' || $entity_type != 'timesheet' || $entity_type == 'project')) {
// Currently, files are only associated with time records, expense items, timesheets, and projects.
// Improve access checks when the feature evolves.
header('Location: access_denied.php');
exit();
}
// End of access checks.
$file_to_delete = $file['file_name'];
$form = new Form('fileDeleteForm');
$form->addInput(array('type'=>'hidden','name'=>'id','value'=>$cl_file_id));
$form->addInput(array('type'=>'submit','name'=>'btn_delete','value'=>$i18n->get('label.delete')));
$form->addInput(array('type'=>'submit','name'=>'btn_cancel','value'=>$i18n->get('button.cancel')));
if ($request->isPost()) {
if ($request->getParameter('btn_delete')) {
$fileHelper = new ttFileHelper($err);
$deleted = $fileHelper->deleteFile($file);
if ($deleted) {
if ($entity_type == 'time') {
header('Location: time_files.php?id='.$file['entity_id']);
}
if ($entity_type == 'expense') {
header('Location: expense_files.php?id='.$file['entity_id']);
}
if ($entity_type == 'timesheet') {
header('Location: timesheet_files.php?id='.$file['entity_id']);
}
if ($entity_type == 'project') {
header('Location: project_files.php?id='.$file['entity_id']);
}
exit();
}
} elseif ($request->getParameter('btn_cancel')) {
if ($entity_type == 'time') {
header('Location: time_files.php?id='.$file['entity_id']);
}
if ($entity_type == 'expense') {
header('Location: expense_files.php?id='.$file['entity_id']);
}
if ($entity_type == 'timesheet') {
header('Location: timesheet_files.php?id='.$file['entity_id']);
}
if ($entity_type == 'project') {
header('Location: project_files.php?id='.$file['entity_id']);
}
exit();
}
} // isPost
$smarty->assign('file_to_delete', $file_to_delete);
$smarty->assign('forms', array($form->getName()=>$form->toArray()));
$smarty->assign('onload', 'onLoad="document.fileDeleteForm.btn_cancel.focus()"');
$smarty->assign('title', $i18n->get('title.delete_file'));
$smarty->assign('content_page_name', 'file_delete.tpl');
$smarty->display('index.tpl');