forked from craigk5n/webcalendar
-
Notifications
You must be signed in to change notification settings - Fork 0
/
docdel.php
89 lines (80 loc) · 2.45 KB
/
docdel.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
<?php
/**
* Page Description:
* This page will handle deletion of an entry in webcal_blob.
* This could be a comment or an attachment.
*
* Input Parameters:
* For GET:
* blid - unique id, corresponds to webcal_blob.cal_blob_id
*
* Security:
* Only the creator of the comment, the creator of the associated
* event, or an admin can delete.
* (An assistant can also delete their boss' documents.)
* Comments:
* TODO: perhaps add email notification on this
*/
require_once 'includes/init.php';
require_once 'includes/classes/Doc.php';
$blid = getValue ( 'blid', '-?[0-9]+', true );
$can_delete = false; // until proven otherwise
$error = $name = $owner = $type = '';
$event_id = -1;
if ( $is_admin )
$can_delete = true;
$res = dbi_execute ( Doc::getSQLForDocId ( $blid ) );
if ( ! $res )
$error = db_error();
else {
if ( $row = dbi_fetch_row ( $res ) ) {
$doc = new Doc( $row );
$event_id = $doc->getEventId();
$name = $doc->getName();
$owner = $doc->getLogin();
$type = $doc->getType();
if ( $owner == $login || user_is_assistant ( $login, $owner ) )
$can_delete = true;
} else
// document not found
$error = str_replace ( 'XXX', $blid, translate ( 'Invalid entry id XXX.' ) );
dbi_free_result ( $res );
}
if ( empty ( $error ) && ! $can_delete && $event_id > 0 ) {
// See if current user is creator of associated event
$res = dbi_execute ( 'SELECT cal_create_by
FROM webcal_entry
WHERE cal_id = ?', [$event_id] );
if ( $res ) {
if ( $row = dbi_fetch_row ( $res ) ) {
$event_owner = $row[0];
if ( $event_owner == $login || user_is_assistant ( $login, $event_owner ) )
$can_delete = true;
}
dbi_free_result ( $res );
}
}
if ( empty ( $error ) && ! $can_delete )
$error = print_not_auth();
if ( empty ( $error ) && $can_delete ) {
if ( ! dbi_execute ( 'DELETE FROM webcal_blob
WHERE cal_blob_id = ?', [$blid] ) )
$error = db_error();
else {
if ( $event_id > 0 ) {
$removeStr = translate ( 'Removed' );
if ( $type == 'A' )
activity_log ( $event_id, $login, $login, LOG_ATTACHMENT, $removeStr
. ': ' . $name );
elseif ( $type == 'C' )
activity_log ( $event_id, $login, $login, LOG_COMMENT, $removeStr );
}
if ( $event_id > 0 )
do_redirect ( 'view_entry.php?id=' . $event_id );
do_redirect ( get_preferred_view() );
}
}
// Some kind of error...
print_header();
echo print_error ( $error ) . print_trailer();
?>