X-Git-Url: http://wagnertech.de/git?a=blobdiff_plain;f=file_download.php;h=e4d35c705035a7632bc0be38e4fdedebc97a2aad;hb=2646345bd9517aafb6b96bfe9cd795ee0f8c8e84;hp=83ff703a5827f44287c42b214717f972a7a953ae;hpb=2a43d526f93570b4aebc325aae96a484943b0c39;p=timetracker.git diff --git a/file_download.php b/file_download.php index 83ff703a..e4d35c70 100644 --- a/file_download.php +++ b/file_download.php @@ -29,6 +29,7 @@ require_once('initialize.php'); import('form.Form'); import('ttFileHelper'); +import('ttTimeHelper'); import('ttProjectHelper'); // Access checks. @@ -39,14 +40,21 @@ if (!$file) { exit(); } // Entity-specific checks. -if ($file['entity_type'] == 'project') { - if (!ttAccessAllowed('manage_projects') || !ttProjectHelper::get($file['entity_id'])) { +$entity_type = $file['entity_type']; +if ($entity_type == 'time') { + if (!(ttAccessAllowed('track_own_time') || ttAccessAllowed('track_time')) || !ttTimeHelper::getRecordForFileView($file['entity_id'])) { header('Location: access_denied.php'); exit(); } } -if ($file['entity_type'] != 'project') { - // Currently, files are only associated with projects. +if ($entity_type == 'project') { + if (!(ttAccessAllowed('view_own_projects') || ttAccessAllowed('manage_projects')) || !ttProjectHelper::get($file['entity_id'])) { + header('Location: access_denied.php'); + exit(); + } +} +if ($entity_type != 'project' && $entity_type != 'time') { + // Currently, files are only associated with time records and projects. // Improve access checks when the feature evolves. header('Location: access_denied.php'); exit(); @@ -55,48 +63,18 @@ if ($file['entity_type'] != 'project') { $fileHelper = new ttFileHelper($err); -$filename = $file['file_name']; -$mime_type = 'image/jpeg'; // Hardcoded type for now. TODO: fix this. - if ($fileHelper->getFile($file)) { header('Pragma: public'); // This is needed for IE8 to download files over https. - header('Content-Type: '.$mime_type); + header('Content-Type: application/octet-stream'); header('Expires: '.gmdate('D, d M Y H:i:s').' GMT'); - header('Content-Disposition: attachment; filename="'.$filename.'"'); + header('Content-Disposition: attachment; filename="'.$file['file_name'].'"'); header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); header('Cache-Control: private', false); echo $fileHelper->getFileData(); exit; -} else - $err->add($i18n->get('error.sys')); - -$form = new Form('fileForm'); -$form->addInput(array('type'=>'hidden','name'=>'id','value'=>$cl_file_id)); -$form->addInput(array('type'=>'text','maxlength'=>'100','name'=>'file_name','style'=>'width: 250px;','value'=>$cl_name)); -$form->getElement('file_name')->setEnabled(false); -$form->addInput(array('type'=>'textarea','name'=>'description','style'=>'width: 250px; height: 40px;','value'=>$cl_description)); -$form->addInput(array('type'=>'submit','name'=>'btn_save','value'=>$i18n->get('button.save'))); - -if ($request->isPost()) { - // Validate user input. - if (!ttValidString($cl_description, true)) $err->add($i18n->get('error.field'), $i18n->get('label.description')); - - if ($err->no()) { - if ($request->getParameter('btn_save')) { - // Update file information. - $updated = ttFileHelper::update(array('id' => $cl_file_id,'description' => $cl_description)); - if ($updated && $file['entity_type'] == 'project') { - header('Location: project_files.php?id='.$file['entity_id']); - exit(); - } else - $err->add($i18n->get('error.db')); - } - } -} // isPost +} -$smarty->assign('forms', array($form->getName()=>$form->toArray())); -$smarty->assign('onload', 'onLoad="document.fileForm.description.focus()"'); -$smarty->assign('title', $i18n->get('title.edit_file')); -$smarty->assign('content_page_name', 'file_edit.tpl'); +$smarty->assign('title', $i18n->get('title.download_file')); +$smarty->assign('content_page_name', 'file_download.tpl'); $smarty->display('index.tpl');