Admin delete attachments
From Eventum
Attachments that come from emails submitted by people who aren't Eventum "Users" cannot be deleted, because no user owns them. This patch allows a user with Manager or Administrator priveliges to delete any attachment.
Note: This patch has been accepted and will be in Eventum 2.0
Modified: trunk/eventum/include/class.attachment.php
===================================================================
--- trunk/eventum/include/class.attachment.php 2006-09-26 06:06:11 UTC (rev 3114)
+++ trunk/eventum/include/class.attachment.php 2006-10-02 03:13:17 UTC (rev 3115)
@@ -170,8 +170,11 @@
" . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "issue_attachment_file
WHERE
iaf_id=$iaf_id AND
- iat_id=iaf_iat_id AND
+ iat_id=iaf_iat_id";
+ if (Auth::getCurrentRole() < User::getRoleID("Manager")) {
+ $stmt .= " AND
iat_usr_id=$usr_id";
+ }
$res = $GLOBALS["db_api"]->dbh->getOne($stmt);
if (PEAR::isError($res)) {
Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__);
@@ -282,8 +285,11 @@
FROM
" . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "issue_attachment
WHERE
- iat_id=$iat_id AND
+ iat_id=$iat_id";
+ if (Auth::getCurrentRole() < User::getRoleID("Manager")) {
+ $stmt .= " AND
iat_usr_id=$usr_id";
+ }
$res = $GLOBALS["db_api"]->dbh->getOne($stmt);
if (PEAR::isError($res)) {
Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__);
@@ -297,9 +303,12 @@
" . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "issue_attachment
WHERE
iat_id=$iat_id AND
- iat_iss_id=$res AND
- iat_usr_id=$usr_id";
- $GLOBALS["db_api"]->dbh->query($stmt);
+ iat_iss_id=$res";
+ $res = $GLOBALS["db_api"]->dbh->query($stmt);
+ if (PEAR::isError($res)) {
+ Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__);
+ return -1;
+ }
for ($i = 0; $i < count($files); $i++) {
Attachment::removeFile($files[$i]['iaf_id']);
}
@@ -327,7 +336,11 @@
" . APP_DEFAULT_DB . "." . APP_TABLE_PREFIX . "issue_attachment_file
WHERE
iaf_id=" . $iaf_id;
- $GLOBALS["db_api"]->dbh->query($stmt);
+ $res = $GLOBALS["db_api"]->dbh->query($stmt);
+ if (PEAR::isError($res)) {
+ Error_Handler::logError(array($res->getMessage(), $res->getDebugInfo()), __FILE__, __LINE__);
+ return -1;
+ }
}
Modified: trunk/eventum/templates/attachments.tpl.html
===================================================================
--- trunk/eventum/templates/attachments.tpl.html 2006-09-26 06:06:11 UTC (rev 3114)
+++ trunk/eventum/templates/attachments.tpl.html 2006-10-02 03:13:17 UTC (rev 3115)
@@ -65,13 +65,13 @@
{section name="y" loop=$files[i].files}
<a title="download file ({$files[i].files[y].iaf_filename|escape:"html"} - {$files[i].files[y].iaf_filesize})" href="download.php?cat=attachment&id={$files[i].files[y].iaf_id}"><img width="17" height="17" src="{$rel_url}images/file.gif" border="0"></a>
<a class="link" title="download file ({$files[i].files[y].iaf_filename|escape:"html"} - {$files[i].files[y].iaf_filesize})" href="download.php?cat=attachment&id={$files[i].files[y].iaf_id}">{$files[i].files[y].iaf_filename|escape:"html"}</a> ({$files[i].files[y].iaf_filesize})
- {if $current_user_id == $files[i].iat_usr_id}<a class="link" title="delete file" href="javascript:void(null);" onClick="javascript:deleteAttachmentFile({$files[i].files[y].iaf_id});">{t}delete{/t}</a>{/if}
+ {if $current_user_id == $files[i].iat_usr_id OR $current_role >= $roles.manager}<a class="link" title="delete file" href="javascript:void(null);" onClick="javascript:deleteAttachmentFile({$files[i].files[y].iaf_id});">{t}delete{/t}</a>{/if}
<br />
{/section}
</td>
<td class="default" width="15%" nowrap>
{$files[i].usr_full_name|escape:"html"}
- {if $current_user_id == $files[i].iat_usr_id}[ <a class="link" title="delete attachment" href="javascript:void(null);" onClick="javascript:deleteAttachment({$files[i].iat_id});">{t}delete{/t}</a> ]{/if}
+ {if $current_user_id == $files[i].iat_usr_id OR $current_role >= $roles.manager}[ <a class="link" title="delete attachment" href="javascript:void(null);" onClick="javascript:deleteAttachment({$files[i].iat_id});">{t}delete{/t}</a> ]{/if}
</td>
{if $current_role > $roles.customer}
<td class="default" width="5%" align="center">
