5 // get the Group object
7 $group =& group_get_object($group_id);
8 if (!$group || !is_object($group)) {
11 if ($group->isError()) {
12 if($group->isPermissionDeniedError()) {
13 exit_permission_denied($group->getErrorMessage());
15 exit_error($Language->getText('general','error'), $group->getErrorMessage());
19 // Create the ArtifactType object
21 $ath = new ArtifactTypeHtml($group,$atid);
23 if (!$ath || !is_object($ath)) {
24 exit_error('Error','ArtifactType could not be created');
26 if ($ath->isError()) {
27 if($ath->isPermissionDeniedError()) {
28 exit_permission_denied($group->getErrorMessage());
30 exit_error($Language->getText('general','error'), $ath->getErrorMessage());
33 switch (getStringFromRequest('func')) {
36 if (!$ath->allowsAnon() && !session_loggedin()) {
37 exit_error('ERROR',$Language->getText('tracker_artifact','error_no_anonymous'));
44 if (!form_key_is_valid(getStringFromRequest('form_key'))) {
45 exit_form_double_submit();
48 $user_email = getStringFromRequest('user_email');
49 $category_id = getIntFromRequest('category_id');
50 $artifact_group_id = getIntFromRequest('artifact_group_id');
51 $summary = getStringFromRequest('summary');
52 $details = getStringFromRequest('details');
53 $assigned_to = getStringFromRequest('assigned_to');
54 $priority = getStringFromRequest('priority');
55 $extra_fields = getStringFromRequest('extra_fields');
61 $ah=new ArtifactHtml($ath);
62 if (!$ah || !is_object($ah)) {
63 form_release_key(getStringFromRequest('form_key'));
64 exit_error('ERROR','Artifact Could Not Be Created');
65 } else if (!$ath->allowsAnon() && !session_loggedin()) {
66 exit_error('ERROR',$Language->getText('tracker_artifact','error_no_anonymous'));
68 if (empty($user_email)) {
71 if (!validate_email($user_email)) {
72 form_release_key(getStringFromRequest('form_key'));
73 exit_error('ERROR', $Language->getText('general','invalid_email'));
76 if (!$ah->create($summary,$details,$assigned_to,$priority,$extra_fields)) {
77 form_release_key(getStringFromRequest('form_key'));
78 exit_error('ERROR',$ah->getErrorMessage());
81 // Attach file to this Artifact.
83 if (getStringFromRequest('add_file')) {
84 $input_file = getUploadedFile('input_file');
85 $file_description = getStringFromRequest('file_description');
87 $afh=new ArtifactFileHtml($ah);
88 if (!$afh || !is_object($afh)) {
89 $feedback .= 'Could Not Create File Object';
90 // } elseif ($afh->isError()) {
91 // $feedback .= $afh->getErrorMessage();
93 if (!util_check_fileupload($input_file)) {
94 exit_error("Error","Invalid filename");
96 if (!$afh->upload($input_file,$input_file_name,$input_file_type,$file_description)) {
97 $feedback .= ' Could Not Attach File to Item: '.$afh->getErrorMessage();
101 $feedback .= $Language->getText('tracker','item_created');
102 include 'browse.php';
107 case 'massupdate' : {
108 if (!form_key_is_valid(getStringFromRequest('form_key'))) {
109 exit_form_double_submit();
112 $artifact_id_list = getArrayFromRequest('artifact_id_list');
113 $priority = getStringFromRequest('priority');
114 $status_id = getStringFromRequest('status_id');
115 $category_id = getStringFromRequest('category_id');
116 $artifact_group_id = getStringFromRequest('artifact_group_id');
117 $resolution_id = getStringFromRequest('resolution_id');
118 $assigned_to = getStringFromRequest('assigned_to');
119 $canned_response = getIntFromRequest("canned_response");
121 $count=count($artifact_id_list);
123 if (!$ath->userIsAdmin()) {
124 exit_permission_denied();
127 $artifact_type_id=$ath->getID();
129 for ($i=0; $i < $count; $i++) {
130 $ah=new Artifact($ath,$artifact_id_list[$i]);
131 if (!$ah || !is_object($ah)) {
132 $feedback .= ' ID: '.$artifact_id_list[$i].'::Artifact Could Not Be Created';
133 } else if ($ah->isError()) {
134 $feedback .= ' ID: '.$artifact_id_list[$i].'::'.$ah->getErrorMessage();
136 $_priority=(($priority != 100) ? $priority : $ah->getPriority());
137 $_status_id=(($status_id != 100) ? $status_id : $ah->getStatusID());
138 //yikes, we want the ability to mass-update to "un-assigned", which is the ID=100, which
139 //conflicts with the "no change" ID! Sorry for messy use of 100.1
140 $_assigned_to=(($assigned_to != '100.1') ? $assigned_to : $ah->getAssignedTo());
141 $_summary=addslashes($ah->getSummary());
144 // get existing extra field data
145 // we will then override individual elements if needed
147 $ef = $ah->getExtraFieldData();
148 $keys = array_keys($ef);
149 foreach ($keys as $efid) {
150 if (is_array($ef[$efid])) {
151 $f = $extra_fields[$efid];
152 // in this case, if $extra_fields is not setted, it
153 // means no option was selected, so we have to delete
154 // the original values
155 if (!is_array($f) || count($f) == 0) {
156 $ef[$efid] = array();
157 } else if (in_array('100', $extra_fields[$efid])) { // "No change" option selected?
160 $ef[$efid] = $f; // replace old values with new values
163 // in some cases (ie: textfields) the value is not passed, but
164 // this doesn't mean we must delete the existing value
165 if (array_key_exists($efid, $extra_fields)) {
166 $f = $extra_fields[$efid];
176 if (!$ah->update($_priority,$_status_id,$_assigned_to,$_summary,$canned_response,'',$artifact_type_id,$ef)) {
181 $feedback .= ' ID: '.$artifact_id_list[$i].'::'.$ah->getErrorMessage();
189 $feedback = $Language->getText('tracker','updated_successful'); }
191 unset ($extra_fields_choice);
192 include ('browse.php');
196 $artifact_id = getIntFromRequest('artifact_id');
197 $priority = getIntFromRequest('priority');
198 $status_id = getIntFromRequest('status_id');
199 $category_id = getIntFromRequest('category_id');
200 $artifact_group_id = getIntFromRequest('artifact_group_id');
201 $resolution_id = getIntFromRequest('resolution_id');
202 $assigned_to = getStringFromRequest('assigned_to');
203 $summary = getStringFromRequest('summary');
204 $canned_response = getStringFromRequest('canned_response');
205 $details = getStringFromRequest('details');
206 $new_artifact_type_id = getIntFromRequest('new_artifact_type_id');
207 $extra_fields = getStringFromRequest('extra_fields');
210 Technicians can modify limited fields - to be certain
211 no one is hacking around, we override any fields they don't have
212 permission to change.
214 if (!form_key_is_valid($_POST['form_key'])) {
215 exit_form_double_submit();
218 $ah=new ArtifactHtml($ath,$artifact_id);
219 if (!$ah || !is_object($ah)) {
220 exit_error('ERROR','Artifact Could Not Be Created');
221 } else if ($ah->isError()) {
222 exit_error('ERROR',$ah->getErrorMessage());
223 } else if (!$ath->allowsAnon() && !session_loggedin()) {
224 exit_error('ERROR',$Language->getText('tracker_artifact','error_no_anonymous'));
229 The following logic causes fields to be overridden
230 in the event that someone tampered with the HTML form
233 if ($ath->userIsAdmin() || $ath->userIsTechnician()) {
235 //admin and techs can do everything
236 //techs will have certain fields overridden inside the update() function call
237 if (!$ah->update($priority,$status_id,
238 $assigned_to,$summary,$canned_response,$details,$new_artifact_type_id,$extra_fields)) {
239 $feedback =$Language->getText('tracker','tracker_item'). ': '.$ah->getErrorMessage();
246 if (session_loggedin() && ($ah->getSubmittedBy() == user_getid())) {
248 //submitter can only add files & comments
251 if ($ah->addMessage($details,$user_email,true)) {
252 $feedback=$Language->getText('tracker','comment_added');
254 //some kind of error in creation
255 exit_error('ERROR',$feedback);
260 //everyone else can only add comments
263 if ($ah->addMessage($details,$user_email,true)) {
264 $feedback=$Language->getText('tracker','comment_added');
266 //some kind of error in creation
267 exit_error('ERROR',$ah->getErrorMessage());
274 // Attach file to this Artifact.
276 if (getStringFromRequest('add_file')) {
277 $input_file = getUploadedFile('input_file');
278 $file_description = getStringFromRequest('file_description');
280 $afh=new ArtifactFileHtml($ah);
281 if (!$afh || !is_object($afh)) {
282 $feedback .= 'Could Not Create File Object';
283 // } elseif ($afh->isError()) {
284 // $feedback .= $afh->getErrorMessage();
286 if (!util_check_fileupload($input_file)) {
287 exit_error("Error","Invalid filename");
289 if (!$afh->upload($input_file,$file_description)) {
290 $feedback .= ' <br />'.$Language->getText('tracker','file_upload_upload').':'.$afh->getErrorMessage();
293 $feedback .= ' <br />'.$Language->getText('tracker','file_upload_successful');
299 // Delete list of files from this artifact
301 $delete_file = getStringFromRequest('delete_file');
303 $count=count($delete_file);
304 for ($i=0; $i<$count; $i++) {
305 $afh=new ArtifactFileHtml($ah,$delete_file[$i]);
306 if (!$afh || !is_object($afh)) {
307 $feedback .= 'Could Not Create File Object::'.$delete_file[$i];
308 } elseif ($afh->isError()) {
309 $feedback .= $afh->getErrorMessage().'::'.$delete_file[$i];
311 if (!$afh->delete()) {
312 $feedback .= ' <br />'.$Language->getText('tracker','file_delete').': '.$afh->getErrorMessage();
315 $feedback .= ' <br />'.$Language->getText('tracker','file_delete_successful');
321 // Show just one feedback entry if no errors
324 $feedback = $Language->getText('general','update_successful');
326 include ('browse.php');
331 $artifact_id = getIntFromRequest('artifact_id');
333 $ah=new ArtifactHtml($ath,$artifact_id);
334 if (!$ah || !is_object($ah)) {
335 exit_error('ERROR','Artifact Could Not Be Created');
336 } else if ($ah->isError()) {
337 exit_error('ERROR',$ah->getErrorMessage());
340 $feedback=$ah->getErrorMessage();
342 include 'browse.php';
345 $at=new ArtifactType($group,$atid);
346 if (!$at || !is_object($at)) {
347 exit_error('ERROR','Artifact Could Not Be Created');
348 } else if ($at->isError()) {
349 exit_error('ERROR',$at->getErrorMessage());
352 $feedback=$at->getErrorMessage();
354 include 'browse.php';
364 case 'deleteartifact' : {
365 if ($ath->userIsAdmin()) {
366 $aid = getStringFromRequest('aid');
367 $ah= new ArtifactHtml($ath,$aid);
368 if (!$ah || !is_object($ah)) {
369 exit_error('ERROR','Artifact Could Not Be Created');
370 } elseif ($ah->isError()) {
371 exit_error('ERROR',$ah->getErrorMessage());
373 include 'deleteartifact.php';
375 exit_permission_denied();
381 // Handle the actual delete
384 case 'postdeleteartifact' : {
385 if (!form_key_is_valid($_POST['form_key'])) {
386 exit_form_double_submit();
388 if ($ath->userIsAdmin()) {
389 $aid = getStringFromRequest('aid');
390 $ah= new ArtifactHtml($ath,$aid);
391 if (!$ah || !is_object($ah)) {
392 exit_error('ERROR','Artifact Could Not Be Created');
393 } elseif ($ah->isError()) {
394 exit_error('ERROR',$ah->getErrorMessage());
396 if (!getStringFromRequest('confirm_delete')) {
397 $feedback .= $Language->getText('tracker_artifact','delete_failed_confirm');
400 if (!$ah->delete(true)) {
401 $feedback .= $Language->getText('tracker_artifact','delete_failed') . ': '.$ah->getErrorMessage();
403 $feedback .= $Language->getText('tracker_artifact','deleted_successfully');
406 include 'browse.php';
408 exit_permission_denied();
415 include 'taskmgr.php';
419 include 'browse.php';
423 include ('query.php');
426 case 'downloadcsv' : {
427 include ('downloadcsv.php');
430 $aid = getStringFromRequest('aid');
431 Header("Redirect: /tracker/download.php?group_id=$group_id&atid=$atid&aid=$aid&file_id=$file_id");
435 $aid = getStringFromRequest('aid');
438 // users can modify their own tickets in a limited way if they submitted them
439 // even if they are not artifact admins
441 $ah=new ArtifactHtml($ath,$aid);
442 if (!$ah || !is_object($ah)) {
443 exit_error('ERROR','Artifact Could Not Be Created');
444 } else if ($ah->isError()) {
445 exit_error('ERROR',$ah->getErrorMessage());
447 if ($ath->userIsAdmin()) {
449 } elseif ($ath->userIsTechnician()) {
450 include 'mod-limited.php';
452 include 'detail.php';
458 include 'browse.php';