5 // get the Group object
7 $group =& group_get_object($group_id);
8 if (!$group || !is_object($group)) {
11 if ($group->isError()) {
12 if($group->isPermissionDeniedError()) {
13 exit_permission_denied($group->getErrorMessage());
15 exit_error(_('Error'), $group->getErrorMessage());
19 // Create the ArtifactType object
21 $ath = new ArtifactTypeHtml($group,$atid);
23 if (!$ath || !is_object($ath)) {
24 exit_error('Error','ArtifactType could not be created');
26 if ($ath->isError()) {
27 if($ath->isPermissionDeniedError()) {
28 exit_permission_denied($group->getErrorMessage());
30 exit_error(_('Error'), $ath->getErrorMessage());
33 switch (getStringFromRequest('func')) {
36 if (!$ath->allowsAnon() && !session_loggedin()) {
37 exit_permission_denied();
39 include $gfwww.'tracker/add.php';
44 if (!form_key_is_valid(getStringFromRequest('form_key'))) {
45 exit_form_double_submit();
48 $user_email = getStringFromRequest('user_email');
49 $category_id = getIntFromRequest('category_id');
50 $artifact_group_id = getIntFromRequest('artifact_group_id');
51 $summary = getStringFromRequest('summary');
52 $details = getStringFromRequest('details');
53 $assigned_to = getStringFromRequest('assigned_to');
54 $priority = getStringFromRequest('priority');
55 $extra_fields = getStringFromRequest('extra_fields');
61 $ah=new ArtifactHtml($ath);
63 if (!$ah || !is_object($ah)) {
64 form_release_key(getStringFromRequest('form_key'));
65 exit_error('ERROR','Artifact Could Not Be Created');
66 } else if (!$ath->allowsAnon() && !session_loggedin()) {
67 exit_error('ERROR',_('Artifact: This ArtifactType Does Not Allow Anonymous Submissions. Please Login.'));
69 if (empty($user_email)) {
72 if (!validate_email($user_email)) {
73 form_release_key(getStringFromRequest('form_key'));
74 exit_error('ERROR', _('Invalid Email Address'));
78 $details = "Anonymous message posted by $user_email\n\n".
81 if (!$ah->create($summary,$details,$assigned_to,$priority,$extra_fields)) {
82 form_release_key(getStringFromRequest('form_key'));
83 exit_error('ERROR',$ah->getErrorMessage());
86 // Attach files to this Artifact.
89 for ($i=0; $i<5; $i++) {
90 $error=$_FILES['input_file']['error'][$i];
91 if (isset($error) && $error > 0) {
93 if ($error === 1 || $error === 2) {
94 // UPLOAD_ERR_INI_SIZE or UPLOAD_ERR_FORM_SIZE
95 $ext_feedback .= "<br />ERROR: Skipping attachement $n: file is too large.";
96 } elseif ($error === 3) {
98 $ext_feedback .= "<br />ERROR: Skipping attachement $n: transfert interrupted.";
102 $file_name=$_FILES['input_file']['name'][$i];
103 $tmp_name=$_FILES['input_file']['tmp_name'][$i];
104 if (!is_uploaded_file($tmp_name)) {
107 $size=$_FILES['input_file']['size'][$i];
108 $type=$_FILES['input_file']['type'][$i];
110 $afh=new ArtifactFileHtml($ah);
111 if (!$afh || !is_object($afh)) {
112 $feedback .= 'Could Not Create File Object';
113 // } elseif ($afh->isError()) {
114 // $feedback .= $afh->getErrorMessage();
116 if (!util_check_fileupload($tmp_name)) {
117 form_release_key(getStringFromRequest('form_key'));
118 //delete the artifact
120 exit_error("Error","Invalid filename");
122 if (!$afh->upload($tmp_name,$file_name,$type,' ')) {
123 form_release_key(getStringFromRequest('form_key'));
124 //delete the artifact
126 exit_error(' Could Not Attach File to Item: '.$afh->getErrorMessage());
130 $feedback .= _('Item Successfully Created');
131 $feedback .= $ext_feedback;
132 include $gfwww.'tracker/browse.php';
137 case 'massupdate' : {
138 if (!form_key_is_valid(getStringFromRequest('form_key'))) {
139 exit_form_double_submit();
142 $artifact_id_list = getArrayFromRequest('artifact_id_list');
143 $priority = getStringFromRequest('priority');
144 $status_id = getStringFromRequest('status_id');
145 $category_id = getStringFromRequest('category_id');
146 $artifact_group_id = getStringFromRequest('artifact_group_id');
147 $resolution_id = getStringFromRequest('resolution_id');
148 $assigned_to = getStringFromRequest('assigned_to');
149 $canned_response = getIntFromRequest("canned_response");
150 $extra_fields = getArrayFromRequest('extra_fields');
152 $count=count($artifact_id_list);
154 if (!$ath->userIsAdmin()) {
155 exit_permission_denied();
158 $artifact_type_id=$ath->getID();
160 for ($i=0; $i < $count; $i++) {
161 $ah=new Artifact($ath,$artifact_id_list[$i]);
162 if (!$ah || !is_object($ah)) {
163 $feedback .= ' ID: '.$artifact_id_list[$i].'::Artifact Could Not Be Created';
164 } else if ($ah->isError()) {
165 $feedback .= ' ID: '.$artifact_id_list[$i].'::'.$ah->getErrorMessage();
167 $_priority=(($priority != 100) ? $priority : $ah->getPriority());
168 $_status_id=(($status_id != 100) ? $status_id : $ah->getStatusID());
169 //yikes, we want the ability to mass-update to "un-assigned", which is the ID=100, which
170 //conflicts with the "no change" ID! Sorry for messy use of 100.1
171 $_assigned_to=(($assigned_to != '100.1') ? $assigned_to : $ah->getAssignedTo());
174 // get existing extra field data
175 // we will then override individual elements if needed
177 $ef = $ah->getExtraFieldData();
178 $keys = array_keys($ef);
179 foreach ($keys as $efid) {
180 if (is_array($ef[$efid])) {
181 $f = $extra_fields[$efid];
182 // in this case, if $extra_fields is not setted, it
183 // means no option was selected, so we have to delete
184 // the original values
185 if (!is_array($f) || count($f) == 0) {
186 $ef[$efid] = array();
187 } else if (in_array('100', $extra_fields[$efid])) { // "No change" option selected?
190 $ef[$efid] = $f; // replace old values with new values
193 // in some cases (ie: textfields) the value is not passed, but
194 // this doesn't mean we must delete the existing value
195 if (array_key_exists($efid, $extra_fields)) {
196 $f = $extra_fields[$efid];
203 $ef[$efid] = addslashes($ef[$efid]);
208 if (!$ah->update($_priority,$_status_id,$_assigned_to,$_summary,$canned_response,'',$artifact_type_id,$ef)) {
213 $feedback .= ' ID: '.$artifact_id_list[$i].'::'.$ah->getErrorMessage();
221 $feedback = _('Updated Successfully'); }
223 unset ($extra_fields_choice);
224 include $gfwww.'tracker/browse.php';
228 $artifact_id = getIntFromRequest('artifact_id');
229 $priority = getIntFromRequest('priority');
230 $status_id = getIntFromRequest('status_id');
231 $category_id = getIntFromRequest('category_id');
232 $artifact_group_id = getIntFromRequest('artifact_group_id');
233 $resolution_id = getIntFromRequest('resolution_id');
234 $assigned_to = getStringFromRequest('assigned_to');
235 $summary = getStringFromRequest('summary');
236 $canned_response = getStringFromRequest('canned_response');
237 $details = getStringFromRequest('details');
238 $description = getStringFromRequest('description');
239 $new_artifact_type_id = getIntFromRequest('new_artifact_type_id');
240 $extra_fields = getStringFromRequest('extra_fields');
241 $user_email = getStringFromRequest('user_email', false);
245 Technicians can modify limited fields - to be certain
246 no one is hacking around, we override any fields they don't have
247 permission to change.
249 if (!form_key_is_valid(getStringFromRequest('form_key'))) {
250 exit_form_double_submit();
253 $ah=new ArtifactHtml($ath,$artifact_id);
254 if (!$ah || !is_object($ah)) {
255 exit_error('ERROR','Artifact Could Not Be Created');
256 } else if ($ah->isError()) {
257 exit_error('ERROR',$ah->getErrorMessage());
258 } else if (!$ath->allowsAnon() && !session_loggedin()) {
259 exit_error('ERROR',_('Artifact: This ArtifactType Does Not Allow Anonymous Submissions. Please Login.'));
264 The following logic causes fields to be overridden
265 in the event that someone tampered with the HTML form
268 if ($ath->userIsAdmin() || $ath->userIsTechnician()) {
270 //admin and techs can do everything
271 //techs will have certain fields overridden inside the update() function call
272 if (!$ah->update($priority,$status_id,
273 $assigned_to,$summary,$canned_response,$details,$new_artifact_type_id,$extra_fields, $description)) {
274 form_release_key(getStringFromRequest('form_key'));
275 $error_msg .= _('Tracker Item'). ': '.$ah->getErrorMessage();
282 // Everyone else can add comments
284 if ($ah->addMessage($details,$user_email,true)) {
285 $feedback=_('Comment added');
287 if ( (strlen($details)>0) ) { //if there was no message, then it's not an error but addMessage returns false and sets missing params error
288 //some kind of error in creation
289 exit_error($ah->getErrorMessage(),$feedback);
291 // we have to unset the error if the user added a file ( add a file and no comment)
292 if ( (getStringFromRequest('add_file')) ) {
300 //everyone else can only add comments
303 if ($ah->addMessage($details,$user_email,true)) {
304 $feedback=_('Comment added');
306 //some kind of error in creation
307 exit_error('ERROR',$ah->getErrorMessage());
312 // Admin, Techs and Submitter can add files.
313 if ($ath->userIsAdmin() || $ath->userIsTechnician() ||
314 (session_loggedin() && ($ah->getSubmittedBy() == user_getid()))) {
316 // Attach files to this Artifact.
319 for ($i=0; $i<5; $i++) {
320 $error=$_FILES['input_file']['error'][$i];
321 if (isset($error) && $error > 0) {
323 if ($error === 1 || $error === 2) {
324 // UPLOAD_ERR_INI_SIZE or UPLOAD_ERR_FORM_SIZE
325 $ext_feedback .= "<br />ERROR: Skipping attachement $n: file is too large.";
326 } elseif ($error === 3) {
327 // UPLOAD_ERR_PARTIAL
328 $ext_feedback .= "<br />ERROR: Skipping attachement $n: transfert interrupted.";
332 $file_name=$_FILES['input_file']['name'][$i];
333 $tmp_name=$_FILES['input_file']['tmp_name'][$i];
334 if (!is_uploaded_file($tmp_name)) {
337 if (!$afh->upload($tmp_name,$file_name,$type,' ')) {
338 $feedback .= ' <br />'._('File Upload: Error').':'.$afh->getErrorMessage();
341 $feedback .= ' <br />'._('File Upload: Successful');
343 $size=$_FILES['input_file']['size'][$i];
344 $type=$_FILES['input_file']['type'][$i];
346 $afh=new ArtifactFileHtml($ah);
347 if (!$afh || !is_object($afh)) {
348 $feedback .= 'Could Not Create File Object';
349 // } elseif ($afh->isError()) {
350 // $feedback .= $afh->getErrorMessage();
352 if (!util_check_fileupload($tmp_name)) {
353 form_release_key(getStringFromRequest('form_key'));
354 exit_error("Error","Invalid filename");
356 if (!$afh->upload($tmp_name,$file_name,$type,' ')) {
357 $feedback .= ' <br />'._('File Upload: Error').':'.$afh->getErrorMessage();
360 $feedback .= ' <br />'._('File Upload: Successful');
366 // Admin and Techs can delete files.
367 if ($ath->userIsAdmin() || $ath->userIsTechnician()) {
369 // Delete list of files from this artifact
371 $delete_file = getStringFromRequest('delete_file');
373 $count=count($delete_file);
374 for ($i=0; $i<$count; $i++) {
375 $afh=new ArtifactFileHtml($ah,$delete_file[$i]);
376 if (!$afh || !is_object($afh)) {
377 $feedback .= 'Could Not Create File Object::'.$delete_file[$i];
378 } elseif ($afh->isError()) {
379 $feedback .= $afh->getErrorMessage().'::'.$delete_file[$i];
381 if (!$afh->delete()) {
382 $feedback .= ' <br />'._('File Delete:').': '.$afh->getErrorMessage();
385 $feedback .= ' <br />'._('File Delete: Successful');
391 // Show just one feedback entry if no errors
394 $feedback = _('Updated successfully');
396 $feedback .= $ext_feedback;
397 include $gfwww.'tracker/browse.php';
404 if (!session_loggedin()) {
405 exit_permission_denied();
407 $start = getIntFromRequest('start');
408 $stop = getIntFromRequest('stop');
409 $artifact_id = getIntFromRequest('artifact_id');
411 // Fix to prevent collision with the start variable used in browse.
415 $ah=new ArtifactHtml($ath,$artifact_id);
416 if (!$ah || !is_object($ah)) {
417 exit_error('ERROR','Artifact Could Not Be Created');
418 } else if ($ah->isError()) {
419 exit_error('ERROR',$ah->getErrorMessage());
421 if ($start && $ah->isMonitoring())
422 $feedback = _('Monitoring Started');
423 elseif ($stop && !$ah->isMonitoring())
424 $feedback = _('Monitoring Deactivated');
427 $feedback=$ah->getErrorMessage();
429 include $gfwww.'tracker/browse.php';
432 $at=new ArtifactType($group,$atid);
433 if (!$at || !is_object($at)) {
434 exit_error('ERROR','Artifact Could Not Be Created');
435 } else if ($at->isError()) {
436 exit_error('ERROR',$at->getErrorMessage());
438 if ($start && $at->isMonitoring())
439 $feedback = _('Monitoring Started');
440 elseif ($stop && !$at->isMonitoring())
441 $feedback = _('Monitoring Deactivated');
444 $feedback=$at->getErrorMessage();
447 include $gfwww.'tracker/browse.php';
457 case 'deleteartifact' : {
458 if ($ath->userIsAdmin()) {
459 $aid = getStringFromRequest('aid');
460 $ah= new ArtifactHtml($ath,$aid);
461 if (!$ah || !is_object($ah)) {
462 exit_error('ERROR','Artifact Could Not Be Created');
463 } elseif ($ah->isError()) {
464 exit_error('ERROR',$ah->getErrorMessage());
466 include $gfwww.'tracker/deleteartifact.php';
468 exit_permission_denied();
474 // Handle the actual delete
477 case 'postdeleteartifact' : {
478 if (!form_key_is_valid(getStringFromRequest('form_key'))) {
479 exit_form_double_submit();
481 if ($ath->userIsAdmin()) {
482 $aid = getStringFromRequest('aid');
483 $ah= new ArtifactHtml($ath,$aid);
484 if (!$ah || !is_object($ah)) {
485 exit_error('ERROR','Artifact Could Not Be Created');
486 } elseif ($ah->isError()) {
487 exit_error('ERROR',$ah->getErrorMessage());
489 if (!getStringFromRequest('confirm_delete')) {
490 $feedback .= _('Confirmation failed. Artifact not deleted');
493 if (!$ah->delete(true)) {
494 $feedback .= _('Artifact Delete Failed') . ': '.$ah->getErrorMessage();
496 $feedback .= _('Artifact Deleted Successfully');
499 include $gfwww.'tracker/browse.php';
501 exit_permission_denied();
508 include $gfwww.'tracker/taskmgr.php';
512 include $gfwww.'tracker/browse.php';
516 include $gfwww.'tracker/query.php';
519 case 'downloadcsv' : {
520 include $gfwww.'tracker/downloadcsv.php';
524 $aid = getIntFromRequest('aid');
525 Header("Redirect: ".util_make_url ("/tracker/download.php?group_id=$group_id&atid=$atid&aid=$aid&file_id=$file_id"));
529 $aid = getIntFromRequest('aid');
532 // users can modify their own tickets in a limited way if they submitted them
533 // even if they are not artifact admins
535 $ah=new ArtifactHtml($ath,$aid);
536 if (!$ah || !is_object($ah)) {
537 exit_error('ERROR','Artifact Could Not Be Created');
538 } else if ($ah->isError()) {
539 exit_error('ERROR',$ah->getErrorMessage());
541 if ($ath->userIsAdmin()) {
542 include $gfwww.'tracker/mod.php';
543 } elseif ($ath->userIsTechnician()) {
544 include $gfwww.'tracker/mod-limited.php';
546 include $gfwww.'tracker/detail.php';
552 include $gfwww.'tracker/browse.php';
559 // c-file-style: "bsd"