3 * FusionForge Documentation Manager
5 * Copyright 2000, Quentin Cregan/Sourceforge
6 * Copyright 2002-2003, Tim Perdue/GForge, LLC
7 * Copyright 2010-2011, Franck Villaume - Capgemini
8 * Copyright 2012,2016-2017, Franck Villaume - TrivialDev
9 * http://fusionforge.org
11 * This file is part of FusionForge. FusionForge is free software;
12 * you can redistribute it and/or modify it under the terms of the
13 * GNU General Public License as published by the Free Software
14 * Foundation; either version 2 of the Licence, or (at your option)
17 * FusionForge is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License along
23 * with FusionForge; if not, write to the Free Software Foundation, Inc.,
24 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
27 /* please do not add require here : use www/docman/index.php to add require */
28 /* global variables used */
29 global $g; // Group object
30 global $group_id; // id of group
31 global $childgroup_id; // id of child group if any
36 $urlparam = DOCMAN_BASEURL.$group_id;
39 $g = group_get_object($childgroup_id);
40 $urlparam .= '&childgroup_id='.$childgroup_id;
43 if (!forge_check_perm('docman', $g->getID(), 'approve')) {
44 $warning_msg = _('Document Manager Action Denied.');
45 session_redirect($urlparam);
48 $subaction = getStringFromRequest('subaction', 'version');
49 $docid = getIntFromRequest('docid');
51 $warning_msg = _('No document found to update');
52 session_redirect($urlparam);
54 $d = document_get_object($docid, $g->getID());
56 $error_msg = $d->getErrorMessage();
57 session_redirect($urlparam);
60 $doc_group = getIntFromRequest('doc_group');
61 $fromview = getStringFromRequest('fromview');
64 case 'listrashfile': {
65 $urlparam .= '&view='.$fromview;
69 $urlparam .= '&dirid='.$doc_group;
74 $sanitizer = new TextSanitizer();
78 $title = getStringFromRequest('title');
79 $description = getStringFromRequest('description');
80 $vcomment = getStringFromRequest('vcomment');
81 $details = getStringFromRequest('details');
82 $file_url = getStringFromRequest('file_url');
83 $uploaded_data = getUploadedFile('uploaded_data');
84 $stateid = getIntFromRequest('stateid');
85 $filetype = getStringFromRequest('filetype');
86 $editor = getStringFromRequest('editor');
87 $current_version_radio = getIntFromRequest('doc_version_cv_radio');
88 $current_version = getIntFromRequest('current_version', 0);
89 $version = getIntFromRequest('edit_version', 0);
90 $new_version = getIntFromRequest('new_version', 0);
91 $details = $sanitizer->SanitizeHtml($details);
95 $dv = documentversion_get_object($version, $docid, $group_id);
96 if (($editor) && ($dv->getFileData() != $details) && (!$uploaded_data['name'])) {
97 $filename = $dv->getFileName();
98 $datafile = tempnam('/tmp', 'docman');
99 $fh = fopen($datafile, 'w');
100 fwrite($fh, $details);
104 $filetype = $dv->getFileType();
106 } elseif (!empty($uploaded_data) && $uploaded_data['name']) {
107 if (!is_uploaded_file($uploaded_data['tmp_name'])) {
108 $error_msg = sprintf(_('Invalid file attack attempt %s.'), $uploaded_data['name']);
109 session_redirect($urlparam);
111 $data = $uploaded_data['tmp_name'];
112 $filename = $uploaded_data['name'];
113 if (function_exists('finfo_open')) {
114 $finfo = finfo_open(FILEINFO_MIME_TYPE);
115 $filetype = finfo_file($finfo, $uploaded_data['tmp_name']);
117 $filetype = $uploaded_data['type'];
119 } elseif ($file_url) {
120 $filename = $file_url;
123 $filename = $dv->getFileName();
124 $filetype = $dv->getFileType();
126 } elseif ($new_version) {
127 if ($editor && $details && $name) {
129 $datafile = tempnam('/tmp', 'docman');
130 $fh = fopen($datafile, 'w');
131 fwrite($fh, $details);
135 $filetype = 'text/html';
137 } elseif (!empty($uploaded_data) && $uploaded_data['name']) {
138 if (!is_uploaded_file($uploaded_data['tmp_name'])) {
139 $error_msg = sprintf(_('Invalid file attack attempt %s.'), $uploaded_data['name']);
140 session_redirect($urlparam);
142 $data = $uploaded_data['tmp_name'];
143 $filename = $uploaded_data['name'];
144 if (function_exists('finfo_open')) {
145 $finfo = finfo_open(FILEINFO_MIME_TYPE);
146 $filetype = finfo_file($finfo, $uploaded_data['tmp_name']);
148 $filetype = $uploaded_data['type'];
150 } elseif ($file_url) {
151 $filename = $file_url;
154 } elseif (($d->getDocGroupID() != $doc_group) || ($d->getStateID() != $stateid)) {
155 // we do the update based on the current version.
156 if (!$current_version_radio) {
157 $current_version_radio = $d->getVersion();
159 $dv = documentversion_get_object($current_version_radio, $docid, $group_id);
160 $filename = $dv->getFileName();
161 $filetype = $dv->getFileType();
162 $title = $dv->getTitle();
163 $description = $dv->getDescription();
164 $vcomment = $dv->getComment();
165 $version = $current_version_radio;
166 $current_version = 1;
168 $warning_msg = _('No action to perform');
169 session_redirect($urlparam);
172 if (!$d->update($filename, $filetype, $data, $doc_group, $title, $description, $stateid, $version, $current_version, $new_version, array(), $vcomment)) {
173 $error_msg = $d->getErrorMessage();
175 $feedback = sprintf(_('Document [D%s] updated successfully.'), $d->getID());
179 $newobjectsassociation = getStringFromRequest('newobjectsassociation');
180 if (!$d->addAssociations($newobjectsassociation)) {
181 $error_msg = $d->getErrorMessage();
183 $feedback = sprintf(_('Document [D%s] updated successfully.'), $d->getID());
187 $reviewtitle = getStringFromRequest('review-title');
188 $reviewtitle = $sanitizer->SanitizeHtml($reviewtitle);
189 $reviewdescription = getStringFromRequest('review-description');
190 $reviewdescription = $sanitizer->SanitizeHtml($reviewdescription);
191 $reviewversionserialid = getIntFromRequest('review-serialid', null);
192 $reviewenddateraw = getStringFromRequest('review-enddate');
193 $date_format = _('%Y-%m-%d');
194 $tmp = strptime($reviewenddateraw, $date_format);
195 $reviewenddate = mktime(0, 0, 0, $tmp['tm_mon']+1, $tmp['tm_mday'], $tmp['tm_year'] + 1900);
196 $reviewmandatoryusers = getArrayFromRequest('review-select-mandatory-users', array());
197 $reviewoptionalusers = getArrayFromRequest('review-select-optional-users', array());
198 $new_review = getIntFromRequest('new_review');
199 $reviewid = getIntFromRequest('review_id');
200 $reviewcompletedchecked = getIntFromRequest('review-completedchecked');
201 $reviewconclusioncomment = getStringFromRequest('review-completedcomment', '');
202 $reviewconclusioncomment = $sanitizer->SanitizeHtml($reviewconclusioncomment);
203 $reviewvalidatedocument = getIntFromRequest('review-validatedocument');
204 $reviewfinalstatus = getIntFromRequest('review-finalstatus');
205 $reviewcurrentversion = getIntFromRequest('review-currentversion');
206 $reviewnewcomment = getIntFromRequest('review_newcomment');
207 $reviewcomment = getStringFromRequest('review-comment');
208 $reviewcomment = $sanitizer->SanitizeHtml($reviewcomment);
209 $reviewdone = getIntFromRequest('review-done');
210 $reviewnotificationcomment = getStringFromRequest('review-notificationcomment');
211 $remindernotification = getStringFromRequest('review-remindernotification');
212 if ($reviewversionserialid) {
214 if ($new_review == 1) {
215 $dr = new DocumentReview($d);
216 if ($dr->create($reviewversionserialid, $reviewtitle, $reviewdescription, $reviewenddate, $reviewmandatoryusers, $reviewoptionalusers, $reviewnotificationcomment)) {
217 $feedback = _('Review created');
219 $error_msg = $dr->getErrorMessage();
221 } elseif ($reviewnewcomment) {
222 $reviewattachment = getUploadedFile('review-attachment');
223 if (!empty($reviewattachment) && $reviewattachment['name']) {
224 if (!is_uploaded_file($reviewattachment['tmp_name'])) {
225 $error_msg = sprintf(_('Invalid file attack attempt %s.'), $reviewattachment['name']);
226 session_redirect($urlparam);
228 $data = $reviewattachment['tmp_name'];
229 $filename = $reviewattachment['name'];
230 if (function_exists('finfo_open')) {
231 $finfo = finfo_open(FILEINFO_MIME_TYPE);
232 $filetype = finfo_file($finfo, $reviewattachment['tmp_name']);
234 $filetype = $reviewattachment['type'];
237 $dr = new DocumentReview($d, $reviewid);
238 $drc = new DocumentReviewComment($dr);
239 if ($drc->create(user_getid(), $reviewid, $reviewcomment, $now)) {
241 $dr->setUserDone(user_getid(), $now);
243 if (isset($filename)) {
244 $drc->attachFile($filename, $filetype, $now, $data);
246 $feedback = _('Review commented successfully');
248 $error_msg = $drc->getErrorMessage();
250 } elseif ($new_review == 2) {
251 $dr = new DocumentReview($d, $reviewid);
252 if ($dr && !$dr->isError()) {
253 $users = $dr->getUsers(array(1));
254 if ($dr->sendNotice($users, false, $remindernotification)) {
255 $feedback = _('Reminder sent successfully.');
257 $error_msg = _('No reminder sent for review ID')._(': ').$reviewid;
260 $error_msg = _('Cannot create object documentreview');
263 $dr = new DocumentReview($d, $reviewid);
264 if ($reviewcompletedchecked) {
265 if (strlen($reviewconclusioncomment) > 0) {
266 $drc = new DocumentReviewComment($dr);
267 $drc->create(user_getid(), $reviewid, $reviewconclusioncomment, $now);
269 if ($dr->close($reviewversionserialid, $reviewtitle, $reviewdescription, $reviewfinalstatus, $reviewvalidatedocument, $reviewcurrentversion)) {
270 $feedback = _('Review closed successfully');
272 $error_msg = $dr->getErrorMessage();
275 if ($dr->update($reviewversionserialid, $reviewtitle, $reviewdescription, $reviewenddate, $reviewmandatoryusers, $reviewoptionalusers)) {
276 $feedback = _('Review updated');
278 $error_msg = $dr->getErrorMessage();
283 $warning_msg = _('Missing flag action');
287 session_redirect($urlparam);