diff --git a/include/appData.php b/include/appData.php index 7ee631d..f64eeb9 100644 --- a/include/appData.php +++ b/include/appData.php @@ -116,9 +116,6 @@ class appData if($sQueued === false) $sQueued = "false"; - if(($sQueued == "true" || $sQueued == "all") && !appData::canEdit($sType)) - return FALSE; - if(($sQueued == "true" || $sQueued == "all") && !$_SESSION['current']->hasPriv("admin")) { @@ -226,9 +223,6 @@ class appData if($bRejected) return FALSE; - if($bQueued && !appData::canEdit($sType)) - return FALSE; - if($bQueued && !$_SESSION['current']->hasPriv("admin")) { $sQuery = "SELECT DISTINCT appData.* FROM appData, appMaintainers, @@ -327,22 +321,56 @@ class appData return $hResult; } - function canEdit($sType = null) + function canEdit() { - if($sType) + if($_SESSION['current']->hasPriv("admin")) + return TRUE; + if($this) { - $oObject = new $sType(); - return $oObject->canEdit(); - } else - { - if($_SESSION['current']->hasPriv("admin") || - maintainer::isUserMaintainer($_SESSION['current'])) - return TRUE; - else + if($this->iVersionId) + { + $oVersion = new version($this->iVersionId); + if($oVersion->canEdit()) + return TRUE; + else + return FALSE; + } else if($this->iAppId) + { + $oApp = new application($this->iAppId); + if($oApp->canEdit()) + return TRUE; + else + return FALSE; + } else return FALSE; } } + function mustBeQueued() + { + if($_SESSION['current']->hasPriv("admin")) + return FALSE; + if($this) + { + if($this->iVersionId) + { + $oVersion = new version($this->iVersionId); + if($oVersion->canEdit()) + return FALSE; + else + return TRUE; + } else if($this->iAppId) + { + $oApp = new application($this->iAppId); + if($oApp->canEdit()) + return FALSE; + else + return TRUE; + } else + return TRUE; + } + } + /* arg1 = OM object, arg2 = CSS style, arg3 = text for edit link */ function objectOutputTableRow($oObject, $sClass, $sEditLinkLabel) { diff --git a/include/screenshot.php b/include/screenshot.php index 67be68a..f0ebf9d 100644 --- a/include/screenshot.php +++ b/include/screenshot.php @@ -14,11 +14,16 @@ $watermark = new Image("/images/watermark.png"); */ class Screenshot { var $iScreenshotId; + + // parameters necessary for creating a new screenshot with + // Screenshot::create() + var $iVersionId; + var $hFile; var $sDescription; + var $oScreenshotImage; var $oThumbnailImage; var $bQueued; - var $iVersionId; var $iAppId; var $sUrl; var $sSubmitTime; @@ -50,6 +55,7 @@ class Screenshot { $this->bQueued = ($oRow->queued=="true")?true:false; $this->sSubmitTime = $oRow->submitTime; $this->iSubmitterId = $oRow->submitterId; + $this->hFile = null; } } } @@ -59,21 +65,14 @@ class Screenshot { /** * Creates a new screenshot. */ - function create($iVersionId = null, $sDescription = null, $hFile = null) + function create() { - $oVersion = new Version($iVersionId); - // Security, if we are not an administrator or a maintainer, the screenshot must be queued. - if(!($_SESSION['current']->hasPriv("admin") || $_SESSION['current']->isMaintainer($oVersion->iVersionId) || $_SESSION['current']->isSuperMaintainer($oVersion->iAppId))) - { - $this->bQueued = true; - } else - { - $this->bQueued = false; - } - - $hResult = query_parameters("INSERT INTO appData (versionId, type, description, queued, submitterId) ". - "VALUES('?', '?', '?', '?', '?')", - $iVersionId, "screenshot", $sDescription, $this->bQueued?"true":"false", + $hResult = query_parameters("INSERT INTO appData + (versionId, type, description, queued, submitterId) + VALUES('?', '?', '?', '?', '?')", + $this->iVersionId, "screenshot", + $this->sDescription, + $this->mustBeQueued() ? "true" : "false", $_SESSION['current']->iUserId); if($hResult) { @@ -81,10 +80,10 @@ class Screenshot { /* make sure we supply the full path to move_uploaded_file() */ $moveToPath = appdb_fullpath("data/screenshots/originals/").$this->iScreenshotId; - if(!move_uploaded_file($hFile['tmp_name'], $moveToPath)) + if(!move_uploaded_file($this->hFile['tmp_name'], $moveToPath)) { // whoops, moving failed, do something - addmsg("Unable to move screenshot from '".$hFile['tmp_name']."' to '".$moveToPath."'", "red"); + addmsg("Unable to move screenshot from '".$this->hFile['tmp_name']."' to '".$moveToPath."'", "red"); $sQuery = "DELETE FROM appData WHERE id = '?'"; @@ -531,11 +530,26 @@ class Screenshot { function canEdit() { - if($_SESSION['current']->hasPriv("admin") || - maintainer::isUserMaintainer($_SESSION['current'])) - return TRUE; - else - return FALSE; + if($this) + { + $oAppData = new appData(); + $oAppData->iVersionId = $this->iVersionId; + $oAppData->iAppId = NULL; + return $oAppData->canEdit(); + } else + return appData::canEdit(); + } + + function mustBeQueued() + { + if($this) + { + $oAppData = new appData(); + $oAppData->iVersionId = $this->iVersionId; + $oAppData->iAppId = NULL; + return $oAppData->mustBeQueued(); + } else + return appData::mustBeQueued(); } function objectGetInstanceFromRow($oRow) diff --git a/screenshots.php b/screenshots.php index f027242..c67b5b6 100644 --- a/screenshots.php +++ b/screenshots.php @@ -38,7 +38,10 @@ if($aClean['sCmd']) } else { $oScreenshot = new Screenshot(); - $oScreenshot->create($aClean['iVersionId'], $aClean['sScreenshotDesc'], $_FILES['sImageFile']); + $oScreenshot->iVersionId = $aClean['iVersionId']; + $oScreenshot->sScreenshotDesc = $aClean['sScreenshotDesc']; + $oScreenshot->hFile = $_FILES['sImageFile']; + $oScreenshot->create(); $oScreenshot->free(); } } elseif($aClean['sCmd'] == "delete" && is_numeric($aClean['iImageId'])) // process screenshot deletion