492 lines
20 KiB
PHP
492 lines
20 KiB
PHP
<?php
|
|
include '../include/boot.php';
|
|
include '../include/authenticate.php';
|
|
|
|
$share_user = getval("share_user", 0, true);
|
|
|
|
if ($share_user != $userref && !(checkperm('a') || checkperm('noex'))) {
|
|
// User does not have permission to see other user's shares
|
|
$share_user = $userref;
|
|
}
|
|
|
|
$share_group = getval("share_group", -1, true);
|
|
$share_orderby = getval("share_orderby", "ref");
|
|
$share_sort = (strtoupper(getval("share_sort", "ASC")) == "ASC") ? "ASC" : "DESC";
|
|
$share_type = getval("share_type", -1, true);
|
|
$share_collection = getval("share_collection", 0, true);
|
|
|
|
if ($share_collection != 0 && !collection_readable($share_collection)) {
|
|
error_alert($lang["error-permissiondenied"], true);
|
|
exit();
|
|
}
|
|
|
|
if (!checkperm('a') || $share_user == $userref) {
|
|
$pagetitle = $lang["my_shares"];
|
|
$breadcrumbs = [
|
|
['title' => $userfullname == "" ? $username : $userfullname, 'href' => $baseurl_short . "pages/user/user_home.php", 'menu' => true],
|
|
['title' => $pagetitle]
|
|
];
|
|
} else {
|
|
$pagetitle = $lang["manage_shares_title"];
|
|
$breadcrumbs = [
|
|
['title' => $lang["teamcentre"], 'href' => $baseurl_short . "pages/team/team_home.php", 'menu' => true],
|
|
['title' => $pagetitle]
|
|
];
|
|
}
|
|
|
|
$ajax = ('true' == getval('ajax', '') ? true : false);
|
|
$delete_access_key = getval('delete_access_key', '');
|
|
$messages = array();
|
|
|
|
// Process access key deletion
|
|
if ($delete_access_key != "" && enforcePostRequest($ajax)) {
|
|
$deleteresource = getval('delete_resource', '');
|
|
$deletecollection = getval('delete_collection', '');
|
|
$response = array(
|
|
'success' => false
|
|
);
|
|
|
|
if ($deleteresource != "" && $deleteresource != "-") {
|
|
delete_resource_access_key($deleteresource, $delete_access_key);
|
|
$response['success'] = true;
|
|
} elseif ($deletecollection != "") {
|
|
delete_collection_access_key($deletecollection, $delete_access_key);
|
|
$response['success'] = true;
|
|
} else {
|
|
delete_collection_access_key(0, $delete_access_key);
|
|
$response['success'] = true;
|
|
}
|
|
|
|
exit(json_encode($response));
|
|
}
|
|
|
|
$sharefltr = array(
|
|
"share_group" => $share_group,
|
|
"share_user" => $share_user,
|
|
"share_order_by" => $share_orderby,
|
|
"share_sort" => $share_sort,
|
|
"share_type" => $share_type,
|
|
"share_collection" => $share_collection,
|
|
);
|
|
|
|
if (getval("purge_expired", '') != '' && enforcePostRequest(true)) {
|
|
$deleted = purge_expired_shares($sharefltr);
|
|
$messages[] = str_replace("[deleted_count]", $deleted, $lang["shares_purged_message"]);
|
|
}
|
|
|
|
$shares = get_external_shares($sharefltr);
|
|
$allsharedgroups = array("-1" => ($share_group == -1 ? $lang["action-select"] : $lang["all"]));
|
|
$sharedgroups = array_unique(array_column($shares, "usergroup"));
|
|
|
|
foreach ($sharedgroups as $sharedgroup) {
|
|
$up_group = get_usergroup($sharedgroup);
|
|
if ($up_group) {
|
|
$allsharedgroups[$sharedgroup] = $up_group["name"];
|
|
}
|
|
}
|
|
|
|
$allsharedcols = array("0" => ($share_collection == 0 ? $lang["action-select"] : $lang["all"]));
|
|
$sharedcols = array_unique(array_column($shares, "collection"));
|
|
|
|
foreach ($sharedcols as $sharedcol) {
|
|
$coldetails = get_collection($sharedcol);
|
|
if ($coldetails) {
|
|
$allsharedcols[$sharedcol] = i18n_get_translated($coldetails["name"]);
|
|
}
|
|
}
|
|
|
|
$expiredshares = 0;
|
|
$per_page = getval("per_page", $default_perpage, true);
|
|
$per_page = (!in_array($per_page, array_merge($list_display_array, [99999]))) ? $default_perpage_list : $per_page;
|
|
$sharecount = count($shares);
|
|
$totalpages = ceil($sharecount / $per_page);
|
|
$offset = getval("offset", 0, true);
|
|
|
|
if ($offset > $sharecount) {
|
|
$offset = 0;
|
|
}
|
|
|
|
$curpage = floor($offset / $per_page) + 1;
|
|
|
|
$curparams = array(
|
|
"share_user" => $share_user,
|
|
"share_group" => $share_group,
|
|
"share_orderby" => $share_orderby,
|
|
"share_collection" => $share_collection,
|
|
"share_sort" => $share_sort,
|
|
"share_type" => $share_type,
|
|
"per_page" => $per_page,
|
|
"offset" => $offset,
|
|
);
|
|
|
|
$url = generateURL($baseurl . "/pages/manage_external_shares.php", $curparams);
|
|
|
|
$tabledata = array(
|
|
"class" => "ShareTable",
|
|
"headers" => array(
|
|
"deleteshare" => array("name" => $lang["action-delete"],"html" => true,"sortable" => false),
|
|
"collection" => array("name" => $lang["collectionid"],"html" => true,"sortable" => true),
|
|
"resource" => array("name" => $lang["columnheader-resource_id"],"sortable" => true),
|
|
"sharedas" => array("name" => $lang["share_usergroup"],"sortable" => true),
|
|
"email" => array("name" => $lang["email"],"sortable" => true),
|
|
"fullname" => array("name" => $lang["user_created_by"],"sortable" => true),
|
|
"expires" => array("name" => $lang["expires"],"sortable" => true),
|
|
"date" => array("name" => $lang["created"],"sortable" => true),
|
|
"lastused" => array("name" => $lang["lastused"],"sortable" => true),
|
|
"access_key" => array("name" => $lang["accesskey"],"html" => true,"sortable" => true),
|
|
"upload" => array("name" => $lang["share_type"],"sortable" => true),
|
|
"tools" => array("name" => $lang["tools"],"sortable" => false)
|
|
),
|
|
|
|
"orderbyname" => "share_orderby",
|
|
"orderby" => $share_orderby,
|
|
"sortname" => "share_sort",
|
|
"sort" => $share_sort,
|
|
|
|
"defaulturl" => $baseurl . "/pages/manage_external_shares.php",
|
|
"params" => $curparams,
|
|
"pager" => array("current" => $curpage,"total" => $totalpages, "per_page" => $per_page, "break" => false),
|
|
"data" => array()
|
|
);
|
|
|
|
if (!checkperm('a')) {
|
|
unset($tabledata["headers"]["fullname"]);
|
|
}
|
|
|
|
$alert_icon_offset = false;
|
|
|
|
for ($n = 0; $n < $sharecount; $n++) {
|
|
if ($n >= $offset && ($n < $offset + $per_page)) {
|
|
$colshare = is_int_loose($shares[$n]["collection"]) && $shares[$n]["collection"] > 0;
|
|
$tableshare = array();
|
|
$tableshare["rowid"] = "access_key_" . $shares[$n]["access_key"];
|
|
|
|
if (checkperm('a') || $shares[$n]["user"] == $userref) {
|
|
// User is admin or this is the user's own share; allow deletion
|
|
$tableshare["deleteshare"] = '<input type="checkbox" class="deleteShareCheckBox" onclick="check_delete_boxes();">';
|
|
} else {
|
|
$tableshare["deleteshare"] = ''; // Deletion not permitted
|
|
}
|
|
|
|
$tableshare["collection"] = "<a href='" . $baseurl_short . "?c=" . $shares[$n]["collection"] . "' target='_blank'>" . $shares[$n]["collection"] . "</a>";
|
|
|
|
if (checkperm('a')) {
|
|
// Only required if user can see shares for different users
|
|
$tableshare["fullname"] = $shares[$n]["fullname"];
|
|
}
|
|
|
|
$tableshare["sharedas"] = i18n_get_translated($shares[$n]["sharedas"]);
|
|
$tableshare["resource"] = $shares[$n]["resource"];
|
|
$tableshare["email"] = $shares[$n]["email"];
|
|
$tableshare["expires"] = $shares[$n]["expires"] ? nicedate($shares[$n]["expires"]) : $lang["never"];
|
|
$tableshare["lastused"] = $shares[$n]["lastused"];
|
|
|
|
$keylink = $baseurl . "/?";
|
|
$keylink .= $colshare ? "c=" . (int)$shares[$n]["collection"] : ((int)$shares[$n]["resource"] > 0 ? "r=" . (int)$shares[$n]["resource"] : "");
|
|
$keylink .= "&k=" . $shares[$n]["access_key"];
|
|
|
|
$tableshare["access_key"] = "<a href='" . $keylink . "' target='_blank'>" . $shares[$n]["access_key"] . "<a>";
|
|
$tableshare["date"] = nicedate($shares[$n]["date"], true, true, true);
|
|
|
|
if ($shares[$n]["expires"] != "" && $shares[$n]["expires"] < date("Y-m-d H:i:s", time())) {
|
|
$expiredshares++;
|
|
$tableshare["alerticon"] = "fas fa-exclamation-triangle";
|
|
$tableshare["alerticontitle"] = $lang["share_expired_icon_title"];
|
|
$alert_icon_offset = true;
|
|
}
|
|
|
|
$tableshare["upload"] = (bool)$shares[$n]["upload"] ? $lang["share_type_upload"] : $lang["share_type_view"];
|
|
$tableshare["tools"] = array();
|
|
|
|
if (!$colshare || collection_writeable($shares[$n]["collection"])) {
|
|
$tableshare["tools"][] = array(
|
|
"icon" => "fa fa-trash",
|
|
"text" => $lang["action-delete"],
|
|
"url" => "#",
|
|
"modal" => false,
|
|
"onclick" => "delete_access_key(\"" . $shares[$n]["access_key"] . "\",\"" . $shares[$n]["resource"] . "\",\"" . $shares[$n]["collection"] . "\");return false;"
|
|
);
|
|
}
|
|
|
|
if (checkperm('a') || $shares[$n]["user"] == $userref) {
|
|
if ((bool)$shares[$n]["upload"]) {
|
|
// Edit an upload share
|
|
$editlink = generateURL(
|
|
$baseurl . "/pages/share_upload.php",
|
|
array(
|
|
"share_collection" => $shares[$n]["collection"],
|
|
"uploadkey" => $shares[$n]["access_key"],
|
|
)
|
|
);
|
|
} elseif ($colshare) {
|
|
$editlink = generateURL(
|
|
$baseurl . "/pages/collection_share.php",
|
|
array(
|
|
"ref" => $shares[$n]["collection"],
|
|
"editaccess" => $shares[$n]["access_key"],
|
|
"editaccesslevel" => $shares[$n]["access"],
|
|
"editexpiration" => $shares[$n]["expires"],
|
|
"editgroup" => $shares[$n]["usergroup"],
|
|
"password" => $shares[$n]["password_hash"] != "" ? "true" : "",
|
|
)
|
|
);
|
|
} else {
|
|
// Edit a resource share
|
|
$editlink = generateURL(
|
|
$baseurl . "/pages/resource_share.php",
|
|
array(
|
|
"ref" => $shares[$n]["resource"],
|
|
"editaccess" => $shares[$n]["access_key"],
|
|
"editaccesslevel" => $shares[$n]["access"],
|
|
"editexpiration" => $shares[$n]["expires"],
|
|
"usergroup" => $shares[$n]["usergroup"],
|
|
"password" => $shares[$n]["password_hash"] != "" ? "true" : "",
|
|
)
|
|
);
|
|
}
|
|
|
|
$tableshare["tools"][] = array(
|
|
"icon" => "fas fa-edit",
|
|
"text" => $lang["action-edit"],
|
|
"url" => $editlink,
|
|
"modal" => false,
|
|
"onclick" => "return CentralSpaceLoad(\"" . $editlink . "\");"
|
|
);
|
|
}
|
|
|
|
$tabledata["data"][] = $tableshare;
|
|
}
|
|
}
|
|
|
|
include '../include/header.php';
|
|
?>
|
|
|
|
<script>
|
|
function check_delete_boxes() {
|
|
var deleteAccessKeys = jQuery(".deleteShareCheckBox:checked").parent().parent();
|
|
|
|
if (deleteAccessKeys.length > 0) {
|
|
jQuery("#accesskeys-delete-selected").attr("href", "<?php echo $baseurl_short; ?>pages/manage_external_shares.php");
|
|
jQuery("#accesskeys-delete-selected").removeClass("DisabledLink");
|
|
} else {
|
|
jQuery("#accesskeys-delete-selected").removeAttr("href");
|
|
jQuery("#accesskeys-delete-selected").addClass("DisabledLink");
|
|
jQuery("#accesskeys-delete-selected").removeAttr("onclick");
|
|
}
|
|
}
|
|
|
|
function delete_access_key_multiple() {
|
|
var deleteAccessKeys = jQuery(".deleteShareCheckBox:checked").parent().parent();
|
|
|
|
// Determine which confirmation prompt is to be to sent and assemble set of arrays to be passed to the api
|
|
var confirmationMessage="";
|
|
var countCollectionKeys = 0;
|
|
var countResourceKeys = 0;
|
|
var access_keys = [];
|
|
var resources = [];
|
|
var collections = [];
|
|
|
|
for (var i = 0; i < deleteAccessKeys.length; i++) {
|
|
var access_key_id = deleteAccessKeys[i].id;
|
|
var access_key = access_key_id.substr(11);
|
|
var table_row_cols = jQuery("#"+access_key_id).children();
|
|
var alert_row_col_adjust = 0;
|
|
|
|
<?php if ($alert_icon_offset) { ?>
|
|
alert_row_col_adjust = 1;
|
|
<?php } ?>
|
|
|
|
var collection = table_row_cols[alert_row_col_adjust + 1].textContent;
|
|
var resource = table_row_cols[alert_row_col_adjust + 2].textContent;
|
|
|
|
if (collection!="-") {
|
|
countCollectionKeys += 1;
|
|
}
|
|
|
|
if (resource!="-") {
|
|
countResourceKeys += 1;
|
|
}
|
|
|
|
access_keys.push(access_key);
|
|
resources.push(resource);
|
|
collections.push(collection);
|
|
}
|
|
|
|
var params={'access_keys': access_keys.join(','),'resources': resources.join(','), 'collections': collections.join(',')};
|
|
|
|
if (countCollectionKeys == 0 && countResourceKeys == 1) {
|
|
confirmationMessage = "<?php echo escape($lang['confirmdeleteaccessresource']); ?>";
|
|
} else if(countCollectionKeys == 0 && countResourceKeys > 1) {
|
|
confirmationMessage = "<?php echo escape($lang['confirmdeleteaccessmultires']); ?>";
|
|
} else if(countCollectionKeys == 1 && countResourceKeys == 0) {
|
|
confirmationMessage = "<?php echo escape($lang['confirmdeleteaccess']); ?>";
|
|
} else if(countCollectionKeys > 1 && countResourceKeys == 0) {
|
|
confirmationMessage = "<?php echo escape($lang['confirmdeleteaccessmulticol']); ?>";
|
|
} else if(countCollectionKeys > 0 && countResourceKeys > 0) {
|
|
confirmationMessage = "<?php echo escape($lang['confirmdeleteaccessmultimix']); ?>";
|
|
}
|
|
|
|
if (confirm(confirmationMessage)) {
|
|
api('delete_access_keys', params, function(response) {
|
|
CentralSpaceLoad(window.location.href);
|
|
},
|
|
<?php echo generate_csrf_js_object('delete_access_keys'); ?>
|
|
);
|
|
|
|
return false;
|
|
}
|
|
}
|
|
|
|
function delete_access_key(access_key, resource, collection) {
|
|
// Assume the deletion is for a resource level access key
|
|
var confirmationMessage = "<?php echo escape($lang['confirmdeleteaccessresource']); ?>";
|
|
var post_data = {
|
|
ajax: true,
|
|
delete_access_key: access_key,
|
|
delete_resource: resource,
|
|
<?php echo generateAjaxToken("delete_access_key"); ?>
|
|
};
|
|
|
|
// Adjust the data if the deletion is for a collection level access key
|
|
if (collection != '-') {
|
|
confirmationMessage = "<?php echo escape($lang['confirmdeleteaccess']); ?>";
|
|
delete post_data.resource;
|
|
post_data.delete_collection = collection;
|
|
}
|
|
|
|
if (confirm(confirmationMessage)) {
|
|
jQuery.post('<?php echo $url; ?>', post_data, function(response) {
|
|
if (response.success === true) {
|
|
jQuery('#access_key_' + access_key).remove();
|
|
}
|
|
},
|
|
'json'
|
|
);
|
|
|
|
return false;
|
|
}
|
|
|
|
return true;
|
|
}
|
|
|
|
function purge_expired_shares() {
|
|
var temp_form = document.createElement("form");
|
|
temp_form.setAttribute("id", "purgeform");
|
|
temp_form.setAttribute("method", "post");
|
|
temp_form.setAttribute("action", '<?php echo $url ?>');
|
|
|
|
var i = document.createElement("input");
|
|
i.setAttribute("type", "hidden");
|
|
i.setAttribute("name", "purge_expired");
|
|
i.setAttribute("value", "true");
|
|
temp_form.appendChild(i);
|
|
|
|
<?php if ($CSRF_enabled) { ?>
|
|
var csrf = document.createElement("input");
|
|
csrf.setAttribute("type", "hidden");
|
|
csrf.setAttribute("name", "<?php echo $CSRF_token_identifier; ?>");
|
|
csrf.setAttribute("value", "<?php echo generateCSRFToken($usersession, "shareform"); ?>");
|
|
temp_form.appendChild(csrf);
|
|
<?php } ?>
|
|
|
|
confirmationMessage = "<?php echo escape($lang['share_confirm_purge']); ?>";
|
|
|
|
if (confirm(confirmationMessage)) {
|
|
document.getElementById('share_list_container').appendChild(temp_form);
|
|
CentralSpacePost(document.getElementById('purgeform'),true);
|
|
}
|
|
}
|
|
|
|
|
|
function clearsharefilter() {
|
|
jQuery('#share_collection').val('0');
|
|
jQuery('#share_group').val('-1');
|
|
jQuery('#share_type').val('-1');
|
|
jQuery('#share_user').val('');
|
|
jQuery('#autocomplete').val('');
|
|
CentralSpacePost(document.getElementById('ShareFilterForm'));
|
|
}
|
|
</script>
|
|
|
|
<div class='BasicsBox'>
|
|
<h1>
|
|
<?php
|
|
echo escape($pagetitle);
|
|
render_help_link('user/manage_external_shares');
|
|
?>
|
|
</h1>
|
|
|
|
<?php
|
|
renderBreadcrumbs($breadcrumbs);
|
|
|
|
if (count($messages) > 0) {
|
|
echo "<div class='PageInformal'>" . implode("<br/>", $messages) . "</div>";
|
|
}
|
|
|
|
$introtext = text("introtext");
|
|
|
|
if ($introtext != "") {
|
|
echo "<p>" . text("introtext") . "</p>";
|
|
}
|
|
|
|
if (checkperm('a') && $expiredshares > 0) {
|
|
echo "<p><a href='#' onclick='purge_expired_shares();return false;'>" . LINK_CARET . escape($lang["share_purge_text"]) . "</a></p>";
|
|
}
|
|
|
|
?>
|
|
<form id="ShareFilterForm" method="POST" action="<?php echo $url; ?>">
|
|
<?php
|
|
generateFormToken('ShareFilterForm');
|
|
|
|
$single_user_select_field_id = "share_user";
|
|
$single_user_select_field_value = $share_user;
|
|
?>
|
|
<div id="QuestionShareFilter">
|
|
<?php
|
|
render_dropdown_question($lang["collection"], "share_collection", $allsharedcols, $share_collection, " class=\"stdwidth\"");
|
|
render_dropdown_question($lang["property-user_group"], "share_group", $allsharedgroups, $share_group, " class=\"stdwidth\"");
|
|
$sharetypes = array(
|
|
"-1" => ($share_type == -1 ? $lang["action-select"] : $lang["all"]),
|
|
"0" => $lang["share_type_view"],
|
|
"1" => $lang["share_type_upload"],
|
|
);
|
|
|
|
render_dropdown_question($lang["share_type"], "share_type", $sharetypes, $share_type, " class=\"stdwidth\"");
|
|
|
|
if (checkperm('a')) { ?>
|
|
<div class="Question" id="QuestionShareUser">
|
|
<label><?php echo escape($lang["share_user"]); ?></label>
|
|
<?php include __DIR__ . "/../include/user_select.php" ?>
|
|
<div class="clearerleft"></div>
|
|
</div>
|
|
<?php
|
|
} ?>
|
|
|
|
<div class="Question" id="QuestionShareFilterSubmit">
|
|
<input type="button" id="filter_button" class="searchbutton" value="<?php echo escape($lang['filterbutton']); ?>" onclick="return CentralSpacePost(document.getElementById('ShareFilterForm'));">
|
|
<input type="button" id="clear_button" class="searchbutton" value="<?php echo escape($lang['clearbutton']); ?>" onclick="clearsharefilter();return CentralSpacePost(document.getElementById('ShareFilterForm'));">
|
|
<div class="clearerleft"></div>
|
|
</div>
|
|
</div>
|
|
</form>
|
|
|
|
<form id="ShareDeleteForm" method="POST" action="<?php echo $url; ?>">
|
|
<?php generateFormToken('ShareDeleteForm'); ?>
|
|
|
|
<div class="ListViewBulkActions">
|
|
<a id="accesskeys-delete-selected" onclick="delete_access_key_multiple();return false;" class="DisabledLink">
|
|
<i class="fas fa-trash-alt"></i><?php echo escape($lang["action-delete"] . " " . $lang["selected"]); ?>
|
|
</a>
|
|
<input type="hidden" id="accesskeys-selected" value="">
|
|
</div>
|
|
</form>
|
|
|
|
<div id='share_list_container' class='BasicsBox'>
|
|
<?php render_table($tabledata); ?>
|
|
</div>
|
|
</div>
|
|
|
|
<?php
|
|
include '../include/footer.php';
|
|
|