"; $verified = 1; } # is this a voice doc? if ( $voiceId = getBlobVoiceId($MySQL,$docid,$err) ) { # print "this a voice ($voiceId) doc
"; $step_id = getStepIdByVoiceId($MySQL,$voiceId,$err); if ( ! check4Errors($err) ) { exit; } if ( isUserConsulente($MySQL,$ruser,$err) ) { if ( hasSiteUserStepPermission($MySQL,$ruser,$step_id,$err) ) { # print "$ruser has permissions on step $step_id for doc$docid
"; $stp = getFullStepById($MySQL,$step_id,$err); if ( ! check4Errors($err) ) { exit; } if ( $stp[inve_step_id_status] >= 0 ) { $verified = 1; }else{ ; # print "Step$step_id not active anymore...
"; } } }elseif ( isUserInventore($MySQL,$ruser,$err) ) { $stp = getFullStepById($MySQL,$step_id,$err); if ( ! check4Errors($err) ) { exit; } $inve = getInventionById($MySQL,$stp[inve_id],$err); if ( ! check4Errors($err) ) { exit; } $profile = getProfileByInveId($MySQL,$stp[inve_id],$err); if ( ! check4Errors($err) ) { exit; } #$siteU = getSiteUserByProfileSiteUserId($MySQL,$au,$err); if ( $profile[inve_id_site_user] == $ruser ) { $voicelist = getInventorStepVoicesByStepId($MySQL,$step_id,$ruser,&$err); foreach ( $voicelist as $vl ) { if ( $vl[inve_step_voce_id] == $voiceId ) { $voice = getVoiceById($MySQL,$voiceId,$err); if ( $voice[inve_step_voce_id_tipo] == 0 ) { $verified = 1; } break; } } } } } } # print "$ruser - $owner - $isAdmin
"; if ( ! $verified ) { $msg = "Permission denied for $ruser ($isAdmin)!"; }else{ $msg = "PERMISSION OK, $ruser ($isAdmin) get the doc of $owner!"; } if ( ! $verified ) { # if ( 1 ) { print " $style $jscript "; print "$msg"; return; } */ $blid = IsSet($_REQUEST[id]) ? $_REQUEST[id] : ''; ### 4 IN PAGE GALLERY #### $chid = IsSet($_REQUEST[chid]) ? $_REQUEST[chid] : ''; $bs = IsSet($_REQUEST[bs]) ? $_REQUEST[bs] : ''; ############################### if ( $blid ) { $blob = getBlob($blid,$err); }else{ $blob = getBlobChild($chid,$bs,$err); } if ( ! check4Errors($err) ) { exit; } $file_name = $blob[file_name]; $mime_type = getMimeType($blob[file_type]); $substr_type = substr($mime_type,0,5); # print "blob type: $blob[file_type], mime: $mime_type, type $substr_type
"; if ( $substr_type == 'image' ) { $dispo_type = 'inline'; }else{ $dispo_type = 'attachment'; } #exit; header( "Content-type: $mime_type"); header("Content-Disposition: $dispo_type; filename=\"$file_name\""); echo $blob[file_bin]; # } function verifyAuthorization($MySQL,$docid,$ruser,&$err_msg) { $groups = isUserAdmin($MySQL,$ruser,$err); if ( ! check4Errors($err) ) { exit; } $owner = getTs2DocOwner($MySQL,$docid,$err); if ( ! check4Errors($err) ) { exit; } if ( $ruser == $owner || $isAdmin ) { return 1; }else{ return 0; } } ?>