You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
389 lines
18 KiB
389 lines
18 KiB
<?php
|
|
if (!defined('IN_DZZ')) {
|
|
exit('Access Denied');
|
|
}
|
|
global $_G;
|
|
Hook::listen('check_login');//检查是否登录,未登录跳转到登录界面
|
|
$uid = $_G['uid'];
|
|
$gid = isset($_GET['gid']) ? $_GET['gid'] : '';
|
|
//群组信息
|
|
if (!$group = C::t('organization')->fetch($gid)) {
|
|
showmessage(lang('no_group'), dreferer());
|
|
}
|
|
//获取群组成员权限
|
|
$perm = C::t('organization_admin')->chk_memberperm($gid, $uid);
|
|
//判断群组是否开启,如果未开启(共享目录)并且不是管理员不能访问
|
|
if (!$group['diron'] && !$perm) {
|
|
showmessage(lang('no_privilege'), dreferer());
|
|
}
|
|
//判断是否有权限访问群组,如果不是管理员权限(主要针对系统管理员和上级管理员),并且非成员
|
|
if (!$perm && !C::t('organization')->ismember($gid, $uid, false)) {
|
|
showmessage(lang('no_privilege'), dreferer());
|
|
}
|
|
|
|
$perms = get_permsarray();//获取所有权限
|
|
|
|
$explorer_setting = get_resources_some_setting();
|
|
if ($group['type'] == 1 && !$explorer_setting['grouponperm']) {
|
|
showmessage(lang('no_privilege'), dreferer());
|
|
}
|
|
if ($group['type'] == 0 && !$explorer_setting['orgonperm']) {
|
|
showmessage(lang('no_privilege'), dreferer());
|
|
}
|
|
$contenterrormsg = '';
|
|
if (!$group['syatemon']) {
|
|
showmessage(lang('no_group_by_system'), dreferer());
|
|
}
|
|
if (!$group['manageon'] && $perm < 1) {
|
|
showmessage(lang('no_privilege'), dreferer());
|
|
}
|
|
|
|
if (!$group['available']) {
|
|
$contenterrormsg = lang('group_no_file_by_system');
|
|
} else {
|
|
if (!$group['diron'] && !$perm) {
|
|
$contenterrormsg = ($group['type'] > 0) ? lang('group_no_file_by_manage') : lang('group_no_file_by_system');
|
|
}
|
|
}
|
|
$allowvisit = array('file', 'group_ajax', 'right_popbox', 'delete_group');
|
|
$do = isset($_GET['do']) ? trim($_GET['do']) : 'file';
|
|
if ($do == 'delete_group') {
|
|
if ($group['type'] == 0 && $_G['adminid'] != 1) {
|
|
exit(json_encode(array('error' => lang('no_privilage'))));
|
|
}
|
|
if ($group['type'] == 1 && $perm < 2) {
|
|
exit(json_encode(array('error' => lang('no_privilage'))));
|
|
}
|
|
$return = C::t('organization')->delete_by_orgid($gid);
|
|
if (isset($return['error'])) {
|
|
exit(json_encode(array('error' => $return['error'])));
|
|
} else {
|
|
exit(json_encode(array('success' => true)));
|
|
}
|
|
} elseif ($do == 'file') {
|
|
$fid = isset($_GET['fid']) ? intval($_GET['fid']) : '';
|
|
if (!$fid) $fid = $group['fid'];
|
|
$folderinfo = C::t('folder')->fetch_folderinfo_by_fid($fid);
|
|
$folderpatharr = getpath($folderinfo['path']);
|
|
$folderpathstr = implode('\\', $folderpatharr);
|
|
|
|
//统计打开次数,如果当前文件夹在resources表无数据,则记录其文件夹id对应数据
|
|
if ($rid = C::t('resources')->fetch_rid_by_fid($fid)) {
|
|
$rid = C::t('resources')->fetch_rid_by_fid($fid);
|
|
$setarr = array(
|
|
'uid' => $uid,
|
|
'views' => 1,
|
|
'opendateline' => TIMESTAMP,
|
|
'fid' => $fid
|
|
);
|
|
C::t('resources_statis')->add_statis_by_rid($rid, $setarr);
|
|
} else {
|
|
$setarr = array(
|
|
'uid' => $uid,
|
|
'views' => 1,
|
|
'opendateline' => TIMESTAMP,
|
|
);
|
|
C::t('resources_statis')->add_statis_by_fid($fid, $setarr);
|
|
}
|
|
} elseif ($do == 'group_ajax') {
|
|
$operation = isset($_GET['operation']) ? trim($_GET['operation']) : '';
|
|
if ($operation == 'addgroupuser') {//添加群组成员
|
|
$gid = isset($_GET['gid']) ? intval($_GET['gid']) : '';
|
|
if (!$perm || !$group['type']) {
|
|
return array('error' => lang('no_privilege'));
|
|
}
|
|
//添加或修改用户时
|
|
if (submitcheck('selectsubmit')) {
|
|
$uidarr = explode(',', trim($_GET['uids']));
|
|
$uids = array();
|
|
$userarr = array();
|
|
foreach ($uidarr as $v) {
|
|
$uids[] = preg_replace('/uid_/', '', $v);
|
|
}
|
|
$type = intval($_GET['type']) ? 1 : 0;
|
|
//获取群组原用户数据
|
|
$olduids = C::t('organization_user')->fetch_uids_by_orgid($gid);
|
|
|
|
//获取管理员数据
|
|
$adminer = C::t('organization_admin')->fetch_uids_by_orgid($gid);
|
|
|
|
$getuserids = array_merge($olduids, $uids);
|
|
|
|
//获取用户数据
|
|
foreach (DB::fetch_all("select username,uid from %t where uid in(%n)", array('user', $getuserids)) as $v) {
|
|
$userarr[$v['uid']] = $v['username'];
|
|
}
|
|
|
|
//删除用户
|
|
$removeuser = array();
|
|
$insertuser = array();
|
|
|
|
foreach ($olduids as $v) {
|
|
if (!in_array($v, $uids) && ($uid != $v || ($uid == $v && $_G['adminid'] == 1))) {
|
|
$removeuser[] = $v;
|
|
}
|
|
}
|
|
$delusers = array();
|
|
//判断删除用户权限并删除用户
|
|
if (count($removeuser) > 0) {
|
|
foreach ($removeuser as $k => $v) {
|
|
$uperm = C::t('organization_admin')->chk_memberperm($gid, $v);
|
|
//如果是系统管理员
|
|
if ($_G['adminid'] == 1) {
|
|
if (($group['type'] == 1 && $uperm > 1 && $_G['uid'] != $v)) {
|
|
unset($removeuser[$k]);
|
|
continue;
|
|
} else {
|
|
$delusers[$v] = $userarr[$v];
|
|
}
|
|
} else {
|
|
//如果操作对象是管理员,并且操作的是群组当前用户不是创建人或者机构,不允许操作
|
|
if (in_array($v, $adminer) && (($group['type'] == 1 && $perm < 2) || $group['type'] == 0)) {
|
|
unset($removeuser[$k]);
|
|
continue;
|
|
} else {
|
|
$delusers[$v] = $userarr[$v];
|
|
}
|
|
}
|
|
}
|
|
}
|
|
$appid = C::t('app_market')->fetch_appid_by_mod('{dzzscript}?mod=' . MOD_NAME, 2);
|
|
if (count($removeuser) > 0) {
|
|
|
|
foreach (C::t('organization_user')->delete_by_uid_orgid($removeuser, $gid) as $v) {
|
|
if ($v['uid'] != getglobal('uid')) {
|
|
$notevars = array(
|
|
'from_id' => $appid,
|
|
'from_idtype' => 'app',
|
|
// 'url' => getglobal('siteurl') . '/#group&gid='.$orgid,
|
|
'author' => getglobal('username'),
|
|
'authorid' => getglobal('uid'),
|
|
'dataline' => dgmdate(TIMESTAMP),
|
|
'fname' => getstr($group['orgname'], 31),
|
|
);
|
|
$action = 'explorer_user_remove';
|
|
$ntype = 'explorer_user_remove_' . $gid;
|
|
|
|
dzz_notification::notification_add($v['uid'], $ntype, $action, $notevars, 1, 'dzz/explorer');
|
|
}
|
|
}
|
|
//增加事件
|
|
$eventdata = array('username' => getglobal('username'), 'uid' => getglobal('uid'), 'orgname' => $group['orgname'], 'delusers' => implode(',', $delusers));
|
|
C::t('resources_event')->addevent_by_pfid($group['fid'], 'delete_group_user', 'deleteuser', $eventdata, $gid, '', $group['orgname']);
|
|
}
|
|
//新添加用户
|
|
$insertuserdata = array();
|
|
$insertusername = array();
|
|
foreach ($uids as $v) {
|
|
if (!in_array($v, $olduids) && !empty($v)) {
|
|
$insertuser[] = $v;
|
|
$insertusername[] = $userarr[$v];
|
|
$insertuserdata[] = array('uid' => $v, 'username' => $userarr[$v], 'ufirst' => new_strsubstr(ucfirst($userarr[$v]), 1, ''));
|
|
}
|
|
|
|
}
|
|
//添加用户
|
|
if (count($insertuser) > 0) {
|
|
$permtitle = lang('explorer_gropuperm');
|
|
foreach (C::t('organization_user')->insert_by_orgid($gid, $insertuser) as $iu) {
|
|
//发送通知
|
|
if ($iu != getglobal('uid')) {
|
|
$notevars = array(
|
|
'from_id' => $appid,
|
|
'from_idtype' => 'app',
|
|
'url' => getglobal('siteurl') . MOD_URL . '#group&gid=' . $gid,
|
|
'author' => getglobal('username'),
|
|
'authorid' => getglobal('uid'),
|
|
'dataline' => dgmdate(TIMESTAMP),
|
|
'fname' => getstr($group['orgname'], 31),
|
|
'permtitle' => $permtitle[0]
|
|
);
|
|
$action = 'explorer_user_add';
|
|
$ntype = 'explorer_user_add_' . $gid;
|
|
dzz_notification::notification_add($iu, $ntype, $action, $notevars, 1, 'dzz/explorer');
|
|
}
|
|
}
|
|
$insertuserdata = C::t('resources_event')->result_events_has_avatarstatusinfo($insertuser, $insertuserdata);
|
|
//增加事件
|
|
$eventdata = array('username' => getglobal('username'), 'uid' => getglobal('uid'), 'orgname' => $group['orgname'], 'insertusers' => implode(',', $insertusername));
|
|
C::t('resources_event')->addevent_by_pfid($group['fid'], 'add_group_user', 'adduser', $eventdata, $gid, '', $group['orgname']);
|
|
}
|
|
if ($type == 1) {
|
|
exit(json_encode(array('success' => true, 'insertuser' => $insertuserdata, 'delusers' => $delusers, 'adminid' => ($_G['adminid'] == 1) ? 1 : 0, 'perm' => $perm, 'grouptype' => $group['type'])));
|
|
} else {
|
|
exit(json_encode(array('success' => true, 'fid' => $group['fid'])));
|
|
}
|
|
}
|
|
} elseif ($operation == 'groupsetting') {
|
|
$gid = $_GET['gid'];
|
|
if (!$perm || !$group['type']) {
|
|
return array('error' => lang('no_privilege'));
|
|
}
|
|
if (isset($_GET['setsubmit'])) {
|
|
$arr = $_GET['arr'];
|
|
if ($arr['diron']) {
|
|
$arr['diron'] = 1;
|
|
} else {
|
|
$arr['diron'] = 0;
|
|
}
|
|
$return = C::t('organization')->update_by_orgid($gid, $arr);
|
|
if ($return['error']) {
|
|
showTips(array('error' => $return['error']), 'json');
|
|
} else {
|
|
showTips(array('success' => true), 'json');
|
|
}
|
|
|
|
} else {
|
|
//$group = C::t('organization')->fetch($gid);
|
|
$grouppatharr = getpath($groupinfo['path']);
|
|
$grouppathstr = implode('\\', $grouppatharr);
|
|
}
|
|
} elseif ($operation == 'getAtData') {
|
|
$gid = isset($_GET['gid']) ? intval($_GET['gid']) : '';
|
|
$fid = isset($_GET['fid']) ? intval($_GET['fid']) : '';
|
|
$keyword = isset($_GET['term']) ? trim($_GET['term']) : '';
|
|
if (!$fid) {
|
|
$rid = isset($_GET['rid']) ? trim($_GET['rid']) : '';
|
|
$fileinfo = C::t('resources')->fetch_info_by_rid($rid);
|
|
if ($fileinfo['type'] == 'folder') {
|
|
$fid = $fileinfo['oid'];
|
|
} else {
|
|
$fid = $fileinfo['pfid'];
|
|
}
|
|
}
|
|
$perm = DB::result_first("select perm_inherit from %t where fid = %d", array('folder', $fid));
|
|
$powerarr = perm_binPerm::getPowerArr();
|
|
$uids = array();
|
|
if ($perm & $powerarr['read2']) {
|
|
$members = C::t('organization_user')->fetch_parentadminer_andchild_uid_by_orgid($gid, true);
|
|
$uids = $members['all'];
|
|
} else {
|
|
$members = C::t('organization_user')->fetch_parentadminer_andchild_uid_by_orgid($gid, false);
|
|
$uids = $members['adminer'];
|
|
}
|
|
|
|
$params = array('user', $uids);
|
|
$sql_user = 'where uid in(%n) ';
|
|
if ($keyword) {
|
|
$sql_user .= ' and username like %s';
|
|
$params[] = '%' . $keyword . '%';
|
|
}
|
|
$list = array();
|
|
foreach (DB::fetch_all("select uid,username from %t $sql_user", $params) as $value) {
|
|
if ($value['uid'] == $uid) continue;
|
|
$list[] = array('name' => $value['username'],
|
|
'searchkey' => pinyin::encode($value['username'], 'all') . $value['username'],
|
|
'id' => 'u' . $value['uid'],
|
|
'title' => $value['username'] . ':' . 'u' . $value['uid'],
|
|
'avatar' => avatar_block($value['uid'])
|
|
);
|
|
}
|
|
exit(json_encode($list));
|
|
}
|
|
include template('group_ajax');
|
|
exit();
|
|
} elseif ($do == 'right_popbox') {
|
|
$uuid = $_GET['uid'];
|
|
//成员相关信息
|
|
$userinfos = DB::fetch_first("select u.username, u.uid from %t u where u.uid = %d", array('user', $uuid));
|
|
$uperm = DB::fetch_first("select admintype from %t where uid = %d and orgid = %d", array('organization_admin', $uuid, $gid));
|
|
$userinfos['perm'] = (isset($uperm['admintype'])) ? $uperm['admintype'] : 0;
|
|
$allowoperation = array('setmemberperm', 'deletemember');
|
|
if ($operation && !in_array($operation, $allowoperation)) {
|
|
showmessage(lang('explorer_do_failed'), dreferer());
|
|
}
|
|
$operation = isset($_GET['operation']) ? trim($_GET['operation']) : '';
|
|
if ($operation && !in_array($operation, $allowoperation)) {
|
|
showmessage(lang('explorer_do_failed'), dreferer());
|
|
}
|
|
|
|
if ($operation == 'setmemberperm') {
|
|
$guid = isset($_GET['guid']) ? intval($_GET['guid']) : '';
|
|
$perm = isset($_GET['perm']) ? intval($_GET['perm']) : '';
|
|
$appid = C::t('app_market')->fetch_appid_by_mod('{dzzscript}?mod=' . MOD_NAME, 2);
|
|
$return = C::t('organization_user')->set_admin_by_giduid($guid, $gid, $perm);
|
|
if ($return['success']) {
|
|
$appid = C::t('app_market')->fetch_appid_by_mod('{dzzscript}?mod=' . MOD_NAME, 2);
|
|
$permtitle = lang('explorer_gropuperm');
|
|
if ($guid != getglobal('uid')) {
|
|
$notevars = array(
|
|
'from_id' => $appid,
|
|
'from_idtype' => 'app',
|
|
'url' => $_G['siteurl'] . MOD_URL . '/#group&gid=' . $gid,
|
|
'author' => getglobal('username'),
|
|
'authorid' => getglobal('uid'),
|
|
'dataline' => dgmdate(TIMESTAMP),
|
|
'fname' => getstr($group['orgname'], 31),
|
|
'permtitle' => $permtitle[$perm],
|
|
);
|
|
$action = 'explorer_user_change';
|
|
$type = 'explorer_user_change_' . $gid;
|
|
|
|
dzz_notification::notification_add($guid, $type, $action, $notevars, 1, 'dzz/explorer');
|
|
if ($return['olduser']) {
|
|
$notevars = array(
|
|
'from_id' => $appid,
|
|
'from_idtype' => 'app',
|
|
'url' => $_G['siteurl'] . MOD_URL . '#group&gid=' . $gid,
|
|
'author' => getglobal('username'),
|
|
'authorid' => getglobal('uid'),
|
|
'dataline' => dgmdate(TIMESTAMP),
|
|
'fname' => getstr($group['orgname'], 31),
|
|
'permtitle' => $permtitle[0],
|
|
);
|
|
$action = 'explorer_user_change';
|
|
$type = 'explorer_user_change_' . $gid;
|
|
dzz_notification::notification_add($return['olduser']['uid'], $type, $action, $notevars, 1, 'dzz/explorer');
|
|
|
|
}
|
|
}
|
|
if ($perm == 2) {
|
|
$body_data = array('username' => getglobal('username'), 'oldusername' => $return['olduser']['username'], 'groupname' => $group['orgname'], 'newusername' => $return['member']);
|
|
$event_body = 'change_creater';
|
|
} else {
|
|
$body_data = array('username' => getglobal('username'), 'groupname' => $group['orgname'], 'permname' => $permtitle[$perm], 'member' => $return['member']);
|
|
$event_body = 'update_member_perm';
|
|
}
|
|
C::t('resources_event')->addevent_by_pfid($group['fid'], $event_body, 'update_perm', $body_data, $gid, '', $group['orgname']);//记录事件
|
|
}
|
|
exit(json_encode($return));
|
|
|
|
} elseif ($operation == 'deletemember') {
|
|
$guid = isset($_GET['uids']) ? $_GET['uids'] : '';
|
|
$deluids = C::t('organization_user')->delete_by_uid_orgid($guid, $gid, 1);
|
|
if ($deluids) {
|
|
$appid = C::t('app_market')->fetch_appid_by_mod('{dzzscript}?mod=explorer', 2);
|
|
foreach ($deluids as $v) {
|
|
if ($v['uid'] != getglobal('uid')) {
|
|
$notevars = array(
|
|
'from_id' => $appid,
|
|
'from_idtype' => 'app',
|
|
// 'url' => getglobal('siteurl') . '/#group&gid='.$orgid,
|
|
'author' => getglobal('username'),
|
|
'authorid' => getglobal('uid'),
|
|
'dataline' => dgmdate(TIMESTAMP),
|
|
'fname' => getstr($group['orgname'], 31),
|
|
);
|
|
$action = 'explorer_user_remove';
|
|
$type = 'explorer_user_remove_' . $gid;
|
|
|
|
dzz_notification::notification_add($v['uid'], $type, $action, $notevars, 1, 'dzz/explorer');
|
|
}
|
|
}
|
|
$deluserarr = array();
|
|
foreach (DB::fetch_all("select username from %t where uid in(%n)", array('user', $deluids)) as $v) {
|
|
$deluserarr[] = $v['username'];
|
|
}
|
|
//增加事件
|
|
$eventdata = array('username' => getglobal('username'), 'uid' => getglobal('uid'), 'orgname' => $group['orgname'], 'delusers' => implode(',', $deluserarr));
|
|
C::t('resources_event')->addevent_by_pfid($group['fid'], 'delete_group_user', 'deleteuser', $eventdata, $gid, '', $group['orgname']);
|
|
}
|
|
|
|
exit(json_encode(array('success' => true, 'uids' => $deluids)));
|
|
} else {
|
|
include template('template_right_popbox');
|
|
}
|
|
exit();
|
|
}
|
|
include template('mydocument_content');
|
|
exit();
|