* @author Romain Quetiez * @author Denis Flaven * @license http://www.opensource.org/licenses/gpl-3.0.html LGPL */ require_once('../../approot.inc.php'); require_once(APPROOT.'/application/application.inc.php'); require_once(APPROOT.'/application/webpage.class.inc.php'); require_once(APPROOT.'/application/ajaxwebpage.class.inc.php'); try { require_once(APPROOT.'/application/startup.inc.php'); // require_once(APPROOT.'/application/user.preferences.class.inc.php'); require_once(APPROOT.'/application/loginwebpage.class.inc.php'); LoginWebPage::DoLogin(false /* bMustBeAdmin */, true /* IsAllowedToPortalUsers */); // Check user rights and prompt if needed $oPage = new ajax_page(""); $oPage->no_cache(); $sOperation = utils::ReadParam('operation', ''); switch($sOperation) { case 'add': $aResult = array( 'error' => '', 'att_id' => 0, 'msg' => '' ); $sObjClass = stripslashes(utils::ReadParam('obj_class', '', false, 'class')); $sTempId = utils::ReadParam('temp_id', ''); if (empty($sObjClass)) { $aResult['error'] = "Missing argument 'obj_class'"; } elseif (empty($sTempId)) { $aResult['error'] = "Missing argument 'temp_id'"; } else { try { $oDoc = utils::ReadPostedDocument('file'); $oAttachment = MetaModel::NewObject('Attachment'); $oAttachment->Set('expire', time() + 3600); // one hour... $oAttachment->Set('temp_id', $sTempId); $oAttachment->Set('item_class', $sObjClass); $oAttachment->Set('item_id', 0); $oAttachment->Set('contents', $oDoc); $iAttId = $oAttachment->DBInsert(); $aResult['msg'] = $oDoc->GetFileName(); $aResult['icon'] = utils::GetAbsoluteUrlAppRoot().AttachmentPlugIn::GetFileIcon($oDoc->GetFileName()); $aResult['att_id'] = $iAttId; } catch (FileUploadException $e) { $aResult['error'] = $e->GetMessage(); } } $oPage->add(json_encode($aResult)); break; case 'remove': $iAttachmentId = utils::ReadParam('att_id', ''); $oSearch = DBObjectSearch::FromOQL("SELECT Attachment WHERE id = :id"); $oSet = new DBObjectSet($oSearch, array(), array('id' => $iAttachmentId)); while ($oAttachment = $oSet->Fetch()) { $oAttachment->DBDelete(); } break; default: $oPage->p("Missing argument 'operation'"); } $oPage->output(); } catch (Exception $e) { echo $e->GetMessage(); IssueLog::Error($e->getMessage()); } ?>