修改了后台元数据附件管理功能，增加了防止普通用户使用后台ajax上传的判断

application/admin/controllers/DataController.php

@@ -1297,6 +1297,13 @@ class Admin_DataController extends Zend_Controller_Action
 				exit();
 			}
 			
+			if($user->usertype!='administrator')
+			{
+				$msg['error'] = "您无权使用此功能";
+				echo Zend_Json::encode($msg);
+				exit();
+			}
+			
 			$files=new files();
 			$msg = $files -> upload($this->view->config->upload,$_FILES['Filedata'],'md');
 			
@@ -1319,7 +1326,7 @@ class Admin_DataController extends Zend_Controller_Action
 				$sql = "insert into mdattach (uuid,id) values ('$uuid','$attid')";
 				if($this->db->exec($sql))
 				{
-					$msg['html'] = $realname.'[已完成]<input type="hidden" name="atts[]" value="'.$attid.'" /><div class="cancel"><a href="javascript:;" id="deletebtn_'.$attid.'"><img border="0" src="/static/js/uploadify/cancel.png" /></a></div>';
+					$msg['html'] = $realname.'['. round($filesize/1024,2) .' kb]<input type="hidden" name="atts[]" value="'.$attid.'" /><div class="cancel"><a href="javascript:;" id="deletebtn_'.$attid.'"><img border="0" src="/static/js/uploadify/cancel.png" /></a></div>';
 					echo Zend_Json::encode($msg);
 					exit();
 				}else{
@@ -1343,6 +1350,41 @@ class Admin_DataController extends Zend_Controller_Action
 			exit();
 		}
    }// uploadAction ajax上传附件
+   
+   function getattsAction(){
+		
+		$this->_helper->layout()->disableLayout();
+		$this->_helper->viewRenderer->setNoRender();
+		
+		$uuid = $this->_request->getParam('uuid');
+		
+		if($uuid!='')
+		{
+			$auth = Zend_Auth::getInstance();
+			if($auth->hasIdentity())
+			{
+				$user = $auth->getIdentity();
+				$userid = $user->id;
+				$sql = "select m.*,a.*,d.title from mdattach m
+						left join attachments a on m.id = a.id
+						left join metadata d on m.uuid=d.uuid where m.uuid='$uuid'";
+				$rs = $this->db->query($sql);
+				$atts = $rs->fetchAll();
+				foreach($atts as $k=>$v)
+				{
+					$atts[$k]['html']=$v['realname'].'['. round($v['filesize']/1024,2) .' kb]<input type="hidden" name="atts[]" value="'.$v['id'].'" /><div class="cancel"><a href="javascript:;" id="deletebtn_'.$v['id'].'"><img border="0" src="/static/js/uploadify/cancel.png" /></a></div>';
+				}
+				echo Zend_Json::encode($atts);
+				exit();
+			}else
+			{
+				exit();
+			}
+		}else{
+			exit();
+		}
+		//不输出错误
+	}//获取附件
 	
 	/*
 	获得单个文件的信息

application/admin/views/scripts/data/attachmentsadd.phtml

@@ -16,15 +16,24 @@
 <?= $this->partial('data/left.phtml'); ?>
 </div>
 <div id="rightPanel">
-<?php if ($this->msg or $this->messages) :?>
-<div id="message">
-<?php if ($this->msg) : ?>
-	<p><?php echo $this->msg; ?></p>
-<?php endif; if ($this->messages): foreach($this->messages as $msg): ?>
-	<p><?php echo $msg; ?></p>
-<?php endforeach;endif; ?>
+
+<div class="ctrlplan">
+<a href="/admin/data/md/att/1/uuid/<?php echo $this->uuid;?>">返回元数据附件列表</a>
+<a href="/data/<?php echo $this->uuid; ?>">查看元数据</a>
 </div>
-<?php endif; ?>
+
+<?php 
+
+$auth = Zend_Auth::getInstance();
+			if($auth->hasIdentity())
+			{
+				$user = $auth->getIdentity();
+				$userid = $user->id;
+				echo $user->usertype;
+			}
+
+?>
+
 	
     <form action="#" method="POST" enctype='multipart/form-data'>
     <input type="hidden" name="add" value="1" />
@@ -81,5 +90,21 @@ $('#file_upload').uploadify({
 			}
 			});
 		}
+		
+	 $.getJSON("/admin/data/getatts/uuid/<?php echo $this->uuid;?>", function(data) {
+		  if(data)
+		  {
+			  $.each(data, function(key, val) {
+							$('<li/>', {
+							  	"id":'uploadedItem_'+val['id'],
+							    "class":'uploadifyQueueItem',
+								"html": val['html']
+							}).appendTo('#datalist');
+							$('#deletebtn_'+val['id']).bind('click', function() {
+							  	deleteatt(val['id']);
+							});
+			  });
+		  }
+		});
 });
 </script>

application/admin/views/scripts/data/attmanager.phtml

@@ -26,16 +26,17 @@
 <div class="ctrlplan">
 <a href="/admin/data/md/att/1/uuid/<?php echo $this->uuid;?>/addatts/1/mdtitle/<?php echo $this->mdtitle ;?>">为此元数据选择附件</a>
 <a href="/admin/data/attachments/add/1/uuid/<?php echo $this->uuid;?>">为此元数据添加附件</a>
+<a href="/data/<?php echo $this->uuid; ?>">查看元数据</a>
 </div>
 
 <table class="stylized">
 <thead><tr>
-	<th width='300'>文件名</th>
+	<th width='250'>文件名</th>
     <th width='80'>类型</th>
     <th width='80'>大小</th>
     <th width='80'>下载次数</th>
 	<th width='150'>上传时间</th>
-    <th width="150">操作</th>
+    <th width="200">操作</th>
 	</tr></thead>
 	<tbody>
     <?php 
@@ -51,6 +52,7 @@
 	  <td>'.date('Y-m-d H:i:s',strtotime($v['ts_created'])).'</td>
 	  <td>
 	  <a href="/admin/data/attachments/" onclick="return confirm(\'是否确定删除该附件？\')">从此元数据中移除</a>
+	  <a href="/service/attach/id/'.$v['id'].'">下载</a>
 	  </td> 
 	  </tr>';
 	}