修改了后台元数据附件管理功能,增加了防止普通用户使用后台ajax上传的判断

This commit is contained in:
Li Jianxuan 2011-11-09 09:54:08 +00:00
parent fcf0dd2bf2
commit 00bcc25b1e
3 changed files with 80 additions and 11 deletions

View File

@ -1297,6 +1297,13 @@ class Admin_DataController extends Zend_Controller_Action
exit(); exit();
} }
if($user->usertype!='administrator')
{
$msg['error'] = "您无权使用此功能";
echo Zend_Json::encode($msg);
exit();
}
$files=new files(); $files=new files();
$msg = $files -> upload($this->view->config->upload,$_FILES['Filedata'],'md'); $msg = $files -> upload($this->view->config->upload,$_FILES['Filedata'],'md');
@ -1319,7 +1326,7 @@ class Admin_DataController extends Zend_Controller_Action
$sql = "insert into mdattach (uuid,id) values ('$uuid','$attid')"; $sql = "insert into mdattach (uuid,id) values ('$uuid','$attid')";
if($this->db->exec($sql)) if($this->db->exec($sql))
{ {
$msg['html'] = $realname.'[已完成]<input type="hidden" name="atts[]" value="'.$attid.'" /><div class="cancel"><a href="javascript:;" id="deletebtn_'.$attid.'"><img border="0" src="/static/js/uploadify/cancel.png" /></a></div>'; $msg['html'] = $realname.'['. round($filesize/1024,2) .' kb]<input type="hidden" name="atts[]" value="'.$attid.'" /><div class="cancel"><a href="javascript:;" id="deletebtn_'.$attid.'"><img border="0" src="/static/js/uploadify/cancel.png" /></a></div>';
echo Zend_Json::encode($msg); echo Zend_Json::encode($msg);
exit(); exit();
}else{ }else{
@ -1343,6 +1350,41 @@ class Admin_DataController extends Zend_Controller_Action
exit(); exit();
} }
}// uploadAction ajax上传附件 }// uploadAction ajax上传附件
function getattsAction(){
$this->_helper->layout()->disableLayout();
$this->_helper->viewRenderer->setNoRender();
$uuid = $this->_request->getParam('uuid');
if($uuid!='')
{
$auth = Zend_Auth::getInstance();
if($auth->hasIdentity())
{
$user = $auth->getIdentity();
$userid = $user->id;
$sql = "select m.*,a.*,d.title from mdattach m
left join attachments a on m.id = a.id
left join metadata d on m.uuid=d.uuid where m.uuid='$uuid'";
$rs = $this->db->query($sql);
$atts = $rs->fetchAll();
foreach($atts as $k=>$v)
{
$atts[$k]['html']=$v['realname'].'['. round($v['filesize']/1024,2) .' kb]<input type="hidden" name="atts[]" value="'.$v['id'].'" /><div class="cancel"><a href="javascript:;" id="deletebtn_'.$v['id'].'"><img border="0" src="/static/js/uploadify/cancel.png" /></a></div>';
}
echo Zend_Json::encode($atts);
exit();
}else
{
exit();
}
}else{
exit();
}
//不输出错误
}//获取附件
/* /*
获得单个文件的信息 获得单个文件的信息

View File

@ -16,15 +16,24 @@
<?= $this->partial('data/left.phtml'); ?> <?= $this->partial('data/left.phtml'); ?>
</div> </div>
<div id="rightPanel"> <div id="rightPanel">
<?php if ($this->msg or $this->messages) :?>
<div id="message"> <div class="ctrlplan">
<?php if ($this->msg) : ?> <a href="/admin/data/md/att/1/uuid/<?php echo $this->uuid;?>">返回元数据附件列表</a>
<p><?php echo $this->msg; ?></p> <a href="/data/<?php echo $this->uuid; ?>">查看元数据</a>
<?php endif; if ($this->messages): foreach($this->messages as $msg): ?>
<p><?php echo $msg; ?></p>
<?php endforeach;endif; ?>
</div> </div>
<?php endif; ?>
<?php
$auth = Zend_Auth::getInstance();
if($auth->hasIdentity())
{
$user = $auth->getIdentity();
$userid = $user->id;
echo $user->usertype;
}
?>
<form action="#" method="POST" enctype='multipart/form-data'> <form action="#" method="POST" enctype='multipart/form-data'>
<input type="hidden" name="add" value="1" /> <input type="hidden" name="add" value="1" />
@ -81,5 +90,21 @@ $('#file_upload').uploadify({
} }
}); });
} }
$.getJSON("/admin/data/getatts/uuid/<?php echo $this->uuid;?>", function(data) {
if(data)
{
$.each(data, function(key, val) {
$('<li/>', {
"id":'uploadedItem_'+val['id'],
"class":'uploadifyQueueItem',
"html": val['html']
}).appendTo('#datalist');
$('#deletebtn_'+val['id']).bind('click', function() {
deleteatt(val['id']);
});
});
}
});
}); });
</script> </script>

View File

@ -26,16 +26,17 @@
<div class="ctrlplan"> <div class="ctrlplan">
<a href="/admin/data/md/att/1/uuid/<?php echo $this->uuid;?>/addatts/1/mdtitle/<?php echo $this->mdtitle ;?>">为此元数据选择附件</a> <a href="/admin/data/md/att/1/uuid/<?php echo $this->uuid;?>/addatts/1/mdtitle/<?php echo $this->mdtitle ;?>">为此元数据选择附件</a>
<a href="/admin/data/attachments/add/1/uuid/<?php echo $this->uuid;?>">为此元数据添加附件</a> <a href="/admin/data/attachments/add/1/uuid/<?php echo $this->uuid;?>">为此元数据添加附件</a>
<a href="/data/<?php echo $this->uuid; ?>">查看元数据</a>
</div> </div>
<table class="stylized"> <table class="stylized">
<thead><tr> <thead><tr>
<th width='300'>文件名</th> <th width='250'>文件名</th>
<th width='80'>类型</th> <th width='80'>类型</th>
<th width='80'>大小</th> <th width='80'>大小</th>
<th width='80'>下载次数</th> <th width='80'>下载次数</th>
<th width='150'>上传时间</th> <th width='150'>上传时间</th>
<th width="150">操作</th> <th width="200">操作</th>
</tr></thead> </tr></thead>
<tbody> <tbody>
<?php <?php
@ -51,6 +52,7 @@
<td>'.date('Y-m-d H:i:s',strtotime($v['ts_created'])).'</td> <td>'.date('Y-m-d H:i:s',strtotime($v['ts_created'])).'</td>
<td> <td>
<a href="/admin/data/attachments/" onclick="return confirm(\'是否确定删除该附件?\')">从此元数据中移除</a> <a href="/admin/data/attachments/" onclick="return confirm(\'是否确定删除该附件?\')">从此元数据中移除</a>
<a href="/service/attach/id/'.$v['id'].'">下载</a>
</td> </td>
</tr>'; </tr>';
} }