修改了后台元数据附件管理功能,增加了防止普通用户使用后台ajax上传的判断
This commit is contained in:
parent
fcf0dd2bf2
commit
00bcc25b1e
|
@ -1297,6 +1297,13 @@ class Admin_DataController extends Zend_Controller_Action
|
||||||
exit();
|
exit();
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if($user->usertype!='administrator')
|
||||||
|
{
|
||||||
|
$msg['error'] = "您无权使用此功能";
|
||||||
|
echo Zend_Json::encode($msg);
|
||||||
|
exit();
|
||||||
|
}
|
||||||
|
|
||||||
$files=new files();
|
$files=new files();
|
||||||
$msg = $files -> upload($this->view->config->upload,$_FILES['Filedata'],'md');
|
$msg = $files -> upload($this->view->config->upload,$_FILES['Filedata'],'md');
|
||||||
|
|
||||||
|
@ -1319,7 +1326,7 @@ class Admin_DataController extends Zend_Controller_Action
|
||||||
$sql = "insert into mdattach (uuid,id) values ('$uuid','$attid')";
|
$sql = "insert into mdattach (uuid,id) values ('$uuid','$attid')";
|
||||||
if($this->db->exec($sql))
|
if($this->db->exec($sql))
|
||||||
{
|
{
|
||||||
$msg['html'] = $realname.'[已完成]<input type="hidden" name="atts[]" value="'.$attid.'" /><div class="cancel"><a href="javascript:;" id="deletebtn_'.$attid.'"><img border="0" src="/static/js/uploadify/cancel.png" /></a></div>';
|
$msg['html'] = $realname.'['. round($filesize/1024,2) .' kb]<input type="hidden" name="atts[]" value="'.$attid.'" /><div class="cancel"><a href="javascript:;" id="deletebtn_'.$attid.'"><img border="0" src="/static/js/uploadify/cancel.png" /></a></div>';
|
||||||
echo Zend_Json::encode($msg);
|
echo Zend_Json::encode($msg);
|
||||||
exit();
|
exit();
|
||||||
}else{
|
}else{
|
||||||
|
@ -1343,6 +1350,41 @@ class Admin_DataController extends Zend_Controller_Action
|
||||||
exit();
|
exit();
|
||||||
}
|
}
|
||||||
}// uploadAction ajax上传附件
|
}// uploadAction ajax上传附件
|
||||||
|
|
||||||
|
function getattsAction(){
|
||||||
|
|
||||||
|
$this->_helper->layout()->disableLayout();
|
||||||
|
$this->_helper->viewRenderer->setNoRender();
|
||||||
|
|
||||||
|
$uuid = $this->_request->getParam('uuid');
|
||||||
|
|
||||||
|
if($uuid!='')
|
||||||
|
{
|
||||||
|
$auth = Zend_Auth::getInstance();
|
||||||
|
if($auth->hasIdentity())
|
||||||
|
{
|
||||||
|
$user = $auth->getIdentity();
|
||||||
|
$userid = $user->id;
|
||||||
|
$sql = "select m.*,a.*,d.title from mdattach m
|
||||||
|
left join attachments a on m.id = a.id
|
||||||
|
left join metadata d on m.uuid=d.uuid where m.uuid='$uuid'";
|
||||||
|
$rs = $this->db->query($sql);
|
||||||
|
$atts = $rs->fetchAll();
|
||||||
|
foreach($atts as $k=>$v)
|
||||||
|
{
|
||||||
|
$atts[$k]['html']=$v['realname'].'['. round($v['filesize']/1024,2) .' kb]<input type="hidden" name="atts[]" value="'.$v['id'].'" /><div class="cancel"><a href="javascript:;" id="deletebtn_'.$v['id'].'"><img border="0" src="/static/js/uploadify/cancel.png" /></a></div>';
|
||||||
|
}
|
||||||
|
echo Zend_Json::encode($atts);
|
||||||
|
exit();
|
||||||
|
}else
|
||||||
|
{
|
||||||
|
exit();
|
||||||
|
}
|
||||||
|
}else{
|
||||||
|
exit();
|
||||||
|
}
|
||||||
|
//不输出错误
|
||||||
|
}//获取附件
|
||||||
|
|
||||||
/*
|
/*
|
||||||
获得单个文件的信息
|
获得单个文件的信息
|
||||||
|
|
|
@ -16,15 +16,24 @@
|
||||||
<?= $this->partial('data/left.phtml'); ?>
|
<?= $this->partial('data/left.phtml'); ?>
|
||||||
</div>
|
</div>
|
||||||
<div id="rightPanel">
|
<div id="rightPanel">
|
||||||
<?php if ($this->msg or $this->messages) :?>
|
|
||||||
<div id="message">
|
<div class="ctrlplan">
|
||||||
<?php if ($this->msg) : ?>
|
<a href="/admin/data/md/att/1/uuid/<?php echo $this->uuid;?>">返回元数据附件列表</a>
|
||||||
<p><?php echo $this->msg; ?></p>
|
<a href="/data/<?php echo $this->uuid; ?>">查看元数据</a>
|
||||||
<?php endif; if ($this->messages): foreach($this->messages as $msg): ?>
|
|
||||||
<p><?php echo $msg; ?></p>
|
|
||||||
<?php endforeach;endif; ?>
|
|
||||||
</div>
|
</div>
|
||||||
<?php endif; ?>
|
|
||||||
|
<?php
|
||||||
|
|
||||||
|
$auth = Zend_Auth::getInstance();
|
||||||
|
if($auth->hasIdentity())
|
||||||
|
{
|
||||||
|
$user = $auth->getIdentity();
|
||||||
|
$userid = $user->id;
|
||||||
|
echo $user->usertype;
|
||||||
|
}
|
||||||
|
|
||||||
|
?>
|
||||||
|
|
||||||
|
|
||||||
<form action="#" method="POST" enctype='multipart/form-data'>
|
<form action="#" method="POST" enctype='multipart/form-data'>
|
||||||
<input type="hidden" name="add" value="1" />
|
<input type="hidden" name="add" value="1" />
|
||||||
|
@ -81,5 +90,21 @@ $('#file_upload').uploadify({
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$.getJSON("/admin/data/getatts/uuid/<?php echo $this->uuid;?>", function(data) {
|
||||||
|
if(data)
|
||||||
|
{
|
||||||
|
$.each(data, function(key, val) {
|
||||||
|
$('<li/>', {
|
||||||
|
"id":'uploadedItem_'+val['id'],
|
||||||
|
"class":'uploadifyQueueItem',
|
||||||
|
"html": val['html']
|
||||||
|
}).appendTo('#datalist');
|
||||||
|
$('#deletebtn_'+val['id']).bind('click', function() {
|
||||||
|
deleteatt(val['id']);
|
||||||
|
});
|
||||||
|
});
|
||||||
|
}
|
||||||
|
});
|
||||||
});
|
});
|
||||||
</script>
|
</script>
|
|
@ -26,16 +26,17 @@
|
||||||
<div class="ctrlplan">
|
<div class="ctrlplan">
|
||||||
<a href="/admin/data/md/att/1/uuid/<?php echo $this->uuid;?>/addatts/1/mdtitle/<?php echo $this->mdtitle ;?>">为此元数据选择附件</a>
|
<a href="/admin/data/md/att/1/uuid/<?php echo $this->uuid;?>/addatts/1/mdtitle/<?php echo $this->mdtitle ;?>">为此元数据选择附件</a>
|
||||||
<a href="/admin/data/attachments/add/1/uuid/<?php echo $this->uuid;?>">为此元数据添加附件</a>
|
<a href="/admin/data/attachments/add/1/uuid/<?php echo $this->uuid;?>">为此元数据添加附件</a>
|
||||||
|
<a href="/data/<?php echo $this->uuid; ?>">查看元数据</a>
|
||||||
</div>
|
</div>
|
||||||
|
|
||||||
<table class="stylized">
|
<table class="stylized">
|
||||||
<thead><tr>
|
<thead><tr>
|
||||||
<th width='300'>文件名</th>
|
<th width='250'>文件名</th>
|
||||||
<th width='80'>类型</th>
|
<th width='80'>类型</th>
|
||||||
<th width='80'>大小</th>
|
<th width='80'>大小</th>
|
||||||
<th width='80'>下载次数</th>
|
<th width='80'>下载次数</th>
|
||||||
<th width='150'>上传时间</th>
|
<th width='150'>上传时间</th>
|
||||||
<th width="150">操作</th>
|
<th width="200">操作</th>
|
||||||
</tr></thead>
|
</tr></thead>
|
||||||
<tbody>
|
<tbody>
|
||||||
<?php
|
<?php
|
||||||
|
@ -51,6 +52,7 @@
|
||||||
<td>'.date('Y-m-d H:i:s',strtotime($v['ts_created'])).'</td>
|
<td>'.date('Y-m-d H:i:s',strtotime($v['ts_created'])).'</td>
|
||||||
<td>
|
<td>
|
||||||
<a href="/admin/data/attachments/" onclick="return confirm(\'是否确定删除该附件?\')">从此元数据中移除</a>
|
<a href="/admin/data/attachments/" onclick="return confirm(\'是否确定删除该附件?\')">从此元数据中移除</a>
|
||||||
|
<a href="/service/attach/id/'.$v['id'].'">下载</a>
|
||||||
</td>
|
</td>
|
||||||
</tr>';
|
</tr>';
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in New Issue