24 if (!defined(
'NOREQUIREMENU')) {
25 define(
'NOREQUIREMENU',
'1');
27 if (!defined(
'NOREQUIREHTML')) {
28 define(
'NOREQUIREHTML',
'1');
30 if (!defined(
'NOREQUIREAJAX')) {
31 define(
'NOREQUIREAJAX',
'1');
33 if (!defined(
'NOREQUIRESOC')) {
34 define(
'NOREQUIRESOC',
'1');
38 require
'../../main.inc.php';
39 require_once DOL_DOCUMENT_ROOT.
'/core/class/fileupload.class.php';
40 require_once DOL_DOCUMENT_ROOT.
'/core/class/genericobject.class.php';
42 $id =
GETPOST(
'fk_element',
'int');
43 $element =
GETPOST(
'element',
'alpha');
44 $elementupload = $element;
49 $module = $object->module;
50 $element = $object->element;
52 $usesublevelpermission = ($module != $element ? $element :
'');
53 if ($usesublevelpermission && !isset($user->rights->$module->$element)) {
54 $usesublevelpermission =
'';
60 if (!empty($user->socid)) {
61 $socid = $user->socid;
62 if (!empty($object->socid) && $socid != $object->socid) {
67 $result =
restrictedArea($user, $object->module, $object, $object->table_element, $usesublevelpermission,
'fk_soc',
'rowid', 0, 1);
69 httponly_accessforbidden(
'Not allowed by restrictArea (module='.$object->module.
' table_element='.$object->table_element.
')');
77 $upload_handler =
new FileUpload(
null, $id, $elementupload);
82 header(
'Pragma: no-cache');
83 header(
'Cache-Control: no-store, no-cache, must-revalidate');
84 header(
'Content-Disposition: inline; filename="files.json"');
85 header(
'X-Content-Type-Options: nosniff');
86 header(
'Access-Control-Allow-Origin: *');
87 header(
'Access-Control-Allow-Methods: OPTIONS, HEAD, GET, POST, PUT, DELETE');
88 header(
'Access-Control-Allow-Headers: X-File-Name, X-File-Type, X-File-Size');
90 switch ($_SERVER[
'REQUEST_METHOD']) {
95 $upload_handler->get();
98 if (isset($_REQUEST[
'_method']) && $_REQUEST[
'_method'] ===
'DELETE') {
99 $upload_handler->delete();
101 $upload_handler->post();
106 $upload_handler->delete();
109 header(
'HTTP/1.0 405 Method Not Allowed');
This class is used to manage file upload using ajax.
GETPOST($paramname, $check='alphanohtml', $method=0, $filter=null, $options=null, $noreplace=0)
Return value of a param into GET or POST supervariable.
fetchObjectByElement($element_id, $element_type, $element_ref='')
Fetch an object from its id and element_type Inclusion of classes is automatic.
if(!defined('NOREQUIREMENU')) if(!empty(GETPOST('seteventmessages', 'alpha'))) if(!function_exists("llxHeader")) top_httphead($contenttype='text/html', $forcenocache=0)
Show HTTP header.
restrictedArea(User $user, $features, $object=0, $tableandshare='', $feature2='', $dbt_keyfield='fk_soc', $dbt_select='rowid', $isdraft=0, $mode=0)
Check permissions of a user to show a page and an object.
httponly_accessforbidden($message=1, $http_response_code=403, $stringalreadysanitized=0)
Show a message to say access is forbidden and stop program.