From 037803c0334d33b629247b0c62b2d8ee0f0fdb5b Mon Sep 17 00:00:00 2001 From: Denis Flaven Date: Tue, 24 Jun 2014 10:03:34 +0000 Subject: [PATCH] Protect attachments against concurrent edition of a ticket. SVN:trunk[3221] --- .../2.x/itop-attachments/main.attachments.php | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/datamodels/2.x/itop-attachments/main.attachments.php b/datamodels/2.x/itop-attachments/main.attachments.php index d5413f8f11..062f204dfc 100755 --- a/datamodels/2.x/itop-attachments/main.attachments.php +++ b/datamodels/2.x/itop-attachments/main.attachments.php @@ -243,7 +243,7 @@ EOF $sDeleteBtn = Dict::S('Attachments:DeleteBtn'); $oPage->add_script( <<
'+data.msg+'
'); + $('#attachments').append(''); if($sIsDeleteEnabled) { $('#display_attachment_'+data.att_id).hover( function() { $(this).children(':button').toggleClass('btn_hidden'); } ); @@ -319,7 +319,7 @@ EOF $sIcon = utils::GetAbsoluteUrlAppRoot().AttachmentPlugIn::GetFileIcon($sFileName); $sPreview = $oDoc->IsPreviewAvailable() ? 'true' : 'false'; $sDownloadLink = utils::GetAbsoluteUrlAppRoot().'pages/ajax.render.php?operation=download_document&class=Attachment&id='.$iAttId.'&field=contents'; - $oPage->add(''); + $oPage->add(''); } // Suggested attachments are listed here but treated as temporary @@ -347,7 +347,7 @@ EOF $sIcon = utils::GetAbsoluteUrlAppRoot().AttachmentPlugIn::GetFileIcon($sFileName); $sDownloadLink = utils::GetAbsoluteUrlAppRoot().'pages/ajax.render.php?operation=download_document&class=Attachment&id='.$iAttId.'&field=contents'; $sPreview = $oDoc->IsPreviewAvailable() ? 'true' : 'false'; - $oPage->add(''); + $oPage->add(''); $oPage->add_ready_script("$('#attachment_plugin').trigger('add_attachment', [$iAttId, '".addslashes($sFileName)."']);"); } } @@ -378,7 +378,7 @@ $oPage->add_ready_script( else { var sDownloadLink = GetAbsoluteUrlAppRoot()+'pages/ajax.render.php?operation=download_document&class=Attachment&id='+data.result.att_id+'&field=contents'; - $('#attachments').append(''); + $('#attachments').append(''); if($sIsDeleteEnabled) { $('#display_attachment_'+data.result.att_id).hover( function() { $(this).children(':button').toggleClass('btn_hidden'); } ); @@ -486,14 +486,15 @@ EOF { $aActions = array(); $aAttachmentIds = utils::ReadParam('attachments', array()); - + $aRemovedAttachmentIds = utils::ReadParam('removed_attachments', array()); + // Get all current attachments $oSearch = DBObjectSearch::FromOQL("SELECT Attachment WHERE item_class = :class AND item_id = :item_id"); $oSet = new DBObjectSet($oSearch, array(), array('class' => get_class($oObject), 'item_id' => $oObject->GetKey())); while ($oAttachment = $oSet->Fetch()) { // Remove attachments that are no longer attached to the current object - if (!in_array($oAttachment->GetKey(), $aAttachmentIds)) + if (in_array($oAttachment->GetKey(), $aRemovedAttachmentIds)) { $oAttachment->DBDelete(); $aActions[] = self::GetActionDescription($oAttachment, false /* false => deletion */); @@ -504,7 +505,6 @@ EOF $sTempId = session_id().'_'.$iTransactionId; // The object is being created from a form, check if there are pending attachments // for this object, but deleting the "new" ones that were already removed from the form - $aRemovedAttachmentIds = utils::ReadParam('removed_attachments', array()); $sOQL = 'SELECT Attachment WHERE temp_id = :temp_id'; $oSearch = DBObjectSearch::FromOQL($sOQL); foreach($aAttachmentIds as $iAttachmentId)