|
12 | 12 |
|
13 | 13 | $this_section = SECTION_PLATFORM_ADMIN; |
14 | 14 |
|
15 | | -api_protect_admin_script(); |
| 15 | +$allowCareer = api_get_configuration_value('allow_session_admin_read_careers'); |
| 16 | +api_protect_admin_script($allowCareer); |
16 | 17 |
|
17 | | -//Add the JS needed to use the jqgrid |
| 18 | +// Add the JS needed to use the jqgrid |
18 | 19 | $htmlHeadXtra[] = api_get_jqgrid_js(); |
19 | 20 |
|
20 | 21 | // setting breadcrumbs |
|
43 | 44 | $tool_name = get_lang('Careers'); |
44 | 45 | } |
45 | 46 |
|
46 | | -// The header. |
47 | | -Display::display_header($tool_name); |
| 47 | + |
48 | 48 |
|
49 | 49 | //jqgrid will use this URL to do the selects |
50 | 50 | $url = api_get_path(WEB_AJAX_PATH).'model.ajax.php?a=get_careers'; |
|
87 | 87 | $diagramLink = '<a href="'.api_get_path(WEB_CODE_PATH).'admin/career_diagram.php?id=\'+options.rowId+\'">'.get_lang('Diagram').'</a>'; |
88 | 88 | } |
89 | 89 |
|
90 | | -//With this function we can add actions to the jgrid (edit, delete, etc) |
91 | | -$action_links = 'function action_formatter(cellvalue, options, rowObject) { |
92 | | - return \'<a href="?action=edit&id=\'+options.rowId+\'">'.Display::return_icon('edit.png', get_lang('Edit'), '', ICON_SIZE_SMALL).'</a>'. |
93 | | - $diagramLink. |
94 | | - ' <a onclick="javascript:if(!confirm('."\'".addslashes(api_htmlentities(get_lang("ConfirmYourChoice"), ENT_QUOTES))."\'".')) return false;" href="?sec_token='.$token.'&action=copy&id=\'+options.rowId+\'">'.Display::return_icon('copy.png', get_lang('Copy'), '', ICON_SIZE_SMALL).'</a>'. |
95 | | - ' <a onclick="javascript:if(!confirm('."\'".addslashes(api_htmlentities(get_lang("ConfirmYourChoice"), ENT_QUOTES))."\'".')) return false;" href="?sec_token='.$token.'&action=delete&id=\'+options.rowId+\'">'.Display::return_icon('delete.png', get_lang('Delete'), '', ICON_SIZE_SMALL).'</a>'. |
96 | | - '\'; |
97 | | -}'; |
98 | | -?> |
99 | | -<script> |
100 | | -$(function() { |
101 | | -<?php |
102 | | - // grid definition see the $career->display() function |
103 | | - echo Display::grid_js( |
104 | | - 'careers', |
105 | | - $url, |
106 | | - $columns, |
107 | | - $column_model, |
108 | | - $extra_params, |
109 | | - array(), |
110 | | - $action_links, |
111 | | - true |
112 | | - ); |
113 | | -?> |
114 | | -}); |
115 | | -</script> |
116 | | -<?php |
| 90 | +// With this function we can add actions to the jgrid (edit, delete, etc) |
| 91 | +if (api_is_platform_admin()) { |
| 92 | + $actionLinks = 'function action_formatter(cellvalue, options, rowObject) { |
| 93 | + return \'<a href="?action=edit&id=\'+options.rowId+\'">'.Display::return_icon('edit.png', get_lang('Edit'), '', ICON_SIZE_SMALL).'</a>'. |
| 94 | + $diagramLink. |
| 95 | + ' <a onclick="javascript:if(!confirm('."\'".addslashes(api_htmlentities(get_lang("ConfirmYourChoice"), ENT_QUOTES))."\'".')) return false;" href="?sec_token='.$token.'&action=copy&id=\'+options.rowId+\'">'.Display::return_icon('copy.png', get_lang('Copy'), '', ICON_SIZE_SMALL).'</a>'. |
| 96 | + ' <a onclick="javascript:if(!confirm('."\'".addslashes(api_htmlentities(get_lang("ConfirmYourChoice"), ENT_QUOTES))."\'".')) return false;" href="?sec_token='.$token.'&action=delete&id=\'+options.rowId+\'">'.Display::return_icon('delete.png', get_lang('Delete'), '', ICON_SIZE_SMALL).'</a>'. |
| 97 | + '\'; |
| 98 | + }'; |
| 99 | +} else { |
| 100 | + $actionLinks = "function action_formatter(cellvalue, options, rowObject) { |
| 101 | + return '".$diagramLink."'; |
| 102 | + }"; |
| 103 | +} |
| 104 | + |
| 105 | + |
117 | 106 | $career = new Career(); |
| 107 | +$content = ''; |
| 108 | + |
| 109 | +$listUrl = api_get_self(); |
118 | 110 |
|
119 | 111 | // Action handling: Add |
120 | 112 | switch ($action) { |
121 | 113 | case 'add': |
| 114 | + api_protect_admin_script(); |
| 115 | + |
122 | 116 | if (api_get_session_id() != 0 && |
123 | 117 | !api_is_allowed_to_session_edit(false, true) |
124 | 118 | ) { |
125 | 119 | api_not_allowed(); |
126 | 120 | } |
127 | 121 | Session::write('notebook_view', 'creation_date'); |
128 | 122 |
|
129 | | - $url = api_get_self().'?action='.Security::remove_XSS($_GET['action']); |
| 123 | + $url = api_get_self().'?action='.Security::remove_XSS($_GET['action']); |
130 | 124 | $form = $career->return_form($url, 'add'); |
131 | 125 |
|
132 | 126 | // The validation or display |
133 | 127 | if ($form->validate()) { |
134 | 128 | if ($check) { |
135 | 129 | $values = $form->exportValues(); |
136 | | - $res = $career->save($values); |
| 130 | + $res = $career->save($values); |
137 | 131 | if ($res) { |
138 | | - echo Display::return_message(get_lang('ItemAdded'), 'confirmation'); |
| 132 | + Display::addFlash( |
| 133 | + Display::return_message(get_lang('ItemAdded'), 'confirmation') |
| 134 | + ); |
139 | 135 | } |
140 | 136 | } |
141 | | - $career->display(); |
| 137 | + header('Location: '.$listUrl); |
| 138 | + exit; |
142 | 139 | } else { |
143 | | - echo '<div class="actions">'; |
144 | | - echo '<a href="'.api_get_self().'">'. |
| 140 | + $content .= '<div class="actions">'; |
| 141 | + $content .= '<a href="'.api_get_self().'">'. |
145 | 142 | Display::return_icon('back.png', get_lang('Back'), '', ICON_SIZE_MEDIUM).'</a>'; |
146 | | - echo '</div>'; |
| 143 | + $content .= '</div>'; |
147 | 144 | $form->addElement('hidden', 'sec_token'); |
148 | 145 | $form->setConstants(array('sec_token' => $token)); |
149 | | - $form->display(); |
| 146 | + $content .= $form->returnForm(); |
150 | 147 | } |
151 | 148 | break; |
152 | 149 | case 'edit': |
| 150 | + api_protect_admin_script(); |
153 | 151 | // Action handling: Editing |
154 | 152 | $url = api_get_self().'?action='.Security::remove_XSS($_GET['action']).'&id='.intval($_GET['id']); |
155 | 153 | $form = $career->return_form($url, 'edit'); |
|
162 | 160 | $old_status = $career->get_status($values['id']); |
163 | 161 | $res = $career->update($values); |
164 | 162 | if ($res) { |
165 | | - echo Display::return_message(get_lang('CareerUpdated'), 'confirmation'); |
| 163 | + Display::addFlash( |
| 164 | + Display::return_message(get_lang('CareerUpdated'), 'confirmation') |
| 165 | + ); |
166 | 166 | if ($values['status'] && !$old_status) { |
167 | | - echo Display::return_message( |
168 | | - sprintf(get_lang('CareerXUnarchived'), $values['name']), |
169 | | - 'confirmation', |
170 | | - false |
| 167 | + Display::addFlash( |
| 168 | + Display::return_message( |
| 169 | + sprintf(get_lang('CareerXUnarchived'), $values['name']), |
| 170 | + 'confirmation', |
| 171 | + false |
| 172 | + ) |
171 | 173 | ); |
172 | 174 | } elseif (!$values['status'] && $old_status) { |
173 | | - echo Display::return_message( |
174 | | - sprintf(get_lang('CareerXArchived'), $values['name']), |
175 | | - 'confirmation', |
176 | | - false |
| 175 | + Display::addFlash( |
| 176 | + Display::return_message( |
| 177 | + sprintf(get_lang('CareerXArchived'), $values['name']), |
| 178 | + 'confirmation', |
| 179 | + false |
| 180 | + ) |
177 | 181 | ); |
178 | 182 | } |
179 | 183 | } |
180 | 184 | } |
181 | | - $career->display(); |
| 185 | + header('Location: '.$listUrl); |
| 186 | + exit; |
182 | 187 | } else { |
183 | | - echo '<div class="actions">'; |
184 | | - echo '<a href="'.api_get_self().'">'.Display::return_icon('back.png', get_lang('Back'), '', ICON_SIZE_MEDIUM).'</a>'; |
185 | | - echo '</div>'; |
| 188 | + $content .= '<div class="actions">'; |
| 189 | + $content .= '<a href="'.api_get_self().'">'.Display::return_icon('back.png', get_lang('Back'), '', ICON_SIZE_MEDIUM).'</a>'; |
| 190 | + $content .= '</div>'; |
186 | 191 | $form->addElement('hidden', 'sec_token'); |
187 | 192 | $form->setConstants(array('sec_token' => $token)); |
188 | | - $form->display(); |
| 193 | + $content .= $form->returnForm(); |
189 | 194 | } |
190 | 195 | break; |
191 | 196 | case 'delete': |
| 197 | + api_protect_admin_script(); |
192 | 198 | // Action handling: delete |
193 | 199 | if ($check) { |
194 | 200 | $res = $career->delete($_GET['id']); |
195 | 201 | if ($res) { |
196 | | - echo Display::return_message(get_lang('ItemDeleted'), 'confirmation'); |
| 202 | + Display::addFlash( |
| 203 | + Display::return_message(get_lang('ItemDeleted'), 'confirmation') |
| 204 | + ); |
197 | 205 | } |
198 | 206 | } |
199 | | - $career->display(); |
| 207 | + header('Location: '.$listUrl); |
| 208 | + exit; |
200 | 209 | break; |
201 | 210 | case 'copy': |
| 211 | + api_protect_admin_script(); |
202 | 212 | if (api_get_session_id() != 0 && !api_is_allowed_to_session_edit(false, true)) { |
203 | | - api_not_allowed(); |
| 213 | + api_not_allowed(true); |
204 | 214 | } |
205 | 215 | if ($check) { |
206 | 216 | $res = $career->copy($_GET['id'], true); //copy career and promotions inside |
207 | 217 | if ($res) { |
208 | | - echo Display::return_message(get_lang('ItemCopied'), 'confirmation'); |
| 218 | + Display::addFlash( |
| 219 | + Display::return_message(get_lang('ItemCopied'), 'confirmation') |
| 220 | + ); |
209 | 221 | } |
210 | 222 | } |
211 | | - $career->display(); |
| 223 | + |
| 224 | + header('Location: '.$listUrl); |
| 225 | + exit; |
212 | 226 | break; |
213 | 227 | default: |
214 | | - $career->display(); |
| 228 | + $content = $career->display(); |
215 | 229 | break; |
216 | 230 | } |
217 | | -Display :: display_footer(); |
| 231 | + |
| 232 | +// The header. |
| 233 | +Display::display_header($tool_name); |
| 234 | + |
| 235 | +?> |
| 236 | +<script> |
| 237 | + $(function() { |
| 238 | + <?php |
| 239 | + // grid definition see the $career->display() function |
| 240 | + echo Display::grid_js( |
| 241 | + 'careers', |
| 242 | + $url, |
| 243 | + $columns, |
| 244 | + $column_model, |
| 245 | + $extra_params, |
| 246 | + array(), |
| 247 | + $actionLinks, |
| 248 | + true |
| 249 | + ); |
| 250 | + ?> |
| 251 | + }); |
| 252 | +</script> |
| 253 | +<?php |
| 254 | + |
| 255 | +echo $content; |
| 256 | + |
| 257 | +Display::display_footer(); |
0 commit comments