function getDoc($id = null, $firm_id = null){ //PROVERA PRAVA PRISTUPA - user moze da cita samo svoj cv + provera da li odredjena komp koze da gleda cv $getDocument = false; $this->Attachment=classRegistry::init('Attachment'); $attach=$this->Attachment->find('first',array('conditions'=>array('Attachment.id'=>$id))); //Ulogovan je MEMBER i MEMBER ID mora da bude jednak FOREIGIN KEY iz attachment tabele if(isset($this->member_id) && !empty($this->member_id) && $id != null){ if(in_array($attach['Attachment']['model'],array('Member','Education','CommunityExperience','StudiedLanguage','FitnessTest','WorkExperience','WorkingProject'))){ $model = $attach['Attachment']['model']; if($model == 'Member'){ if($attach['Attachment']['foreign_key'] == $this->member_id){ $getDocument = true; } }else{ $checkData = ClassRegistry::init($model)->find('first', array('conditions'=>array($model.'.id'=>$attach['Attachment']['foreign_key']), 'contain'=>array())); if($checkData[$model]['member_id'] == $this->member_id){ $getDocument = true; } } } //Ulogovana je FIRMA i proverava se da li postoji JOB sa FIRM USER ID i MEMBER ID (iz attachment tabele) }else if(isset($this->firm_user_id) && !empty($this->firm_user_id) && is_numeric($firm_id)){ $firmStaffList = ClassRegistry::init('FirmUser')->find('list', array('conditions'=>array('FirmUser.firm_id'=>$this->firm_id, 'FirmUser.group'=>array('Superadmin','Staff','Admin')), 'fields'=>array('FirmUser.id'))); if(in_array($attach['Attachment']['model'],array('Member','Education','CommunityExperience','StudiedLanguage','FitnessTest','WorkExperience','WorkingProject'))){ $model = $attach['Attachment']['model']; if($model == 'Member'){ //Member CV pdf file $this->JobsApplication = ClassRegistry::init('JobsApplication'); $jobApplicationCheck = $this->JobsApplication->find('all', array( 'conditions'=>array( 'JobsApplication.member_id'=>$attach['Attachment']['foreign_key'], 'JobsApplication.firm_id'=>$this->firm_id), 'contain'=>array( 'Job'=>array( 'conditions'=>array( 'Job.in_archive'=>0, 'OR'=>array( array('Job.contact_person'=>$firmStaffList), array('Job.decision_maker'=>$this->firm_user_id) ) ) ) ) ) ); foreach($jobApplicationCheck as $check){ if(!empty($check['Job']['id']) && $check['Job']['in_archive']==false){ $getDocument = true; } } }else{ if($firm_id == $this->firm_id){ $getDocument = true; } } } } if($getDocument == true){ $path = ROOT.'/app/webroot'.$attach['Attachment']['dir']; $filename = $attach['Attachment']['filename']; $file=$path.$filename; $test = file_get_contents($file); header('Content-Description: File Transfer'); header('Content-Type: '.$mimetype); header('Content-Disposition: attachment; filename="'.basename($file).'"'); header('Content-Transfer-Encoding: binary'); header('Connection: Keep-Alive'); header('Expires: 0'); header('Cache-Control: must-revalidate, post-check=0, pre-check=0'); header('Pragma: public'); header('Content-Length: ' . filesize($file)); ob_clean(); flush(); readfile($file); }else{ $this->Session->setFlash(__('You have no privileges for this action'),'Notification/error'); $this->redirect($this->referer()); } die; }