Merged in bugfix/HOR-4618 (pull request #6502)

HOR-4618 Approved-by: Julio Cesar Laura Avendaño <contact@julio-laura.com>
2018-06-08 14:08:21 +00:00
parent c338f8fb2a 51eb79b7eb
commit 031318f22c
2 changed files with 163 additions and 156 deletions
--- a/workflow/engine/methods/appFolder/appFolderAjax.php
+++ b/workflow/engine/methods/appFolder/appFolderAjax.php
--- a/workflow/engine/methods/cases/ajaxListener.php
+++ b/workflow/engine/methods/cases/ajaxListener.php
@@ -24,35 +24,38 @@ if (isset($_REQUEST['action']) && $_REQUEST['action'] == "verifySession") {
        print G::json_encode($response);
        die();
    } else {
+        //When the user has session we will to validate the permissions over other actions
        /** Action: Reassign from openCase */
        global $RBAC;
-        $proUid = $_SESSION['PROCESS'];
-        $appUid = $_SESSION['APPLICATION'];
-        $tasUid = $_SESSION['TASK'];
+        $proUid = isset($_SESSION['PROCESS']) ? $_SESSION['PROCESS'] : '';
+        $appUid = isset($_SESSION['APPLICATION']) ? $_SESSION['APPLICATION'] : '';
+        $tasUid = isset($_SESSION['TASK']) ? $_SESSION['TASK'] : '';

        $response = new stdclass();
-        $cases = new BmCases();
-        $userAuthorization = $cases->userAuthorization(
-            $RBAC->aUserInfo['USER_INFO']['USR_UID'],
-            $proUid,
-            $appUid,
-            ['PM_REASSIGNCASE', 'PM_REASSIGNCASE_SUPERVISOR'],
-            ['REASSIGN_MY_CASES' => ''],
-            true,
-            $tasUid
-        );
+        $userAuthorization = [];
+        if (!empty($proUid) && !empty($appUid)) {
+            $cases = new BmCases();
+            $userAuthorization = $cases->userAuthorization(
+                $RBAC->aUserInfo['USER_INFO']['USR_UID'],
+                $proUid,
+                $appUid,
+                ['PM_REASSIGNCASE', 'PM_REASSIGNCASE_SUPERVISOR'],
+                ['REASSIGN_MY_CASES' => ''],
+                true,
+                $tasUid
+            );

-        if (
-            $userAuthorization['rolesPermissions']['PM_REASSIGNCASE'] ||
-            ($userAuthorization['rolesPermissions']['PM_REASSIGNCASE_SUPERVISOR'] && $userAuthorization['supervisor']) ||
-            in_array($appUid, $userAuthorization['objectPermissions']['REASSIGN_MY_CASES'])
-        ) {
-            $response->reassigncase = true;
-            $response->message = '';
-        } else {
-            $response->reassigncase = false;
-            $response->message = G::LoadTranslation('ID_NOT_ABLE_REASSIGN');
+            if (
+                $userAuthorization['rolesPermissions']['PM_REASSIGNCASE'] ||
+                ($userAuthorization['rolesPermissions']['PM_REASSIGNCASE_SUPERVISOR'] && $userAuthorization['supervisor']) ||
+                in_array($appUid, $userAuthorization['objectPermissions']['REASSIGN_MY_CASES'])
+            ) {
+                $response->reassigncase = true;
+                $response->message = '';
+            }
        }
+        $response->reassigncase = false;
+        $response->message = G::LoadTranslation('ID_NOT_ABLE_REASSIGN');

        print G::json_encode($response);
        die();