HOR-3467

2017-08-07 16:33:49 -04:00
parent 10ce83090b
commit 04a8b6561a
3 changed files with 29 additions and 3 deletions
--- a/gulliver/system/class.rbac.php
+++ b/gulliver/system/class.rbac.php
@@ -147,8 +147,17 @@ class RBAC
            ),
            'newSite.php' => array(
                'newSite.php' => array('PM_SETUP_ADVANCE')
+            ),
+            'processCategory_Ajax.php' => array(
+                'processCategoryList' => array('PM_SETUP', 'PM_SETUP_ADVANCE'),
+                'updatePageSize' => array('PM_SETUP', 'PM_SETUP_ADVANCE'),
+                'checkCategoryName' => array('PM_SETUP', 'PM_SETUP_ADVANCE'),
+                'saveNewCategory' => array('PM_SETUP', 'PM_SETUP_ADVANCE'),
+                'checkEditCategoryName' => array('PM_SETUP', 'PM_SETUP_ADVANCE'),
+                'updateCategory' => array('PM_SETUP', 'PM_SETUP_ADVANCE'),
+                'canDeleteCategory' => array('PM_SETUP', 'PM_SETUP_ADVANCE'),
+                'deleteCategory' => array('PM_SETUP', 'PM_SETUP_ADVANCE')
            )
-
        );
    }

--- a/workflow/engine/methods/processCategory/processCategoryList.php
+++ b/workflow/engine/methods/processCategory/processCategoryList.php
@@ -21,9 +21,12 @@
 * For more information, contact Colosa Inc, 2566 Le Jeune Rd.,
 * Coral Gables, FL, 33134, USA, or email info@colosa.com.
 */
+use ProcessMaker\Exception\RBACException;
+
+/** @var RBAC $RBAC */
+global $RBAC;
 if ($RBAC->userCanAccess( 'PM_SETUP' ) != 1 && $RBAC->userCanAccess( 'PM_SETUP_ADVANCE' ) != 1) {
-    G::SendTemporalMessage( 'krlos', 'error', 'labels' );
-    die();
+    throw new RBACException('ID_USER_HAVENT_RIGHTS_PAGE', -1);
 }

 $c = new Configurations();
--- a/workflow/engine/methods/processCategory/processCategory_Ajax.php
+++ b/workflow/engine/methods/processCategory/processCategory_Ajax.php
@@ -22,6 +22,20 @@
 * Coral Gables, FL, 33134, USA, or email info@colosa.com.
 */

+use ProcessMaker\Exception\RBACException;
+
+/** @var RBAC $RBAC */
+global $RBAC;
+switch ($RBAC->userCanAccess('PM_LOGIN')) {
+    case -2:
+        throw new RBACException('ID_USER_HAVENT_RIGHTS_SYSTEM', -2);
+        break;
+    case -1:
+        throw new RBACException('ID_USER_HAVENT_RIGHTS_PAGE', -1);
+        break;
+}
+$RBAC->allows(basename(__FILE__), $_REQUEST['action']);
+
 if (isset( $_REQUEST['action'] )) {
    switch ($_REQUEST['action']) {
        case 'processCategoryList':