Merged in release/3.3 (pull request #6574)

Update with release/3.3

Approved-by: Paula Quispe <paula.quispe@processmaker.com>
Approved-by: Julio Cesar Laura Avendaño <contact@julio-laura.com>

gulliver/system/class.inputfilter.php

@@ -349,15 +349,15 @@ class InputFilter
         return $source;
     }
 
-    /**
+    /** 
-     * @author Chris Tobin
+      * @author Chris Tobin
-     * @author Daniel Morris
+      * @author Daniel Morris
-     * @access protected
+      * @access protected
-     * @param String $source
+      * @param String $source
-     * @param Resource $connection - An open MySQL connection
+      * @param Resource $connection - An open MySQL connection
-     * @return String $source
+      * @return String $source
-     * @todo We need to review this method, because the sended string is unescaped
+      * @todo We need to review this method, because the sended string is unescaped
-     */
+      */
     public function escapeString($string, &$connection)
     {
         return mysqli_real_escape_string($connection, $string);

gulliver/system/class.rbac.php

@@ -1316,6 +1316,33 @@ class RBAC
         return $this->rolesObj->loadById($rolUid);
     }
 
+    /**
+     * Get Role code
+     *
+     * @access public
+     *
+     * @param string $role
+     *
+     * @return string
+     */
+    public function getRoleCodeValid($role)
+    {
+        $roleCode = '';
+
+        if (!empty($role)) {
+            if ($this->verifyByCode($role)) {
+                //If is a valid ROL_CODE
+                $roleCode = $role;
+            } else {
+                //We will to check by ROL_UID
+                $roleInfo = $this->loadById($role);
+                $roleCode = !empty($roleInfo['ROL_CODE']) ? $roleInfo['ROL_CODE'] : '';
+            }
+        }
+
+        return $roleCode;
+    }
+
     /**
      * this function gets the user's roles
      *

workflow/engine/classes/Applications.php

@@ -51,6 +51,7 @@ class Applications
         $limit = (int)$inputFilter->validateInput($limit, 'int');
         $search = $inputFilter->escapeUsingConnection($search, $con);
         $process = (int)$inputFilter->validateInput($process, 'int');
+
         //$status doesn't require sanitization
         $dir = in_array($dir, ['ASC', 'DESC']) ? $dir :'DESC';
         $sort = $inputFilter->escapeUsingConnection($sort, $con);

workflow/engine/classes/WsBase.php

@@ -1105,7 +1105,7 @@ class WsBase
      * @param string dueDate : Optional parameter. The expiration date must be a string in the format "yyyy-mm-dd".
      * @param string status : Optional parameter. The user's status, such as "ACTIVE", "INACTIVE" or "VACATION".
      *
-     * @return $result will return an object
+     * @return object|array
      */
     public function createUser(
         $userName,
@@ -1142,7 +1142,6 @@ class WsBase
             }
 
             $mktimeDueDate = 0;
-
             if (!empty($dueDate) && $dueDate != 'null' && $dueDate) {
                 if (!preg_match("/^(\d{4})-(\d{2})-(\d{2})$/", $dueDate, $arrayMatch)) {
                     $result = new WsCreateUserResponse(-1, G::loadTranslation("ID_INVALID_DATA") . " $dueDate", null);
@@ -1172,22 +1171,13 @@ class WsBase
                 $status = "ACTIVE";
             }
 
-            $arrayRole = $RBAC->loadById($role);
+            $strRole = $RBAC->getRoleCodeValid($role);
-            $strRole = null;
+            if (empty($strRole)) {
+                $data = [];
+                $data["ROLE"] = $role;
+                $result = new WsCreateUserResponse(6, G::loadTranslation("ID_INVALID_ROLE", SYS_LANG, $data), null);
 
-            if (is_array($arrayRole)) {
+                return $result;
-                $strRole = $arrayRole["ROL_CODE"];
-            } else {
-                $strRole = $role;
-
-                if ($RBAC->verifyByCode($role) == 0) {
-                    $data = [];
-                    $data["ROLE"] = $role;
-
-                    $result = new WsCreateUserResponse(6, G::loadTranslation("ID_INVALID_ROLE", SYS_LANG, $data), null);
-
-                    return $result;
-                }
             }
 
             if (strlen($password) > 20) {
@@ -1253,12 +1243,12 @@ class WsBase
 
             $res = new WsResponse(0, G::loadTranslation("ID_USER_CREATED_SUCCESSFULLY", SYS_LANG, $data));
 
-            $result = array(
+            $result = [
                 "status_code" => $res->status_code,
                 "message" => $res->message,
                 "userUID" => $userUid,
                 "timestamp" => $res->timestamp
-            );
+            ];
 
             return $result;
         } catch (Exception $e) {
@@ -1278,12 +1268,11 @@ class WsBase
      * @param string email : Optional parameter. The user's email address.
      * @param string dueDate : Optional parameter. The expiration date must be a string in the format "yyyy-mm-dd".
      * @param string status : Optional parameter. The user's status, such as "ACTIVE", "INACTIVE" or "VACATION".
-     * @param string role : Optional parameter. The user's role, such
+     * @param string role : Optional parameter. The user's role, such as "PROCESSMAKER_ADMIN" or "PROCESSMAKER_OPERATOR".
-     *               as "PROCESSMAKER_ADMIN" or "PROCESSMAKER_OPERATOR".
      * @param string password : Optional parameter. The user's password such as "Be@gle2" (It will be automatically
-     *               encrypted with an MD5 hash).
+     * encrypted with an MD5 hash).
      *
-     * @return $result will return an object
+     * @return object|array
      */
     public function updateUser(
         $userUid,
@@ -1347,25 +1336,13 @@ class WsBase
                 }
             }
 
-            $strRole = null;
+            $strRole = $RBAC->getRoleCodeValid($role);
+            if (empty($strRole)) {
+                $data = [];
+                $data["ROLE"] = $role;
+                $result = new WsCreateUserResponse(6, G::loadTranslation("ID_INVALID_ROLE", SYS_LANG, $data), null);
 
-            if (!empty($role)) {
+                return $result;
-                $arrayRole = $RBAC->loadById($role);
-
-                if (is_array($arrayRole)) {
-                    $strRole = $arrayRole["ROL_CODE"];
-                } else {
-                    $strRole = $role;
-
-                    if ($RBAC->verifyByCode($role) == 0) {
-                        $data = [];
-                        $data["ROLE"] = $role;
-
-                        $result = new WsResponse(6, G::LoadTranslation("ID_INVALID_ROLE", SYS_LANG, $data));
-
-                        return $result;
-                    }
-                }
             }
 
             if (!empty($password) && strlen($password) > 20) {
@@ -1438,11 +1415,12 @@ class WsBase
             //Response
             $res = new WsResponse(0, G::LoadTranslation("ID_UPDATED_SUCCESSFULLY"));
 
-            $result = array(
+
+            $result = [
                 "status_code" => $res->status_code,
                 "message" => $res->message,
                 "timestamp" => $res->timestamp
-            );
+            ];
 
             return $result;
         } catch (Exception $e) {