Merged in luisfernandosl/processmaker/PM-2113 (pull request #2707)

PM-2113 "REST endpoint GET /cases/advanced-search" SOLVED
2015-09-04 12:36:54 -04:00
parent fd936836a8 74ae253925
commit 0ba4fb8d2d
2 changed files with 38 additions and 3 deletions
--- a/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php
+++ b/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php
@@ -85,6 +85,12 @@ class Cases
            Validator::usrUid($dataList["userId"], "userId");
        }

+        $user = new \ProcessMaker\BusinessModel\User();
+
+        if (!$user->checkPermission($dataList["userId"], "PM_ALLCASES")) {
+            throw new \Exception(\G::LoadTranslation("ID_CASE_USER_NOT_HAVE_PERMISSION", array($dataList["userId"])));
+        }
+
        G::LoadClass("applications");
        $solrEnabled = false;
        $userUid = $dataList["userId"];
@@ -755,7 +761,7 @@ class Cases
        $arrayProcess = $appCacheView->getProUidSupervisor($usr_uid);

        $criteria = new \Criteria("workflow");
-        
+
        $criteria->addSelectColumn(\AppDelegationPeer::APP_UID);
        $criteria->add(\AppDelegationPeer::APP_UID, $app_uid, \Criteria::EQUAL);
        $criteria->add(\AppDelegationPeer::DEL_INDEX, $del_index, \Criteria::EQUAL);
--- a/workflow/engine/src/ProcessMaker/BusinessModel/User.php
+++ b/workflow/engine/src/ProcessMaker/BusinessModel/User.php
@@ -336,10 +336,10 @@ class User
            //Get Calendar
            $calendar = new \Calendar();
            $calendarInfo = $calendar->getCalendarFor( $record["USR_UID"], "", "" );
-            $aFields["USR_CALENDAR_UID"] = ($calendarInfo["CALENDAR_APPLIED"] != "DEFAULT") ? $calendarInfo["CALENDAR_UID"] : ""; 
+            $aFields["USR_CALENDAR_UID"] = ($calendarInfo["CALENDAR_APPLIED"] != "DEFAULT") ? $calendarInfo["CALENDAR_UID"] : "";
            $aFields["USR_CALENDAR"] = ($aFields["USR_CALENDAR_UID"] != "") ? $calendar->calendarName( $aFields["USR_CALENDAR_UID"] ) : $aFields["USR_CALENDAR_UID"];

-            //Get photo 
+            //Get photo
            $pathPhotoUser = PATH_IMAGES_ENVIRONMENT_USERS . $record["USR_UID"] . ".gif";
            if (! file_exists( $pathPhotoUser )) {
                $pathPhotoUser = PATH_HOME . "public_html" . PATH_SEP . "images" . PATH_SEP . "user.gif";
@@ -1116,4 +1116,33 @@ class User
            throw $e;
        }
    }
+
+    /**
+     * Check permission
+     *
+     * @param string $userUid        Unique uid of User
+     * @param string $permissionCode Permission code
+     *
+     * return bool
+     */
+    public function checkPermission($userUid, $permissionCode)
+    {
+        try {
+            $flagPermission = false;
+
+            $arrayUserRolePermission = $this->loadUserRolePermission("PROCESSMAKER", $userUid);
+
+            foreach ($arrayUserRolePermission as $value) {
+                if ($value["PER_CODE"] == $permissionCode) {
+                    $flagPermission = true;
+                    break;
+                }
+            }
+
+            //Return
+            return $flagPermission;
+        } catch (\Exception $e) {
+            throw $e;
+        }
+    }
 }