From 0e22641c861a66510bfebc9d673a522f14329b69 Mon Sep 17 00:00:00 2001 From: Paula Quispe Date: Tue, 15 Aug 2017 16:37:58 -0400 Subject: [PATCH] HOR-3648 --- framework/src/Maveriks/WebApplication.php | 1 + workflow/engine/classes/Cases.php | 28 +++++++++---------- .../engine/classes/model/ObjectPermission.php | 10 ++++--- .../src/ProcessMaker/Services/Api/Cases.php | 23 ++++++++++++++- .../Services/Api/Cases/InputDocument.php | 2 ++ 5 files changed, 45 insertions(+), 19 deletions(-) diff --git a/framework/src/Maveriks/WebApplication.php b/framework/src/Maveriks/WebApplication.php index faf88a941..05d4dde7e 100644 --- a/framework/src/Maveriks/WebApplication.php +++ b/framework/src/Maveriks/WebApplication.php @@ -519,6 +519,7 @@ class WebApplication define('MEMCACHED_ENABLED', $arraySystemConfiguration['memcached']); define('MEMCACHED_SERVER', $arraySystemConfiguration['memcached_server']); define('SYS_SKIN', $arraySystemConfiguration['default_skin']); + define('DISABLE_DOWNLOAD_DOCUMENTS_SESSION_VALIDATION', $arraySystemConfiguration['disable_download_documents_session_validation']); require_once (PATH_DB . SYS_SYS . "/db.php"); diff --git a/workflow/engine/classes/Cases.php b/workflow/engine/classes/Cases.php index 30321f0e7..203dc597f 100644 --- a/workflow/engine/classes/Cases.php +++ b/workflow/engine/classes/Cases.php @@ -5779,13 +5779,13 @@ class Cases */ public function getAllObjectsFrom($proUid, $appUid, $tasUid = '', $usrUid = '', $action = '', $delIndex = 0) { - $aCase = $this->loadCase($appUid); + $caseData = $this->loadCase($appUid); if ($delIndex != 0) { $appDelay = new AppDelay(); if ($appDelay->isPaused($appUid, $delIndex)) { - $aCase["APP_STATUS"] = "PAUSED"; + $caseData["APP_STATUS"] = "PAUSED"; } } @@ -5804,8 +5804,8 @@ class Cases ); $oObjectPermission = new ObjectPermission(); - $userPermissions = $oObjectPermission->verifyObjectPermissionPerUser($usrUid, $proUid, $tasUid, $action); - $groupPermissions = $oObjectPermission->verifyObjectPermissionPerGroup($usrUid, $proUid, $tasUid, $action); + $userPermissions = $oObjectPermission->verifyObjectPermissionPerUser($usrUid, $proUid, $tasUid, $action, $caseData); + $groupPermissions = $oObjectPermission->verifyObjectPermissionPerGroup($usrUid, $proUid, $tasUid, $action, $caseData); $permissions = array_merge($userPermissions, $groupPermissions); foreach ($permissions as $row) { @@ -5845,7 +5845,7 @@ class Cases $appUid, $opTaskSource, $opObjUid, - $aCase['APP_STATUS'] + $caseData['APP_STATUS'] ); //For Ouputs $result['OUTPUT'] = $oObjectPermission->objectPermissionByOutputInput( @@ -5854,7 +5854,7 @@ class Cases $opTaskSource, 'OUTPUT', $opObjUid, - $aCase['APP_STATUS'] + $caseData['APP_STATUS'] ); //For Inputs $result['INPUT'] = $oObjectPermission->objectPermissionByOutputInput( @@ -5863,7 +5863,7 @@ class Cases $opTaskSource, 'INPUT', $opObjUid, - $aCase['APP_STATUS'] + $caseData['APP_STATUS'] ); //For Attachment $result['ATTACHMENT'] = $oObjectPermission->objectPermissionByOutputInput( @@ -5872,7 +5872,7 @@ class Cases $opTaskSource, 'ATTACHED', $opObjUid, - $aCase['APP_STATUS'] + $caseData['APP_STATUS'] ); $result['CASES_NOTES'] = 1; @@ -5888,7 +5888,7 @@ class Cases $action, $opTaskSource, $opUserRelation, - $aCase['APP_STATUS'], + $caseData['APP_STATUS'], $opParticipated ); break; @@ -5897,7 +5897,7 @@ class Cases $appUid, $opTaskSource, $opObjUid, - $aCase['APP_STATUS'] + $caseData['APP_STATUS'] ); break; case 'INPUT': @@ -5907,7 +5907,7 @@ class Cases $opTaskSource, 'INPUT', $opObjUid, - $aCase['APP_STATUS'] + $caseData['APP_STATUS'] ); break; case 'ATTACHMENT': @@ -5917,7 +5917,7 @@ class Cases $opTaskSource, 'ATTACHED', $opObjUid, - $aCase['APP_STATUS'] + $caseData['APP_STATUS'] ); break; case 'OUTPUT': @@ -5927,7 +5927,7 @@ class Cases $opTaskSource, 'OUTPUT', $opObjUid, - $aCase['APP_STATUS'] + $caseData['APP_STATUS'] ); break; case 'CASES_NOTES': @@ -5946,7 +5946,7 @@ class Cases $action, $opTaskSource, $opUserRelation, - $aCase['APP_STATUS'], + $caseData['APP_STATUS'], $opParticipated ); break; diff --git a/workflow/engine/classes/model/ObjectPermission.php b/workflow/engine/classes/model/ObjectPermission.php index 04af9b9fe..e67cf340d 100644 --- a/workflow/engine/classes/model/ObjectPermission.php +++ b/workflow/engine/classes/model/ObjectPermission.php @@ -157,10 +157,11 @@ class ObjectPermission extends BaseObjectPermission * @param string $proUid the uid of the process * @param string $tasUid the uid of the task * @param string $action for the object permissions VIEW, BLOCK, RESEND + * @param array $caseData for review the case status DRAFT, TODO, COMPLETED, PAUSED * * @return array */ - public function verifyObjectPermissionPerUser ($usrUid, $proUid, $tasUid = '', $action = '') + public function verifyObjectPermissionPerUser ($usrUid, $proUid, $tasUid = '', $action = '', $caseData = array()) { $userPermissions = array(); $oCriteria = new Criteria('workflow'); @@ -188,7 +189,7 @@ class ObjectPermission extends BaseObjectPermission $row = $rs->getRow(); if ($row["OP_CASE_STATUS"] == "ALL" || $row["OP_CASE_STATUS"] == "" || $row["OP_CASE_STATUS"] == "0" || - $row["OP_CASE_STATUS"] == $aCase["APP_STATUS"] + $row["OP_CASE_STATUS"] == $caseData["APP_STATUS"] ) { array_push($userPermissions, $row); } @@ -203,10 +204,11 @@ class ObjectPermission extends BaseObjectPermission * @param string $proUid the uid of the process * @param string $tasUid the uid of the task * @param string $action for the object permissions VIEW, BLOCK, RESEND + * @param array $caseData for review the case status DRAFT, TODO, COMPLETED, PAUSED * * @return array */ - public function verifyObjectPermissionPerGroup ($usrUid, $proUid, $tasUid = '', $action = '') + public function verifyObjectPermissionPerGroup ($usrUid, $proUid, $tasUid = '', $action = '', $caseData = array()) { $gr = new Groups(); $records = $gr->getActiveGroupsForAnUser($usrUid); @@ -231,7 +233,7 @@ class ObjectPermission extends BaseObjectPermission $row = $rs->getRow(); if ($row["OP_CASE_STATUS"] == "ALL" || $row["OP_CASE_STATUS"] == "" || $row["OP_CASE_STATUS"] == "0" || - $row["OP_CASE_STATUS"] == $aCase["APP_STATUS"] + $row["OP_CASE_STATUS"] == $caseData["APP_STATUS"] ) { array_push($groupPermissions, $row); } diff --git a/workflow/engine/src/ProcessMaker/Services/Api/Cases.php b/workflow/engine/src/ProcessMaker/Services/Api/Cases.php index d12ef50f1..47818ac73 100644 --- a/workflow/engine/src/ProcessMaker/Services/Api/Cases.php +++ b/workflow/engine/src/ProcessMaker/Services/Api/Cases.php @@ -5,6 +5,7 @@ use \ProcessMaker\Services\Api; use \Luracast\Restler\RestException; use \ProcessMaker\Util\DateTime; use \ProcessMaker\BusinessModel\Validator; +use AppDocument; /** * Cases Api Controller @@ -108,7 +109,27 @@ class Cases extends Api } } break; - } + case 'doDownloadInputDocument': + //Verify if the user can be download the file + $appDocUid = $this->parameters[$arrayArgs['app_doc_uid']]; + $version = $this->parameters[$arrayArgs['v']]; + $usrUid = $this->getUserId(); + $oAppDocument = new AppDocument(); + if ($version == 0) { + $docVersion = $oAppDocument->getLastAppDocVersion($appDocUid); + } else { + $docVersion = $version; + } + if (defined('DISABLE_DOWNLOAD_DOCUMENTS_SESSION_VALIDATION') && DISABLE_DOWNLOAD_DOCUMENTS_SESSION_VALIDATION == 0) { + if ($oAppDocument->canDownloadInput($usrUid, $appDocUid, $docVersion)) { + return true; + } + } else { + return true; + } + break; + } + return false; } catch (\Exception $e) { throw new RestException(Api::STAT_APP_EXCEPTION, $e->getMessage()); diff --git a/workflow/engine/src/ProcessMaker/Services/Api/Cases/InputDocument.php b/workflow/engine/src/ProcessMaker/Services/Api/Cases/InputDocument.php index 7a2f48c42..b187f8243 100644 --- a/workflow/engine/src/ProcessMaker/Services/Api/Cases/InputDocument.php +++ b/workflow/engine/src/ProcessMaker/Services/Api/Cases/InputDocument.php @@ -54,6 +54,8 @@ class InputDocument extends Api } /** + * @access protected + * @class AccessControl {@className \ProcessMaker\Services\Api\Cases} * @url GET /:app_uid/input-document/:app_doc_uid/file * * @param string $app_uid {@min 32}{@max 32}