HOR-3648
This commit is contained in:
Paula Quispe
@@ -519,6 +519,7 @@ class WebApplication
|
|||||||
define('MEMCACHED_ENABLED', $arraySystemConfiguration['memcached']);
|
define('MEMCACHED_ENABLED', $arraySystemConfiguration['memcached']);
|
||||||
define('MEMCACHED_SERVER', $arraySystemConfiguration['memcached_server']);
|
define('MEMCACHED_SERVER', $arraySystemConfiguration['memcached_server']);
|
||||||
define('SYS_SKIN', $arraySystemConfiguration['default_skin']);
|
define('SYS_SKIN', $arraySystemConfiguration['default_skin']);
|
||||||
|
define('DISABLE_DOWNLOAD_DOCUMENTS_SESSION_VALIDATION', $arraySystemConfiguration['disable_download_documents_session_validation']);
|
||||||
|
|
||||||
require_once (PATH_DB . SYS_SYS . "/db.php");
|
require_once (PATH_DB . SYS_SYS . "/db.php");
|
||||||
|
|
||||||
|
|||||||
@@ -5779,13 +5779,13 @@ class Cases
|
|||||||
*/
|
*/
|
||||||
public function getAllObjectsFrom($proUid, $appUid, $tasUid = '', $usrUid = '', $action = '', $delIndex = 0)
|
public function getAllObjectsFrom($proUid, $appUid, $tasUid = '', $usrUid = '', $action = '', $delIndex = 0)
|
||||||
{
|
{
|
||||||
$aCase = $this->loadCase($appUid);
|
$caseData = $this->loadCase($appUid);
|
||||||
|
|
||||||
if ($delIndex != 0) {
|
if ($delIndex != 0) {
|
||||||
$appDelay = new AppDelay();
|
$appDelay = new AppDelay();
|
||||||
|
|
||||||
if ($appDelay->isPaused($appUid, $delIndex)) {
|
if ($appDelay->isPaused($appUid, $delIndex)) {
|
||||||
$aCase["APP_STATUS"] = "PAUSED";
|
$caseData["APP_STATUS"] = "PAUSED";
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
@@ -5804,8 +5804,8 @@ class Cases
|
|||||||
);
|
);
|
||||||
|
|
||||||
$oObjectPermission = new ObjectPermission();
|
$oObjectPermission = new ObjectPermission();
|
||||||
$userPermissions = $oObjectPermission->verifyObjectPermissionPerUser($usrUid, $proUid, $tasUid, $action);
|
$userPermissions = $oObjectPermission->verifyObjectPermissionPerUser($usrUid, $proUid, $tasUid, $action, $caseData);
|
||||||
$groupPermissions = $oObjectPermission->verifyObjectPermissionPerGroup($usrUid, $proUid, $tasUid, $action);
|
$groupPermissions = $oObjectPermission->verifyObjectPermissionPerGroup($usrUid, $proUid, $tasUid, $action, $caseData);
|
||||||
$permissions = array_merge($userPermissions, $groupPermissions);
|
$permissions = array_merge($userPermissions, $groupPermissions);
|
||||||
|
|
||||||
foreach ($permissions as $row) {
|
foreach ($permissions as $row) {
|
||||||
@@ -5845,7 +5845,7 @@ class Cases
|
|||||||
$appUid,
|
$appUid,
|
||||||
$opTaskSource,
|
$opTaskSource,
|
||||||
$opObjUid,
|
$opObjUid,
|
||||||
$aCase['APP_STATUS']
|
$caseData['APP_STATUS']
|
||||||
);
|
);
|
||||||
//For Ouputs
|
//For Ouputs
|
||||||
$result['OUTPUT'] = $oObjectPermission->objectPermissionByOutputInput(
|
$result['OUTPUT'] = $oObjectPermission->objectPermissionByOutputInput(
|
||||||
@@ -5854,7 +5854,7 @@ class Cases
|
|||||||
$opTaskSource,
|
$opTaskSource,
|
||||||
'OUTPUT',
|
'OUTPUT',
|
||||||
$opObjUid,
|
$opObjUid,
|
||||||
$aCase['APP_STATUS']
|
$caseData['APP_STATUS']
|
||||||
);
|
);
|
||||||
//For Inputs
|
//For Inputs
|
||||||
$result['INPUT'] = $oObjectPermission->objectPermissionByOutputInput(
|
$result['INPUT'] = $oObjectPermission->objectPermissionByOutputInput(
|
||||||
@@ -5863,7 +5863,7 @@ class Cases
|
|||||||
$opTaskSource,
|
$opTaskSource,
|
||||||
'INPUT',
|
'INPUT',
|
||||||
$opObjUid,
|
$opObjUid,
|
||||||
$aCase['APP_STATUS']
|
$caseData['APP_STATUS']
|
||||||
);
|
);
|
||||||
//For Attachment
|
//For Attachment
|
||||||
$result['ATTACHMENT'] = $oObjectPermission->objectPermissionByOutputInput(
|
$result['ATTACHMENT'] = $oObjectPermission->objectPermissionByOutputInput(
|
||||||
@@ -5872,7 +5872,7 @@ class Cases
|
|||||||
$opTaskSource,
|
$opTaskSource,
|
||||||
'ATTACHED',
|
'ATTACHED',
|
||||||
$opObjUid,
|
$opObjUid,
|
||||||
$aCase['APP_STATUS']
|
$caseData['APP_STATUS']
|
||||||
);
|
);
|
||||||
|
|
||||||
$result['CASES_NOTES'] = 1;
|
$result['CASES_NOTES'] = 1;
|
||||||
@@ -5888,7 +5888,7 @@ class Cases
|
|||||||
$action,
|
$action,
|
||||||
$opTaskSource,
|
$opTaskSource,
|
||||||
$opUserRelation,
|
$opUserRelation,
|
||||||
$aCase['APP_STATUS'],
|
$caseData['APP_STATUS'],
|
||||||
$opParticipated
|
$opParticipated
|
||||||
);
|
);
|
||||||
break;
|
break;
|
||||||
@@ -5897,7 +5897,7 @@ class Cases
|
|||||||
$appUid,
|
$appUid,
|
||||||
$opTaskSource,
|
$opTaskSource,
|
||||||
$opObjUid,
|
$opObjUid,
|
||||||
$aCase['APP_STATUS']
|
$caseData['APP_STATUS']
|
||||||
);
|
);
|
||||||
break;
|
break;
|
||||||
case 'INPUT':
|
case 'INPUT':
|
||||||
@@ -5907,7 +5907,7 @@ class Cases
|
|||||||
$opTaskSource,
|
$opTaskSource,
|
||||||
'INPUT',
|
'INPUT',
|
||||||
$opObjUid,
|
$opObjUid,
|
||||||
$aCase['APP_STATUS']
|
$caseData['APP_STATUS']
|
||||||
);
|
);
|
||||||
break;
|
break;
|
||||||
case 'ATTACHMENT':
|
case 'ATTACHMENT':
|
||||||
@@ -5917,7 +5917,7 @@ class Cases
|
|||||||
$opTaskSource,
|
$opTaskSource,
|
||||||
'ATTACHED',
|
'ATTACHED',
|
||||||
$opObjUid,
|
$opObjUid,
|
||||||
$aCase['APP_STATUS']
|
$caseData['APP_STATUS']
|
||||||
);
|
);
|
||||||
break;
|
break;
|
||||||
case 'OUTPUT':
|
case 'OUTPUT':
|
||||||
@@ -5927,7 +5927,7 @@ class Cases
|
|||||||
$opTaskSource,
|
$opTaskSource,
|
||||||
'OUTPUT',
|
'OUTPUT',
|
||||||
$opObjUid,
|
$opObjUid,
|
||||||
$aCase['APP_STATUS']
|
$caseData['APP_STATUS']
|
||||||
);
|
);
|
||||||
break;
|
break;
|
||||||
case 'CASES_NOTES':
|
case 'CASES_NOTES':
|
||||||
@@ -5946,7 +5946,7 @@ class Cases
|
|||||||
$action,
|
$action,
|
||||||
$opTaskSource,
|
$opTaskSource,
|
||||||
$opUserRelation,
|
$opUserRelation,
|
||||||
$aCase['APP_STATUS'],
|
$caseData['APP_STATUS'],
|
||||||
$opParticipated
|
$opParticipated
|
||||||
);
|
);
|
||||||
break;
|
break;
|
||||||
|
|||||||
@@ -157,10 +157,11 @@ class ObjectPermission extends BaseObjectPermission
|
|||||||
* @param string $proUid the uid of the process
|
* @param string $proUid the uid of the process
|
||||||
* @param string $tasUid the uid of the task
|
* @param string $tasUid the uid of the task
|
||||||
* @param string $action for the object permissions VIEW, BLOCK, RESEND
|
* @param string $action for the object permissions VIEW, BLOCK, RESEND
|
||||||
|
* @param array $caseData for review the case status DRAFT, TODO, COMPLETED, PAUSED
|
||||||
*
|
*
|
||||||
* @return array
|
* @return array
|
||||||
*/
|
*/
|
||||||
public function verifyObjectPermissionPerUser ($usrUid, $proUid, $tasUid = '', $action = '')
|
public function verifyObjectPermissionPerUser ($usrUid, $proUid, $tasUid = '', $action = '', $caseData = array())
|
||||||
{
|
{
|
||||||
$userPermissions = array();
|
$userPermissions = array();
|
||||||
$oCriteria = new Criteria('workflow');
|
$oCriteria = new Criteria('workflow');
|
||||||
@@ -188,7 +189,7 @@ class ObjectPermission extends BaseObjectPermission
|
|||||||
$row = $rs->getRow();
|
$row = $rs->getRow();
|
||||||
|
|
||||||
if ($row["OP_CASE_STATUS"] == "ALL" || $row["OP_CASE_STATUS"] == "" || $row["OP_CASE_STATUS"] == "0" ||
|
if ($row["OP_CASE_STATUS"] == "ALL" || $row["OP_CASE_STATUS"] == "" || $row["OP_CASE_STATUS"] == "0" ||
|
||||||
$row["OP_CASE_STATUS"] == $aCase["APP_STATUS"]
|
$row["OP_CASE_STATUS"] == $caseData["APP_STATUS"]
|
||||||
) {
|
) {
|
||||||
array_push($userPermissions, $row);
|
array_push($userPermissions, $row);
|
||||||
}
|
}
|
||||||
@@ -203,10 +204,11 @@ class ObjectPermission extends BaseObjectPermission
|
|||||||
* @param string $proUid the uid of the process
|
* @param string $proUid the uid of the process
|
||||||
* @param string $tasUid the uid of the task
|
* @param string $tasUid the uid of the task
|
||||||
* @param string $action for the object permissions VIEW, BLOCK, RESEND
|
* @param string $action for the object permissions VIEW, BLOCK, RESEND
|
||||||
|
* @param array $caseData for review the case status DRAFT, TODO, COMPLETED, PAUSED
|
||||||
*
|
*
|
||||||
* @return array
|
* @return array
|
||||||
*/
|
*/
|
||||||
public function verifyObjectPermissionPerGroup ($usrUid, $proUid, $tasUid = '', $action = '')
|
public function verifyObjectPermissionPerGroup ($usrUid, $proUid, $tasUid = '', $action = '', $caseData = array())
|
||||||
{
|
{
|
||||||
$gr = new Groups();
|
$gr = new Groups();
|
||||||
$records = $gr->getActiveGroupsForAnUser($usrUid);
|
$records = $gr->getActiveGroupsForAnUser($usrUid);
|
||||||
@@ -231,7 +233,7 @@ class ObjectPermission extends BaseObjectPermission
|
|||||||
$row = $rs->getRow();
|
$row = $rs->getRow();
|
||||||
|
|
||||||
if ($row["OP_CASE_STATUS"] == "ALL" || $row["OP_CASE_STATUS"] == "" || $row["OP_CASE_STATUS"] == "0" ||
|
if ($row["OP_CASE_STATUS"] == "ALL" || $row["OP_CASE_STATUS"] == "" || $row["OP_CASE_STATUS"] == "0" ||
|
||||||
$row["OP_CASE_STATUS"] == $aCase["APP_STATUS"]
|
$row["OP_CASE_STATUS"] == $caseData["APP_STATUS"]
|
||||||
) {
|
) {
|
||||||
array_push($groupPermissions, $row);
|
array_push($groupPermissions, $row);
|
||||||
}
|
}
|
||||||
|
|||||||
@@ -5,6 +5,7 @@ use \ProcessMaker\Services\Api;
|
|||||||
use \Luracast\Restler\RestException;
|
use \Luracast\Restler\RestException;
|
||||||
use \ProcessMaker\Util\DateTime;
|
use \ProcessMaker\Util\DateTime;
|
||||||
use \ProcessMaker\BusinessModel\Validator;
|
use \ProcessMaker\BusinessModel\Validator;
|
||||||
|
use AppDocument;
|
||||||
|
|
||||||
/**
|
/**
|
||||||
* Cases Api Controller
|
* Cases Api Controller
|
||||||
@@ -108,7 +109,27 @@ class Cases extends Api
|
|||||||
}
|
}
|
||||||
}
|
}
|
||||||
break;
|
break;
|
||||||
}
|
case 'doDownloadInputDocument':
|
||||||
|
//Verify if the user can be download the file
|
||||||
|
$appDocUid = $this->parameters[$arrayArgs['app_doc_uid']];
|
||||||
|
$version = $this->parameters[$arrayArgs['v']];
|
||||||
|
$usrUid = $this->getUserId();
|
||||||
|
$oAppDocument = new AppDocument();
|
||||||
|
if ($version == 0) {
|
||||||
|
$docVersion = $oAppDocument->getLastAppDocVersion($appDocUid);
|
||||||
|
} else {
|
||||||
|
$docVersion = $version;
|
||||||
|
}
|
||||||
|
if (defined('DISABLE_DOWNLOAD_DOCUMENTS_SESSION_VALIDATION') && DISABLE_DOWNLOAD_DOCUMENTS_SESSION_VALIDATION == 0) {
|
||||||
|
if ($oAppDocument->canDownloadInput($usrUid, $appDocUid, $docVersion)) {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
} else {
|
||||||
|
return true;
|
||||||
|
}
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
return false;
|
return false;
|
||||||
} catch (\Exception $e) {
|
} catch (\Exception $e) {
|
||||||
throw new RestException(Api::STAT_APP_EXCEPTION, $e->getMessage());
|
throw new RestException(Api::STAT_APP_EXCEPTION, $e->getMessage());
|
||||||
|
|||||||
@@ -54,6 +54,8 @@ class InputDocument extends Api
|
|||||||
}
|
}
|
||||||
|
|
||||||
/**
|
/**
|
||||||
|
* @access protected
|
||||||
|
* @class AccessControl {@className \ProcessMaker\Services\Api\Cases}
|
||||||
* @url GET /:app_uid/input-document/:app_doc_uid/file
|
* @url GET /:app_uid/input-document/:app_doc_uid/file
|
||||||
*
|
*
|
||||||
* @param string $app_uid {@min 32}{@max 32}
|
* @param string $app_uid {@min 32}{@max 32}
|
||||||
|
|||||||
Reference in New Issue
Block a user