HOR-3648
This commit is contained in:
Paula Quispe
@@ -519,6 +519,7 @@ class WebApplication
|
||||
define('MEMCACHED_ENABLED', $arraySystemConfiguration['memcached']);
|
||||
define('MEMCACHED_SERVER', $arraySystemConfiguration['memcached_server']);
|
||||
define('SYS_SKIN', $arraySystemConfiguration['default_skin']);
|
||||
define('DISABLE_DOWNLOAD_DOCUMENTS_SESSION_VALIDATION', $arraySystemConfiguration['disable_download_documents_session_validation']);
|
||||
|
||||
require_once (PATH_DB . SYS_SYS . "/db.php");
|
||||
|
||||
|
||||
@@ -5779,13 +5779,13 @@ class Cases
|
||||
*/
|
||||
public function getAllObjectsFrom($proUid, $appUid, $tasUid = '', $usrUid = '', $action = '', $delIndex = 0)
|
||||
{
|
||||
$aCase = $this->loadCase($appUid);
|
||||
$caseData = $this->loadCase($appUid);
|
||||
|
||||
if ($delIndex != 0) {
|
||||
$appDelay = new AppDelay();
|
||||
|
||||
if ($appDelay->isPaused($appUid, $delIndex)) {
|
||||
$aCase["APP_STATUS"] = "PAUSED";
|
||||
$caseData["APP_STATUS"] = "PAUSED";
|
||||
}
|
||||
}
|
||||
|
||||
@@ -5804,8 +5804,8 @@ class Cases
|
||||
);
|
||||
|
||||
$oObjectPermission = new ObjectPermission();
|
||||
$userPermissions = $oObjectPermission->verifyObjectPermissionPerUser($usrUid, $proUid, $tasUid, $action);
|
||||
$groupPermissions = $oObjectPermission->verifyObjectPermissionPerGroup($usrUid, $proUid, $tasUid, $action);
|
||||
$userPermissions = $oObjectPermission->verifyObjectPermissionPerUser($usrUid, $proUid, $tasUid, $action, $caseData);
|
||||
$groupPermissions = $oObjectPermission->verifyObjectPermissionPerGroup($usrUid, $proUid, $tasUid, $action, $caseData);
|
||||
$permissions = array_merge($userPermissions, $groupPermissions);
|
||||
|
||||
foreach ($permissions as $row) {
|
||||
@@ -5845,7 +5845,7 @@ class Cases
|
||||
$appUid,
|
||||
$opTaskSource,
|
||||
$opObjUid,
|
||||
$aCase['APP_STATUS']
|
||||
$caseData['APP_STATUS']
|
||||
);
|
||||
//For Ouputs
|
||||
$result['OUTPUT'] = $oObjectPermission->objectPermissionByOutputInput(
|
||||
@@ -5854,7 +5854,7 @@ class Cases
|
||||
$opTaskSource,
|
||||
'OUTPUT',
|
||||
$opObjUid,
|
||||
$aCase['APP_STATUS']
|
||||
$caseData['APP_STATUS']
|
||||
);
|
||||
//For Inputs
|
||||
$result['INPUT'] = $oObjectPermission->objectPermissionByOutputInput(
|
||||
@@ -5863,7 +5863,7 @@ class Cases
|
||||
$opTaskSource,
|
||||
'INPUT',
|
||||
$opObjUid,
|
||||
$aCase['APP_STATUS']
|
||||
$caseData['APP_STATUS']
|
||||
);
|
||||
//For Attachment
|
||||
$result['ATTACHMENT'] = $oObjectPermission->objectPermissionByOutputInput(
|
||||
@@ -5872,7 +5872,7 @@ class Cases
|
||||
$opTaskSource,
|
||||
'ATTACHED',
|
||||
$opObjUid,
|
||||
$aCase['APP_STATUS']
|
||||
$caseData['APP_STATUS']
|
||||
);
|
||||
|
||||
$result['CASES_NOTES'] = 1;
|
||||
@@ -5888,7 +5888,7 @@ class Cases
|
||||
$action,
|
||||
$opTaskSource,
|
||||
$opUserRelation,
|
||||
$aCase['APP_STATUS'],
|
||||
$caseData['APP_STATUS'],
|
||||
$opParticipated
|
||||
);
|
||||
break;
|
||||
@@ -5897,7 +5897,7 @@ class Cases
|
||||
$appUid,
|
||||
$opTaskSource,
|
||||
$opObjUid,
|
||||
$aCase['APP_STATUS']
|
||||
$caseData['APP_STATUS']
|
||||
);
|
||||
break;
|
||||
case 'INPUT':
|
||||
@@ -5907,7 +5907,7 @@ class Cases
|
||||
$opTaskSource,
|
||||
'INPUT',
|
||||
$opObjUid,
|
||||
$aCase['APP_STATUS']
|
||||
$caseData['APP_STATUS']
|
||||
);
|
||||
break;
|
||||
case 'ATTACHMENT':
|
||||
@@ -5917,7 +5917,7 @@ class Cases
|
||||
$opTaskSource,
|
||||
'ATTACHED',
|
||||
$opObjUid,
|
||||
$aCase['APP_STATUS']
|
||||
$caseData['APP_STATUS']
|
||||
);
|
||||
break;
|
||||
case 'OUTPUT':
|
||||
@@ -5927,7 +5927,7 @@ class Cases
|
||||
$opTaskSource,
|
||||
'OUTPUT',
|
||||
$opObjUid,
|
||||
$aCase['APP_STATUS']
|
||||
$caseData['APP_STATUS']
|
||||
);
|
||||
break;
|
||||
case 'CASES_NOTES':
|
||||
@@ -5946,7 +5946,7 @@ class Cases
|
||||
$action,
|
||||
$opTaskSource,
|
||||
$opUserRelation,
|
||||
$aCase['APP_STATUS'],
|
||||
$caseData['APP_STATUS'],
|
||||
$opParticipated
|
||||
);
|
||||
break;
|
||||
|
||||
@@ -157,10 +157,11 @@ class ObjectPermission extends BaseObjectPermission
|
||||
* @param string $proUid the uid of the process
|
||||
* @param string $tasUid the uid of the task
|
||||
* @param string $action for the object permissions VIEW, BLOCK, RESEND
|
||||
* @param array $caseData for review the case status DRAFT, TODO, COMPLETED, PAUSED
|
||||
*
|
||||
* @return array
|
||||
*/
|
||||
public function verifyObjectPermissionPerUser ($usrUid, $proUid, $tasUid = '', $action = '')
|
||||
public function verifyObjectPermissionPerUser ($usrUid, $proUid, $tasUid = '', $action = '', $caseData = array())
|
||||
{
|
||||
$userPermissions = array();
|
||||
$oCriteria = new Criteria('workflow');
|
||||
@@ -188,7 +189,7 @@ class ObjectPermission extends BaseObjectPermission
|
||||
$row = $rs->getRow();
|
||||
|
||||
if ($row["OP_CASE_STATUS"] == "ALL" || $row["OP_CASE_STATUS"] == "" || $row["OP_CASE_STATUS"] == "0" ||
|
||||
$row["OP_CASE_STATUS"] == $aCase["APP_STATUS"]
|
||||
$row["OP_CASE_STATUS"] == $caseData["APP_STATUS"]
|
||||
) {
|
||||
array_push($userPermissions, $row);
|
||||
}
|
||||
@@ -203,10 +204,11 @@ class ObjectPermission extends BaseObjectPermission
|
||||
* @param string $proUid the uid of the process
|
||||
* @param string $tasUid the uid of the task
|
||||
* @param string $action for the object permissions VIEW, BLOCK, RESEND
|
||||
* @param array $caseData for review the case status DRAFT, TODO, COMPLETED, PAUSED
|
||||
*
|
||||
* @return array
|
||||
*/
|
||||
public function verifyObjectPermissionPerGroup ($usrUid, $proUid, $tasUid = '', $action = '')
|
||||
public function verifyObjectPermissionPerGroup ($usrUid, $proUid, $tasUid = '', $action = '', $caseData = array())
|
||||
{
|
||||
$gr = new Groups();
|
||||
$records = $gr->getActiveGroupsForAnUser($usrUid);
|
||||
@@ -231,7 +233,7 @@ class ObjectPermission extends BaseObjectPermission
|
||||
$row = $rs->getRow();
|
||||
|
||||
if ($row["OP_CASE_STATUS"] == "ALL" || $row["OP_CASE_STATUS"] == "" || $row["OP_CASE_STATUS"] == "0" ||
|
||||
$row["OP_CASE_STATUS"] == $aCase["APP_STATUS"]
|
||||
$row["OP_CASE_STATUS"] == $caseData["APP_STATUS"]
|
||||
) {
|
||||
array_push($groupPermissions, $row);
|
||||
}
|
||||
|
||||
@@ -5,6 +5,7 @@ use \ProcessMaker\Services\Api;
|
||||
use \Luracast\Restler\RestException;
|
||||
use \ProcessMaker\Util\DateTime;
|
||||
use \ProcessMaker\BusinessModel\Validator;
|
||||
use AppDocument;
|
||||
|
||||
/**
|
||||
* Cases Api Controller
|
||||
@@ -108,7 +109,27 @@ class Cases extends Api
|
||||
}
|
||||
}
|
||||
break;
|
||||
case 'doDownloadInputDocument':
|
||||
//Verify if the user can be download the file
|
||||
$appDocUid = $this->parameters[$arrayArgs['app_doc_uid']];
|
||||
$version = $this->parameters[$arrayArgs['v']];
|
||||
$usrUid = $this->getUserId();
|
||||
$oAppDocument = new AppDocument();
|
||||
if ($version == 0) {
|
||||
$docVersion = $oAppDocument->getLastAppDocVersion($appDocUid);
|
||||
} else {
|
||||
$docVersion = $version;
|
||||
}
|
||||
if (defined('DISABLE_DOWNLOAD_DOCUMENTS_SESSION_VALIDATION') && DISABLE_DOWNLOAD_DOCUMENTS_SESSION_VALIDATION == 0) {
|
||||
if ($oAppDocument->canDownloadInput($usrUid, $appDocUid, $docVersion)) {
|
||||
return true;
|
||||
}
|
||||
} else {
|
||||
return true;
|
||||
}
|
||||
break;
|
||||
}
|
||||
|
||||
return false;
|
||||
} catch (\Exception $e) {
|
||||
throw new RestException(Api::STAT_APP_EXCEPTION, $e->getMessage());
|
||||
|
||||
@@ -54,6 +54,8 @@ class InputDocument extends Api
|
||||
}
|
||||
|
||||
/**
|
||||
* @access protected
|
||||
* @class AccessControl {@className \ProcessMaker\Services\Api\Cases}
|
||||
* @url GET /:app_uid/input-document/:app_doc_uid/file
|
||||
*
|
||||
* @param string $app_uid {@min 32}{@max 32}
|
||||
|
||||
Reference in New Issue
Block a user