diff --git a/gulliver/system/class.g.php b/gulliver/system/class.g.php index ebe424741..abe71db68 100644 --- a/gulliver/system/class.g.php +++ b/gulliver/system/class.g.php @@ -1989,7 +1989,7 @@ class G * * @return void */ - public function SendTemporalMessage ($msgID, $strType, $sType = 'LABEL', $time = null, $width = null, $customLabels = null) + public static function SendTemporalMessage ($msgID, $strType, $sType = 'LABEL', $time = null, $width = null, $customLabels = null) { if (isset( $width )) { $_SESSION['G_MESSAGE_WIDTH'] = $width; diff --git a/gulliver/system/class.rbac.php b/gulliver/system/class.rbac.php index f5da6a354..9ca940d9d 100644 --- a/gulliver/system/class.rbac.php +++ b/gulliver/system/class.rbac.php @@ -25,6 +25,9 @@ * Coral Gables, FL, 33134, USA, or email info@colosa.com. * */ + +use ProcessMaker\Exception\RBACException; + /** * File: $Id$ * @@ -148,8 +151,11 @@ class RBAC ), 'newSite.php' => array( 'newSite.php' => array('PM_SETUP_ADVANCE') + ), + 'emailsAjax.php' => array( + 'MessageList' => array('PM_SETUP', 'PM_SETUP_LOGS'), + 'updateStatusMessage' => array('PM_SETUP', 'PM_SETUP_LOGS'), ) - ); } @@ -1546,8 +1552,7 @@ class RBAC } if (!$access) { - G::header('Location: /errors/error403.php'); - die(); + throw new RBACException('ID_ACCESS_DENIED', 403); } } } diff --git a/workflow/engine/methods/mails/emailsAjax.php b/workflow/engine/methods/mails/emailsAjax.php index fc8a1fde1..5b88d963b 100644 --- a/workflow/engine/methods/mails/emailsAjax.php +++ b/workflow/engine/methods/mails/emailsAjax.php @@ -1,23 +1,33 @@ userCanAccess('PM_LOGIN')) { + case -2: + throw new RBACException('ID_USER_HAVENT_RIGHTS_SYSTEM', -2); + break; + case -1: + throw new RBACException('ID_USER_HAVENT_RIGHTS_PAGE', -1); + break; +} +$RBAC->allows(basename(__FILE__), $req); + +switch ($req) { case 'MessageList': - $start = (isset($_REQUEST['start']))? $_REQUEST['start'] : '0'; - $limit = (isset($_REQUEST['limit']))? $_REQUEST['limit'] : '25'; - $proUid = (isset($_REQUEST['process']))? $_REQUEST['process'] : ''; - $eventype = (isset($_REQUEST['type']))? $_REQUEST['type'] : ''; - $emailStatus = (isset($_REQUEST['status']))? $_REQUEST['status'] : ''; - $sort = isset($_REQUEST['sort']) ? $_REQUEST['sort'] : ''; - $dir = isset($_REQUEST['dir']) ? $_REQUEST['dir'] : 'ASC'; - $dateFrom = isset( $_POST["dateFrom"] ) ? substr( $_POST["dateFrom"], 0, 10 ) : ""; - $dateTo = isset( $_POST["dateTo"] ) ? substr( $_POST["dateTo"], 0, 10 ) : ""; - $filterBy = (isset($_REQUEST['filterBy']))? $_REQUEST['filterBy'] : 'ALL'; + $start = (isset($_REQUEST['start'])) ? $_REQUEST['start'] : '0'; + $limit = (isset($_REQUEST['limit'])) ? $_REQUEST['limit'] : '25'; + $proUid = (isset($_REQUEST['process'])) ? $_REQUEST['process'] : ''; + $eventype = (isset($_REQUEST['type'])) ? $_REQUEST['type'] : ''; + $emailStatus = (isset($_REQUEST['status'])) ? $_REQUEST['status'] : ''; + $sort = isset($_REQUEST['sort']) ? $_REQUEST['sort'] : ''; + $dir = isset($_REQUEST['dir']) ? $_REQUEST['dir'] : 'ASC'; + $dateFrom = isset($_POST["dateFrom"]) ? substr($_POST["dateFrom"], 0, 10) : ""; + $dateTo = isset($_POST["dateTo"]) ? substr($_POST["dateTo"], 0, 10) : ""; + $filterBy = (isset($_REQUEST['filterBy'])) ? $_REQUEST['filterBy'] : 'ALL'; $response = new stdclass(); $response->status = 'OK'; @@ -28,10 +38,10 @@ switch($req){ $criteria->addJoin(AppMessagePeer::APP_UID, ApplicationPeer::APP_UID, Criteria::LEFT_JOIN); if ($emailStatus != '') { - $criteria->add( AppMessagePeer::APP_MSG_STATUS, $emailStatus); + $criteria->add(AppMessagePeer::APP_MSG_STATUS, $emailStatus); } if ($proUid != '') { - $criteria->add( ApplicationPeer::PRO_UID, $proUid); + $criteria->add(ApplicationPeer::PRO_UID, $proUid); } $arrayType = []; @@ -39,7 +49,7 @@ switch($req){ $pluginRegistry = PMPluginRegistry::getSingleton(); $statusEr = $pluginRegistry->getStatusPlugin('externalRegistration'); - $flagEr = (preg_match('/^enabled$/', $statusEr))? 1 : 0; + $flagEr = (preg_match('/^enabled$/', $statusEr)) ? 1 : 0; if ($flagEr == 0) { $arrayType[] = 'EXTERNAL_REGISTRATION'; @@ -73,14 +83,14 @@ switch($req){ $dateTo = $dateTo . " 23:59:59"; } - $criteria->add( $criteria->getNewCriterion( AppMessagePeer::APP_MSG_DATE, $dateFrom, Criteria::GREATER_EQUAL )->addAnd( $criteria->getNewCriterion( AppMessagePeer::APP_MSG_DATE, $dateTo, Criteria::LESS_EQUAL ) ) ); + $criteria->add($criteria->getNewCriterion(AppMessagePeer::APP_MSG_DATE, $dateFrom, Criteria::GREATER_EQUAL)->addAnd($criteria->getNewCriterion(AppMessagePeer::APP_MSG_DATE, $dateTo, Criteria::LESS_EQUAL))); } else { $dateFrom = $dateFrom . " 00:00:00"; - $criteria->add( AppMessagePeer::APP_MSG_DATE, $dateFrom, Criteria::GREATER_EQUAL ); + $criteria->add(AppMessagePeer::APP_MSG_DATE, $dateFrom, Criteria::GREATER_EQUAL); } } elseif ($dateTo != "") { $dateTo = $dateTo . " 23:59:59"; - $criteria->add( AppMessagePeer::APP_MSG_DATE, $dateTo, Criteria::LESS_EQUAL ); + $criteria->add(AppMessagePeer::APP_MSG_DATE, $dateTo, Criteria::LESS_EQUAL); } //Number records total @@ -118,10 +128,10 @@ switch($req){ $criteria->addSelectColumn(ProcessPeer::PRO_TITLE); if ($emailStatus != '') { - $criteria->add( AppMessagePeer::APP_MSG_STATUS, $emailStatus); + $criteria->add(AppMessagePeer::APP_MSG_STATUS, $emailStatus); } if ($proUid != '') { - $criteria->add( ApplicationPeer::PRO_UID, $proUid); + $criteria->add(ApplicationPeer::PRO_UID, $proUid); } switch ($filterBy) { @@ -152,24 +162,27 @@ switch($req){ $dateTo = $dateTo . " 23:59:59"; } - $criteria->add( $criteria->getNewCriterion( AppMessagePeer::APP_MSG_DATE, $dateFrom, Criteria::GREATER_EQUAL )->addAnd( $criteria->getNewCriterion( AppMessagePeer::APP_MSG_DATE, $dateTo, Criteria::LESS_EQUAL ) ) ); + $criteria->add($criteria->getNewCriterion(AppMessagePeer::APP_MSG_DATE, $dateFrom, Criteria::GREATER_EQUAL)->addAnd($criteria->getNewCriterion(AppMessagePeer::APP_MSG_DATE, $dateTo, Criteria::LESS_EQUAL))); } else { $dateFrom = $dateFrom . " 00:00:00"; - $criteria->add( AppMessagePeer::APP_MSG_DATE, $dateFrom, Criteria::GREATER_EQUAL ); + $criteria->add(AppMessagePeer::APP_MSG_DATE, $dateFrom, Criteria::GREATER_EQUAL); } } elseif ($dateTo != "") { $dateTo = $dateTo . " 23:59:59"; - $criteria->add( AppMessagePeer::APP_MSG_DATE, $dateTo, Criteria::LESS_EQUAL ); + $criteria->add(AppMessagePeer::APP_MSG_DATE, $dateTo, Criteria::LESS_EQUAL); } if ($sort != '') { + if (!in_array($sort, AppMessagePeer::getFieldNames(BasePeer::TYPE_FIELDNAME))) { + throw new Exception(G::LoadTranslation('ID_INVALID_VALUE_FOR', array('$sort'))); + } if ($dir == 'ASC') { $criteria->addAscendingOrderByColumn($sort); } else { $criteria->addDescendingOrderByColumn($sort); } } else { - $oCriteria->addDescendingOrderByColumn(AppMessagePeer::APP_MSG_SEND_DATE ); + $oCriteria->addDescendingOrderByColumn(AppMessagePeer::APP_MSG_SEND_DATE); } if ($limit != '') { $criteria->setLimit($limit); @@ -187,60 +200,60 @@ switch($req){ $index = 1; $content = new Content(); $tasTitleDefault = G::LoadTranslation('ID_TASK_NOT_RELATED'); - while ( $result->next() ) { + while ($result->next()) { $row = $result->getRow(); - $row['APP_MSG_FROM'] =htmlentities($row['APP_MSG_FROM'], ENT_QUOTES, "UTF-8"); - $row['APP_MSG_STATUS'] = ucfirst ( $row['APP_MSG_STATUS']); + $row['APP_MSG_FROM'] = htmlentities($row['APP_MSG_FROM'], ENT_QUOTES, "UTF-8"); + $row['APP_MSG_STATUS'] = ucfirst($row['APP_MSG_STATUS']); switch ($filterBy) { - case 'CASES': - if ($row['DEL_INDEX'] != 0) { - $index = $row['DEL_INDEX']; - } + case 'CASES': + if ($row['DEL_INDEX'] != 0) { + $index = $row['DEL_INDEX']; + } - $criteria = new Criteria(); + $criteria = new Criteria(); - $criteria->addSelectColumn(AppCacheViewPeer::APP_TITLE); - $criteria->addSelectColumn(AppCacheViewPeer::APP_TAS_TITLE); - $criteria->add(AppCacheViewPeer::APP_UID, $row['APP_UID'], Criteria::EQUAL); - $criteria->add(AppCacheViewPeer::DEL_INDEX, $index, Criteria::EQUAL); + $criteria->addSelectColumn(AppCacheViewPeer::APP_TITLE); + $criteria->addSelectColumn(AppCacheViewPeer::APP_TAS_TITLE); + $criteria->add(AppCacheViewPeer::APP_UID, $row['APP_UID'], Criteria::EQUAL); + $criteria->add(AppCacheViewPeer::DEL_INDEX, $index, Criteria::EQUAL); - $resultCacheView = AppCacheViewPeer::doSelectRS($criteria); - $resultCacheView->setFetchmode(ResultSet::FETCHMODE_ASSOC); + $resultCacheView = AppCacheViewPeer::doSelectRS($criteria); + $resultCacheView->setFetchmode(ResultSet::FETCHMODE_ASSOC); - $row['APP_TITLE'] = '-'; + $row['APP_TITLE'] = '-'; - while ($resultCacheView->next()) { - $rowCacheView = $resultCacheView->getRow(); - $row['APP_TITLE'] = $rowCacheView['APP_TITLE']; - $row['TAS_TITLE'] = $rowCacheView['APP_TAS_TITLE']; - } + while ($resultCacheView->next()) { + $rowCacheView = $resultCacheView->getRow(); + $row['APP_TITLE'] = $rowCacheView['APP_TITLE']; + $row['TAS_TITLE'] = $rowCacheView['APP_TAS_TITLE']; + } - if ($row['DEL_INDEX'] == 0) { - $row['TAS_TITLE'] = $tasTitleDefault; - } - break; - case 'TEST': - $row['PRO_UID'] = ''; - $row['APP_NUMBER'] = ''; - $row['PRO_TITLE'] = ''; - $row['APP_TITLE'] = ''; - $row['TAS_TITLE'] = ''; - break; - case 'EXTERNAL-REGISTRATION': - $row['PRO_UID'] = ''; - $row['APP_NUMBER'] = ''; - $row['PRO_TITLE'] = ''; - $row['APP_TITLE'] = ''; - $row['TAS_TITLE'] = ''; - break; + if ($row['DEL_INDEX'] == 0) { + $row['TAS_TITLE'] = $tasTitleDefault; + } + break; + case 'TEST': + $row['PRO_UID'] = ''; + $row['APP_NUMBER'] = ''; + $row['PRO_TITLE'] = ''; + $row['APP_TITLE'] = ''; + $row['TAS_TITLE'] = ''; + break; + case 'EXTERNAL-REGISTRATION': + $row['PRO_UID'] = ''; + $row['APP_NUMBER'] = ''; + $row['PRO_TITLE'] = ''; + $row['APP_TITLE'] = ''; + $row['TAS_TITLE'] = ''; + break; } $data[] = $row; } $response = array(); $response['totalCount'] = $totalCount; - $response['data'] = $data; + $response['data'] = $data; die(G::json_encode($response)); break; case 'updateStatusMessage': diff --git a/workflow/engine/src/ProcessMaker/Exception/RBACException.php b/workflow/engine/src/ProcessMaker/Exception/RBACException.php new file mode 100644 index 000000000..f10e881e4 --- /dev/null +++ b/workflow/engine/src/ProcessMaker/Exception/RBACException.php @@ -0,0 +1,59 @@ +getCode()) { + case -1: + G::SendTemporalMessage($this->getMessage(), 'error', 'labels'); + $message = self::PM_LOGIN; + break; + case -2: + G::SendTemporalMessage($this->getMessage(), 'error', 'labels'); + $message = self::PM_LOGIN; + break; + case 403: + $message = self::PM_403; + break; + default: + $message = self::PM_LOGIN; + break; + } + return $message; + } + + /** + * Returns the path to which to redirect + * @return $this + */ + public function getPath() + { + return $this; + } +} diff --git a/workflow/public_html/app.php b/workflow/public_html/app.php index 7fe4195d1..0c8506882 100644 --- a/workflow/public_html/app.php +++ b/workflow/public_html/app.php @@ -53,6 +53,8 @@ try { break; } +} catch (ProcessMaker\Exception\RBACException $e) { + G::header('location: ' . $e->getPath()); } catch (Exception $e) { $view = new Maveriks\Pattern\Mvc\PhtmlView($rootDir . "framework/src/templates/Exception.phtml"); $view->set("message", $e->getMessage());