fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merged in bugfix/HOR-3465 (pull request #5869)

Browse Source 
Bugfix/HOR-3465

Approved-by: Julio Cesar Laura Avendaño <contact@julio-laura.com>
Approved-by: Paula Quispe <paula.quispe@processmaker.com>
This commit is contained in:
Ronald Quenta
2017-08-08 21:54:28 +00:00
committed by Paula Quispe
parent 4e67bcce37 38e9cc93fd
commit 1b0514c941
5 changed files with 150 additions and 71 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
gulliver/system/class.g.php
View File

@@ -1989,7 +1989,7 @@ class G
* *
* @return void * @return void
*/ */
public function SendTemporalMessage ($msgID, $strType, $sType = 'LABEL', $time = null, $width = null, $customLabels = null) public static function SendTemporalMessage ($msgID, $strType, $sType = 'LABEL', $time = null, $width = null, $customLabels = null)
{ {
if (isset( $width )) { if (isset( $width )) {
$_SESSION['G_MESSAGE_WIDTH'] = $width; $_SESSION['G_MESSAGE_WIDTH'] = $width;

11
gulliver/system/class.rbac.php
View File

@@ -25,6 +25,9 @@
* Coral Gables, FL, 33134, USA, or email info@colosa.com. * Coral Gables, FL, 33134, USA, or email info@colosa.com.
* *
*/ */
use ProcessMaker\Exception\RBACException;
/** /**
* File: $Id$ * File: $Id$
* *
@@ -148,8 +151,11 @@ class RBAC
), ),
'newSite.php' => array( 'newSite.php' => array(
'newSite.php' => array('PM_SETUP_ADVANCE') 'newSite.php' => array('PM_SETUP_ADVANCE')
),
'emailsAjax.php' => array(
'MessageList' => array('PM_SETUP', 'PM_SETUP_LOGS'),
'updateStatusMessage' => array('PM_SETUP', 'PM_SETUP_LOGS'),
) )
); );
} }
@@ -1546,8 +1552,7 @@ class RBAC
} }
if (!$access) { if (!$access) {
G::header('Location: /errors/error403.php'); throw new RBACException('ID_ACCESS_DENIED', 403);
die();
} }
} }
} }

147
workflow/engine/methods/mails/emailsAjax.php
View File

@@ -1,23 +1,33 @@
<?php <?php
$req = (isset($_POST['request']))? $_POST['request']:((isset($_REQUEST['request']))? $_REQUEST['request'] : 'No hayyy tal');
require_once 'classes/model/Content.php'; use ProcessMaker\Exception\RBACException;
require_once 'classes/model/AppMessage.php';
require_once 'classes/model/AppDelegation.php';
require_once 'classes/model/Application.php';
switch($req){ $req = (isset($_REQUEST['request']) ? $_REQUEST['request'] : '');
/** @var RBAC $RBAC */
global $RBAC;
switch ($RBAC->userCanAccess('PM_LOGIN')) {
case -2:
throw new RBACException('ID_USER_HAVENT_RIGHTS_SYSTEM', -2);
break;
case -1:
throw new RBACException('ID_USER_HAVENT_RIGHTS_PAGE', -1);
break;
}
$RBAC->allows(basename(__FILE__), $req);
switch ($req) {
case 'MessageList': case 'MessageList':
$start = (isset($_REQUEST['start']))? $_REQUEST['start'] : '0'; $start = (isset($_REQUEST['start'])) ? $_REQUEST['start'] : '0';
$limit = (isset($_REQUEST['limit']))? $_REQUEST['limit'] : '25'; $limit = (isset($_REQUEST['limit'])) ? $_REQUEST['limit'] : '25';
$proUid = (isset($_REQUEST['process']))? $_REQUEST['process'] : ''; $proUid = (isset($_REQUEST['process'])) ? $_REQUEST['process'] : '';
$eventype = (isset($_REQUEST['type']))? $_REQUEST['type'] : ''; $eventype = (isset($_REQUEST['type'])) ? $_REQUEST['type'] : '';
$emailStatus = (isset($_REQUEST['status']))? $_REQUEST['status'] : ''; $emailStatus = (isset($_REQUEST['status'])) ? $_REQUEST['status'] : '';
$sort = isset($_REQUEST['sort']) ? $_REQUEST['sort'] : ''; $sort = isset($_REQUEST['sort']) ? $_REQUEST['sort'] : '';
$dir = isset($_REQUEST['dir']) ? $_REQUEST['dir'] : 'ASC'; $dir = isset($_REQUEST['dir']) ? $_REQUEST['dir'] : 'ASC';
$dateFrom = isset( $_POST["dateFrom"] ) ? substr( $_POST["dateFrom"], 0, 10 ) : ""; $dateFrom = isset($_POST["dateFrom"]) ? substr($_POST["dateFrom"], 0, 10) : "";
$dateTo = isset( $_POST["dateTo"] ) ? substr( $_POST["dateTo"], 0, 10 ) : ""; $dateTo = isset($_POST["dateTo"]) ? substr($_POST["dateTo"], 0, 10) : "";
$filterBy = (isset($_REQUEST['filterBy']))? $_REQUEST['filterBy'] : 'ALL'; $filterBy = (isset($_REQUEST['filterBy'])) ? $_REQUEST['filterBy'] : 'ALL';
$response = new stdclass(); $response = new stdclass();
$response->status = 'OK'; $response->status = 'OK';
@@ -28,10 +38,10 @@ switch($req){
$criteria->addJoin(AppMessagePeer::APP_UID, ApplicationPeer::APP_UID, Criteria::LEFT_JOIN); $criteria->addJoin(AppMessagePeer::APP_UID, ApplicationPeer::APP_UID, Criteria::LEFT_JOIN);
if ($emailStatus != '') { if ($emailStatus != '') {
$criteria->add( AppMessagePeer::APP_MSG_STATUS, $emailStatus); $criteria->add(AppMessagePeer::APP_MSG_STATUS, $emailStatus);
} }
if ($proUid != '') { if ($proUid != '') {
$criteria->add( ApplicationPeer::PRO_UID, $proUid); $criteria->add(ApplicationPeer::PRO_UID, $proUid);
} }
$arrayType = []; $arrayType = [];
@@ -39,7 +49,7 @@ switch($req){
$pluginRegistry = PMPluginRegistry::getSingleton(); $pluginRegistry = PMPluginRegistry::getSingleton();
$statusEr = $pluginRegistry->getStatusPlugin('externalRegistration'); $statusEr = $pluginRegistry->getStatusPlugin('externalRegistration');
$flagEr = (preg_match('/^enabled$/', $statusEr))? 1 : 0; $flagEr = (preg_match('/^enabled$/', $statusEr)) ? 1 : 0;
if ($flagEr == 0) { if ($flagEr == 0) {
$arrayType[] = 'EXTERNAL_REGISTRATION'; $arrayType[] = 'EXTERNAL_REGISTRATION';
@@ -73,14 +83,14 @@ switch($req){
$dateTo = $dateTo . " 23:59:59"; $dateTo = $dateTo . " 23:59:59";
} }
$criteria->add( $criteria->getNewCriterion( AppMessagePeer::APP_MSG_DATE, $dateFrom, Criteria::GREATER_EQUAL )->addAnd( $criteria->getNewCriterion( AppMessagePeer::APP_MSG_DATE, $dateTo, Criteria::LESS_EQUAL ) ) ); $criteria->add($criteria->getNewCriterion(AppMessagePeer::APP_MSG_DATE, $dateFrom, Criteria::GREATER_EQUAL)->addAnd($criteria->getNewCriterion(AppMessagePeer::APP_MSG_DATE, $dateTo, Criteria::LESS_EQUAL)));
} else { } else {
$dateFrom = $dateFrom . " 00:00:00"; $dateFrom = $dateFrom . " 00:00:00";
$criteria->add( AppMessagePeer::APP_MSG_DATE, $dateFrom, Criteria::GREATER_EQUAL ); $criteria->add(AppMessagePeer::APP_MSG_DATE, $dateFrom, Criteria::GREATER_EQUAL);
} }
} elseif ($dateTo != "") { } elseif ($dateTo != "") {
$dateTo = $dateTo . " 23:59:59"; $dateTo = $dateTo . " 23:59:59";
$criteria->add( AppMessagePeer::APP_MSG_DATE, $dateTo, Criteria::LESS_EQUAL ); $criteria->add(AppMessagePeer::APP_MSG_DATE, $dateTo, Criteria::LESS_EQUAL);
} }
//Number records total //Number records total
@@ -118,10 +128,10 @@ switch($req){
$criteria->addSelectColumn(ProcessPeer::PRO_TITLE); $criteria->addSelectColumn(ProcessPeer::PRO_TITLE);
if ($emailStatus != '') { if ($emailStatus != '') {
$criteria->add( AppMessagePeer::APP_MSG_STATUS, $emailStatus); $criteria->add(AppMessagePeer::APP_MSG_STATUS, $emailStatus);
} }
if ($proUid != '') { if ($proUid != '') {
$criteria->add( ApplicationPeer::PRO_UID, $proUid); $criteria->add(ApplicationPeer::PRO_UID, $proUid);
} }
switch ($filterBy) { switch ($filterBy) {
@@ -152,24 +162,27 @@ switch($req){
$dateTo = $dateTo . " 23:59:59"; $dateTo = $dateTo . " 23:59:59";
} }
$criteria->add( $criteria->getNewCriterion( AppMessagePeer::APP_MSG_DATE, $dateFrom, Criteria::GREATER_EQUAL )->addAnd( $criteria->getNewCriterion( AppMessagePeer::APP_MSG_DATE, $dateTo, Criteria::LESS_EQUAL ) ) ); $criteria->add($criteria->getNewCriterion(AppMessagePeer::APP_MSG_DATE, $dateFrom, Criteria::GREATER_EQUAL)->addAnd($criteria->getNewCriterion(AppMessagePeer::APP_MSG_DATE, $dateTo, Criteria::LESS_EQUAL)));
} else { } else {
$dateFrom = $dateFrom . " 00:00:00"; $dateFrom = $dateFrom . " 00:00:00";
$criteria->add( AppMessagePeer::APP_MSG_DATE, $dateFrom, Criteria::GREATER_EQUAL ); $criteria->add(AppMessagePeer::APP_MSG_DATE, $dateFrom, Criteria::GREATER_EQUAL);
} }
} elseif ($dateTo != "") { } elseif ($dateTo != "") {
$dateTo = $dateTo . " 23:59:59"; $dateTo = $dateTo . " 23:59:59";
$criteria->add( AppMessagePeer::APP_MSG_DATE, $dateTo, Criteria::LESS_EQUAL ); $criteria->add(AppMessagePeer::APP_MSG_DATE, $dateTo, Criteria::LESS_EQUAL);
} }
if ($sort != '') { if ($sort != '') {
if (!in_array($sort, AppMessagePeer::getFieldNames(BasePeer::TYPE_FIELDNAME))) {
throw new Exception(G::LoadTranslation('ID_INVALID_VALUE_FOR', array('$sort')));
}
if ($dir == 'ASC') { if ($dir == 'ASC') {
$criteria->addAscendingOrderByColumn($sort); $criteria->addAscendingOrderByColumn($sort);
} else { } else {
$criteria->addDescendingOrderByColumn($sort); $criteria->addDescendingOrderByColumn($sort);
} }
} else { } else {
$oCriteria->addDescendingOrderByColumn(AppMessagePeer::APP_MSG_SEND_DATE ); $oCriteria->addDescendingOrderByColumn(AppMessagePeer::APP_MSG_SEND_DATE);
} }
if ($limit != '') { if ($limit != '') {
$criteria->setLimit($limit); $criteria->setLimit($limit);
@@ -187,60 +200,60 @@ switch($req){
$index = 1; $index = 1;
$content = new Content(); $content = new Content();
$tasTitleDefault = G::LoadTranslation('ID_TASK_NOT_RELATED'); $tasTitleDefault = G::LoadTranslation('ID_TASK_NOT_RELATED');
while ( $result->next() ) { while ($result->next()) {
$row = $result->getRow(); $row = $result->getRow();
$row['APP_MSG_FROM'] =htmlentities($row['APP_MSG_FROM'], ENT_QUOTES, "UTF-8"); $row['APP_MSG_FROM'] = htmlentities($row['APP_MSG_FROM'], ENT_QUOTES, "UTF-8");
$row['APP_MSG_STATUS'] = ucfirst ( $row['APP_MSG_STATUS']); $row['APP_MSG_STATUS'] = ucfirst($row['APP_MSG_STATUS']);
switch ($filterBy) { switch ($filterBy) {
case 'CASES': case 'CASES':
if ($row['DEL_INDEX'] != 0) { if ($row['DEL_INDEX'] != 0) {
$index = $row['DEL_INDEX']; $index = $row['DEL_INDEX'];
} }
$criteria = new Criteria(); $criteria = new Criteria();
$criteria->addSelectColumn(AppCacheViewPeer::APP_TITLE); $criteria->addSelectColumn(AppCacheViewPeer::APP_TITLE);
$criteria->addSelectColumn(AppCacheViewPeer::APP_TAS_TITLE); $criteria->addSelectColumn(AppCacheViewPeer::APP_TAS_TITLE);
$criteria->add(AppCacheViewPeer::APP_UID, $row['APP_UID'], Criteria::EQUAL); $criteria->add(AppCacheViewPeer::APP_UID, $row['APP_UID'], Criteria::EQUAL);
$criteria->add(AppCacheViewPeer::DEL_INDEX, $index, Criteria::EQUAL); $criteria->add(AppCacheViewPeer::DEL_INDEX, $index, Criteria::EQUAL);
$resultCacheView = AppCacheViewPeer::doSelectRS($criteria); $resultCacheView = AppCacheViewPeer::doSelectRS($criteria);
$resultCacheView->setFetchmode(ResultSet::FETCHMODE_ASSOC); $resultCacheView->setFetchmode(ResultSet::FETCHMODE_ASSOC);
$row['APP_TITLE'] = '-'; $row['APP_TITLE'] = '-';
while ($resultCacheView->next()) { while ($resultCacheView->next()) {
$rowCacheView = $resultCacheView->getRow(); $rowCacheView = $resultCacheView->getRow();
$row['APP_TITLE'] = $rowCacheView['APP_TITLE']; $row['APP_TITLE'] = $rowCacheView['APP_TITLE'];
$row['TAS_TITLE'] = $rowCacheView['APP_TAS_TITLE']; $row['TAS_TITLE'] = $rowCacheView['APP_TAS_TITLE'];
} }
if ($row['DEL_INDEX'] == 0) { if ($row['DEL_INDEX'] == 0) {
$row['TAS_TITLE'] = $tasTitleDefault; $row['TAS_TITLE'] = $tasTitleDefault;
} }
break; break;
case 'TEST': case 'TEST':
$row['PRO_UID'] = ''; $row['PRO_UID'] = '';
$row['APP_NUMBER'] = ''; $row['APP_NUMBER'] = '';
$row['PRO_TITLE'] = ''; $row['PRO_TITLE'] = '';
$row['APP_TITLE'] = ''; $row['APP_TITLE'] = '';
$row['TAS_TITLE'] = ''; $row['TAS_TITLE'] = '';
break; break;
case 'EXTERNAL-REGISTRATION': case 'EXTERNAL-REGISTRATION':
$row['PRO_UID'] = ''; $row['PRO_UID'] = '';
$row['APP_NUMBER'] = ''; $row['APP_NUMBER'] = '';
$row['PRO_TITLE'] = ''; $row['PRO_TITLE'] = '';
$row['APP_TITLE'] = ''; $row['APP_TITLE'] = '';
$row['TAS_TITLE'] = ''; $row['TAS_TITLE'] = '';
break; break;
} }
$data[] = $row; $data[] = $row;
} }
$response = array(); $response = array();
$response['totalCount'] = $totalCount; $response['totalCount'] = $totalCount;
$response['data'] = $data; $response['data'] = $data;
die(G::json_encode($response)); die(G::json_encode($response));
break; break;
case 'updateStatusMessage': case 'updateStatusMessage':

59
workflow/engine/src/ProcessMaker/Exception/RBACException.php Normal file
View File

@@ -0,0 +1,59 @@
<?php
namespace ProcessMaker\Exception;
use G;
/**
* Class PMException
* @package ProcessMaker\Exception
*/
class RBACException extends \Exception
{
const PM_LOGIN = '../login/login';
const PM_403 = '/errors/error403.php';
/**
* RBACException constructor.
* @param string $message
* @param null $code
*/
public function __construct($message, $code=NULL)
{
parent::__construct($message, $code);
}
/**
* Displays the entire exception as a string
* @return string
*/
public function __toString()
{
switch ($this->getCode()) {
case -1:
G::SendTemporalMessage($this->getMessage(), 'error', 'labels');
$message = self::PM_LOGIN;
break;
case -2:
G::SendTemporalMessage($this->getMessage(), 'error', 'labels');
$message = self::PM_LOGIN;
break;
case 403:
$message = self::PM_403;
break;
default:
$message = self::PM_LOGIN;
break;
}
return $message;
}
/**
* Returns the path to which to redirect
* @return $this
*/
public function getPath()
{
return $this;
}
}

2
workflow/public_html/app.php
View File

@@ -53,6 +53,8 @@ try {
break; break;
} }
} catch (ProcessMaker\Exception\RBACException $e) {
G::header('location: ' . $e->getPath());
} catch (Exception $e) { } catch (Exception $e) {
$view = new Maveriks\Pattern\Mvc\PhtmlView($rootDir . "framework/src/templates/Exception.phtml"); $view = new Maveriks\Pattern\Mvc\PhtmlView($rootDir . "framework/src/templates/Exception.phtml");
$view->set("message", $e->getMessage()); $view->set("message", $e->getMessage());