Merged in bugfix/HOR-2652 (pull request #5392)

HOR-2652 Approved-by: Julio Cesar Laura Avendaño
2017-02-09 16:00:28 +00:00
parent c14fe74301 580b0958b2
commit 1ba069ffee
1 changed files with 27 additions and 0 deletions
--- a/workflow/engine/src/ProcessMaker/Services/Api/Light.php
+++ b/workflow/engine/src/ProcessMaker/Services/Api/Light.php
@@ -30,6 +30,31 @@ class Light extends Api
        'delRiskDate'
    ];

+    public function __isAllowed()
+    {
+        try {
+            $methodName = $this->restler->apiMethodInfo->methodName;
+            $arrayArgs  = $this->restler->apiMethodInfo->arguments;
+            switch ($methodName) {
+                case 'doIfAlreadyRoute':
+                    $applicationUid = $this->parameters[$arrayArgs['app_uid']];
+                    $delIndex = $this->parameters[$arrayArgs['cas_index']];
+                    $userUid = $this->getUserId();
+                    //Check if the user has the case
+                    $appDelegation = new \AppDelegation();
+                    $aCurUser = $appDelegation->getCurrentUsers($applicationUid, $delIndex);
+                    if (!empty($aCurUser) && in_array($userUid, $aCurUser)) {
+                        return true;
+                    }
+                    return false;
+                    break;
+            }
+            return false;
+        } catch (\Exception $e) {
+            throw new RestException(Api::STAT_APP_EXCEPTION, $e->getMessage());
+        }
+    }
+
    /**
     * Constructor of the class
     *
@@ -793,6 +818,8 @@ class Light extends Api
    /**
     * Get Already Route
     *
+     * @access protected
+     * @class  AccessControl {@className \ProcessMaker\Services\Api\Light}
     * @param string $app_uid  {@min 1}{@max 32}
     * @param int $cas_index
     *