diff --git a/gulliver/system/class.rbac.php b/gulliver/system/class.rbac.php
index 383d4af2a..9335d600f 100644
--- a/gulliver/system/class.rbac.php
+++ b/gulliver/system/class.rbac.php
@@ -387,7 +387,7 @@ class RBAC
],
[
"PER_UID" => "00000000000000000000000000000015",
- "PER_CODE" => "PM_FOLDERS_VIEW",
+ "PER_CODE" => "PM_FOLDERS_ALL",
"PER_NAME" => "View Folders"
],
[
@@ -645,8 +645,12 @@ class RBAC
'PER_UID' => '00000000000000000000000000000067',
'PER_CODE' => 'PM_SETUP_LOG_FILES',
'PER_NAME' => 'Log Files'
+ ],
+ [
+ 'PER_UID' => '00000000000000000000000000000068',
+ 'PER_CODE' => 'PM_FOLDERS_OWNER',
+ 'PER_NAME' => 'View Your Folders'
]
-
];
return $permissionsAdmin;
diff --git a/rbac/engine/data/mysql/insert.sql b/rbac/engine/data/mysql/insert.sql
index 19cb44616..e01cb604b 100644
--- a/rbac/engine/data/mysql/insert.sql
+++ b/rbac/engine/data/mysql/insert.sql
@@ -13,7 +13,7 @@ INSERT INTO `RBAC_PERMISSIONS` VALUES
('00000000000000000000000000000012','PM_WEBDAV','2009-08-21 00:00:00','2009-08-21 00:00:00',1,'00000000000000000000000000000002'),
('00000000000000000000000000000013','PM_DELETECASE','2009-10-12 00:00:00',NULL,1,'00000000000000000000000000000002'),
('00000000000000000000000000000014','PM_EDITPERSONALINFO','2009-10-12 00:00:00',NULL,1,'00000000000000000000000000000002'),
-('00000000000000000000000000000015','PM_FOLDERS_VIEW','2009-10-12 00:00:00',NULL,1,'00000000000000000000000000000002'),
+('00000000000000000000000000000015','PM_FOLDERS_ALL','2009-10-12 00:00:00',NULL,1,'00000000000000000000000000000002'),
('00000000000000000000000000000016','PM_FOLDERS_ADD_FOLDER','2009-10-12 00:00:00',NULL,1,'00000000000000000000000000000002'),
('00000000000000000000000000000017','PM_FOLDERS_ADD_FILE','2009-10-12 00:00:00',NULL,1,'00000000000000000000000000000002'),
('00000000000000000000000000000018','PM_CANCELCASE','2011-12-11 00:00:00','2011-12-11 00:00:00',1,'00000000000000000000000000000002'),
@@ -65,7 +65,8 @@ INSERT INTO `RBAC_PERMISSIONS` VALUES
('00000000000000000000000000000064','PM_REASSIGNCASE_SUPERVISOR','2016-09-01 00:00:00','2016-09-01 00:00:00',1,'00000000000000000000000000000002'),
('00000000000000000000000000000065','PM_SETUP_CUSTOM_CASES_LIST','2017-03-27 00:00:00','2017-03-27 00:00:00',1,'00000000000000000000000000000002'),
('00000000000000000000000000000066','PM_GUEST_CASE','2017-03-27 00:00:00','2017-03-27 00:00:00',1,'00000000000000000000000000000002'),
-('00000000000000000000000000000067','PM_SETUP_LOG_FILES','2018-02-06 00:00:00','2018-02-06 00:00:00',1,'00000000000000000000000000000002');
+('00000000000000000000000000000067','PM_SETUP_LOG_FILES','2018-02-06 00:00:00','2018-02-06 00:00:00',1,'00000000000000000000000000000002'),
+('00000000000000000000000000000068','PM_FOLDERS_OWNER','2020-01-29 00:00:00','2020-01-29 00:00:00',1,'00000000000000000000000000000002');
INSERT INTO `RBAC_ROLES` VALUES
('00000000000000000000000000000001','','00000000000000000000000000000001','RBAC_ADMIN','2007-07-31 19:10:22','2007-08-03 12:24:36',1),
@@ -142,6 +143,7 @@ INSERT INTO `RBAC_ROLES_PERMISSIONS` VALUES
('00000000000000000000000000000002','00000000000000000000000000000064'),
('00000000000000000000000000000002','00000000000000000000000000000065'),
('00000000000000000000000000000002','00000000000000000000000000000067'),
+('00000000000000000000000000000002','00000000000000000000000000000068'),
('00000000000000000000000000000003','00000000000000000000000000000001'),
('00000000000000000000000000000003','00000000000000000000000000000005'),
('00000000000000000000000000000003','00000000000000000000000000000040'),
diff --git a/workflow/engine/data/mysql/insert.sql b/workflow/engine/data/mysql/insert.sql
index 9584a37ab..6d278e133 100644
--- a/workflow/engine/data/mysql/insert.sql
+++ b/workflow/engine/data/mysql/insert.sql
@@ -71,7 +71,8 @@ INSERT INTO CONTENT (CON_CATEGORY,CON_PARENT,CON_ID,CON_LANG,CON_VALUE) VALUES
('PER_NAME','','00000000000000000000000000000063','en','Edit User profile Default Cases Menu Options'),
('PER_NAME','','00000000000000000000000000000064','en','Reassign case supervisor'),
('PER_NAME','','00000000000000000000000000000065','en','Setup Custom Cases List'),
-('PER_NAME','','00000000000000000000000000000067','en','Log Files');
+('PER_NAME','','00000000000000000000000000000067','en','Log Files'),
+('PER_NAME','','00000000000000000000000000000068','en','View Your Folders');
INSERT INTO LANGUAGE (LAN_ID,LAN_LOCATION,LAN_NAME,LAN_NATIVE_NAME,LAN_DIRECTION,LAN_WEIGHT,LAN_ENABLED,LAN_CALENDAR) VALUES
('aa','','Afar','','L','0','0','GREGORIAN'),
diff --git a/workflow/engine/menus/cases.php b/workflow/engine/menus/cases.php
index 0e71af4ce..27760aea9 100644
--- a/workflow/engine/menus/cases.php
+++ b/workflow/engine/menus/cases.php
@@ -111,7 +111,7 @@ if ($RBAC->userCanAccess('PM_REASSIGNCASE') == 1 || $RBAC->userCanAccess('PM_REA
);
}
-if ($RBAC->userCanAccess('PM_FOLDERS_VIEW') == 1) {
+if ($RBAC->userCanAccess('PM_FOLDERS_VIEW_ALL') == 1 || $RBAC->userCanAccess('PM_FOLDERS_VIEW_OWNER') == 1) {
$G_TMP_MENU->AddIdRawOption(
'CASES_FOLDERS',
'casesStartPage?action=documents',
@@ -122,7 +122,6 @@ if ($RBAC->userCanAccess('PM_FOLDERS_VIEW') == 1) {
);
}
-
//Load Other registered Dashboards (From plugins)
$oPluginRegistry = PluginRegistry::loadSingleton();
/** @var \ProcessMaker\Plugins\Interfaces\DashboardPage[] $dashBoardPages */
diff --git a/workflow/engine/methods/appFolder/appFolderAjax.php b/workflow/engine/methods/appFolder/appFolderAjax.php
index 460db13c6..a15b290ff 100644
--- a/workflow/engine/methods/appFolder/appFolderAjax.php
+++ b/workflow/engine/methods/appFolder/appFolderAjax.php
@@ -161,55 +161,65 @@ function sendJsonResultGeneric($response, $callback)
}
}
+/**
+ * List documents uploaded
+ *
+ * @link https://wiki.processmaker.com/3.2/Cases/Documents
+*/
function expandNode()
{
extract(getExtJSParams());
-
- $oPMFolder = new AppFolder();
-
+ $pmFolder = new AppFolder();
$rootFolder = "/";
- if ($_POST ['node']=="") {
- $_POST ['node'] ="/";
+ if ($_POST ['node'] == "") {
+ $_POST ['node'] = "/";
}
- if ($_POST ['node']=="root") {
- $_POST ['node'] ="/";
+ if ($_POST ['node'] == "root") {
+ $_POST ['node'] = "/";
}
if (!(isset($_POST['sendWhat']))) {
- $_POST['sendWhat']="both";
+ $_POST['sendWhat'] = "both";
}
if (isset($_POST['renderTree'])) {
$limit = 1000000;
}
- $totalItems=0;
- $totalFolders=0;
- $totalDocuments=0;
+ $totalItems = 0;
+ $totalFolders = 0;
+ $totalDocuments = 0;
if (($_POST['sendWhat'] == "dirs") || ($_POST['sendWhat'] == "both")) {
- $folderListObj = $oPMFolder->getFolderList(
- ($_POST["node"] != "root")? (($_POST["node"] == "NA")? "" : $_POST["node"]) : $rootFolder,
+ $folderListObj = $pmFolder->getFolderList(
+ ($_POST["node"] != "root") ? (($_POST["node"] == "NA") ? "" : $_POST["node"]) : $rootFolder,
$limit,
$start,
'ASC',
'name'
);
- $folderList=$folderListObj['folders'];
- $totalFolders=$folderListObj['totalFoldersCount'];
- $totalItems+=count($folderList);
+ $folderList = $folderListObj['folders'];
+ $totalFolders = $folderListObj['totalFoldersCount'];
+ $totalItems += count($folderList);
}
if (($_POST['sendWhat'] == "files") || ($_POST['sendWhat'] == "both")) {
global $RBAC;
- $user = ($RBAC->userCanAccess('PM_ALLCASES') == 1)? '' : $_SESSION['USER_LOGGED'];
+ // Review if we need to filter by user
+ if ($RBAC->userCanAccess('PM_FOLDERS_ALL') == 1) {
+ // List all documents related to the all users
+ $user = '';
+ } elseif ($RBAC->userCanAccess('PM_FOLDERS_OWNER') == 1) {
+ // List documents related to the userLogged
+ $user = $_SESSION['USER_LOGGED'];
+ }
- $folderContentObj = $oPMFolder->getFolderContent(
- ($_POST["node"] != "root")? (($_POST["node"] == "NA")? "" : $_POST["node"]) : $rootFolder,
+ $folderContentObj = $pmFolder->getFolderContent(
+ ($_POST["node"] != "root") ? (($_POST["node"] == "NA") ? "" : $_POST["node"]) : $rootFolder,
array(),
null,
null,
@@ -220,18 +230,15 @@ function expandNode()
$search
);
- $folderContent=$folderContentObj['documents'];
- $totalDocuments=$folderContentObj['totalDocumentsCount'];
- $totalItems+=count($folderContent);
+ $folderContent = $folderContentObj['documents'];
+ $totalDocuments = $folderContentObj['totalDocumentsCount'];
}
- $processListTree = array();
- $tempTree = array();
+ $processListTree = [];
+ $tempTree = [];
- if (isset($folderList) && sizeof($folderList)>0) {
- //$tempTree=array();
+ if (isset($folderList) && sizeof($folderList) > 0) {
foreach ($folderList as $key => $obj) {
- //$tempTree ['all-obj'] = $obj;
$tempTree ['text'] = $obj['FOLDER_NAME'];
$tempTree ['id'] = $obj['FOLDER_UID'];
$tempTree ['folderID'] = $obj['FOLDER_UID'];
@@ -241,106 +248,33 @@ function expandNode()
$tempTree ['type'] = "Directory";
$tempTree ['is_file'] = false;
$tempTree ['appDocCreateDate'] = $obj['FOLDER_CREATE_DATE'];
- $tempTree ['qtip'] ='Directory: '.$obj['FOLDER_NAME'].
- '
Create Date: '.$obj['FOLDER_CREATE_DATE'].'';
- $tempTree ['is_writable'] =true;
- $tempTree ['is_chmodable'] =true;
- $tempTree ['is_readable'] =true;
- $tempTree ['is_deletable'] =true;
+ $tempTree ['qtip'] = 'Directory: ' . $obj['FOLDER_NAME'] .
+ '
Create Date: ' . $obj['FOLDER_CREATE_DATE'] . '';
+ $tempTree ['is_writable'] = true;
+ $tempTree ['is_chmodable'] = true;
+ $tempTree ['is_readable'] = true;
+ $tempTree ['is_deletable'] = true;
- if ((isset($_POST['option']))&& ($_POST['option'] == "gridDocuments")) {
+ if ((isset($_POST['option'])) && ($_POST['option'] == "gridDocuments")) {
$tempTree ['icon'] = "/images/documents/extension/folder.png";
}
- //$tempTree ['leaf'] = true;
- //$tempTree ['optionType'] = "category";
- //$tempTree['allowDrop']=false;
- //$tempTree ['singleClickExpand'] = false;
- /*
- if ($key != "No Category") {
- $tempTree ['expanded'] = true;
- } else {
- //$tempTree ['expanded'] = false;
- $tempTree ['expanded'] = true;
- }
- */
$processListTree [] = $tempTree;
- $tempTree=array();
- }
- /*if ($_POST ['node'] == '/') {
- $notInFolderLabel = G::LoadTranslation ('ID_NOT_IN_FOLDER');
- $tempTree ['text'] = $notInFolderLabel;
- $tempTree ['id'] = "NA";
- $tempTree ['folderID'] = "NA";
- $tempTree ['cls'] = 'folder';
- $tempTree ['draggable' ] = true;
- $tempTree ['name'] = $notInFolderLabel;
- $tempTree ['type'] = "Directory";
- $tempTree ['is_file'] = false;
- $tempTree ['qtip'] ='Directory: '.$notInFolderLabel.'
Unfiled Files ';
- $tempTree ['is_writable'] =true;
- $tempTree ['is_chmodable'] =true;
- $tempTree ['is_readable'] =true;
- $tempTree ['is_deletable'] =true;
-
- if ((isset($_POST['option']))&&($_POST['option']=="gridDocuments")) {
- $tempTree ['icon'] = "/images/documents/extension/bz2.png";
- }*/
- //$tempTree ['leaf'] = true;
- //$tempTree ['optionType'] = "category";
- //$tempTree['allowDrop']=false;
- //$tempTree ['singleClickExpand'] = false;
- /*
- if ($key != "No Category") {
- $tempTree ['expanded'] = true;
- } else {
- //$tempTree ['expanded'] = false;
- $tempTree ['expanded'] = true;
- }
- */
- /*$processListTree [] = $tempTree;
- $tempTree=array();
- }*/
- } else {
- if ($_POST ['node'] == '/') {
- //$tempTree=array();
- //$processListTree [] = array();
+ $tempTree = [];
}
}
if (isset($folderContent)) {
foreach ($folderContent as $key => $obj) {
$mimeInformation = getMime($obj["APP_DOC_FILENAME"]);
-
$tempTree["text"] = $obj["APP_DOC_FILENAME"];
$tempTree["name"] = $obj["APP_DOC_FILENAME"];
$tempTree["type"] = $mimeInformation["description"];
$tempTree["icon"] = $mimeInformation["icon"];
-
- /*
- if (isset($obj['OUT_DOC_GENERATE'])) {
- if ($obj['OUT_DOC_GENERATE'] == "BOTH") {
- $arrayType=array("PDF","DOC");
- } else {
- $arrayType=array($obj['OUT_DOC_GENERATE']);
- }
- foreach ($arrayType as $keyType => $fileType) {
- $tempTree ['text'.$fileType] = $obj['APP_DOC_FILENAME'].".".strtolower($fileType);
- $tempTree ['name'.$fileType] = $obj['APP_DOC_FILENAME'].".".strtolower($fileType);
- $mimeInformation=getMime($obj['APP_DOC_FILENAME'].".".strtolower($fileType));
- $tempTree ['type'.$fileType] = $mimeInformation['description'];
- $tempTree ['icon'.$fileType] = $mimeInformation['icon'];
- }
- }
- */
-
$tempTree ['appdocid'] = $obj['APP_DOC_UID'];
$tempTree ['id'] = $obj['APP_DOC_UID_VERSION'];
$tempTree ['cls'] = 'file';
- //$tempTree ['draggable'] = true;
$tempTree ['leaf'] = true;
$tempTree ['is_file'] = true;
- //if ((isset($_POST['option']))&&($_POST['option']=="gridDocuments")) {
- //}
$tempTree ['docVersion'] = $obj['DOC_VERSION'];
$tempTree ['appUid'] = $obj['APP_UID'];
$tempTree ['usrUid'] = $obj['USR_UID'];
@@ -374,39 +308,24 @@ function expandNode()
}
$tempTree ['deletelabel'] = $obj['DELETE_LABEL'];
- if ((isset($obj['DOWNLOAD_LABEL'])) && ($obj['DOWNLOAD_LABEL']!="")) {
- $labelgen=strtoupper(str_replace(".", "", $obj['DOWNLOAD_LABEL']));
- $tempTree ['downloadLabel'.$labelgen] = $obj['DOWNLOAD_LABEL'];
- $tempTree ['downloadLink'.$labelgen] = $obj['DOWNLOAD_LINK'];
+ if ((isset($obj['DOWNLOAD_LABEL'])) && ($obj['DOWNLOAD_LABEL'] != "")) {
+ $labelgen = strtoupper(str_replace(".", "", $obj['DOWNLOAD_LABEL']));
+ $tempTree ['downloadLabel' . $labelgen] = $obj['DOWNLOAD_LABEL'];
+ $tempTree ['downloadLink' . $labelgen] = $obj['DOWNLOAD_LINK'];
}
$tempTree ['downloadLabel'] = $obj['DOWNLOAD_LABEL'];
$tempTree ['downloadLink'] = $obj['DOWNLOAD_LINK'];
- if ((isset($obj['DOWNLOAD_LABEL1'])) && ($obj['DOWNLOAD_LABEL1']!="")) {
- $labelgen=strtoupper(str_replace(".", "", $obj['DOWNLOAD_LABEL1']));
- $tempTree ['downloadLabel'.$labelgen] = $obj['DOWNLOAD_LABEL1'];
- $tempTree ['downloadLink'.$labelgen] = $obj['DOWNLOAD_LINK1'];
+ if ((isset($obj['DOWNLOAD_LABEL1'])) && ($obj['DOWNLOAD_LABEL1'] != "")) {
+ $labelgen = strtoupper(str_replace(".", "", $obj['DOWNLOAD_LABEL1']));
+ $tempTree ['downloadLabel' . $labelgen] = $obj['DOWNLOAD_LABEL1'];
+ $tempTree ['downloadLink' . $labelgen] = $obj['DOWNLOAD_LINK1'];
}
$tempTree ['downloadLabel1'] = $obj['DOWNLOAD_LABEL1'];
$tempTree ['downloadLink1'] = $obj['DOWNLOAD_LINK1'];
-
$tempTree ['appDocUidVersion'] = $obj['APP_DOC_UID_VERSION'];
-
$tempTree ['is_readable'] = true;
$tempTree ['is_file'] = true;
-
- //$tempTree ['optionType'] = "category";
- //$tempTree['allowDrop']=false;
- //$tempTree ['singleClickExpand'] = true;
- /*
- if ($key != "No Category") {
- $tempTree ['expanded'] = true;
- } else {
- //$tempTree ['expanded'] = false;
- $tempTree ['expanded'] = true;
- }
- */
-
$tempTree["outDocGenerate"] = "";
if (isset($obj["OUT_DOC_GENERATE"])) {
@@ -420,12 +339,9 @@ function expandNode()
$tempTree["type"] = $mimeInformation["description"];
$tempTree["icon"] = $mimeInformation["icon"];
$tempTree["appDocFileName"] = $tempTree["name"];
-
$tempTree["downloadLabel"] = $tempTree["downloadLabel" . $obj["OUT_DOC_GENERATE"]];
$tempTree["downloadLink"] = $tempTree["downloadLink" . $obj["OUT_DOC_GENERATE"]];
-
$tempTree["id"] = $tempTree["id"] . "_" . $obj["OUT_DOC_GENERATE"];
-
$processListTree[] = $tempTree;
break;
case "BOTH":
@@ -437,28 +353,19 @@ function expandNode()
$strExpander = $strExpander . "![\"\"](\"/images/documents/extension/doc.png\")
" . $obj["APP_DOC_FILENAME"] . ".doc (" . $mimeInformation["description"] . ")";
$tempTree["outDocGenerate"] = $strExpander;
-
$tempTree["text"] = $obj["APP_DOC_FILENAME"];
$tempTree["name"] = $obj["APP_DOC_FILENAME"];
$tempTree["type"] = "";
$tempTree["icon"] = "/images/documents/extension/document.png";
$tempTree["appDocFileName"] = $tempTree["name"];
-
- //$tempTree["downloadLabel"] = $obj["DOWNLOAD_LABEL"];
- //$tempTree["downloadLink"] = $obj["DOWNLOAD_LINK"];
-
$tempTree["id"] = $tempTree["id"] . "_" . $obj["OUT_DOC_GENERATE"];
-
$processListTree[] = $tempTree;
break;
- //case "NOFILE":
- // break;
}
} else {
if ($obj["APP_DOC_TYPE"] == "OUTPUT" &&
$tempTree["type"] == G::LoadTranslation("MIME_DES_FILE") &&
- preg_match("/^.+&ext=(.+)&.+$/", $tempTree["downloadLink"], $arrayMatch)
- ) {
+ preg_match("/^.+&ext=(.+)&.+$/", $tempTree["downloadLink"], $arrayMatch)) {
$ext = $arrayMatch[1];
$mimeInformation = getMime($obj["APP_DOC_FILENAME"] . ".$ext");
@@ -467,18 +374,16 @@ function expandNode()
$tempTree["type"] = $mimeInformation["description"];
$tempTree["icon"] = $mimeInformation["icon"];
}
-
$processListTree[] = $tempTree;
}
-
- $tempTree = array();
+ $tempTree = [];
}
}
if ((isset($_POST['option'])) && ($_POST['option'] == "gridDocuments")) {
$processListTreeTemp["totalCount"] = $totalFolders + $totalDocuments;
- $processListTreeTemp['msg']='correct reload';
- $processListTreeTemp['items']=$processListTree;
+ $processListTreeTemp['msg'] = 'correct reload';
+ $processListTreeTemp['items'] = $processListTree;
$processListTree = $processListTreeTemp;
}
diff --git a/workflow/engine/methods/cases/cases_ShowDocument.php b/workflow/engine/methods/cases/cases_ShowDocument.php
index fd9c1aa71..0ed742570 100644
--- a/workflow/engine/methods/cases/cases_ShowDocument.php
+++ b/workflow/engine/methods/cases/cases_ShowDocument.php
@@ -2,29 +2,10 @@
/**
* cases_ShowDocument.php
*
- * ProcessMaker Open Source Edition
- * Copyright (C) 2004 - 2008 Colosa Inc.23
+ * Download documents related to the input document
*
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see .
- *
- * For more information, contact Colosa Inc, 2566 Le Jeune Rd.,
- * Coral Gables, FL, 33134, USA, or email info@colosa.com.
- */
-/*
- * Created on 13-02-2008
- *
- * @author David Callizaya
+ * @link https://wiki.processmaker.com/3.2/Cases/Documents#Downloading_Files
+ * @link https://wiki.processmaker.com/3.3/Cases/Information#Uploaded_Documents
*/
if (isset($_REQUEST['actionAjax']) && $_REQUEST['actionAjax'] == "verifySession") {
if (!isset($_SESSION['USER_LOGGED'])) {
@@ -63,7 +44,7 @@ if (empty($_GET['v'])) {
//Check if the user can be download the input Document
//Send the parameter v = Version
//Send the parameter a = Case UID
-if (defined('DISABLE_DOWNLOAD_DOCUMENTS_SESSION_VALIDATION') && DISABLE_DOWNLOAD_DOCUMENTS_SESSION_VALIDATION == 0) {
+if ($RBAC->userCanAccess('PM_FOLDERS_ALL') != 1 && defined('DISABLE_DOWNLOAD_DOCUMENTS_SESSION_VALIDATION') && DISABLE_DOWNLOAD_DOCUMENTS_SESSION_VALIDATION == 0) {
if (!$oAppDocument->canDownloadInput($_SESSION['USER_LOGGED'], $_GET['a'], $docVersion)) {
G::header('Location: /errors/error403.php');
die();
diff --git a/workflow/engine/methods/cases/cases_ShowOutputDocument.php b/workflow/engine/methods/cases/cases_ShowOutputDocument.php
index a824cc55d..65383e3e0 100644
--- a/workflow/engine/methods/cases/cases_ShowOutputDocument.php
+++ b/workflow/engine/methods/cases/cases_ShowOutputDocument.php
@@ -2,29 +2,10 @@
/**
* cases_ShowOutputDocument.php
*
- * ProcessMaker Open Source Edition
- * Copyright (C) 2004 - 2008 Colosa Inc.23
+ * Download documents related to the output document
*
- * This program is free software: you can redistribute it and/or modify
- * it under the terms of the GNU Affero General Public License as
- * published by the Free Software Foundation, either version 3 of the
- * License, or (at your option) any later version.
- *
- * This program is distributed in the hope that it will be useful,
- * but WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
- * GNU Affero General Public License for more details.
- *
- * You should have received a copy of the GNU Affero General Public License
- * along with this program. If not, see .
- *
- * For more information, contact Colosa Inc, 2566 Le Jeune Rd.,
- * Coral Gables, FL, 33134, USA, or email info@colosa.com.
- *
- * Created on 13-02-2008
- *
- *
- * @author David Callizaya
+ * @link https://wiki.processmaker.com/3.2/Cases/Documents#Downloading_Files
+ * @link https://wiki.processmaker.com/3.3/Cases/Information#Generated_Documents
*/
use ProcessMaker\Plugins\PluginRegistry;
@@ -63,7 +44,7 @@ $oOutputDocument->Fields = $oOutputDocument->getByUid($sDocUid);
$download = $oOutputDocument->Fields['OUT_DOC_OPEN_TYPE'];
//Check if the user can be download the Output Document
-if (defined('DISABLE_DOWNLOAD_DOCUMENTS_SESSION_VALIDATION') && DISABLE_DOWNLOAD_DOCUMENTS_SESSION_VALIDATION == 0) {
+if ($RBAC->userCanAccess('PM_FOLDERS_ALL') != 1 && defined('DISABLE_DOWNLOAD_DOCUMENTS_SESSION_VALIDATION') && DISABLE_DOWNLOAD_DOCUMENTS_SESSION_VALIDATION == 0) {
if (!$oAppDocument->canDownloadOutput(
$oAppDocument->Fields['USR_UID'],
$_SESSION['USER_LOGGED'],