fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merged in bugfix/PMCORE-542-A (pull request #7228)

Browse Source 
PMCORE-542

Approved-by: Julio Cesar Laura Avendaño <contact@julio-laura.com>
This commit is contained in:
Paula Quispe
2020-01-29 20:13:10 +00:00
committed by Julio Cesar Laura Avendaño
parent 2691c18719 75b74fe4d6
commit 25e4350c3e
7 changed files with 75 additions and 202 deletions
Download Patch File Download Diff File Expand all files Collapse all files

8
gulliver/system/class.rbac.php
View File

@@ -387,7 +387,7 @@ class RBAC
],
[
"PER_UID" => "00000000000000000000000000000015",
"PER_CODE" => "PM_FOLDERS_VIEW",
"PER_CODE" => "PM_FOLDERS_ALL",
"PER_NAME" => "View Folders"
],
[
@@ -645,8 +645,12 @@ class RBAC
'PER_UID' => '00000000000000000000000000000067',
'PER_CODE' => 'PM_SETUP_LOG_FILES',
'PER_NAME' => 'Log Files'
],
[
'PER_UID' => '00000000000000000000000000000068',
'PER_CODE' => 'PM_FOLDERS_OWNER',
'PER_NAME' => 'View Your Folders'
]
];
return $permissionsAdmin;

6
rbac/engine/data/mysql/insert.sql
View File

@@ -13,7 +13,7 @@ INSERT INTO `RBAC_PERMISSIONS` VALUES
('00000000000000000000000000000012','PM_WEBDAV','2009-08-21 00:00:00','2009-08-21 00:00:00',1,'00000000000000000000000000000002'),
('00000000000000000000000000000013','PM_DELETECASE','2009-10-12 00:00:00',NULL,1,'00000000000000000000000000000002'),
('00000000000000000000000000000014','PM_EDITPERSONALINFO','2009-10-12 00:00:00',NULL,1,'00000000000000000000000000000002'),
('00000000000000000000000000000015','PM_FOLDERS_VIEW','2009-10-12 00:00:00',NULL,1,'00000000000000000000000000000002'),
('00000000000000000000000000000015','PM_FOLDERS_ALL','2009-10-12 00:00:00',NULL,1,'00000000000000000000000000000002'),
('00000000000000000000000000000016','PM_FOLDERS_ADD_FOLDER','2009-10-12 00:00:00',NULL,1,'00000000000000000000000000000002'),
('00000000000000000000000000000017','PM_FOLDERS_ADD_FILE','2009-10-12 00:00:00',NULL,1,'00000000000000000000000000000002'),
('00000000000000000000000000000018','PM_CANCELCASE','2011-12-11 00:00:00','2011-12-11 00:00:00',1,'00000000000000000000000000000002'),
@@ -65,7 +65,8 @@ INSERT INTO `RBAC_PERMISSIONS` VALUES
('00000000000000000000000000000064','PM_REASSIGNCASE_SUPERVISOR','2016-09-01 00:00:00','2016-09-01 00:00:00',1,'00000000000000000000000000000002'),
('00000000000000000000000000000065','PM_SETUP_CUSTOM_CASES_LIST','2017-03-27 00:00:00','2017-03-27 00:00:00',1,'00000000000000000000000000000002'),
('00000000000000000000000000000066','PM_GUEST_CASE','2017-03-27 00:00:00','2017-03-27 00:00:00',1,'00000000000000000000000000000002'),
('00000000000000000000000000000067','PM_SETUP_LOG_FILES','2018-02-06 00:00:00','2018-02-06 00:00:00',1,'00000000000000000000000000000002');
('00000000000000000000000000000067','PM_SETUP_LOG_FILES','2018-02-06 00:00:00','2018-02-06 00:00:00',1,'00000000000000000000000000000002'),
('00000000000000000000000000000068','PM_FOLDERS_OWNER','2020-01-29 00:00:00','2020-01-29 00:00:00',1,'00000000000000000000000000000002');
INSERT INTO `RBAC_ROLES` VALUES
('00000000000000000000000000000001','','00000000000000000000000000000001','RBAC_ADMIN','2007-07-31 19:10:22','2007-08-03 12:24:36',1),
@@ -142,6 +143,7 @@ INSERT INTO `RBAC_ROLES_PERMISSIONS` VALUES
('00000000000000000000000000000002','00000000000000000000000000000064'),
('00000000000000000000000000000002','00000000000000000000000000000065'),
('00000000000000000000000000000002','00000000000000000000000000000067'),
('00000000000000000000000000000002','00000000000000000000000000000068'),
('00000000000000000000000000000003','00000000000000000000000000000001'),
('00000000000000000000000000000003','00000000000000000000000000000005'),
('00000000000000000000000000000003','00000000000000000000000000000040'),

3
workflow/engine/data/mysql/insert.sql
View File

@@ -71,7 +71,8 @@ INSERT INTO CONTENT (CON_CATEGORY,CON_PARENT,CON_ID,CON_LANG,CON_VALUE) VALUES
('PER_NAME','','00000000000000000000000000000063','en','Edit User profile Default Cases Menu Options'),
('PER_NAME','','00000000000000000000000000000064','en','Reassign case supervisor'),
('PER_NAME','','00000000000000000000000000000065','en','Setup Custom Cases List'),
('PER_NAME','','00000000000000000000000000000067','en','Log Files');
('PER_NAME','','00000000000000000000000000000067','en','Log Files'),
('PER_NAME','','00000000000000000000000000000068','en','View Your Folders');
INSERT INTO LANGUAGE (LAN_ID,LAN_LOCATION,LAN_NAME,LAN_NATIVE_NAME,LAN_DIRECTION,LAN_WEIGHT,LAN_ENABLED,LAN_CALENDAR) VALUES
('aa','','Afar','','L','0','0','GREGORIAN'),

3
workflow/engine/menus/cases.php
View File

@@ -111,7 +111,7 @@ if ($RBAC->userCanAccess('PM_REASSIGNCASE') == 1 || $RBAC->userCanAccess('PM_REA
);
}
if ($RBAC->userCanAccess('PM_FOLDERS_VIEW') == 1) {
if ($RBAC->userCanAccess('PM_FOLDERS_VIEW_ALL') == 1 || $RBAC->userCanAccess('PM_FOLDERS_VIEW_OWNER') == 1) {
$G_TMP_MENU->AddIdRawOption(
'CASES_FOLDERS',
'casesStartPage?action=documents',
@@ -122,7 +122,6 @@ if ($RBAC->userCanAccess('PM_FOLDERS_VIEW') == 1) {
);
}
//Load Other registered Dashboards (From plugins)
$oPluginRegistry = PluginRegistry::loadSingleton();
/** @var \ProcessMaker\Plugins\Interfaces\DashboardPage[] $dashBoardPages */

137
workflow/engine/methods/appFolder/appFolderAjax.php
View File

@@ -161,12 +161,15 @@ function sendJsonResultGeneric($response, $callback)
}
}
/**
* List documents uploaded
*
* @link https://wiki.processmaker.com/3.2/Cases/Documents
*/
function expandNode()
{
extract(getExtJSParams());
$oPMFolder = new AppFolder();
$pmFolder = new AppFolder();
$rootFolder = "/";
if ($_POST ['node'] == "") {
@@ -190,7 +193,7 @@ function expandNode()
$totalDocuments = 0;
if (($_POST['sendWhat'] == "dirs") || ($_POST['sendWhat'] == "both")) {
$folderListObj = $oPMFolder->getFolderList(
$folderListObj = $pmFolder->getFolderList(
($_POST["node"] != "root") ? (($_POST["node"] == "NA") ? "" : $_POST["node"]) : $rootFolder,
$limit,
$start,
@@ -206,9 +209,16 @@ function expandNode()
if (($_POST['sendWhat'] == "files") || ($_POST['sendWhat'] == "both")) {
global $RBAC;
$user = ($RBAC->userCanAccess('PM_ALLCASES') == 1)? '' : $_SESSION['USER_LOGGED'];
// Review if we need to filter by user
if ($RBAC->userCanAccess('PM_FOLDERS_ALL') == 1) {
// List all documents related to the all users
$user = '';
} elseif ($RBAC->userCanAccess('PM_FOLDERS_OWNER') == 1) {
// List documents related to the userLogged
$user = $_SESSION['USER_LOGGED'];
}
$folderContentObj = $oPMFolder->getFolderContent(
$folderContentObj = $pmFolder->getFolderContent(
($_POST["node"] != "root") ? (($_POST["node"] == "NA") ? "" : $_POST["node"]) : $rootFolder,
array(),
null,
@@ -222,16 +232,13 @@ function expandNode()
$folderContent = $folderContentObj['documents'];
$totalDocuments = $folderContentObj['totalDocumentsCount'];
$totalItems+=count($folderContent);
}
$processListTree = array();
$tempTree = array();
$processListTree = [];
$tempTree = [];
if (isset($folderList) && sizeof($folderList) > 0) {
//$tempTree=array();
foreach ($folderList as $key => $obj) {
//$tempTree ['all-obj'] = $obj;
$tempTree ['text'] = $obj['FOLDER_NAME'];
$tempTree ['id'] = $obj['FOLDER_UID'];
$tempTree ['folderID'] = $obj['FOLDER_UID'];
@@ -251,96 +258,23 @@ function expandNode()
if ((isset($_POST['option'])) && ($_POST['option'] == "gridDocuments")) {
$tempTree ['icon'] = "/images/documents/extension/folder.png";
}
//$tempTree ['leaf'] = true;
//$tempTree ['optionType'] = "category";
//$tempTree['allowDrop']=false;
//$tempTree ['singleClickExpand'] = false;
/*
if ($key != "No Category") {
$tempTree ['expanded'] = true;
} else {
//$tempTree ['expanded'] = false;
$tempTree ['expanded'] = true;
}
*/
$processListTree [] = $tempTree;
$tempTree=array();
}
/*if ($_POST ['node'] == '/') {
$notInFolderLabel = G::LoadTranslation ('ID_NOT_IN_FOLDER');
$tempTree ['text'] = $notInFolderLabel;
$tempTree ['id'] = "NA";
$tempTree ['folderID'] = "NA";
$tempTree ['cls'] = 'folder';
$tempTree ['draggable' ] = true;
$tempTree ['name'] = $notInFolderLabel;
$tempTree ['type'] = "Directory";
$tempTree ['is_file'] = false;
$tempTree ['qtip'] ='<strong>Directory: </strong>'.$notInFolderLabel.'<br /><i>Unfiled Files</i> ';
$tempTree ['is_writable'] =true;
$tempTree ['is_chmodable'] =true;
$tempTree ['is_readable'] =true;
$tempTree ['is_deletable'] =true;
if ((isset($_POST['option']))&&($_POST['option']=="gridDocuments")) {
$tempTree ['icon'] = "/images/documents/extension/bz2.png";
}*/
//$tempTree ['leaf'] = true;
//$tempTree ['optionType'] = "category";
//$tempTree['allowDrop']=false;
//$tempTree ['singleClickExpand'] = false;
/*
if ($key != "No Category") {
$tempTree ['expanded'] = true;
} else {
//$tempTree ['expanded'] = false;
$tempTree ['expanded'] = true;
}
*/
/*$processListTree [] = $tempTree;
$tempTree=array();
}*/
} else {
if ($_POST ['node'] == '/') {
//$tempTree=array();
//$processListTree [] = array();
$tempTree = [];
}
}
if (isset($folderContent)) {
foreach ($folderContent as $key => $obj) {
$mimeInformation = getMime($obj["APP_DOC_FILENAME"]);
$tempTree["text"] = $obj["APP_DOC_FILENAME"];
$tempTree["name"] = $obj["APP_DOC_FILENAME"];
$tempTree["type"] = $mimeInformation["description"];
$tempTree["icon"] = $mimeInformation["icon"];
/*
if (isset($obj['OUT_DOC_GENERATE'])) {
if ($obj['OUT_DOC_GENERATE'] == "BOTH") {
$arrayType=array("PDF","DOC");
} else {
$arrayType=array($obj['OUT_DOC_GENERATE']);
}
foreach ($arrayType as $keyType => $fileType) {
$tempTree ['text'.$fileType] = $obj['APP_DOC_FILENAME'].".".strtolower($fileType);
$tempTree ['name'.$fileType] = $obj['APP_DOC_FILENAME'].".".strtolower($fileType);
$mimeInformation=getMime($obj['APP_DOC_FILENAME'].".".strtolower($fileType));
$tempTree ['type'.$fileType] = $mimeInformation['description'];
$tempTree ['icon'.$fileType] = $mimeInformation['icon'];
}
}
*/
$tempTree ['appdocid'] = $obj['APP_DOC_UID'];
$tempTree ['id'] = $obj['APP_DOC_UID_VERSION'];
$tempTree ['cls'] = 'file';
//$tempTree ['draggable'] = true;
$tempTree ['leaf'] = true;
$tempTree ['is_file'] = true;
//if ((isset($_POST['option']))&&($_POST['option']=="gridDocuments")) {
//}
$tempTree ['docVersion'] = $obj['DOC_VERSION'];
$tempTree ['appUid'] = $obj['APP_UID'];
$tempTree ['usrUid'] = $obj['USR_UID'];
@@ -389,24 +323,9 @@ function expandNode()
}
$tempTree ['downloadLabel1'] = $obj['DOWNLOAD_LABEL1'];
$tempTree ['downloadLink1'] = $obj['DOWNLOAD_LINK1'];
$tempTree ['appDocUidVersion'] = $obj['APP_DOC_UID_VERSION'];
$tempTree ['is_readable'] = true;
$tempTree ['is_file'] = true;
//$tempTree ['optionType'] = "category";
//$tempTree['allowDrop']=false;
//$tempTree ['singleClickExpand'] = true;
/*
if ($key != "No Category") {
$tempTree ['expanded'] = true;
} else {
//$tempTree ['expanded'] = false;
$tempTree ['expanded'] = true;
}
*/
$tempTree["outDocGenerate"] = "";
if (isset($obj["OUT_DOC_GENERATE"])) {
@@ -420,12 +339,9 @@ function expandNode()
$tempTree["type"] = $mimeInformation["description"];
$tempTree["icon"] = $mimeInformation["icon"];
$tempTree["appDocFileName"] = $tempTree["name"];
$tempTree["downloadLabel"] = $tempTree["downloadLabel" . $obj["OUT_DOC_GENERATE"]];
$tempTree["downloadLink"] = $tempTree["downloadLink" . $obj["OUT_DOC_GENERATE"]];
$tempTree["id"] = $tempTree["id"] . "_" . $obj["OUT_DOC_GENERATE"];
$processListTree[] = $tempTree;
break;
case "BOTH":
@@ -437,28 +353,19 @@ function expandNode()
$strExpander = $strExpander . "<a href=\"javascript:;\" onclick=\"openActionDialog(this, 'download', 'doc'); return false;\" style=\"color: #000000; text-decoration: none;\"><img src=\"/images/documents/extension/doc.png\" style=\"margin-left: 25px; border: 0;\" alt=\"\" /> <b>" . $obj["APP_DOC_FILENAME"] . ".doc</b> (" . $mimeInformation["description"] . ")</a>";
$tempTree["outDocGenerate"] = $strExpander;
$tempTree["text"] = $obj["APP_DOC_FILENAME"];
$tempTree["name"] = $obj["APP_DOC_FILENAME"];
$tempTree["type"] = "";
$tempTree["icon"] = "/images/documents/extension/document.png";
$tempTree["appDocFileName"] = $tempTree["name"];
//$tempTree["downloadLabel"] = $obj["DOWNLOAD_LABEL"];
//$tempTree["downloadLink"] = $obj["DOWNLOAD_LINK"];
$tempTree["id"] = $tempTree["id"] . "_" . $obj["OUT_DOC_GENERATE"];
$processListTree[] = $tempTree;
break;
//case "NOFILE":
// break;
}
} else {
if ($obj["APP_DOC_TYPE"] == "OUTPUT" &&
$tempTree["type"] == G::LoadTranslation("MIME_DES_FILE") &&
preg_match("/^.+&ext=(.+)&.+$/", $tempTree["downloadLink"], $arrayMatch)
) {
preg_match("/^.+&ext=(.+)&.+$/", $tempTree["downloadLink"], $arrayMatch)) {
$ext = $arrayMatch[1];
$mimeInformation = getMime($obj["APP_DOC_FILENAME"] . ".$ext");
@@ -467,11 +374,9 @@ function expandNode()
$tempTree["type"] = $mimeInformation["description"];
$tempTree["icon"] = $mimeInformation["icon"];
}
$processListTree[] = $tempTree;
}
$tempTree = array();
$tempTree = [];
}
}

27
workflow/engine/methods/cases/cases_ShowDocument.php
View File

@@ -2,29 +2,10 @@
/**
* cases_ShowDocument.php
*
* ProcessMaker Open Source Edition
* Copyright (C) 2004 - 2008 Colosa Inc.23
* Download documents related to the input document
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* For more information, contact Colosa Inc, 2566 Le Jeune Rd.,
* Coral Gables, FL, 33134, USA, or email info@colosa.com.
*/
/*
* Created on 13-02-2008
*
* @author David Callizaya <davidsantos@colosa.com>
* @link https://wiki.processmaker.com/3.2/Cases/Documents#Downloading_Files
* @link https://wiki.processmaker.com/3.3/Cases/Information#Uploaded_Documents
*/
if (isset($_REQUEST['actionAjax']) && $_REQUEST['actionAjax'] == "verifySession") {
if (!isset($_SESSION['USER_LOGGED'])) {
@@ -63,7 +44,7 @@ if (empty($_GET['v'])) {
//Check if the user can be download the input Document
//Send the parameter v = Version
//Send the parameter a = Case UID
if (defined('DISABLE_DOWNLOAD_DOCUMENTS_SESSION_VALIDATION') && DISABLE_DOWNLOAD_DOCUMENTS_SESSION_VALIDATION == 0) {
if ($RBAC->userCanAccess('PM_FOLDERS_ALL') != 1 && defined('DISABLE_DOWNLOAD_DOCUMENTS_SESSION_VALIDATION') && DISABLE_DOWNLOAD_DOCUMENTS_SESSION_VALIDATION == 0) {
if (!$oAppDocument->canDownloadInput($_SESSION['USER_LOGGED'], $_GET['a'], $docVersion)) {
G::header('Location: /errors/error403.php');
die();

27
workflow/engine/methods/cases/cases_ShowOutputDocument.php
View File

@@ -2,29 +2,10 @@
/**
* cases_ShowOutputDocument.php
*
* ProcessMaker Open Source Edition
* Copyright (C) 2004 - 2008 Colosa Inc.23
* Download documents related to the output document
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* For more information, contact Colosa Inc, 2566 Le Jeune Rd.,
* Coral Gables, FL, 33134, USA, or email info@colosa.com.
*
* Created on 13-02-2008
*
*
* @author David Callizaya <davidsantos@colosa.com>
* @link https://wiki.processmaker.com/3.2/Cases/Documents#Downloading_Files
* @link https://wiki.processmaker.com/3.3/Cases/Information#Generated_Documents
*/
use ProcessMaker\Plugins\PluginRegistry;
@@ -63,7 +44,7 @@ $oOutputDocument->Fields = $oOutputDocument->getByUid($sDocUid);
$download = $oOutputDocument->Fields['OUT_DOC_OPEN_TYPE'];
//Check if the user can be download the Output Document
if (defined('DISABLE_DOWNLOAD_DOCUMENTS_SESSION_VALIDATION') && DISABLE_DOWNLOAD_DOCUMENTS_SESSION_VALIDATION == 0) {
if ($RBAC->userCanAccess('PM_FOLDERS_ALL') != 1 && defined('DISABLE_DOWNLOAD_DOCUMENTS_SESSION_VALIDATION') && DISABLE_DOWNLOAD_DOCUMENTS_SESSION_VALIDATION == 0) {
if (!$oAppDocument->canDownloadOutput(
$oAppDocument->Fields['USR_UID'],
$_SESSION['USER_LOGGED'],