From 26bde68123c4a457ea7b1049eab70e6c84d7d6dd Mon Sep 17 00:00:00 2001 From: Paula Quispe Date: Mon, 6 Jan 2020 14:30:41 -0400 Subject: [PATCH] PMCORE-490 --- rbac/engine/data/mysql/insert.sql | 2 +- .../ProcessMaker/BusinessModel/CasesTest.php | 80 +++++++++++++++++++ .../ProcessMaker/Model/ApplicationTest.php | 48 +++++++++++ .../translations/english/processmaker.en.po | 24 ++++++ .../engine/controllers/adhocUserProxy.php | 24 ++++-- workflow/engine/data/mysql/insert.sql | 4 + .../engine/methods/cases/ajaxListener.php | 8 +- .../engine/methods/cases/casesListExtJs.php | 3 + .../engine/methods/cases/cases_Delete.php | 43 ++++------ .../src/ProcessMaker/BusinessModel/Cases.php | 41 +++++----- .../src/ProcessMaker/Model/Application.php | 53 +++++++++--- workflow/engine/templates/cases/casesList.js | 27 ++++--- 12 files changed, 278 insertions(+), 79 deletions(-) create mode 100644 tests/unit/workflow/engine/src/ProcessMaker/BusinessModel/CasesTest.php create mode 100644 tests/unit/workflow/engine/src/ProcessMaker/Model/ApplicationTest.php diff --git a/rbac/engine/data/mysql/insert.sql b/rbac/engine/data/mysql/insert.sql index 8bc913275..19cb44616 100644 --- a/rbac/engine/data/mysql/insert.sql +++ b/rbac/engine/data/mysql/insert.sql @@ -11,7 +11,7 @@ INSERT INTO `RBAC_PERMISSIONS` VALUES ('00000000000000000000000000000010','PM_SETUP_ADVANCE',NULL,NULL,1,'00000000000000000000000000000002'), ('00000000000000000000000000000011','PM_DASHBOARD','2009-02-18 00:00:00','2009-02-18 00:00:00',1,'00000000000000000000000000000002'), ('00000000000000000000000000000012','PM_WEBDAV','2009-08-21 00:00:00','2009-08-21 00:00:00',1,'00000000000000000000000000000002'), -('00000000000000000000000000000013','PM_DELETECASE','2009-10-12 00:00:00',NULL,0,'00000000000000000000000000000002'), +('00000000000000000000000000000013','PM_DELETECASE','2009-10-12 00:00:00',NULL,1,'00000000000000000000000000000002'), ('00000000000000000000000000000014','PM_EDITPERSONALINFO','2009-10-12 00:00:00',NULL,1,'00000000000000000000000000000002'), ('00000000000000000000000000000015','PM_FOLDERS_VIEW','2009-10-12 00:00:00',NULL,1,'00000000000000000000000000000002'), ('00000000000000000000000000000016','PM_FOLDERS_ADD_FOLDER','2009-10-12 00:00:00',NULL,1,'00000000000000000000000000000002'), diff --git a/tests/unit/workflow/engine/src/ProcessMaker/BusinessModel/CasesTest.php b/tests/unit/workflow/engine/src/ProcessMaker/BusinessModel/CasesTest.php new file mode 100644 index 000000000..99778d4f2 --- /dev/null +++ b/tests/unit/workflow/engine/src/ProcessMaker/BusinessModel/CasesTest.php @@ -0,0 +1,80 @@ +initRBAC(); + + $application = factory(Application::class)->create(); + // Tried to delete case + $case = new Cases(); + $case->deleteCase($application->APP_UID, $_SESSION['USER_LOGGED']); + } + + /** + * This checks the delete case + * + * @covers \ProcessMaker\BusinessModel\Cases::deleteCase() + * @test + * @expectedException Exception + */ + public function it_should_not_delete_case_in_todo_status() + { + // Set the RBAC + global $RBAC; + $_SESSION['USER_LOGGED'] = '00000000000000000000000000000001'; + $RBAC = RBAC::getSingleton(PATH_DATA, session_id()); + $RBAC->initRBAC(); + + $application = factory(Application::class)->create(['APP_STATUS' => 'TO_DO']); + // Tried to delete case + $case = new Cases(); + $case->deleteCase($application->APP_UID, $_SESSION['USER_LOGGED']); + } + + /** + * This checks the delete case + * + * @covers \ProcessMaker\BusinessModel\Cases::deleteCase() + * @test + * @expectedException Exception + */ + public function it_should_not_delete_case_when_is_not_owner() + { + // Set the RBAC + global $RBAC; + $_SESSION['USER_LOGGED'] = '00000000000000000000000000000001'; + $RBAC = RBAC::getSingleton(PATH_DATA, session_id()); + $RBAC->initRBAC(); + + $application = factory(Application::class)->create(['APP_INIT_USER' => '00000000000000000000000000000002']); + // Tried to delete case + $case = new Cases(); + $case->deleteCase($application->APP_UID, $_SESSION['USER_LOGGED']); + } +} diff --git a/tests/unit/workflow/engine/src/ProcessMaker/Model/ApplicationTest.php b/tests/unit/workflow/engine/src/ProcessMaker/Model/ApplicationTest.php new file mode 100644 index 000000000..f4ef131b7 --- /dev/null +++ b/tests/unit/workflow/engine/src/ProcessMaker/Model/ApplicationTest.php @@ -0,0 +1,48 @@ +create(); + factory(Application::class, 5)->create(['PRO_UID' => $process->PRO_UID]); + $cases = Application::getByProUid($process->PRO_UID); + foreach ($cases as $case) { + $this->assertEquals($case->PRO_UID, $process->PRO_UID); + } + } + + /** + * This checks if return the columns used + * + * @covers \ProcessMaker\Model\Application::getCase() + * @test + */ + public function it_return_case_information() + { + $application = factory(Application::class)->create(); + $result = Application::getCase($application->APP_UID); + $this->assertArrayHasKey('APP_STATUS', $result); + $this->assertArrayHasKey('APP_INIT_USER', $result); + } +} diff --git a/workflow/engine/content/translations/english/processmaker.en.po b/workflow/engine/content/translations/english/processmaker.en.po index 44a2f770d..7160fc72f 100644 --- a/workflow/engine/content/translations/english/processmaker.en.po +++ b/workflow/engine/content/translations/english/processmaker.en.po @@ -3341,6 +3341,12 @@ msgstr "No actions available for this case." msgid "Case Demo" msgstr "Case Demo" +# TRANSLATION +# LABEL/ID_CASE_DELETE_SUCCESFULLY +#: LABEL/ID_CASE_DELETE_SUCCESFULLY +msgid "The Case was deleted successfully." +msgstr "The Case was deleted successfully." + # TRANSLATION # LABEL/ID_CASES #: LABEL/ID_CASES @@ -3353,6 +3359,12 @@ msgstr "HOME" msgid "[LABEL/ID_CASES1] Cases" msgstr "Cases" +# TRANSLATION +# LABEL/ID_CASES_DELETE_SUCCESFULLY +#: LABEL/ID_CASES_DELETE_SUCCESFULLY +msgid "All Cases were deleted successfully." +msgstr "All Cases were deleted successfully." + # TRANSLATION # LABEL/ID_CASESLIST_APP_CURRENT_USER #: LABEL/ID_CASESLIST_APP_CURRENT_USER @@ -5741,6 +5753,12 @@ msgstr "Deleted" msgid "Deleted Successfully" msgstr "Deleted Successfully" +# TRANSLATION +# LABEL/ID_DELETE_ACTION +#: LABEL/ID_DELETE_ACTION +msgid "Delete case" +msgstr "Delete case" + # TRANSLATION # LABEL/ID_DELETE_ALL_FIELDS #: LABEL/ID_DELETE_ALL_FIELDS @@ -19697,6 +19715,12 @@ msgstr "After routing notify the next assigned user(s)" msgid "Notify users of case" msgstr "Notify users of case" +# TRANSLATION +# LABEL/ID_NOT_ABLE_DELETE_CASES +#: LABEL/ID_NOT_ABLE_DELETE_CASES +msgid "You are not allowed to delete cases, please contact your System Administrator." +msgstr "You are not allowed to delete cases, please contact your System Administrator." + # TRANSLATION # LABEL/ID_NOT_ABLE_REASSIGN #: LABEL/ID_NOT_ABLE_REASSIGN diff --git a/workflow/engine/controllers/adhocUserProxy.php b/workflow/engine/controllers/adhocUserProxy.php index 729b420f4..b234ebcb9 100644 --- a/workflow/engine/controllers/adhocUserProxy.php +++ b/workflow/engine/controllers/adhocUserProxy.php @@ -1,5 +1,7 @@ reassignCase( $_SESSION['APPLICATION'], $_SESSION['INDEX'], $_SESSION['USER_LOGGED'], $_POST['USR_UID'], $_POST['THETYPE'] ); $this->success = true; } - //delete case adhoc - function deleteCase ($params) + /** + * Delete case from the actions menu + * + * @link https://wiki.processmaker.com/3.3/Cases/Actions#Delete + */ + function deleteCase($params) { - $ainfoCase = array (); try { - $applicationUID = (isset( $_POST['APP_UID'] )) ? $_POST['APP_UID'] : $_SESSION['APPLICATION']; + $appUid = (isset($_POST['APP_UID'])) ? $_POST['APP_UID'] : $_SESSION['APPLICATION']; + // Load case information for get appNumber + $data = []; $app = new Application(); - $caseData = $app->load( $applicationUID ); + $caseData = $app->load($appUid); $data['APP_NUMBER'] = $caseData['APP_NUMBER']; - $oCase = new Cases(); - $oCase->removeCase( $applicationUID ); + $case = new Cases(); + $case->deleteCase($appUid, $_SESSION['USER_LOGGED']); + // Result successfully $this->success = true; - $this->msg = G::LoadTranslation( 'ID_CASE_DELETED_SUCCESSFULLY', SYS_LANG, $data ); + $this->msg = G::LoadTranslation('ID_CASE_DELETED_SUCCESSFULLY', SYS_LANG, $data); } catch (Exception $e) { $this->success = false; $this->msg = $e->getMessage(); diff --git a/workflow/engine/data/mysql/insert.sql b/workflow/engine/data/mysql/insert.sql index 3c05dd3a7..9584a37ab 100644 --- a/workflow/engine/data/mysql/insert.sql +++ b/workflow/engine/data/mysql/insert.sql @@ -57360,8 +57360,10 @@ INSERT INTO TRANSLATION (TRN_CATEGORY,TRN_ID,TRN_LANG,TRN_VALUE,TRN_UPDATE_DATE ( 'LABEL','ID_CASE','en','Case','2014-01-15') , ( 'LABEL','ID_CASECANCEL','en','No actions available for this case.','2014-01-15') , ( 'LABEL','ID_CASEDEMO','en','Case Demo','2014-01-15') , +( 'LABEL','ID_CASE_DELETE_SUCCESFULLY','en','The Case was deleted successfully.','2020-01-08') , ( 'LABEL','ID_CASES','en','HOME','2014-01-15') , ( 'LABEL','ID_CASES1','en','Cases','2015-12-15') , +( 'LABEL','ID_CASES_DELETE_SUCCESFULLY','en','All Cases were deleted successfully.','2020-01-08') , ( 'LABEL','ID_CASESLIST_APP_CURRENT_USER','en','Current User','2014-01-15') , ( 'LABEL','ID_CASESLIST_APP_DEL_INDEX','en','Del Index','2014-01-15') , ( 'LABEL','ID_CASESLIST_APP_DEL_PREVIOUS_USER','en','Sent by','2014-01-15') , @@ -57770,6 +57772,7 @@ INSERT INTO TRANSLATION (TRN_CATEGORY,TRN_ID,TRN_LANG,TRN_VALUE,TRN_UPDATE_DATE ( 'LABEL','ID_DELETE','en','Delete','2014-01-15') , ( 'LABEL','ID_DELETED','en','Deleted','2014-01-15') , ( 'LABEL','ID_DELETED_SUCCESSFULLY','en','Deleted Successfully','2014-01-15') , +( 'LABEL','ID_DELETE_ACTION','en','Delete case','2020-01-15') , ( 'LABEL','ID_DELETE_ALL_FIELDS','en','Do you want to delete all fields?','2014-01-15') , ( 'LABEL','ID_DELETE_ALL_REPORT_TABLE','en','Do you want to delete all report tables?','2014-01-15') , ( 'LABEL','ID_DELETE_AUTH_SOURCE','en','Delete Authentication Source','2014-10-13') , @@ -60149,6 +60152,7 @@ INSERT INTO TRANSLATION (TRN_CATEGORY,TRN_ID,TRN_LANG,TRN_VALUE,TRN_UPDATE_DATE ( 'LABEL','ID_NOTIFY','en','Notify','2016-10-20') , ( 'LABEL','ID_NOTIFY_USERS_AFTER_ASSIGN','en','After routing notify the next assigned user(s)','2014-01-15') , ( 'LABEL','ID_NOTIFY_USERS_CASE','en','Notify users of case','2014-01-15') , +( 'LABEL','ID_NOT_ABLE_DELETE_CASES','en','You are not allowed to delete cases, please contact your System Administrator.','2020-01-08') , ( 'LABEL','ID_NOT_ABLE_REASSIGN','en','You are not able to reassign cases of this process.','2018-05-15') , ( 'LABEL','ID_NOT_AVAILABLE_DATABASE','en','Not available.','2015-04-21') , ( 'LABEL','ID_NOT_CREATE_TABLE','en','Could not create the table with the name','2014-01-15') , diff --git a/workflow/engine/methods/cases/ajaxListener.php b/workflow/engine/methods/cases/ajaxListener.php index f8cbb8b6a..55d1ec1bf 100644 --- a/workflow/engine/methods/cases/ajaxListener.php +++ b/workflow/engine/methods/cases/ajaxListener.php @@ -200,9 +200,11 @@ class Ajax } else { $options[] = ['text' => G::LoadTranslation('ID_UNPAUSE'), 'fn' => 'unpauseCase']; } - - $options[] = ['text' => G::LoadTranslation('ID_DELETE'), 'fn' => 'deleteCase']; - + // Check if the user has the permission for the action Delete Case + if ($RBAC->userCanAccess('PM_DELETECASE') == 1) { + $options[] = ['text' => G::LoadTranslation('ID_DELETE'), 'fn' => 'deleteCase']; + } + // Check if the user has the permission for the action Reassign Case if ($RBAC->userCanAccess('PM_REASSIGNCASE') == 1 || $RBAC->userCanAccess('PM_REASSIGNCASE_SUPERVISOR') == 1) { if (!AppDelay::isPaused($appUid, $index)) { $options[] = ['text' => G::LoadTranslation('ID_REASSIGN'), 'fn' => 'getUsersToReassign']; diff --git a/workflow/engine/methods/cases/casesListExtJs.php b/workflow/engine/methods/cases/casesListExtJs.php index 648bf53bd..889553e0d 100644 --- a/workflow/engine/methods/cases/casesListExtJs.php +++ b/workflow/engine/methods/cases/casesListExtJs.php @@ -188,6 +188,9 @@ $reassignCaseSup = ($RBAC->userCanAccess('PM_REASSIGNCASE_SUPERVISOR') == 1) ? ' $headPublisher->assign('varReassignCase', $reassignCase); $headPublisher->assign('varReassignCaseSupervisor', $reassignCaseSup); +$deleteCase = ($RBAC->userCanAccess('PM_DELETECASE') == 1) ? 'true' : 'false'; +$headPublisher->assign('varDeleteCase', $deleteCase); + $c = new Configurations(); $headPublisher->addExtJsScript('app/main', true); $headPublisher->addExtJsScript('cases/casesList', false); //adding a javascript file .js diff --git a/workflow/engine/methods/cases/cases_Delete.php b/workflow/engine/methods/cases/cases_Delete.php index 96511c3f6..cb82a13fd 100644 --- a/workflow/engine/methods/cases/cases_Delete.php +++ b/workflow/engine/methods/cases/cases_Delete.php @@ -2,26 +2,13 @@ /** * cases_Delete.php * - * ProcessMaker Open Source Edition - * Copyright (C) 2004 - 2008 Colosa Inc.23 + * Delete case from the cases List option * - * This program is free software: you can redistribute it and/or modify - * it under the terms of the GNU Affero General Public License as - * published by the Free Software Foundation, either version 3 of the - * License, or (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - * GNU Affero General Public License for more details. - * - * You should have received a copy of the GNU Affero General Public License - * along with this program. If not, see . - * - * For more information, contact Colosa Inc, 2566 Le Jeune Rd., - * Coral Gables, FL, 33134, USA, or email info@colosa.com. + * @link https://wiki.processmaker.com/3.3/Roles#PM_DELETECASE */ -/* Permissions */ + +use ProcessMaker\BusinessModel\Cases; + switch ($RBAC->userCanAccess( 'PM_CASES' )) { case - 2: G::SendTemporalMessage( 'ID_USER_HAVENT_RIGHTS_SYSTEM', 'error', 'labels' ); @@ -35,23 +22,23 @@ switch ($RBAC->userCanAccess( 'PM_CASES' )) { break; } -/* Process the info */ try { - $oCase = new Cases(); - if (isset( $_POST['APP_UIDS'] )) { - $ids = explode( ',', $_POST['APP_UIDS'] ); - foreach ($ids as $id) { - $oCase->removeCase( $id ); + if (isset($_POST['APP_UIDS'])) { + $cases = explode(',', $_POST['APP_UIDS']); + foreach ($cases as $appUid) { + $case = new Cases(); + $case->deleteCase($appUid, $_SESSION['USER_LOGGED']); } - if (count( $_POST['APP_UIDS'] ) > 1) { - echo 'The Case was deleted successfully'; + // Prepare the response successfully + if (count($cases) == 1) { + G::outRes(G::outRes(G::LoadTranslation('ID_CASE_DELETE_SUCCESFULLY'))); } else { - echo 'All Cases were deleted successfully'; + G::outRes(G::outRes(G::LoadTranslation('ID_CASES_DELETE_SUCCESFULLY'))); } } } catch (Exception $e) { $token = strtotime("now"); PMException::registerErrorLog($e, $token); - G::outRes( G::LoadTranslation("ID_EXCEPTION_LOG_INTERFAZ", array($token)) ); + G::outRes($e->getMessage()); } diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php b/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php index 0fa5354e2..e7c1f6c02 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php @@ -40,6 +40,7 @@ use ProcessMaker\BusinessModel\Task as BmTask; use ProcessMaker\BusinessModel\User as BmUser; use ProcessMaker\Core\System; use ProcessMaker\Exception\UploadException; +use ProcessMaker\Model\Application as ModelApplication; use ProcessMaker\Model\Delegation; use ProcessMaker\Plugins\PluginRegistry; use ProcessMaker\Services\OAuth2\Server; @@ -1114,35 +1115,37 @@ class Cases * Delete case * * @access public - * @param string $app_uid, Uid for case - * @param string $usr_uid, Uid user + * @param string $appUid, Uid for case + * @param string $usrUid, Uid user * * @return void * @throws Exception */ - public function deleteCase($app_uid, $usr_uid) + public function deleteCase($appUid, $usrUid) { - Validator::isString($app_uid, '$app_uid'); - Validator::appUid($app_uid, '$app_uid'); + Validator::isString($appUid, '$app_uid'); + Validator::appUid($appUid, '$app_uid'); - $criteria = new Criteria(); - $criteria->addSelectColumn(ApplicationPeer::APP_STATUS); - $criteria->addSelectColumn(ApplicationPeer::APP_INIT_USER); - $criteria->add(ApplicationPeer::APP_UID, $app_uid, Criteria::EQUAL); - $dataset = ApplicationPeer::doSelectRS($criteria); - $dataset->setFetchmode(ResultSet::FETCHMODE_ASSOC); - $dataset->next(); - $aRow = $dataset->getRow(); - if ($aRow['APP_STATUS'] != 'DRAFT') { - throw (new Exception(G::LoadTranslation("ID_DELETE_CASE_NO_STATUS"))); + // Review the permission for delete case + global $RBAC; + if ($RBAC->userCanAccess('PM_DELETECASE') != 1) { + throw new Exception(G::LoadTranslation('ID_NOT_ABLE_DELETE_CASES')); } - - if ($aRow['APP_INIT_USER'] != $usr_uid) { - throw (new Exception(G::LoadTranslation("ID_DELETE_CASE_NO_OWNER"))); + // Review the status and user + $caseInfo = ModelApplication::getCase($appUid); + if (!empty($caseInfo)){ + // Review the status + if ($caseInfo['APP_STATUS'] != 'DRAFT') { + throw new Exception(G::LoadTranslation("ID_DELETE_CASE_NO_STATUS")); + } + // Review the user requester + if ($caseInfo['APP_INIT_USER'] != $usrUid) { + throw new Exception(G::LoadTranslation("ID_DELETE_CASE_NO_OWNER")); + } } $case = new ClassesCases(); - $case->removeCase($app_uid); + $case->removeCase($appUid); } /** diff --git a/workflow/engine/src/ProcessMaker/Model/Application.php b/workflow/engine/src/ProcessMaker/Model/Application.php index 6b53ca048..d34d2b91e 100644 --- a/workflow/engine/src/ProcessMaker/Model/Application.php +++ b/workflow/engine/src/ProcessMaker/Model/Application.php @@ -27,24 +27,23 @@ class Application extends Model } /** - * Get Applications by PRO_UID, ordered by APP_NUMBER. - * @param string $proUid - * @return object - * @see ReportTables->populateTable() + * Scope for query to get the application by APP_UID. + * @param \Illuminate\Database\Eloquent\Builder $query + * @param string $appUid + * @return \Illuminate\Database\Eloquent\Builder */ - public static function getByProUid($proUid) + public function scopeAppUid($query, $appUid) { - $query = Application::query() - ->select() - ->proUid($proUid) - ->orderBy('APP_NUMBER', 'ASC'); - return $query->get(); + $result = $query->where('APP_UID', '=', $appUid); + return $result; } /** * Scope for query to get the applications by PRO_UID. + * * @param \Illuminate\Database\Eloquent\Builder $query * @param string $proUid + * * @return \Illuminate\Database\Eloquent\Builder */ public function scopeProUid($query, $proUid) @@ -52,4 +51,38 @@ class Application extends Model $result = $query->where('PRO_UID', '=', $proUid); return $result; } + + /** + * Get Applications by PRO_UID, ordered by APP_NUMBER. + * + * @param string $proUid + * + * @return object + * @see ReportTables->populateTable() + */ + public static function getByProUid($proUid) + { + $query = Application::query() + ->select() + ->proUid($proUid) + ->orderBy('APP_NUMBER', 'ASC'); + return $query->get(); + } + + /** + * Get information related to the created case + * + * @param string $appUid + * + * @return array|bool + */ + public static function getCase($appUid) + { + $query = Application::query()->select(['APP_STATUS', 'APP_INIT_USER']); + $query->appUid($appUid); + $result = $query->get()->toArray(); + $firstElement = head($result); + + return $firstElement; + } } diff --git a/workflow/engine/templates/cases/casesList.js b/workflow/engine/templates/cases/casesList.js index 1a69b63ca..ebd272b62 100644 --- a/workflow/engine/templates/cases/casesList.js +++ b/workflow/engine/templates/cases/casesList.js @@ -218,26 +218,31 @@ function deleteCase() { _('ID_CONFIRM'), (rows.length == 1) ? _('ID_MSG_CONFIRM_DELETE_CASE') : _('ID_MSG_CONFIRM_DELETE_CASES'), function(btn, text){ - if ( btn == 'yes' ) { - Ext.MessageBox.show({ msg: _('ID_DELETING_ELEMENTS'), wait:true,waitConfig: {interval:200} }); + if (btn == 'yes') { + Ext.MessageBox.show({ + msg: _('ID_DELETING_ELEMENTS'), + wait: true, + waitConfig: {interval: 200} + }); Ext.Ajax.request({ url: 'cases_Delete', - success: function(response) { + success: function (response) { try { parent.updateCasesView(true); - } - catch (e) { + } catch (e) { // Nothing to do } Ext.MessageBox.hide(); try { parent.updateCasesTree(); - } - catch (e) { + } catch (e) { // Nothing to do } + if (typeof (response.responseText) != 'undefined') { + Ext.MessageBox.alert(_('ID_INFO'), response.responseText); + } }, - params: {APP_UIDS:APP_UIDS} + params: {APP_UIDS: APP_UIDS} }); } } @@ -1899,10 +1904,12 @@ Ext.onReady ( function() { case 'draft': menuItems = [optionMenuPause, optionMenuSummary, optionMenuNotes]; - if( varReassignCase == 'true' || varReassignCaseSupervisor == 'true'){ + if (varReassignCase == 'true' || varReassignCaseSupervisor == 'true') { menuItems.push(optionMenuReassign); } - menuItems.push(optionMenuDelete); + if (varDeleteCase == 'true') { + menuItems.push(optionMenuDelete); + } break;