fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merged feature/HOR-3559 into bugfix/HOR-3331-T

Browse Source
This commit is contained in:
Paula Quispe
2017-08-07 11:57:13 -04:00
parent 5d202bb681 74889e7a2a
commit 34a8df2481
13 changed files with 199 additions and 108 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
gulliver/system/class.rbac.php
View File

@@ -110,11 +110,11 @@ class RBAC
'downloadFileHash' => array('PM_FACTORY') 'downloadFileHash' => array('PM_FACTORY')
), ),
'processProxy.php' => array( 'processProxy.php' => array(
'categoriesList' => array(), 'categoriesList' => array('PM_SETUP_PROCESS_CATEGORIES'),
'getCategoriesList' => array(), 'getCategoriesList' => array('PM_FACTORY'),
'saveProcess' => array('PM_FACTORY'), 'saveProcess' => array('PM_FACTORY'),
'changeStatus' => array(), 'changeStatus' => array('PM_FACTORY'),
'changeDebugMode' => array(), 'changeDebugMode' => array('PM_FACTORY'),
'getUsers' => array(), 'getUsers' => array(),
'getGroups' => array(), 'getGroups' => array(),
'assignActorsTask' => array(), 'assignActorsTask' => array(),
@@ -125,7 +125,7 @@ class RBAC
'saveProperties' => array(), 'saveProperties' => array(),
'getCaledarList' => array(), 'getCaledarList' => array(),
'getPMVariables' => array(), 'getPMVariables' => array(),
'generateBpmn' => array() 'generateBpmn' => array('PM_FACTORY')
), ),
'home.php' => array( 'home.php' => array(
'login' => array('PM_LOGIN'), 'login' => array('PM_LOGIN'),
@@ -144,6 +144,9 @@ class RBAC
'getProcessArray' => array('PM_ALLCASES'), 'getProcessArray' => array('PM_ALLCASES'),
'getProcesses' => array('PM_ALLCASES'), 'getProcesses' => array('PM_ALLCASES'),
'getUsers' => array('PM_ALLCASES') 'getUsers' => array('PM_ALLCASES')
),
'newSite.php' => array(
'newSite.php' => array('PM_SETUP_ADVANCE')
) )
); );

27
workflow/engine/classes/class.case.php
View File

@@ -5788,8 +5788,8 @@ class Cases
* @param string $tasUid * @param string $tasUid
* @param string $usrUid * @param string $usrUid
* @param string $action some action [VIEW, BLOCK, RESEND] * @param string $action some action [VIEW, BLOCK, RESEND]
* @param string $delIndex * @param integer $delIndex
* @return Array within all user permitions all objects' types * @return array within all user permissions all objects' types
*/ */
public function getAllObjectsFrom($proUid, $appUid, $tasUid = '', $usrUid = '', $action = '', $delIndex = 0) public function getAllObjectsFrom($proUid, $appUid, $tasUid = '', $usrUid = '', $action = '', $delIndex = 0)
{ {
@@ -5808,6 +5808,7 @@ class Cases
$result = array( $result = array(
"DYNAFORM" => array(), "DYNAFORM" => array(),
"INPUT" => array(), "INPUT" => array(),
"ATTACHMENT" => array(),
"OUTPUT" => array(), "OUTPUT" => array(),
"CASES_NOTES" => 0, "CASES_NOTES" => 0,
"MSGS_HISTORY" => array() "MSGS_HISTORY" => array()
@@ -5878,6 +5879,15 @@ class Cases
$opObjUid, $opObjUid,
$aCase['APP_STATUS'] $aCase['APP_STATUS']
); );
//For Attachment
$result['ATTACHMENT'] = $oObjectPermission->objectPermissionByOutputInput(
$appUid,
$proUid,
$opTaskSource,
'ATTACHED',
$opObjUid,
$aCase['APP_STATUS']
);
$result['CASES_NOTES'] = 1; $result['CASES_NOTES'] = 1;
/*----------------------------------********---------------------------------*/ /*----------------------------------********---------------------------------*/
@@ -5914,6 +5924,16 @@ class Cases
$aCase['APP_STATUS'] $aCase['APP_STATUS']
); );
break; break;
case 'ATTACHMENT':
$result['ATTACHMENT'] = $oObjectPermission->objectPermissionByOutputInput(
$appUid,
$proUid,
$opTaskSource,
'ATTACHED',
$opObjUid,
$aCase['APP_STATUS']
);
break;
case 'OUTPUT': case 'OUTPUT':
$result['OUTPUT'] = $oObjectPermission->objectPermissionByOutputInput( $result['OUTPUT'] = $oObjectPermission->objectPermissionByOutputInput(
$appUid, $appUid,
@@ -5948,9 +5968,10 @@ class Cases
} }
} }
return Array( return array(
"DYNAFORMS" => $result['DYNAFORM'], "DYNAFORMS" => $result['DYNAFORM'],
"INPUT_DOCUMENTS" => $result['INPUT'], "INPUT_DOCUMENTS" => $result['INPUT'],
"ATTACHMENTS" => $result['ATTACHMENT'],
"OUTPUT_DOCUMENTS" => $result['OUTPUT'], "OUTPUT_DOCUMENTS" => $result['OUTPUT'],
"CASES_NOTES" => $result['CASES_NOTES'], "CASES_NOTES" => $result['CASES_NOTES'],
"MSGS_HISTORY" => $result['MSGS_HISTORY'] "MSGS_HISTORY" => $result['MSGS_HISTORY']

85
workflow/engine/classes/model/AppDocument.php
View File

@@ -530,10 +530,16 @@ class AppDocument extends BaseAppDocument
return $documents; return $documents;
} }
public function exists ($sAppDocUid, $iVersion) /**
* This function check if exist a document
* @param string $appDocUid, Uid of the document
* @param integer $version,
* @return object
*/
public function exists ($appDocUid, $version = 1)
{ {
$oAppDocument = AppDocumentPeer::retrieveByPK( $sAppDocUid, $iVersion ); $oAppDocument = AppDocumentPeer::retrieveByPK($appDocUid, $version);
return (is_object( $oAppDocument ) && get_class( $oAppDocument ) == 'AppDocument'); return (is_object($oAppDocument) && get_class($oAppDocument) == 'AppDocument');
} }
/** /**
@@ -547,6 +553,7 @@ class AppDocument extends BaseAppDocument
*/ */
public function canDownloadInput($user, $appDocUid, $version) public function canDownloadInput($user, $appDocUid, $version)
{ {
//Check if the the requester is the owner in the file
$oCriteria = new Criteria('workflow'); $oCriteria = new Criteria('workflow');
$oCriteria->addSelectColumn(AppDocumentPeer::APP_UID); $oCriteria->addSelectColumn(AppDocumentPeer::APP_UID);
$oCriteria->addJoin(AppDocumentPeer::DOC_UID, InputDocumentPeer::INP_DOC_UID, Criteria::LEFT_JOIN); $oCriteria->addJoin(AppDocumentPeer::DOC_UID, InputDocumentPeer::INP_DOC_UID, Criteria::LEFT_JOIN);
@@ -560,11 +567,11 @@ class AppDocument extends BaseAppDocument
if ($dataset->getRow()) { if ($dataset->getRow()) {
return true; return true;
} else { } else {
//Review if is a INPUT or ATTACHED
$oCriteria = new Criteria("workflow"); $oCriteria = new Criteria("workflow");
$oCriteria->addSelectColumn(AppDocumentPeer::APP_UID); $oCriteria->addSelectColumn(AppDocumentPeer::APP_UID);
$oCriteria->addSelectColumn(AppDocumentPeer::DOC_UID); $oCriteria->addSelectColumn(AppDocumentPeer::DOC_UID);
$oCriteria->addSelectColumn(InputDocumentPeer::PRO_UID); $oCriteria->addSelectColumn(AppDocumentPeer::APP_DOC_TYPE);
$oCriteria->addJoin(AppDocumentPeer::DOC_UID, InputDocumentPeer::INP_DOC_UID, Criteria::LEFT_JOIN);
$oCriteria->add(AppDocumentPeer::APP_DOC_UID, $appDocUid); $oCriteria->add(AppDocumentPeer::APP_DOC_UID, $appDocUid);
$oCriteria->add(AppDocumentPeer::DOC_VERSION, $version); $oCriteria->add(AppDocumentPeer::DOC_VERSION, $version);
$oCriteria->setLimit(1); $oCriteria->setLimit(1);
@@ -572,28 +579,56 @@ class AppDocument extends BaseAppDocument
$dataset->setFetchmode(ResultSet::FETCHMODE_ASSOC); $dataset->setFetchmode(ResultSet::FETCHMODE_ASSOC);
$dataset->next(); $dataset->next();
$row = $dataset->getRow(); $row = $dataset->getRow();
$cases = new \ProcessMaker\BusinessModel\Cases(); if ($row['DOC_UID'] == '-1') {
$userAuthorization = $cases->userAuthorization( //If is an attached we only verify if is a supervisor in the process
$user, $appUid = $row['APP_UID'];
$row['PRO_UID'], $oApplication = new Application();
$row['APP_UID'], $aColumns = $oApplication->Load($appUid);
array(), $cases = new \ProcessMaker\BusinessModel\Cases();
array('INPUT_DOCUMENTS' => 'VIEW') $userAuthorization = $cases->userAuthorization(
); $user,
$aColumns['PRO_UID'],
if (in_array($appDocUid, $userAuthorization['objectPermissions']['INPUT_DOCUMENTS'])) { $appUid,
return true; array(),
} array('ATTACHMENTS' => 'VIEW')
);
if ($userAuthorization['supervisor']) { //Has permissions?
$criteria = new Criteria("workflow"); if (in_array($appDocUid, $userAuthorization['objectPermissions']['ATTACHMENTS'])) {
$criteria->addSelectColumn(StepSupervisorPeer::STEP_UID);
$criteria->add(StepSupervisorPeer::STEP_TYPE_OBJ, "INPUT_DOCUMENT", \Criteria::EQUAL);
$criteria->add(StepSupervisorPeer::STEP_UID_OBJ, $row['DOC_UID'], \Criteria::EQUAL);
$rsCriteria = StepSupervisorPeer::doSelectRS($criteria);
if ($rsCriteria->next()) {
return true; return true;
} }
//Is supervisor?
if ($userAuthorization['supervisor']) {
return true;
}
} else {
//If is an file related an input document, we will check if the user is a supervisor or has permissions
$appUid = $row['APP_UID'];
$oInputDoc = new InputDocument();
$aColumns = $oInputDoc->Load($row['DOC_UID']);
$cases = new \ProcessMaker\BusinessModel\Cases();
$userAuthorization = $cases->userAuthorization(
$user,
$aColumns['PRO_UID'],
$appUid,
array(),
array('INPUT_DOCUMENTS' => 'VIEW')
);
//Has permissions?
if (in_array($appDocUid, $userAuthorization['objectPermissions']['INPUT_DOCUMENTS'])) {
return true;
}
//Is supervisor?
if ($userAuthorization['supervisor']) {
//Review if the supervisor has assigned the object input document
$criteria = new Criteria("workflow");
$criteria->addSelectColumn(StepSupervisorPeer::STEP_UID);
$criteria->add(StepSupervisorPeer::STEP_TYPE_OBJ, "INPUT_DOCUMENT", \Criteria::EQUAL);
$criteria->add(StepSupervisorPeer::STEP_UID_OBJ, $row['DOC_UID'], \Criteria::EQUAL);
$rsCriteria = StepSupervisorPeer::doSelectRS($criteria);
if ($rsCriteria->next()) {
return true;
}
}
} }
} }
return false; return false;

11
workflow/engine/classes/model/ObjectPermission.php
View File

@@ -383,10 +383,10 @@ class ObjectPermission extends BaseObjectPermission
} }
switch ($obType) { switch ($obType) {
case 'INPUT': case 'INPUT':
$oCriteria->add( $oCriteria->add(AppDocumentPeer::APP_DOC_TYPE, 'INPUT');
$oCriteria->getNewCriterion(AppDocumentPeer::APP_DOC_TYPE, 'INPUT')-> break;
addOr($oCriteria->getNewCriterion(AppDocumentPeer::APP_DOC_TYPE, 'ATTACHED')) case 'ATTACHED':
); $oCriteria->add(AppDocumentPeer::APP_DOC_TYPE, 'ATTACHED');
break; break;
case 'OUTPUT': case 'OUTPUT':
$oCriteria->add(AppDocumentPeer::APP_DOC_TYPE, 'OUTPUT'); $oCriteria->add(AppDocumentPeer::APP_DOC_TYPE, 'OUTPUT');
@@ -399,9 +399,6 @@ class ObjectPermission extends BaseObjectPermission
$result = array(); $result = array();
while ($oDataset->next()) { while ($oDataset->next()) {
$aRow = $oDataset->getRow(); $aRow = $oDataset->getRow();
if ($aRow['APP_DOC_TYPE'] == "ATTACHED") {
$aRow['APP_DOC_TYPE'] = "INPUT";
}
if (!in_array($aRow['APP_DOC_UID'], $result)) { if (!in_array($aRow['APP_DOC_UID'], $result)) {
array_push($result, $aRow['APP_DOC_UID']); array_push($result, $aRow['APP_DOC_UID']);
} }

2
workflow/engine/classes/model/map/EmailEventMapBuilder.php
View File

@@ -75,7 +75,7 @@ class EmailEventMapBuilder
$tMap->addColumn('EMAIL_EVENT_TO', 'EmailEventTo', 'string', CreoleTypes::LONGVARCHAR, true, null); $tMap->addColumn('EMAIL_EVENT_TO', 'EmailEventTo', 'string', CreoleTypes::LONGVARCHAR, true, null);
$tMap->addColumn('EMAIL_EVENT_SUBJECT', 'EmailEventSubject', 'string', CreoleTypes::VARCHAR, false, 150); $tMap->addColumn('EMAIL_EVENT_SUBJECT', 'EmailEventSubject', 'string', CreoleTypes::VARCHAR, false, 255);
$tMap->addColumn('PRF_UID', 'PrfUid', 'string', CreoleTypes::VARCHAR, false, 32); $tMap->addColumn('PRF_UID', 'PrfUid', 'string', CreoleTypes::VARCHAR, false, 32);

2
workflow/engine/config/schema.xml
View File

@@ -5537,7 +5537,7 @@
<column name="EVN_UID" type="VARCHAR" size="32" required="true" /> <column name="EVN_UID" type="VARCHAR" size="32" required="true" />
<column name="EMAIL_EVENT_FROM" type="VARCHAR" size="100" required="true" default="" /> <column name="EMAIL_EVENT_FROM" type="VARCHAR" size="100" required="true" default="" />
<column name="EMAIL_EVENT_TO" type="LONGVARCHAR" required="true" /> <column name="EMAIL_EVENT_TO" type="LONGVARCHAR" required="true" />
<column name="EMAIL_EVENT_SUBJECT" type="VARCHAR" size="150" required="false" default=""/> <column name="EMAIL_EVENT_SUBJECT" type="VARCHAR" size="255" required="false" default=""/>
<column name="PRF_UID" type="VARCHAR" size="32" required="false" default="" /> <column name="PRF_UID" type="VARCHAR" size="32" required="false" default="" />
<column name="EMAIL_SERVER_UID" type="VARCHAR" size="32" required="false" default="" /> <column name="EMAIL_SERVER_UID" type="VARCHAR" size="32" required="false" default="" />
</table> </table>

6
workflow/engine/content/translations/english/processmaker.en.po
View File

@@ -9326,6 +9326,12 @@ msgstr "Web Entry deleted correctly"
msgid "[LABEL/ID_PASSWORD] Password" msgid "[LABEL/ID_PASSWORD] Password"
msgstr "Password" msgstr "Password"
# TRANSLATION
# LABEL/ID_PASSWORD_CONFIRM
#: LABEL/ID_PASSWORD_CONFIRM
msgid "[LABEL/ID_PASSWORD_CONFIRM] Confirm Password"
msgstr "Confirm Password"
# TRANSLATION # TRANSLATION
# LABEL/ID_NOT_DEFINED # LABEL/ID_NOT_DEFINED
#: LABEL/ID_NOT_DEFINED #: LABEL/ID_NOT_DEFINED

125
workflow/engine/controllers/designer.php
View File

@@ -7,11 +7,16 @@
* @access public * @access public
*/ */
use Maveriks\Util\ClassLoader;
use \OAuth2\Request;
use \ProcessMaker\BusinessModel\Light\Tracker;
use \ProcessMaker\Services\OAuth2\Server;
class Designer extends Controller class Designer extends Controller
{ {
protected $clientId = 'x-pm-local-client'; protected $clientId = 'x-pm-local-client';
public function __construct () public function __construct()
{ {
} }
@@ -26,57 +31,16 @@ class Designer extends Controller
$proUid = isset($httpData->prj_uid) ? $httpData->prj_uid : ''; $proUid = isset($httpData->prj_uid) ? $httpData->prj_uid : '';
$appUid = isset($httpData->app_uid) ? $httpData->app_uid : ''; $appUid = isset($httpData->app_uid) ? $httpData->app_uid : '';
$proReadOnly = isset($httpData->prj_readonly) ? $httpData->prj_readonly : 'false'; $proReadOnly = isset($httpData->prj_readonly) ? $httpData->prj_readonly : 'false';
$client = $this->getClientCredentials();
if (isset($httpData->tracker_designer) && $httpData->tracker_designer == 1) { $clientToken = $this->getCredentials($httpData);
try {
if (!isset($_SESSION['CASE']) && !isset($_SESSION['PIN'])) {
throw (new \Exception(
\G::LoadTranslation('ID_CASE_NOT_EXISTS') . "\n" . \G::LoadTranslation('ID_PIN_INVALID')
));
}
\ProcessMaker\BusinessModel\Light\Tracker::authentication($_SESSION['CASE'], $_SESSION['PIN']);
} catch (\Exception $e) {
Bootstrap::registerMonolog('CaseTracker', 400, $e->getMessage(), [], SYS_SYS, 'processmaker.log');
\G::header('Location: /errors/error403.php');
die();
}
$client["tracker_designer"] = 1;
}
$authCode = $this->getAuthorizationCode($client);
$debug = false; //System::isDebugMode(); $debug = false; //System::isDebugMode();
$loader = Maveriks\Util\ClassLoader::getInstance();
$loader->add(PATH_TRUNK . 'vendor/bshaffer/oauth2-server-php/src/', "OAuth2");
$request = array(
'grant_type' => 'authorization_code',
'code' => $authCode
);
$server = array(
'REQUEST_METHOD' => 'POST'
);
$headers = array(
"PHP_AUTH_USER" => $client['CLIENT_ID'],
"PHP_AUTH_PW" => $client['CLIENT_SECRET'],
"Content-Type" => "multipart/form-data;",
"Authorization" => "Basic " . base64_encode($client['CLIENT_ID'] . ":" . $client['CLIENT_SECRET'])
);
$request = new \OAuth2\Request(array(), $request, array(), array(), array(), $server, null, $headers);
$oauthServer = new \ProcessMaker\Services\OAuth2\Server();
$response = $oauthServer->postToken($request, true);
$clientToken = $response->getParameters();
$clientToken["client_id"] = $client['CLIENT_ID'];
$clientToken["client_secret"] = $client['CLIENT_SECRET'];
$consolidated = 0; $consolidated = 0;
$enterprise = 0; $enterprise = 0;
$distribution = 0; $distribution = 0;
/*----------------------------------********---------------------------------*/ /*----------------------------------********---------------------------------*/
$licensedFeatures = & PMLicensedFeatures::getSingleton(); $licensedFeatures = &PMLicensedFeatures::getSingleton();
if ($licensedFeatures->verifyfeature('7TTeDBQeWRoZTZKYjh4eFpYUlRDUUEyVERPU3FxellWank=')) { if ($licensedFeatures->verifyfeature('7TTeDBQeWRoZTZKYjh4eFpYUlRDUUEyVERPU3FxellWank=')) {
$consolidated = 1; $consolidated = 1;
} }
@@ -101,10 +65,10 @@ class Designer extends Controller
$this->setVar('HTTP_SERVER_HOSTNAME', PmSystem::getHttpServerHostnameRequestsFrontEnd()); $this->setVar('HTTP_SERVER_HOSTNAME', PmSystem::getHttpServerHostnameRequestsFrontEnd());
if ($debug) { if ($debug) {
if (! file_exists(PATH_HTML . "lib-dev/pmUI/build.cache")) { if (!file_exists(PATH_HTML . "lib-dev/pmUI/build.cache")) {
throw new RuntimeException("Development JS Files were are not generated!.\nPlease execute: \$>rake pmBuildDebug in pmUI project"); throw new RuntimeException("Development JS Files were are not generated!.\nPlease execute: \$>rake pmBuildDebug in pmUI project");
} }
if (! file_exists(PATH_HTML . "lib-dev/mafe/build.cache")) { if (!file_exists(PATH_HTML . "lib-dev/mafe/build.cache")) {
throw new RuntimeException("Development JS Files were are not generated!.\nPlease execute: \$>rake pmBuildDebug in MichelangeloFE project"); throw new RuntimeException("Development JS Files were are not generated!.\nPlease execute: \$>rake pmBuildDebug in MichelangeloFE project");
} }
@@ -128,7 +92,7 @@ class Designer extends Controller
$this->setVar('mafeCssFiles', $mafeCssFiles); $this->setVar('mafeCssFiles', $mafeCssFiles);
} else { } else {
$buildhashFile = PATH_HTML . "lib/buildhash"; $buildhashFile = PATH_HTML . "lib/buildhash";
if (! file_exists($buildhashFile)) { if (!file_exists($buildhashFile)) {
throw new RuntimeException("CSS and JS Files were are not generated!.\nPlease review install process"); throw new RuntimeException("CSS and JS Files were are not generated!.\nPlease review install process");
} }
$buildhash = file_get_contents($buildhashFile); $buildhash = file_get_contents($buildhashFile);
@@ -137,7 +101,7 @@ class Designer extends Controller
$translationMafe = "/translations/translationsMafe.js"; $translationMafe = "/translations/translationsMafe.js";
$this->setVar('translationMafe', $translationMafe); $this->setVar('translationMafe', $translationMafe);
if (!file_exists(PATH_HTML . "translations" . PATH_SEP. 'translationsMafe' . ".js")) { if (!file_exists(PATH_HTML . "translations" . PATH_SEP . 'translationsMafe' . ".js")) {
$translation = new Translation(); $translation = new Translation();
$translation->generateFileTranslationMafe(); $translation->generateFileTranslationMafe();
} }
@@ -197,10 +161,10 @@ class Designer extends Controller
protected function getAuthorizationCode($client) protected function getAuthorizationCode($client)
{ {
\ProcessMaker\Services\OAuth2\Server::setDatabaseSource($this->getDsn()); Server::setDatabaseSource($this->getDsn());
\ProcessMaker\Services\OAuth2\Server::setPmClientId($client['CLIENT_ID']); Server::setPmClientId($client['CLIENT_ID']);
$oauthServer = new \ProcessMaker\Services\OAuth2\Server(); $oauthServer = new Server();
if (isset($client["tracker_designer"]) && $client["tracker_designer"] == 1) { if (isset($client["tracker_designer"]) && $client["tracker_designer"] == 1) {
$_SESSION["USER_LOGGED"] = "00000000000000000000000000000001"; $_SESSION["USER_LOGGED"] = "00000000000000000000000000000001";
@@ -215,7 +179,7 @@ class Designer extends Controller
)); ));
$response = $oauthServer->postAuthorize($authorize, $userId, true); $response = $oauthServer->postAuthorize($authorize, $userId, true);
$code = substr($response->getHttpHeader('Location'), strpos($response->getHttpHeader('Location'), 'code=')+5, 40); $code = substr($response->getHttpHeader('Location'), strpos($response->getHttpHeader('Location'), 'code=') + 5, 40);
if (isset($client["tracker_designer"]) && $client["tracker_designer"] == 1) { if (isset($client["tracker_designer"]) && $client["tracker_designer"] == 1) {
unset($_SESSION["USER_LOGGED"]); unset($_SESSION["USER_LOGGED"]);
@@ -228,8 +192,63 @@ class Designer extends Controller
{ {
list($host, $port) = strpos(DB_HOST, ':') !== false ? explode(':', DB_HOST) : array(DB_HOST, ''); list($host, $port) = strpos(DB_HOST, ':') !== false ? explode(':', DB_HOST) : array(DB_HOST, '');
$port = empty($port) ? '' : ";port=$port"; $port = empty($port) ? '' : ";port=$port";
$dsn = DB_ADAPTER.':host='.$host.';dbname='.DB_NAME.$port; $dsn = DB_ADAPTER . ':host=' . $host . ';dbname=' . DB_NAME . $port;
return array('dsn' => $dsn, 'username' => DB_USER, 'password' => DB_PASS); return array('dsn' => $dsn, 'username' => DB_USER, 'password' => DB_PASS);
} }
/**
* Return credentials oauth2
*
* @param object $httpData
* @return array credentials
*/
public function getCredentials($httpData = null)
{
$client = $this->getClientCredentials();
if (!empty($httpData->tracker_designer) && $httpData->tracker_designer == 1) {
try {
if (!isset($_SESSION['CASE']) && !isset($_SESSION['PIN'])) {
throw (new \Exception(
\G::LoadTranslation('ID_CASE_NOT_EXISTS') . "\n" . \G::LoadTranslation('ID_PIN_INVALID')
));
}
Tracker::authentication($_SESSION['CASE'], $_SESSION['PIN']);
} catch (\Exception $e) {
Bootstrap::registerMonolog('CaseTracker', 400, $e->getMessage(), [], SYS_SYS, 'processmaker.log');
\G::header('Location: /errors/error403.php');
die();
}
$client["tracker_designer"] = 1;
}
$authCode = $this->getAuthorizationCode($client);
$loader = ClassLoader::getInstance();
$loader->add(PATH_TRUNK . 'vendor/bshaffer/oauth2-server-php/src/', "OAuth2");
$request = array(
'grant_type' => 'authorization_code',
'code' => $authCode
);
$server = array(
'REQUEST_METHOD' => 'POST'
);
$headers = array(
"PHP_AUTH_USER" => $client['CLIENT_ID'],
"PHP_AUTH_PW" => $client['CLIENT_SECRET'],
"Content-Type" => "multipart/form-data;",
"Authorization" => "Basic " . base64_encode($client['CLIENT_ID'] . ":" . $client['CLIENT_SECRET'])
);
$request = new Request(array(), $request, array(), array(), array(), $server, null, $headers);
$oauthServer = new Server();
$response = $oauthServer->postToken($request, true);
$clientToken = $response->getParameters();
$clientToken["client_id"] = $client['CLIENT_ID'];
$clientToken["client_secret"] = $client['CLIENT_SECRET'];
return $clientToken;
}
} }

1
workflow/engine/data/mysql/insert.sql
View File

@@ -3025,6 +3025,7 @@ INSERT INTO TRANSLATION (TRN_CATEGORY,TRN_ID,TRN_LANG,TRN_VALUE,TRN_UPDATE_DATE
( 'LABEL','ID_CONFIRM_DELETE_WEB_ENTRY','en','Do you want to delete current web entry?','2014-01-15') , ( 'LABEL','ID_CONFIRM_DELETE_WEB_ENTRY','en','Do you want to delete current web entry?','2014-01-15') ,
( 'LABEL','ID_WEB_ENTRY_SUCCESS_DELETE','en','Web Entry deleted correctly','2014-01-15') , ( 'LABEL','ID_WEB_ENTRY_SUCCESS_DELETE','en','Web Entry deleted correctly','2014-01-15') ,
( 'LABEL','ID_PASSWORD','en','Password','2014-01-15') , ( 'LABEL','ID_PASSWORD','en','Password','2014-01-15') ,
( 'LABEL','ID_PASSWORD_CONFIRM','en','Confirm Password','2017-07-25') ,
( 'LABEL','ID_NOT_DEFINED','en','Not defined','2014-01-15') , ( 'LABEL','ID_NOT_DEFINED','en','Not defined','2014-01-15') ,
( 'LABEL','ID_WEB_ENTRY_SUCCESS_NEW','en','Web Entry has been created correctly.','2014-01-15') , ( 'LABEL','ID_WEB_ENTRY_SUCCESS_NEW','en','Web Entry has been created correctly.','2014-01-15') ,
( 'LABEL','ID_REMOVE_ALL_BUTTON_FACE','en','<<','2014-01-15') , ( 'LABEL','ID_REMOVE_ALL_BUTTON_FACE','en','<<','2014-01-15') ,

2
workflow/engine/data/mysql/schema.sql
View File

@@ -3068,7 +3068,7 @@ CREATE TABLE `EMAIL_EVENT`
`EVN_UID` VARCHAR(32) NOT NULL, `EVN_UID` VARCHAR(32) NOT NULL,
`EMAIL_EVENT_FROM` VARCHAR(100) default '' NOT NULL, `EMAIL_EVENT_FROM` VARCHAR(100) default '' NOT NULL,
`EMAIL_EVENT_TO` MEDIUMTEXT NOT NULL, `EMAIL_EVENT_TO` MEDIUMTEXT NOT NULL,
`EMAIL_EVENT_SUBJECT` VARCHAR(150) default '', `EMAIL_EVENT_SUBJECT` VARCHAR(255) default '',
`PRF_UID` VARCHAR(32) default '', `PRF_UID` VARCHAR(32) default '',
`EMAIL_SERVER_UID` VARCHAR(32) default '', `EMAIL_SERVER_UID` VARCHAR(32) default '',
PRIMARY KEY (`EMAIL_EVENT_UID`) PRIMARY KEY (`EMAIL_EVENT_UID`)

7
workflow/engine/methods/processes/mainInit.php
View File

@@ -88,6 +88,13 @@ $oHeadPublisher->assign("arrayMenuNewOptionPlugin", $arrayMenuNewOptionPlugin);
$oHeadPublisher->assign("arrayContextMenuOptionPlugin", $arrayContextMenuOptionPlugin); $oHeadPublisher->assign("arrayContextMenuOptionPlugin", $arrayContextMenuOptionPlugin);
$oHeadPublisher->assign('extJsViewState', $oHeadPublisher->getExtJsViewState()); $oHeadPublisher->assign('extJsViewState', $oHeadPublisher->getExtJsViewState());
$designer = new Designer();
$oHeadPublisher->assign('SYS_SYS', SYS_SYS);
$oHeadPublisher->assign('SYS_LANG', SYS_LANG);
$oHeadPublisher->assign('SYS_SKIN', SYS_SKIN);
$oHeadPublisher->assign('HTTP_SERVER_HOSTNAME', PmSystem::getHttpServerHostnameRequestsFrontEnd());
$oHeadPublisher->assign('credentials', base64_encode(G::json_encode($designer->getCredentials())));
$deleteCasesFlag = false; $deleteCasesFlag = false;
global $RBAC; global $RBAC;
if($RBAC->userCanAccess('PM_DELETE_PROCESS_CASES') === 1) { if($RBAC->userCanAccess('PM_DELETE_PROCESS_CASES') === 1) {

22
workflow/engine/src/ProcessMaker/BusinessModel/ProcessPermissions.php
View File

@@ -1,6 +1,7 @@
<?php <?php
namespace ProcessMaker\BusinessModel; namespace ProcessMaker\BusinessModel;
use Behat\Behat\Exception\Exception;
use \G; use \G;
use \Cases; use \Cases;
use \Criteria; use \Criteria;
@@ -207,24 +208,22 @@ class ProcessPermissions
/** /**
* Save Process Permission * Save Process Permission
* *
* @var array $data. Data for Process Permission * @var array $data, Data for Process Permission
* @var string $op_uid. Uid for Process Permission * @var string $opUid, Uid for Process Permission
* *
* @access public * @access public
* @author Brayan Pereyra (Cochalo) <brayan@colosa.com>
* @copyright Colosa - Bolivia
* *
* @return void * @return void
* @throws Exception
*/ */
public function saveProcessPermission($data, $opUid = '')
public function saveProcessPermission($data, $op_uid = '')
{ {
try { try {
$data = array_change_key_case($data, CASE_UPPER); $data = array_change_key_case($data, CASE_UPPER);
$this->validateProUid($data['PRO_UID']); $this->validateProUid($data['PRO_UID']);
if ($op_uid != '') { if ($opUid != '') {
$op_uid = $this->validateOpUid($op_uid); $opUid = $this->validateOpUid($opUid);
} }
if ($data['OP_USER_RELATION'] == "1") { if ($data['OP_USER_RELATION'] == "1") {
$this->validateUsrUid($data['USR_UID']); $this->validateUsrUid($data['USR_UID']);
@@ -257,6 +256,9 @@ class ProcessPermissions
} }
$sObjectUID = $data['DYNAFORMS']; $sObjectUID = $data['DYNAFORMS'];
break; break;
case 'ATTACHED':
$sObjectUID = '';
break;
case 'INPUT': case 'INPUT':
$data['INPUTS'] = $data['INPUTS'] == 0 ? '': $data['INPUTS']; $data['INPUTS'] = $data['INPUTS'] == 0 ? '': $data['INPUTS'];
if ($data['INPUTS'] != '') { if ($data['INPUTS'] != '') {
@@ -273,11 +275,11 @@ class ProcessPermissions
break; break;
} }
$oOP = new \ObjectPermission(); $oOP = new \ObjectPermission();
$permissionUid = ($op_uid != '') ? $op_uid : G::generateUniqueID(); $permissionUid = ($opUid != '') ? $opUid : G::generateUniqueID();
$data['OP_UID'] = $permissionUid; $data['OP_UID'] = $permissionUid;
$data['OP_OBJ_UID'] = $sObjectUID; $data['OP_OBJ_UID'] = $sObjectUID;
if ($op_uid == '') { if ($opUid == '') {
$oOP->fromArray( $data, \BasePeer::TYPE_FIELDNAME ); $oOP->fromArray( $data, \BasePeer::TYPE_FIELDNAME );
$oOP->save(); $oOP->save();
$daraRes = $oOP->load($permissionUid); $daraRes = $oOP->load($permissionUid);

4
workflow/engine/src/ProcessMaker/Services/Api/Project/ProcessPermissions.php
View File

@@ -65,7 +65,7 @@ class ProcessPermissions extends Api
* @param string $op_user_relation {@from body} {@choice 1,2} * @param string $op_user_relation {@from body} {@choice 1,2}
* @param string $op_case_status {@from body} {@choice ALL,DRAFT,TO_DO,PAUSED,COMPLETED} * @param string $op_case_status {@from body} {@choice ALL,DRAFT,TO_DO,PAUSED,COMPLETED}
* @param string $op_participate {@from body} {@choice 0,1} * @param string $op_participate {@from body} {@choice 0,1}
* @param string $op_obj_type {@from body} {@choice ANY,DYNAFORM,INPUT,OUTPUT,CASES_NOTES,MSGS_HISTORY,SUMMARY_FORM} * @param string $op_obj_type {@from body} {@choice ANY,DYNAFORM,ATTACHMENT,INPUT,OUTPUT,CASES_NOTES,MSGS_HISTORY,SUMMARY_FORM}
* @param string $op_action {@from body} {@choice VIEW,BLOCK,DELETE,RESEND} * @param string $op_action {@from body} {@choice VIEW,BLOCK,DELETE,RESEND}
* @param string $tas_uid {@from body} * @param string $tas_uid {@from body}
* @param string $op_task_source {@from body} * @param string $op_task_source {@from body}
@@ -123,7 +123,7 @@ class ProcessPermissions extends Api
* @param string $op_user_relation {@from body} {@choice 1,2} * @param string $op_user_relation {@from body} {@choice 1,2}
* @param string $op_case_status {@from body} {@choice ALL,DRAFT,TO_DO,PAUSED,COMPLETED} * @param string $op_case_status {@from body} {@choice ALL,DRAFT,TO_DO,PAUSED,COMPLETED}
* @param string $op_participate {@from body} {@choice 0,1} * @param string $op_participate {@from body} {@choice 0,1}
* @param string $op_obj_type {@from body} {@choice ANY,DYNAFORM,INPUT,OUTPUT,CASES_NOTES,MSGS_HISTORY,SUMMARY_FORM} * @param string $op_obj_type {@from body} {@choice ANY,DYNAFORM,ATTACHMENT,INPUT,OUTPUT,CASES_NOTES,MSGS_HISTORY,SUMMARY_FORM}
* @param string $op_action {@from body} {@choice VIEW,BLOCK,DELETE,RESEND} * @param string $op_action {@from body} {@choice VIEW,BLOCK,DELETE,RESEND}
* @param string $tas_uid {@from body} * @param string $tas_uid {@from body}
* @param string $op_task_source {@from body} * @param string $op_task_source {@from body}