Merged in paulis/processmaker/HOR-2019 (pull request #4993)

HOR-2019

workflow/engine/classes/model/ProcessUser.php

@@ -93,17 +93,36 @@ class ProcessUser extends BaseProcessUser
         }
     }
 
-    public function validateUserAccess($proUid, $usrUid, $type)
+    public function validateUserAccess($proUid, $usrUid)
     {
         try {
             $oCriteria = new Criteria();
             $oCriteria->add( ProcessUserPeer::PRO_UID, $proUid );
+            $oCriteria->add( ProcessUserPeer::PU_TYPE, 'SUPERVISOR' );
             $oCriteria->add( ProcessUserPeer::USR_UID, $usrUid );
-            $oCriteria->add( ProcessUserPeer::PU_TYPE, $type );
-            $data = ProcessUserPeer::doSelectOne( $oCriteria );
-            if (! is_null( $data )) {
+            $dataset = ProcessUserPeer::doSelectRS( $oCriteria );
+            $dataset->setFetchmode( ResultSet::FETCHMODE_ASSOC );
+            //If the user is in Assigned supervisors list
+            if($dataset->next()){
                 return true;
             } else {
+                //If the user is in a group in Assigned supervisors list
+                $oCriteria = new Criteria();
+                $oCriteria->add( ProcessUserPeer::PRO_UID, $proUid );
+                $oCriteria->add( ProcessUserPeer::PU_TYPE, 'GROUP_SUPERVISOR');
+                $dataset = ProcessUserPeer::doSelectRS( $oCriteria );
+                $dataset->setFetchmode( ResultSet::FETCHMODE_ASSOC );
+                $oGroups = new Groups();
+                $aGroups = $oGroups->getActiveGroupsForAnUser($usrUid);
+                while ($dataset->next()) {
+                    $row = $dataset->getRow();
+                    $groupUid = $row['USR_UID'];
+                    if (in_array($groupUid, $aGroups)) {
+                        return true;
+                    } else {
+                        return false;
+                    }
+                }
                 return false;
             }
         } catch (Exception $oError) {