fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

HOR-2032

Browse Source 
[Mantis 21439] Input documents can be downloaded via its URL even if there is no valid session
This commit is contained in:
dheeyi william
2017-03-09 19:03:47 -04:00
parent 2aa1abd7de
commit 376032c3ed
2 changed files with 4 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
workflow/engine/classes/model/AppDocument.php
View File

@@ -537,7 +537,7 @@ class AppDocument extends BaseAppDocument
}
/**
* The user that uploaded an input document can download the same input file.
* The user that uploaded a document can download the same input file.
* A participated user or a supervisor must have the process permission "view" to be able to download the input document.
* If the user is a supervisor and had the input document assign, he can download the file too.
* @param $user
@@ -545,7 +545,7 @@ class AppDocument extends BaseAppDocument
* @param $version
* @return bool
*/
public function checkPermissionsToDownload($user, $appDocUid, $version)
public function canDownloadInput($user, $appDocUid, $version)
{
$oCriteria = new Criteria('workflow');
$oCriteria->addSelectColumn(AppDocumentPeer::APP_UID);
@@ -581,7 +581,7 @@ class AppDocument extends BaseAppDocument
array('INPUT_DOCUMENTS' => 'VIEW')
);
if ($userAuthorization['objectPermissions']['INPUT_DOCUMENTS'][0] == $appDocUid) {
if (in_array($appDocUid, $userAuthorization['objectPermissions']['INPUT_DOCUMENTS'])) {
return true;
}