HOR-2830
This commit is contained in:
Paula Quispe
@@ -79,7 +79,8 @@ class System
|
||||
'server_hostname_requests_frontend' => '',
|
||||
'load_headers_ie' => 0,
|
||||
'redirect_to_mobile' => 0,
|
||||
'disable_php_upload_execution' => 0
|
||||
'disable_php_upload_execution' => 0,
|
||||
'disable_download_documents_session_validation' => 0
|
||||
);
|
||||
|
||||
/**
|
||||
|
||||
@@ -26,8 +26,6 @@
|
||||
*
|
||||
* @author David Callizaya <davidsantos@colosa.com>
|
||||
*/
|
||||
|
||||
require_once ("classes/model/AppDocumentPeer.php");
|
||||
if (isset($_REQUEST['actionAjax']) && $_REQUEST['actionAjax'] == "verifySession" ) {
|
||||
if (!isset($_SESSION['USER_LOGGED'])) {
|
||||
if ((isset( $_POST['request'] )) && ($_POST['request'] == true)) {
|
||||
@@ -47,14 +45,17 @@ if (isset($_REQUEST['actionAjax']) && $_REQUEST['actionAjax'] == "verifySession"
|
||||
die();
|
||||
}
|
||||
}
|
||||
//v = Version
|
||||
//a = Case UID
|
||||
|
||||
require_once ("classes/model/AppDocumentPeer.php");
|
||||
$oAppDocument = new AppDocument();
|
||||
|
||||
if (!$oAppDocument->canDownloadInput($_SESSION['USER_LOGGED'], $_GET['a'], $_GET['v'])) {
|
||||
G::header('Location: /errors/error403.php');
|
||||
die();
|
||||
//Check if the user can be download the input Document
|
||||
//Send the parameter v = Version
|
||||
//Send the parameter a = Case UID
|
||||
if (defined('DISABLE_DOWNLOAD_DOCUMENTS_SESSION_VALIDATION') && DISABLE_DOWNLOAD_DOCUMENTS_SESSION_VALIDATION == 0) {
|
||||
if (!$oAppDocument->canDownloadInput($_SESSION['USER_LOGGED'], $_GET['a'], $_GET['v'])) {
|
||||
G::header('Location: /errors/error403.php');
|
||||
die();
|
||||
}
|
||||
}
|
||||
|
||||
if (! isset( $_GET['v'] )) {
|
||||
|
||||
@@ -1,23 +1,4 @@
|
||||
<?php
|
||||
if (isset($_REQUEST['actionAjax']) && $_REQUEST['actionAjax'] == "verifySession" ) {
|
||||
if (!isset($_SESSION['USER_LOGGED'])) {
|
||||
if ((isset( $_POST['request'] )) && ($_POST['request'] == true)) {
|
||||
$response = new stdclass();
|
||||
$response->message = G::LoadTranslation('ID_LOGIN_AGAIN');
|
||||
$response->lostSession = true;
|
||||
print G::json_encode( $response );
|
||||
die();
|
||||
} else {
|
||||
G::SendMessageText( G::LoadTranslation('ID_LOGIN_TO_SEE_OUTPUTDOCS'), "WARNING" );
|
||||
G::header("location: " . "/");
|
||||
die();
|
||||
}
|
||||
} else {
|
||||
$response = new stdclass();
|
||||
print G::json_encode( $response );
|
||||
die();
|
||||
}
|
||||
}
|
||||
/**
|
||||
* cases_ShowOutputDocument.php
|
||||
*
|
||||
@@ -46,6 +27,26 @@ if (isset($_REQUEST['actionAjax']) && $_REQUEST['actionAjax'] == "verifySession"
|
||||
* @author David Callizaya <davidsantos@colosa.com>
|
||||
*/
|
||||
|
||||
if (isset($_REQUEST['actionAjax']) && $_REQUEST['actionAjax'] == "verifySession" ) {
|
||||
if (!isset($_SESSION['USER_LOGGED'])) {
|
||||
if ((isset( $_POST['request'] )) && ($_POST['request'] == true)) {
|
||||
$response = new stdclass();
|
||||
$response->message = G::LoadTranslation('ID_LOGIN_AGAIN');
|
||||
$response->lostSession = true;
|
||||
print G::json_encode( $response );
|
||||
die();
|
||||
} else {
|
||||
G::SendMessageText( G::LoadTranslation('ID_LOGIN_TO_SEE_OUTPUTDOCS'), "WARNING" );
|
||||
G::header("location: " . "/");
|
||||
die();
|
||||
}
|
||||
} else {
|
||||
$response = new stdclass();
|
||||
print G::json_encode( $response );
|
||||
die();
|
||||
}
|
||||
}
|
||||
|
||||
require_once ("classes/model/AppDocumentPeer.php");
|
||||
require_once ("classes/model/OutputDocumentPeer.php");
|
||||
|
||||
@@ -60,17 +61,20 @@ $oOutputDocument->Fields = $oOutputDocument->getByUid($sDocUid);
|
||||
$download = $oOutputDocument->Fields['OUT_DOC_OPEN_TYPE'];
|
||||
|
||||
//Check if the user can be download the Output Document
|
||||
if (!$oAppDocument->canDownloadOutput(
|
||||
$oAppDocument->Fields['USR_UID'],
|
||||
$_SESSION['USER_LOGGED'],
|
||||
$oOutputDocument->Fields['PRO_UID'],
|
||||
$oAppDocument->Fields['APP_UID'],
|
||||
$sAppDocUid)
|
||||
) {
|
||||
G::header('Location: /errors/error403.php');
|
||||
die();
|
||||
if (defined('DISABLE_DOWNLOAD_DOCUMENTS_SESSION_VALIDATION') && DISABLE_DOWNLOAD_DOCUMENTS_SESSION_VALIDATION == 0) {
|
||||
if (!$oAppDocument->canDownloadOutput(
|
||||
$oAppDocument->Fields['USR_UID'],
|
||||
$_SESSION['USER_LOGGED'],
|
||||
$oOutputDocument->Fields['PRO_UID'],
|
||||
$oAppDocument->Fields['APP_UID'],
|
||||
$sAppDocUid)
|
||||
) {
|
||||
G::header('Location: /errors/error403.php');
|
||||
die();
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
$info = pathinfo( $oAppDocument->getAppDocFilename() );
|
||||
if (! isset( $_GET['ext'] )) {
|
||||
$ext = $info['extension'];
|
||||
|
||||
@@ -338,6 +338,7 @@ define('LOAD_HEADERS_IE', $config['load_headers_ie']);
|
||||
define('LEAVE_CASE_WARNING', $config['leave_case_warning']);
|
||||
define('REDIRECT_TO_MOBILE', $config['redirect_to_mobile']);
|
||||
define('DISABLE_PHP_UPLOAD_EXECUTION', $config['disable_php_upload_execution']);
|
||||
define('DISABLE_DOWNLOAD_DOCUMENTS_SESSION_VALIDATION', $config['disable_download_documents_session_validation']);
|
||||
|
||||
// IIS Compatibility, SERVER_ADDR doesn't exist on that env, so we need to define it.
|
||||
$_SERVER['SERVER_ADDR'] = isset( $_SERVER['SERVER_ADDR'] ) ? $_SERVER['SERVER_ADDR'] : $_SERVER['SERVER_NAME'];
|
||||
@@ -950,6 +951,7 @@ if (! defined( 'EXECUTE_BY_CRON' )) {
|
||||
$noLoginFiles[] = 'ajaxListener';
|
||||
$noLoginFiles[] = 'cases_Step';
|
||||
$noLoginFiles[] = 'cases_ShowOutputDocument';
|
||||
$noLoginFiles[] = 'cases_ShowDocument';
|
||||
$noLoginFiles[] = 'cases_CatchExecute';
|
||||
$noLoginFiles[] = 'cases_SaveData';
|
||||
$noLoginFiles[] = 'cases_Derivate';
|
||||
|
||||
Reference in New Issue
Block a user