fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

HOR-2830

Browse Source
This commit is contained in:
Paula Quispe
2017-03-10 10:59:49 -04:00
parent 7db26a0903
commit 3c88cd091a
4 changed files with 45 additions and 37 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
workflow/engine/methods/cases/cases_ShowDocument.php
View File

@@ -26,8 +26,6 @@
*
* @author David Callizaya <davidsantos@colosa.com>
*/
require_once ("classes/model/AppDocumentPeer.php");
if (isset($_REQUEST['actionAjax']) && $_REQUEST['actionAjax'] == "verifySession" ) {
if (!isset($_SESSION['USER_LOGGED'])) {
if ((isset( $_POST['request'] )) && ($_POST['request'] == true)) {
@@ -47,14 +45,17 @@ if (isset($_REQUEST['actionAjax']) && $_REQUEST['actionAjax'] == "verifySession"
die();
}
}
//v = Version
//a = Case UID
require_once ("classes/model/AppDocumentPeer.php");
$oAppDocument = new AppDocument();
if (!$oAppDocument->canDownloadInput($_SESSION['USER_LOGGED'], $_GET['a'], $_GET['v'])) {
G::header('Location: /errors/error403.php');
die();
//Check if the user can be download the input Document
//Send the parameter v = Version
//Send the parameter a = Case UID
if (defined('DISABLE_DOWNLOAD_DOCUMENTS_SESSION_VALIDATION') && DISABLE_DOWNLOAD_DOCUMENTS_SESSION_VALIDATION == 0) {
if (!$oAppDocument->canDownloadInput($_SESSION['USER_LOGGED'], $_GET['a'], $_GET['v'])) {
G::header('Location: /errors/error403.php');
die();
}
}
if (! isset( $_GET['v'] )) {

60
workflow/engine/methods/cases/cases_ShowOutputDocument.php
View File

@@ -1,23 +1,4 @@
<?php
if (isset($_REQUEST['actionAjax']) && $_REQUEST['actionAjax'] == "verifySession" ) {
if (!isset($_SESSION['USER_LOGGED'])) {
if ((isset( $_POST['request'] )) && ($_POST['request'] == true)) {
$response = new stdclass();
$response->message = G::LoadTranslation('ID_LOGIN_AGAIN');
$response->lostSession = true;
print G::json_encode( $response );
die();
} else {
G::SendMessageText( G::LoadTranslation('ID_LOGIN_TO_SEE_OUTPUTDOCS'), "WARNING" );
G::header("location: " . "/");
die();
}
} else {
$response = new stdclass();
print G::json_encode( $response );
die();
}
}
/**
* cases_ShowOutputDocument.php
*
@@ -46,6 +27,26 @@ if (isset($_REQUEST['actionAjax']) && $_REQUEST['actionAjax'] == "verifySession"
* @author David Callizaya <davidsantos@colosa.com>
*/
if (isset($_REQUEST['actionAjax']) && $_REQUEST['actionAjax'] == "verifySession" ) {
if (!isset($_SESSION['USER_LOGGED'])) {
if ((isset( $_POST['request'] )) && ($_POST['request'] == true)) {
$response = new stdclass();
$response->message = G::LoadTranslation('ID_LOGIN_AGAIN');
$response->lostSession = true;
print G::json_encode( $response );
die();
} else {
G::SendMessageText( G::LoadTranslation('ID_LOGIN_TO_SEE_OUTPUTDOCS'), "WARNING" );
G::header("location: " . "/");
die();
}
} else {
$response = new stdclass();
print G::json_encode( $response );
die();
}
}
require_once ("classes/model/AppDocumentPeer.php");
require_once ("classes/model/OutputDocumentPeer.php");
@@ -60,17 +61,20 @@ $oOutputDocument->Fields = $oOutputDocument->getByUid($sDocUid);
$download = $oOutputDocument->Fields['OUT_DOC_OPEN_TYPE'];
//Check if the user can be download the Output Document
if (!$oAppDocument->canDownloadOutput(
$oAppDocument->Fields['USR_UID'],
$_SESSION['USER_LOGGED'],
$oOutputDocument->Fields['PRO_UID'],
$oAppDocument->Fields['APP_UID'],
$sAppDocUid)
) {
G::header('Location: /errors/error403.php');
die();
if (defined('DISABLE_DOWNLOAD_DOCUMENTS_SESSION_VALIDATION') && DISABLE_DOWNLOAD_DOCUMENTS_SESSION_VALIDATION == 0) {
if (!$oAppDocument->canDownloadOutput(
$oAppDocument->Fields['USR_UID'],
$_SESSION['USER_LOGGED'],
$oOutputDocument->Fields['PRO_UID'],
$oAppDocument->Fields['APP_UID'],
$sAppDocUid)
) {
G::header('Location: /errors/error403.php');
die();
}
}
$info = pathinfo( $oAppDocument->getAppDocFilename() );
if (! isset( $_GET['ext'] )) {
$ext = $info['extension'];