BUG 8408 Acceso a Documentos por usuarios sin permiso... SOLVED

- Not validated the permission PM_FOLDERS_VIEW.
- the user must have this permit and may only view documents in the processes that participate, and for see all with the permission PM_ALLCASES.

workflow/engine/classes/model/AppFolder.php

@@ -203,7 +203,7 @@ if($limit != 0){
     return $folderArray;
   }
 
-  function getFolderContent($folderID, $docIdFilter = array(), $keyword = NULL, $searchType = NULL, $limit=0, $start=0, $user=null) {
+  function getFolderContent($folderID, $docIdFilter = array(), $keyword = NULL, $searchType = NULL, $limit=0, $start=0, $user='') {
     require_once ("classes/model/AppDocument.php");
     require_once ("classes/model/InputDocument.php");
     require_once ("classes/model/OutputDocument.php");
@@ -229,20 +229,23 @@ if($limit != 0){
       $oCriteria->add ( AppDocumentPeer::APP_DOC_TAGS, "%" . $keyword . "%", CRITERIA::LIKE );
     }
 
-    if ($user != null) {
+    if ($user != '') {
         require_once ("classes/model/AppDelegation.php");
         $criteria = new Criteria ();
         $criteria->addSelectColumn (AppDelegationPeer::APP_UID);
         $criteria->setDistinct();
 
-        $criteria->add (AppDelegationPeer::USR_UID, $user);
+        $conditions = array ();
+        $conditions [] = array (AppDelegationPeer::APP_UID, AppDocumentPeer::APP_UID);
+        $conditions [] = array (AppDelegationPeer::DEL_INDEX, AppDocumentPeer::DEL_INDEX);
 
-        $criteria->addJoin(AppDocumentPeer::APP_UID, AppDelegationPeer::APP_UID);
-        $criteria->addJoin(AppDocumentPeer::DEL_INDEX, AppDelegationPeer::DEL_INDEX);
+        $criteria->addJoinMC($conditions, Criteria::LEFT_JOIN);
+
+        $criteria->add(AppDelegationPeer::USR_UID, $user);
 
         $rs2 = AppDocumentPeer::doSelectRS($criteria);
+
         $rs2->setFetchmode(ResultSet::FETCHMODE_ASSOC);
-        //$rs->next();
         $data = array();
         while ($rs2->next()) {
             $row = $rs2->getRow();