HOR-3482
This commit is contained in:
Paula Quispe
@@ -5788,8 +5788,8 @@ class Cases
|
||||
* @param string $tasUid
|
||||
* @param string $usrUid
|
||||
* @param string $action some action [VIEW, BLOCK, RESEND]
|
||||
* @param string $delIndex
|
||||
* @return Array within all user permitions all objects' types
|
||||
* @param integer $delIndex
|
||||
* @return array within all user permissions all objects' types
|
||||
*/
|
||||
public function getAllObjectsFrom($proUid, $appUid, $tasUid = '', $usrUid = '', $action = '', $delIndex = 0)
|
||||
{
|
||||
@@ -5808,6 +5808,7 @@ class Cases
|
||||
$result = array(
|
||||
"DYNAFORM" => array(),
|
||||
"INPUT" => array(),
|
||||
"ATTACHMENT" => array(),
|
||||
"OUTPUT" => array(),
|
||||
"CASES_NOTES" => 0,
|
||||
"MSGS_HISTORY" => array()
|
||||
@@ -5878,6 +5879,15 @@ class Cases
|
||||
$opObjUid,
|
||||
$aCase['APP_STATUS']
|
||||
);
|
||||
//For Attachment
|
||||
$result['ATTACHMENT'] = $oObjectPermission->objectPermissionByOutputInput(
|
||||
$appUid,
|
||||
$proUid,
|
||||
$opTaskSource,
|
||||
'ATTACHED',
|
||||
$opObjUid,
|
||||
$aCase['APP_STATUS']
|
||||
);
|
||||
|
||||
$result['CASES_NOTES'] = 1;
|
||||
/*----------------------------------********---------------------------------*/
|
||||
@@ -5914,6 +5924,16 @@ class Cases
|
||||
$aCase['APP_STATUS']
|
||||
);
|
||||
break;
|
||||
case 'ATTACHMENT':
|
||||
$result['ATTACHMENT'] = $oObjectPermission->objectPermissionByOutputInput(
|
||||
$appUid,
|
||||
$proUid,
|
||||
$opTaskSource,
|
||||
'ATTACHED',
|
||||
$opObjUid,
|
||||
$aCase['APP_STATUS']
|
||||
);
|
||||
break;
|
||||
case 'OUTPUT':
|
||||
$result['OUTPUT'] = $oObjectPermission->objectPermissionByOutputInput(
|
||||
$appUid,
|
||||
@@ -5948,9 +5968,10 @@ class Cases
|
||||
}
|
||||
}
|
||||
|
||||
return Array(
|
||||
return array(
|
||||
"DYNAFORMS" => $result['DYNAFORM'],
|
||||
"INPUT_DOCUMENTS" => $result['INPUT'],
|
||||
"ATTACHMENTS" => $result['ATTACHMENT'],
|
||||
"OUTPUT_DOCUMENTS" => $result['OUTPUT'],
|
||||
"CASES_NOTES" => $result['CASES_NOTES'],
|
||||
"MSGS_HISTORY" => $result['MSGS_HISTORY']
|
||||
|
||||
@@ -547,6 +547,7 @@ class AppDocument extends BaseAppDocument
|
||||
*/
|
||||
public function canDownloadInput($user, $appDocUid, $version)
|
||||
{
|
||||
//Check if the the requester is the owner in the file
|
||||
$oCriteria = new Criteria('workflow');
|
||||
$oCriteria->addSelectColumn(AppDocumentPeer::APP_UID);
|
||||
$oCriteria->addJoin(AppDocumentPeer::DOC_UID, InputDocumentPeer::INP_DOC_UID, Criteria::LEFT_JOIN);
|
||||
@@ -560,11 +561,11 @@ class AppDocument extends BaseAppDocument
|
||||
if ($dataset->getRow()) {
|
||||
return true;
|
||||
} else {
|
||||
//Review if is a INPUT or ATTACHED
|
||||
$oCriteria = new Criteria("workflow");
|
||||
$oCriteria->addSelectColumn(AppDocumentPeer::APP_UID);
|
||||
$oCriteria->addSelectColumn(AppDocumentPeer::DOC_UID);
|
||||
$oCriteria->addSelectColumn(InputDocumentPeer::PRO_UID);
|
||||
$oCriteria->addJoin(AppDocumentPeer::DOC_UID, InputDocumentPeer::INP_DOC_UID, Criteria::LEFT_JOIN);
|
||||
$oCriteria->addSelectColumn(AppDocumentPeer::APP_DOC_TYPE);
|
||||
$oCriteria->add(AppDocumentPeer::APP_DOC_UID, $appDocUid);
|
||||
$oCriteria->add(AppDocumentPeer::DOC_VERSION, $version);
|
||||
$oCriteria->setLimit(1);
|
||||
@@ -572,28 +573,56 @@ class AppDocument extends BaseAppDocument
|
||||
$dataset->setFetchmode(ResultSet::FETCHMODE_ASSOC);
|
||||
$dataset->next();
|
||||
$row = $dataset->getRow();
|
||||
$cases = new \ProcessMaker\BusinessModel\Cases();
|
||||
$userAuthorization = $cases->userAuthorization(
|
||||
$user,
|
||||
$row['PRO_UID'],
|
||||
$row['APP_UID'],
|
||||
array(),
|
||||
array('INPUT_DOCUMENTS' => 'VIEW')
|
||||
);
|
||||
|
||||
if (in_array($appDocUid, $userAuthorization['objectPermissions']['INPUT_DOCUMENTS'])) {
|
||||
return true;
|
||||
}
|
||||
|
||||
if ($userAuthorization['supervisor']) {
|
||||
$criteria = new Criteria("workflow");
|
||||
$criteria->addSelectColumn(StepSupervisorPeer::STEP_UID);
|
||||
$criteria->add(StepSupervisorPeer::STEP_TYPE_OBJ, "INPUT_DOCUMENT", \Criteria::EQUAL);
|
||||
$criteria->add(StepSupervisorPeer::STEP_UID_OBJ, $row['DOC_UID'], \Criteria::EQUAL);
|
||||
$rsCriteria = StepSupervisorPeer::doSelectRS($criteria);
|
||||
if ($rsCriteria->next()) {
|
||||
if ($row['DOC_UID'] == '-1') {
|
||||
//If is an attached we only verify if is a supervisor in the process
|
||||
$appUid = $row['APP_UID'];
|
||||
$oApplication = new Application();
|
||||
$aColumns = $oApplication->Load($appUid);
|
||||
$cases = new \ProcessMaker\BusinessModel\Cases();
|
||||
$userAuthorization = $cases->userAuthorization(
|
||||
$user,
|
||||
$aColumns['PRO_UID'],
|
||||
$appUid,
|
||||
array(),
|
||||
array('ATTACHMENTS' => 'VIEW')
|
||||
);
|
||||
//Has permissions?
|
||||
if (in_array($appDocUid, $userAuthorization['objectPermissions']['ATTACHMENTS'])) {
|
||||
return true;
|
||||
}
|
||||
//Is supervisor?
|
||||
if ($userAuthorization['supervisor']) {
|
||||
return true;
|
||||
}
|
||||
} else {
|
||||
//If is an file related an input document, we will check if the user is a supervisor or has permissions
|
||||
$appUid = $row['APP_UID'];
|
||||
$oInputDoc = new InputDocument();
|
||||
$aColumns = $oInputDoc->Load($row['DOC_UID']);
|
||||
$cases = new \ProcessMaker\BusinessModel\Cases();
|
||||
$userAuthorization = $cases->userAuthorization(
|
||||
$user,
|
||||
$aColumns['PRO_UID'],
|
||||
$appUid,
|
||||
array(),
|
||||
array('INPUT_DOCUMENTS' => 'VIEW')
|
||||
);
|
||||
//Has permissions?
|
||||
if (in_array($appDocUid, $userAuthorization['objectPermissions']['INPUT_DOCUMENTS'])) {
|
||||
return true;
|
||||
}
|
||||
//Is supervisor?
|
||||
if ($userAuthorization['supervisor']) {
|
||||
//Review if the supervisor has assigned the object input document
|
||||
$criteria = new Criteria("workflow");
|
||||
$criteria->addSelectColumn(StepSupervisorPeer::STEP_UID);
|
||||
$criteria->add(StepSupervisorPeer::STEP_TYPE_OBJ, "INPUT_DOCUMENT", \Criteria::EQUAL);
|
||||
$criteria->add(StepSupervisorPeer::STEP_UID_OBJ, $row['DOC_UID'], \Criteria::EQUAL);
|
||||
$rsCriteria = StepSupervisorPeer::doSelectRS($criteria);
|
||||
if ($rsCriteria->next()) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
return false;
|
||||
|
||||
@@ -383,10 +383,10 @@ class ObjectPermission extends BaseObjectPermission
|
||||
}
|
||||
switch ($obType) {
|
||||
case 'INPUT':
|
||||
$oCriteria->add(
|
||||
$oCriteria->getNewCriterion(AppDocumentPeer::APP_DOC_TYPE, 'INPUT')->
|
||||
addOr($oCriteria->getNewCriterion(AppDocumentPeer::APP_DOC_TYPE, 'ATTACHED'))
|
||||
);
|
||||
$oCriteria->add(AppDocumentPeer::APP_DOC_TYPE, 'INPUT');
|
||||
break;
|
||||
case 'ATTACHED':
|
||||
$oCriteria->add(AppDocumentPeer::APP_DOC_TYPE, 'ATTACHED');
|
||||
break;
|
||||
case 'OUTPUT':
|
||||
$oCriteria->add(AppDocumentPeer::APP_DOC_TYPE, 'OUTPUT');
|
||||
@@ -399,9 +399,6 @@ class ObjectPermission extends BaseObjectPermission
|
||||
$result = array();
|
||||
while ($oDataset->next()) {
|
||||
$aRow = $oDataset->getRow();
|
||||
if ($aRow['APP_DOC_TYPE'] == "ATTACHED") {
|
||||
$aRow['APP_DOC_TYPE'] = "INPUT";
|
||||
}
|
||||
if (!in_array($aRow['APP_DOC_UID'], $result)) {
|
||||
array_push($result, $aRow['APP_DOC_UID']);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user