HOR-3482
This commit is contained in:
Paula Quispe
@@ -547,6 +547,7 @@ class AppDocument extends BaseAppDocument
|
||||
*/
|
||||
public function canDownloadInput($user, $appDocUid, $version)
|
||||
{
|
||||
//Check if the the requester is the owner in the file
|
||||
$oCriteria = new Criteria('workflow');
|
||||
$oCriteria->addSelectColumn(AppDocumentPeer::APP_UID);
|
||||
$oCriteria->addJoin(AppDocumentPeer::DOC_UID, InputDocumentPeer::INP_DOC_UID, Criteria::LEFT_JOIN);
|
||||
@@ -560,11 +561,11 @@ class AppDocument extends BaseAppDocument
|
||||
if ($dataset->getRow()) {
|
||||
return true;
|
||||
} else {
|
||||
//Review if is a INPUT or ATTACHED
|
||||
$oCriteria = new Criteria("workflow");
|
||||
$oCriteria->addSelectColumn(AppDocumentPeer::APP_UID);
|
||||
$oCriteria->addSelectColumn(AppDocumentPeer::DOC_UID);
|
||||
$oCriteria->addSelectColumn(InputDocumentPeer::PRO_UID);
|
||||
$oCriteria->addJoin(AppDocumentPeer::DOC_UID, InputDocumentPeer::INP_DOC_UID, Criteria::LEFT_JOIN);
|
||||
$oCriteria->addSelectColumn(AppDocumentPeer::APP_DOC_TYPE);
|
||||
$oCriteria->add(AppDocumentPeer::APP_DOC_UID, $appDocUid);
|
||||
$oCriteria->add(AppDocumentPeer::DOC_VERSION, $version);
|
||||
$oCriteria->setLimit(1);
|
||||
@@ -572,28 +573,56 @@ class AppDocument extends BaseAppDocument
|
||||
$dataset->setFetchmode(ResultSet::FETCHMODE_ASSOC);
|
||||
$dataset->next();
|
||||
$row = $dataset->getRow();
|
||||
$cases = new \ProcessMaker\BusinessModel\Cases();
|
||||
$userAuthorization = $cases->userAuthorization(
|
||||
$user,
|
||||
$row['PRO_UID'],
|
||||
$row['APP_UID'],
|
||||
array(),
|
||||
array('INPUT_DOCUMENTS' => 'VIEW')
|
||||
);
|
||||
|
||||
if (in_array($appDocUid, $userAuthorization['objectPermissions']['INPUT_DOCUMENTS'])) {
|
||||
return true;
|
||||
}
|
||||
|
||||
if ($userAuthorization['supervisor']) {
|
||||
$criteria = new Criteria("workflow");
|
||||
$criteria->addSelectColumn(StepSupervisorPeer::STEP_UID);
|
||||
$criteria->add(StepSupervisorPeer::STEP_TYPE_OBJ, "INPUT_DOCUMENT", \Criteria::EQUAL);
|
||||
$criteria->add(StepSupervisorPeer::STEP_UID_OBJ, $row['DOC_UID'], \Criteria::EQUAL);
|
||||
$rsCriteria = StepSupervisorPeer::doSelectRS($criteria);
|
||||
if ($rsCriteria->next()) {
|
||||
if ($row['DOC_UID'] == '-1') {
|
||||
//If is an attached we only verify if is a supervisor in the process
|
||||
$appUid = $row['APP_UID'];
|
||||
$oApplication = new Application();
|
||||
$aColumns = $oApplication->Load($appUid);
|
||||
$cases = new \ProcessMaker\BusinessModel\Cases();
|
||||
$userAuthorization = $cases->userAuthorization(
|
||||
$user,
|
||||
$aColumns['PRO_UID'],
|
||||
$appUid,
|
||||
array(),
|
||||
array('ATTACHMENTS' => 'VIEW')
|
||||
);
|
||||
//Has permissions?
|
||||
if (in_array($appDocUid, $userAuthorization['objectPermissions']['ATTACHMENTS'])) {
|
||||
return true;
|
||||
}
|
||||
//Is supervisor?
|
||||
if ($userAuthorization['supervisor']) {
|
||||
return true;
|
||||
}
|
||||
} else {
|
||||
//If is an file related an input document, we will check if the user is a supervisor or has permissions
|
||||
$appUid = $row['APP_UID'];
|
||||
$oInputDoc = new InputDocument();
|
||||
$aColumns = $oInputDoc->Load($row['DOC_UID']);
|
||||
$cases = new \ProcessMaker\BusinessModel\Cases();
|
||||
$userAuthorization = $cases->userAuthorization(
|
||||
$user,
|
||||
$aColumns['PRO_UID'],
|
||||
$appUid,
|
||||
array(),
|
||||
array('INPUT_DOCUMENTS' => 'VIEW')
|
||||
);
|
||||
//Has permissions?
|
||||
if (in_array($appDocUid, $userAuthorization['objectPermissions']['INPUT_DOCUMENTS'])) {
|
||||
return true;
|
||||
}
|
||||
//Is supervisor?
|
||||
if ($userAuthorization['supervisor']) {
|
||||
//Review if the supervisor has assigned the object input document
|
||||
$criteria = new Criteria("workflow");
|
||||
$criteria->addSelectColumn(StepSupervisorPeer::STEP_UID);
|
||||
$criteria->add(StepSupervisorPeer::STEP_TYPE_OBJ, "INPUT_DOCUMENT", \Criteria::EQUAL);
|
||||
$criteria->add(StepSupervisorPeer::STEP_UID_OBJ, $row['DOC_UID'], \Criteria::EQUAL);
|
||||
$rsCriteria = StepSupervisorPeer::doSelectRS($criteria);
|
||||
if ($rsCriteria->next()) {
|
||||
return true;
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
return false;
|
||||
|
||||
@@ -383,10 +383,10 @@ class ObjectPermission extends BaseObjectPermission
|
||||
}
|
||||
switch ($obType) {
|
||||
case 'INPUT':
|
||||
$oCriteria->add(
|
||||
$oCriteria->getNewCriterion(AppDocumentPeer::APP_DOC_TYPE, 'INPUT')->
|
||||
addOr($oCriteria->getNewCriterion(AppDocumentPeer::APP_DOC_TYPE, 'ATTACHED'))
|
||||
);
|
||||
$oCriteria->add(AppDocumentPeer::APP_DOC_TYPE, 'INPUT');
|
||||
break;
|
||||
case 'ATTACHED':
|
||||
$oCriteria->add(AppDocumentPeer::APP_DOC_TYPE, 'ATTACHED');
|
||||
break;
|
||||
case 'OUTPUT':
|
||||
$oCriteria->add(AppDocumentPeer::APP_DOC_TYPE, 'OUTPUT');
|
||||
@@ -399,9 +399,6 @@ class ObjectPermission extends BaseObjectPermission
|
||||
$result = array();
|
||||
while ($oDataset->next()) {
|
||||
$aRow = $oDataset->getRow();
|
||||
if ($aRow['APP_DOC_TYPE'] == "ATTACHED") {
|
||||
$aRow['APP_DOC_TYPE'] = "INPUT";
|
||||
}
|
||||
if (!in_array($aRow['APP_DOC_UID'], $result)) {
|
||||
array_push($result, $aRow['APP_DOC_UID']);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user