diff --git a/rbac/engine/classes/model/Roles.php b/rbac/engine/classes/model/Roles.php index 11e7c149f..2561aeff2 100755 --- a/rbac/engine/classes/model/Roles.php +++ b/rbac/engine/classes/model/Roles.php @@ -269,7 +269,11 @@ class Roles extends BaseRoles { $con->commit(); $this->setRolName($rol_name); $status = $fields['ROL_STATUS'] = 1 ? 'ACTIVE' : 'INACTIVE'; - G::auditLog("UpdateRole", "Role Name: ".$rol_name." - Role ID: (".$fields['ROL_UID'].") - Role Code: ".$fields['ROL_CODE']." - Role Status: ".$status); + + $rolCode = (isset($fields["ROL_CODE"]))? "- Role Code: " . $fields["ROL_CODE"] : ""; + + G::auditLog("UpdateRole", "Role Name: " . $rol_name . " - Role ID: (".$fields['ROL_UID'].") " . $rolCode . " - Role Status: ".$status); + return $result; } else { $con->rollback(); diff --git a/workflow/engine/src/ProcessMaker/Services/Api/Department.php b/workflow/engine/src/ProcessMaker/Services/Api/Department.php index f2cc5994a..0ddf30dd3 100644 --- a/workflow/engine/src/ProcessMaker/Services/Api/Department.php +++ b/workflow/engine/src/ProcessMaker/Services/Api/Department.php @@ -16,13 +16,30 @@ use \Luracast\Restler\RestException; class Department extends Api { /** - * @access public - * @author Brayan Pereyra (Cochalo) - * @copyright Colosa - Bolivia + * Constructor of the class + * + * return void + */ + public function __construct() + { + try { + $user = new \ProcessMaker\BusinessModel\User(); + + $usrUid = $this->getUserId(); + + if (!$user->checkPermission($usrUid, "PM_USERS")) { + throw new \Exception(\G::LoadTranslation("ID_USER_NOT_HAVE_PERMISSION", array($usrUid))); + } + } catch (\Exception $e) { + throw new RestException(Api::STAT_APP_EXCEPTION, $e->getMessage()); + } + } + + /** + * @url GET * * @return array * - * @url GET */ public function doGetDepartments() { @@ -36,15 +53,12 @@ class Department extends Api } /** - * @param string $dep_uid {@min 1}{@max 32} + * @url GET /:dep_uid/assigned-user * - * @access public - * @author Brayan Pereyra (Cochalo) - * @copyright Colosa - Bolivia + * @param string $dep_uid {@min 1}{@max 32} * * @return array * - * @url GET /:dep_uid/assigned-user */ public function doGetAssignedUser($dep_uid) { @@ -58,18 +72,15 @@ class Department extends Api } /** - * @param string $dep_uid {@min 1}{@max 32} - * @param string $start {@from path} - * @param string $limit {@from path} - * @param string $search {@from path} + * @url GET /:dep_uid/available-user * - * @access public - * @author Brayan Pereyra (Cochalo) - * @copyright Colosa - Bolivia + * @param string $dep_uid {@min 1}{@max 32} + * @param string $start {@from path} + * @param string $limit {@from path} + * @param string $search {@from path} * * @return array * - * @url GET /:dep_uid/available-user */ public function doGetAvailableUser($dep_uid, $start = 0, $limit = 0, $search = '') { @@ -89,6 +100,7 @@ class Department extends Api * @param array $request_data * * @status 201 + * */ public function doPostAssignUser($dep_uid, array $request_data) { @@ -102,16 +114,13 @@ class Department extends Api } /** + * @url PUT /:dep_uid/unassign-user/:usr_uid + * * @param string $dep_uid {@min 1}{@max 32} * @param string $usr_uid {@min 1}{@max 32} * - * @access public - * @author Brayan Pereyra (Cochalo) - * @copyright Colosa - Bolivia - * * @return array * - * @url PUT /:dep_uid/unassign-user/:usr_uid */ public function doPutUnassignUser($dep_uid, $usr_uid) { @@ -125,16 +134,13 @@ class Department extends Api } /** + * @url PUT /:dep_uid/set-manager/:usr_uid + * * @param string $dep_uid {@min 1}{@max 32} * @param string $usr_uid {@min 1}{@max 32} * - * @access public - * @author Brayan Pereyra (Cochalo) - * @copyright Colosa - Bolivia - * * @return array * - * @url PUT /:dep_uid/set-manager/:usr_uid */ public function doPutSetManager($dep_uid, $usr_uid) { @@ -148,15 +154,12 @@ class Department extends Api } /** - * @param string $dep_uid {@min 1}{@max 32} + * @url GET /:dep_uid * - * @access public - * @author Brayan Pereyra (Cochalo) - * @copyright Colosa - Bolivia + * @param string $dep_uid {@min 1}{@max 32} * * @return array * - * @url GET /:dep_uid */ public function doGetDepartment($dep_uid) { @@ -170,17 +173,15 @@ class Department extends Api } /** + * @url POST + * * @param array $request_data * @param string $dep_title {@from body} {@min 1} * - * @access public - * @author Brayan Pereyra (Cochalo) - * @copyright Colosa - Bolivia - * * @return array * - * @url POST * @status 201 + * */ public function doPost($request_data, $dep_title) { @@ -194,17 +195,11 @@ class Department extends Api } /** - * @param string $dep_uid {@min 1}{@max 32} - * - * @param array $request_data - * - * @access public - * @author Brayan Pereyra (Cochalo) - * @copyright Colosa - Bolivia - * - * @return array - * * @url PUT /:dep_uid + * + * @param string $dep_uid {@min 1}{@max 32} + * @param array $request_data + * */ public function doPut($dep_uid, $request_data) { @@ -212,22 +207,18 @@ class Department extends Api $request_data['dep_uid'] = $dep_uid; $oDepartment = new \ProcessMaker\BusinessModel\Department(); $response = $oDepartment->saveDepartment($request_data, false); - return $response; } catch (\Exception $e) { throw (new RestException(Api::STAT_APP_EXCEPTION, $e->getMessage())); } } /** - * @param string $dep_uid {@min 1}{@max 32} + * @url DELETE /:dep_uid * - * @access public - * @author Brayan Pereyra (Cochalo) - * @copyright Colosa - Bolivia + * @param string $dep_uid {@min 1}{@max 32} * * @return array * - * @url DELETE /:dep_uid */ public function doDelete($dep_uid) { diff --git a/workflow/engine/src/ProcessMaker/Services/Api/Group.php b/workflow/engine/src/ProcessMaker/Services/Api/Group.php index 43b66d0d5..834247609 100644 --- a/workflow/engine/src/ProcessMaker/Services/Api/Group.php +++ b/workflow/engine/src/ProcessMaker/Services/Api/Group.php @@ -11,6 +11,26 @@ use \Luracast\Restler\RestException; */ class Group extends Api { + /** + * Constructor of the class + * + * return void + */ + public function __construct() + { + try { + $user = new \ProcessMaker\BusinessModel\User(); + + $usrUid = $this->getUserId(); + + if (!$user->checkPermission($usrUid, "PM_USERS")) { + throw new \Exception(\G::LoadTranslation("ID_USER_NOT_HAVE_PERMISSION", array($usrUid))); + } + } catch (\Exception $e) { + throw new RestException(Api::STAT_APP_EXCEPTION, $e->getMessage()); + } + } + /** * @url GET */ diff --git a/workflow/engine/src/ProcessMaker/Services/Api/Role.php b/workflow/engine/src/ProcessMaker/Services/Api/Role.php index 8b52abf5c..797c60c33 100644 --- a/workflow/engine/src/ProcessMaker/Services/Api/Role.php +++ b/workflow/engine/src/ProcessMaker/Services/Api/Role.php @@ -21,6 +21,14 @@ class Role extends Api public function __construct() { try { + $user = new \ProcessMaker\BusinessModel\User(); + + $usrUid = $this->getUserId(); + + if (!$user->checkPermission($usrUid, "PM_USERS")) { + throw new \Exception(\G::LoadTranslation("ID_USER_NOT_HAVE_PERMISSION", array($usrUid))); + } + $this->role = new \ProcessMaker\BusinessModel\Role(); $this->role->setFormatFieldNameInUppercase(false); diff --git a/workflow/engine/src/ProcessMaker/Services/Api/User.php b/workflow/engine/src/ProcessMaker/Services/Api/User.php index 6a2fb83c4..d2bf22d01 100644 --- a/workflow/engine/src/ProcessMaker/Services/Api/User.php +++ b/workflow/engine/src/ProcessMaker/Services/Api/User.php @@ -11,6 +11,26 @@ use \Luracast\Restler\RestException; */ class User extends Api { + /** + * Constructor of the class + * + * return void + */ + public function __construct() + { + try { + $user = new \ProcessMaker\BusinessModel\User(); + + $usrUid = $this->getUserId(); + + if (!$user->checkPermission($usrUid, "PM_USERS")) { + throw new \Exception(\G::LoadTranslation("ID_USER_NOT_HAVE_PERMISSION", array($usrUid))); + } + } catch (\Exception $e) { + throw new RestException(Api::STAT_APP_EXCEPTION, $e->getMessage()); + } + } + /** * @url GET * @param string $filter