From 4a98203e3822f09cc3bf7bbceac635f0f43864a7 Mon Sep 17 00:00:00 2001
From: Marco Antonio Nina Mena <marco.antonio.nina@processmaker.com>
Date: Mon, 5 Mar 2018 14:44:50 -0400
Subject: [PATCH] HOR-4397 Cannot get case summary via REST from Unassigned
 folder

- Add validation if case is unassigned or has a permission summary form view

Fix CR
---
 .../src/ProcessMaker/Services/Api/Cases.php   | 31 ++++++++++++++-----
 1 file changed, 23 insertions(+), 8 deletions(-)

diff --git a/workflow/engine/src/ProcessMaker/Services/Api/Cases.php b/workflow/engine/src/ProcessMaker/Services/Api/Cases.php
index 19a26aeda..4845e8847 100644
--- a/workflow/engine/src/ProcessMaker/Services/Api/Cases.php
+++ b/workflow/engine/src/ProcessMaker/Services/Api/Cases.php
@@ -7,6 +7,7 @@ use AppDelegation;
 use AppDelegationPeer;
 use Criteria;
 use Exception;
+use ListUnassigned;
 use Luracast\Restler\RestException;
 use ProcessMaker\BusinessModel\Cases as BmCases;
 use ProcessMaker\BusinessModel\User as BmUser;
@@ -118,15 +119,14 @@ class Cases extends Api
 
                     return $user->userCanReassign($usrUid, $arrayApplicationData['PRO_UID']);
                     break;
-                case "doGetCaseInfo" :
+                case 'doGetCaseInfo':
                     $appUid = $this->parameters[$arrayArgs['app_uid']];
                     $usrUid = $this->getUserId();
-                    //Check if the user is supervisor process
+
                     $case = new BmCases();
-                    $user = new BmUser();
                     $arrayApplicationData = $case->getApplicationRecordByPk($appUid, [], false);
                     if (!empty($arrayApplicationData)) {
-                        $criteria = new Criteria("workflow");
+                        $criteria = new Criteria('workflow');
                         $criteria->addSelectColumn(AppDelegationPeer::APP_UID);
                         $criteria->add(AppDelegationPeer::APP_UID, $appUid);
                         $criteria->add(AppDelegationPeer::USR_UID, $usrUid);
@@ -134,11 +134,26 @@ class Cases extends Api
                         $rsCriteria = AppDelegationPeer::doSelectRS($criteria);
                         if ($rsCriteria->next()) {
                             return true;
-                        } else {
-                            $supervisor = new BmProcessSupervisor();
-                            $flagps = $supervisor->isUserProcessSupervisor($arrayApplicationData['PRO_UID'], $usrUid);
-                            return $flagps;
                         }
+
+                        //verify unassigned
+                        $list = new ListUnassigned();
+                        $data = $list->loadList($usrUid, ['search' => $appUid, 'caseLink' => true, 'limit' => 1]);
+
+                        if ($data) {
+                            return true;
+                        }
+
+                        //Check if the user is a process supervisor or has summary form view permission
+                        $userCanAccess = $case->userAuthorization(
+                            $usrUid,
+                            $arrayApplicationData['PRO_UID'],
+                            $appUid,
+                            [],
+                            ['SUMMARY_FORM' => 'VIEW']
+                        );
+
+                        return $userCanAccess['supervisor'] || $userCanAccess['objectPermissions']['SUMMARY_FORM'];
                     }
                     break;
                 case 'doDownloadInputDocument':