fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/feature/HOR-3559' into bugfix/HOR-2933-B

Browse Source
This commit is contained in:
hjonathan
2017-08-08 17:18:36 -04:00
parent a43e3687cb 4e67bcce37
commit 4ceb59804e
28 changed files with 274 additions and 711 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
gulliver/bin/tasks/templates/pluginClass.tpl
View File

@@ -83,7 +83,6 @@
$_DBArray['users'] = $aUsers; $_DBArray['users'] = $aUsers;
$_SESSION['_DBArray'] = $_DBArray; $_SESSION['_DBArray'] = $_DBArray;
;
$oCriteria = new Criteria('dbarray'); $oCriteria = new Criteria('dbarray');
$oCriteria->setDBArrayTable('users'); $oCriteria->setDBArrayTable('users');
$oCriteria->addDescendingOrderByColumn('USR_USERNAME'); $oCriteria->addDescendingOrderByColumn('USR_USERNAME');

1
gulliver/bin/tasks/templates/pluginMainFile.tpl
View File

@@ -1,5 +1,4 @@
<?php <?php
;
class {className}Plugin extends PMPlugin class {className}Plugin extends PMPlugin
{ {

2
gulliver/bin/tasks/templates/pluginOnTransitList.php.tpl
View File

@@ -8,8 +8,6 @@
//if (($RBAC_Response = $RBAC->userCanAccess("PM_CASES"))!=1) return $RBAC_Response; //if (($RBAC_Response = $RBAC->userCanAccess("PM_CASES"))!=1) return $RBAC_Response;
/* Includes */ /* Includes */
;
;
/* GET , POST & $_SESSION Vars */ /* GET , POST & $_SESSION Vars */
$conf = new Configurations(); $conf = new Configurations();

1
gulliver/bin/tasks/templates/pluginStep.tpl
View File

@@ -1,5 +1,4 @@
<?php <?php
;
print "this is a default step for {className}"; print "this is a default step for {className}";
krumo::session (); krumo::session ();

2
gulliver/bin/tasks/templates/pluginStepApplicationAjax.php.tpl
View File

@@ -1,7 +1,5 @@
<?php <?php
;
try { try {
//SYS_SYS //Workspace name //SYS_SYS //Workspace name
//PROCESS //Process UID //PROCESS //Process UID

1
gulliver/bin/tasks/templates/pluginWelcome.php.tpl
View File

@@ -23,7 +23,6 @@ $_DBArray['user'] = $rows;
$_SESSION['_DBArray'] = $_DBArray; $_SESSION['_DBArray'] = $_DBArray;
//krumo ( $_DBArray ); //krumo ( $_DBArray );
;
$c = new Criteria ('dbarray'); $c = new Criteria ('dbarray');
$c->setDBArrayTable('user'); $c->setDBArrayTable('user');
//$c->add ( 'user.age', 122 , Criteria::GREATER_EQUAL ); //$c->add ( 'user.age', 122 , Criteria::GREATER_EQUAL );

2
gulliver/bin/tasks/templates/skinPluginMainClass.tpl
View File

@@ -4,8 +4,6 @@
* *
*/ */
;
class {className}Plugin extends PMPlugin { class {className}Plugin extends PMPlugin {
function {className}Plugin($sNamespace, $sFilename = null) { function {className}Plugin($sNamespace, $sFilename = null) {

2
gulliver/bin/tasks/templates/sysGeneric.php.tpl
View File

@@ -198,7 +198,7 @@ $docuroot = explode ( PATH_SEP , $_SERVER['DOCUMENT_ROOT'] );
//***************** Plugins ************************** //***************** Plugins **************************
;
// //here we are loading all plugins registered // //here we are loading all plugins registered
// //the singleton has a list of enabled plugins // //the singleton has a list of enabled plugins

2
gulliver/bin/tasks/templates/usersList.php.tpl
View File

@@ -21,7 +21,7 @@ $G_ID_SUB_MENU_SELECTED = 'USERS';
$_DBArray['user'] = $rows; $_DBArray['user'] = $rows;
$_SESSION['_DBArray'] = $_DBArray; $_SESSION['_DBArray'] = $_DBArray;
;
$c = new Criteria ('dbarray'); $c = new Criteria ('dbarray');
$c->setDBArrayTable('user'); $c->setDBArrayTable('user');

1
gulliver/bin/tasks/templates/welcome.php.tpl
View File

@@ -23,7 +23,6 @@ $_DBArray['user'] = $rows;
$_SESSION['_DBArray'] = $_DBArray; $_SESSION['_DBArray'] = $_DBArray;
//krumo ( $_DBArray ); //krumo ( $_DBArray );
;
$c = new Criteria ('dbarray'); $c = new Criteria ('dbarray');
$c->setDBArrayTable('user'); $c->setDBArrayTable('user');
//$c->add ( 'user.age', 122 , Criteria::GREATER_EQUAL ); //$c->add ( 'user.age', 122 , Criteria::GREATER_EQUAL );

1
gulliver/js/grid/core/grid.js
View File

@@ -563,6 +563,7 @@ var G_Grid = function(oForm, sGridName){
case 'textarea': //TEXTAREA case 'textarea': //TEXTAREA
aObjects = oNewRow.getElementsByTagName('td')[i].getElementsByTagName('textarea'); aObjects = oNewRow.getElementsByTagName('td')[i].getElementsByTagName('textarea');
if (aObjects){ if (aObjects){
aObjects[0].value = '';
aObjects[0].className = "module_app_input___gray"; aObjects[0].className = "module_app_input___gray";
newID = aObjects[0].id.replace(/\[1\]/g, '\[' + currentRow + '\]'); newID = aObjects[0].id.replace(/\[1\]/g, '\[' + currentRow + '\]');

2
gulliver/methods/errors/block.php
View File

@@ -3,7 +3,7 @@ if (function_exists("http_response_code")) {
http_response_code(200); http_response_code(200);
} }
$http = (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on") ? "https" : "http"; $http = G::is_https() ? "https" : "http";
$host = $_SERVER["SERVER_NAME"] . (($_SERVER["SERVER_PORT"] != "80") ? ":" . $_SERVER["SERVER_PORT"] : ""); $host = $_SERVER["SERVER_NAME"] . (($_SERVER["SERVER_PORT"] != "80") ? ":" . $_SERVER["SERVER_PORT"] : "");
$urlLogin = $http . "://" . $host . "/sys/en/neoclassic/login/login"; $urlLogin = $http . "://" . $host . "/sys/en/neoclassic/login/login";

2
gulliver/methods/errors/error403.php
View File

@@ -1,6 +1,6 @@
<?php <?php
$http = (isset($_SERVER["HTTPS"]) && $_SERVER["HTTPS"] == "on")? "https" : "http"; $http = G::is_https() ? "https" : "http";
$host = $_SERVER["SERVER_NAME"] . (($_SERVER["SERVER_PORT"] != "80")? ":" . $_SERVER["SERVER_PORT"] : ""); $host = $_SERVER["SERVER_NAME"] . (($_SERVER["SERVER_PORT"] != "80")? ":" . $_SERVER["SERVER_PORT"] : "");
$urlLogin = $http . "://" . $host . "/sys/en/neoclassic/login/login"; $urlLogin = $http . "://" . $host . "/sys/en/neoclassic/login/login";

14
gulliver/system/class.database_mysql.php
View File

@@ -207,12 +207,16 @@ class database extends database_base
} }
} }
if (isset( $aParameters['AutoIncrement'] ) && $aParameters['AutoIncrement']) { if (isset( $aParameters['AutoIncrement'] ) && $aParameters['AutoIncrement']) {
$sSQL .= ' AUTO_INCREMENT PRIMARY KEY'; $sSQL .= ' AUTO_INCREMENT';
} }
/*if ($aParameters['Key'] == 'PRI') { if (isset( $aParameters['PrimaryKey'] ) && $aParameters['PrimaryKey']) {
$sKeys .= 'ALTER TABLE ' . $this->sQuoteCharacter . $sTable . $this->sQuoteCharacter . $sSQL .= ' PRIMARY KEY';
' ADD PRIMARY KEY (' . $this->sQuoteCharacter . $sColumn . $this->sQuoteCharacter . ')' . $this->sEndLine; }
}*/ if (isset( $aParameters['Unique'] ) && $aParameters['Unique']) {
$sSQL .= ' UNIQUE';
}
//we need to check the property AI
if (isset( $aParameters['AI'] )) { if (isset( $aParameters['AI'] )) {
if ($aParameters['AI'] == 1) { if ($aParameters['AI'] == 1) {
$sSQL .= ' AUTO_INCREMENT'; $sSQL .= ' AUTO_INCREMENT';

63
gulliver/system/class.dbMaintenance.php
View File

@@ -49,6 +49,7 @@ class DataBaseMaintenance
protected $tmpDir; protected $tmpDir;
protected $outfile; protected $outfile;
protected $infile; protected $infile;
protected $isWindows;
/** /**
* __construct * __construct
@@ -64,7 +65,7 @@ class DataBaseMaintenance
$this->tmpDir = './'; $this->tmpDir = './';
$this->link = null; $this->link = null;
$this->dbName = null; $this->dbName = null;
$this->isWindows = strtoupper(substr(PHP_OS, 0, 3)) === 'WIN';
if (isset( $host ) && isset( $user ) && isset( $passwd )) { if (isset( $host ) && isset( $user ) && isset( $passwd )) {
$this->host = $host; $this->host = $host;
$this->user = $user; $this->user = $user;
@@ -399,13 +400,22 @@ class DataBaseMaintenance
*/ */
function backupDataBase ($outfile) function backupDataBase ($outfile)
{ {
$password = escapeshellarg($this->passwd);
//On Windows, escapeshellarg() instead replaces percent signs, exclamation
//marks (delayed variable substitution) and double quotes with spaces and
//adds double quotes around the string.
//See: http://php.net/manual/en/function.escapeshellarg.php
if ($this->isWindows) {
$password = $this->escapeshellargCustom($this->passwd);
}
$aHost = explode(':', $this->host); $aHost = explode(':', $this->host);
$dbHost = $aHost[0]; $dbHost = $aHost[0];
if (isset($aHost[1])) { if (isset($aHost[1])) {
$dbPort = $aHost[1]; $dbPort = $aHost[1];
$command = 'mysqldump' $command = 'mysqldump'
. ' --user=' . $this->user . ' --user=' . $this->user
. ' --password=' . escapeshellarg($this->passwd) . ' --password=' . $password
. ' --host=' . $dbHost . ' --host=' . $dbHost
. ' --port=' . $dbPort . ' --port=' . $dbPort
. ' --opt' . ' --opt'
@@ -418,13 +428,60 @@ class DataBaseMaintenance
. ' --user=' . $this->user . ' --user=' . $this->user
. ' --opt' . ' --opt'
. ' --skip-comments' . ' --skip-comments'
. ' --password=' . escapeshellarg($this->passwd) . ' --password=' . $password
. ' ' . $this->dbName . ' ' . $this->dbName
. ' > ' . $outfile; . ' > ' . $outfile;
} }
shell_exec($command); shell_exec($command);
} }
/**
* string escapeshellargCustom ( string $arg , character $quotes)
*
* escapeshellarg() adds single quotes around a string and quotes/escapes any
* existing single quotes allowing you to pass a string directly to a shell
* function and having it be treated as a single safe argument. This function
* should be used to escape individual arguments to shell functions coming
* from user input. The shell functions include exec(), system() and the
* backtick operator.
*
* On Windows, escapeshellarg() instead replaces percent signs, exclamation
* marks (delayed variable substitution) and double quotes with spaces and
* adds double quotes around the string.
*/
private function escapeshellargCustom($string, $quotes = "")
{
if ($quotes === "") {
$quotes = $this->isWindows ? "\"" : "'";
}
$n = strlen($string);
$special = ["!", "%", "\""];
$substring = "";
$result1 = [];
$result2 = [];
for ($i = 0; $i < $n; $i++) {
if (in_array($string[$i], $special, true)) {
$result2[] = $string[$i];
$result1[] = $substring;
$substring = "";
} else {
$substring = $substring . $string[$i];
}
}
$result1[] = $substring;
//Rebuild the password string
$n = count($result1);
for ($i = 0; $i < $n; $i++) {
$result1[$i] = trim(escapeshellarg($result1[$i]), $quotes);
if (isset($result2[$i])) {
$result1[$i] = $result1[$i] . $result2[$i];
}
}
//add simple quotes, see escapeshellarg function
$newString = $quotes . implode("", $result1) . $quotes;
return $newString;
}
/** /**
* restoreFromSql * restoreFromSql
* *

51
gulliver/system/class.g.php
View File

@@ -187,7 +187,7 @@ class G
* @param string $symbol * @param string $symbol
* @return string * @return string
*/ */
public function generate_password($length = 15, $availableSets = "luns", $symbol = "_-+=!@#$%*&,.") public function generate_password($length = 15, $availableSets = "luns", $symbol = "_-$!")
{ {
$chars = ""; $chars = "";
if (strpos($availableSets, "l") !== false) { if (strpos($availableSets, "l") !== false) {
@@ -1825,6 +1825,14 @@ class G
$arrayGrid = array_unique($arrayGrid); $arrayGrid = array_unique($arrayGrid);
//Given the set: 'valueOne', 'valueOneTwo', where the second string
//contains the first string, this causes the larger string to take
//the second, resulting in a delimitation error, to avoid this problem
//we first search the string larger size.
usort($arrayGrid, function($a, $b) {
return strlen($b) - strlen($a);
});
foreach ($arrayGrid as $index => $value) { foreach ($arrayGrid as $index => $value) {
if($value !== "") { if($value !== "") {
$grdName = $value; $grdName = $value;
@@ -2912,6 +2920,16 @@ class G
return (bool) preg_match( '/^[0-9A-Za-z]{14,}/', $uid ); return (bool) preg_match( '/^[0-9A-Za-z]{14,}/', $uid );
} }
/**
* Verify if the input string is a valid UID of size 32
* @param string $uid
* @return boolean
*/
public static function verifyUniqueID32($uid)
{
return (bool) preg_match('/^[0-9A-Za-z]{32,32}$/', $uid);
}
/** /**
* is_utf8 * is_utf8
* *
@@ -2921,11 +2939,10 @@ class G
*/ */
public function is_utf8 ($string) public function is_utf8 ($string)
{ {
if (is_array( $string )) { if (preg_match('//u', $string)) {
$enc = implode( '', $string ); return true;
return @! ((ord( $enc[0] ) != 239) && (ord( $enc[1] ) != 187) && (ord( $enc[2] ) != 191));
} else { } else {
return (utf8_encode( utf8_decode( $string ) ) == $string); return false;
} }
} }
@@ -5422,6 +5439,12 @@ class G
} }
/** /**
* This function save history about some actions in the file audit.log
* The data is used in the Audit Log functionality
*
* @param string $actionToLog
* @param string $valueToLog
* @return void
*/ */
public static function auditLog($actionToLog, $valueToLog = "") public static function auditLog($actionToLog, $valueToLog = "")
{ {
@@ -5430,13 +5453,25 @@ class G
$sflag = $conf->getConfiguration('AUDIT_LOG', 'log'); $sflag = $conf->getConfiguration('AUDIT_LOG', 'log');
$sflagAudit = $sflag == 'true' ? true : false; $sflagAudit = $sflag == 'true' ? true : false;
$ipClient = G::getIpAddress(); $ipClient = G::getIpAddress();
$userUid = 'Unknow User';
$fullName = '-';
/*----------------------------------********---------------------------------*/ /*----------------------------------********---------------------------------*/
$licensedFeatures = PMLicensedFeatures::getSingleton(); $licensedFeatures = PMLicensedFeatures::getSingleton();
if ($sflagAudit && $licensedFeatures->verifyfeature('vtSeHNhT0JnSmo1bTluUVlTYUxUbUFSVStEeXVqc1pEUG5EeXc0MGd2Q3ErYz0=')) { if ($sflagAudit && $licensedFeatures->verifyfeature('vtSeHNhT0JnSmo1bTluUVlTYUxUbUFSVStEeXVqc1pEUG5EeXc0MGd2Q3ErYz0=')) {
$username = isset($_SESSION['USER_LOGGED']) && $_SESSION['USER_LOGGED'] != '' ? $_SESSION['USER_LOGGED'] : 'Unknow User'; if (isset($_SESSION['USER_LOGGED']) && $_SESSION['USER_LOGGED'] != '') {
$fullname = isset($_SESSION['USR_FULLNAME']) && $_SESSION['USR_FULLNAME'] != '' ? $_SESSION['USR_FULLNAME'] : '-'; $userUid = $_SESSION['USER_LOGGED'];
G::log("|". $workspace ."|". $ipClient ."|". $username . "|" . $fullname ."|" . $actionToLog . "|" . $valueToLog, PATH_DATA, "audit.log"); } else {
//Get the usrUid related to the accessToken
$userUid = \ProcessMaker\Services\OAuth2\Server::getUserId();
if (!empty($userUid)) {
$oUserLogged = new \Users();
$user = $oUserLogged->loadDetails($userUid);
$fullName = $user['USR_FULLNAME'];
}
}
$fullName = isset($_SESSION['USR_FULLNAME']) && $_SESSION['USR_FULLNAME'] != '' ? $_SESSION['USR_FULLNAME'] : $fullName;
G::log("|". $workspace ."|". $ipClient ."|". $userUid . "|" . $fullName ."|" . $actionToLog . "|" . $valueToLog, PATH_DATA, "audit.log");
} }
/*----------------------------------********---------------------------------*/ /*----------------------------------********---------------------------------*/
} }

2
gulliver/system/class.menu.php
View File

@@ -283,7 +283,7 @@ class Menu
*/ */
public function DisableOptionId($id) public function DisableOptionId($id)
{ {
if (array_search($id, $this->Id)) { if (array_search($id, $this->Id) !== FALSE) {
$this->Enabled[array_search($id, $this->Id)] = 0; $this->Enabled[array_search($id, $this->Id)] = 0;
} }
} }

2
gulliver/system/class.monologProvider.php
View File

@@ -106,11 +106,13 @@ class MonologProvider
break; break;
case 400://ERROR case 400://ERROR
$this->registerLogger->addError($message, $context); $this->registerLogger->addError($message, $context);
break;
case 500://CRITICAL case 500://CRITICAL
$this->registerLogger->addCritical($message, $context); $this->registerLogger->addCritical($message, $context);
break; break;
case 550://ALERT case 550://ALERT
$this->registerLogger->addAlert($message, $context); $this->registerLogger->addAlert($message, $context);
break;
case 600://EMERGENCY case 600://EMERGENCY
$this->registerLogger->addEmergency($message, $context); $this->registerLogger->addEmergency($message, $context);
break; break;

1
gulliver/system/class.rbac.php
View File

@@ -70,6 +70,7 @@ class RBAC
public $singleSignOn = false; public $singleSignOn = false;
private static $instance = null; private static $instance = null;
public $authorizedActions = array();
public function __construct () public function __construct ()
{ {

2
workflow/engine/classes/Calendar.php
View File

@@ -828,7 +828,7 @@ class Calendar extends CalendarDefinition
$newDate = $onlyDate; $newDate = $onlyDate;
$hoursDuration -= (float)($secondRes/3600); $hoursDuration -= (float)($secondRes/3600);
} else { } else {
$newDate = date('Y-m-d H:i:s', strtotime('+' . (((float)$hoursDuration)*3600) . ' seconds', strtotime($newDate))); $newDate = date('Y-m-d H:i:s', strtotime('+' . round((((float)$hoursDuration)*3600), 5) . ' seconds', strtotime($newDate)));
$hoursDuration = 0; $hoursDuration = 0;
} }
} }

32
workflow/engine/controllers/pmTables.php
View File

@@ -152,6 +152,11 @@ class pmTables extends Controller
$sFileName = $httpData->f; $sFileName = $httpData->f;
$realPath = $PUBLIC_ROOT_PATH . $sFileName; $realPath = $PUBLIC_ROOT_PATH . $sFileName;
if ($this->isValidFileToBeStreamed($sFileName) === false) {
throw new Exception("You are trying to access an unauthorized resource.");
}
G::streamFile( $realPath, true ); G::streamFile( $realPath, true );
unlink( $realPath ); unlink( $realPath );
} }
@@ -206,5 +211,32 @@ class pmTables extends Controller
$tableSize = $tableSize - 8; // Prefix PMT_ $tableSize = $tableSize - 8; // Prefix PMT_
return $tableSize; return $tableSize;
} }
/**
* Validates if the file with the $fileName is a valid one,
* that is, it must be a file without relative references that
* can open a door to get some unauthorized system file and
* must have one of the valid file extensions.
*
* @param $fileName, emporal file name that will be streamed
* @return bool
*/
private function isValidFileToBeStreamed($fileName)
{
$result = true;
$validExtensionsForExporting = ['csv', 'pmt'];
$pathInfo = pathinfo($fileName);
if ($pathInfo['dirname'] !== '.') {
$result = false;
}
if (!in_array($pathInfo['extension'], $validExtensionsForExporting)) {
$result = false;
}
return $result;
}
} }

413
workflow/engine/methods/services/soap.php
View File

@@ -1,413 +0,0 @@
<?php
ini_set( "soap.wsdl_cache_enabled", "0" ); // disabling WSDL cache
$wsdl = PATH_METHODS . "services" . PATH_SEP . "pmos.wsdl";
function login ($params)
{
$ws = new wsBase();
$res = $ws->login( $params->userid, $params->password );
return $res->getPayloadArray();
}
function ProcessList ($params)
{
$x = ifPermission( $params->sessionId, 'PM_FACTORY' );
//if you are not an admin user, then this function will return only
//your valid process
if ($x == 0) {
$oSessions = new Sessions();
$session = $oSessions->getSessionUser( $params->sessionId );
$userId = $session['USR_UID'];
$ws = new wsBase();
$res = $ws->processListVerified( $userId );
return $res;
}
$ws = new wsBase();
$res = $ws->processList();
return array ("processes" => $res
);
}
function RoleList ($params)
{
$x = ifPermission( $params->sessionId, 'PM_USERS' );
if ($x == 0) {
$result[] = array ('guid' => 24,'name' => G::LoadTranslation('ID_NOT_PRIVILEGES'));
return $result;
}
$ws = new wsBase();
$res = $ws->roleList();
return array ("roles" => $res
);
}
function GroupList ($params)
{
$x = ifPermission( $params->sessionId, 'PM_USERS' );
if ($x == 0) {
$result[] = array ('guid' => 24,'name' => G::LoadTranslation('ID_NOT_PRIVILEGES'));
return $result;
}
$ws = new wsBase();
$res = $ws->groupList();
return array ("groups" => $res
);
}
function CaseList ($params)
{
ifSessionExpiredBreakThis( $params->sessionId );
$x = ifPermission( $params->sessionId, 'PM_CASES' );
if ($x == 0) {
return new wsResponse( 9, G::LoadTranslation('ID_SESSION_EXPIRED') );
}
$oSessions = new Sessions();
$session = $oSessions->getSessionUser( $params->sessionId );
$userId = $session['USR_UID'];
$ws = new wsBase();
$res = $ws->caseList( $userId );
return array ("cases" => $res
);
}
function UserList ($params)
{
$x = ifPermission( $params->sessionId, 'PM_USERS' );
if ($x == 0) {
$result[] = array ('guid' => 24,'name' => G::LoadTranslation('ID_NOT_PRIVILEGES') );
return $result;
}
$ws = new wsBase();
$res = $ws->userList();
return array ("users" => $res
);
}
function SendMessage ($params)
{
ifSessionExpiredBreakThis( $params->sessionId );
$x = ifPermission( $params->sessionId, 'PM_CASES' );
if ($x == 0) {
$result = new wsResponse( 24, G::LoadTranslation('ID_NOT_PRIVILEGES') );
return $result;
}
$ws = new wsBase();
$res = $ws->sendMessage( $params->caseId, $params->from, $params->to, $params->cc, $params->bcc, $params->subject, $params->template );
return $res->getPayloadArray();
}
function getCaseInfo ($params)
{
ifSessionExpiredBreakThis( $params->sessionId );
$x = ifPermission( $params->sessionId, 'PM_CASES' );
if ($x == 0) {
$result = new wsResponse( 24, "You do not have privileges" );
return $result;
}
$ws = new wsBase();
$res = $ws->getCaseInfo( $params->caseId, $params->delIndex );
return $res;
}
function SendVariables ($params)
{
$filter = new InputFilter();
ifSessionExpiredBreakThis( $params->sessionId );
$x = ifPermission( $params->sessionId, 'PM_CASES' );
if ($x == 0) {
$result = new wsResponse( 24, G::LoadTranslation('ID_NOT_PRIVILEGES') );
return $result;
}
$ws = new wsBase();
$variables = $params->variables;
if (is_object( $variables )) {
$Fields[$variables->name] = $variables->value;
}
if (is_array( $variables )) {
foreach ($variables as $key => $val) {
$name = $val->name;
$value = $val->value;
$val->name = $filter->validateInput($val->name);
$val->value = $filter->validateInput($val->value);
eval( '$Fields[ ' . $val->name . ' ]= $val->value ;' );
}
}
$params->variables = $Fields;
$res = $ws->sendVariables( $params->caseId, $params->variables );
return $res->getPayloadArray();
}
function GetVariables ($params)
{
ifSessionExpiredBreakThis( $params->sessionId );
$x = ifPermission( $params->sessionId, 'PM_CASES' );
if ($x == 0) {
$result = new wsResponse( 24, G::LoadTranslation('ID_NOT_PRIVILEGES') );
return $result;
}
$ws = new wsBase();
$res = $ws->getVariables( $params->caseId, $params->variables );
return array ("variables" => $res
);
}
function DerivateCase ($params)
{
ifSessionExpiredBreakThis( $params->sessionId );
$x = ifPermission( $params->sessionId, 'PM_CASES' );
if ($x == 0) {
$result = new wsResponse( 24, G::LoadTranslation('ID_NOT_PRIVILEGES') );
return $result;
}
$oSession = new Sessions();
$user = $oSession->getSessionUser( $params->sessionId );
$ws = new wsBase();
$res = $ws->derivateCase( $user['USR_UID'], $params->caseId, $params->delIndex );
return $res;
//return $res->getPayloadArray ( );
}
function executeTrigger ($params)
{
ifSessionExpiredBreakThis( $params->sessionId );
$x = ifPermission( $params->sessionId, 'PM_CASES' );
if ($x == 0) {
$result = new wsResponse( 24, G::LoadTranslation('ID_NOT_PRIVILEGES') );
return $result;
}
$oSession = new Sessions();
$user = $oSession->getSessionUser( $params->sessionId );
$ws = new wsBase();
$delIndex = (isset( $params->delIndex )) ? $params->delIndex : 1;
$res = $ws->executeTrigger( $user['USR_UID'], $params->caseId, $params->triggerIndex, $delIndex );
return $res->getPayloadArray();
}
function NewCaseImpersonate ($params)
{
$filter = new InputFilter();
ifSessionExpiredBreakThis( $params->sessionId );
$x = ifPermission( $params->sessionId, 'PM_CASES' );
if ($x == 0) {
$result = new wsResponse( 24, G::LoadTranslation('ID_NOT_PRIVILEGES') );
return $result;
}
$ws = new wsBase();
$variables = $params->variables;
foreach ($variables as $key => $val) {
$name = $val->name;
$value = $val->value;
$val->name = $filter->validateInput($val->name);
$val->value = $filter->validateInput($val->value);
eval( '$Fields[ ' . $val->name . ' ]= $val->value ;' );
}
$params->variables = $Fields;
$res = $ws->newCaseImpersonate( $params->processId, $params->userId, $params->variables );
return $res->getPayloadArray();
}
function NewCase ($params)
{
$filter = new InputFilter();
ifSessionExpiredBreakThis( $params->sessionId );
$x = ifPermission( $params->sessionId, 'PM_CASES' );
if ($x == 0) {
$result = new wsResponse( 24, G::LoadTranslation('ID_NOT_PRIVILEGES') );
return $result;
}
$oSessions = new Sessions();
$session = $oSessions->getSessionUser( $params->sessionId );
$userId = $session['USR_UID'];
$variables = $params->variables;
if (! isset( $params->variables )) {
$variables = array ();
$Fields = array ();
} else {
if (is_object( $variables )) {
/*foreach ( $variables as $key=>$val ) {
$name = $val->name;
$value = $val->value;
$Fields[ $val->name ]= $val->value ;
}*/
$Fields[$variables->name] = $variables->value;
}
if (is_array( $variables )) {
foreach ($variables as $key => $val) {
$name = $val->name;
$value = $val->value;
if (! is_object( $val->value )) {
$val->name = $filter->validateInput($val->name);
$val->value = $filter->validateInput($val->value);
eval( '$Fields[ ' . $val->name . ' ]= $val->value ;' );
} else {
if (is_array( $val->value->item )) {
$i = 1;
foreach ($val->value->item as $key1 => $val1) {
if (isset( $val1->value )) {
if (is_array( $val1->value->item )) {
foreach ($val1->value->item as $key2 => $val2) {
$Fields[$val->name][$i][$val2->key] = $val2->value;
}
}
}
$i ++;
}
}
}
}
}
}
$params->variables = $Fields;
//$result = new wsResponse (900, print_r($params->variables,1));
//return $result;
$ws = new wsBase();
$res = $ws->newCase( $params->processId, $userId, $params->taskId, $params->variables );
return $res;
}
function AssignUserToGroup ($params)
{
ifSessionExpiredBreakThis( $params->sessionId );
$x = ifPermission( $params->sessionId, 'PM_USERS' );
if ($x == 0) {
$result = new wsResponse( 24, G::LoadTranslation('ID_NOT_PRIVILEGES') );
return $result;
}
$sessions = new Sessions();
$user = $sessions->getSessionUser( $params->sessionId );
if (! is_array( $user )) {
return new wsResponse( 3, G::LoadTranslation('ID_USER_NOT_REGISTERED_SYSTEM') );
}
$ws = new wsBase();
$res = $ws->assignUserToGroup( $params->userId, $params->groupId );
return $res->getPayloadArray();
}
function CreateUser ($params)
{
ifSessionExpiredBreakThis( $params->sessionId );
$x = ifPermission( $params->sessionId, 'PM_USERS' );
if ($x == 0) {
$result = new wsResponse( 24, G::LoadTranslation('ID_NOT_PRIVILEGES') );
return $result;
}
$ws = new wsBase();
$res = $ws->createUser( $params->userId, $params->firstname, $params->lastname, $params->email, $params->role, $params->password );
return $res->getPayloadArray();
}
function TaskList ($params)
{
$x = ifPermission( $params->sessionId, 'PM_CASES' );
if ($x == 0) {
$result[] = array ('guid' => 24,'name' => G::LoadTranslation('ID_NOT_PRIVILEGES') );
return $result;
}
$ws = new wsBase();
$oSessions = new Sessions();
$session = $oSessions->getSessionUser( $params->sessionId );
$userId = $session['USR_UID'];
$res = $ws->taskList( $userId );
return array ("tasks" => $res
);
}
function TaskCase ($params)
{
ifSessionExpiredBreakThis( $params->sessionId );
$x = ifPermission( $params->sessionId, 'PM_CASES' );
if ($x == 0) {
$result[] = array ('guid' => 24,'name' => G::LoadTranslation('ID_NOT_PRIVILEGES') );
return $result;
}
$ws = new wsBase();
$res = $ws->taskCase( $params->caseId );
return array ("taskCases" => $res
);
}
function ReassignCase ($params)
{
ifSessionExpiredBreakThis( $params->sessionId );
$ws = new wsBase();
$res = $ws->reassignCase( $params->sessionId, $params->caseId, $params->delIndex, $params->userIdSource, $params->userIdTarget );
return $res;
}
function ifSessionExpiredBreakThis ($sessionId)
{ #added By Erik AO <erik@colosa.com> in datetime 26.06.2008 10:00:00
$oSessions = new Sessions();
$session = $oSessions->verifySession( $sessionId );
if ($session == '') {
return new wsResponse( 9, G::LoadTranslation('ID_SESSION_EXPIRED') );
}
}
function ifPermission ($sessionId, $permission)
{
global $RBAC;
$RBAC->initRBAC();
$oSession = new Sessions();
$user = $oSession->getSessionUser( $sessionId );
$oRBAC = RBAC::getSingleton();
$oRBAC->loadUserRolePermission( $oRBAC->sSystem, $user['USR_UID'] );
$aPermissions = $oRBAC->aUserInfo[$oRBAC->sSystem]['PERMISSIONS'];
$sw = 0;
foreach ($aPermissions as $aPermission) {
if ($aPermission['PER_CODE'] == $permission) {
$sw = 1;
}
}
return $sw;
}
$server = new SoapServer( $wsdl );
$server->addFunction( "Login" );
$server->addFunction( "ProcessList" );
$server->addFunction( "CaseList" );
$server->addFunction( "RoleList" );
$server->addFunction( "GroupList" );
$server->addFunction( "UserList" );
$server->addFunction( "SendMessage" );
$server->addFunction( "SendVariables" );
$server->addFunction( "GetVariables" );
$server->addFunction( "DerivateCase" );
$server->addFunction( "executeTrigger" );
$server->addFunction( "NewCaseImpersonate" );
$server->addFunction( "NewCase" );
$server->addFunction( "AssignUserToGroup" );
$server->addFunction( "CreateUser" );
$server->addFunction( "getCaseInfo" );
$server->addFunction( "TaskList" );
$server->addFunction( "TaskCase" );
$server->addFunction( "ReassignCase" );
$server->handle();

88
workflow/engine/methods/services/soap2.php
View File

@@ -654,83 +654,57 @@ function NewCaseImpersonate ($params)
return $res; return $res;
} }
function NewCase ($params) /**
* Begins a new case under the name of the logged-in user.
* Where the parameter value is:
* - string sessionId: The ID of the session, which is obtained during login.
* - string processId: The ID of the process where the case should start, which
* can be obtained with processList().
* - string taskId: The ID of the task where the case should start. This will
* generally be the first task in a process, which can be obtained with taskList().
* - array variables: An array of variableStruct objects which contain information
* to start the case. This array has the following format.
*
* @param object $params
*
* @return object
*/
function NewCase($params)
{ {
$filter = new InputFilter(); $parseSoapVariableVame = new ParseSoapVariableName();
$vsResult = isValidSession( $params->sessionId ); $vsResult = isValidSession($params->sessionId);
if ($vsResult->status_code !== 0) { if ($vsResult->status_code !== 0) {
return $vsResult; return $vsResult;
} }
if (ifPermission( $params->sessionId, "PM_CASES" ) == 0) { if (ifPermission($params->sessionId, 'PM_CASES') == 0) {
$result = new wsResponse( 2, G::LoadTranslation('ID_NOT_PRIVILEGES') ); $result = new wsResponse(2, G::LoadTranslation('ID_NOT_PRIVILEGES'));
return $result; return $result;
} }
$oSession = new Sessions(); $oSession = new Sessions();
$session = $oSession->getSessionUser( $params->sessionId ); $session = $oSession->getSessionUser($params->sessionId);
$userId = $session["USR_UID"]; $userId = $session['USR_UID'];
$variables = $params->variables; $variables = $params->variables;
/* this code is for previous version of ws, and apparently this will work for grids inside the variables.. $field = array();
if (!isset($params->variables) ) {
$variables = array();
$field = array();
}
else {
if ( is_object ($variables) ) {
$field[ $variables->name ]= $variables->value ;
}
if ( is_array ( $variables) ) { if (is_object($variables) && $variables->name === '__POST_VARIABLES__') {
foreach ( $variables as $key=>$val ) {
$name = $val->name;
$value = $val->value;
if (!is_object($val->value))
{
eval('$field[ ' . $val->name . ' ]= $val->value ;');
}
else
{
if (is_array($val->value->item)) {
$i = 1;
foreach ($val->value->item as $key1 => $val1) {
if (isset($val1->value)) {
if (is_array($val1->value->item)) {
foreach ($val1->value->item as $key2 => $val2) {
$field[$val->name][$i][$val2->key] = $val2->value;
}
}
}
$i++;
}
}
}
}
}
}
*/
$variables = $params->variables;
$field = array ();
if ($variables->name === "__POST_VARIABLES__") {
$field = G::json_decode($variables->value, true); $field = G::json_decode($variables->value, true);
$variables = null; $variables = null;
} }
if (is_object( $variables )) { if (is_object($variables)) {
$field[$variables->name] = $variables->value; $field[$variables->name] = $variables->value;
} }
if (is_array( $variables )) { if (is_array($variables)) {
foreach ($variables as $key => $val) { foreach ($variables as $val) {
if (! is_object( $val->value )) { if (!is_object($val->value)) {
@eval( "\$field[" . $val->name . "]= \$val->value;" ); $parseSoapVariableVame->buildVariableName($field, $val->name, $val->value);
} }
} }
} }
@@ -739,10 +713,10 @@ function NewCase ($params)
$ws = new wsBase(); $ws = new wsBase();
$res = $ws->newCase($params->processId, $userId, $params->taskId, $params->variables, (isset($params->executeTriggers))? (int)($params->executeTriggers) : 0); $res = $ws->newCase($params->processId, $userId, $params->taskId, $params->variables, (isset($params->executeTriggers)) ? (int) ($params->executeTriggers) : 0);
// we need to register the case id for a stored session variable. like a normal Session. // we need to register the case id for a stored session variable. like a normal Session.
$oSession->registerGlobal( "APPLICATION", $res->caseId ); $oSession->registerGlobal('APPLICATION', $res->caseId);
return $res; return $res;
} }

13
workflow/engine/methods/services/wsdl.php
View File

@@ -1,13 +0,0 @@
<?php
$filewsdl = PATH_METHODS . 'services' . PATH_SEP . 'pmos.wsdl';
$content = file_get_contents( $filewsdl );
$lang = defined( 'SYS_LANG' ) ? SYS_LANG : 'en';
$endpoint = 'http://' . $_SERVER['SERVER_NAME'] . ':' . $_SERVER['SERVER_PORT'] . '/sys' . SYS_SYS . '/' . $lang . '/classic/services/soap';
//print $endpoint; die;
$content = str_replace( "___SOAP_ADDRESS___", $endpoint, $content );
header( "Content-Type: application/xml;" );
print $content;

158
workflow/engine/methods/setup/webServices.php
View File

@@ -1,158 +0,0 @@
<?php
/**
* control.php
*
* ProcessMaker Open Source Edition
* Copyright (C) 2004 - 2008 Colosa Inc.23
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* For more information, contact Colosa Inc, 2566 Le Jeune Rd.,
* Coral Gables, FL, 33134, USA, or email info@colosa.com.
*/
if ($RBAC->userCanAccess( 'PM_SETUP' ) != 1 && $RBAC->userCanAccess( 'PM_FACTORY' ) != 1) {
G::SendTemporalMessage( 'ID_USER_HAVENT_RIGHTS_PAGE', 'error', 'labels' );
//G::header('location: ../login/login');
die();
}
$G_MAIN_MENU = 'processmaker';
//$G_SUB_MENU = 'setup';
$G_ID_MENU_SELECTED = 'SETUP';
//$G_ID_SUB_MENU_SELECTED = 'WEBSERVICES';
if (! extension_loaded( 'soap' )) {
$G_PUBLISH = new Publisher();
$G_PUBLISH->AddContent( 'xmlform', 'xmlform', 'setup/wsMessage' );
G::RenderPage( "publish" );
} else {
$G_PUBLISH = new Publisher();
$G_PUBLISH->AddContent( 'view', 'setup/webServicesTree' );
$G_PUBLISH->AddContent( 'smarty', 'groups/groups_usersList', '', '', array () );
G::RenderPage( "publish-treeview", 'blank' );
}
$link_Edit = G::encryptlink( 'webServicesSetup' );
$link_List = G::encryptlink( 'webServicesList' );
?>
<script>
document.body.style.backgroundColor="#fff";
var oAux = document.getElementById("publisherContent[0]");
oAux.id = "publisherContent[666]";
var currentGroup=false;
function webServicesSetup(){
popupWindow('' , '<?php echo $link_Edit ?>' , 500 , 225 );
}
function showFormWS( uid, element ){
currentGroup = uid;
var oRPC = new leimnud.module.rpc.xmlhttp({
url : '../setup/webServicesAjax',
async : false,
method: 'POST',
args : 'action=showForm&wsID=' + uid
});
oRPC.make();
document.getElementById('spanUsersList').innerHTML = oRPC.xmlhttp.responseText;
if ((uid == 'NewCase') || (uid == 'NewCaseImpersonate')) {
var scs=oRPC.xmlhttp.responseText.extractScript();scs.evalScript();
}
}
function execWebService( uid) {
var oRPC = new leimnud.module.rpc.xmlhttp({
url : '../setup/webServicesAjax',
async : true,
method: 'POST',
args : 'action=execWebService&wsID=' + uid
});
oRPC.callback = function(rpc) {
var scs = rpc.xmlhttp.responseText.extractScript();
document.getElementById('spanUsersList').innerHTML = rpc.xmlhttp.responseText;
scs.evalScript();
}.extend(this);
oRPC.make();
}
submitThisForm = function(oForm) {
var oAux;
var bContinue = true;
if(bContinue) {
result = ajax_post(oForm.action, oForm, 'POST', function(response){
var scs = response.extractScript();
document.getElementById('spanUsersList').innerHTML = response;
scs.evalScript();
});
refreshTree();
}
};
function callbackWebService( ) {
/*
var oRPC = new leimnud.module.rpc.xmlhttp({
url : '../setup/webServicesAjax',
async : false,
method: 'POST',
args : 'action=execWebService&wsID=' + uid
});
oRPC.make();
document.getElementById('spanUsersList').innerHTML = oRPC.xmlhttp.responseText;
*/
document.getElementById('spanUsersList').innerHTML = 'hola';
}
function saveGroup( form ) {
ajax_post( form.action, form, 'POST' );
currentPopupWindow.remove();
refreshTree();
}
function refreshTree(){
tree.refresh( document.getElementById("publisherContent[666]") , '<?php echo $link_List ?>');
}
function showDetails(){
var oRPC = new leimnud.module.rpc.xmlhttp({
url : '../setup/webServicesAjax',
async : false,
method: 'POST',
args : 'action=showDetails'
});
oRPC.make();
document.getElementById('spanUsersList').innerHTML = oRPC.xmlhttp.responseText;
}
showDetails();
function showUploadFilesForm(){
oIFrame = window.document.createElement('iframe');
oIFrame.style.border = '0';
oIFrame.style.width = '700px';
oIFrame.style.height = '400px';
oIFrame.src = 'webServicesAjax?action=showUploadFilesForm&';
document.getElementById('spanUsersList').innerHTML = '';
document.getElementById('spanUsersList').appendChild(oIFrame);
}
</script>

36
workflow/engine/methods/setup/webServicesList.php
View File

@@ -1,36 +0,0 @@
<?php
/**
* webServicesList.php
*
* ProcessMaker Open Source Edition
* Copyright (C) 2004 - 2008 Colosa Inc.23
*
* This program is free software: you can redistribute it and/or modify
* it under the terms of the GNU Affero General Public License as
* published by the Free Software Foundation, either version 3 of the
* License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* You should have received a copy of the GNU Affero General Public License
* along with this program. If not, see <http://www.gnu.org/licenses/>.
*
* For more information, contact Colosa Inc, 2566 Le Jeune Rd.,
* Coral Gables, FL, 33134, USA, or email info@colosa.com.
*/
if ($RBAC->userCanAccess( 'PM_SETUP' ) != 1 && $RBAC->userCanAccess( 'PM_FACTORY' ) != 1) {
G::SendTemporalMessage( 'ID_USER_HAVENT_RIGHTS_PAGE', 'error', 'labels' );
//G::header('location: ../login/login');
die();
}
//G::genericForceLogin( 'WF_MYINFO' , 'login/noViewPage', $urlLogin = 'login/login' );
$G_PUBLISH = new Publisher();
$G_PUBLISH->AddContent( 'view', 'setup/webServicesTree' );
G::RenderPage( "publish-raw", "raw" );

80
workflow/engine/src/ProcessMaker/Util/ParseSoapVariableName.php Normal file
View File

@@ -0,0 +1,80 @@
<?php
namespace ProcessMaker\Util;
/**
* Constructs the name of the variable starting from a string representing the
* depth of the array.
*/
class ParseSoapVariableName
{
/**
* Constructs the name of the variable starting from a string representing
* the depth of the array.
*
* @param array $field
* @param string $name
* @param object $value
* @return void
*/
public function buildVariableName(&$field, $name, $value)
{
if (!$this->isValidVariableName($name)) {
$context = \Bootstrap::getDefaultContextLog();
$context['action'] = 'soap2';
$context['exception'] = 'Invalid param: '.G::json_encode($name);
\Bootstrap::registerMonolog('soap2', 400, 'NewCase', $context, $context['workspace'], 'processmaker.log');
return;
}
$brackets = $this->searchBrackets($name);
if (empty($brackets)) {
$field[$name] = $value;
} else {
$current = &$field;
foreach ($brackets as $extension) {
if (!isset($current[$extension])) {
$current[$extension] = [];
}
$current = &$current[$extension];
}
$current = $value;
}
}
/**
* Analysis of string representing the depth of the array, represented by a
* valid index name and brackets as separators.
*
* @param type $string
*
* @return array
*/
private function searchBrackets($string)
{
$stringClean = str_replace(' ', '', $string);
$explode = explode('][', $stringClean);
return $explode;
}
/**
* Verify if the index name of the array is valid.
*
* @param string $name
*
* @return bool
*/
public function isValidVariableName($name)
{
if (is_string($name) === true) {
if (preg_match("/^[0-9a-zA-Z\_\[\]]+$/", $name)) {
return true;
}
}
return false;
}
}

10
workflow/engine/templates/pmTables/export.js
View File

@@ -72,7 +72,11 @@ Export.configure = function()
e.stopEvent(); e.stopEvent();
var index = Export.targetGrid.getView().findRowIndex(t); var index = Export.targetGrid.getView().findRowIndex(t);
var record = Export.targetGrid.store.getAt(index); var record = Export.targetGrid.store.getAt(index);
if (record.data['_SCHEMA'] !== true) {
return false;
}
if(record.data['PRO_UID']) { if(record.data['PRO_UID']) {
PMExt.info(_('ID_INFO'), _('ID_REPORT_TABLES_DATA_EXPORT_NOT_ALLOWED')); PMExt.info(_('ID_INFO'), _('ID_REPORT_TABLES_DATA_EXPORT_NOT_ALLOWED'));
return false; return false;
@@ -210,6 +214,10 @@ Ext.ux.grid.CheckColumn.prototype ={
var index = this.grid.getView().findRowIndex(t); var index = this.grid.getView().findRowIndex(t);
var record = this.grid.store.getAt(index); var record = this.grid.store.getAt(index);
record.set(this.dataIndex, !record.data[this.dataIndex]); record.set(this.dataIndex, !record.data[this.dataIndex]);
//if schema check is selected/unselected,
//the data column is always initialized to unchecked
record.set('_DATA', false);
} }
}, },