fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merged in bugfix/HOR-3482-T (pull request #5868)

Browse Source 
HOR-3482
This commit is contained in:
Paula Quispe
2017-08-07 03:38:25 +00:00
committed by Julio Cesar Laura Avendaño
parent 044ab74a9c 445b19014c
commit 56ef252e99
5 changed files with 93 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

27
workflow/engine/classes/class.case.php
View File

@@ -5788,8 +5788,8 @@ class Cases
* @param string $tasUid * @param string $tasUid
* @param string $usrUid * @param string $usrUid
* @param string $action some action [VIEW, BLOCK, RESEND] * @param string $action some action [VIEW, BLOCK, RESEND]
* @param string $delIndex * @param integer $delIndex
* @return Array within all user permitions all objects' types * @return array within all user permissions all objects' types
*/ */
public function getAllObjectsFrom($proUid, $appUid, $tasUid = '', $usrUid = '', $action = '', $delIndex = 0) public function getAllObjectsFrom($proUid, $appUid, $tasUid = '', $usrUid = '', $action = '', $delIndex = 0)
{ {
@@ -5808,6 +5808,7 @@ class Cases
$result = array( $result = array(
"DYNAFORM" => array(), "DYNAFORM" => array(),
"INPUT" => array(), "INPUT" => array(),
"ATTACHMENT" => array(),
"OUTPUT" => array(), "OUTPUT" => array(),
"CASES_NOTES" => 0, "CASES_NOTES" => 0,
"MSGS_HISTORY" => array() "MSGS_HISTORY" => array()
@@ -5878,6 +5879,15 @@ class Cases
$opObjUid, $opObjUid,
$aCase['APP_STATUS'] $aCase['APP_STATUS']
); );
//For Attachment
$result['ATTACHMENT'] = $oObjectPermission->objectPermissionByOutputInput(
$appUid,
$proUid,
$opTaskSource,
'ATTACHED',
$opObjUid,
$aCase['APP_STATUS']
);
$result['CASES_NOTES'] = 1; $result['CASES_NOTES'] = 1;
/*----------------------------------********---------------------------------*/ /*----------------------------------********---------------------------------*/
@@ -5914,6 +5924,16 @@ class Cases
$aCase['APP_STATUS'] $aCase['APP_STATUS']
); );
break; break;
case 'ATTACHMENT':
$result['ATTACHMENT'] = $oObjectPermission->objectPermissionByOutputInput(
$appUid,
$proUid,
$opTaskSource,
'ATTACHED',
$opObjUid,
$aCase['APP_STATUS']
);
break;
case 'OUTPUT': case 'OUTPUT':
$result['OUTPUT'] = $oObjectPermission->objectPermissionByOutputInput( $result['OUTPUT'] = $oObjectPermission->objectPermissionByOutputInput(
$appUid, $appUid,
@@ -5948,9 +5968,10 @@ class Cases
} }
} }
return Array( return array(
"DYNAFORMS" => $result['DYNAFORM'], "DYNAFORMS" => $result['DYNAFORM'],
"INPUT_DOCUMENTS" => $result['INPUT'], "INPUT_DOCUMENTS" => $result['INPUT'],
"ATTACHMENTS" => $result['ATTACHMENT'],
"OUTPUT_DOCUMENTS" => $result['OUTPUT'], "OUTPUT_DOCUMENTS" => $result['OUTPUT'],
"CASES_NOTES" => $result['CASES_NOTES'], "CASES_NOTES" => $result['CASES_NOTES'],
"MSGS_HISTORY" => $result['MSGS_HISTORY'] "MSGS_HISTORY" => $result['MSGS_HISTORY']

73
workflow/engine/classes/model/AppDocument.php
View File

@@ -547,6 +547,7 @@ class AppDocument extends BaseAppDocument
*/ */
public function canDownloadInput($user, $appDocUid, $version) public function canDownloadInput($user, $appDocUid, $version)
{ {
//Check if the the requester is the owner in the file
$oCriteria = new Criteria('workflow'); $oCriteria = new Criteria('workflow');
$oCriteria->addSelectColumn(AppDocumentPeer::APP_UID); $oCriteria->addSelectColumn(AppDocumentPeer::APP_UID);
$oCriteria->addJoin(AppDocumentPeer::DOC_UID, InputDocumentPeer::INP_DOC_UID, Criteria::LEFT_JOIN); $oCriteria->addJoin(AppDocumentPeer::DOC_UID, InputDocumentPeer::INP_DOC_UID, Criteria::LEFT_JOIN);
@@ -560,11 +561,11 @@ class AppDocument extends BaseAppDocument
if ($dataset->getRow()) { if ($dataset->getRow()) {
return true; return true;
} else { } else {
//Review if is a INPUT or ATTACHED
$oCriteria = new Criteria("workflow"); $oCriteria = new Criteria("workflow");
$oCriteria->addSelectColumn(AppDocumentPeer::APP_UID); $oCriteria->addSelectColumn(AppDocumentPeer::APP_UID);
$oCriteria->addSelectColumn(AppDocumentPeer::DOC_UID); $oCriteria->addSelectColumn(AppDocumentPeer::DOC_UID);
$oCriteria->addSelectColumn(InputDocumentPeer::PRO_UID); $oCriteria->addSelectColumn(AppDocumentPeer::APP_DOC_TYPE);
$oCriteria->addJoin(AppDocumentPeer::DOC_UID, InputDocumentPeer::INP_DOC_UID, Criteria::LEFT_JOIN);
$oCriteria->add(AppDocumentPeer::APP_DOC_UID, $appDocUid); $oCriteria->add(AppDocumentPeer::APP_DOC_UID, $appDocUid);
$oCriteria->add(AppDocumentPeer::DOC_VERSION, $version); $oCriteria->add(AppDocumentPeer::DOC_VERSION, $version);
$oCriteria->setLimit(1); $oCriteria->setLimit(1);
@@ -572,28 +573,56 @@ class AppDocument extends BaseAppDocument
$dataset->setFetchmode(ResultSet::FETCHMODE_ASSOC); $dataset->setFetchmode(ResultSet::FETCHMODE_ASSOC);
$dataset->next(); $dataset->next();
$row = $dataset->getRow(); $row = $dataset->getRow();
$cases = new \ProcessMaker\BusinessModel\Cases(); if ($row['DOC_UID'] == '-1') {
$userAuthorization = $cases->userAuthorization( //If is an attached we only verify if is a supervisor in the process
$user, $appUid = $row['APP_UID'];
$row['PRO_UID'], $oApplication = new Application();
$row['APP_UID'], $aColumns = $oApplication->Load($appUid);
array(), $cases = new \ProcessMaker\BusinessModel\Cases();
array('INPUT_DOCUMENTS' => 'VIEW') $userAuthorization = $cases->userAuthorization(
); $user,
$aColumns['PRO_UID'],
if (in_array($appDocUid, $userAuthorization['objectPermissions']['INPUT_DOCUMENTS'])) { $appUid,
return true; array(),
} array('ATTACHMENTS' => 'VIEW')
);
if ($userAuthorization['supervisor']) { //Has permissions?
$criteria = new Criteria("workflow"); if (in_array($appDocUid, $userAuthorization['objectPermissions']['ATTACHMENTS'])) {
$criteria->addSelectColumn(StepSupervisorPeer::STEP_UID);
$criteria->add(StepSupervisorPeer::STEP_TYPE_OBJ, "INPUT_DOCUMENT", \Criteria::EQUAL);
$criteria->add(StepSupervisorPeer::STEP_UID_OBJ, $row['DOC_UID'], \Criteria::EQUAL);
$rsCriteria = StepSupervisorPeer::doSelectRS($criteria);
if ($rsCriteria->next()) {
return true; return true;
} }
//Is supervisor?
if ($userAuthorization['supervisor']) {
return true;
}
} else {
//If is an file related an input document, we will check if the user is a supervisor or has permissions
$appUid = $row['APP_UID'];
$oInputDoc = new InputDocument();
$aColumns = $oInputDoc->Load($row['DOC_UID']);
$cases = new \ProcessMaker\BusinessModel\Cases();
$userAuthorization = $cases->userAuthorization(
$user,
$aColumns['PRO_UID'],
$appUid,
array(),
array('INPUT_DOCUMENTS' => 'VIEW')
);
//Has permissions?
if (in_array($appDocUid, $userAuthorization['objectPermissions']['INPUT_DOCUMENTS'])) {
return true;
}
//Is supervisor?
if ($userAuthorization['supervisor']) {
//Review if the supervisor has assigned the object input document
$criteria = new Criteria("workflow");
$criteria->addSelectColumn(StepSupervisorPeer::STEP_UID);
$criteria->add(StepSupervisorPeer::STEP_TYPE_OBJ, "INPUT_DOCUMENT", \Criteria::EQUAL);
$criteria->add(StepSupervisorPeer::STEP_UID_OBJ, $row['DOC_UID'], \Criteria::EQUAL);
$rsCriteria = StepSupervisorPeer::doSelectRS($criteria);
if ($rsCriteria->next()) {
return true;
}
}
} }
} }
return false; return false;

11
workflow/engine/classes/model/ObjectPermission.php
View File

@@ -383,10 +383,10 @@ class ObjectPermission extends BaseObjectPermission
} }
switch ($obType) { switch ($obType) {
case 'INPUT': case 'INPUT':
$oCriteria->add( $oCriteria->add(AppDocumentPeer::APP_DOC_TYPE, 'INPUT');
$oCriteria->getNewCriterion(AppDocumentPeer::APP_DOC_TYPE, 'INPUT')-> break;
addOr($oCriteria->getNewCriterion(AppDocumentPeer::APP_DOC_TYPE, 'ATTACHED')) case 'ATTACHED':
); $oCriteria->add(AppDocumentPeer::APP_DOC_TYPE, 'ATTACHED');
break; break;
case 'OUTPUT': case 'OUTPUT':
$oCriteria->add(AppDocumentPeer::APP_DOC_TYPE, 'OUTPUT'); $oCriteria->add(AppDocumentPeer::APP_DOC_TYPE, 'OUTPUT');
@@ -399,9 +399,6 @@ class ObjectPermission extends BaseObjectPermission
$result = array(); $result = array();
while ($oDataset->next()) { while ($oDataset->next()) {
$aRow = $oDataset->getRow(); $aRow = $oDataset->getRow();
if ($aRow['APP_DOC_TYPE'] == "ATTACHED") {
$aRow['APP_DOC_TYPE'] = "INPUT";
}
if (!in_array($aRow['APP_DOC_UID'], $result)) { if (!in_array($aRow['APP_DOC_UID'], $result)) {
array_push($result, $aRow['APP_DOC_UID']); array_push($result, $aRow['APP_DOC_UID']);
} }

22
workflow/engine/src/ProcessMaker/BusinessModel/ProcessPermissions.php
View File

@@ -1,6 +1,7 @@
<?php <?php
namespace ProcessMaker\BusinessModel; namespace ProcessMaker\BusinessModel;
use Behat\Behat\Exception\Exception;
use \G; use \G;
use \Cases; use \Cases;
use \Criteria; use \Criteria;
@@ -207,24 +208,22 @@ class ProcessPermissions
/** /**
* Save Process Permission * Save Process Permission
* *
* @var array $data. Data for Process Permission * @var array $data, Data for Process Permission
* @var string $op_uid. Uid for Process Permission * @var string $opUid, Uid for Process Permission
* *
* @access public * @access public
* @author Brayan Pereyra (Cochalo) <brayan@colosa.com>
* @copyright Colosa - Bolivia
* *
* @return void * @return void
* @throws Exception
*/ */
public function saveProcessPermission($data, $opUid = '')
public function saveProcessPermission($data, $op_uid = '')
{ {
try { try {
$data = array_change_key_case($data, CASE_UPPER); $data = array_change_key_case($data, CASE_UPPER);
$this->validateProUid($data['PRO_UID']); $this->validateProUid($data['PRO_UID']);
if ($op_uid != '') { if ($opUid != '') {
$op_uid = $this->validateOpUid($op_uid); $opUid = $this->validateOpUid($opUid);
} }
if ($data['OP_USER_RELATION'] == "1") { if ($data['OP_USER_RELATION'] == "1") {
$this->validateUsrUid($data['USR_UID']); $this->validateUsrUid($data['USR_UID']);
@@ -257,6 +256,9 @@ class ProcessPermissions
} }
$sObjectUID = $data['DYNAFORMS']; $sObjectUID = $data['DYNAFORMS'];
break; break;
case 'ATTACHED':
$sObjectUID = '';
break;
case 'INPUT': case 'INPUT':
$data['INPUTS'] = $data['INPUTS'] == 0 ? '': $data['INPUTS']; $data['INPUTS'] = $data['INPUTS'] == 0 ? '': $data['INPUTS'];
if ($data['INPUTS'] != '') { if ($data['INPUTS'] != '') {
@@ -273,11 +275,11 @@ class ProcessPermissions
break; break;
} }
$oOP = new \ObjectPermission(); $oOP = new \ObjectPermission();
$permissionUid = ($op_uid != '') ? $op_uid : G::generateUniqueID(); $permissionUid = ($opUid != '') ? $opUid : G::generateUniqueID();
$data['OP_UID'] = $permissionUid; $data['OP_UID'] = $permissionUid;
$data['OP_OBJ_UID'] = $sObjectUID; $data['OP_OBJ_UID'] = $sObjectUID;
if ($op_uid == '') { if ($opUid == '') {
$oOP->fromArray( $data, \BasePeer::TYPE_FIELDNAME ); $oOP->fromArray( $data, \BasePeer::TYPE_FIELDNAME );
$oOP->save(); $oOP->save();
$daraRes = $oOP->load($permissionUid); $daraRes = $oOP->load($permissionUid);

4
workflow/engine/src/ProcessMaker/Services/Api/Project/ProcessPermissions.php
View File

@@ -65,7 +65,7 @@ class ProcessPermissions extends Api
* @param string $op_user_relation {@from body} {@choice 1,2} * @param string $op_user_relation {@from body} {@choice 1,2}
* @param string $op_case_status {@from body} {@choice ALL,DRAFT,TO_DO,PAUSED,COMPLETED} * @param string $op_case_status {@from body} {@choice ALL,DRAFT,TO_DO,PAUSED,COMPLETED}
* @param string $op_participate {@from body} {@choice 0,1} * @param string $op_participate {@from body} {@choice 0,1}
* @param string $op_obj_type {@from body} {@choice ANY,DYNAFORM,INPUT,OUTPUT,CASES_NOTES,MSGS_HISTORY,SUMMARY_FORM} * @param string $op_obj_type {@from body} {@choice ANY,DYNAFORM,ATTACHMENT,INPUT,OUTPUT,CASES_NOTES,MSGS_HISTORY,SUMMARY_FORM}
* @param string $op_action {@from body} {@choice VIEW,BLOCK,DELETE,RESEND} * @param string $op_action {@from body} {@choice VIEW,BLOCK,DELETE,RESEND}
* @param string $tas_uid {@from body} * @param string $tas_uid {@from body}
* @param string $op_task_source {@from body} * @param string $op_task_source {@from body}
@@ -123,7 +123,7 @@ class ProcessPermissions extends Api
* @param string $op_user_relation {@from body} {@choice 1,2} * @param string $op_user_relation {@from body} {@choice 1,2}
* @param string $op_case_status {@from body} {@choice ALL,DRAFT,TO_DO,PAUSED,COMPLETED} * @param string $op_case_status {@from body} {@choice ALL,DRAFT,TO_DO,PAUSED,COMPLETED}
* @param string $op_participate {@from body} {@choice 0,1} * @param string $op_participate {@from body} {@choice 0,1}
* @param string $op_obj_type {@from body} {@choice ANY,DYNAFORM,INPUT,OUTPUT,CASES_NOTES,MSGS_HISTORY,SUMMARY_FORM} * @param string $op_obj_type {@from body} {@choice ANY,DYNAFORM,ATTACHMENT,INPUT,OUTPUT,CASES_NOTES,MSGS_HISTORY,SUMMARY_FORM}
* @param string $op_action {@from body} {@choice VIEW,BLOCK,DELETE,RESEND} * @param string $op_action {@from body} {@choice VIEW,BLOCK,DELETE,RESEND}
* @param string $tas_uid {@from body} * @param string $tas_uid {@from body}
* @param string $op_task_source {@from body} * @param string $op_task_source {@from body}