HOR-4931
This commit is contained in:
Paula Quispe
@@ -2,19 +2,18 @@
|
||||
namespace ProcessMaker\Services\Api;
|
||||
|
||||
|
||||
use AppDocument;
|
||||
use AppDelegation;
|
||||
use AppDelegationPeer;
|
||||
use AppDocument;
|
||||
use Criteria;
|
||||
use Exception;
|
||||
use ListUnassigned;
|
||||
use Luracast\Restler\RestException;
|
||||
use ProcessMaker\BusinessModel\Cases as BmCases;
|
||||
use ProcessMaker\BusinessModel\User as BmUser;
|
||||
use ProcessMaker\BusinessModel\ProcessSupervisor as BmProcessSupervisor;
|
||||
use ProcessMaker\Util\DateTime;
|
||||
use ProcessMaker\BusinessModel\Validator;
|
||||
use ProcessMaker\Services\Api;
|
||||
use ProcessMaker\Util\DateTime;
|
||||
use RBAC;
|
||||
|
||||
|
||||
/**
|
||||
@@ -40,6 +39,28 @@ class Cases extends Api
|
||||
"note_date"
|
||||
];
|
||||
|
||||
/**
|
||||
* Constructor of the class
|
||||
* We will to define the $RBAC definition
|
||||
*/
|
||||
public function __construct()
|
||||
{
|
||||
global $RBAC;
|
||||
if (!isset($RBAC)) {
|
||||
$RBAC = RBAC::getSingleton(PATH_DATA, session_id());
|
||||
$RBAC->sSystem = 'PROCESSMAKER';
|
||||
$RBAC->initRBAC();
|
||||
$RBAC->loadUserRolePermission($RBAC->sSystem, $this->getUserId());
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* This function adds customized validations for allow the access to functions
|
||||
* If does not have access will be return 401
|
||||
*
|
||||
* @return boolean
|
||||
* @throws Exception
|
||||
*/
|
||||
public function __isAllowed()
|
||||
{
|
||||
try {
|
||||
@@ -657,10 +678,11 @@ class Cases extends Api
|
||||
$search = ''
|
||||
) {
|
||||
try {
|
||||
$dataList['userId'] = $this->getUserId();
|
||||
global $RBAC;
|
||||
//If the user does not have PM_ALLCASES we will be able to search for cases in which the user has participated
|
||||
$dataList['userId'] = ($RBAC->userCanAccess('PM_ALLCASES') == 1)? '' : $this->getUserId();
|
||||
$dataList['action'] = 'search';
|
||||
$dataList['paged'] = false;
|
||||
|
||||
$dataList['start'] = $start;
|
||||
$dataList['limit'] = $limit;
|
||||
$dataList['sort'] = $sort;
|
||||
@@ -713,10 +735,11 @@ class Cases extends Api
|
||||
$search = ''
|
||||
) {
|
||||
try {
|
||||
$dataList['userId'] = $this->getUserId();
|
||||
global $RBAC;
|
||||
//If the user does not have PM_ALLCASES we will be able to search for cases in which the user has participated
|
||||
$dataList['userId'] = ($RBAC->userCanAccess('PM_ALLCASES') == 1)? '' : $this->getUserId();
|
||||
$dataList['action'] = 'search';
|
||||
$dataList['paged'] = true;
|
||||
|
||||
$dataList['start'] = $start;
|
||||
$dataList['limit'] = $limit;
|
||||
$dataList['sort'] = $sort;
|
||||
|
||||
Reference in New Issue
Block a user