fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merged in release/3.6.4 (pull request #7920)

Browse Source 
release/3.6.4

Approved-by: Julio Cesar Laura Avendaño
This commit is contained in:
Paula Quispe
2021-05-10 13:04:24 +00:00
committed by Julio Cesar Laura Avendaño
parent fb9e07a5ad 17f62d2696
commit 5e083a3ed1
2 changed files with 13 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
workflow/engine/src/ProcessMaker/Model/ProcessUser.php
View File

@@ -38,11 +38,10 @@ class ProcessUser extends Model
*/
public function scopeProcessGroupSupervisor($query, $userUid)
{
$query->where('PU_TYPE', 'GROUP_SUPERVISOR');
$query->leftJoin('GROUP_USER', function ($leftJoin) use ($userUid) {
$leftJoin->on('PROCESS_USER.USR_UID', '=', 'GROUP_USER.GRP_UID')
->where('GROUP_USER.USR_UID', $userUid);
});
// Ge the groups related to the user, Todo, implement the field PROCESS_USER.GRP_ID
$groups = GroupUser::getGroups($userUid, 'GRP_UID');
$query->where('PROCESS_USER.PU_TYPE', 'GROUP_SUPERVISOR');
$query->whereIn('PROCESS_USER.USR_UID', $groups);
$query->joinProcess();
return $query;

11
workflow/engine/src/ProcessMaker/Validation/SqlBlacklist.php
View File

@@ -100,6 +100,10 @@ class SqlBlacklist extends Parser
$signed = get_class($statement);
foreach (Parser::$STATEMENT_PARSERS as $key => $value) {
if ($signed === $value && in_array(strtoupper($key), $config['statements'])) {
//SHOW statement is a special case, it does not require a table name
if (strtoupper($key) === 'SHOW') {
throw new Exception(G::loadTranslation('ID_INVALID_QUERY'));
}
$notExecuteQuery = true;
break;
}
@@ -116,13 +120,16 @@ class SqlBlacklist extends Parser
if ($key === 'table' && is_string($value)) {
$callback($value);
}
if ($key === 'token' && is_string($value)) {
$callback($value);
}
}
};
//verify system tables
$tables = $config['tables'];
$fn($this->statements, function ($table) use ($tables) {
if (in_array($table, $tables)) {
$fn($this->statements, function ($table) use ($tables, $notExecuteQuery) {
if (in_array($table, $tables) && $notExecuteQuery) {
throw new Exception(G::loadTranslation('ID_NOT_EXECUTE_QUERY', [$table]));
}
});