diff --git a/workflow/engine/classes/WsBase.php b/workflow/engine/classes/WsBase.php index 2342ee227..631e5e23c 100644 --- a/workflow/engine/classes/WsBase.php +++ b/workflow/engine/classes/WsBase.php @@ -3007,11 +3007,14 @@ class WsBase } if (!in_array($userIdTarget, $userList)) { - $result = new WsResponse(34, G::loadTranslation('ID_TARGET_USER_DOES_NOT_HAVE_RIGHTS')); - - $g->sessionVarRestore(); - - return $result; + $bmCase = new BmCases(); + if (!$bmCase->isSupervisor($userIdTarget, $rows['APP_NUMBER'])){ + $result = new WsResponse(34, G::loadTranslation('ID_TARGET_USER_DOES_NOT_HAVE_RIGHTS')); + + $g->sessionVarRestore(); + + return $result; + } } /** diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php b/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php index abf64e254..9430d8fb1 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php @@ -1162,16 +1162,17 @@ class Cases $appDelegation = new AppDelegation(); $delegation = $appDelegation->load($appUid, $index); if (empty($delegation['USR_UID'])) { - $case = new ClassesCases(); - $case->loadCase($appUid); + $classesCase = new ClassesCases(); + $case = $classesCase->loadCase($appUid); //Review if the user can be claim the case - if (!$case->isSelfService($userUid, $delegation['TAS_UID'], $appUid)) { - $message = preg_replace("##i", "", G::LoadTranslation("ID_NO_PERMISSION_NO_PARTICIPATED")); - throw new Exception($message); + if (!$classesCase->isSelfService($userUid, $delegation['TAS_UID'], $appUid)) { + if (!$this->isSupervisor($userUid, $case['APP_NUMBER'])){ + $message = preg_replace("##i", "", G::LoadTranslation("ID_NO_PERMISSION_NO_PARTICIPATED")); + throw new Exception($message); + } } - - $case->setCatchUser($appUid, $index, $userUid); + $classesCase->setCatchUser($appUid, $index, $userUid); } else { throw new Exception(G::LoadTranslation("ID_CASE_USER_INVALID_CLAIM_CASE", [$userUid])); }