fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merge remote-tracking branch 'origin/feature/HOR-3559' into bugfix/HOR-3633-C

Browse Source
This commit is contained in:
hjonathan
2017-08-09 10:32:34 -04:00
parent 6991839309 158a3c05a3
commit 6b42d59c2b
12 changed files with 814 additions and 667 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
gulliver/system/class.g.php
View File

@@ -638,7 +638,7 @@ class G
* @param string $strSkin
* @return void
*/
public function RenderPage ($strTemplate = "default", $strSkin = SYS_SKIN, $objContent = null, $layout = '')
public static function RenderPage ($strTemplate = "default", $strSkin = SYS_SKIN, $objContent = null, $layout = '')
{
global $G_CONTENT;
global $G_TEMPLATE;
@@ -1989,7 +1989,7 @@ class G
*
* @return void
*/
public function SendTemporalMessage ($msgID, $strType, $sType = 'LABEL', $time = null, $width = null, $customLabels = null)
public static function SendTemporalMessage ($msgID, $strType, $sType = 'LABEL', $time = null, $width = null, $customLabels = null)
{
if (isset( $width )) {
$_SESSION['G_MESSAGE_WIDTH'] = $width;
@@ -5736,7 +5736,7 @@ class G
*
* @return showRes($string)
*/
public function outRes ($sInfVar)
public static function outRes ($sInfVar)
{
echo $sInfVar;
}

2
gulliver/system/class.pmException.php
View File

@@ -20,7 +20,7 @@ class PMException extends Exception
return __CLASS__ . ": [{$this->code}]: {$this->message}\n";
}
public function registerErrorLog($error, $token){
public static function registerErrorLog($error, $token){
$ws = (defined("SYS_SYS"))? SYS_SYS : "Wokspace Undefined";
Bootstrap::registerMonolog('ExceptionCron', 400, $error->getMessage(), array('token'=>$token), $ws, 'processmaker.log');
}

21
gulliver/system/class.rbac.php
View File

@@ -25,6 +25,9 @@
* Coral Gables, FL, 33134, USA, or email info@colosa.com.
*
*/
use ProcessMaker\Exception\RBACException;
/**
* File: $Id$
*
@@ -148,8 +151,21 @@ class RBAC
),
'newSite.php' => array(
'newSite.php' => array('PM_SETUP_ADVANCE')
),
'emailsAjax.php' => array(
'MessageList' => array('PM_SETUP', 'PM_SETUP_LOGS'),
'updateStatusMessage' => array('PM_SETUP', 'PM_SETUP_LOGS'),
),
'processCategory_Ajax.php' => array(
'processCategoryList' => array('PM_SETUP', 'PM_SETUP_PROCESS_CATEGORIES'),
'updatePageSize' => array('PM_SETUP', 'PM_SETUP_PROCESS_CATEGORIES'),
'checkCategoryName' => array('PM_SETUP', 'PM_SETUP_PROCESS_CATEGORIES'),
'saveNewCategory' => array('PM_SETUP', 'PM_SETUP_PROCESS_CATEGORIES'),
'checkEditCategoryName' => array('PM_SETUP', 'PM_SETUP_PROCESS_CATEGORIES'),
'updateCategory' => array('PM_SETUP', 'PM_SETUP_PROCESS_CATEGORIES'),
'canDeleteCategory' => array('PM_SETUP', 'PM_SETUP_PROCESS_CATEGORIES'),
'deleteCategory' => array('PM_SETUP', 'PM_SETUP_PROCESS_CATEGORIES')
)
);
}
@@ -1546,8 +1562,7 @@ class RBAC
}
if (!$access) {
G::header('Location: /errors/error403.php');
die();
throw new RBACException('ID_ACCESS_DENIED', 403);
}
}
}

53
workflow/engine/classes/model/ListParticipatedLast.php
View File

@@ -49,19 +49,24 @@ class ListParticipatedLast extends BaseListParticipatedLast
$data['DEL_CURRENT_USR_FIRSTNAME'] = $aRow['USR_FIRSTNAME'];
$data['DEL_CURRENT_USR_LASTNAME'] = $aRow['USR_LASTNAME'];
$data['DEL_CURRENT_TAS_TITLE'] = $data['APP_TAS_TITLE'];
$currentInformation = array(
'DEL_CURRENT_USR_USERNAME' => $data['DEL_CURRENT_USR_USERNAME'],
'DEL_CURRENT_USR_FIRSTNAME' => $data['DEL_CURRENT_USR_FIRSTNAME'],
'DEL_CURRENT_USR_LASTNAME' => $data['DEL_CURRENT_USR_LASTNAME'],
'DEL_CURRENT_TAS_TITLE' => $data['APP_TAS_TITLE']
);
}
} else {
$getData['USR_UID'] = $data['USR_UID_CURRENT'];
$getData['APP_UID'] = $data['APP_UID'];
$row = $this->getRowFromList($getData);
if (is_array($row) && sizeof($row)) {
$set = array(
$currentInformation = array(
'DEL_CURRENT_USR_USERNAME' => '',
'DEL_CURRENT_USR_FIRSTNAME' => '',
'DEL_CURRENT_USR_LASTNAME' => '',
'APP_TAS_TITLE' => $data['APP_TAS_TITLE'],
'DEL_CURRENT_TAS_TITLE' => $data['APP_TAS_TITLE'], );
$this->updateCurrentUser($row, $set);
'DEL_CURRENT_TAS_TITLE' => $data['APP_TAS_TITLE']
);
}
}
@@ -84,6 +89,9 @@ class ListParticipatedLast extends BaseListParticipatedLast
if (!empty($data['APP_STATUS'])) {
$data['APP_STATUS_ID'] = Application::$app_status_values[$data['APP_STATUS']];
}
//We will update the current information
$this->updateCurrentInfoByAppUid($data['APP_UID'], $currentInformation);
$con = Propel::getConnection(ListParticipatedLastPeer::DATABASE_NAME);
try {
$this->fromArray($data, BasePeer::TYPE_FIELDNAME);
@@ -103,6 +111,27 @@ class ListParticipatedLast extends BaseListParticipatedLast
}
}
/**
* This function update the row related to the appUid with the current information
* @param string $appUid
* @param array $currentInformation
* @return void
*/
private function updateCurrentInfoByAppUid($appUid, $currentInformation)
{
//Update - WHERE
$criteriaWhere = new Criteria('workflow');
$criteriaWhere->add(ListParticipatedLastPeer::APP_UID, $appUid, Criteria::EQUAL);
//Update - SET
$criteriaSet = new Criteria('workflow');
$criteriaSet->add(ListParticipatedLastPeer::DEL_CURRENT_USR_USERNAME, $currentInformation['DEL_CURRENT_USR_USERNAME']);
$criteriaSet->add(ListParticipatedLastPeer::DEL_CURRENT_USR_FIRSTNAME, $currentInformation['DEL_CURRENT_USR_FIRSTNAME']);
$criteriaSet->add(ListParticipatedLastPeer::DEL_CURRENT_USR_LASTNAME, $currentInformation['DEL_CURRENT_USR_LASTNAME']);
$criteriaSet->add(ListParticipatedLastPeer::DEL_CURRENT_TAS_TITLE, $currentInformation['DEL_CURRENT_TAS_TITLE']);
BasePeer::doUpdate($criteriaWhere, $criteriaSet, Propel::getConnection('workflow'));
}
/**
* Update List Participated History Table.
*
@@ -448,22 +477,6 @@ class ListParticipatedLast extends BaseListParticipatedLast
return false;
}
public function updateCurrentUser($where, $set)
{
$con = Propel::getConnection('workflow');
//Update - WHERE
$criteriaWhere = new Criteria('workflow');
$criteriaWhere->add(ListParticipatedLastPeer::APP_UID, $where['APP_UID'], Criteria::EQUAL);
$criteriaWhere->add(ListParticipatedLastPeer::USR_UID, $where['USR_UID'], Criteria::EQUAL);
$criteriaWhere->add(ListParticipatedLastPeer::DEL_INDEX, $where['DEL_INDEX'], Criteria::EQUAL);
//Update - SET
$criteriaSet = new Criteria('workflow');
foreach ($set as $k => $v) {
eval('$criteriaSet->add( ListParticipatedLastPeer::'.$k.',$v, Criteria::EQUAL);');
}
BasePeer::doUpdate($criteriaWhere, $criteriaSet, $con);
}
/**
* Returns the number of cases of a user.
*

32
workflow/engine/controllers/pmTables.php
View File

@@ -152,6 +152,11 @@ class pmTables extends Controller
$sFileName = $httpData->f;
$realPath = $PUBLIC_ROOT_PATH . $sFileName;
if ($this->isValidFileToBeStreamed($sFileName) === false) {
throw new Exception("You are trying to access an unauthorized resource.");
}
G::streamFile( $realPath, true );
unlink( $realPath );
}
@@ -206,5 +211,32 @@ class pmTables extends Controller
$tableSize = $tableSize - 8; // Prefix PMT_
return $tableSize;
}
/**
* Validates if the file with the $fileName is a valid one,
* that is, it must be a file without relative references that
* can open a door to get some unauthorized system file and
* must have one of the valid file extensions.
*
* @param $fileName, emporal file name that will be streamed
* @return bool
*/
private function isValidFileToBeStreamed($fileName)
{
$result = true;
$validExtensionsForExporting = ['csv', 'pmt'];
$pathInfo = pathinfo($fileName);
if ($pathInfo['dirname'] !== '.') {
$result = false;
}
if (!in_array($pathInfo['extension'], $validExtensionsForExporting)) {
$result = false;
}
return $result;
}
}

21
workflow/engine/methods/login/login.php
View File

@@ -33,10 +33,23 @@ if ($browserSupported==false){
/*----------------------------------********---------------------------------*/
$aFields = array();
if (!isset($_GET['u'])) {
$aFields['URL'] = '';
} else {
$aFields['URL'] = htmlspecialchars(addslashes(stripslashes(strip_tags(trim(urldecode($_GET['u']))))));
//Validated redirect url
$aFields['URL'] = '';
if (!empty($_GET['u'])) {
//clean url with protocols
$flagUrl = true;
//Most used protocols
$protocols = ['https://', 'http://', 'ftp://', 'sftp://','smb://', 'file:', 'mailto:'];
foreach ($protocols as $protocol) {
if (strpos($_GET['u'], $protocol) !== false) {
$_GET['u'] = '';
$flagUrl = false;
break;
}
}
if ($flagUrl) {
$aFields['URL'] = htmlspecialchars(addslashes(stripslashes(strip_tags(trim(urldecode($_GET['u']))))));
}
}
if (!isset($_SESSION['G_MESSAGE'])) {

147
workflow/engine/methods/mails/emailsAjax.php
View File

@@ -1,23 +1,33 @@
<?php
$req = (isset($_POST['request']))? $_POST['request']:((isset($_REQUEST['request']))? $_REQUEST['request'] : 'No hayyy tal');
require_once 'classes/model/Content.php';
require_once 'classes/model/AppMessage.php';
require_once 'classes/model/AppDelegation.php';
require_once 'classes/model/Application.php';
use ProcessMaker\Exception\RBACException;
switch($req){
$req = (isset($_REQUEST['request']) ? $_REQUEST['request'] : '');
/** @var RBAC $RBAC */
global $RBAC;
switch ($RBAC->userCanAccess('PM_LOGIN')) {
case -2:
throw new RBACException('ID_USER_HAVENT_RIGHTS_SYSTEM', -2);
break;
case -1:
throw new RBACException('ID_USER_HAVENT_RIGHTS_PAGE', -1);
break;
}
$RBAC->allows(basename(__FILE__), $req);
switch ($req) {
case 'MessageList':
$start = (isset($_REQUEST['start']))? $_REQUEST['start'] : '0';
$limit = (isset($_REQUEST['limit']))? $_REQUEST['limit'] : '25';
$proUid = (isset($_REQUEST['process']))? $_REQUEST['process'] : '';
$eventype = (isset($_REQUEST['type']))? $_REQUEST['type'] : '';
$emailStatus = (isset($_REQUEST['status']))? $_REQUEST['status'] : '';
$sort = isset($_REQUEST['sort']) ? $_REQUEST['sort'] : '';
$dir = isset($_REQUEST['dir']) ? $_REQUEST['dir'] : 'ASC';
$dateFrom = isset( $_POST["dateFrom"] ) ? substr( $_POST["dateFrom"], 0, 10 ) : "";
$dateTo = isset( $_POST["dateTo"] ) ? substr( $_POST["dateTo"], 0, 10 ) : "";
$filterBy = (isset($_REQUEST['filterBy']))? $_REQUEST['filterBy'] : 'ALL';
$start = (isset($_REQUEST['start'])) ? $_REQUEST['start'] : '0';
$limit = (isset($_REQUEST['limit'])) ? $_REQUEST['limit'] : '25';
$proUid = (isset($_REQUEST['process'])) ? $_REQUEST['process'] : '';
$eventype = (isset($_REQUEST['type'])) ? $_REQUEST['type'] : '';
$emailStatus = (isset($_REQUEST['status'])) ? $_REQUEST['status'] : '';
$sort = isset($_REQUEST['sort']) ? $_REQUEST['sort'] : '';
$dir = isset($_REQUEST['dir']) ? $_REQUEST['dir'] : 'ASC';
$dateFrom = isset($_POST["dateFrom"]) ? substr($_POST["dateFrom"], 0, 10) : "";
$dateTo = isset($_POST["dateTo"]) ? substr($_POST["dateTo"], 0, 10) : "";
$filterBy = (isset($_REQUEST['filterBy'])) ? $_REQUEST['filterBy'] : 'ALL';
$response = new stdclass();
$response->status = 'OK';
@@ -28,10 +38,10 @@ switch($req){
$criteria->addJoin(AppMessagePeer::APP_UID, ApplicationPeer::APP_UID, Criteria::LEFT_JOIN);
if ($emailStatus != '') {
$criteria->add( AppMessagePeer::APP_MSG_STATUS, $emailStatus);
$criteria->add(AppMessagePeer::APP_MSG_STATUS, $emailStatus);
}
if ($proUid != '') {
$criteria->add( ApplicationPeer::PRO_UID, $proUid);
$criteria->add(ApplicationPeer::PRO_UID, $proUid);
}
$arrayType = [];
@@ -39,7 +49,7 @@ switch($req){
$pluginRegistry = PMPluginRegistry::getSingleton();
$statusEr = $pluginRegistry->getStatusPlugin('externalRegistration');
$flagEr = (preg_match('/^enabled$/', $statusEr))? 1 : 0;
$flagEr = (preg_match('/^enabled$/', $statusEr)) ? 1 : 0;
if ($flagEr == 0) {
$arrayType[] = 'EXTERNAL_REGISTRATION';
@@ -73,14 +83,14 @@ switch($req){
$dateTo = $dateTo . " 23:59:59";
}
$criteria->add( $criteria->getNewCriterion( AppMessagePeer::APP_MSG_DATE, $dateFrom, Criteria::GREATER_EQUAL )->addAnd( $criteria->getNewCriterion( AppMessagePeer::APP_MSG_DATE, $dateTo, Criteria::LESS_EQUAL ) ) );
$criteria->add($criteria->getNewCriterion(AppMessagePeer::APP_MSG_DATE, $dateFrom, Criteria::GREATER_EQUAL)->addAnd($criteria->getNewCriterion(AppMessagePeer::APP_MSG_DATE, $dateTo, Criteria::LESS_EQUAL)));
} else {
$dateFrom = $dateFrom . " 00:00:00";
$criteria->add( AppMessagePeer::APP_MSG_DATE, $dateFrom, Criteria::GREATER_EQUAL );
$criteria->add(AppMessagePeer::APP_MSG_DATE, $dateFrom, Criteria::GREATER_EQUAL);
}
} elseif ($dateTo != "") {
$dateTo = $dateTo . " 23:59:59";
$criteria->add( AppMessagePeer::APP_MSG_DATE, $dateTo, Criteria::LESS_EQUAL );
$criteria->add(AppMessagePeer::APP_MSG_DATE, $dateTo, Criteria::LESS_EQUAL);
}
//Number records total
@@ -118,10 +128,10 @@ switch($req){
$criteria->addSelectColumn(ProcessPeer::PRO_TITLE);
if ($emailStatus != '') {
$criteria->add( AppMessagePeer::APP_MSG_STATUS, $emailStatus);
$criteria->add(AppMessagePeer::APP_MSG_STATUS, $emailStatus);
}
if ($proUid != '') {
$criteria->add( ApplicationPeer::PRO_UID, $proUid);
$criteria->add(ApplicationPeer::PRO_UID, $proUid);
}
switch ($filterBy) {
@@ -152,24 +162,27 @@ switch($req){
$dateTo = $dateTo . " 23:59:59";
}
$criteria->add( $criteria->getNewCriterion( AppMessagePeer::APP_MSG_DATE, $dateFrom, Criteria::GREATER_EQUAL )->addAnd( $criteria->getNewCriterion( AppMessagePeer::APP_MSG_DATE, $dateTo, Criteria::LESS_EQUAL ) ) );
$criteria->add($criteria->getNewCriterion(AppMessagePeer::APP_MSG_DATE, $dateFrom, Criteria::GREATER_EQUAL)->addAnd($criteria->getNewCriterion(AppMessagePeer::APP_MSG_DATE, $dateTo, Criteria::LESS_EQUAL)));
} else {
$dateFrom = $dateFrom . " 00:00:00";
$criteria->add( AppMessagePeer::APP_MSG_DATE, $dateFrom, Criteria::GREATER_EQUAL );
$criteria->add(AppMessagePeer::APP_MSG_DATE, $dateFrom, Criteria::GREATER_EQUAL);
}
} elseif ($dateTo != "") {
$dateTo = $dateTo . " 23:59:59";
$criteria->add( AppMessagePeer::APP_MSG_DATE, $dateTo, Criteria::LESS_EQUAL );
$criteria->add(AppMessagePeer::APP_MSG_DATE, $dateTo, Criteria::LESS_EQUAL);
}
if ($sort != '') {
if (!in_array($sort, AppMessagePeer::getFieldNames(BasePeer::TYPE_FIELDNAME))) {
throw new Exception(G::LoadTranslation('ID_INVALID_VALUE_FOR', array('$sort')));
}
if ($dir == 'ASC') {
$criteria->addAscendingOrderByColumn($sort);
} else {
$criteria->addDescendingOrderByColumn($sort);
}
} else {
$oCriteria->addDescendingOrderByColumn(AppMessagePeer::APP_MSG_SEND_DATE );
$oCriteria->addDescendingOrderByColumn(AppMessagePeer::APP_MSG_SEND_DATE);
}
if ($limit != '') {
$criteria->setLimit($limit);
@@ -187,60 +200,60 @@ switch($req){
$index = 1;
$content = new Content();
$tasTitleDefault = G::LoadTranslation('ID_TASK_NOT_RELATED');
while ( $result->next() ) {
while ($result->next()) {
$row = $result->getRow();
$row['APP_MSG_FROM'] =htmlentities($row['APP_MSG_FROM'], ENT_QUOTES, "UTF-8");
$row['APP_MSG_STATUS'] = ucfirst ( $row['APP_MSG_STATUS']);
$row['APP_MSG_FROM'] = htmlentities($row['APP_MSG_FROM'], ENT_QUOTES, "UTF-8");
$row['APP_MSG_STATUS'] = ucfirst($row['APP_MSG_STATUS']);
switch ($filterBy) {
case 'CASES':
if ($row['DEL_INDEX'] != 0) {
$index = $row['DEL_INDEX'];
}
case 'CASES':
if ($row['DEL_INDEX'] != 0) {
$index = $row['DEL_INDEX'];
}
$criteria = new Criteria();
$criteria = new Criteria();
$criteria->addSelectColumn(AppCacheViewPeer::APP_TITLE);
$criteria->addSelectColumn(AppCacheViewPeer::APP_TAS_TITLE);
$criteria->add(AppCacheViewPeer::APP_UID, $row['APP_UID'], Criteria::EQUAL);
$criteria->add(AppCacheViewPeer::DEL_INDEX, $index, Criteria::EQUAL);
$criteria->addSelectColumn(AppCacheViewPeer::APP_TITLE);
$criteria->addSelectColumn(AppCacheViewPeer::APP_TAS_TITLE);
$criteria->add(AppCacheViewPeer::APP_UID, $row['APP_UID'], Criteria::EQUAL);
$criteria->add(AppCacheViewPeer::DEL_INDEX, $index, Criteria::EQUAL);
$resultCacheView = AppCacheViewPeer::doSelectRS($criteria);
$resultCacheView->setFetchmode(ResultSet::FETCHMODE_ASSOC);
$resultCacheView = AppCacheViewPeer::doSelectRS($criteria);
$resultCacheView->setFetchmode(ResultSet::FETCHMODE_ASSOC);
$row['APP_TITLE'] = '-';
$row['APP_TITLE'] = '-';
while ($resultCacheView->next()) {
$rowCacheView = $resultCacheView->getRow();
$row['APP_TITLE'] = $rowCacheView['APP_TITLE'];
$row['TAS_TITLE'] = $rowCacheView['APP_TAS_TITLE'];
}
while ($resultCacheView->next()) {
$rowCacheView = $resultCacheView->getRow();
$row['APP_TITLE'] = $rowCacheView['APP_TITLE'];
$row['TAS_TITLE'] = $rowCacheView['APP_TAS_TITLE'];
}
if ($row['DEL_INDEX'] == 0) {
$row['TAS_TITLE'] = $tasTitleDefault;
}
break;
case 'TEST':
$row['PRO_UID'] = '';
$row['APP_NUMBER'] = '';
$row['PRO_TITLE'] = '';
$row['APP_TITLE'] = '';
$row['TAS_TITLE'] = '';
break;
case 'EXTERNAL-REGISTRATION':
$row['PRO_UID'] = '';
$row['APP_NUMBER'] = '';
$row['PRO_TITLE'] = '';
$row['APP_TITLE'] = '';
$row['TAS_TITLE'] = '';
break;
if ($row['DEL_INDEX'] == 0) {
$row['TAS_TITLE'] = $tasTitleDefault;
}
break;
case 'TEST':
$row['PRO_UID'] = '';
$row['APP_NUMBER'] = '';
$row['PRO_TITLE'] = '';
$row['APP_TITLE'] = '';
$row['TAS_TITLE'] = '';
break;
case 'EXTERNAL-REGISTRATION':
$row['PRO_UID'] = '';
$row['APP_NUMBER'] = '';
$row['PRO_TITLE'] = '';
$row['APP_TITLE'] = '';
$row['TAS_TITLE'] = '';
break;
}
$data[] = $row;
}
$response = array();
$response['totalCount'] = $totalCount;
$response['data'] = $data;
$response['data'] = $data;
die(G::json_encode($response));
break;
case 'updateStatusMessage':

26
workflow/engine/methods/processCategory/processCategoryList.php
View File

@@ -21,14 +21,18 @@
* For more information, contact Colosa Inc, 2566 Le Jeune Rd.,
* Coral Gables, FL, 33134, USA, or email info@colosa.com.
*/
if ($RBAC->userCanAccess( 'PM_SETUP' ) != 1 && $RBAC->userCanAccess( 'PM_SETUP_ADVANCE' ) != 1) {
G::SendTemporalMessage( 'krlos', 'error', 'labels' );
die();
use ProcessMaker\Exception\RBACException;
/** @var RBAC $RBAC */
global $RBAC;
if ($RBAC->userCanAccess('PM_SETUP') != 1 && $RBAC->userCanAccess('PM_SETUP_PROCESS_CATEGORIES') != 1) {
throw new RBACException('ID_USER_HAVENT_RIGHTS_PAGE', -1);
}
$c = new Configurations();
$configPage = $c->getConfiguration( 'processCategoryList', 'pageSize', '', $_SESSION['USER_LOGGED'] );
$Config['pageSize'] = isset( $configPage['pageSize'] ) ? $configPage['pageSize'] : 20;
$configPage = $c->getConfiguration('processCategoryList', 'pageSize', '', $_SESSION['USER_LOGGED']);
$Config['pageSize'] = isset($configPage['pageSize']) ? $configPage['pageSize'] : 20;
$G_MAIN_MENU = 'workflow';
$G_SUB_MENU = 'processCategory';
@@ -37,9 +41,9 @@ $G_ID_SUB_MENU_SELECTED = '';
$G_PUBLISH = new Publisher();
$oHeadPublisher = & headPublisher::getSingleton();
$oHeadPublisher->addExtJsScript( 'processCategory/processCategoryList', false ); //adding a javascript file .js
$oHeadPublisher->addContent( 'processCategory/processCategoryList' ); //adding a html file .html.
$oHeadPublisher->assign( 'FORMATS', $c->getFormats() );
$oHeadPublisher->assign( 'CONFIG', $Config );
G::RenderPage( 'publish', 'extJs' );
$oHeadPublisher = &headPublisher::getSingleton();
$oHeadPublisher->addExtJsScript('processCategory/processCategoryList', false); //adding a javascript file .js
$oHeadPublisher->addContent('processCategory/processCategoryList'); //adding a html file .html.
$oHeadPublisher->assign('FORMATS', $c->getFormats());
$oHeadPublisher->assign('CONFIG', $Config);
G::RenderPage('publish', 'extJs');

149
workflow/engine/methods/processCategory/processCategory_Ajax.php
View File

@@ -22,158 +22,171 @@
* Coral Gables, FL, 33134, USA, or email info@colosa.com.
*/
if (isset( $_REQUEST['action'] )) {
use ProcessMaker\Exception\RBACException;
/** @var RBAC $RBAC */
global $RBAC;
switch ($RBAC->userCanAccess('PM_LOGIN')) {
case -2:
throw new RBACException('ID_USER_HAVENT_RIGHTS_SYSTEM', -2);
break;
case -1:
throw new RBACException('ID_USER_HAVENT_RIGHTS_PAGE', -1);
break;
}
$RBAC->allows(basename(__FILE__), $_REQUEST['action']);
if (isset($_REQUEST['action'])) {
switch ($_REQUEST['action']) {
case 'processCategoryList':
$co = new Configurations();
$config = $co->getConfiguration( 'processCategoryList', 'pageSize', '', $_SESSION['USER_LOGGED'] );
$limit_size = isset( $config['pageSize'] ) ? $config['pageSize'] : 20;
$config = $co->getConfiguration('processCategoryList', 'pageSize', '', $_SESSION['USER_LOGGED']);
$limit_size = isset($config['pageSize']) ? $config['pageSize'] : 20;
$start = isset( $_POST['start'] ) ? $_POST['start'] : 0;
$limit = isset( $_POST['limit'] ) ? $_POST['limit'] : $limit_size;
$filter = isset( $_REQUEST['textFilter'] ) ? $_REQUEST['textFilter'] : '';
$dir = isset( $_POST['dir'] ) ? $_POST['dir'] : 'ASC';
$sort = isset( $_POST['sort'] ) ? $_POST['sort'] : 'CATEGORY_NAME';
$start = isset($_POST['start']) ? $_POST['start'] : 0;
$limit = isset($_POST['limit']) ? $_POST['limit'] : $limit_size;
$filter = isset($_REQUEST['textFilter']) ? $_REQUEST['textFilter'] : '';
$dir = isset($_POST['dir']) ? $_POST['dir'] : 'ASC';
$sort = isset($_POST['sort']) ? $_POST['sort'] : 'CATEGORY_NAME';
$oCriteria = new Criteria( 'workflow' );
$oCriteria->addSelectColumn( 'COUNT(*) AS CNT' );
$oCriteria->add( ProcessCategoryPeer::CATEGORY_UID, '', Criteria::NOT_EQUAL );
$oCriteria = new Criteria('workflow');
$oCriteria->addSelectColumn('COUNT(*) AS CNT');
$oCriteria->add(ProcessCategoryPeer::CATEGORY_UID, '', Criteria::NOT_EQUAL);
if ($filter != '') {
$oCriteria->add( ProcessCategoryPeer::CATEGORY_NAME, '%' . $filter . '%', Criteria::LIKE );
$oCriteria->add(ProcessCategoryPeer::CATEGORY_NAME, '%' . $filter . '%', Criteria::LIKE);
}
$oDat = ProcessCategoryPeer::doSelectRS( $oCriteria );
$oDat->setFetchmode( ResultSet::FETCHMODE_ASSOC );
$oDat = ProcessCategoryPeer::doSelectRS($oCriteria);
$oDat->setFetchmode(ResultSet::FETCHMODE_ASSOC);
$oDat->next();
$row = $oDat->getRow();
$total_categories = $row['CNT'];
$oCriteria->clear();
$oCriteria->addSelectColumn( ProcessCategoryPeer::CATEGORY_UID );
$oCriteria->addSelectColumn( ProcessCategoryPeer::CATEGORY_NAME );
$oCriteria->add( ProcessCategoryPeer::CATEGORY_UID, '', Criteria::NOT_EQUAL );
$oCriteria->addSelectColumn(ProcessCategoryPeer::CATEGORY_UID);
$oCriteria->addSelectColumn(ProcessCategoryPeer::CATEGORY_NAME);
$oCriteria->add(ProcessCategoryPeer::CATEGORY_UID, '', Criteria::NOT_EQUAL);
if ($filter != '') {
$oCriteria->add( ProcessCategoryPeer::CATEGORY_NAME, '%' . $filter . '%', Criteria::LIKE );
$oCriteria->add(ProcessCategoryPeer::CATEGORY_NAME, '%' . $filter . '%', Criteria::LIKE);
}
//SQL Injection via 'sort' parameter
if (!in_array($sort, array_merge(ProcessCategoryPeer::getFieldNames(BasePeer::TYPE_FIELDNAME), ['TOTAL_PROCESSES']))) {
throw new Exception(G::LoadTranslation('ID_INVALID_VALUE_FOR', array('$sort')));
}
if ($dir == "DESC") {
$oCriteria->addDescendingOrderByColumn($sort);
} else {
$oCriteria->addAscendingOrderByColumn($sort);
}
$oCriteria->setLimit( $limit );
$oCriteria->setOffset( $start );
$oDataset = ProcessCategoryPeer::doSelectRS( $oCriteria );
$oDataset->setFetchmode( ResultSet::FETCHMODE_ASSOC );
$oCriteria->setLimit($limit);
$oCriteria->setOffset($start);
$oDataset = ProcessCategoryPeer::doSelectRS($oCriteria);
$oDataset->setFetchmode(ResultSet::FETCHMODE_ASSOC);
$proc = new Process();
$aProcess = $proc->getAllProcessesByCategory();
$result = "";
$aCat = array ();
$result = [];
$aCat = array();
while ($oDataset->next()) {
$aCat[] = $oDataset->getRow();
$index = sizeof( $aCat ) - 1;
$aCat[$index]['TOTAL_PROCESSES'] = isset( $aProcess[$aCat[$index]['CATEGORY_UID']] ) ? $aProcess[$aCat[$index]['CATEGORY_UID']] : 0;
$index = sizeof($aCat) - 1;
$aCat[$index]['TOTAL_PROCESSES'] = isset($aProcess[$aCat[$index]['CATEGORY_UID']]) ? $aProcess[$aCat[$index]['CATEGORY_UID']] : 0;
}
$result['data'] = $aCat;
$result['totalCount'] = $total_categories;
echo G::json_encode( $result );
echo G::json_encode($result);
break;
case 'updatePageSize':
$c = new Configurations();
$arr['pageSize'] = $_REQUEST['size'];
$arr['dateSave'] = date( 'Y-m-d H:i:s' );
$config = Array ();
$arr['dateSave'] = date('Y-m-d H:i:s');
$config = Array();
$config[] = $arr;
$c->aConfig = $config;
$c->saveConfig( 'processCategoryList', 'pageSize', '', $_SESSION['USER_LOGGED'] );
$c->saveConfig('processCategoryList', 'pageSize', '', $_SESSION['USER_LOGGED']);
echo '{success: true}';
break;
case 'checkCategoryName':
require_once 'classes/model/ProcessCategory.php';
$catName = $_REQUEST['cat_name'];
$oCriteria = new Criteria( 'workflow' );
$oCriteria->addSelectColumn( ProcessCategoryPeer::CATEGORY_NAME );
$oCriteria->add( ProcessCategoryPeer::CATEGORY_NAME, $catName );
$oDataset = ProcessCategoryPeer::doSelectRS( $oCriteria );
$oDataset->setFetchmode( ResultSet::FETCHMODE_ASSOC );
$oCriteria = new Criteria('workflow');
$oCriteria->addSelectColumn(ProcessCategoryPeer::CATEGORY_NAME);
$oCriteria->add(ProcessCategoryPeer::CATEGORY_NAME, $catName);
$oDataset = ProcessCategoryPeer::doSelectRS($oCriteria);
$oDataset->setFetchmode(ResultSet::FETCHMODE_ASSOC);
$oDataset->next();
$row = $oDataset->getRow();
$response = isset( $row['CATEGORY_NAME'] ) ? 'false' : 'true';
$response = isset($row['CATEGORY_NAME']) ? 'false' : 'true';
echo $response;
break;
case 'saveNewCategory':
try {
require_once 'classes/model/ProcessCategory.php';
$catName = trim( $_REQUEST['category'] );
$catName = trim($_REQUEST['category']);
$pcat = new ProcessCategory();
$pcat->setNew( true );
$pcat->setCategoryUid( G::GenerateUniqueID() );
$pcat->setCategoryName( $catName );
$pcat->setNew(true);
$pcat->setCategoryUid(G::GenerateUniqueID());
$pcat->setCategoryName($catName);
$pcat->save();
G::auditLog("CreateCategory", "Category Name: ".$catName);
G::auditLog("CreateCategory", "Category Name: " . $catName);
echo '{success: true}';
} catch (Exception $ex) {
$varEcho = '{success: false, error: ' . $ex->getMessage() . '}';
G::outRes( $varEcho );
G::outRes($varEcho);
}
break;
case 'checkEditCategoryName':
require_once 'classes/model/ProcessCategory.php';
$catUID = $_REQUEST['cat_uid'];
$catName = $_REQUEST['cat_name'];
$oCriteria = new Criteria( 'workflow' );
$oCriteria->addSelectColumn( ProcessCategoryPeer::CATEGORY_NAME );
$oCriteria->add( ProcessCategoryPeer::CATEGORY_NAME, $catName );
$oCriteria->add( ProcessCategoryPeer::CATEGORY_UID, $catUID, Criteria::NOT_EQUAL );
$oDataset = ProcessCategoryPeer::doSelectRS( $oCriteria );
$oDataset->setFetchmode( ResultSet::FETCHMODE_ASSOC );
$oCriteria = new Criteria('workflow');
$oCriteria->addSelectColumn(ProcessCategoryPeer::CATEGORY_NAME);
$oCriteria->add(ProcessCategoryPeer::CATEGORY_NAME, $catName);
$oCriteria->add(ProcessCategoryPeer::CATEGORY_UID, $catUID, Criteria::NOT_EQUAL);
$oDataset = ProcessCategoryPeer::doSelectRS($oCriteria);
$oDataset->setFetchmode(ResultSet::FETCHMODE_ASSOC);
$oDataset->next();
$row = $oDataset->getRow();
$response = isset( $row['CATEGORY_NAME'] ) ? 'false' : 'true';
$response = isset($row['CATEGORY_NAME']) ? 'false' : 'true';
echo $response;
break;
case 'updateCategory':
try {
require_once 'classes/model/ProcessCategory.php';
$catUID = $_REQUEST['cat_uid'];
$catName = trim( $_REQUEST['category'] );
$catName = trim($_REQUEST['category']);
$pcat = new ProcessCategory();
$pcat->setNew( false );
$pcat->setCategoryUid( $catUID );
$pcat->setCategoryName( $catName );
$pcat->setNew(false);
$pcat->setCategoryUid($catUID);
$pcat->setCategoryName($catName);
$pcat->save();
g::auditLog("UpdateCategory", "Category Name: ".$catName." Category ID: (".$catUID.") ");
g::auditLog("UpdateCategory", "Category Name: " . $catName . " Category ID: (" . $catUID . ") ");
echo '{success: true}';
} catch (Exception $ex) {
$varEcho = '{success: false, error: ' . $ex->getMessage() . '}';
G::outRes( $varEcho );
G::outRes($varEcho);
}
break;
case 'canDeleteCategory':
require_once 'classes/model/Process.php';
$proc = new Process();
$aProcess = $proc->getAllProcessesByCategory();
$catUID = $_REQUEST['CAT_UID'];
$response = isset( $aProcess[$catUID] ) ? 'false' : 'true';
$response = isset($aProcess[$catUID]) ? 'false' : 'true';
echo $response;
break;
case 'deleteCategory':
try {
require_once 'classes/model/ProcessCategory.php';
$catUID = $_REQUEST['cat_uid'];
$cat = new ProcessCategory();
$cat->setCategoryUid( $catUID );
$catName = $cat->loadByCategoryId( $catUID );
$cat->setCategoryUid($catUID);
$catName = $cat->loadByCategoryId($catUID);
$cat->delete();
G::auditLog("DeleteCategory", "Category Name: ".$catName." Category ID: (".$catUID.") ");
G::auditLog("DeleteCategory", "Category Name: " . $catName . " Category ID: (" . $catUID . ") ");
$varEcho = '{success: true}';
G::outRes( $varEcho );
G::outRes($varEcho);
} catch (Exception $ex) {
$token = strtotime("now");
PMException::registerErrorLog($ex, $token);
$resJson = '{success: false, error: ' . G::LoadTranslation("ID_EXCEPTION_LOG_INTERFAZ", array($token)) . '}';
G::outRes( $resJson );
G::outRes($resJson);
}
break;
default:

963
workflow/engine/src/ProcessMaker/BusinessModel/User.php
View File

File diff suppressed because it is too large Load Diff

59
workflow/engine/src/ProcessMaker/Exception/RBACException.php Normal file
View File

@@ -0,0 +1,59 @@
<?php
namespace ProcessMaker\Exception;
use G;
/**
* Class PMException
* @package ProcessMaker\Exception
*/
class RBACException extends \Exception
{
const PM_LOGIN = '../login/login';
const PM_403 = '/errors/error403.php';
/**
* RBACException constructor.
* @param string $message
* @param null $code
*/
public function __construct($message, $code=NULL)
{
parent::__construct($message, $code);
}
/**
* Displays the entire exception as a string
* @return string
*/
public function __toString()
{
switch ($this->getCode()) {
case -1:
G::SendTemporalMessage($this->getMessage(), 'error', 'labels');
$message = self::PM_LOGIN;
break;
case -2:
G::SendTemporalMessage($this->getMessage(), 'error', 'labels');
$message = self::PM_LOGIN;
break;
case 403:
$message = self::PM_403;
break;
default:
$message = self::PM_LOGIN;
break;
}
return $message;
}
/**
* Returns the path to which to redirect
* @return $this
*/
public function getPath()
{
return $this;
}
}

2
workflow/public_html/app.php
View File

@@ -53,6 +53,8 @@ try {
break;
}
} catch (ProcessMaker\Exception\RBACException $e) {
G::header('location: ' . $e->getPath());
} catch (Exception $e) {
$view = new Maveriks\Pattern\Mvc\PhtmlView($rootDir . "framework/src/templates/Exception.phtml");
$view->set("message", $e->getMessage());