Merged in bugfix/HOR-4687 (pull request #6571)

HOR-4687

Approved-by: Julio Cesar Laura Avendaño <contact@julio-laura.com>

workflow/engine/src/ProcessMaker/BusinessModel/Cases/InputDocument.php

@@ -386,11 +386,12 @@ class InputDocument
      *
      * @param string $applicationUid
      * @param string $userUid
+     * @param array $documentsCanAccess
      *
      * @return array Return an array with data of an InputDocument
      * @throws Exception
      */
-    public function getCasesInputDocuments($applicationUid, $userUid)
+    public function getCasesInputDocuments($applicationUid, $userUid, $documentsCanAccess = [])
     {
         try {
             //Verify data inbox
@@ -415,7 +416,10 @@ class InputDocument
             $criteria = $this->getAppDocumentCriteriaByData($applicationUid);
 
             if (!$flagInbox) {
-                $criteria->add(AppDocumentPeer::USR_UID, $userUid, Criteria::EQUAL);
+                $criteria->add(
+                $criteria->getNewCriterion(AppDocumentPeer::USR_UID, $userUid, Criteria::EQUAL)->addOr(
+                    $criteria->getNewCriterion(AppDocumentPeer::APP_DOC_UID, $documentsCanAccess, Criteria::IN))
+                );
             }
 
             $rsCriteria = AppDocumentPeer::doSelectRS($criteria);

workflow/engine/src/ProcessMaker/Services/Api/Cases/InputDocument.php

@@ -1,10 +1,11 @@
 <?php
 namespace ProcessMaker\Services\Api\Cases;
 
-use \ProcessMaker\Services\Api;
-use \Luracast\Restler\RestException;
-use ProcessMaker\BusinessModel\Cases\InputDocument AS CasesInputDocument;
 use Exception;
+use Luracast\Restler\RestException;
+use ProcessMaker\BusinessModel\Cases\InputDocument as CasesInputDocument;
+use ProcessMaker\BusinessModel\Cases as BussinessModelCases;
+use ProcessMaker\Services\Api;
 
 /**
  * Cases\InputDocument Api Controller
@@ -16,23 +17,44 @@ class InputDocument extends Api
     /**
      * @url GET /:app_uid/input-documents
      *
-     * @param string $app_uid     {@min 32}{@max 32}
+     * @param string $app_uid {@min 32}{@max 32}
+     *
+     * @return array
+     * @throws RestException
      */
     public function doGetInputDocuments($app_uid)
     {
         try {
             $userUid = $this->getUserId();
-            $inputDocument = new \ProcessMaker\BusinessModel\Cases\InputDocument();
+            //We will to get list of documents that the user can be access
+            $bmCases = new BussinessModelCases();
+            $arrayApplicationData = $bmCases->getApplicationRecordByPk($app_uid, [], false);
+            $userAuthorization = $bmCases->userAuthorization(
+                $userUid,
+                $arrayApplicationData['PRO_UID'],
+                $app_uid,
+                [],
+                ['INPUT_DOCUMENTS' => 'VIEW', 'ATTACHMENTS' => 'VIEW'],
+                true
+            );
+            $documentsCanAccess = array_merge(
+                $userAuthorization['objectPermissions']['INPUT_DOCUMENTS'],
+                $userAuthorization['objectPermissions']['ATTACHMENTS']
+            );
 
-            $response = $inputDocument->getCasesInputDocuments($app_uid, $userUid);
+            //We will to get documents information that the user uploaded and/or that the user has permission
+            $inputDocument = new CasesInputDocument();
+            //@todo we need to review the function getCasesInputDocuments with the ticket HOR-4755
+            $response = $inputDocument->getCasesInputDocuments($app_uid, $userUid, $documentsCanAccess);
 
-            if (empty($response)) {
+            //If the user is a supervisor we will to get the documents can be access
+            if (empty($response) && $userAuthorization['supervisor']) {
                 $response = $inputDocument->getCasesInputDocumentsBySupervisor($app_uid, $userUid);
             }
 
             //Return
             return $response;
-        } catch (\Exception $e) {
+        } catch (Exception $e) {
             throw (new RestException(Api::STAT_APP_EXCEPTION, $e->getMessage()));
         }
     }