fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Merged in bugfix/HOR-2820 (pull request #5511)

Browse Source 
HOR-2820

Approved-by: Paula Quispe
Approved-by: Julio Cesar Laura Avendaño
This commit is contained in:
Paula Quispe
2017-03-10 02:13:19 +00:00
committed by Julio Cesar Laura Avendaño
parent 1221e36bc0 1d67796d50
commit 7db26a0903
2 changed files with 64 additions and 15 deletions
Download Patch File Download Diff File Expand all files Collapse all files

35
workflow/engine/classes/model/AppDocument.php
View File

@@ -598,5 +598,40 @@ class AppDocument extends BaseAppDocument
}
return false;
}
/**
* Check if the user $userCanDownload can download the Output Document
*
* The user that generate the output document can download the same output document file
* A participated user or a supervisor must have the process permission "view" to be able to download the output document
* @param string $userGenerateDocument
* @param string $userCanDownload
* @param string $proUid
* @param string $appUid
* @param string $sAppDocUid
* @return boolean
*/
public function canDownloadOutput($userGenerateDocument, $userCanDownload, $proUid, $appUid, $sAppDocUid)
{
//Check if the user Logged was generate the document
if ($userGenerateDocument !== $userCanDownload) {
$objCase = new \ProcessMaker\BusinessModel\Cases();
$aUserCanAccess = $objCase->userAuthorization(
$userCanDownload,
$proUid,
$appUid,
array(),
array('OUTPUT_DOCUMENTS'=>'VIEW')
);
//If the user does not have the process permission can not download
if (in_array($sAppDocUid, $aUserCanAccess['objectPermissions']['OUTPUT_DOCUMENTS'])) {
return true;
}
} else {
return true;
}
return false;
}
}

44
workflow/engine/methods/cases/cases_ShowOutputDocument.php
View File

@@ -1,14 +1,20 @@
<?php
if (!isset($_SESSION['USER_LOGGED'])) {
if ((isset( $_POST['request'] )) && ($_POST['request'] == true)) {
$response = new stdclass();
$response->message = G::LoadTranslation('ID_LOGIN_AGAIN1');
$response->lostSession = true;
print G::json_encode( $response );
die();
if (isset($_REQUEST['actionAjax']) && $_REQUEST['actionAjax'] == "verifySession" ) {
if (!isset($_SESSION['USER_LOGGED'])) {
if ((isset( $_POST['request'] )) && ($_POST['request'] == true)) {
$response = new stdclass();
$response->message = G::LoadTranslation('ID_LOGIN_AGAIN');
$response->lostSession = true;
print G::json_encode( $response );
die();
} else {
G::SendMessageText( G::LoadTranslation('ID_LOGIN_TO_SEE_OUTPUTDOCS'), "WARNING" );
G::header("location: " . "/");
die();
}
} else {
G::SendMessageText( G::LoadTranslation('ID_LOGIN_TO_SEE_OUTPUTDOCS'), "WARNING" );
G::header("location: " . "/");
$response = new stdclass();
print G::json_encode( $response );
die();
}
}
@@ -50,9 +56,21 @@ $sAppDocUid = $oAppDocument->getAppDocUid();
$sDocUid = $oAppDocument->Fields['DOC_UID'];
$oOutputDocument = new OutputDocument();
$oOutputDocument->Fields = $oOutputDocument->getByUid( $sDocUid );
$oOutputDocument->Fields = $oOutputDocument->getByUid($sDocUid);
$download = $oOutputDocument->Fields['OUT_DOC_OPEN_TYPE'];
//Check if the user can be download the Output Document
if (!$oAppDocument->canDownloadOutput(
$oAppDocument->Fields['USR_UID'],
$_SESSION['USER_LOGGED'],
$oOutputDocument->Fields['PRO_UID'],
$oAppDocument->Fields['APP_UID'],
$sAppDocUid)
) {
G::header('Location: /errors/error403.php');
die();
}
$info = pathinfo( $oAppDocument->getAppDocFilename() );
if (! isset( $_GET['ext'] )) {
$ext = $info['extension'];
@@ -83,7 +101,7 @@ if (file_exists( $realPath )) {
$realPath = $realPath2;
}
if (! $sw_file_exists) {
if (!$sw_file_exists) {
$oPluginRegistry = & PMPluginRegistry::getSingleton();
if ($oPluginRegistry->existsTrigger( PM_UPLOAD_DOCUMENT )) {
@@ -137,10 +155,6 @@ if (! $sw_file_exists) {
if (!$downloadStatus) {
G::streamFile( $realPath, $download, $nameFile); //download
}
//die($realPath);
//G::streamFile( $realPath, $download, $info['basename'] . $ver . '.' . $ext );
}
}
//G::streamFile ( $realPath, true);