From 006650b7e9bb8e92557090c4b4391ce7d56baaa9 Mon Sep 17 00:00:00 2001 From: Paula Quispe Date: Thu, 2 Feb 2017 13:57:00 -0400 Subject: [PATCH 1/6] HOR-2631 --- workflow/engine/methods/cases/cases_Ajax.php | 17 +++--- .../engine/methods/cases/cases_Resume.php | 58 +++++++++---------- .../src/ProcessMaker/BusinessModel/Cases.php | 45 ++++++++++++++ 3 files changed, 83 insertions(+), 37 deletions(-) diff --git a/workflow/engine/methods/cases/cases_Ajax.php b/workflow/engine/methods/cases/cases_Ajax.php index 2fc375013..0cec77b67 100644 --- a/workflow/engine/methods/cases/cases_Ajax.php +++ b/workflow/engine/methods/cases/cases_Ajax.php @@ -1019,20 +1019,23 @@ switch (($_POST['action']) ? $_POST['action'] : $_REQUEST['action']) { if (is_array( $aApplication )) { $response['exists'] = true; + $objCase = new \ProcessMaker\BusinessModel\Cases(); + $aUserCanAccess = $objCase->userAuthorization( + $_SESSION['USER_LOGGED'], + $aApplication['PRO_UID'], + $aApplication['APP_UID'], + array('PM_ALLCASES'), + array('SUMMARY_FORM'=>'VIEW') + ); //Check if the user is a supervisor to this Process if(isset($_POST['actionFromList']) && $_POST['actionFromList']==='to_revise'){ - $oAppCache = new AppCacheView(); - $aProcesses = $oAppCache->getProUidSupervisor($_SESSION['USER_LOGGED']); - if(!in_array($aApplication['PRO_UID'], $aProcesses)){ + if(!$aUserCanAccess['supervisor']){ $response['exists'] = false; $response['message'] = G::LoadTranslation('ID_NO_PERMISSION_NO_PARTICIPATED'); } } else {//Check if the user participated in this case - $oParticipated = new ListParticipatedLast(); - $aParticipated = $oParticipated->loadList($_SESSION['USER_LOGGED'], array(), null, $aApplication['APP_UID']); - if(!sizeof($aParticipated)){ - //Check in the selfservice list + if(!$aUserCanAccess['participated'] && !$aUserCanAccess['rolesPermissions']['PM_ALLCASES'] && !$aUserCanAccess['objectPermissions']['SUMMARY_FORM']){ $response['exists'] = false; $response['message'] = G::LoadTranslation('ID_NO_PERMISSION_NO_PARTICIPATED'); } diff --git a/workflow/engine/methods/cases/cases_Resume.php b/workflow/engine/methods/cases/cases_Resume.php index 883dc3a0b..935a4755c 100644 --- a/workflow/engine/methods/cases/cases_Resume.php +++ b/workflow/engine/methods/cases/cases_Resume.php @@ -49,20 +49,24 @@ $G_ID_SUB_MENU_SELECTED = '_'; /* Prepare page before to show */ $oCase = new Cases(); -//$Fields = $oCase->loadCase( $_SESSION['APPLICATION'], $_SESSION['INDEX'] ); + if (isset($_SESSION['ACTION']) && ($_SESSION['ACTION'] == 'jump')) { $Fields = $oCase->loadCase( $_SESSION['APPLICATION'], $_SESSION['INDEX'], $_SESSION['ACTION']); } else { $Fields = $oCase->loadCase( $_SESSION['APPLICATION'], $_SESSION['INDEX']); } -//Check the participated -$participated = $oCase->userParticipatedInCase( $_GET['APP_UID'], $_SESSION['USER_LOGGED'] ); -//Check if is Supervisor -$processUser = new ProcessUser(); -$userAccess = $processUser->validateUserAccess($Fields['PRO_UID'], $_SESSION['USER_LOGGED']); +//Check the authorization +$objCase = new \ProcessMaker\BusinessModel\Cases(); +$aUserCanAccess = $objCase->userAuthorization( + $_SESSION['USER_LOGGED'], + $Fields['PRO_UID'], + $_GET['APP_UID'], + array('PM_ALLCASES'), + array('SUMMARY_FORM'=>'VIEW') +); -if ($RBAC->userCanAccess( 'PM_ALLCASES' ) < 0 && !$participated && !$userAccess) { +if (!$aUserCanAccess['participated'] && !$aUserCanAccess['supervisor'] && !$aUserCanAccess['rolesPermissions']['PM_ALLCASES'] && !$aUserCanAccess['objectPermissions']['SUMMARY_FORM']) { $aMessage['MESSAGE'] = G::LoadTranslation( 'ID_NO_PERMISSION_NO_PARTICIPATED' ); $G_PUBLISH = new Publisher(); $G_PUBLISH->AddContent( 'xmlform', 'xmlform', 'login/showMessage', '', $aMessage ); @@ -133,36 +137,30 @@ if ($nTasksInParallel > 1) { $Fields['TAS_TITLE'] = $aTask['TAS_TITLE']; $objUser = new Users(); - $oHeadPublisher = & headPublisher::getSingleton(); $oHeadPublisher->addScriptFile( '/jscore/cases/core/cases_Step.js' ); $G_PUBLISH = new Publisher(); $G_PUBLISH->AddContent( 'xmlform', 'xmlform', 'cases/cases_Resume.xml', '', $Fields, '' ); if($Fields['APP_STATUS'] != 'COMPLETED'){ - $G_PUBLISH->AddContent( 'xmlform', 'xmlform', 'cases/cases_Resume_Current_Task_Title.xml', '', $Fields, '' ); - $objDel = new AppDelegation(); - $parallel = $objDel->LoadParallel ($Fields['APP_UID'],$_GET['DEL_INDEX']); - $FieldsPar = $Fields; - if(empty($parallel)){ - $G_PUBLISH->AddContent( 'xmlform', 'xmlform', 'cases/cases_Resume_Current_Task.xml', '', $Fields, '' ); - }else{ + $G_PUBLISH->AddContent( 'xmlform', 'xmlform', 'cases/cases_Resume_Current_Task_Title.xml', '', $Fields, '' ); + $objDel = new AppDelegation(); + $parallel = $objDel->LoadParallel($Fields['APP_UID']); + $FieldsPar = $Fields; foreach($parallel as $row){ - $FieldsPar['TAS_UID'] = $row['TAS_UID']; - $aTask = $objTask->load( $row['TAS_UID'] ); - $FieldsPar['TAS_TITLE'] = $aTask['TAS_TITLE']; - $FieldsPar['USR_UID'] = $row['USR_UID']; - if(isset($row['USR_UID']) && !empty($row['USR_UID'])) { - $aUser = $objUser->loadDetails ($row['USR_UID']); - $FieldsPar['CURRENT_USER'] = $aUser['USR_FULLNAME']; - } - $FieldsPar['DEL_DELEGATE_DATE'] = $row['DEL_DELEGATE_DATE']; - $FieldsPar['DEL_INIT_DATE'] = $row['DEL_INIT_DATE']; - $FieldsPar['DEL_TASK_DUE_DATE'] = $row['DEL_TASK_DUE_DATE']; - $FieldsPar['DEL_FINISH_DATE'] = $row['DEL_FINISH_DATE']; - $G_PUBLISH->AddContent( 'xmlform', 'xmlform', 'cases/cases_Resume_Current_Task.xml', '', $FieldsPar, '' ); + $FieldsPar['TAS_UID'] = $row['TAS_UID']; + $aTask = $objTask->load( $row['TAS_UID'] ); + $FieldsPar['TAS_TITLE'] = $aTask['TAS_TITLE']; + $FieldsPar['USR_UID'] = $row['USR_UID']; + if(isset($row['USR_UID']) && !empty($row['USR_UID'])) { + $aUser = $objUser->loadDetails ($row['USR_UID']); + $FieldsPar['CURRENT_USER'] = $aUser['USR_FULLNAME']; + } + $FieldsPar['DEL_DELEGATE_DATE'] = $row['DEL_DELEGATE_DATE']; + $FieldsPar['DEL_INIT_DATE'] = $row['DEL_INIT_DATE']; + $FieldsPar['DEL_TASK_DUE_DATE'] = $row['DEL_TASK_DUE_DATE']; + $FieldsPar['DEL_FINISH_DATE'] = $row['DEL_FINISH_DATE']; + $G_PUBLISH->AddContent( 'xmlform', 'xmlform', 'cases/cases_Resume_Current_Task.xml', '', $FieldsPar); } - } - } G::RenderPage('publish', 'blank'); diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php b/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php index 55081fc76..59ed4a651 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php @@ -3252,4 +3252,49 @@ class Cases $result = $case->updateCase($applicationUid, $arrayApplicationData); } } + + /** + * Get Permissions, Participate, Access + * + * @param string $usrUid + * @param string $proUid + * @param string $appUid + * @param array $rolesPermissions + * @param array $objectPermissions + * @return array Returns array with all access + */ + public static function userAuthorization($usrUid, $proUid, $appUid, $rolesPermissions=array(), $objectPermissions=array()){ + $arrayAccess = array(); + + //User has participated + $oParticipated = new \ListParticipatedLast(); + $aParticipated = $oParticipated->loadList($usrUid, array(), null, $appUid); + $arrayAccess['participated'] = (!sizeof($aParticipated)) ? false : true; + + //User is supervisor + $oAppCache = new \AppCacheView(); + $aProcesses = $oAppCache->getProUidSupervisor($usrUid); + $arrayAccess['supervisor'] = (!in_array($proUid, $aProcesses)) ? false : true; + + //Roles Permissions + if (sizeof($rolesPermissions)) { + global $RBAC; + foreach ($rolesPermissions as $value) { + $arrayAccess['rolesPermissions'][$value] = ($RBAC->userCanAccess($value) < 0) ? false : true; + } + } + + //Object Permissions + if (sizeof($objectPermissions)) { + $oCase = new \Cases(); + foreach ($objectPermissions as $key => $value) { + $resPermission = $oCase->getAllObjectsFrom($proUid, $appUid, '', $usrUid, $value); + if(isset($resPermission[$key])){ + $arrayAccess['objectPermissions'][$key] = $resPermission[$key]; + } + } + } + + return $arrayAccess; + } } From a1de462bae3f00cc2bc7165d76995bdf9db0bf54 Mon Sep 17 00:00:00 2001 From: Paula Quispe Date: Tue, 7 Feb 2017 12:25:21 -0400 Subject: [PATCH 2/6] psr2 --- workflow/engine/methods/cases/cases_Ajax.php | 6 +++--- workflow/engine/methods/cases/cases_Resume.php | 10 +++++----- .../engine/src/ProcessMaker/BusinessModel/Cases.php | 8 ++++---- 3 files changed, 12 insertions(+), 12 deletions(-) diff --git a/workflow/engine/methods/cases/cases_Ajax.php b/workflow/engine/methods/cases/cases_Ajax.php index 0cec77b67..760cd964e 100644 --- a/workflow/engine/methods/cases/cases_Ajax.php +++ b/workflow/engine/methods/cases/cases_Ajax.php @@ -1029,13 +1029,13 @@ switch (($_POST['action']) ? $_POST['action'] : $_REQUEST['action']) { ); //Check if the user is a supervisor to this Process - if(isset($_POST['actionFromList']) && $_POST['actionFromList']==='to_revise'){ - if(!$aUserCanAccess['supervisor']){ + if (isset($_POST['actionFromList']) && $_POST['actionFromList']==='to_revise') { + if (!$aUserCanAccess['supervisor']) { $response['exists'] = false; $response['message'] = G::LoadTranslation('ID_NO_PERMISSION_NO_PARTICIPATED'); } } else {//Check if the user participated in this case - if(!$aUserCanAccess['participated'] && !$aUserCanAccess['rolesPermissions']['PM_ALLCASES'] && !$aUserCanAccess['objectPermissions']['SUMMARY_FORM']){ + if (!$aUserCanAccess['participated'] && !$aUserCanAccess['rolesPermissions']['PM_ALLCASES'] && !$aUserCanAccess['objectPermissions']['SUMMARY_FORM']) { $response['exists'] = false; $response['message'] = G::LoadTranslation('ID_NO_PERMISSION_NO_PARTICIPATED'); } diff --git a/workflow/engine/methods/cases/cases_Resume.php b/workflow/engine/methods/cases/cases_Resume.php index 935a4755c..e7692ce77 100644 --- a/workflow/engine/methods/cases/cases_Resume.php +++ b/workflow/engine/methods/cases/cases_Resume.php @@ -141,19 +141,19 @@ $oHeadPublisher = & headPublisher::getSingleton(); $oHeadPublisher->addScriptFile( '/jscore/cases/core/cases_Step.js' ); $G_PUBLISH = new Publisher(); $G_PUBLISH->AddContent( 'xmlform', 'xmlform', 'cases/cases_Resume.xml', '', $Fields, '' ); -if($Fields['APP_STATUS'] != 'COMPLETED'){ +if ($Fields['APP_STATUS'] != 'COMPLETED') { $G_PUBLISH->AddContent( 'xmlform', 'xmlform', 'cases/cases_Resume_Current_Task_Title.xml', '', $Fields, '' ); $objDel = new AppDelegation(); $parallel = $objDel->LoadParallel($Fields['APP_UID']); $FieldsPar = $Fields; - foreach($parallel as $row){ + foreach ($parallel as $row) { $FieldsPar['TAS_UID'] = $row['TAS_UID']; $aTask = $objTask->load( $row['TAS_UID'] ); $FieldsPar['TAS_TITLE'] = $aTask['TAS_TITLE']; $FieldsPar['USR_UID'] = $row['USR_UID']; - if(isset($row['USR_UID']) && !empty($row['USR_UID'])) { - $aUser = $objUser->loadDetails ($row['USR_UID']); - $FieldsPar['CURRENT_USER'] = $aUser['USR_FULLNAME']; + if (isset($row['USR_UID']) && !empty($row['USR_UID'])) { + $aUser = $objUser->loadDetails ($row['USR_UID']); + $FieldsPar['CURRENT_USER'] = $aUser['USR_FULLNAME']; } $FieldsPar['DEL_DELEGATE_DATE'] = $row['DEL_DELEGATE_DATE']; $FieldsPar['DEL_INIT_DATE'] = $row['DEL_INIT_DATE']; diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php b/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php index 59ed4a651..e3502bc61 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php @@ -3263,7 +3263,7 @@ class Cases * @param array $objectPermissions * @return array Returns array with all access */ - public static function userAuthorization($usrUid, $proUid, $appUid, $rolesPermissions=array(), $objectPermissions=array()){ + public function userAuthorization($usrUid, $proUid, $appUid, $rolesPermissions=array(), $objectPermissions=array()){ $arrayAccess = array(); //User has participated @@ -3277,7 +3277,7 @@ class Cases $arrayAccess['supervisor'] = (!in_array($proUid, $aProcesses)) ? false : true; //Roles Permissions - if (sizeof($rolesPermissions)) { + if (count($rolesPermissions)>0) { global $RBAC; foreach ($rolesPermissions as $value) { $arrayAccess['rolesPermissions'][$value] = ($RBAC->userCanAccess($value) < 0) ? false : true; @@ -3285,11 +3285,11 @@ class Cases } //Object Permissions - if (sizeof($objectPermissions)) { + if (count($objectPermissions) > 0) { $oCase = new \Cases(); foreach ($objectPermissions as $key => $value) { $resPermission = $oCase->getAllObjectsFrom($proUid, $appUid, '', $usrUid, $value); - if(isset($resPermission[$key])){ + if (isset($resPermission[$key])) { $arrayAccess['objectPermissions'][$key] = $resPermission[$key]; } } From 1fe070673581f025a5d8e767fb6eb8d32de5b686 Mon Sep 17 00:00:00 2001 From: Paula Quispe Date: Tue, 7 Feb 2017 14:11:36 -0400 Subject: [PATCH 3/6] psr2 --- workflow/engine/src/ProcessMaker/BusinessModel/Cases.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php b/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php index e3502bc61..245fb91d5 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php @@ -3263,7 +3263,7 @@ class Cases * @param array $objectPermissions * @return array Returns array with all access */ - public function userAuthorization($usrUid, $proUid, $appUid, $rolesPermissions=array(), $objectPermissions=array()){ + public function userAuthorization($usrUid, $proUid, $appUid, $rolesPermissions = array(), $objectPermissions = array()) { $arrayAccess = array(); //User has participated From ae1a8e4c5dd56e7578c6eb2c623ab18da5403b01 Mon Sep 17 00:00:00 2001 From: Paula Quispe Date: Thu, 9 Feb 2017 12:29:59 -0400 Subject: [PATCH 4/6] psr2 --- .../engine/src/ProcessMaker/BusinessModel/Cases.php | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php b/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php index 245fb91d5..b99d7928d 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php @@ -3269,15 +3269,15 @@ class Cases //User has participated $oParticipated = new \ListParticipatedLast(); $aParticipated = $oParticipated->loadList($usrUid, array(), null, $appUid); - $arrayAccess['participated'] = (!sizeof($aParticipated)) ? false : true; + $arrayAccess['participated'] = (count($aParticipated) == 0) ? false : true; //User is supervisor - $oAppCache = new \AppCacheView(); - $aProcesses = $oAppCache->getProUidSupervisor($usrUid); - $arrayAccess['supervisor'] = (!in_array($proUid, $aProcesses)) ? false : true; + $supervisor = new \ProcessMaker\BusinessModel\ProcessSupervisor(); + $isSupervisor = $supervisor->isUserProcessSupervisor($proUid, $usrUid); + $arrayAccess['supervisor'] = (!$isSupervisor) ? false : true; //Roles Permissions - if (count($rolesPermissions)>0) { + if (count($rolesPermissions) > 0) { global $RBAC; foreach ($rolesPermissions as $value) { $arrayAccess['rolesPermissions'][$value] = ($RBAC->userCanAccess($value) < 0) ? false : true; From 28369c6406809ccc020cbe62a46f546f8abd12f2 Mon Sep 17 00:00:00 2001 From: Paula Quispe Date: Thu, 9 Feb 2017 12:31:32 -0400 Subject: [PATCH 5/6] psr2 --- workflow/engine/src/ProcessMaker/BusinessModel/Cases.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php b/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php index b99d7928d..93c38834f 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php @@ -3274,7 +3274,7 @@ class Cases //User is supervisor $supervisor = new \ProcessMaker\BusinessModel\ProcessSupervisor(); $isSupervisor = $supervisor->isUserProcessSupervisor($proUid, $usrUid); - $arrayAccess['supervisor'] = (!$isSupervisor) ? false : true; + $arrayAccess['supervisor'] = ($isSupervisor) ? true : false; //Roles Permissions if (count($rolesPermissions) > 0) { From 6f1922fac69861f58a06286e6d5e65eab7968efc Mon Sep 17 00:00:00 2001 From: dheeyi william Date: Mon, 13 Feb 2017 11:37:44 -0400 Subject: [PATCH 6/6] HOR-2632 Open the Summary form instead of cases_Resume --- .../engine/methods/cases/cases_Resume.php | 28 +++++++++++++------ workflow/engine/methods/cases/summary.php | 1 - 2 files changed, 19 insertions(+), 10 deletions(-) diff --git a/workflow/engine/methods/cases/cases_Resume.php b/workflow/engine/methods/cases/cases_Resume.php index e7692ce77..931909d44 100644 --- a/workflow/engine/methods/cases/cases_Resume.php +++ b/workflow/engine/methods/cases/cases_Resume.php @@ -49,23 +49,33 @@ $G_ID_SUB_MENU_SELECTED = '_'; /* Prepare page before to show */ $oCase = new Cases(); - -if (isset($_SESSION['ACTION']) && ($_SESSION['ACTION'] == 'jump')) { - $Fields = $oCase->loadCase( $_SESSION['APPLICATION'], $_SESSION['INDEX'], $_SESSION['ACTION']); -} else { - $Fields = $oCase->loadCase( $_SESSION['APPLICATION'], $_SESSION['INDEX']); -} - //Check the authorization $objCase = new \ProcessMaker\BusinessModel\Cases(); $aUserCanAccess = $objCase->userAuthorization( $_SESSION['USER_LOGGED'], - $Fields['PRO_UID'], + $_SESSION['PROCESS'], $_GET['APP_UID'], array('PM_ALLCASES'), - array('SUMMARY_FORM'=>'VIEW') + array('SUMMARY_FORM' => 'VIEW') ); +if (isset($_SESSION['ACTION']) && ($_SESSION['ACTION'] == 'jump')) { + $Fields = $oCase->loadCase( $_SESSION['APPLICATION'], $_SESSION['INDEX'], $_SESSION['ACTION']); + $process = new Process(); + $processData = $process->load($Fields['PRO_UID']); + if (isset($processData['PRO_DYNAFORMS']['PROCESS']) && $processData['PRO_DYNAFORMS']['PROCESS'] != '' && + $aUserCanAccess['objectPermissions']['SUMMARY_FORM'] + ) { + $_REQUEST['APP_UID'] = $Fields['APP_UID']; + $_REQUEST['DEL_INDEX'] = $Fields['DEL_INDEX']; + $_REQUEST['DYN_UID'] = $processData['PRO_DYNAFORMS']['PROCESS']; + require_once(PATH_METHODS . 'cases' . PATH_SEP . 'summary.php'); + exit(); + } +} else { + $Fields = $oCase->loadCase( $_SESSION['APPLICATION'], $_SESSION['INDEX']); +} + if (!$aUserCanAccess['participated'] && !$aUserCanAccess['supervisor'] && !$aUserCanAccess['rolesPermissions']['PM_ALLCASES'] && !$aUserCanAccess['objectPermissions']['SUMMARY_FORM']) { $aMessage['MESSAGE'] = G::LoadTranslation( 'ID_NO_PERMISSION_NO_PARTICIPATED' ); $G_PUBLISH = new Publisher(); diff --git a/workflow/engine/methods/cases/summary.php b/workflow/engine/methods/cases/summary.php index 1fe5fb028..02a6e383d 100644 --- a/workflow/engine/methods/cases/summary.php +++ b/workflow/engine/methods/cases/summary.php @@ -69,7 +69,6 @@ try { $result = DynaformPeer::doSelectRS($criteria); $result->setFetchmode(ResultSet::FETCHMODE_ASSOC); if ($result->next()) { - G::LoadClass('pmDynaform'); G::LoadClass('pmDynaform'); $FieldsPmDynaform = $applicationFields; $FieldsPmDynaform["CURRENT_DYNAFORM"] = $_REQUEST['DYN_UID'];