fernando/luos
1
0
Fork 0
Code Releases Activity

Merge remote-tracking branch 'origin/feature/HOR-3559' into bugfix/HOR-3282-B

Browse Source
This commit is contained in:
hjonathan
2017-08-09 09:25:16 -04:00
parent 5da1478fdb b839a247d9
commit a11462ff0a
8 changed files with 673 additions and 585 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
gulliver/system/class.g.php
View File

@@ -1989,7 +1989,7 @@ class G
* *
* @return void * @return void
*/ */
public function SendTemporalMessage ($msgID, $strType, $sType = 'LABEL', $time = null, $width = null, $customLabels = null) public static function SendTemporalMessage ($msgID, $strType, $sType = 'LABEL', $time = null, $width = null, $customLabels = null)
{ {
if (isset( $width )) { if (isset( $width )) {
$_SESSION['G_MESSAGE_WIDTH'] = $width; $_SESSION['G_MESSAGE_WIDTH'] = $width;

11
gulliver/system/class.rbac.php
View File

@@ -25,6 +25,9 @@
* Coral Gables, FL, 33134, USA, or email info@colosa.com. * Coral Gables, FL, 33134, USA, or email info@colosa.com.
* *
*/ */
use ProcessMaker\Exception\RBACException;
/** /**
* File: $Id$ * File: $Id$
* *
@@ -148,8 +151,11 @@ class RBAC
), ),
'newSite.php' => array( 'newSite.php' => array(
'newSite.php' => array('PM_SETUP_ADVANCE') 'newSite.php' => array('PM_SETUP_ADVANCE')
),
'emailsAjax.php' => array(
'MessageList' => array('PM_SETUP', 'PM_SETUP_LOGS'),
'updateStatusMessage' => array('PM_SETUP', 'PM_SETUP_LOGS'),
) )
); );
} }
@@ -1546,8 +1552,7 @@ class RBAC
} }
if (!$access) { if (!$access) {
G::header('Location: /errors/error403.php'); throw new RBACException('ID_ACCESS_DENIED', 403);
die();
} }
} }
} }

53
workflow/engine/classes/model/ListParticipatedLast.php
View File

@@ -49,19 +49,24 @@ class ListParticipatedLast extends BaseListParticipatedLast
$data['DEL_CURRENT_USR_FIRSTNAME'] = $aRow['USR_FIRSTNAME']; $data['DEL_CURRENT_USR_FIRSTNAME'] = $aRow['USR_FIRSTNAME'];
$data['DEL_CURRENT_USR_LASTNAME'] = $aRow['USR_LASTNAME']; $data['DEL_CURRENT_USR_LASTNAME'] = $aRow['USR_LASTNAME'];
$data['DEL_CURRENT_TAS_TITLE'] = $data['APP_TAS_TITLE']; $data['DEL_CURRENT_TAS_TITLE'] = $data['APP_TAS_TITLE'];
$currentInformation = array(
'DEL_CURRENT_USR_USERNAME' => $data['DEL_CURRENT_USR_USERNAME'],
'DEL_CURRENT_USR_FIRSTNAME' => $data['DEL_CURRENT_USR_FIRSTNAME'],
'DEL_CURRENT_USR_LASTNAME' => $data['DEL_CURRENT_USR_LASTNAME'],
'DEL_CURRENT_TAS_TITLE' => $data['APP_TAS_TITLE']
);
} }
} else { } else {
$getData['USR_UID'] = $data['USR_UID_CURRENT']; $getData['USR_UID'] = $data['USR_UID_CURRENT'];
$getData['APP_UID'] = $data['APP_UID']; $getData['APP_UID'] = $data['APP_UID'];
$row = $this->getRowFromList($getData); $row = $this->getRowFromList($getData);
if (is_array($row) && sizeof($row)) { if (is_array($row) && sizeof($row)) {
$set = array( $currentInformation = array(
'DEL_CURRENT_USR_USERNAME' => '', 'DEL_CURRENT_USR_USERNAME' => '',
'DEL_CURRENT_USR_FIRSTNAME' => '', 'DEL_CURRENT_USR_FIRSTNAME' => '',
'DEL_CURRENT_USR_LASTNAME' => '', 'DEL_CURRENT_USR_LASTNAME' => '',
'APP_TAS_TITLE' => $data['APP_TAS_TITLE'], 'DEL_CURRENT_TAS_TITLE' => $data['APP_TAS_TITLE']
'DEL_CURRENT_TAS_TITLE' => $data['APP_TAS_TITLE'], ); );
$this->updateCurrentUser($row, $set);
} }
} }
@@ -84,6 +89,9 @@ class ListParticipatedLast extends BaseListParticipatedLast
if (!empty($data['APP_STATUS'])) { if (!empty($data['APP_STATUS'])) {
$data['APP_STATUS_ID'] = Application::$app_status_values[$data['APP_STATUS']]; $data['APP_STATUS_ID'] = Application::$app_status_values[$data['APP_STATUS']];
} }
//We will update the current information
$this->updateCurrentInfoByAppUid($data['APP_UID'], $currentInformation);
$con = Propel::getConnection(ListParticipatedLastPeer::DATABASE_NAME); $con = Propel::getConnection(ListParticipatedLastPeer::DATABASE_NAME);
try { try {
$this->fromArray($data, BasePeer::TYPE_FIELDNAME); $this->fromArray($data, BasePeer::TYPE_FIELDNAME);
@@ -103,6 +111,27 @@ class ListParticipatedLast extends BaseListParticipatedLast
} }
} }
/**
* This function update the row related to the appUid with the current information
* @param string $appUid
* @param array $currentInformation
* @return void
*/
private function updateCurrentInfoByAppUid($appUid, $currentInformation)
{
//Update - WHERE
$criteriaWhere = new Criteria('workflow');
$criteriaWhere->add(ListParticipatedLastPeer::APP_UID, $appUid, Criteria::EQUAL);
//Update - SET
$criteriaSet = new Criteria('workflow');
$criteriaSet->add(ListParticipatedLastPeer::DEL_CURRENT_USR_USERNAME, $currentInformation['DEL_CURRENT_USR_USERNAME']);
$criteriaSet->add(ListParticipatedLastPeer::DEL_CURRENT_USR_FIRSTNAME, $currentInformation['DEL_CURRENT_USR_FIRSTNAME']);
$criteriaSet->add(ListParticipatedLastPeer::DEL_CURRENT_USR_LASTNAME, $currentInformation['DEL_CURRENT_USR_LASTNAME']);
$criteriaSet->add(ListParticipatedLastPeer::DEL_CURRENT_TAS_TITLE, $currentInformation['DEL_CURRENT_TAS_TITLE']);
BasePeer::doUpdate($criteriaWhere, $criteriaSet, Propel::getConnection('workflow'));
}
/** /**
* Update List Participated History Table. * Update List Participated History Table.
* *
@@ -448,22 +477,6 @@ class ListParticipatedLast extends BaseListParticipatedLast
return false; return false;
} }
public function updateCurrentUser($where, $set)
{
$con = Propel::getConnection('workflow');
//Update - WHERE
$criteriaWhere = new Criteria('workflow');
$criteriaWhere->add(ListParticipatedLastPeer::APP_UID, $where['APP_UID'], Criteria::EQUAL);
$criteriaWhere->add(ListParticipatedLastPeer::USR_UID, $where['USR_UID'], Criteria::EQUAL);
$criteriaWhere->add(ListParticipatedLastPeer::DEL_INDEX, $where['DEL_INDEX'], Criteria::EQUAL);
//Update - SET
$criteriaSet = new Criteria('workflow');
foreach ($set as $k => $v) {
eval('$criteriaSet->add( ListParticipatedLastPeer::'.$k.',$v, Criteria::EQUAL);');
}
BasePeer::doUpdate($criteriaWhere, $criteriaSet, $con);
}
/** /**
* Returns the number of cases of a user. * Returns the number of cases of a user.
* *

17
workflow/engine/methods/login/login.php
View File

@@ -33,11 +33,24 @@ if ($browserSupported==false){
/*----------------------------------********---------------------------------*/ /*----------------------------------********---------------------------------*/
$aFields = array(); $aFields = array();
if (!isset($_GET['u'])) { //Validated redirect url
$aFields['URL'] = ''; $aFields['URL'] = '';
} else { if (!empty($_GET['u'])) {
//clean url with protocols
$flagUrl = true;
//Most used protocols
$protocols = ['https://', 'http://', 'ftp://', 'sftp://','smb://', 'file:', 'mailto:'];
foreach ($protocols as $protocol) {
if (strpos($_GET['u'], $protocol) !== false) {
$_GET['u'] = '';
$flagUrl = false;
break;
}
}
if ($flagUrl) {
$aFields['URL'] = htmlspecialchars(addslashes(stripslashes(strip_tags(trim(urldecode($_GET['u'])))))); $aFields['URL'] = htmlspecialchars(addslashes(stripslashes(strip_tags(trim(urldecode($_GET['u']))))));
} }
}
if (!isset($_SESSION['G_MESSAGE'])) { if (!isset($_SESSION['G_MESSAGE'])) {
$_SESSION['G_MESSAGE'] = ''; $_SESSION['G_MESSAGE'] = '';

23
workflow/engine/methods/mails/emailsAjax.php
View File

@@ -1,10 +1,20 @@
<?php <?php
$req = (isset($_POST['request']))? $_POST['request']:((isset($_REQUEST['request']))? $_REQUEST['request'] : 'No hayyy tal');
require_once 'classes/model/Content.php'; use ProcessMaker\Exception\RBACException;
require_once 'classes/model/AppMessage.php';
require_once 'classes/model/AppDelegation.php'; $req = (isset($_REQUEST['request']) ? $_REQUEST['request'] : '');
require_once 'classes/model/Application.php';
/** @var RBAC $RBAC */
global $RBAC;
switch ($RBAC->userCanAccess('PM_LOGIN')) {
case -2:
throw new RBACException('ID_USER_HAVENT_RIGHTS_SYSTEM', -2);
break;
case -1:
throw new RBACException('ID_USER_HAVENT_RIGHTS_PAGE', -1);
break;
}
$RBAC->allows(basename(__FILE__), $req);
switch ($req) { switch ($req) {
case 'MessageList': case 'MessageList':
@@ -163,6 +173,9 @@ switch($req){
} }
if ($sort != '') { if ($sort != '') {
if (!in_array($sort, AppMessagePeer::getFieldNames(BasePeer::TYPE_FIELDNAME))) {
throw new Exception(G::LoadTranslation('ID_INVALID_VALUE_FOR', array('$sort')));
}
if ($dir == 'ASC') { if ($dir == 'ASC') {
$criteria->addAscendingOrderByColumn($sort); $criteria->addAscendingOrderByColumn($sort);
} else { } else {

649
workflow/engine/src/ProcessMaker/BusinessModel/User.php
View File

File diff suppressed because it is too large Load Diff

59
workflow/engine/src/ProcessMaker/Exception/RBACException.php Normal file
View File

@@ -0,0 +1,59 @@
<?php
namespace ProcessMaker\Exception;
use G;
/**
* Class PMException
* @package ProcessMaker\Exception
*/
class RBACException extends \Exception
{
const PM_LOGIN = '../login/login';
const PM_403 = '/errors/error403.php';
/**
* RBACException constructor.
* @param string $message
* @param null $code
*/
public function __construct($message, $code=NULL)
{
parent::__construct($message, $code);
}
/**
* Displays the entire exception as a string
* @return string
*/
public function __toString()
{
switch ($this->getCode()) {
case -1:
G::SendTemporalMessage($this->getMessage(), 'error', 'labels');
$message = self::PM_LOGIN;
break;
case -2:
G::SendTemporalMessage($this->getMessage(), 'error', 'labels');
$message = self::PM_LOGIN;
break;
case 403:
$message = self::PM_403;
break;
default:
$message = self::PM_LOGIN;
break;
}
return $message;
}
/**
* Returns the path to which to redirect
* @return $this
*/
public function getPath()
{
return $this;
}
}

2
workflow/public_html/app.php
View File

@@ -53,6 +53,8 @@ try {
break; break;
} }
} catch (ProcessMaker\Exception\RBACException $e) {
G::header('location: ' . $e->getPath());
} catch (Exception $e) { } catch (Exception $e) {
$view = new Maveriks\Pattern\Mvc\PhtmlView($rootDir . "framework/src/templates/Exception.phtml"); $view = new Maveriks\Pattern\Mvc\PhtmlView($rootDir . "framework/src/templates/Exception.phtml");
$view->set("message", $e->getMessage()); $view->set("message", $e->getMessage());