From a3589fe9488d67ba4a37ef3f413f0664c3ae9b29 Mon Sep 17 00:00:00 2001 From: Luis Fernando Saisa Lopez Date: Fri, 25 Sep 2015 19:25:47 -0400 Subject: [PATCH] PM-3477-C "REST endpoint DELETE cases/{app_uid}/output-document/..." SOLVED --- .../src/ProcessMaker/BusinessModel/Cases.php | 49 +++++- .../BusinessModel/Cases/OutputDocument.php | 163 ++++++++++++++++++ .../Services/Api/Cases/OutputDocument.php | 19 +- 3 files changed, 219 insertions(+), 12 deletions(-) diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php b/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php index 2b370490d..757a96dfe 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php @@ -49,16 +49,25 @@ class Cases * Verify if does not exist the Case in table APPLICATION * * @param string $applicationUid Unique id of Case + * @param string $delIndex Delegation index * @param string $fieldNameForException Field name for the exception * * return void Throw exception if does not exist the Case in table APPLICATION */ - public function throwExceptionIfNotExistsCase($applicationUid, $fieldNameForException) + public function throwExceptionIfNotExistsCase($applicationUid, $delIndex, $fieldNameForException) { try { $obj = \ApplicationPeer::retrieveByPK($applicationUid); - if (is_null($obj)) { + $flag = is_null($obj); + + if (!$flag && $delIndex > 0) { + $obj = \AppDelegationPeer::retrieveByPK($applicationUid, $delIndex); + + $flag = is_null($obj); + } + + if ($flag) { throw new \Exception(\G::LoadTranslation("ID_CASE_DOES_NOT_EXIST2", array($fieldNameForException, $applicationUid))); } } catch (\Exception $e) { @@ -440,7 +449,7 @@ class Cases \G::LoadClass("wsBase"); //Verify data - $this->throwExceptionIfNotExistsCase($applicationUid, $this->getFieldNameByFormatFieldName("APP_UID")); + $this->throwExceptionIfNotExistsCase($applicationUid, 0, $this->getFieldNameByFormatFieldName("APP_UID")); $criteria = new \Criteria("workflow"); @@ -536,7 +545,7 @@ class Cases { try { //Verify data - $this->throwExceptionIfNotExistsCase($applicationUid, $this->getFieldNameByFormatFieldName("APP_UID")); + $this->throwExceptionIfNotExistsCase($applicationUid, 0, $this->getFieldNameByFormatFieldName("APP_UID")); $criteria = new \Criteria("workflow"); @@ -1805,7 +1814,7 @@ class Cases $arrayTask = array(); //Verify data - $this->throwExceptionIfNotExistsCase($applicationUid, $this->getFieldNameByFormatFieldName("APP_UID")); + $this->throwExceptionIfNotExistsCase($applicationUid, 0, $this->getFieldNameByFormatFieldName("APP_UID")); //Set variables $process = new \Process(); @@ -2363,14 +2372,16 @@ class Cases * Get status info Case * * @param string $applicationUid Unique id of Case + * @param int $del_index {@min 1} + * @param string $userUid Unique id of User * * return array Return an array with status info Case, array empty otherwise */ - public function getStatusInfo($applicationUid) + public function getStatusInfo($applicationUid, $delIndex = 0, $userUid = "") { try { //Verify data - $this->throwExceptionIfNotExistsCase($applicationUid, $this->getFieldNameByFormatFieldName("APP_UID")); + $this->throwExceptionIfNotExistsCase($applicationUid, $delIndex, $this->getFieldNameByFormatFieldName("APP_UID")); //Get data //Status is PAUSED @@ -2388,6 +2399,14 @@ class Cases $criteria->getNewCriterion(\AppDelayPeer::APP_DISABLE_ACTION_USER, 0, \Criteria::EQUAL)) ); + if ($delIndex != 0) { + $criteria->add(\AppDelayPeer::APP_DEL_INDEX, $delIndex, \Criteria::EQUAL); + } + + if ($userUid != "") { + $criteria->add(\AppDelayPeer::APP_DELEGATION_USER, $userUid, \Criteria::EQUAL); + } + $rsCriteria = \AppDelayPeer::doSelectRS($criteria); $rsCriteria->setFetchmode(\ResultSet::FETCHMODE_ASSOC); @@ -2421,6 +2440,14 @@ class Cases $criteria->getNewCriterion(\AppThreadPeer::APP_THREAD_STATUS, "OPEN")) ); + if ($delIndex != 0) { + $criteria->add(\AppDelegationPeer::DEL_INDEX, $delIndex, \Criteria::EQUAL); + } + + if ($userUid != "") { + $criteria->add(\AppDelegationPeer::USR_UID, $userUid, \Criteria::EQUAL); + } + $rsCriteria = \ApplicationPeer::doSelectRS($criteria); $rsCriteria->setFetchmode(\ResultSet::FETCHMODE_ASSOC); @@ -2445,6 +2472,14 @@ class Cases $criteria->add(\ApplicationPeer::APP_STATUS, array("CANCELLED", "COMPLETED"), \Criteria::IN); $criteria->add(\AppDelegationPeer::DEL_LAST_INDEX, 1, \Criteria::EQUAL); + if ($delIndex != 0) { + $criteria->add(\AppDelegationPeer::DEL_INDEX, $delIndex, \Criteria::EQUAL); + } + + if ($userUid != "") { + $criteria->add(\AppDelegationPeer::USR_UID, $userUid, \Criteria::EQUAL); + } + $rsCriteria = \ApplicationPeer::doSelectRS($criteria); $rsCriteria->setFetchmode(\ResultSet::FETCHMODE_ASSOC); diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/Cases/OutputDocument.php b/workflow/engine/src/ProcessMaker/BusinessModel/Cases/OutputDocument.php index 4b9e3b71a..2a77fdcb5 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/Cases/OutputDocument.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/Cases/OutputDocument.php @@ -3,6 +3,169 @@ namespace ProcessMaker\BusinessModel\Cases; class OutputDocument { + /** + * Check if the user has permissions + * + * @param string $applicationUid Unique id of Case + * @param string $delIndex Delegation index + * @param string $userUid Unique id of User + * @param string $appDocumentUid + * + * return void Throw exception the user does not have permission to delete + */ + public function throwExceptionIfHaventPermissionToDelete($applicationUid, $delIndex, $userUid, $appDocumentUid) + { + try { + //Verify data inbox + $case = new \ProcessMaker\BusinessModel\Cases(); + $arrayResult = $case->getStatusInfo($applicationUid, $delIndex, $userUid); + + $flagInbox = 1; + + if (empty($arrayResult) || !preg_match("/^(?:TO_DO|DRAFT)$/", $arrayResult["APP_STATUS"])) { + $flagInbox = 0; + } + + //Verify data permission + $flagPermission = 0; + + $criteria = new \Criteria("workflow"); + + $criteria->addSelectColumn(\AppDocumentPeer::DOC_UID); + + $criteria->add(\AppDocumentPeer::APP_DOC_UID, $appDocumentUid, \Criteria::EQUAL); + $criteria->add(\AppDocumentPeer::APP_UID, $applicationUid, \Criteria::EQUAL); + $criteria->add(\AppDocumentPeer::APP_DOC_TYPE, "OUTPUT", \Criteria::EQUAL); + + $rsCriteria = \AppDocumentPeer::doSelectRS($criteria); + $rsCriteria->setFetchmode(\ResultSet::FETCHMODE_ASSOC); + + if ($rsCriteria->next()) { + $row = $rsCriteria->getRow(); + + $outputDocumentUid = $row["DOC_UID"]; + + $application = \ApplicationPeer::retrieveByPK($applicationUid); + + //Criteria + $criteria2 = new \Criteria("workflow"); + + $criteria2->addSelectColumn(\ObjectPermissionPeer::OP_UID); + + $criteria2->add(\ObjectPermissionPeer::PRO_UID, $application->getProUid(), \Criteria::EQUAL); + $criteria2->add(\ObjectPermissionPeer::OP_OBJ_TYPE, "OUTPUT", \Criteria::EQUAL); + $criteria2->add( + $criteria2->getNewCriterion(\ObjectPermissionPeer::OP_OBJ_UID, $outputDocumentUid, \Criteria::EQUAL)->addOr( + $criteria2->getNewCriterion(\ObjectPermissionPeer::OP_OBJ_UID, "0", \Criteria::EQUAL))->addOr( + $criteria2->getNewCriterion(\ObjectPermissionPeer::OP_OBJ_UID, "", \Criteria::EQUAL)) + ); + $criteria2->add(\ObjectPermissionPeer::OP_ACTION, "DELETE", \Criteria::EQUAL); + + //User + $criteriaU = clone $criteria2; + + $criteriaU->add(\ObjectPermissionPeer::OP_USER_RELATION, 1, \Criteria::EQUAL); + $criteriaU->add(\ObjectPermissionPeer::USR_UID, $userUid, \Criteria::EQUAL); + + $rsCriteriaU = \ObjectPermissionPeer::doSelectRS($criteriaU); + $rsCriteriaU->setFetchmode(\ResultSet::FETCHMODE_ASSOC); + + if ($rsCriteriaU->next()) { + $flagPermission = 1; + } + + //Group + if ($flagPermission == 0) { + $criteriaG = clone $criteria2; + + $criteriaG->add(\ObjectPermissionPeer::OP_USER_RELATION, 2, \Criteria::EQUAL); + + $criteriaG->addJoin(\ObjectPermissionPeer::USR_UID, \GroupUserPeer::GRP_UID, \Criteria::LEFT_JOIN); + $criteriaG->add(\GroupUserPeer::USR_UID, $userUid, \Criteria::EQUAL); + + $rsCriteriaG = \ObjectPermissionPeer::doSelectRS($criteriaG); + $rsCriteriaG->setFetchmode(\ResultSet::FETCHMODE_ASSOC); + + if ($rsCriteriaG->next()) { + $flagPermission = 1; + } + } + } + + if ($flagInbox == 1) { + if ($flagPermission == 0) { + throw new \Exception(\G::LoadTranslation("ID_USER_NOT_HAVE_PERMISSION_DELETE_OUTPUT_DOCUMENT", array($userUid))); + } + } else { + if ($flagPermission == 0) { + throw new \Exception(\G::LoadTranslation("ID_USER_NOT_HAVE_PERMISSION_DELETE_OUTPUT_DOCUMENT", array($userUid))); + } + } + } catch (\Exception $e) { + throw $e; + } + } + + /** + * Verify if does not exists the inbox + * + * @param string $applicationUid Unique id of Case + * @param string $delIndex Delegation index + * @param string $userUid Unique id of User + * + * return void Throw exception if not exists in inbox + */ + public function throwExceptionIfCaseNotIsInInbox($applicationUid, $delIndex, $userUid) + { + try { + //Verify data + $case = new \ProcessMaker\BusinessModel\Cases(); + $arrayResult = $case->getStatusInfo($applicationUid, $delIndex, $userUid); + + if (empty($arrayResult) || !preg_match("/^(?:TO_DO|DRAFT)$/", $arrayResult["APP_STATUS"])) { + throw new \Exception(\G::LoadTranslation("ID_USER_NOT_HAVE_PERMISSION", array($userUid))); + } + } catch (\Exception $e) { + throw $e; + } + } + + /** + * Verify if not exists OuputDocument in Steps + * + * @param string $applicationUid Unique id of Case + * @param string $delIndex Delegation index + * @param string $outDocUuid + * + * return void Throw exception if not exists OuputDocument in Steps + */ + public function throwExceptionIfOuputDocumentNotExistsInSteps($applicacionUid, $delIndex, $outputDocumentUid) + { + try { + //Verify data + $appDelegation = \AppDelegationPeer::retrieveByPK($applicacionUid, $delIndex); + + $taskUid = $appDelegation->getTasUid(); + + $criteria = new \Criteria("workflow"); + + $criteria->addSelectColumn(\StepPeer::STEP_UID); + + $criteria->add(\StepPeer::TAS_UID, $taskUid, \Criteria::EQUAL); + $criteria->add(\StepPeer::STEP_TYPE_OBJ, "OUTPUT_DOCUMENT", \Criteria::EQUAL); + $criteria->add(\StepPeer::STEP_UID_OBJ, $outputDocumentUid, \Criteria::EQUAL); + + $rsCriteria = \StepPeer::doSelectRS($criteria); + $rsCriteria->setFetchmode(\ResultSet::FETCHMODE_ASSOC); + + if (!$rsCriteria->next()) { + throw new \Exception(\G::LoadTranslation("ID_CASES_OUTPUT_DOES_NOT_EXIST", array($outputDocumentUid))); + } + } catch (\Exception $e) { + throw $e; + } + } + /** * Get data of Cases OutputDocument * diff --git a/workflow/engine/src/ProcessMaker/Services/Api/Cases/OutputDocument.php b/workflow/engine/src/ProcessMaker/Services/Api/Cases/OutputDocument.php index 8ad620f2a..27cdd901d 100644 --- a/workflow/engine/src/ProcessMaker/Services/Api/Cases/OutputDocument.php +++ b/workflow/engine/src/ProcessMaker/Services/Api/Cases/OutputDocument.php @@ -56,26 +56,35 @@ class OutputDocument extends Api { try { $outputDocument = new \ProcessMaker\BusinessModel\Cases\OutputDocument(); + $outputDocument->throwExceptionIfHaventPermissionToDelete($app_uid, 0, $this->getUserId(), $app_doc_uid); $outputDocument->removeOutputDocument($app_doc_uid); } catch (\Exception $e) { throw (new RestException(Api::STAT_APP_EXCEPTION, $e->getMessage())); } } + /** - * @url POST /:app_uid/output-document + * @url POST /:app_uid/:del_index/output-document/:out_doc_uid * - * @param string $app_uid {@min 32}{@max 32} - * @param string $out_doc_uid {@min 32}{@max 32} + * @param string $app_uid {@min 32}{@max 32} + * @param int $del_index {@min 1} + * @param string $out_doc_uid {@min 32}{@max 32} */ - public function doPostOutputDocument($app_uid, $out_doc_uid) + public function doPostOutputDocument($app_uid, $del_index, $out_doc_uid) { try { $userUid = $this->getUserId(); + + $case = new \ProcessMaker\BusinessModel\Cases(); $outputDocument = new \ProcessMaker\BusinessModel\Cases\OutputDocument(); + $outputDocument->throwExceptionIfCaseNotIsInInbox($app_uid, $del_index, $userUid); + $outputDocument->throwExceptionIfOuputDocumentNotExistsInSteps($app_uid, $del_index, $out_doc_uid); $response = $outputDocument->addCasesOutputDocument($app_uid, $out_doc_uid, $userUid); + + //Return return $response; } catch (\Exception $e) { - throw (new RestException(Api::STAT_APP_EXCEPTION, $e->getMessage())); + throw new RestException(Api::STAT_APP_EXCEPTION, $e->getMessage()); } } }