diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php b/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php index 0b39df0d3..e8cbbb428 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/Cases.php @@ -2887,6 +2887,53 @@ class Cases $dataResponse = $data; + //Verify data + $arrayCasesToReassign = $data['cases']; + + $arrayMsg = []; + + foreach($arrayCasesToReassign as $key => $value) { + $appDelegation = \AppDelegationPeer::retrieveByPK($value['APP_UID'], $value['DEL_INDEX']); + + if (is_null($appDelegation)) { + $arrayMsg[] = [ + 'app_uid' => $value['APP_UID'], + 'del_index' => $value['DEL_INDEX'], + 'result' => 0, + 'status' => 'DELEGATION_NOT_EXISTS' + ]; + } + } + + if (!empty($arrayMsg)) { + return ['cases' => $arrayMsg]; + } + + $task = new \ProcessMaker\BusinessModel\Task(); + $userUid = $data['usr_uid_target']; + + foreach($arrayCasesToReassign as $value) { + $appDelegation = \AppDelegationPeer::retrieveByPK($value['APP_UID'], $value['DEL_INDEX']); + + //Verify data + $taskUid = $appDelegation->getTasUid(); + + $flagBoolean = $task->checkUserOrGroupAssignedTask($taskUid, $userUid); + + if (!$flagBoolean) { + $arrayMsg[] = [ + 'app_uid' => $value['APP_UID'], + 'del_index' => $value['DEL_INDEX'], + 'result' => 0, + 'status' => 'USER_NOT_ASSIGNED_TO_TASK' + ]; + } + } + + if (!empty($arrayMsg)) { + return ['cases' => $arrayMsg]; + } + G::LoadClass( 'case' ); $oCases = new \Cases(); $appDelegation = new \AppDelegation(); @@ -2908,6 +2955,7 @@ class Cases $reassigned = $oCases->reassignCase($val['APP_UID'], $val['DEL_INDEX'], $usrUid, $data['usr_uid_target']); $result = $reassigned ? 1 : 0 ; $dataResponse['cases'][$key]['result'] = $result; + $dataResponse['cases'][$key]['status'] = 'SUCCESS'; } } unset($dataResponse['usr_uid_target']); diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/Task.php b/workflow/engine/src/ProcessMaker/BusinessModel/Task.php index fc2480704..7dc2ff380 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/Task.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/Task.php @@ -1972,4 +1972,52 @@ class Task ); return $aTypes; } + + /** + * Check user to group assigned Task (Normal and/or Ad-Hoc Users) + * + * @param string $taskUid Unique uid of Task + * @param string $userUid Unique uid of User + * + * return bool + */ + public function checkUserOrGroupAssignedTask($taskUid, $usrUid) + { + $criteriaUser = new \Criteria('workflow'); + + $criteriaUser->add(\TaskUserPeer::TAS_UID, $taskUid, \Criteria::EQUAL); + $criteriaUser->add(\TaskUserPeer::USR_UID, $usrUid, \Criteria::EQUAL); + $criteriaUser->add(\TaskUserPeer::TU_RELATION, 1, \Criteria::EQUAL); + + $rsCriteria = \TaskUserPeer::doSelectRS($criteriaUser); + $rsCriteria->setFetchmode(\ResultSet::FETCHMODE_ASSOC); + + if ($rsCriteria->next()) { + return true; + } + + $criteriaGroup = new \Criteria('workflow'); + + $criteriaGroup->addSelectColumn(\TaskUserPeer::USR_UID); + + $criteriaGroup->add(\TaskUserPeer::TAS_UID, $taskUid, \Criteria::EQUAL); + $criteriaGroup->add(\TaskUserPeer::TU_RELATION, 2, \Criteria::EQUAL); + + $rsCriteriaGroup = \TaskUserPeer::doSelectRS($criteriaGroup); + $rsCriteriaGroup->setFetchmode(\ResultSet::FETCHMODE_ASSOC); + + while ($rsCriteriaGroup->next()) { + $row = $rsCriteriaGroup->getRow(); + $groupUid = $row['USR_UID']; + + $obj = \GroupUserPeer::retrieveByPK($groupUid, $usrUid); + + if (!is_null($obj)) { + return true; + } + } + + //Return + return false; + } } diff --git a/workflow/engine/src/ProcessMaker/Services/Api/Cases.php b/workflow/engine/src/ProcessMaker/Services/Api/Cases.php index 46a9e26cc..2ada81dfc 100644 --- a/workflow/engine/src/ProcessMaker/Services/Api/Cases.php +++ b/workflow/engine/src/ProcessMaker/Services/Api/Cases.php @@ -29,6 +29,53 @@ class Cases extends Api "note_date" ]; + public function __isAllowed() + { + try { + $methodName = $this->restler->apiMethodInfo->methodName; + + switch ($methodName) { + case 'doPostReassign': + $arrayParameters = $this->parameters[0]['cases']; + $usrUid = $this->getUserId(); + + //Check if the user is supervisor process + $case = new \ProcessMaker\BusinessModel\Cases(); + $supervisor = new \ProcessMaker\BusinessModel\ProcessSupervisor(); + $user = new \ProcessMaker\BusinessModel\User(); + + $count = 0; + + foreach ($arrayParameters as $value) { + $arrayApplicationData = $case->getApplicationRecordByPk($value['APP_UID'], [], false); + + if (!empty($arrayApplicationData)) { + $supervisor = new \ProcessMaker\BusinessModel\ProcessSupervisor(); + $flagps = $supervisor->isUserProcessSupervisor($arrayApplicationData['PRO_UID'], $usrUid); + + if ($flagps) { + if (!$user->checkPermission($usrUid, 'PM_REASSIGNCASE')) { + $count = $count + 1; + } + } else { + $count = $count + 1; + } + } + } + + if ($count == 0) { + return true; + } + break; + } + + //Return + return false; + } catch (\Exception $e) { + throw new RestException(Api::STAT_APP_EXCEPTION, $e->getMessage()); + } + } + /** * Get list Cases To Do * @@ -1154,6 +1201,11 @@ class Cases extends Api * Batch reassign * @url POST /reassign * + * @access protected + * @class AccessControl {@className \ProcessMaker\Services\Api\Cases} + * + * @param array $request_data + * */ public function doPostReassign($request_data) { @@ -1165,5 +1217,4 @@ class Cases extends Api throw new RestException(Api::STAT_APP_EXCEPTION, $e->getMessage()); } } - }