From fc65ad23ba611569abb9c797c62e32a8f5d2e817 Mon Sep 17 00:00:00 2001 From: Rodrigo Quelca Date: Fri, 29 Oct 2021 19:32:25 +0000 Subject: [PATCH 01/13] PMCORE-3463: Vulnerable JS Library - Telefonica of Guatemala Security Analysis (Issue Rep# 1) --- Rakefile | 4 ++-- build-vendor.php | 2 +- config/build.json | 6 +++--- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/Rakefile b/Rakefile index 765930aaf..5e5f85d83 100755 --- a/Rakefile +++ b/Rakefile @@ -283,7 +283,7 @@ def buildMafe(homeDir, targetDir, mode) "#{homeDir}/lib/wz_jsgraphics/wz_jsgraphics.js" => "#{jsTargetDir}/wz_jsgraphics.js", "#{homeDir}/lib/jQuery/jquery-1.10.2.min.js" => "#{jsTargetDir}/jquery-1.10.2.min.js", "#{homeDir}/lib/underscore/underscore-min.js" => "#{jsTargetDir}/underscore-min.js", - "#{homeDir}/lib/jQueryUI/jquery-ui-1.10.3.custom.min.js" => "#{jsTargetDir}/jquery-ui-1.10.3.custom.min.js", + "#{homeDir}/lib/jQueryUI/jquery-ui.min.js" => "#{jsTargetDir}/jquery-ui.min.js", "#{homeDir}/lib/jQueryLayout/jquery.layout.min.js" => "#{jsTargetDir}/jquery.layout.min.js", "#{homeDir}/lib/modernizr/modernizr.js" => "#{jsTargetDir}/modernizr.js" }) @@ -376,7 +376,7 @@ def getJsIncludeFiles "workflow/public_html/lib/js/wz_jsgraphics.js", "workflow/public_html/lib/js/jquery-1.10.2.min.js", "workflow/public_html/lib/js/underscore-min.js", - "workflow/public_html/lib/js/jquery-ui-1.10.3.custom.min.js", + "workflow/public_html/lib/js/jquery-ui.min.js", "workflow/public_html/lib/js/jquery.layout.min.js", "workflow/public_html/lib/js/modernizr.js", "workflow/public_html/lib/js/restclient.min.js", diff --git a/build-vendor.php b/build-vendor.php index a2e4a9a02..2e4ff5758 100644 --- a/build-vendor.php +++ b/build-vendor.php @@ -99,7 +99,7 @@ $jsFiles = array ( "workflow/public_html/lib/js/wz_jsgraphics.js", "workflow/public_html/lib/js/jquery-1.10.2.min.js", "workflow/public_html/lib/js/underscore-min.js", - "workflow/public_html/lib/js/jquery-ui-1.10.3.custom.min.js", + "workflow/public_html/lib/js/jquery-ui.min.js", "workflow/public_html/lib/js/jquery.layout.min.js", "workflow/public_html/lib/js/modernizr.js", "workflow/public_html/lib/js/restclient.min.js", diff --git a/config/build.json b/config/build.json index f6441c1f1..516f31530 100644 --- a/config/build.json +++ b/config/build.json @@ -237,8 +237,8 @@ "dest_name": "underscore-min.js" }, { - "src": "jQueryUI/jquery-ui-1.10.3.custom.min.js", - "dest_name": "jquery-ui-1.10.3.custom.min.js" + "src": "jQueryUI/jquery-ui.min.js", + "dest_name": "jquery-ui.min.js" }, { "src": "jQueryLayout/jquery.layout.min.js", @@ -308,7 +308,7 @@ "workflow/public_html/lib/js/wz_jsgraphics.js", "workflow/public_html/lib/js/jquery-1.10.2.min.js", "workflow/public_html/lib/js/underscore-min.js", - "workflow/public_html/lib/js/jquery-ui-1.10.3.custom.min.js", + "workflow/public_html/lib/js/jquery-u.min.js", "workflow/public_html/lib/js/jquery.layout.min.js", "workflow/public_html/lib/js/modernizr.js", "workflow/public_html/lib/js/restclient.min.js", From b8d384994db8777bc0794558efdce8bfb1a12da4 Mon Sep 17 00:00:00 2001 From: Rodrigo Quelca Date: Fri, 29 Oct 2021 19:35:13 +0000 Subject: [PATCH 02/13] add designer library --- workflow/engine/templates/designer/index.html | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/workflow/engine/templates/designer/index.html b/workflow/engine/templates/designer/index.html index 090d8dc15..cd67b8070 100644 --- a/workflow/engine/templates/designer/index.html +++ b/workflow/engine/templates/designer/index.html @@ -39,7 +39,7 @@ - + From a756893047d50034d8ddb77a7c347a63b4d5792b Mon Sep 17 00:00:00 2001 From: fabio Date: Mon, 22 Nov 2021 12:46:07 -0400 Subject: [PATCH 03/13] PMCORE-3509:In version 3.7.0 the inbox the send by field displays the undefined username after a script task Corrections miss data --- .../assets/js/admin/Modals/ModalPreview.vue | 53 +++++++++----- .../js/home/CustomCaseList/CustomCaseList.vue | 69 +++++++++++++------ resources/assets/js/home/Inbox/Inbox.vue | 33 +++++++-- resources/assets/js/home/Paused/Paused.vue | 36 ++++++++-- .../assets/js/home/Unassigned/Unassigned.vue | 36 ++++++++-- 5 files changed, 170 insertions(+), 57 deletions(-) diff --git a/resources/assets/js/admin/Modals/ModalPreview.vue b/resources/assets/js/admin/Modals/ModalPreview.vue index ad2ca0a7a..1013426a7 100644 --- a/resources/assets/js/admin/Modals/ModalPreview.vue +++ b/resources/assets/js/admin/Modals/ModalPreview.vue @@ -29,7 +29,12 @@
- + +
{{ props.row.USERNAME_DISPLAY_FORMAT }} @@ -106,6 +111,7 @@ export default { PAUSED: this.$i18n.t("ID_PAUSED"), UNASSIGNED: this.$i18n.t("ID_UNASSIGNED"), }, + showUserTooltip: true } }, mounted() { @@ -248,24 +254,33 @@ export default { * @return {array} dataFormat */ formatUser(data) { - var dataFormat = [], - userDataFormat; - userDataFormat = utils.userNameDisplayFormat({ - userName: data.user_tooltip.usr_firstname, - firstName: data.user_tooltip.usr_lastname, - lastName: data.user_tooltip.usr_username, - format: window.config.FORMATS.format || null - }); - dataFormat.push({ - USERNAME_DISPLAY_FORMAT: userDataFormat, - EMAIL: data.user_tooltip.usr_email, - POSITION: data.user_tooltip.usr_position, - AVATAR: userDataFormat !== "" ? window.config.SYS_SERVER_AJAX + - window.config.SYS_URI + - `users/users_ViewPhotoGrid?pUID=${data.user_tooltip.usr_id}` : "", - UNASSIGNED: userDataFormat !== "" ? true : false - }); - return dataFormat; + var dataFormat = [], + userDataFormat; + if (data.user_tooltip && !_.isEmpty(data.user_tooltip)) { + this.showUserTooltip = true; + userDataFormat = utils.userNameDisplayFormat({ + userName: data.user_tooltip.usr_firstname, + firstName: data.user_tooltip.usr_lastname, + lastName: data.user_tooltip.usr_username, + format: window.config.FORMATS.format || null + }); + dataFormat.push({ + USERNAME_DISPLAY_FORMAT: userDataFormat, + EMAIL: data.user_tooltip.usr_email, + POSITION: data.user_tooltip.usr_position, + AVATAR: userDataFormat !== "" ? window.config.SYS_SERVER_AJAX + + window.config.SYS_URI + + `users/users_ViewPhotoGrid?pUID=${data.user_tooltip.usr_id}` : "", + UNASSIGNED: userDataFormat !== "" ? true : false + }); + } else if (data.dummy_task && !_.isEmpty(data.dummy_task)) { + this.showUserTooltip = false; + dataFormat = data.dummy_task.type + ': ' + data.dummy_task.name; + } else { + this.showUserTooltip = false; + dataFormat = this.$i18n.t("ID_ANONYMOUS_USER"); + } + return dataFormat; } } } diff --git a/resources/assets/js/home/CustomCaseList/CustomCaseList.vue b/resources/assets/js/home/CustomCaseList/CustomCaseList.vue index 5acf6dbd4..75ddc2859 100644 --- a/resources/assets/js/home/CustomCaseList/CustomCaseList.vue +++ b/resources/assets/js/home/CustomCaseList/CustomCaseList.vue @@ -63,7 +63,12 @@
- + +
{{ props.row.USERNAME_DISPLAY_FORMAT }} @@ -144,7 +149,12 @@ {{ props["item"]["PRIORITY"] }} - + + {{ props["item"][column] }} @@ -198,7 +208,12 @@ {{ props["item"]["PRIORITY"] }} - + + {{ props["item"][column] }} @@ -576,7 +591,8 @@ export default { makeTagText: function (params, data) { return `${this.tagPrefix} ${data[0].options && data[0].options.label || ''}`; } - } + }, + showUserTooltip: true } }; }, @@ -884,24 +900,33 @@ export default { formatUser(data) { var dataFormat = [], userDataFormat; - userDataFormat = utils.userNameDisplayFormat({ - userName: data.user_tooltip.usr_firstname, - firstName: data.user_tooltip.usr_lastname, - lastName: data.user_tooltip.usr_username, - format: window.config.FORMATS.format || null, - }); - dataFormat.push({ - USERNAME_DISPLAY_FORMAT: userDataFormat, - EMAIL: data.user_tooltip.usr_email, - POSITION: data.user_tooltip.usr_position, - AVATAR: - userDataFormat !== "" - ? window.config.SYS_SERVER_AJAX + - window.config.SYS_URI + - `users/users_ViewPhotoGrid?pUID=${data.user_tooltip.usr_id}` - : "", - UNASSIGNED: userDataFormat !== "" ? true : false, - }); + if (data.user_tooltip && !_.isEmpty(data.user_tooltip)) { + this.showUserTooltip = true; + userDataFormat = utils.userNameDisplayFormat({ + userName: data.user_tooltip.usr_firstname, + firstName: data.user_tooltip.usr_lastname, + lastName: data.user_tooltip.usr_username, + format: window.config.FORMATS.format || null, + }); + dataFormat.push({ + USERNAME_DISPLAY_FORMAT: userDataFormat, + EMAIL: data.user_tooltip.usr_email, + POSITION: data.user_tooltip.usr_position, + AVATAR: + userDataFormat !== "" + ? window.config.SYS_SERVER_AJAX + + window.config.SYS_URI + + `users/users_ViewPhotoGrid?pUID=${data.user_tooltip.usr_id}` + : "", + UNASSIGNED: userDataFormat !== "" ? true : false, + }); + } else if (data.dummy_task && !_.isEmpty(data.dummy_task)) { + this.showUserTooltip = false; + dataFormat = data.dummy_task.type + ': ' + data.dummy_task.name; + } else { + this.showUserTooltip = false; + dataFormat = this.$i18n.t("ID_ANONYMOUS_USER"); + } return dataFormat; }, /** diff --git a/resources/assets/js/home/Inbox/Inbox.vue b/resources/assets/js/home/Inbox/Inbox.vue index 5822f4313..c8d134ee2 100644 --- a/resources/assets/js/home/Inbox/Inbox.vue +++ b/resources/assets/js/home/Inbox/Inbox.vue @@ -54,7 +54,12 @@
- + +
{{ props.row.USERNAME_DISPLAY_FORMAT }} @@ -149,7 +154,12 @@ >{{ props["headings"][props.column] }} : - + +
@@ -230,7 +240,12 @@ >{{ props["headings"][props.column] }} : - + + @@ -383,7 +398,8 @@ export default { buttons: {} }, showEllipsis: false, - dataSubtitle: null + dataSubtitle: null, + showUserTooltip: true }; }, created() { @@ -595,6 +611,8 @@ export default { formatUser(data) { var dataFormat = [], userDataFormat; + if (data.user_tooltip && !_.isEmpty(data.user_tooltip)) { + this.showUserTooltip = true; userDataFormat = utils.userNameDisplayFormat({ userName: data.user_tooltip.usr_firstname, firstName: data.user_tooltip.usr_lastname, @@ -610,6 +628,13 @@ export default { `users/users_ViewPhotoGrid?pUID=${data.user_tooltip.usr_id}` : "", UNASSIGNED: userDataFormat !== "" ? true : false }); + } else if (data.dummy_task && !_.isEmpty(data.dummy_task)) { + this.showUserTooltip = false; + dataFormat = data.dummy_task.type + ': ' + data.dummy_task.name; + } else { + this.showUserTooltip = false; + dataFormat = this.$i18n.t("ID_ANONYMOUS_USER"); + } return dataFormat; }, /** diff --git a/resources/assets/js/home/Paused/Paused.vue b/resources/assets/js/home/Paused/Paused.vue index e5469d9ca..7af75ca65 100644 --- a/resources/assets/js/home/Paused/Paused.vue +++ b/resources/assets/js/home/Paused/Paused.vue @@ -48,12 +48,16 @@
{{ props.row.PROCESS_NAME }}
-
- + +
{{ props.row.USERNAME_DISPLAY_FORMAT }} @@ -148,7 +152,12 @@ >{{ props["headings"][props.column] }} : - + +
@@ -229,7 +238,12 @@ >{{ props["headings"][props.column] }} : - + + @@ -383,7 +397,8 @@ export default { buttons: {} }, showEllipsis: false, - dataSubtitle: null + dataSubtitle: null, + showUserTooltip: true }; }, created() { @@ -590,6 +605,8 @@ export default { formatUser(data) { var dataFormat = [], userDataFormat; + if (data.user_tooltip && !_.isEmpty(data.user_tooltip)) { + this.showUserTooltip = true; userDataFormat = utils.userNameDisplayFormat({ userName: data.user_tooltip.usr_firstname, firstName: data.user_tooltip.usr_lastname, @@ -604,7 +621,14 @@ export default { window.config.SYS_URI + `users/users_ViewPhotoGrid?pUID=${data.user_tooltip.usr_id}` : "", UNASSIGNED: userDataFormat !== "" ? true : false - }); + }); + } else if (data.dummy_task && !_.isEmpty(data.dummy_task)) { + this.showUserTooltip = false; + dataFormat = data.dummy_task.type + ': ' + data.dummy_task.name; + } else { + this.showUserTooltip = false; + dataFormat = this.$i18n.t("ID_ANONYMOUS_USER"); + } return dataFormat; }, /** diff --git a/resources/assets/js/home/Unassigned/Unassigned.vue b/resources/assets/js/home/Unassigned/Unassigned.vue index 835252f4b..5da720e18 100644 --- a/resources/assets/js/home/Unassigned/Unassigned.vue +++ b/resources/assets/js/home/Unassigned/Unassigned.vue @@ -46,12 +46,16 @@
{{ props.row.PROCESS_NAME }}
-
- + +
{{ props.row.DUE_DATE }} @@ -143,7 +147,12 @@ >{{ props["headings"][props.column] }} : - + +
@@ -224,7 +233,12 @@ >{{ props["headings"][props.column] }} : - + + @@ -375,7 +389,8 @@ export default { buttons: {} }, showEllipsis: false, - dataSubtitle: null + dataSubtitle: null, + showUserTooltip: true }; }, mounted() { @@ -547,6 +562,8 @@ export default { formatUser(data) { var dataFormat = [], userDataFormat; + if (data.user_tooltip && !_.isEmpty(data.user_tooltip)) { + this.showUserTooltip = true; userDataFormat = utils.userNameDisplayFormat({ userName: data.user_tooltip.usr_firstname, firstName: data.user_tooltip.usr_lastname, @@ -561,7 +578,14 @@ export default { window.config.SYS_URI + `users/users_ViewPhotoGrid?pUID=${data.user_tooltip.usr_id}` : "", UNASSIGNED: userDataFormat !== "" ? true : false - }); + }); + } else if (data.dummy_task && !_.isEmpty(data.dummy_task)) { + this.showUserTooltip = false; + dataFormat = data.dummy_task.type + ': ' + data.dummy_task.name; + } else { + this.showUserTooltip = false; + dataFormat = this.$i18n.t("ID_ANONYMOUS_USER"); + } return dataFormat; }, /** From fe9d26c3fba751cabf933ec04b99d570ef827594 Mon Sep 17 00:00:00 2001 From: Paula Quispe Date: Fri, 19 Nov 2021 16:15:02 -0400 Subject: [PATCH 04/13] PMCORE-3542 --- database/factories/DelegationFactory.php | 5 +- .../BusinessModel/Cases/InboxTest.php | 75 ++++++++++++++++ .../BusinessModel/Cases/PausedTest.php | 57 ++++++++++-- .../BusinessModel/Cases/UnassignedTest.php | 87 ++++++++++++++++++- .../src/ProcessMaker/Model/TaskTest.php | 8 +- .../translations/english/processmaker.en.po | 18 ++++ workflow/engine/data/mysql/insert.sql | 3 + .../methods/cases/cases_CatchSelfService.php | 3 +- .../BusinessModel/Cases/Draft.php | 18 +++- .../BusinessModel/Cases/Inbox.php | 24 +++-- .../BusinessModel/Cases/Paused.php | 24 +++-- .../BusinessModel/Cases/Unassigned.php | 21 ++++- .../engine/src/ProcessMaker/Model/Task.php | 39 +++++++-- 13 files changed, 346 insertions(+), 36 deletions(-) diff --git a/database/factories/DelegationFactory.php b/database/factories/DelegationFactory.php index 916de97fb..05688f384 100644 --- a/database/factories/DelegationFactory.php +++ b/database/factories/DelegationFactory.php @@ -64,14 +64,15 @@ $factory->state(\ProcessMaker\Model\Delegation::class, 'foreign_keys', function $initDate = $faker->dateTimeInInterval($delegateDate, '+30 minutes'); $riskDate = $faker->dateTimeInInterval($initDate, '+1 day'); $taskDueDate = $faker->dateTimeInInterval($riskDate, '+2 day'); + $index = $faker->unique()->numberBetween(2000); // Return with default values return [ 'DELEGATION_ID' => $faker->unique()->numberBetween(5000), 'APP_UID' => $application->APP_UID, - 'DEL_INDEX' => $faker->unique()->numberBetween(2000), + 'DEL_INDEX' => $index, 'APP_NUMBER' => $application->APP_NUMBER, - 'DEL_PREVIOUS' => 0, + 'DEL_PREVIOUS' => $index - 1, 'PRO_UID' => $process->PRO_UID, 'TAS_UID' => $task->TAS_UID, 'USR_UID' => $user->USR_UID, diff --git a/tests/unit/workflow/engine/src/ProcessMaker/BusinessModel/Cases/InboxTest.php b/tests/unit/workflow/engine/src/ProcessMaker/BusinessModel/Cases/InboxTest.php index 6cf613c60..13030d165 100644 --- a/tests/unit/workflow/engine/src/ProcessMaker/BusinessModel/Cases/InboxTest.php +++ b/tests/unit/workflow/engine/src/ProcessMaker/BusinessModel/Cases/InboxTest.php @@ -44,6 +44,7 @@ class InboxTest extends TestCase { $delegation = factory(Delegation::class)->states('foreign_keys')->create([ 'DEL_THREAD_STATUS' => 'OPEN', + 'DEL_PREVIOUS' => 1, 'DEL_INDEX' => 2, ]); @@ -118,6 +119,7 @@ class InboxTest extends TestCase * @covers \ProcessMaker\BusinessModel\Cases\Inbox::getData() * @covers \ProcessMaker\BusinessModel\Cases\Inbox::getColumnsView() * @covers \ProcessMaker\BusinessModel\Cases\Inbox::filters() + * @covers \ProcessMaker\BusinessModel\Cases\Inbox::setProcessId() * @test */ public function it_filter_by_process() @@ -126,9 +128,11 @@ class InboxTest extends TestCase $cases = $this->createInbox(); // Create new Inbox object $inbox = new Inbox(); + // Apply filters $inbox->setUserId($cases->USR_ID); $inbox->setProcessId($cases->PRO_ID); $inbox->setOrderByColumn('APP_NUMBER'); + // Call to getData method $res = $inbox->getData(); $this->assertNotEmpty($res); } @@ -139,6 +143,7 @@ class InboxTest extends TestCase * @covers \ProcessMaker\BusinessModel\Cases\Inbox::getData() * @covers \ProcessMaker\BusinessModel\Cases\Inbox::getColumnsView() * @covers \ProcessMaker\BusinessModel\Cases\Inbox::filters() + * @covers \ProcessMaker\BusinessModel\Cases\Inbox::setCaseNumber() * @test */ public function it_filter_by_app_number() @@ -147,9 +152,11 @@ class InboxTest extends TestCase $cases = $this->createInbox(); // Create new Inbox object $inbox = new Inbox(); + // Apply filters $inbox->setUserId($cases->USR_ID); $inbox->setCaseNumber($cases->APP_NUMBER); $inbox->setOrderByColumn('APP_NUMBER'); + // Call to getData method $res = $inbox->getData(); $this->assertNotEmpty($res); } @@ -160,6 +167,7 @@ class InboxTest extends TestCase * @covers \ProcessMaker\BusinessModel\Cases\Inbox::getData() * @covers \ProcessMaker\BusinessModel\Cases\Inbox::getColumnsView() * @covers \ProcessMaker\BusinessModel\Cases\Inbox::filters() + * @covers \ProcessMaker\BusinessModel\Cases\Inbox::setCasesNumbers() * @test */ public function it_filter_by_specific_cases() @@ -168,9 +176,11 @@ class InboxTest extends TestCase $cases = $this->createInbox(); // Create new Inbox object $inbox = new Inbox(); + // Apply filters $inbox->setUserId($cases->USR_ID); $inbox->setCasesNumbers([$cases->APP_NUMBER]); $inbox->setOrderByColumn('APP_NUMBER'); + // Call to getData method $res = $inbox->getData(); $this->assertNotEmpty($res); } @@ -181,6 +191,8 @@ class InboxTest extends TestCase * @covers \ProcessMaker\BusinessModel\Cases\Inbox::getData() * @covers \ProcessMaker\BusinessModel\Cases\Inbox::getColumnsView() * @covers \ProcessMaker\BusinessModel\Cases\Inbox::filters() + * @covers \ProcessMaker\BusinessModel\Cases\Inbox::setCasesNumbers() + * @covers \ProcessMaker\BusinessModel\Cases\Inbox::setRangeCasesFromTo() * @test */ public function it_filter_by_range_cases() @@ -189,10 +201,13 @@ class InboxTest extends TestCase $cases = $this->createInbox(); // Create new Inbox object $inbox = new Inbox(); + // Apply filters $inbox->setUserId($cases->USR_ID); $rangeOfCases = $cases->APP_NUMBER . "-" . $cases->APP_NUMBER; + $inbox->setCasesNumbers([$cases->APP_NUMBER]); $inbox->setRangeCasesFromTo([$rangeOfCases]); $inbox->setOrderByColumn('APP_NUMBER'); + // Call to getData method $res = $inbox->getData(); $this->assertNotEmpty($res); } @@ -212,18 +227,46 @@ class InboxTest extends TestCase $cases = $this->createInbox(); // Create new Inbox object $inbox = new Inbox(); + // Apply filters $inbox->setUserId($cases->USR_ID); $inbox->setTaskId($cases->TAS_ID); + // Call to getData method $res = $inbox->getData(); $this->assertNotEmpty($res); } + /** + * It tests the getData method with setDelegateFrom and setDelegateTo filter + * + * @covers \ProcessMaker\BusinessModel\Cases\Inbox::getData() + * @covers \ProcessMaker\BusinessModel\Cases\Inbox::getColumnsView() + * @covers \ProcessMaker\BusinessModel\Cases\Inbox::filters() + * @covers \ProcessMaker\BusinessModel\Cases\Inbox::setDelegateFrom() + * @covers \ProcessMaker\BusinessModel\Cases\Inbox::setDelegateTo() + * @test + */ + public function it_filter_by_delegate_from_to() + { + // Create factories related to the to_do cases + $cases = $this->createInbox(); + // Create new Inbox object + $inbox = new Inbox(); + // Apply filters + $inbox->setUserId($cases->USR_ID); + $inbox->setDelegateFrom($cases->DEL_DELEGATE_DATE->format("Y-m-d")); + $inbox->setDelegateTo($cases->DEL_DELEGATE_DATE->format("Y-m-d")); + // Call to getData method + $res = $inbox->getData(); + $this->assertEmpty($res); + } + /** * It tests the getData method with case title filter * * @covers \ProcessMaker\BusinessModel\Cases\Inbox::getData() * @covers \ProcessMaker\BusinessModel\Cases\Inbox::getColumnsView() * @covers \ProcessMaker\BusinessModel\Cases\Inbox::filters() + * @covers \ProcessMaker\BusinessModel\Cases\Inbox::setCaseTitle() * @test */ public function it_filter_by_thread_title() @@ -245,12 +288,44 @@ class InboxTest extends TestCase $this->assertNotEmpty($result); } + /** + * It tests the getData method with send by filter + * + * @covers \ProcessMaker\BusinessModel\Cases\Inbox::getData() + * @covers \ProcessMaker\BusinessModel\Cases\Inbox::getColumnsView() + * @covers \ProcessMaker\BusinessModel\Cases\Inbox::filters() + * @covers \ProcessMaker\BusinessModel\Cases\Inbox::setSendBy() + * @test + */ + public function it_filter_send_by() + { + // Create factories related to the to_do cases + $cases = $this->createInbox(); + // Create the previous thread with the same user + $delegation = factory(Delegation::class)->states('foreign_keys')->create([ + 'APP_NUMBER' => $cases->APP_NUMBER, + 'APP_UID' => $cases->APP_UID, + 'USR_ID' => $cases->USR_ID, + 'DEL_THREAD_STATUS' => 'CLOSED', + 'DEL_INDEX' => 1, + ]); + // Create new Inbox object + $inbox = new Inbox(); + // Apply filters + $inbox->setUserId($cases->USR_ID); + $inbox->setSendBy($cases->USR_ID); + // Call to getData method + $res = $inbox->getData(); + $this->assertNotEmpty($res); + } + /** * It tests the getData method using order by column * * @covers \ProcessMaker\BusinessModel\Cases\Inbox::getData() * @covers \ProcessMaker\BusinessModel\Cases\Inbox::getColumnsView() * @covers \ProcessMaker\BusinessModel\Cases\Inbox::filters() + * @covers \ProcessMaker\BusinessModel\Cases\Inbox::setOrderByColumn() * @test */ public function it_order_by_column() diff --git a/tests/unit/workflow/engine/src/ProcessMaker/BusinessModel/Cases/PausedTest.php b/tests/unit/workflow/engine/src/ProcessMaker/BusinessModel/Cases/PausedTest.php index 80456429e..c73dee38d 100644 --- a/tests/unit/workflow/engine/src/ProcessMaker/BusinessModel/Cases/PausedTest.php +++ b/tests/unit/workflow/engine/src/ProcessMaker/BusinessModel/Cases/PausedTest.php @@ -201,7 +201,7 @@ class PausedTest extends TestCase * It tests the getData method without filters * * @covers \ProcessMaker\BusinessModel\Cases\Paused::getData() - * @covers \ProcessMaker\BusinessModel\Cases\Unassigned::getColumnsView() + * @covers \ProcessMaker\BusinessModel\Cases\Paused::getColumnsView() * @covers \ProcessMaker\Model\Delegation::scopePaused() * @test */ @@ -225,7 +225,7 @@ class PausedTest extends TestCase * It tests the getData method with case number filter * * @covers \ProcessMaker\BusinessModel\Cases\Paused::getData() - * @covers \ProcessMaker\BusinessModel\Cases\Unassigned::getColumnsView() + * @covers \ProcessMaker\BusinessModel\Cases\Paused::getColumnsView() * @covers \ProcessMaker\BusinessModel\Cases\Paused::filters() * @test */ @@ -251,7 +251,7 @@ class PausedTest extends TestCase * It tests the getData method with case number filter * * @covers \ProcessMaker\BusinessModel\Cases\Paused::getData() - * @covers \ProcessMaker\BusinessModel\Cases\Unassigned::getColumnsView() + * @covers \ProcessMaker\BusinessModel\Cases\Paused::getColumnsView() * @covers \ProcessMaker\BusinessModel\Cases\Paused::filters() * @test */ @@ -277,7 +277,7 @@ class PausedTest extends TestCase * It tests the getData method with taskId filter * * @covers \ProcessMaker\BusinessModel\Cases\Paused::getData() - * @covers \ProcessMaker\BusinessModel\Cases\Unassigned::getColumnsView() + * @covers \ProcessMaker\BusinessModel\Cases\Paused::getColumnsView() * @covers \ProcessMaker\BusinessModel\Cases\Paused::filters() * @test */ @@ -303,7 +303,7 @@ class PausedTest extends TestCase * It tests the getData method with processId filter * * @covers \ProcessMaker\BusinessModel\Cases\Paused::getData() - * @covers \ProcessMaker\BusinessModel\Cases\Unassigned::getColumnsView() + * @covers \ProcessMaker\BusinessModel\Cases\Paused::getColumnsView() * @covers \ProcessMaker\BusinessModel\Cases\Paused::filters() * @test */ @@ -328,7 +328,7 @@ class PausedTest extends TestCase * It tests the getData method with case title filter * * @covers \ProcessMaker\BusinessModel\Cases\Paused::getData() - * @covers \ProcessMaker\BusinessModel\Cases\Unassigned::getColumnsView() + * @covers \ProcessMaker\BusinessModel\Cases\Paused::getColumnsView() * @covers \ProcessMaker\BusinessModel\Cases\Paused::filters() * @test */ @@ -348,6 +348,51 @@ class PausedTest extends TestCase $this->assertNotEmpty($res); } + /** + * It tests the getData method with setDelegateFrom and setDelegateTo filter + * + * @covers \ProcessMaker\BusinessModel\Cases\Paused::getData() + * @covers \ProcessMaker\BusinessModel\Cases\Paused::getColumnsView() + * @covers \ProcessMaker\BusinessModel\Cases\Paused::filters() + * @test + */ + public function it_filter_by_delegate_from_to() + { + // Create factories related to the paused cases + $cases = $this->createPaused(); + // Create new Paused object + $paused = new Paused(); + $paused->setUserUid($cases->USR_UID); + $paused->setUserId($cases->USR_ID); + $paused->setDelegateFrom($cases->DEL_DELEGATE_DATE->format("Y-m-d")); + $paused->setDelegateTo($cases->DEL_DELEGATE_DATE->format("Y-m-d")); + // Get data + $res = $paused->getData(); + $this->assertEmpty($res); + } + + + /** + * It tests the getData method with send by filter + * + * @covers \ProcessMaker\BusinessModel\Cases\Paused::getData() + * @covers \ProcessMaker\BusinessModel\Cases\Paused::getColumnsView() + * @covers \ProcessMaker\BusinessModel\Cases\Paused::filters() + * @covers \ProcessMaker\BusinessModel\Cases\Paused::setSendBy() + * @test + */ + public function it_filter_send_by() + { + // Create factories related to the to_do cases + $cases = $this->createPaused(); + // Create new Paused object + $paused = new Paused(); + $paused->setUserId($cases->USR_ID); + $paused->setSendBy($cases->USR_ID); + $res = $paused->getData(); + $this->assertNotEmpty($res); + } + /** * It tests the getCounter() method * diff --git a/tests/unit/workflow/engine/src/ProcessMaker/BusinessModel/Cases/UnassignedTest.php b/tests/unit/workflow/engine/src/ProcessMaker/BusinessModel/Cases/UnassignedTest.php index 00c7f2720..e90207e3c 100644 --- a/tests/unit/workflow/engine/src/ProcessMaker/BusinessModel/Cases/UnassignedTest.php +++ b/tests/unit/workflow/engine/src/ProcessMaker/BusinessModel/Cases/UnassignedTest.php @@ -211,6 +211,7 @@ class UnassignedTest extends TestCase $cases = $this->createSelfServiceUserOrGroup(); //Review the count self-service $unassigned = new Unassigned; + // Apply filters $unassigned->setUserUid($cases['taskUser']->USR_UID); $unassigned->setUserId($cases['delegation']->USR_ID); $result = $unassigned->getCounter(); @@ -229,6 +230,7 @@ class UnassignedTest extends TestCase $cases = $this->createSelfServiceByVariable(); //Review the count self-service $unassigned = new Unassigned; + // Apply filters $unassigned->setUserUid($cases['user']->USR_UID); $unassigned->setUserId($cases['delegation']->USR_ID); $result = $unassigned->getCounter(); @@ -247,6 +249,7 @@ class UnassignedTest extends TestCase $cases = $this->createSelfServiceUserOrGroup(2); //Review the count self-service $unassigned = new Unassigned; + // Apply filters $unassigned->setUserUid($cases['taskUser']->USR_UID); $unassigned->setUserId($cases['delegation']->USR_ID); $result = $unassigned->getCounter(); @@ -265,6 +268,7 @@ class UnassignedTest extends TestCase $cases = $this->createSelfServiceByVariable(2, false); //Review the count self-service $unassigned = new Unassigned; + // Apply filters $unassigned->setUserUid($cases['user']->USR_UID); $unassigned->setUserId($cases['delegation']->USR_ID); $result = $unassigned->getCounter(); @@ -284,10 +288,12 @@ class UnassignedTest extends TestCase $casesGroup = $this->createSelfServiceUserOrGroup(2); //Review the count self-service $unassigned = new Unassigned; + // Apply filters $unassigned->setUserUid($casesUser['taskUser']->USR_UID); $unassigned->setUserId($casesUser['delegation']->USR_ID); $result = $unassigned->getCounter(); $this->assertNotEmpty($result); + // Apply filters $unassigned->setUserUid($casesGroup['taskUser']->USR_UID); $unassigned->setUserId($casesGroup['delegation']->USR_ID); $result = $unassigned->getCounter(); @@ -305,13 +311,15 @@ class UnassignedTest extends TestCase { $casesUser = $this->createSelfServiceByVariable(); $casesGroup = $this->createSelfServiceByVariable(2, false); - //Review the count self-service + // Review the count self-service $unassigned = new Unassigned; + // Apply filters $unassigned->setUserUid($casesUser['user']->USR_UID); $unassigned->setUserId($casesUser['delegation']->USR_ID); $result = $unassigned->getCounter(); $this->assertNotEmpty($result); $unassigned = new Unassigned; + // Apply filters $unassigned->setUserUid($casesGroup['user']->USR_UID); $unassigned->setUserId($casesGroup['delegation']->USR_ID); $result = $unassigned->getCounter(); @@ -331,9 +339,34 @@ class UnassignedTest extends TestCase $cases = $this->createSelfServiceUserOrGroup(); // Create new object $unassigned = new Unassigned(); - // Set the user UID + // Apply filters $unassigned->setUserUid($cases['taskUser']->USR_UID); $unassigned->setUserId($cases['delegation']->USR_ID); + // Set OrderByColumn value + $unassigned->setOrderByColumn('APP_NUMBER'); + // Call to getData method + $res = $unassigned->getData(); + // This assert that the expected numbers of results are returned + $this->assertNotEmpty($res); + } + + /** + * This ensures get data from self-service-user-assigned with filter setCasesNumbers + * + * @covers \ProcessMaker\BusinessModel\Cases\Unassigned::getData() + * @covers \ProcessMaker\BusinessModel\Cases\Unassigned::filters() + * @test + */ + public function it_filter_by_case_numbers() + { + // Create factories related to the unassigned cases + $cases = $this->createSelfServiceUserOrGroup(); + // Create new object + $unassigned = new Unassigned(); + // Apply filters + $unassigned->setUserUid($cases['taskUser']->USR_UID); + $unassigned->setUserId($cases['delegation']->USR_ID); + $unassigned->setCasesNumbers([$cases['delegation']->APP_NUMBER]); // Set OrderBYColumn value $unassigned->setOrderByColumn('APP_NUMBER'); // Call to getData method @@ -342,6 +375,54 @@ class UnassignedTest extends TestCase $this->assertNotEmpty($res); } + /** + * This ensures get data from self-service-user-assigned with filter setRangeCasesFromTo + * + * @covers \ProcessMaker\BusinessModel\Cases\Unassigned::getData() + * @covers \ProcessMaker\BusinessModel\Cases\Unassigned::filters() + * @test + */ + public function it_filter_by_range_cases() + { + // Create factories related to the unassigned cases + $cases = $this->createSelfServiceUserOrGroup(); + // Create new object + $unassigned = new Unassigned(); + // Apply filters + $unassigned->setUserUid($cases['taskUser']->USR_UID); + $unassigned->setUserId($cases['delegation']->USR_ID); + $rangeOfCases = $cases['delegation']->APP_NUMBER . "-" . $cases['delegation']->APP_NUMBER; + $unassigned->setRangeCasesFromTo([$rangeOfCases]); + // Call to getData method + $res = $unassigned->getData(); + // This assert that the expected numbers of results are returned + $this->assertNotEmpty($res); + } + + /** + * This ensures get data from self-service-user-assigned with setDelegateFrom and setDelegateTo filter + * + * @covers \ProcessMaker\BusinessModel\Cases\Unassigned::getData() + * @covers \ProcessMaker\BusinessModel\Cases\Unassigned::filters() + * @test + */ + public function it_filter_by_delegate_from_to() + { + // Create factories related to the unassigned cases + $cases = $this->createSelfServiceUserOrGroup(); + // Create new object + $unassigned = new Unassigned(); + // Apply filters + $unassigned->setUserUid($cases['taskUser']->USR_UID); + $unassigned->setUserId($cases['delegation']->USR_ID); + $unassigned->setDelegateFrom(date('Y-m-d')); + $unassigned->setDelegateTo(date('Y-m-d')); + // Call to getData method + $res = $unassigned->getData(); + // This assert that the expected numbers of results are returned + $this->assertEmpty($res); + } + /** * It tests the getData method with case title filter * @@ -361,9 +442,9 @@ class UnassignedTest extends TestCase DB::commit(); // Create new Unassigned object $unassigned = new Unassigned(); + // Apply filters $unassigned->setUserUid($usrUid); $unassigned->setUserId($usrId); - // Set the title $unassigned->setCaseTitle($title); // Get the data $res = $unassigned->getData(); diff --git a/tests/unit/workflow/engine/src/ProcessMaker/Model/TaskTest.php b/tests/unit/workflow/engine/src/ProcessMaker/Model/TaskTest.php index a9b6988a6..14187953b 100644 --- a/tests/unit/workflow/engine/src/ProcessMaker/Model/TaskTest.php +++ b/tests/unit/workflow/engine/src/ProcessMaker/Model/TaskTest.php @@ -34,28 +34,28 @@ class TaskTest extends TestCase ]); $taskInstance = new Task(); $title = $taskInstance->title($task->TAS_ID); - $this->assertEquals($title, G::LoadTranslation('ID_INTERMEDIATE_THROW_EMAIL_EVENT')); + $this->assertEquals($title['title'], G::LoadTranslation('ID_INTERMEDIATE_THROW_EMAIL_EVENT')); // Intermediate throw message event $task = factory(Task::class)->create([ 'TAS_TITLE' => 'INTERMEDIATE-THROW-MESSAGE-EVENT' ]); $taskInstance = new Task(); $title = $taskInstance->title($task->TAS_ID); - $this->assertEquals($title, G::LoadTranslation('ID_INTERMEDIATE_THROW_MESSAGE_EVENT')); + $this->assertEquals($title['title'], G::LoadTranslation('ID_INTERMEDIATE_THROW_MESSAGE_EVENT')); // Intermediate catch message event $task = factory(Task::class)->create([ 'TAS_TITLE' => 'INTERMEDIATE-CATCH-MESSAGE-EVENT' ]); $taskInstance = new Task(); $title = $taskInstance->title($task->TAS_ID); - $this->assertEquals($title, G::LoadTranslation('ID_INTERMEDIATE_CATCH_MESSAGE_EVENT')); + $this->assertEquals($title['title'], G::LoadTranslation('ID_INTERMEDIATE_CATCH_MESSAGE_EVENT')); // Intermediate timer event $task = factory(Task::class)->create([ 'TAS_TITLE' => 'INTERMEDIATE-CATCH-TIMER-EVENT' ]); $taskInstance = new Task(); $title = $taskInstance->title($task->TAS_ID); - $this->assertEquals($title, G::LoadTranslation('ID_INTERMEDIATE_CATCH_TIMER_EVENT')); + $this->assertEquals($title['title'], G::LoadTranslation('ID_INTERMEDIATE_CATCH_TIMER_EVENT')); } /** diff --git a/workflow/engine/content/translations/english/processmaker.en.po b/workflow/engine/content/translations/english/processmaker.en.po index 5b585e1ff..3eaf76a6c 100755 --- a/workflow/engine/content/translations/english/processmaker.en.po +++ b/workflow/engine/content/translations/english/processmaker.en.po @@ -24383,6 +24383,12 @@ msgstr "Screen Color Icon" msgid "Script Task" msgstr "Script Task" +# TRANSLATION +# LABEL/ID_SCRIPT_TASK_UNTITLED +#: LABEL/ID_SCRIPT_TASK_UNTITLED +msgid "Untitled - Script Task" +msgstr "Untitled - Script Task" + # TRANSLATION # LABEL/ID_SCRIPT_TASK_ACTIVITY_ALREADY_REGISTERED #: LABEL/ID_SCRIPT_TASK_ACTIVITY_ALREADY_REGISTERED @@ -24965,6 +24971,18 @@ msgstr "Server reported" msgid "Service" msgstr "Service" +# TRANSLATION +# LABEL/ID_SERVICE_TASK +#: LABEL/ID_SERVICE_TASK +msgid "Service Task" +msgstr "Service Task" + +# TRANSLATION +# LABEL/ID_SERVICE_TASK_UNTITLED +#: LABEL/ID_SERVICE_TASKUNTITLED +msgid "Untitled - Service Task" +msgstr "Untitled - Service Task" + # TRANSLATION # LABEL/ID_SESSION #: LABEL/ID_SESSION diff --git a/workflow/engine/data/mysql/insert.sql b/workflow/engine/data/mysql/insert.sql index 2c6418d3b..23883a55c 100755 --- a/workflow/engine/data/mysql/insert.sql +++ b/workflow/engine/data/mysql/insert.sql @@ -60988,6 +60988,7 @@ INSERT INTO TRANSLATION (TRN_CATEGORY,TRN_ID,TRN_LANG,TRN_VALUE,TRN_UPDATE_DATE ( 'LABEL','ID_SCHEMA','en','Schema','2014-01-15') , ( 'LABEL','ID_SCREEN_COLOR_ICON','en','Screen Color Icon','2021-08-10') , ( 'LABEL','ID_SCRIPT_TASK','en','Script Task','2015-10-19') , +( 'LABEL','ID_SCRIPT_TASK_UNTITLED','en','Untitled - Script Task','2021-11-23') , ( 'LABEL','ID_SCRIPT_TASK_ACTIVITY_ALREADY_REGISTERED','en','The Script-Task with {0}: "{1}" already registered','2016-08-01') , ( 'LABEL','ID_SEARCH','en','Search','2014-01-15') , ( 'LABEL','ID_SEARCHING','en','Searching...','2019-05-03') , @@ -61090,6 +61091,8 @@ INSERT INTO TRANSLATION (TRN_CATEGORY,TRN_ID,TRN_LANG,TRN_VALUE,TRN_UPDATE_DATE ( 'LABEL','ID_SERVER_PROTOCOL','en','Server Protocol','2014-01-15') , ( 'LABEL','ID_SERVER_REPORTED','en','Server reported','2014-01-15') , ( 'LABEL','ID_SERVICE','en','Service','2014-01-15') , +( 'LABEL','ID_SERVICE_TASK','en','Service','2021-11-23') , +( 'LABEL','ID_SERVICE_TASK_UNTITLED','en','Service','2021-11-23') , ( 'LABEL','ID_SESSION','en','Session','2014-01-15') , ( 'LABEL','ID_SESSION_ACTIVE','en','Session active','2014-01-15') , ( 'LABEL','ID_SESSION_DIRECTORY','en','Session directory','2015-11-05') , diff --git a/workflow/engine/methods/cases/cases_CatchSelfService.php b/workflow/engine/methods/cases/cases_CatchSelfService.php index 9c104017b..fdcfaf979 100644 --- a/workflow/engine/methods/cases/cases_CatchSelfService.php +++ b/workflow/engine/methods/cases/cases_CatchSelfService.php @@ -78,8 +78,7 @@ if ( // Get the label of previous task if (!empty($fieldsDelegation['TAS_ID'])) { - $taskInstance = new ModelTask(); - $fieldsCase['PREVIOUS_TASK'] = $taskInstance->title($fieldsDelegation['TAS_ID']); + $fieldsCase['PREVIOUS_TASK'] = ModelTask::title($fieldsDelegation['TAS_ID'])['title']; } // To enable information (dynaforms, steps) before claim a case diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/Cases/Draft.php b/workflow/engine/src/ProcessMaker/BusinessModel/Cases/Draft.php index a24d07631..42e9e6720 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/Cases/Draft.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/Cases/Draft.php @@ -6,6 +6,7 @@ use G; use ProcessMaker\Model\Application; use ProcessMaker\Model\CaseList; use ProcessMaker\Model\Delegation; +use ProcessMaker\Model\Task; use ProcessMaker\Model\User; class Draft extends AbstractCases @@ -127,10 +128,25 @@ class Draft extends AbstractCases $item['DEL_DELEGATE_DATE_LABEL'] = applyMaskDateEnvironment($item['DEL_DELEGATE_DATE']); // Get the send by related to the previous index $previousThread = Delegation::getThreadInfo($item['APP_NUMBER'], $item['DEL_PREVIOUS']); - $userInfo = !empty($previousThread) ? User::getInformation($previousThread['USR_ID']) : []; + $userInfo = []; + $dummyInfo = []; + if (!empty($previousThread)) { + // When the task has an user + $userInfo = ($previousThread['USR_ID'] !== 0) ? User::getInformation($previousThread['USR_ID']) : []; + // When the task does not have users refers to dummy task + $taskInfo = ($previousThread['USR_ID'] === 0) ? Task::title($previousThread['TAS_ID']) : []; + if (!empty($taskInfo)) { + $dummyInfo = [ + 'task_id' => $previousThread['TAS_ID'], + 'name' => $taskInfo['title'], + 'type' => $taskInfo['type'] + ]; + } + } $result = []; $result['del_previous'] = $item['DEL_PREVIOUS']; $result['user_tooltip'] = $userInfo; + $result['dummy_task'] = $dummyInfo; $item['SEND_BY_INFO'] = $result; return $item; diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/Cases/Inbox.php b/workflow/engine/src/ProcessMaker/BusinessModel/Cases/Inbox.php index e35e1c752..3a7c95e64 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/Cases/Inbox.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/Cases/Inbox.php @@ -6,6 +6,7 @@ use G; use ProcessMaker\Model\Application; use ProcessMaker\Model\CaseList; use ProcessMaker\Model\Delegation; +use ProcessMaker\Model\Task; use ProcessMaker\Model\User; class Inbox extends AbstractCases @@ -81,7 +82,6 @@ class Inbox extends AbstractCases if (!empty($this->getCaseUid())) { $query->appUid($this->getCaseUid()); } - // Specific delegate date from if (!empty($this->getDelegateFrom())) { $query->delegateDateFrom($this->getDelegateFrom()); @@ -90,8 +90,7 @@ class Inbox extends AbstractCases if (!empty($this->getDelegateTo())) { $query->delegateDateTo($this->getDelegateTo()); } - - // Specific usrId represented by sendBy. + // Specific usrId represented by sendBy if (!empty($this->getSendBy())) { $query->sendBy($this->getSendBy()); } @@ -113,7 +112,7 @@ class Inbox extends AbstractCases // Join with users $query->joinUser(); // Join with task - $query->JoinTask(); + $query->joinTask(); // Join with application for add the initial scope for TO_DO cases $query->inbox($this->getUserId()); /** Apply filters */ @@ -147,10 +146,25 @@ class Inbox extends AbstractCases $item['DEL_DELEGATE_DATE_LABEL'] = applyMaskDateEnvironment($item['DEL_DELEGATE_DATE']); // Get the send by related to the previous index $previousThread = Delegation::getThreadInfo($item['APP_NUMBER'], $item['DEL_PREVIOUS']); - $userInfo = !empty($previousThread) ? User::getInformation($previousThread['USR_ID']) : []; + $userInfo = []; + $dummyInfo = []; + if (!empty($previousThread)) { + // When the task has an user + $userInfo = ($previousThread['USR_ID'] !== 0) ? User::getInformation($previousThread['USR_ID']) : []; + // When the task does not have users refers to dummy task + $taskInfo = ($previousThread['USR_ID'] === 0) ? Task::title($previousThread['TAS_ID']) : []; + if (!empty($taskInfo)) { + $dummyInfo = [ + 'task_id' => $previousThread['TAS_ID'], + 'name' => $taskInfo['title'], + 'type' => $taskInfo['type'] + ]; + } + } $result = []; $result['del_previous'] = $item['DEL_PREVIOUS']; $result['user_tooltip'] = $userInfo; + $result['dummy_task'] = $dummyInfo; $item['SEND_BY_INFO'] = $result; return $item; diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/Cases/Paused.php b/workflow/engine/src/ProcessMaker/BusinessModel/Cases/Paused.php index a9b74b53a..fe9219f79 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/Cases/Paused.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/Cases/Paused.php @@ -5,6 +5,7 @@ namespace ProcessMaker\BusinessModel\Cases; use G; use ProcessMaker\Model\CaseList; use ProcessMaker\Model\Delegation; +use ProcessMaker\Model\Task; use ProcessMaker\Model\User; class Paused extends AbstractCases @@ -80,7 +81,6 @@ class Paused extends AbstractCases if (!empty($this->getCaseUid())) { $query->appUid($this->getCaseUid()); } - // Specific delegate date from if (!empty($this->getDelegateFrom())) { $query->delegateDateFrom($this->getDelegateFrom()); @@ -89,8 +89,7 @@ class Paused extends AbstractCases if (!empty($this->getDelegateTo())) { $query->delegateDateTo($this->getDelegateTo()); } - - // Specific usrId represented by sendBy. + // Specific usrId represented by sendBy if (!empty($this->getSendBy())) { $query->sendBy($this->getSendBy()); } @@ -109,7 +108,7 @@ class Paused extends AbstractCases // Join with process $query->joinProcess(); // Join with task - $query->JoinTask(); + $query->joinTask(); // Scope that set the paused cases $query->paused($this->getUserId()); /** Apply filters */ @@ -141,10 +140,25 @@ class Paused extends AbstractCases $item['DEL_DELEGATE_DATE_LABEL'] = applyMaskDateEnvironment($item['DEL_DELEGATE_DATE']); // Get the send by related to the previous index $previousThread = Delegation::getThreadInfo($item['APP_NUMBER'], $item['DEL_PREVIOUS']); - $userInfo = !empty($previousThread) ? User::getInformation($previousThread['USR_ID']) : []; + $userInfo = []; + $dummyInfo = []; + if (!empty($previousThread)) { + // When the task has an user + $userInfo = ($previousThread['USR_ID'] !== 0) ? User::getInformation($previousThread['USR_ID']) : []; + // When the task does not have users refers to dummy task + $taskInfo = ($previousThread['USR_ID'] === 0) ? Task::title($previousThread['TAS_ID']) : []; + if (!empty($taskInfo)) { + $dummyInfo = [ + 'task_id' => $previousThread['TAS_ID'], + 'name' => $taskInfo['title'], + 'type' => $taskInfo['type'] + ]; + } + } $result = []; $result['del_previous'] = $item['DEL_PREVIOUS']; $result['user_tooltip'] = $userInfo; + $result['dummy_task'] = $dummyInfo; $item['SEND_BY_INFO'] = $result; return $item; diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/Cases/Unassigned.php b/workflow/engine/src/ProcessMaker/BusinessModel/Cases/Unassigned.php index cd5e7b525..9bf328348 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/Cases/Unassigned.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/Cases/Unassigned.php @@ -6,6 +6,7 @@ use G; use ProcessMaker\Model\Application; use ProcessMaker\Model\CaseList; use ProcessMaker\Model\Delegation; +use ProcessMaker\Model\Task; use ProcessMaker\Model\User; class Unassigned extends AbstractCases @@ -90,8 +91,7 @@ class Unassigned extends AbstractCases if (!empty($this->getDelegateTo())) { $query->delegateDateTo($this->getDelegateTo()); } - - // Specific usrId represented by sendBy. + // Specific usrId represented by sendBy if (!empty($this->getSendBy())) { $query->sendBy($this->getSendBy()); } @@ -149,10 +149,25 @@ class Unassigned extends AbstractCases $item['DEL_DELEGATE_DATE_LABEL'] = applyMaskDateEnvironment($item['DEL_DELEGATE_DATE']); // Get the send by related to the previous index $previousThread = Delegation::getThreadInfo($item['APP_NUMBER'], $item['DEL_PREVIOUS']); - $userInfo = !empty($previousThread) ? User::getInformation($previousThread['USR_ID']) : []; + $userInfo = []; + $dummyInfo = []; + if (!empty($previousThread)) { + // When the task has an user + $userInfo = ($previousThread['USR_ID'] !== 0) ? User::getInformation($previousThread['USR_ID']) : []; + // When the task does not have users refers to dummy task + $taskInfo = ($previousThread['USR_ID'] === 0) ? Task::title($previousThread['TAS_ID']) : []; + if (!empty($taskInfo)) { + $dummyInfo = [ + 'task_id' => $previousThread['TAS_ID'], + 'name' => $taskInfo['title'], + 'type' => $taskInfo['type'] + ]; + } + } $result = []; $result['del_previous'] = $item['DEL_PREVIOUS']; $result['user_tooltip'] = $userInfo; + $result['dummy_task'] = $dummyInfo; $item['SEND_BY_INFO'] = $result; return $item; diff --git a/workflow/engine/src/ProcessMaker/Model/Task.php b/workflow/engine/src/ProcessMaker/Model/Task.php index 9d2ddf06b..bd6960a3f 100644 --- a/workflow/engine/src/ProcessMaker/Model/Task.php +++ b/workflow/engine/src/ProcessMaker/Model/Task.php @@ -120,16 +120,18 @@ class Task extends Model * * @param integer $tasId * - * @return string + * @return array */ - public function title($tasId) + public static function title($tasId) { - $query = Task::query()->select('TAS_TITLE'); + $query = Task::query()->select('TAS_TITLE', 'TAS_TYPE'); $query->where('TAS_ID', $tasId); $results = $query->get(); $title = ''; - $results->each(function ($item, $key) use (&$title) { + $type = ''; + $results->each(function ($item, $key) use (&$title, &$type) { $title = $item->TAS_TITLE; + $type = $item->TAS_TYPE; switch ($title) { case "INTERMEDIATE-THROW-EMAIL-EVENT": $title = G::LoadTranslation('ID_INTERMEDIATE_THROW_EMAIL_EVENT'); @@ -143,10 +145,37 @@ class Task extends Model case "INTERMEDIATE-CATCH-TIMER-EVENT": $title = G::LoadTranslation('ID_INTERMEDIATE_CATCH_TIMER_EVENT'); break; + case "SCRIPT-TASK": + $title = G::LoadTranslation('ID_SCRIPT_TASK_UNTITLED'); + break; + case "SERVICE-TASK": + $title = G::LoadTranslation('ID_SERVICE_TASK_UNTITLED'); + break; + } + switch ($type) { + case "INTERMEDIATE-THROW-EMAIL-EVENT": + $type = G::LoadTranslation('ID_EMAIL_EVENT'); + break; + case "INTERMEDIATE-THROW-MESSAGE-EVENT": + case "INTERMEDIATE-CATCH-MESSAGE-EVENT": + $type = G::LoadTranslation('ID_MESSAGE_EVENT'); + break; + case "INTERMEDIATE-CATCH-TIMER-EVENT": + $type = G::LoadTranslation('ID_TIMER_EVENT'); + break; + case "SCRIPT-TASK": + $type = G::LoadTranslation('ID_SCRIPT_TASK'); + break; + case "SERVICE-TASK": + $type = G::LoadTranslation('ID_SERVICE_TASK'); + break; } }); - return $title; + return [ + 'title' => $title, + 'type' => $type, + ]; } /** From 3e93235824025209f43d7a6ac703bad0913ba183 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julio=20Cesar=20Laura=20Avenda=C3=B1o?= Date: Wed, 24 Nov 2021 21:00:16 +0000 Subject: [PATCH 05/13] PMCORE-3468 --- workflow/engine/methods/login/authentication.php | 6 +++--- workflow/engine/methods/login/authenticationSso.php | 2 +- workflow/engine/methods/login/login.php | 12 ++++-------- workflow/engine/methods/login/sysLogin.php | 4 ++-- .../engine/src/ProcessMaker/BusinessModel/Light.php | 2 +- workflow/public_html/pmGmail/sso.php | 6 +----- 6 files changed, 12 insertions(+), 20 deletions(-) diff --git a/workflow/engine/methods/login/authentication.php b/workflow/engine/methods/login/authentication.php index 1e74266b2..12e72498b 100644 --- a/workflow/engine/methods/login/authentication.php +++ b/workflow/engine/methods/login/authentication.php @@ -16,7 +16,7 @@ try { } if (!$RBAC->singleSignOn) { - setcookie("singleSignOn", '0', time() + (24 * 60 * 60), '/'); + setcookie("singleSignOn", '0', time() + (24 * 60 * 60), '/', '', G::is_https()); if (!isset($_POST['form']) ) { G::SendTemporalMessage ('ID_USER_HAVENT_RIGHTS_SYSTEM', 'error'); G::header('Location: login'); @@ -181,7 +181,7 @@ try { EnterpriseClass::enterpriseSystemUpdate($loginInfo); initUserSession($uid, $usr); } else { - setcookie("singleSignOn", '1', time() + (24 * 60 * 60), '/'); + setcookie("singleSignOn", '1', time() + (24 * 60 * 60), '/', '', G::is_https()); $uid = $RBAC->userObj->fields['USR_UID']; $usr = $RBAC->userObj->fields['USR_USERNAME']; initUserSession($uid, $usr); @@ -416,7 +416,7 @@ try { $configS = System::getSystemConfiguration('', '', config("system.workspace")); $activeSession = isset($configS['session_block']) ? !(int)$configS['session_block']:true; if ($activeSession){ - setcookie("PM-TabPrimary", 101010010, time() + (24 * 60 * 60), '/'); + setcookie("PM-TabPrimary", 101010010, time() + (24 * 60 * 60), '/', '', G::is_https()); } // Update the User's last login date diff --git a/workflow/engine/methods/login/authenticationSso.php b/workflow/engine/methods/login/authenticationSso.php index 10a7b3c14..e1750c3f8 100644 --- a/workflow/engine/methods/login/authenticationSso.php +++ b/workflow/engine/methods/login/authenticationSso.php @@ -82,7 +82,7 @@ try { } /*----------------------------------********---------------------------------*/ - setcookie('singleSignOn', '1', time() + (24 * 60 * 60), '/'); + setcookie('singleSignOn', '1', time() + (24 * 60 * 60), '/', '', G::is_https()); initUserSession( $_SESSION['__USER_LOGGED_SSO__'], diff --git a/workflow/engine/methods/login/login.php b/workflow/engine/methods/login/login.php index e30db7ac5..fe11e77c7 100644 --- a/workflow/engine/methods/login/login.php +++ b/workflow/engine/methods/login/login.php @@ -182,11 +182,7 @@ if (isset($_SESSION['USER_LOGGED'])) { session_start(); session_regenerate_id(); -if (PHP_VERSION < 5.2) { - setcookie("workspaceSkin", SYS_SKIN, time() + (24 * 60 * 60), "/sys" . config("system.workspace"), "; HttpOnly"); -} else { - setcookie("workspaceSkin", SYS_SKIN, time() + (24 * 60 * 60), "/sys" . config("system.workspace"), null, false, true); -} +setcookie("workspaceSkin", SYS_SKIN, time() + (24 * 60 * 60), "/sys" . config("system.workspace"), null, G::is_https(), true); if (strlen($msg) > 0) { $_SESSION['G_MESSAGE'] = $msg; @@ -323,14 +319,14 @@ $flagForgotPassword = isset($oConf->aConfig['login_enableForgotPassword']) ? $oConf->aConfig['login_enableForgotPassword'] : 'off'; -setcookie('PM-Warning', trim(G::LoadTranslation('ID_BLOCKER_MSG'), '*'), time() + (24 * 60 * 60), SYS_URI); +setcookie('PM-Warning', trim(G::LoadTranslation('ID_BLOCKER_MSG'), '*'), time() + (24 * 60 * 60), SYS_URI, '', G::is_https()); $configS = System::getSystemConfiguration('', '', config("system.workspace")); $activeSession = isset($configS['session_block']) ? !(int)$configS['session_block'] : true; if ($activeSession) { - setcookie("PM-TabPrimary", 101010010, time() + (24 * 60 * 60), '/'); + setcookie("PM-TabPrimary", 101010010, time() + (24 * 60 * 60), '/', '', G::is_https()); } else { - setcookie("PM-TabPrimary", uniqid(), time() + (24 * 60 * 60), '/'); + setcookie("PM-TabPrimary", uniqid(), time() + (24 * 60 * 60), '/', '', G::is_https()); } $oHeadPublisher->addScriptCode("var flagForgotPassword = '$flagForgotPassword';"); diff --git a/workflow/engine/methods/login/sysLogin.php b/workflow/engine/methods/login/sysLogin.php index ff86c8520..a51dd038e 100644 --- a/workflow/engine/methods/login/sysLogin.php +++ b/workflow/engine/methods/login/sysLogin.php @@ -169,8 +169,8 @@ switch (WS_IN_LOGIN) { $fileLogin = 'login/sysLogin'; break; } -setcookie("PM-Warning", trim(G::LoadTranslation('ID_BLOCKER_MSG'), '*'), time() + (24 * 60 * 60), SYS_CURRENT_URI); -setcookie("PM-TabPrimary", uniqid(), time() + (24 * 60 * 60), '/'); +setcookie("PM-Warning", trim(G::LoadTranslation('ID_BLOCKER_MSG'), '*'), time() + (24 * 60 * 60), SYS_CURRENT_URI, '', G::is_https()); +setcookie("PM-TabPrimary", uniqid(), time() + (24 * 60 * 60), '/', '', G::is_https()); $oHeadPublisher = headPublisher::getSingleton(); $oHeadPublisher->addScriptFile('/jscore/src/PM.js'); $oHeadPublisher->addScriptFile('/jscore/src/Sessions.js'); diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/Light.php b/workflow/engine/src/ProcessMaker/BusinessModel/Light.php index 84c169b05..b6cdbf47a 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/Light.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/Light.php @@ -874,7 +874,7 @@ class Light session_start(); session_regenerate_id(); - setcookie("workspaceSkin", SYS_SKIN, time() + (24 * 60 * 60), "/sys" . config("system.workspace"), null, false, + setcookie("workspaceSkin", SYS_SKIN, time() + (24 * 60 * 60), "/sys" . config("system.workspace"), null, G::is_https(), true); if (strlen($msg) > 0) { diff --git a/workflow/public_html/pmGmail/sso.php b/workflow/public_html/pmGmail/sso.php index 03da58904..f98d5cde1 100644 --- a/workflow/public_html/pmGmail/sso.php +++ b/workflow/public_html/pmGmail/sso.php @@ -98,11 +98,7 @@ if (!isset($_SESSION['USER_LOGGED']) || $_SESSION['USER_LOGGED'] != $decodedResp session_start(); session_regenerate_id(); - if (PHP_VERSION < 5.2) { - setcookie("workspaceSkin", $enviroment, time() + (24 * 60 * 60), "/sys" . $enviroment, "; HttpOnly"); - } else { - setcookie("workspaceSkin", $enviroment, time() + (24 * 60 * 60), "/sys" . $enviroment, null, false, true); - } + setcookie("workspaceSkin", $enviroment, time() + (24 * 60 * 60), "/sys" . $enviroment, null, G::is_https(), true); $_SESSION = array(); $_SESSION['__EE_INSTALLATION__'] = 2; From c4dab28f33386c120c6b9f3f5473b84ead8798f8 Mon Sep 17 00:00:00 2001 From: Roly Gutierrez Date: Thu, 25 Nov 2021 10:16:56 -0400 Subject: [PATCH 06/13] PMCORE-3528 PMCORE-3386: ChangeLog Adding Before Assignment, Before Routing and After Routing --- .../ChangeLog/ChangeLogResult.php | 43 ++++++++++++++++--- 1 file changed, 37 insertions(+), 6 deletions(-) diff --git a/workflow/engine/src/ProcessMaker/ChangeLog/ChangeLogResult.php b/workflow/engine/src/ProcessMaker/ChangeLog/ChangeLogResult.php index c7df1bdcb..53c4beef7 100644 --- a/workflow/engine/src/ProcessMaker/ChangeLog/ChangeLogResult.php +++ b/workflow/engine/src/ProcessMaker/ChangeLog/ChangeLogResult.php @@ -138,7 +138,7 @@ class ChangeLogResult $totalCount = 0; $values = []; - $this->getLogsFromDataBase($this->appUid, function($row) use(&$logs, &$totalCount, &$values) { + $this->getLogsFromDataBase($this->appUid, function ($row) use (&$logs, &$totalCount, &$values) { $appData = $this->getAppData($row['DATA']); $this->removeVariables($appData); @@ -146,22 +146,52 @@ class ChangeLogResult if ((int) $row['SOURCE_ID'] === ChangeLog::FromABE) { $hasPermission = true; } + if (in_array((int) $row['EXECUTED_AT'], [ChangeLog::BEFORE_ASSIGNMENT, ChangeLog::BEFORE_ROUTING, ChangeLog::AFTER_ROUTING])) { + $hasPermission = true; + } $count = 0; foreach ($appData as $key => $value) { if ($hasPermission && (!isset($values[$key]) || $values[$key] !== $value)) { // Apply mask - $dateLabel = applyMaskDateEnvironment($row['DATE'],'', false); + $dateLabel = applyMaskDateEnvironment($row['DATE'], '', false); // Apply the timezone $dateLabel = DateTime::convertUtcToTimeZone($dateLabel); $previousValue = !isset($values[$key]) ? null : $values[$key]; + + //get 'title' label + $objectTitle = ''; + if ((int) $row['OBJECT_TYPE'] === ChangeLog::DYNAFORM) { + $objectTitle = G::LoadTranslation('ID_DYNAFORM') . ': ' . $row['DYN_TITLE']; + } + if ((int) $row['OBJECT_TYPE'] === ChangeLog::TRIGGER) { + if ((int) $row['EXECUTED_AT'] === ChangeLog::BEFORE_ASSIGNMENT) { + $objectTitle = G::LoadTranslation('ID_BEFORE_ASSIGNMENT'); + } + if ((int) $row['EXECUTED_AT'] === ChangeLog::BEFORE_ROUTING) { + $objectTitle = G::LoadTranslation('ID_BEFORE_DERIVATION'); + } + if ((int) $row['EXECUTED_AT'] === ChangeLog::AFTER_ROUTING) { + $objectTitle = G::LoadTranslation('ID_AFTER_DERIVATION'); + } + } + + //get 'from' label + $from = ChangeLog::getChangeLog()->getApplicationNameById($row['SOURCE_ID']); + if ((int) $row['SOURCE_ID'] === ChangeLog::FromUnknow) { + if ((int) $row['EXECUTED_AT'] === ChangeLog::BEFORE_ROUTING || + (int) $row['EXECUTED_AT'] === ChangeLog::AFTER_ROUTING) { + $from = ChangeLog::getChangeLog()->getApplicationNameById(ChangeLog::FromWeb); + } + } + $record = '' . G::LoadTranslation('ID_TASK') . ': ' . $row['TAS_TITLE'] . ' / ' - . G::LoadTranslation('ID_DYNAFORM') . ': ' . $row['DYN_TITLE'] . ' / ' + . $objectTitle . ' / ' . G::LoadTranslation('ID_LAN_UPDATE_DATE') . ': ' . $dateLabel . ' / ' . G::LoadTranslation('ID_USER') . ': ' . $row['USR_USERNAME'] . ' / ' - . G::LoadTranslation('ID_FROM') . ': ' . ChangeLog::getChangeLog()->getApplicationNameById($row['SOURCE_ID']); + . G::LoadTranslation('ID_FROM') . ': ' . $from; $struct = new LogStruct(); $struct->setField($key) @@ -210,6 +240,7 @@ class ChangeLogResult . "A.USR_ID, " . "A.OBJECT_ID, " . "A.OBJECT_UID, " + . "A.OBJECT_TYPE, " . "A.EXECUTED_AT, " . "A.SOURCE_ID, " . "A.DATA, " @@ -220,8 +251,8 @@ class ChangeLogResult . "LEFT JOIN PROCESS AS C ON (C.PRO_ID=A.PRO_ID) " . "LEFT JOIN TASK AS D ON (D.TAS_ID=A.TAS_ID) " . "LEFT JOIN USERS AS E ON (E.USR_ID=A.USR_ID) " - . "LEFT JOIN DYNAFORM AS F ON (F.DYN_ID=A.OBJECT_ID AND A.OBJECT_TYPE=" . ChangeLog::DYNAFORM . ") " - . "ORDER BY A.DATE ASC "; + . "LEFT JOIN DYNAFORM AS F ON (F.DYN_ID=A.OBJECT_ID AND A.OBJECT_TYPE IN (" . ChangeLog::DYNAFORM . ", " . ChangeLog::TRIGGER . ")) " + . "ORDER BY A.CHANGE_LOG_ID,A.DATE ASC "; $stmt = $conn->prepareStatement($sql); $stmt->set(1, $appUid); From 4a409fabf5477976ddf59239521d6b77d43711e3 Mon Sep 17 00:00:00 2001 From: Rodrigo Quelca Date: Thu, 18 Nov 2021 18:33:53 +0000 Subject: [PATCH 07/13] PMCORE-3474: X-Content-Type-Options Header Missing - Telefonica of Guatemala Security Analysis (Issue Rep# 11) code style solve code review notes --- gulliver/system/class.bootstrap.php | 3 ++- gulliver/system/class.g.php | 4 ++-- 2 files changed, 4 insertions(+), 3 deletions(-) diff --git a/gulliver/system/class.bootstrap.php b/gulliver/system/class.bootstrap.php index f2250c7c9..e2c1ca36f 100644 --- a/gulliver/system/class.bootstrap.php +++ b/gulliver/system/class.bootstrap.php @@ -806,6 +806,7 @@ class Bootstrap public static function streamCSSBigFile($filename) { header('Content-Type: text/css'); + header('X-Content-Type-Options: nosniff'); //First get Skin info $filenameParts = explode("-", $filename); @@ -969,7 +970,7 @@ class Bootstrap header('Content-Disposition: attachment; filename="' . $downloadFileName . '"'); } header('Content-Type: ' . $contentType); - + header('X-Content-Type-Options: nosniff'); // if userAgent (BROWSER) is MSIE we need special headers to avoid MSIE // behaivor. $userAgent = strtolower($_SERVER ['HTTP_USER_AGENT']); diff --git a/gulliver/system/class.g.php b/gulliver/system/class.g.php index e72afb64f..05653aee3 100644 --- a/gulliver/system/class.g.php +++ b/gulliver/system/class.g.php @@ -947,7 +947,7 @@ class G public static function streamCSSBigFile($filename) { header('Content-Type: text/css'); - + header('X-Content-Type-Options: nosniff'); //First get Skin info $filenameParts = explode("-", $filename); $skinName = $filenameParts[0]; @@ -1252,7 +1252,7 @@ class G header('Content-Disposition: inline; filename="' . $downloadFileName . '"'); } header('Content-Type: ' . $contentType); - + header('X-Content-Type-Options: nosniff'); //if userAgent (BROWSER) is MSIE we need special headers to avoid MSIE behaivor. $userAgent = strtolower($_SERVER['HTTP_USER_AGENT']); if (preg_match("/msie/i", $userAgent)) { From 76c1a45d4319344d26aa4f56ffb3e9d956170b2d Mon Sep 17 00:00:00 2001 From: Roly Gutierrez Date: Thu, 25 Nov 2021 13:00:58 -0400 Subject: [PATCH 08/13] PMCORE-3551 Data from external database is not displayed in Actions By Email view --- workflow/engine/methods/services/ActionsByEmailDataForm.php | 3 +++ 1 file changed, 3 insertions(+) diff --git a/workflow/engine/methods/services/ActionsByEmailDataForm.php b/workflow/engine/methods/services/ActionsByEmailDataForm.php index 156a2151a..740df7203 100644 --- a/workflow/engine/methods/services/ActionsByEmailDataForm.php +++ b/workflow/engine/methods/services/ActionsByEmailDataForm.php @@ -34,6 +34,9 @@ if (isset($_GET['BROWSER_TIME_ZONE_OFFSET'])) { $caseFields = $case->loadCase($applicationUid, $delIndex); + //this value is only important for Propel::getConnection() + $_SESSION['PROCESS'] = $caseFields['PRO_UID']; + // Updating case variables with system constants $systemConstants = G::getSystemConstants(); $caseFields['APP_DATA']['USER_LOGGED'] = $systemConstants['USER_LOGGED']; From 8d1942c35764ba0db6b073d49913525e48ec3fb0 Mon Sep 17 00:00:00 2001 From: Paula Quispe Date: Thu, 25 Nov 2021 13:09:02 -0400 Subject: [PATCH 09/13] PMCORE-3542 --- .../src/ProcessMaker/Model/TaskTest.php | 63 +++++++++++++++++-- .../BusinessModel/Cases/Inbox.php | 1 + .../BusinessModel/Cases/Paused.php | 1 + .../BusinessModel/Cases/Unassigned.php | 1 + .../engine/src/ProcessMaker/Model/Task.php | 4 ++ 5 files changed, 66 insertions(+), 4 deletions(-) diff --git a/tests/unit/workflow/engine/src/ProcessMaker/Model/TaskTest.php b/tests/unit/workflow/engine/src/ProcessMaker/Model/TaskTest.php index 14187953b..c6b294bd2 100644 --- a/tests/unit/workflow/engine/src/ProcessMaker/Model/TaskTest.php +++ b/tests/unit/workflow/engine/src/ProcessMaker/Model/TaskTest.php @@ -20,6 +20,31 @@ class TaskTest extends TestCase { use DatabaseTransactions; + /** + * It tests the get taskId + * + * @covers \ProcessMaker\Model\Task::getTask() + * @test + */ + public function it_get_task() + { + $task = factory(Task::class)->create(); + $result = Task::getTask($task->TAS_ID); + $this->assertNotEmpty($result); + } + + /** + * This test scopeExcludedTasks + * + * @covers \ProcessMaker\Model\Task::scopeExcludedTasks() + * @test + */ + public function it_scope_exclude_tasks() + { + $table = factory(Task::class)->create(); + $this->assertNotEmpty($table->excludedTasks()->get()); + } + /** * This checks to make get the name of the task * @@ -30,32 +55,60 @@ class TaskTest extends TestCase { // Intermediate email event $task = factory(Task::class)->create([ - 'TAS_TITLE' => 'INTERMEDIATE-THROW-EMAIL-EVENT' + 'TAS_TITLE' => 'INTERMEDIATE-THROW-EMAIL-EVENT', + 'TAS_TYPE' => 'INTERMEDIATE-THROW-EMAIL-EVENT' ]); $taskInstance = new Task(); $title = $taskInstance->title($task->TAS_ID); $this->assertEquals($title['title'], G::LoadTranslation('ID_INTERMEDIATE_THROW_EMAIL_EVENT')); // Intermediate throw message event $task = factory(Task::class)->create([ - 'TAS_TITLE' => 'INTERMEDIATE-THROW-MESSAGE-EVENT' + 'TAS_TITLE' => 'INTERMEDIATE-THROW-MESSAGE-EVENT', + 'TAS_TYPE' => 'INTERMEDIATE-THROW-MESSAGE-EVENT' ]); $taskInstance = new Task(); $title = $taskInstance->title($task->TAS_ID); $this->assertEquals($title['title'], G::LoadTranslation('ID_INTERMEDIATE_THROW_MESSAGE_EVENT')); // Intermediate catch message event $task = factory(Task::class)->create([ - 'TAS_TITLE' => 'INTERMEDIATE-CATCH-MESSAGE-EVENT' + 'TAS_TITLE' => 'INTERMEDIATE-CATCH-MESSAGE-EVENT', + 'TAS_TYPE' => 'INTERMEDIATE-CATCH-MESSAGE-EVENT' ]); $taskInstance = new Task(); $title = $taskInstance->title($task->TAS_ID); $this->assertEquals($title['title'], G::LoadTranslation('ID_INTERMEDIATE_CATCH_MESSAGE_EVENT')); // Intermediate timer event $task = factory(Task::class)->create([ - 'TAS_TITLE' => 'INTERMEDIATE-CATCH-TIMER-EVENT' + 'TAS_TITLE' => 'INTERMEDIATE-CATCH-TIMER-EVENT', + 'TAS_TYPE' => 'INTERMEDIATE-CATCH-TIMER-EVENT' ]); $taskInstance = new Task(); $title = $taskInstance->title($task->TAS_ID); $this->assertEquals($title['title'], G::LoadTranslation('ID_INTERMEDIATE_CATCH_TIMER_EVENT')); + // Script task + $task = factory(Task::class)->create([ + 'TAS_TITLE' => 'SCRIPT-TASK', + 'TAS_TYPE' => 'SCRIPT-TASK' + ]); + $taskInstance = new Task(); + $title = $taskInstance->title($task->TAS_ID); + $this->assertEquals($title['title'], G::LoadTranslation('ID_SCRIPT_TASK_UNTITLED')); + // Service task + $task = factory(Task::class)->create([ + 'TAS_TITLE' => 'SERVICE-TASK', + 'TAS_TYPE' => 'SERVICE-TASK' + ]); + $taskInstance = new Task(); + $title = $taskInstance->title($task->TAS_ID); + $this->assertEquals($title['title'], G::LoadTranslation('ID_SERVICE_TASK_UNTITLED')); + // None + $task = factory(Task::class)->create([ + 'TAS_TITLE' => 'SUBPROCESS', + 'TAS_TYPE' => 'SUBPROCESS' + ]); + $taskInstance = new Task(); + $title = $taskInstance->title($task->TAS_ID); + $this->assertEquals($title['title'], G::LoadTranslation('ID_ANONYMOUS')); } /** @@ -191,6 +244,8 @@ class TaskTest extends TestCase * It test get tasks for the new home view * * @covers \ProcessMaker\Model\Task::getTasksForHome() + * @covers \ProcessMaker\Model\Task::scopeTitle() + * @covers \ProcessMaker\Model\Task::scopeProcess() * @test */ public function it_should_test_get_tasks_for_home_method() diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/Cases/Inbox.php b/workflow/engine/src/ProcessMaker/BusinessModel/Cases/Inbox.php index 3a7c95e64..fbdcf13cd 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/Cases/Inbox.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/Cases/Inbox.php @@ -163,6 +163,7 @@ class Inbox extends AbstractCases } $result = []; $result['del_previous'] = $item['DEL_PREVIOUS']; + $result['key_name'] = !empty($userInfo) ? 'user_tooltip' : 'dummy_task'; $result['user_tooltip'] = $userInfo; $result['dummy_task'] = $dummyInfo; $item['SEND_BY_INFO'] = $result; diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/Cases/Paused.php b/workflow/engine/src/ProcessMaker/BusinessModel/Cases/Paused.php index fe9219f79..a0049a744 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/Cases/Paused.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/Cases/Paused.php @@ -157,6 +157,7 @@ class Paused extends AbstractCases } $result = []; $result['del_previous'] = $item['DEL_PREVIOUS']; + $result['key_name'] = !empty($userInfo) ? 'user_tooltip' : 'dummy_task'; $result['user_tooltip'] = $userInfo; $result['dummy_task'] = $dummyInfo; $item['SEND_BY_INFO'] = $result; diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/Cases/Unassigned.php b/workflow/engine/src/ProcessMaker/BusinessModel/Cases/Unassigned.php index 9bf328348..0596dd604 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/Cases/Unassigned.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/Cases/Unassigned.php @@ -166,6 +166,7 @@ class Unassigned extends AbstractCases } $result = []; $result['del_previous'] = $item['DEL_PREVIOUS']; + $result['key_name'] = !empty($userInfo) ? 'user_tooltip' : 'dummy_task'; $result['user_tooltip'] = $userInfo; $result['dummy_task'] = $dummyInfo; $item['SEND_BY_INFO'] = $result; diff --git a/workflow/engine/src/ProcessMaker/Model/Task.php b/workflow/engine/src/ProcessMaker/Model/Task.php index bd6960a3f..b554c2661 100644 --- a/workflow/engine/src/ProcessMaker/Model/Task.php +++ b/workflow/engine/src/ProcessMaker/Model/Task.php @@ -151,6 +151,8 @@ class Task extends Model case "SERVICE-TASK": $title = G::LoadTranslation('ID_SERVICE_TASK_UNTITLED'); break; + default: + $title = G::LoadTranslation('ID_ANONYMOUS'); } switch ($type) { case "INTERMEDIATE-THROW-EMAIL-EVENT": @@ -169,6 +171,8 @@ class Task extends Model case "SERVICE-TASK": $type = G::LoadTranslation('ID_SERVICE_TASK'); break; + default: + $type = G::LoadTranslation('ID_NONE'); } }); From c4e7cc95110fbf1f8748bfa253c098e2a1d8c0d5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Julio=20Cesar=20Laura=20Avenda=C3=B1o?= Date: Fri, 26 Nov 2021 15:58:35 +0000 Subject: [PATCH 10/13] PMCORE-3467 --- gulliver/system/class.bootstrap.php | 11 + .../engine/methods/login/authentication.php | 7 +- .../methods/login/authenticationSso.php | 4 +- workflow/engine/methods/login/login.php | 37 +- workflow/engine/methods/login/sysLogin.php | 38 +- .../src/ProcessMaker/BusinessModel/Light.php | 4 +- .../engine/src/ProcessMaker/Core/System.php | 47 ++ .../ProcessMaker/Services/OAuth2/Server.php | 4 +- workflow/public_html/bootstrap.php | 736 ------------------ workflow/public_html/pmGmail/sso.php | 3 +- workflow/public_html/sysGeneric.php | 14 +- 11 files changed, 96 insertions(+), 809 deletions(-) delete mode 100644 workflow/public_html/bootstrap.php diff --git a/gulliver/system/class.bootstrap.php b/gulliver/system/class.bootstrap.php index f2250c7c9..a462dba73 100644 --- a/gulliver/system/class.bootstrap.php +++ b/gulliver/system/class.bootstrap.php @@ -2788,4 +2788,15 @@ class Bootstrap ]; self::registerMonolog($channel, $level, $message, $context); } + + /** + * Build the options for a cookie, according to the system configuration and values optionally sent to this method + * + * @param array $options + * @return array + */ + public static function buildCookieOptions(array $options = []) + { + return System::buildCookieOptions($options); + } } diff --git a/workflow/engine/methods/login/authentication.php b/workflow/engine/methods/login/authentication.php index 12e72498b..bce846d57 100644 --- a/workflow/engine/methods/login/authentication.php +++ b/workflow/engine/methods/login/authentication.php @@ -15,8 +15,9 @@ try { $urlLogin = (substr(SYS_SKIN, 0, 2) !== 'ux')? 'login' : '../main/login'; } + $cookieOptions = Bootstrap::buildCookieOptions(['expires' => time() + (24 * 60 * 60)]); if (!$RBAC->singleSignOn) { - setcookie("singleSignOn", '0', time() + (24 * 60 * 60), '/', '', G::is_https()); + setcookie('singleSignOn', '0', $cookieOptions); if (!isset($_POST['form']) ) { G::SendTemporalMessage ('ID_USER_HAVENT_RIGHTS_SYSTEM', 'error'); G::header('Location: login'); @@ -181,7 +182,7 @@ try { EnterpriseClass::enterpriseSystemUpdate($loginInfo); initUserSession($uid, $usr); } else { - setcookie("singleSignOn", '1', time() + (24 * 60 * 60), '/', '', G::is_https()); + setcookie('singleSignOn', '1', $cookieOptions); $uid = $RBAC->userObj->fields['USR_UID']; $usr = $RBAC->userObj->fields['USR_USERNAME']; initUserSession($uid, $usr); @@ -416,7 +417,7 @@ try { $configS = System::getSystemConfiguration('', '', config("system.workspace")); $activeSession = isset($configS['session_block']) ? !(int)$configS['session_block']:true; if ($activeSession){ - setcookie("PM-TabPrimary", 101010010, time() + (24 * 60 * 60), '/', '', G::is_https()); + setcookie('PM-TabPrimary', 101010010, $cookieOptions); } // Update the User's last login date diff --git a/workflow/engine/methods/login/authenticationSso.php b/workflow/engine/methods/login/authenticationSso.php index e1750c3f8..b4237b2db 100644 --- a/workflow/engine/methods/login/authenticationSso.php +++ b/workflow/engine/methods/login/authenticationSso.php @@ -81,8 +81,8 @@ try { } } /*----------------------------------********---------------------------------*/ - - setcookie('singleSignOn', '1', time() + (24 * 60 * 60), '/', '', G::is_https()); + $cookieOptions = Bootstrap::buildCookieOptions(['expires' => time() + (24 * 60 * 60)]); + setcookie('singleSignOn', '1', $cookieOptions); initUserSession( $_SESSION['__USER_LOGGED_SSO__'], diff --git a/workflow/engine/methods/login/login.php b/workflow/engine/methods/login/login.php index fe11e77c7..0fc9612a2 100644 --- a/workflow/engine/methods/login/login.php +++ b/workflow/engine/methods/login/login.php @@ -1,27 +1,4 @@ . - * - * For more information, contact Colosa Inc, 2566 Le Jeune Rd., - * Coral Gables, FL, 33134, USA, or email info@colosa.com. - * - */ use ProcessMaker\Core\System; use ProcessMaker\Plugins\PluginRegistry; @@ -182,7 +159,11 @@ if (isset($_SESSION['USER_LOGGED'])) { session_start(); session_regenerate_id(); -setcookie("workspaceSkin", SYS_SKIN, time() + (24 * 60 * 60), "/sys" . config("system.workspace"), null, G::is_https(), true); +$cookieOptions = Bootstrap::buildCookieOptions(['expires' => time() + (24 * 60 * 60), 'httponly' => true]); +setcookie(session_name(), session_id(), $cookieOptions); + +$cookieOptions = Bootstrap::buildCookieOptions(['expires' => time() + (24 * 60 * 60), 'path' => '/sys' . config('system.workspace'), 'httponly' => true]); +setcookie('workspaceSkin', SYS_SKIN, $cookieOptions); if (strlen($msg) > 0) { $_SESSION['G_MESSAGE'] = $msg; @@ -319,14 +300,16 @@ $flagForgotPassword = isset($oConf->aConfig['login_enableForgotPassword']) ? $oConf->aConfig['login_enableForgotPassword'] : 'off'; -setcookie('PM-Warning', trim(G::LoadTranslation('ID_BLOCKER_MSG'), '*'), time() + (24 * 60 * 60), SYS_URI, '', G::is_https()); +$cookieOptions = Bootstrap::buildCookieOptions(['expires' => time() + (24 * 60 * 60), 'path' => SYS_URI]); +setcookie('PM-Warning', trim(G::LoadTranslation('ID_BLOCKER_MSG'), '*'), $cookieOptions); $configS = System::getSystemConfiguration('', '', config("system.workspace")); $activeSession = isset($configS['session_block']) ? !(int)$configS['session_block'] : true; +$cookieOptions = Bootstrap::buildCookieOptions(['expires' => time() + (24 * 60 * 60)]); if ($activeSession) { - setcookie("PM-TabPrimary", 101010010, time() + (24 * 60 * 60), '/', '', G::is_https()); + setcookie('PM-TabPrimary', 101010010, $cookieOptions); } else { - setcookie("PM-TabPrimary", uniqid(), time() + (24 * 60 * 60), '/', '', G::is_https()); + setcookie('PM-TabPrimary', uniqid(), $cookieOptions); } $oHeadPublisher->addScriptCode("var flagForgotPassword = '$flagForgotPassword';"); diff --git a/workflow/engine/methods/login/sysLogin.php b/workflow/engine/methods/login/sysLogin.php index a51dd038e..59416d622 100644 --- a/workflow/engine/methods/login/sysLogin.php +++ b/workflow/engine/methods/login/sysLogin.php @@ -1,28 +1,5 @@ . - * - * For more information, contact Colosa Inc, 2566 Le Jeune Rd., - * Coral Gables, FL, 33134, USA, or email info@colosa.com. - * - */ -/*----------------------------------********---------------------------------*/ + //Browser Compatibility $browserSupported = G::checkBrowserCompatibility(); if ($browserSupported==false) { @@ -50,11 +27,14 @@ if (!empty($_SESSION['G_MESSAGE_TYPE'])) { } //Initialize session - @session_destroy(); session_start(); session_regenerate_id(); +//Set options for PHP session cookie +$cookieOptions = Bootstrap::buildCookieOptions(['expires' => time() + (24 * 60 * 60), 'httponly' => true]); +setcookie(session_name(), session_id(), $cookieOptions); + //Restore session variables $_SESSION = array_merge($_SESSION, $arraySession); @@ -169,8 +149,12 @@ switch (WS_IN_LOGIN) { $fileLogin = 'login/sysLogin'; break; } -setcookie("PM-Warning", trim(G::LoadTranslation('ID_BLOCKER_MSG'), '*'), time() + (24 * 60 * 60), SYS_CURRENT_URI, '', G::is_https()); -setcookie("PM-TabPrimary", uniqid(), time() + (24 * 60 * 60), '/', '', G::is_https()); +$cookieOptions = Bootstrap::buildCookieOptions(['expires' => time() + (24 * 60 * 60), 'path' => SYS_CURRENT_URI]); +setcookie('PM-Warning', trim(G::LoadTranslation('ID_BLOCKER_MSG'), '*'), $cookieOptions); + +$cookieOptions = Bootstrap::buildCookieOptions(['expires' => time() + (24 * 60 * 60)]); +setcookie('PM-TabPrimary', uniqid(), $cookieOptions); + $oHeadPublisher = headPublisher::getSingleton(); $oHeadPublisher->addScriptFile('/jscore/src/PM.js'); $oHeadPublisher->addScriptFile('/jscore/src/Sessions.js'); diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/Light.php b/workflow/engine/src/ProcessMaker/BusinessModel/Light.php index b6cdbf47a..9d67e883c 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/Light.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/Light.php @@ -874,8 +874,8 @@ class Light session_start(); session_regenerate_id(); - setcookie("workspaceSkin", SYS_SKIN, time() + (24 * 60 * 60), "/sys" . config("system.workspace"), null, G::is_https(), - true); + $cookieOptions = Bootstrap::buildCookieOptions(['expires' => time() + (24 * 60 * 60), 'path' => '/sys' . config('system.workspace'), 'httponly' => true]); + setcookie('workspaceSkin', SYS_SKIN, $cookieOptions); if (strlen($msg) > 0) { $_SESSION['G_MESSAGE'] = $msg; diff --git a/workflow/engine/src/ProcessMaker/Core/System.php b/workflow/engine/src/ProcessMaker/Core/System.php index 949936ec2..a30cbefd5 100644 --- a/workflow/engine/src/ProcessMaker/Core/System.php +++ b/workflow/engine/src/ProcessMaker/Core/System.php @@ -86,6 +86,21 @@ class System 'disable_task_manager_routing_async' => '0', 'on_one_server_enable' => 0, 'at_risk_delegation_max_time' => '0.2', + 'samesite_cookie_setting' => '' + ]; + + public static $cookieDefaultOptions = [ + 'expires' => 0, + 'path' => '/', + 'domain' => '', + 'secure' => false, + 'httponly' => false, + 'samesite' => '' + ]; + + public static $cookieSameSiteValues = [ + 'Lax', + 'Strict' ]; /** @@ -1252,6 +1267,13 @@ class System $config['at_risk_delegation_max_time'] = self::$defaultConfig['at_risk_delegation_max_time']; } + $value = ucfirst(strtolower($config['samesite_cookie_setting'])); + if (in_array($value, self::$cookieSameSiteValues)) { + $config['samesite_cookie_setting'] = $value; + } else { + $config['samesite_cookie_setting'] = ''; + } + return $config; } @@ -1778,4 +1800,29 @@ class System $parseDsn["pass"] = urldecode($parseDsn["pass"]); return $parseDsn; } + + /** + * Build the options for a cookie, according to the system configuration and values optionally sent to this method + * + * @param array $options + * @return array + */ + public static function buildCookieOptions(array $options = []) + { + // Get system values + $cookieOptions = self::$cookieDefaultOptions; + $systemConfiguration = self::getSystemConfiguration(); + + // Always set "secure" option according to the server protocol + $cookieOptions['secure'] = G::is_https(); + + // Set the "samesite" option according to the system configuration + $cookieOptions['samesite'] = $systemConfiguration['samesite_cookie_setting']; + + // Overrides the cookie options with the values sent to the method + $cookieOptions = array_merge($cookieOptions, $options); + + // Return the cookie options + return $cookieOptions; + } } diff --git a/workflow/engine/src/ProcessMaker/Services/OAuth2/Server.php b/workflow/engine/src/ProcessMaker/Services/OAuth2/Server.php index f0c256dfe..5ea9ebffd 100644 --- a/workflow/engine/src/ProcessMaker/Services/OAuth2/Server.php +++ b/workflow/engine/src/ProcessMaker/Services/OAuth2/Server.php @@ -1,6 +1,7 @@ getSessionName(), $_COOKIE[$session->getSessionName()], time() + $lifetime, "/", null, false, true); + $cookieOptions = Bootstrap::buildCookieOptions(['expires' => time() + $lifetime, 'secure' => false, 'httponly' => true]); + setcookie($session->getSessionName(), $_COOKIE[$session->getSessionName()], $cookieOptions); } } diff --git a/workflow/public_html/bootstrap.php b/workflow/public_html/bootstrap.php deleted file mode 100644 index cf58c3128..000000000 --- a/workflow/public_html/bootstrap.php +++ /dev/null @@ -1,736 +0,0 @@ -validateInput($config['display_errors']); -$config['error_reporting'] = $filter->validateInput($config['error_reporting']); -$config['wsdl_cache'] = $filter->validateInput($config['wsdl_cache'], 'int'); -$config['time_zone'] = $filter->validateInput($config['time_zone']); -// Do not change any of these settings directly, use env.ini instead -ini_set('display_errors', $filter->validateInput($config['display_errors'])); -ini_set('error_reporting', $filter->validateInput($config['error_reporting'])); -ini_set('short_open_tag', 'On'); -ini_set('default_charset', "UTF-8"); -ini_set('soap.wsdl_cache_enabled', $config['wsdl_cache']); -ini_set('date.timezone', - (isset($_SESSION['__SYSTEM_UTC_TIME_ZONE__']) && $_SESSION['__SYSTEM_UTC_TIME_ZONE__']) ? 'UTC' : $config['time_zone']); //Set Time Zone - -define('DEBUG_SQL_LOG', $config['debug_sql']); -define('DEBUG_TIME_LOG', $config['debug_time']); -define('DEBUG_CALENDAR_LOG', $config['debug_calendar']); -define('MEMCACHED_ENABLED', $config['memcached']); -define('MEMCACHED_SERVER', $config['memcached_server']); -define('TIME_ZONE', ini_get('date.timezone')); - -// IIS Compatibility, SERVER_ADDR doesn't exist on that env, so we need to define it. -$_SERVER['SERVER_ADDR'] = isset($_SERVER['SERVER_ADDR']) ? $_SERVER['SERVER_ADDR'] : $_SERVER['SERVER_NAME']; - -//to do: make different environments. sys - -define('ERROR_SHOW_SOURCE_CODE', - true); // enable ERROR_SHOW_SOURCE_CODE to display the source code for any WARNING OR NOTICE -//define ( 'ERROR_LOG_NOTICE_ERROR', true ); //enable ERROR_LOG_NOTICE_ERROR to log Notices messages in default apache log - -//check if it is a installation instance -if (!defined('PATH_C')) { - // is a intallation instance, so we need to define PATH_C and PATH_LANGUAGECONT constants temporarily - define('PATH_C', (rtrim(G::sys_get_temp_dir(), PATH_SEP) . PATH_SEP)); - define('PATH_LANGUAGECONT', PATH_HOME . 'engine/content/languages/'); -} - -// defining Virtual URLs -$virtualURITable = []; -$virtualURITable['/plugin/(*)'] = 'plugin'; -$virtualURITable['/(sys*)/(*.js)'] = 'jsMethod'; -$virtualURITable['/js/(*)'] = PATH_GULLIVER_HOME . 'js/'; -$virtualURITable['/jscore/(*)'] = PATH_CORE . 'js/'; - -if (defined('PATH_C')) { - $virtualURITable['/jsform/(*.js)'] = PATH_C . 'xmlform/'; - $virtualURITable['/extjs/(*)'] = PATH_C . 'ExtJs/'; -} - -$virtualURITable['/htmlarea/(*)'] = PATH_THIRDPARTY . 'htmlarea/'; -$virtualURITable['/sys[a-zA-Z][a-zA-Z0-9]{0,}()/'] = 'sysNamed'; -$virtualURITable['/(sys*)'] = false; -$virtualURITable['/errors/(*)'] = PATH_GULLIVER_HOME . 'methods/errors/'; -$virtualURITable['/gulliver/(*)'] = PATH_GULLIVER_HOME . 'methods/'; -$virtualURITable['/controls/(*)'] = PATH_GULLIVER_HOME . 'methods/controls/'; -$virtualURITable['/html2ps_pdf/(*)'] = PATH_THIRDPARTY . 'html2ps_pdf/'; -$virtualURITable['/images/'] = 'errorFile'; -$virtualURITable['/skins/'] = 'errorFile'; -$virtualURITable['/files/'] = 'errorFile'; -$virtualURITable['/[a-zA-Z][a-zA-Z0-9]{0,}()'] = 'sysUnnamed'; -$virtualURITable['/rest/(*)'] = 'rest-service'; -$virtualURITable['/update/(*)'] = PATH_GULLIVER_HOME . 'methods/update/'; -$virtualURITable['/(*)'] = PATH_HTML; - -$isRestRequest = false; - -// Verify if we need to redirect or stream the file, if G:VirtualURI returns true means we are going to redirect the page -if (G::virtualURI($_SERVER['REQUEST_URI'], $virtualURITable, $realPath)) { - // review if the file requested belongs to public_html plugin - if (substr($realPath, 0, 6) == 'plugin') { - // Another way to get the path of Plugin public_html and stream the correspondent file, By JHL Jul 14, 08 - // TODO: $pathsQuery will be used? - $pathsQuery = ''; - // Get the query side - // Did we use this variable $pathsQuery for something?? - $forQuery = explode("?", $realPath); - if (isset($forQuery[1])) { - $pathsQuery = $forQuery[1]; - } - - //Get that path in array - $paths = explode(PATH_SEP, $forQuery[0]); - //remove the "plugin" word from - $paths[0] = substr($paths[0], 6); - //Get the Plugin Folder, always the first element - $pluginFolder = array_shift($paths); - //The other parts are the realpath into public_html (no matter how many elements) - $filePath = implode(PATH_SEP, $paths); - $pluginFilename = PATH_PLUGINS . $pluginFolder . PATH_SEP . 'public_html' . PATH_SEP . $filePath; - - if (file_exists($pluginFilename)) { - G::streamFile($pluginFilename); - } - die; - } - - $requestUriArray = explode("/", $_SERVER['REQUEST_URI']); - - if ((isset($requestUriArray[1])) && ($requestUriArray[1] == 'skin')) { - // This will allow to public images of Custom Skins, By JHL Feb 28, 11 - $pathsQuery = ""; - // Get the query side - // This way we remove garbage - $forQuery = explode("?", $realPath); - if (isset($forQuery[1])) { - $pathsQuery = $forQuery[1]; - } - - //Get that path in array - $paths = explode(PATH_SEP, $forQuery[0]); - $fileToBeStreamed = str_replace("/skin/", PATH_CUSTOM_SKINS, $_SERVER['REQUEST_URI']); - - if (file_exists($fileToBeStreamed)) { - G::streamFile($fileToBeStreamed); - } - die; - } - switch ($realPath) { - case 'sysUnnamed' : - require_once('sysUnnamed.php'); - die; - break; - case 'sysNamed' : - header('location : ' . $_SERVER['REQUEST_URI'] . '/' . SYS_LANG . '/classic/login/login'); - die; - break; - case 'jsMethod' : - G::parseURI(getenv("REQUEST_URI")); - $filename = PATH_METHODS . SYS_COLLECTION . '/' . SYS_TARGET . '.js'; - G::streamFile($filename); - die; - break; - case 'errorFile': - header("location: /errors/error404.php?url=" . urlencode($_SERVER['REQUEST_URI'])); - if (DEBUG_TIME_LOG) { - G::logTimeByPage(); - } //log this page - die; - break; - default : - if (substr($realPath, 0, 12) == 'rest-service') { - $isRestRequest = true; - } else { - $realPath = explode('?', $realPath); - $realPath[0] .= strpos(basename($realPath[0]), '.') === false ? '.php' : ''; - G::streamFile($realPath[0]); - die; - } - } -}//virtual URI parser - -// the request correspond to valid php page, now parse the URI -G::parseURI(getenv("REQUEST_URI"), $isRestRequest); - -$arrayUpdating = G::isPMUnderUpdating(); -if ($arrayUpdating['action']) { - if ($arrayUpdating['workspace'] == "true" || $arrayUpdating['workspace'] == SYS_TEMP) { - header("location: /update/updating.php"); - if (DEBUG_TIME_LOG) { - G::logTimeByPage(); - } - die; - } -} - -// verify if index.html exists -if (!file_exists(PATH_HTML . 'index.html')) { // if not, create it from template - file_put_contents( - PATH_HTML . 'index.html', - G::parseTemplate(PATH_TPL . "index.html", - array("lang" => ((defined("SYS_LANG") && SYS_LANG != "") ? SYS_LANG : "en"), "skin" => SYS_SKIN)) - ); -} - -define('SYS_URI', '/sys' . SYS_TEMP . '/' . SYS_LANG . '/' . SYS_SKIN . '/'); - -// defining the serverConf singleton -if (defined('PATH_DATA') && file_exists(PATH_DATA)) { - //Instance Server Configuration Singleton - $oServerConf = ServerConf::getSingleton(); -} - -// Call Gulliver Classes - - -// Create headPublisher singleton - -$oHeadPublisher = headPublisher::getSingleton(); - -//Load filter class - -$filter = new InputFilter(); - -// Installer, redirect to install if we don't have a valid shared data folder -if (!defined('PATH_DATA') || !file_exists(PATH_DATA)) { - - // new installer, extjs based - define('PATH_DATA', PATH_C); - require_once ( PATH_CONTROLLERS . 'InstallerModule.php' ); - $controller = InstallerModule::class; - - // if the method name is empty set default to index method - if (strpos(SYS_TARGET, '/') !== false) { - list($controller, $controllerAction) = explode('/', SYS_TARGET); - } else { - $controllerAction = SYS_TARGET; - } - - $controllerAction = ($controllerAction != '' && $controllerAction != 'login') ? $controllerAction : 'index'; - - // create the installer controller and call its method - if (is_callable([InstallerModule::class, $controllerAction])) { - $installer = new $controller(); - $installer->setHttpRequestData($_REQUEST); - $installer->call($controllerAction); - } - else { - $_SESSION['phpFileNotFound'] = $_SERVER['REQUEST_URI']; - header ("location: /errors/error404.php?url=" . urlencode($_SERVER['REQUEST_URI'])); - } - die; -} - -// Load Language Translation -G::LoadTranslationObject(defined('SYS_LANG') ? SYS_LANG : "en"); - -// look for a disabled workspace -if ($oServerConf->isWSDisabled(SYS_TEMP)) { - $aMessage['MESSAGE'] = G::LoadTranslation('ID_DISB_WORKSPACE'); - $G_PUBLISH = new Publisher; - $G_PUBLISH->AddContent('xmlform', 'xmlform', 'login/showMessage', '', $aMessage); - G::RenderPage('publish'); - die; -} - -// database and workspace definition -// if SYS_TEMP exists, the URL has a workspace, now we need to verify if exists their db.php file -if (defined('SYS_TEMP') && SYS_TEMP != '') { - //this is the default, the workspace db.php file is in /shared/workflow/sites/SYS_SYS - if (file_exists(PATH_DB . SYS_TEMP . '/db.php')) { - $pathFile = $filter->validateInput(PATH_DB . SYS_TEMP . '/db.php', 'path'); - require_once($pathFile); - define('SYS_SYS', SYS_TEMP); - - // defining constant for workspace shared directory - define('PATH_WORKSPACE', PATH_DB . config("system.workspace") . PATH_SEP); - // including workspace shared classes -> particularlly for pmTables - set_include_path(get_include_path() . PATH_SEPARATOR . PATH_WORKSPACE); - } else { - G::SendTemporalMessage('ID_NOT_WORKSPACE', "error"); - G::header('location: /sys/' . SYS_LANG . '/' . SYS_SKIN . '/main/sysLogin?errno=2'); - die; - } -} else { //when we are in global pages, outside any valid workspace - if (SYS_TARGET === 'newSite') { - $phpFile = G::ExpandPath('methods') . SYS_COLLECTION . "/" . SYS_TARGET . '.php'; - $phpFile = $filter->validateInput($phpFile, 'path'); - require_once($phpFile); - die(); - } else { - if (SYS_TARGET == "dbInfo") { //Show dbInfo when no SYS_SYS - $pathFile = PATH_METHODS . 'login/dbInfo.php'; - $pathFile = $filter->validateInput($pathFile, 'path'); - require_once($pathFile); - } else { - - if (substr(SYS_SKIN, 0, - 2) === 'ux' && SYS_TARGET != 'sysLoginVerify') { // new ux sysLogin - extjs based form - $pathFile = $filter->validateInput(PATH_CONTROLLERS . 'main.php', 'path'); - require_once $pathFile; - $controllerClass = 'Main'; - $controllerAction = SYS_TARGET == 'sysLoginVerify' ? SYS_TARGET : 'sysLogin'; - //if the method exists - if (is_callable(Array($controllerClass, $controllerAction))) { - $controller = new $controllerClass(); - $controller->setHttpRequestData($_REQUEST); - $controller->call($controllerAction); - } - } else { // classic sysLogin interface - $pathFile = PATH_METHODS . 'login/sysLogin.php'; - $pathFile = $filter->validateInput($pathFile, 'path'); - require_once($pathFile); - die(); - } - } - if (DEBUG_TIME_LOG) { - G::logTimeByPage(); - } //log this page - die(); - } -} - -// PM Paths DATA -define('PATH_DATA_SITE', PATH_DATA . 'sites/' . config("system.workspace") . '/'); -define('PATH_DOCUMENT', PATH_DATA_SITE . 'files/'); -define('PATH_DATA_MAILTEMPLATES', PATH_DATA_SITE . 'mailTemplates/'); -define('PATH_DATA_PUBLIC', PATH_DATA_SITE . 'public/'); -define('PATH_DATA_REPORTS', PATH_DATA_SITE . 'reports/'); -define('PATH_DYNAFORM', PATH_DATA_SITE . 'xmlForms/'); -define('PATH_IMAGES_ENVIRONMENT_FILES', PATH_DATA_SITE . 'usersFiles' . PATH_SEP); -define('PATH_IMAGES_ENVIRONMENT_USERS', PATH_DATA_SITE . 'usersPhotographies' . PATH_SEP); -define('SERVER_NAME', $_SERVER ['SERVER_NAME']); -define('SERVER_PORT', $_SERVER ['SERVER_PORT']); - -// create memcached singleton -$memcache = PMmemcached::getSingleton(config("system.workspace")); - -// verify configuration for rest service -if ($isRestRequest) { - // disable until confirm that rest is enabled & configured on rest-config.ini file - $isRestRequest = false; - $confFile = ''; - $restApiClassPath = ''; - - // try load and getting rest configuration - if (file_exists(PATH_DATA_SITE . 'rest-config.ini')) { - $confFile = PATH_DATA_SITE . 'rest-config.ini'; - $restApiClassPath = PATH_DATA_SITE; - } elseif (file_exists(PATH_CONFIG . 'rest-config.ini')) { - $confFile = PATH_CONFIG . 'rest-config.ini'; - } - if (!empty($confFile) && $restConfig = @parse_ini_file($confFile, true)) { - if (array_key_exists('enable_service', $restConfig)) { - if ($restConfig['enable_service'] == 'true' || $restConfig['enable_service'] == '1') { - $isRestRequest = true; // rest service enabled - } - } - } -} - -//here we are loading all plugins registered -//the singleton has a list of enabled plugins -$oPluginRegistry = PluginRegistry::loadSingleton(); - -// setup propel definitions and logging -require_once("propel/Propel.php"); -require_once("creole/Creole.php"); - -if (defined('DEBUG_SQL_LOG') && DEBUG_SQL_LOG) { - define('PM_PID', mt_rand(1, 999999)); - require_once 'Log.php'; - - // register debug connection decorator driver - Creole::registerDriver('*', 'creole.contrib.DebugConnection'); - - // initialize Propel with converted config file - Propel::init(PATH_CORE . "config/databases.php"); - - // unified log file for all databases - $logFile = PATH_DATA . 'log' . PATH_SEP . 'propel.log'; - $logger = Log::singleton('file', $logFile, 'wf ' . config("system.workspace"), null, PEAR_LOG_INFO); - Propel::setLogger($logger); - // log file for workflow database - $con = Propel::getConnection('workflow'); - if ($con instanceof DebugConnection) { - $con->setLogger($logger); - } - // log file for rbac database - $con = Propel::getConnection('rbac'); - - if ($con instanceof DebugConnection) { - $con->setLogger($logger); - } - - // log file for report database - $con = Propel::getConnection('rp'); - if ($con instanceof DebugConnection) { - $con->setLogger($logger); - } -} else { - Propel::init(PATH_CORE . "config/databases.php"); -} - -Creole::registerDriver('dbarray', 'creole.contrib.DBArrayConnection'); - -// Session Initializations -ini_set('session.auto_start', '1'); - -// The register_globals feature has been DEPRECATED as of PHP 5.3.0. default value Off. -// ini_set( 'register_globals', 'Off' ); -//session_start(); -ob_start(); - -// Rebuild the base Workflow translations if not exists -if (!is_file(PATH_LANGUAGECONT . 'translation.en')) { - require_once("classes/model/Translation.php"); - $fields = Translation::generateFileTranslation('en'); -} - -// TODO: Verify if the language set into url is defined in translations env. -if (SYS_LANG != 'en' && !is_file(PATH_LANGUAGECONT . 'translation.' . SYS_LANG)) { - require_once("classes/model/Translation.php"); - $fields = Translation::generateFileTranslation(SYS_LANG); -} - -// Setup plugins -$oPluginRegistry->setupPlugins(); //get and setup enabled plugins -$avoidChangedWorkspaceValidation = false; - -// Load custom Classes and Model from Plugins. -G::LoadAllPluginModelClasses(); - -// jump to php file in methods directory -$collectionPlugin = ''; -if ($oPluginRegistry->isRegisteredFolder(SYS_COLLECTION)) { - $phpFile = PATH_PLUGINS . SYS_COLLECTION . PATH_SEP . SYS_TARGET . '.php'; - $targetPlugin = explode('/', SYS_TARGET); - $collectionPlugin = $targetPlugin[0]; - $avoidChangedWorkspaceValidation = true; -} else { - $phpFile = G::ExpandPath('methods') . SYS_COLLECTION . PATH_SEP . SYS_TARGET . '.php'; -} - -// services is a special folder, -if (SYS_COLLECTION == 'services') { - $avoidChangedWorkspaceValidation = true; - $targetPlugin = explode('/', SYS_TARGET); - - if ($targetPlugin[0] == 'webdav') { - $phpFile = G::ExpandPath('methods') . SYS_COLLECTION . PATH_SEP . 'webdav.php'; - } -} - -if (SYS_COLLECTION == 'login' && SYS_TARGET == 'login') { - $avoidChangedWorkspaceValidation = true; -} - -//the index.php file, this new feature will allow automatically redirects to valid php file inside any methods folder -/* DEPRECATED -if ( SYS_TARGET == '' ) { - $phpFile = str_replace ( '.php', 'index.php', $phpFile ); - $phpFile = include ( $phpFile ); -}*/ -$bWE = false; -$isControllerCall = false; -if (substr(SYS_COLLECTION, 0, 8) === 'gulliver') { - $phpFile = PATH_GULLIVER_HOME . 'methods/' . substr(SYS_COLLECTION, 8) . SYS_TARGET . '.php'; -} else { - //when the file is part of the public directory of any PROCESS, this a ProcessMaker feature - if (preg_match('/^[0-9][[:alnum:]]+$/', SYS_COLLECTION) == 1) { //the pattern is /sysSYS/LANG/SKIN/PRO_UID/file - $auxPart = explode('/', $_SERVER['REQUEST_URI']); - $aAux = explode('?', $auxPart[count($auxPart) - 1]); - //$extPart = explode ( '.' , $auxPart[ count($auxPart)-1] ); - $extPart = explode('.', $aAux[0]); - $queryPart = isset($aAux[1]) ? $aAux[1] : ""; - $extension = $extPart[count($extPart) - 1]; - $phpFile = PATH_DATA_SITE . 'public' . PATH_SEP . SYS_COLLECTION . PATH_SEP . urldecode($auxPart[count($auxPart) - 1]); - $aAux = explode('?', $phpFile); - $phpFile = $aAux[0]; - - if ($extension != 'php') { - G::streamFile($phpFile); - die; - } - - $avoidChangedWorkspaceValidation = true; - $bWE = true; - //$phpFile = PATH_DATA_SITE . 'public' . PATH_SEP . SYS_COLLECTION . PATH_SEP . $auxPart[ count($auxPart)-1]; - } - - //erik: verify if it is a Controller Class or httpProxyController Class - if (is_file(PATH_CONTROLLERS . SYS_COLLECTION . '.php')) { - $pathFile = $filter->validateInput(PATH_CONTROLLERS . SYS_COLLECTION . '.php', 'path'); - require_once $pathFile; - $controllerClass = SYS_COLLECTION; - //if the method name is empty set default to index method - $controllerAction = SYS_TARGET != '' ? SYS_TARGET : 'index'; - //if the method exists - if (is_callable(Array($controllerClass, $controllerAction))) { - $isControllerCall = true; - } - } - - if (!$isControllerCall && !file_exists($phpFile) && !$isRestRequest) { - $_SESSION['phpFileNotFound'] = $_SERVER['REQUEST_URI']; - header("location: /errors/error404.php?url=" . urlencode($_SERVER['REQUEST_URI'])); - die; - } -} - -//redirect to login, if user changed the workspace in the URL -if (!$avoidChangedWorkspaceValidation && isset($_SESSION['WORKSPACE']) && $_SESSION['WORKSPACE'] != config("system.workspace")) { - $_SESSION['WORKSPACE'] = config("system.workspace"); - G::SendTemporalMessage('ID_USER_HAVENT_RIGHTS_SYSTEM', "error"); - // verify if the current skin is a 'ux' variant - $urlPart = substr(SYS_SKIN, 0, 2) == 'ux' && SYS_SKIN != 'uxs' ? '/main/login' : '/login/login'; - - header('Location: /sys' . config("system.workspace") . '/' . SYS_LANG . '/' . SYS_SKIN . $urlPart); - die; -} - -// enable rbac -$RBAC = RBAC::getSingleton(PATH_DATA, session_id()); -$RBAC->sSystem = 'PROCESSMAKER'; - -// define and send Headers for all pages -if (!defined('EXECUTE_BY_CRON')) { - header("Expires: " . gmdate("D, d M Y H:i:s", mktime(0, 0, 0, date('m'), date('d') - 1, date('Y'))) . " GMT"); - header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT"); - header("Cache-Control: no-store, no-cache, must-revalidate"); - header("Cache-Control: post-check=0, pre-check=0", false); - header("Pragma: no-cache"); - - // get the language direction from ServerConf - define('SYS_LANG_DIRECTION', $oServerConf->getLanDirection()); - - if ((isset($_SESSION['USER_LOGGED'])) && (!(isset($_GET['sid'])))) { - if (PHP_VERSION < 5.2) { - setcookie(session_name(), session_id(), time() + $timelife, '/', '; HttpOnly'); - } else { - setcookie(session_name(), session_id(), time() + $timelife, '/', null, false, true); - } - $RBAC->initRBAC(); - //using optimization with memcache, the user data will be in memcache 8 hours, or until session id goes invalid - $memKey = 'rbacSession' . session_id(); - if (($RBAC->aUserInfo = $memcache->get($memKey)) === false) { - $RBAC->loadUserRolePermission($RBAC->sSystem, $_SESSION['USER_LOGGED']); - $memcache->set($memKey, $RBAC->aUserInfo, PMmemcached::EIGHT_HOURS); - } - } else { - // this is the blank list to allow execute scripts with no login (without session started) - $noLoginFiles = $noLoginFolders = []; - $noLoginFiles[] = 'login'; - $noLoginFiles[] = 'authentication'; - $noLoginFiles[] = 'login_Ajax'; - $noLoginFiles[] = 'dbInfo'; - $noLoginFiles[] = 'sysLoginVerify'; - $noLoginFiles[] = 'processes_Ajax'; - $noLoginFiles[] = 'showLogoFile'; - $noLoginFiles[] = 'forgotPassword'; - $noLoginFiles[] = 'retrivePassword'; - $noLoginFiles[] = 'genericAjax'; - - $noLoginFolders[] = 'services'; - $noLoginFolders[] = 'tracker'; - $noLoginFolders[] = 'installer'; - - // This sentence is used when you lost the Session - if (!in_array(SYS_TARGET, $noLoginFiles) - && !in_array(SYS_COLLECTION, $noLoginFolders) - && $bWE != true && $collectionPlugin != 'services' - && !$isRestRequest - ) { - $bRedirect = true; - - if (isset($_GET['sid'])) { - $oSessions = new Sessions(); - if ($aSession = $oSessions->verifySession($_GET['sid'])) { - require_once 'classes/model/Users.php'; - $oUser = new Users(); - $aUser = $oUser->load($aSession['USR_UID']); - initUserSession($aUser['USR_UID'], $aUser['USR_USERNAME']); - $bRedirect = false; - if (PHP_VERSION < 5.2) { - setcookie(session_name(), session_id(), time() + $timelife, '/', '; HttpOnly'); - } else { - setcookie(session_name(), session_id(), time() + $timelife, '/', null, false, true); - } - $RBAC->initRBAC(); - $RBAC->loadUserRolePermission($RBAC->sSystem, $_SESSION['USER_LOGGED']); - $memKey = 'rbacSession' . session_id(); - $memcache->set($memKey, $RBAC->aUserInfo, PMmemcached::EIGHT_HOURS); - } - } - - if ((isset($_SESSION['USER_LOGGED'])) && (!(isset($_GET['sid'])))) { - if (PHP_VERSION < 5.2) { - setcookie(session_name(), session_id(), time() + $timelife, '/', '; HttpOnly'); - } else { - setcookie(session_name(), session_id(), time() + $timelife, '/', null, false, true); - } - $RBAC->initRBAC(); - //using optimization with memcache, the user data will be in memcache 8 hours, or until session id goes invalid - $memKey = 'rbacSession' . session_id(); - if (($RBAC->aUserInfo = $memcache->get($memKey)) === false) { - $RBAC->loadUserRolePermission($RBAC->sSystem, $_SESSION['USER_LOGGED']); - $memcache->set($memKey, $RBAC->aUserInfo, PMmemcached::EIGHT_HOURS); - } - } else { - // this is the blank list to allow execute scripts with no login (without session started) - $noLoginFiles = $noLoginFolders = []; - $noLoginFiles[] = 'login'; - $noLoginFiles[] = 'authentication'; - $noLoginFiles[] = 'login_Ajax'; - $noLoginFiles[] = 'dbInfo'; - $noLoginFiles[] = 'sysLoginVerify'; - $noLoginFiles[] = 'processes_Ajax'; - $noLoginFiles[] = 'showLogoFile'; - $noLoginFiles[] = 'forgotPassword'; - $noLoginFiles[] = 'retrivePassword'; - $noLoginFiles[] = 'genericAjax'; - - $noLoginFolders[] = 'services'; - $noLoginFolders[] = 'tracker'; - $noLoginFolders[] = 'installer'; - - // This sentence is used when you lost the Session - if (!in_array(SYS_TARGET, $noLoginFiles) - && !in_array(SYS_COLLECTION, $noLoginFolders) - && $bWE != true && $collectionPlugin != 'services' - && !$isRestRequest - ) { - $bRedirect = true; - - if (isset($_GET['sid'])) { - $oSessions = new Sessions(); - if ($aSession = $oSessions->verifySession($_GET['sid'])) { - require_once 'classes/model/Users.php'; - $oUser = new Users(); - $aUser = $oUser->load($aSession['USR_UID']); - $_SESSION['USER_LOGGED'] = $aUser['USR_UID']; - $_SESSION['USR_USERNAME'] = $aUser['USR_USERNAME']; - $bRedirect = false; - if (PHP_VERSION < 5.2) { - setcookie(session_name(), session_id(), time() + $timelife, '/', '; HttpOnly'); - } else { - setcookie(session_name(), session_id(), time() + $timelife, '/', null, false, true); - } - $RBAC->initRBAC(); - $RBAC->loadUserRolePermission($RBAC->sSystem, $_SESSION['USER_LOGGED']); - $memKey = 'rbacSession' . session_id(); - $memcache->set($memKey, $RBAC->aUserInfo, PMmemcached::EIGHT_HOURS); - } - } - - if ($bRedirect) { - if (substr(SYS_SKIN, 0, - 2) == 'ux' && SYS_SKIN != 'uxs' - ) { // verify if the current skin is a 'ux' variant - $loginUrl = 'main/login'; - } else { - if (strpos($_SERVER['REQUEST_URI'], - '/home') !== false - ) { //verify is it is using the uxs skin for simplified interface - $loginUrl = 'home/login'; - } else { - $loginUrl = 'login/login'; // just set up the classic login - } - } - - if (empty($_POST)) { - header('location: ' . SYS_URI . $loginUrl . '?u=' . urlencode($_SERVER['REQUEST_URI'])); - - } else { - if ($isControllerCall) { - header("HTTP/1.0 302 session lost in controller"); - } else { - header('location: ' . SYS_URI . $loginUrl); - } - } - die(); - } - } - } - $_SESSION['phpLastFileFound'] = $_SERVER['REQUEST_URI']; - - /** - * New feature for Gulliver framework to support Controllers & HttpProxyController classes handling - * - * @author Erik Amaru Ortiz - */ - if ($isControllerCall) { //Instance the Controller object and call the request method - $controller = new $controllerClass(); - $controller->setHttpRequestData($_REQUEST); - $controller->call($controllerAction); - } elseif ($isRestRequest) { - G::dispatchRestService(SYS_TARGET, $restConfig, $restApiClassPath); - } else { - require_once $filter->validateInput($phpFile, 'path'); - } - - if (defined('SKIP_HEADERS')) { - header("Expires: " . gmdate("D, d M Y H:i:s", - mktime(0, 0, 0, date('m'), date('d'), date('Y') + 1)) . " GMT"); - header('Cache-Control: public'); - header('Pragma: '); - } - - ob_end_flush(); - if (DEBUG_TIME_LOG) { - G::logTimeByPage(); //log this page - } - } - } -} diff --git a/workflow/public_html/pmGmail/sso.php b/workflow/public_html/pmGmail/sso.php index f98d5cde1..a30aa2fa9 100644 --- a/workflow/public_html/pmGmail/sso.php +++ b/workflow/public_html/pmGmail/sso.php @@ -98,7 +98,8 @@ if (!isset($_SESSION['USER_LOGGED']) || $_SESSION['USER_LOGGED'] != $decodedResp session_start(); session_regenerate_id(); - setcookie("workspaceSkin", $enviroment, time() + (24 * 60 * 60), "/sys" . $enviroment, null, G::is_https(), true); + $cookieOptions = Bootstrap::buildCookieOptions(['expires' => time() + (24 * 60 * 60), 'path' => '/sys' . $enviroment, 'httponly' => true]); + setcookie('workspaceSkin', $enviroment, $cookieOptions); $_SESSION = array(); $_SESSION['__EE_INSTALLATION__'] = 2; diff --git a/workflow/public_html/sysGeneric.php b/workflow/public_html/sysGeneric.php index 1aa362f65..8634cde18 100644 --- a/workflow/public_html/sysGeneric.php +++ b/workflow/public_html/sysGeneric.php @@ -944,11 +944,8 @@ if (!defined('EXECUTE_BY_CRON')) { (!(preg_match("/safari/i", $_SERVER ['HTTP_USER_AGENT']) == 1 && preg_match("/chrome/i", $_SERVER ['HTTP_USER_AGENT']) == 0) || $config['safari_cookie_lifetime'] == 1)) { - if (PHP_VERSION < 5.2) { - setcookie(session_name(), session_id(), time() + $timelife, '/', '; HttpOnly'); - } else { - setcookie(session_name(), session_id(), time() + $timelife, '/', null, G::is_https(), true); - } + $cookieOptions = Bootstrap::buildCookieOptions(['expires' => time() + $timelife, 'httponly' => true]); + setcookie(session_name(), session_id(), $cookieOptions); } $RBAC->initRBAC(); //using optimization with memcache, the user data will be in memcache 8 hours, or until session id goes invalid @@ -1024,11 +1021,8 @@ if (!defined('EXECUTE_BY_CRON')) { (!(preg_match("/safari/i", $_SERVER ['HTTP_USER_AGENT']) == 1 && preg_match("/chrome/i", $_SERVER ['HTTP_USER_AGENT']) == 0) || $config['safari_cookie_lifetime'] == 1)) { - if (PHP_VERSION < 5.2) { - setcookie(session_name(), session_id(), time() + $timelife, '/', '; HttpOnly'); - } else { - setcookie(session_name(), session_id(), time() + $timelife, '/', null, G::is_https(), true); - } + $cookieOptions = Bootstrap::buildCookieOptions(['expires' => time() + $timelife, 'httponly' => true]); + setcookie(session_name(), session_id(), $cookieOptions); } $RBAC->initRBAC(); $RBAC->loadUserRolePermission($RBAC->sSystem, $_SESSION['USER_LOGGED']); From e4484ec1dde7b50a54d1399daa8f1512183a2022 Mon Sep 17 00:00:00 2001 From: Fabio Guachalla Date: Fri, 26 Nov 2021 11:31:48 -0400 Subject: [PATCH 11/13] PMCORE-3509:In version 3.7.0 the inbox the send by field displays the undefined username after a script task Correction Style --- .../assets/js/admin/Modals/ModalPreview.vue | 58 +++++++-------- .../components/vuetable/CurrentUserCell.vue | 15 +++- .../js/home/CustomCaseList/CustomCaseList.vue | 73 +++++++------------ resources/assets/js/home/Inbox/Inbox.vue | 64 +++++++--------- resources/assets/js/home/Paused/Paused.vue | 68 +++++++---------- .../assets/js/home/Unassigned/Unassigned.vue | 66 +++++++---------- 6 files changed, 147 insertions(+), 197 deletions(-) diff --git a/resources/assets/js/admin/Modals/ModalPreview.vue b/resources/assets/js/admin/Modals/ModalPreview.vue index 1013426a7..b08f2b58b 100644 --- a/resources/assets/js/admin/Modals/ModalPreview.vue +++ b/resources/assets/js/admin/Modals/ModalPreview.vue @@ -29,12 +29,7 @@
- - +
{{ props.row.USERNAME_DISPLAY_FORMAT }} @@ -110,8 +105,7 @@ export default { DRAFT: this.$i18n.t("ID_IN_DRAFT"), PAUSED: this.$i18n.t("ID_PAUSED"), UNASSIGNED: this.$i18n.t("ID_UNASSIGNED"), - }, - showUserTooltip: true + } } }, mounted() { @@ -256,29 +250,31 @@ export default { formatUser(data) { var dataFormat = [], userDataFormat; - if (data.user_tooltip && !_.isEmpty(data.user_tooltip)) { - this.showUserTooltip = true; - userDataFormat = utils.userNameDisplayFormat({ - userName: data.user_tooltip.usr_firstname, - firstName: data.user_tooltip.usr_lastname, - lastName: data.user_tooltip.usr_username, - format: window.config.FORMATS.format || null - }); - dataFormat.push({ - USERNAME_DISPLAY_FORMAT: userDataFormat, - EMAIL: data.user_tooltip.usr_email, - POSITION: data.user_tooltip.usr_position, - AVATAR: userDataFormat !== "" ? window.config.SYS_SERVER_AJAX + - window.config.SYS_URI + - `users/users_ViewPhotoGrid?pUID=${data.user_tooltip.usr_id}` : "", - UNASSIGNED: userDataFormat !== "" ? true : false - }); - } else if (data.dummy_task && !_.isEmpty(data.dummy_task)) { - this.showUserTooltip = false; - dataFormat = data.dummy_task.type + ': ' + data.dummy_task.name; - } else { - this.showUserTooltip = false; - dataFormat = this.$i18n.t("ID_ANONYMOUS_USER"); + switch (data.key_name) { + case 'user_tooltip': + userDataFormat = utils.userNameDisplayFormat({ + userName: data.user_tooltip.usr_firstname, + firstName: data.user_tooltip.usr_lastname, + lastName: data.user_tooltip.usr_username, + format: window.config.FORMATS.format || null + }); + dataFormat.push({ + USERNAME_DISPLAY_FORMAT: userDataFormat, + EMAIL: data.user_tooltip.usr_email, + POSITION: data.user_tooltip.usr_position, + AVATAR: userDataFormat !== "" ? window.config.SYS_SERVER_AJAX + + window.config.SYS_URI + + `users/users_ViewPhotoGrid?pUID=${data.user_tooltip.usr_id}` : "", + UNASSIGNED: userDataFormat !== "" ? true : false, + SHOW_TOOLTIP: true + }); + break; + case 'dummy_task': + dataFormat = data.dummy_task.type + ': ' + data.dummy_task.name; + break; + default: + dataFormat = ""; + break; } return dataFormat; } diff --git a/resources/assets/js/components/vuetable/CurrentUserCell.vue b/resources/assets/js/components/vuetable/CurrentUserCell.vue index e4fc4e264..0a64b14fc 100644 --- a/resources/assets/js/components/vuetable/CurrentUserCell.vue +++ b/resources/assets/js/components/vuetable/CurrentUserCell.vue @@ -1,5 +1,5 @@