From c90a1d4da213e7da1346e335a04319ec15d80ee2 Mon Sep 17 00:00:00 2001 From: Hector Cortez Date: Mon, 15 Apr 2013 15:49:27 -0400 Subject: [PATCH] =?UTF-8?q?BUG=2010852=20Control=20de=20los=20reenv=C3=ADo?= =?UTF-8?q?s=20de=20la=20notificaciones=20'Messages=20History'=20SOLVED?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit - Se requiere que los reenvíos que se hacen a través del historial de mensajes, no se pueda realizar desde el menú casos, ya que existe el problema que cualquier usuario que haya participado de un caso puede reenviar notificaciones, a cualquier usuario, y existe el peligro de divulgación de información crítica que debe ser restringida por roles. - Added Roles to control Messages History. --- workflow/engine/classes/class.case.php | 18 +- workflow/engine/classes/class.processMap.php | 16 +- .../methods/cases/caseMessageHistory_Ajax.php | 38 ++- .../processes_SaveObjectPermission.php | 11 +- .../templates/cases/caseMessageHistory.js | 262 +++++++++++---- .../processes_EditObjectPermission.xml | 318 +++++++++--------- .../processes_NewObjectPermission.xml | 58 ++-- 7 files changed, 465 insertions(+), 256 deletions(-) diff --git a/workflow/engine/classes/class.case.php b/workflow/engine/classes/class.case.php index b5de135b8..3e49ebc5b 100755 --- a/workflow/engine/classes/class.case.php +++ b/workflow/engine/classes/class.case.php @@ -980,7 +980,7 @@ class Cases require_once 'classes/model/AdditionalTables.php'; $oReportTables = new ReportTables(); $addtionalTables = new additionalTables(); - + if (!isset($Fields['APP_NUMBER'])) { $Fields['APP_NUMBER'] = $appFields['APP_NUMBER']; } @@ -5085,7 +5085,13 @@ class Cases $aCase = $this->loadCase($APP_UID); $USER_PERMISSIONS = Array(); $GROUP_PERMISSIONS = Array(); - $RESULT = Array("DYNAFORM" => Array(), "INPUT" => Array(), "OUTPUT" => Array(), "CASES_NOTES" => 0); + $RESULT = Array( + "DYNAFORM" => Array(), + "INPUT" => Array(), + "OUTPUT" => Array(), + "CASES_NOTES" => 0, + "MSGS_HISTORY" => "" + ); //permissions per user $oCriteria = new Criteria('workflow'); @@ -5342,6 +5348,10 @@ class Cases case 'CASES_NOTES': $RESULT['CASES_NOTES'] = 1; break; + case 'MSGS_HISTORY': + $RESULT['MSGS_HISTORY'] = $ACTION; + break; + } } } @@ -5349,7 +5359,8 @@ class Cases "DYNAFORMS" => $RESULT['DYNAFORM'], "INPUT_DOCUMENTS" => $RESULT['INPUT'], "OUTPUT_DOCUMENTS" => $RESULT['OUTPUT'], - "CASES_NOTES" => $RESULT['CASES_NOTES'] + "CASES_NOTES" => $RESULT['CASES_NOTES'], + "MSGS_HISTORY" => $RESULT['MSGS_HISTORY'] ); } @@ -6503,4 +6514,3 @@ class Cases return false; } } - \ No newline at end of file diff --git a/workflow/engine/classes/class.processMap.php b/workflow/engine/classes/class.processMap.php index 51fa055a3..b35c6854f 100755 --- a/workflow/engine/classes/class.processMap.php +++ b/workflow/engine/classes/class.processMap.php @@ -3621,6 +3621,10 @@ class processMap $sObjectType = G::LoadTranslation('ID_CASES_NOTES'); $sObject = 'N/A'; break; + case 'MSGS_HISTORY': + $sObjectType = G::LoadTranslation('ID_ALL'); + $sObject = G::LoadTranslation('ID_ALL'); + break; default: $sObjectType = G::LoadTranslation('ID_ALL'); $sObject = G::LoadTranslation('ID_ALL'); @@ -3635,8 +3639,7 @@ class processMap //Obtain action (permission) $sAction = G::LoadTranslation('ID_' . $aRow['OP_ACTION']); //Add to array - $aObjectsPermissions[] = array('OP_UID' => $aRow['OP_UID'], 'TASK_TARGET' => $sTaskTarget, 'GROUP_USER' => $sUserGroup, 'TASK_SOURCE' => $sTaskSource, 'OBJECT_TYPE' => $sObjectType, 'OBJECT' => $sObject, 'PARTICIPATED' => $sParticipated, 'ACTION' => $sAction, 'OP_CASE_STATUS' => $aRow['OP_CASE_STATUS'] - ); + $aObjectsPermissions[] = array('OP_UID' => $aRow['OP_UID'], 'TASK_TARGET' => $sTaskTarget, 'GROUP_USER' => $sUserGroup, 'TASK_SOURCE' => $sTaskSource, 'OBJECT_TYPE' => $sObjectType, 'OBJECT' => $sObject, 'PARTICIPATED' => $sParticipated, 'ACTION' => $sAction, 'OP_CASE_STATUS' => $aRow['OP_CASE_STATUS']); $oDataset->next(); } global $_DBArray; @@ -3894,8 +3897,12 @@ class processMap global $G_PUBLISH; $G_PUBLISH = new Publisher(); $G_PUBLISH->AddContent('xmlform', 'xmlform', 'processes/processes_NewObjectPermission', '', - array('GROUP_USER' => $usersGroups, 'LANG' => SYS_LANG, 'PRO_UID' => $sProcessUID, 'ID_DELETE' => G::LoadTranslation('ID_DELETE') - ), 'processes_SaveObjectPermission'); + array('GROUP_USER' => $usersGroups, + 'LANG' => SYS_LANG, + 'PRO_UID' => $sProcessUID, + 'ID_DELETE' => G::LoadTranslation('ID_DELETE'), + 'ID_RESEND' => G::LoadTranslation('ID_RESEND') + ), 'processes_SaveObjectPermission'); G::RenderPage('publish', 'raw'); return true; } @@ -4048,6 +4055,7 @@ class processMap $aFields['GROUP_USER'] = $usersGroups; $aFields['ID_DELETE'] = G::LoadTranslation('ID_DELETE'); + $aFields['ID_RESEND'] = G::LoadTranslation('ID_RESEND'); global $G_PUBLISH; $G_PUBLISH = new Publisher(); diff --git a/workflow/engine/methods/cases/caseMessageHistory_Ajax.php b/workflow/engine/methods/cases/caseMessageHistory_Ajax.php index ba37d45e9..dd4ff7a51 100644 --- a/workflow/engine/methods/cases/caseMessageHistory_Ajax.php +++ b/workflow/engine/methods/cases/caseMessageHistory_Ajax.php @@ -25,11 +25,11 @@ $actionAjax = isset( $_REQUEST['actionAjax'] ) ? $_REQUEST['actionAjax'] : null; if ($actionAjax == 'messageHistoryGridList_JXP') { - + if (!isset($_REQUEST['start'])) { $_REQUEST['start'] = 0; } - + if (!isset($_REQUEST['limit'])) { $_REQUEST['limit'] = 20; } @@ -46,13 +46,37 @@ if ($actionAjax == 'messageHistoryGridList_JXP') { $result = new stdClass(); $aProcesses = Array (); - foreach ($appMessageArray as $index => $value) { - if ($appMessageArray[$index]['APP_MSG_SHOW_MESSAGE'] == 1) { - $appMessageArray[$index]['ID_MESSAGE'] = $appMessageArray[$index]['APP_UID'] . '_' . $appMessageArray[$index]['APP_MSG_UID']; - $aProcesses[] = $appMessageArray[$index]; + + $proUid = $_SESSION['PROCESS']; + $appUid = $_SESSION['APPLICATION']; + $tasUid = $_SESSION['TASK']; + $usrUid = $_SESSION['USER_LOGGED']; + + $respView = $oCase->getAllObjectsFrom( $proUid, $appUid, $tasUid, $usrUid, 'VIEW' ); + $respBlock = $oCase->getAllObjectsFrom( $proUid, $appUid, $tasUid, $usrUid, 'BLOCK' ); + $respResend = $oCase->getAllObjectsFrom( $proUid, $appUid, $tasUid, $usrUid, 'RESEND' ); + + if ($respView['MSGS_HISTORY'] != "" ) { + $respMess = $respView['MSGS_HISTORY']; + } else { + if ( $respBlock['MSGS_HISTORY'] != "" ) { + $respMess = $respBlock['MSGS_HISTORY']; + } else { + if ($respResend['MSGS_HISTORY'] != "") { + $respMess = $respResend['MSGS_HISTORY']; + } else { + $respMess = ""; + } } } - + + foreach ($appMessageArray as $index => $value) { + if ($appMessageArray[$index]['APP_MSG_SHOW_MESSAGE'] == 1 && $respMess != 'BLOCK' ) { + $appMessageArray[$index]['ID_MESSAGE'] = $appMessageArray[$index]['APP_UID'] . '_' . $appMessageArray[$index]['APP_MSG_UID']; + $aProcesses[] = array_merge($appMessageArray[$index], array('MSGS_HISTORY' => $respMess)); + } + } + $totalCount = 0; foreach ($appMessageCountArray as $index => $value) { if ($appMessageCountArray[$index]['APP_MSG_SHOW_MESSAGE'] == 1) { diff --git a/workflow/engine/methods/processes/processes_SaveObjectPermission.php b/workflow/engine/methods/processes/processes_SaveObjectPermission.php index a9caf9e2f..7bee08ed3 100755 --- a/workflow/engine/methods/processes/processes_SaveObjectPermission.php +++ b/workflow/engine/methods/processes/processes_SaveObjectPermission.php @@ -42,10 +42,11 @@ if ($access != 1) { break; } } -if (isset( $_POST['form'] )) +if (isset( $_POST['form'] )) { $sValue = $_POST['form']; //For old processmap -else +} else { $sValue = $_POST; //For new processmap EXtjs +} list ($iRelation, $sUserGroup) = explode( '|', $sValue['GROUP_USER'] ); @@ -66,11 +67,13 @@ switch ($sValue['OP_OBJ_TYPE']) { case 'OUTPUT': $sObjectUID = $sValue['OUTPUTS']; break; + case 'MSGS_HISTORY': + $sObjectUID = $sValue['MSGS_HISTORY']; + break; } require_once 'classes/model/ObjectPermission.php'; $oOP = new ObjectPermission(); -$aData = array ('OP_UID' => G::generateUniqueID(),'PRO_UID' => $sValue['PRO_UID'],'TAS_UID' => $sValue['TAS_UID'],'USR_UID' => (string) $sUserGroup,'OP_USER_RELATION' => $iRelation,'OP_TASK_SOURCE' => $sValue['OP_TASK_SOURCE'],'OP_PARTICIPATE' => $sValue['OP_PARTICIPATE'],'OP_OBJ_TYPE' => $sValue['OP_OBJ_TYPE'],'OP_OBJ_UID' => $sObjectUID,'OP_ACTION' => $sValue['OP_ACTION'],'OP_CASE_STATUS' => $sValue['OP_CASE_STATUS'] -); +$aData = array ('OP_UID' => G::generateUniqueID(),'PRO_UID' => $sValue['PRO_UID'],'TAS_UID' => $sValue['TAS_UID'],'USR_UID' => (string) $sUserGroup,'OP_USER_RELATION' => $iRelation,'OP_TASK_SOURCE' => $sValue['OP_TASK_SOURCE'],'OP_PARTICIPATE' => $sValue['OP_PARTICIPATE'],'OP_OBJ_TYPE' => $sValue['OP_OBJ_TYPE'],'OP_OBJ_UID' => $sObjectUID,'OP_ACTION' => $sValue['OP_ACTION'],'OP_CASE_STATUS' => $sValue['OP_CASE_STATUS']); $oOP->fromArray( $aData, BasePeer::TYPE_FIELDNAME ); $oOP->save(); G::LoadClass( 'processMap' ); diff --git a/workflow/engine/templates/cases/caseMessageHistory.js b/workflow/engine/templates/cases/caseMessageHistory.js index ea316f326..2654fe3c0 100644 --- a/workflow/engine/templates/cases/caseMessageHistory.js +++ b/workflow/engine/templates/cases/caseMessageHistory.js @@ -7,9 +7,139 @@ window.parent.tabIframeWidthFix2(idIframe); } + function windowPreviewMessage(rowSelected) { + windowMessage = new Ext.Window({ + title: '', + width: 600, + height: 420, + border: false, + layout : 'fit', + items: + [ + { + xtype: 'form', + frame: true, + border: false, + defaults: { + width: 150 + }, + items: [ + { + xtype: 'textfield', + fieldLabel: _("ID_FROM"), + id:'From', + anchor: '100%', + arrowAlign:'center', + readOnly: true, + name: 'From' + }, + { + xtype: 'textfield', + fieldLabel: _("ID_TO"), + id: 'To', + anchor: '100%', + arrowAlign:'center', + readOnly: true, + name: 'To' + }, + { + xtype: 'textfield', + fieldLabel: _('ID_SUBJECT'), + id: 'Subjet', + anchor: '100%', + arrowAlign:'center', + readOnly: true, + name: 'Subjet' + }, + { + xtype: 'textfield', + fieldLabel: _("DATE_LABEL"), + id: 'date', + arrowAlign:'center', + readOnly: true, + name: 'Status' + }, + { + name : 'body', + id:'body', + hideLabel:true, + xtype: 'htmleditor', + autoScroll: true, + readOnly: true, + x: 1, + y: 1, + enableAlignments:false, + enableColors:false, + enableFont:false, + enableFontSize:false, + enableFormat:false, + enableLinks:false, + enableLists:false, + enableSourceEdit:false, + anchor: '100%', + height: 260 + } + ] + } + ] + }); + + //load fields from rowSelect + Ext.getCmp('From').setValue(rowSelected.data.APP_MSG_FROM); + Ext.getCmp('To').setValue(rowSelected.data.APP_MSG_TO); + Ext.getCmp('Subjet').setValue(rowSelected.data.APP_MSG_SUBJECT); + Ext.getCmp('date').setValue(rowSelected.data.APP_MSG_DATE); + Ext.getCmp('body').setValue(rowSelected.data.APP_MSG_BODY); + + //show windows message + windowMessage.show(windowMessage); + + } + + function resendDialog(rowSelected) { + + Ext.Msg.show({ + title:'', + msg: _('ID_ARE_YOU_SURE_RESEND')+"?", + buttons: Ext.Msg.OKCANCEL, + icon: Ext.MessageBox.QUESTION, + fn: function(btn, text){ + if(btn=='ok'){ + //!dataGrid + var idMessage = rowSelected.data.ID_MESSAGE; + var subjectMessage = rowSelected.data.APP_MSG_SUBJECT; + var dateMessage = rowSelected.data.APP_MSG_DATE; + + var tabName = 'sendMailMessage_'+idMessage; + var tabTitle = 'Resend('+subjectMessage+' '+dateMessage+')'; + + ActionTabFrameGlobal.tabName = tabName; + ActionTabFrameGlobal.tabTitle = tabTitle; + + //window.parent.Actions.tabFrame(tabName); + var tabNameArray = tabName.split('_'); + var APP_UID = tabNameArray[1]; + var APP_MSG_UID = tabNameArray[2]; + + messageHistoryGridListMask = new Ext.LoadMask(Ext.getBody(), {msg:_('ID_LOADING')}); + messageHistoryGridListMask.show(); + + var url = "caseMessageHistory_Ajax.php?actionAjax=sendMailMessage_JXP&APP_UID="+APP_UID+"&APP_MSG_UID="+APP_MSG_UID; + ajaxPostRequest(url,'caseMessageHistory_RSP'); + + } + + }, + animEl: 'elId' + }); + } + + previewMessage = function() { var rowSelected = Ext.getCmp('processesGrid').getSelectionModel().getSelected(); if (rowSelected) { + windowPreviewMessage(rowSelected); + /* windowMessage = new Ext.Window({ title: '', width: 600, @@ -95,6 +225,8 @@ //show windows message windowMessage.show(windowMessage); + */ + } else { Ext.Msg.show({ @@ -326,7 +458,8 @@ var ActionTabFrameGlobal = ''; {name : 'APP_MSG_FROM'}, {name : 'APP_MSG_TO'}, {name : 'APP_MSG_STATUS'}, - {name : 'APP_MSG_BODY'} + {name : 'APP_MSG_BODY'}, + {name : 'MSGS_HISTORY'} ] } @@ -389,7 +522,7 @@ var ActionTabFrameGlobal = ''; enableHdMenu: true, frame:false, //plugins: expander, - cls : 'grid_with_checkbox', + // cls : 'grid_with_checkbox', columnLines: true, viewConfig: { forceFit:true @@ -408,9 +541,53 @@ var ActionTabFrameGlobal = ''; {header: _("ID_FROM"), dataIndex: 'APP_MSG_FROM', width: 60, renderer: escapeHtml}, {header: _("ID_TO"), dataIndex: 'APP_MSG_TO', width: 60, renderer: escapeHtml}, {header: _("ID_STATUS"), dataIndex: 'APP_MSG_STATUS', width: 50}, - {header: _("ID_APP_MSG_BODY"), dataIndex: 'APP_MSG_BODY', width: 50,hidden:true} ] + {header: _("ID_APP_MSG_BODY"), dataIndex: 'APP_MSG_BODY', width: 50,hidden:true}, + {id:'MSGS_HISTORY', dataIndex: 'MSGS_HISTORY', hidden:true, hideable:false}, + { + // header: _("ID_RESEND"), + xtype: 'actioncolumn', + width: 60, + items: [ + { + getClass: function(v, meta, rec) { + this.items[0].tooltip = _("ID_RESEND"); + if (rec.get('MSGS_HISTORY') === 'RESEND') { + return 'button_menu_ext ss_sprite ss_email_attach'; + } else { + return 'button_menu_ext ss_sprite ss_lock'; + } + }, + handler: function(grid, rowIndex, colIndex) { + var rec = store.getAt(rowIndex); + if (rec.get('MSGS_HISTORY') === 'RESEND') { + resendDialog(rec); + } + } + }, + { + getClass: function(v, meta, rec) { + this.items[1].tooltip = _("ID_PREVIEW"); + if (rec.get('MSGS_HISTORY') === 'VIEW' || rec.get('MSGS_HISTORY') === 'RESEND') { + return 'button_menu_ext ss_sprite ss_magnifier'; + } else { + return 'button_menu_ext ss_sprite ss_cancel'; + } + }, + handler: function(grid, rowIndex, colIndex) { + var rec = store.getAt(rowIndex); + if (rec.get('MSGS_HISTORY') === 'VIEW' || rec.get('MSGS_HISTORY') === 'RESEND') { + windowPreviewMessage(rec); + } + } + } + + ] + } + + ] }), store: store, +/* tbar:[ { text:_("ID_RESEND"), @@ -419,52 +596,10 @@ var ActionTabFrameGlobal = ''; icon: '/images/mail-send16x16.png', handler: function(){ - var rowSelected = processesGrid.getSelectionModel().getSelected(); + var rowSelected = processesGrid.getSelectionModel().getSelected(); if( rowSelected ){ - //!dataGrid - - - // Show a dialog using config options: - Ext.Msg.show({ - title:'', - msg: _('ID_ARE_YOU_SURE_RESEND')+"?", - buttons: Ext.Msg.OKCANCEL, - icon: Ext.MessageBox.QUESTION, - fn: function(btn, text){ - if(btn=='ok'){ - //!dataGrid - var idMessage = rowSelected.data.ID_MESSAGE; - var subjectMessage = rowSelected.data.APP_MSG_SUBJECT; - var dateMessage = rowSelected.data.APP_MSG_DATE; - - var tabName = 'sendMailMessage_'+idMessage; - var tabTitle = 'Resend('+subjectMessage+' '+dateMessage+')'; - - ActionTabFrameGlobal.tabName = tabName; - ActionTabFrameGlobal.tabTitle = tabTitle; - - //window.parent.Actions.tabFrame(tabName); - var tabNameArray = tabName.split('_'); - var APP_UID = tabNameArray[1]; - var APP_MSG_UID = tabNameArray[2]; - - - messageHistoryGridListMask = new Ext.LoadMask(Ext.getBody(), {msg:_('ID_LOADING')}); - messageHistoryGridListMask.show(); - - - - var url = "caseMessageHistory_Ajax.php?actionAjax=sendMailMessage_JXP&APP_UID="+APP_UID+"&APP_MSG_UID="+APP_MSG_UID; - ajaxPostRequest(url,'caseMessageHistory_RSP'); - - - } - - }, - animEl: 'elId' - }); - + resendDialog(rowSelected); } else{ Ext.Msg.show({ @@ -479,8 +614,6 @@ var ActionTabFrameGlobal = ''; }); } - - }, disabled:false }, @@ -493,22 +626,21 @@ var ActionTabFrameGlobal = ''; iconCls: 'button_menu_ext', icon: '/images/documents/_filefind.png', handler: function(){ - var rowSelected = processesGrid.getSelectionModel().getSelected(); + var rowSelected = processesGrid.getSelectionModel().getSelected(); - if (rowSelected) { + if (rowSelected) { previewMessage(); - } - else { - Ext.Msg.show({ - title:'', - msg: _("ID_NO_SELECTION_WARNING"), - buttons: Ext.Msg.INFO, - fn: function(){}, - animEl: 'elId', - icon: Ext.MessageBox.INFO, - buttons: Ext.MessageBox.OK - }); - } + } else { + Ext.Msg.show({ + title:'', + msg: _("ID_NO_SELECTION_WARNING"), + buttons: Ext.Msg.INFO, + fn: function(){}, + animEl: 'elId', + icon: Ext.MessageBox.INFO, + buttons: Ext.MessageBox.OK + }); + } }, disabled:false }, @@ -516,6 +648,8 @@ var ActionTabFrameGlobal = ''; xtype: 'tbfill' } ], +*/ + bbar: new Ext.PagingToolbar({ pageSize: 20, store: store, @@ -525,7 +659,7 @@ var ActionTabFrameGlobal = ''; items:[] }), listeners: { - rowdblclick: previewMessage, + // rowdblclick: previewMessage, render: function(){ this.loadMask = new Ext.LoadMask(this.body, {msg:'Loading...'}); processesGrid.getSelectionModel().on('rowselect', function(){ diff --git a/workflow/engine/xmlform/processes/processes_EditObjectPermission.xml b/workflow/engine/xmlform/processes/processes_EditObjectPermission.xml index 78d110070..8d378cc5f 100755 --- a/workflow/engine/xmlform/processes/processes_EditObjectPermission.xml +++ b/workflow/engine/xmlform/processes/processes_EditObjectPermission.xml @@ -44,6 +44,7 @@ + @@ -65,33 +66,36 @@ Output Document - Permission + Permission + + + + + Save + diff --git a/workflow/engine/xmlform/processes/processes_NewObjectPermission.xml b/workflow/engine/xmlform/processes/processes_NewObjectPermission.xml index bd1f976a5..5e75caf33 100755 --- a/workflow/engine/xmlform/processes/processes_NewObjectPermission.xml +++ b/workflow/engine/xmlform/processes/processes_NewObjectPermission.xml @@ -44,6 +44,7 @@ + @@ -65,7 +66,10 @@ Output Document - Permission + Permission + + + @@ -76,6 +80,7 @@ Create +