fernando/luos
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

BUG 10852 Control de los reenvíos de la notificaciones 'Messages History' SOLVED

Browse Source 
- Se requiere que los reenvíos que se hacen a través del historial de mensajes, no se pueda realizar desde el menú casos, ya que existe el problema que cualquier usuario que haya participado de un caso puede reenviar notificaciones, a cualquier usuario, y existe el peligro de divulgación de información crítica que debe ser restringida por roles.
- Added Roles to control Messages History.
This commit is contained in:
Hector Cortez
2013-04-15 15:49:27 -04:00
parent 03596f504b
commit c90a1d4da2
7 changed files with 465 additions and 256 deletions
Download Patch File Download Diff File Expand all files Collapse all files

38
workflow/engine/methods/cases/caseMessageHistory_Ajax.php
View File

@@ -25,11 +25,11 @@
$actionAjax = isset( $_REQUEST['actionAjax'] ) ? $_REQUEST['actionAjax'] : null;
if ($actionAjax == 'messageHistoryGridList_JXP') {
if (!isset($_REQUEST['start'])) {
$_REQUEST['start'] = 0;
}
if (!isset($_REQUEST['limit'])) {
$_REQUEST['limit'] = 20;
}
@@ -46,13 +46,37 @@ if ($actionAjax == 'messageHistoryGridList_JXP') {
$result = new stdClass();
$aProcesses = Array ();
foreach ($appMessageArray as $index => $value) {
if ($appMessageArray[$index]['APP_MSG_SHOW_MESSAGE'] == 1) {
$appMessageArray[$index]['ID_MESSAGE'] = $appMessageArray[$index]['APP_UID'] . '_' . $appMessageArray[$index]['APP_MSG_UID'];
$aProcesses[] = $appMessageArray[$index];
$proUid = $_SESSION['PROCESS'];
$appUid = $_SESSION['APPLICATION'];
$tasUid = $_SESSION['TASK'];
$usrUid = $_SESSION['USER_LOGGED'];
$respView = $oCase->getAllObjectsFrom( $proUid, $appUid, $tasUid, $usrUid, 'VIEW' );
$respBlock = $oCase->getAllObjectsFrom( $proUid, $appUid, $tasUid, $usrUid, 'BLOCK' );
$respResend = $oCase->getAllObjectsFrom( $proUid, $appUid, $tasUid, $usrUid, 'RESEND' );
if ($respView['MSGS_HISTORY'] != "" ) {
$respMess = $respView['MSGS_HISTORY'];
} else {
if ( $respBlock['MSGS_HISTORY'] != "" ) {
$respMess = $respBlock['MSGS_HISTORY'];
} else {
if ($respResend['MSGS_HISTORY'] != "") {
$respMess = $respResend['MSGS_HISTORY'];
} else {
$respMess = "";
}
}
}
foreach ($appMessageArray as $index => $value) {
if ($appMessageArray[$index]['APP_MSG_SHOW_MESSAGE'] == 1 && $respMess != 'BLOCK' ) {
$appMessageArray[$index]['ID_MESSAGE'] = $appMessageArray[$index]['APP_UID'] . '_' . $appMessageArray[$index]['APP_MSG_UID'];
$aProcesses[] = array_merge($appMessageArray[$index], array('MSGS_HISTORY' => $respMess));
}
}
$totalCount = 0;
foreach ($appMessageCountArray as $index => $value) {
if ($appMessageCountArray[$index]['APP_MSG_SHOW_MESSAGE'] == 1) {

11
workflow/engine/methods/processes/processes_SaveObjectPermission.php
View File

@@ -42,10 +42,11 @@ if ($access != 1) {
break;
}
}
if (isset( $_POST['form'] ))
if (isset( $_POST['form'] )) {
$sValue = $_POST['form']; //For old processmap
else
} else {
$sValue = $_POST; //For new processmap EXtjs
}
list ($iRelation, $sUserGroup) = explode( '|', $sValue['GROUP_USER'] );
@@ -66,11 +67,13 @@ switch ($sValue['OP_OBJ_TYPE']) {
case 'OUTPUT':
$sObjectUID = $sValue['OUTPUTS'];
break;
case 'MSGS_HISTORY':
$sObjectUID = $sValue['MSGS_HISTORY'];
break;
}
require_once 'classes/model/ObjectPermission.php';
$oOP = new ObjectPermission();
$aData = array ('OP_UID' => G::generateUniqueID(),'PRO_UID' => $sValue['PRO_UID'],'TAS_UID' => $sValue['TAS_UID'],'USR_UID' => (string) $sUserGroup,'OP_USER_RELATION' => $iRelation,'OP_TASK_SOURCE' => $sValue['OP_TASK_SOURCE'],'OP_PARTICIPATE' => $sValue['OP_PARTICIPATE'],'OP_OBJ_TYPE' => $sValue['OP_OBJ_TYPE'],'OP_OBJ_UID' => $sObjectUID,'OP_ACTION' => $sValue['OP_ACTION'],'OP_CASE_STATUS' => $sValue['OP_CASE_STATUS']
);
$aData = array ('OP_UID' => G::generateUniqueID(),'PRO_UID' => $sValue['PRO_UID'],'TAS_UID' => $sValue['TAS_UID'],'USR_UID' => (string) $sUserGroup,'OP_USER_RELATION' => $iRelation,'OP_TASK_SOURCE' => $sValue['OP_TASK_SOURCE'],'OP_PARTICIPATE' => $sValue['OP_PARTICIPATE'],'OP_OBJ_TYPE' => $sValue['OP_OBJ_TYPE'],'OP_OBJ_UID' => $sObjectUID,'OP_ACTION' => $sValue['OP_ACTION'],'OP_CASE_STATUS' => $sValue['OP_CASE_STATUS']);
$oOP->fromArray( $aData, BasePeer::TYPE_FIELDNAME );
$oOP->save();
G::LoadClass( 'processMap' );