From d629ea9d4a1158a26f3cbdc7cb20af88e2fc979e Mon Sep 17 00:00:00 2001 From: Andrea Adamczyk Date: Wed, 10 Jun 2020 17:27:27 -0400 Subject: [PATCH] PMCORE-1604-A --- .../methods/cases/casesShowCaseNotes.php | 94 +++++++++++++++++++ workflow/public_html/sysGeneric.php | 1 + 2 files changed, 95 insertions(+) create mode 100644 workflow/engine/methods/cases/casesShowCaseNotes.php diff --git a/workflow/engine/methods/cases/casesShowCaseNotes.php b/workflow/engine/methods/cases/casesShowCaseNotes.php new file mode 100644 index 000000000..22e5df7d5 --- /dev/null +++ b/workflow/engine/methods/cases/casesShowCaseNotes.php @@ -0,0 +1,94 @@ +getLastAppDocVersion($_GET['a']); +} else { + $docVersion = $_GET['v']; +} + +$appDocument->fields = $appDocument->load($_GET['a'], $docVersion); + +//Check if the document is a case note document +if ($appDocument->fields['APP_DOC_TYPE'] != 'CASE_NOTE') { + G::header('Location: /errors/error403.php'); + die(); +} + +//Check if the user can be download the input Document +//Send the parameter v = Version +//Send the parameter a = Case UID +if ($RBAC->userCanAccess('PM_FOLDERS_ALL') != 1 && defined('DISABLE_DOWNLOAD_DOCUMENTS_SESSION_VALIDATION') && DISABLE_DOWNLOAD_DOCUMENTS_SESSION_VALIDATION == 0) { + if (!$appDocument->canDownloadInput($_SESSION['USER_LOGGED'], $_GET['a'], $docVersion)) { + G::header('Location: /errors/error403.php'); + die(); + } +} + +//Create the Cases object +$case = new Cases(); +//Get the case information to get the processUid +$processUid = $case->getCaseInfo($appDocument->fields['APP_UID'], $_SESSION['USER_LOGGED'])->pro_uid; +//Get the user authorization +$userCanAccess = $case->userAuthorization( + $_SESSION['USER_LOGGED'], + $processUid, + $appDocument->fields['APP_UID'], + ['PM_ALLCASES'], + ['CASES_NOTES' => 'VIEW'] +); + +//Check if the user has the Case Notes permissions +if ($userCanAccess['objectPermissions']['CASES_NOTES'] != 1) { + G::header('Location: /errors/error403.php'); + die(); +} + +$appDocUid = $appDocument->getAppDocUid(); +$docVersionInformation = $appDocument->getDocVersion(); +$info = pathinfo($appDocument->getAppDocFilename()); +$ext = (isset($info['extension']) ? $info['extension'] : ''); + +$download = true; + +//Get the document path +$appUid = G::getPathFromUID($appDocument->fields['APP_UID']); +$file = G::getPathFromFileUID($appDocument->fields['APP_UID'], $appDocUid); + +$realPath = PATH_DOCUMENT . $appUid . '/' . $file[0] . $file[1] . '_' . $docVersionInformation . '.' . $ext; +$realPath1 = PATH_DOCUMENT . $appUid . '/' . $file[0] . $file[1] . '.' . $ext; +$sw_file_exists = false; +if (file_exists($realPath)) { + $sw_file_exists = true; +} elseif (file_exists($realPath1)) { + $sw_file_exists = true; + $realPath = $realPath1; +} + +if (!$sw_file_exists) { + $error_message = G::LoadTranslation('ID_ERROR_STREAMING_FILE'); + G::SendMessageText($error_message, "ERROR"); + G::header('Location: ' . $_SERVER['HTTP_REFERER']); + die(); +} else { + $nameFile = $appDocument->fields['APP_DOC_FILENAME']; + G::streamFile($realPath, $download, $nameFile); //download +} diff --git a/workflow/public_html/sysGeneric.php b/workflow/public_html/sysGeneric.php index bb5c9eb63..838b097af 100644 --- a/workflow/public_html/sysGeneric.php +++ b/workflow/public_html/sysGeneric.php @@ -976,6 +976,7 @@ if (!defined('EXECUTE_BY_CRON')) { $noLoginFiles[] = 'cases_SaveData'; $noLoginFiles[] = 'cases_Derivate'; $noLoginFiles[] = 'cases_NextStep'; + $noLoginFiles[] = 'casesShowCaseNotes'; $noLoginFiles[] = 'genericAjax'; $noLoginFiles[] = 'casesSaveDataView'; $noLoginFiles[] = 'propelTableAjax';