diff --git a/gulliver/system/class.database_mssql.php b/gulliver/system/class.database_mssql.php index b5e83acb4..e631f6bf2 100755 --- a/gulliver/system/class.database_mssql.php +++ b/gulliver/system/class.database_mssql.php @@ -218,7 +218,10 @@ class database extends database_base public function getPrimaryKey ($sTable) { try { - $sSQL = " SELECT c.COLUMN_NAME " . " FROM INFORMATION_SCHEMA.TABLE_CONSTRAINTS pk , " . " INFORMATION_SCHEMA.KEY_COLUMN_USAGE c " . " WHERE pk.TABLE_NAME = '" . trim( $sTable ) . "' " . " AND CONSTRAINT_TYPE = 'PRIMARY KEY' " . " AND c.TABLE_NAME = pk.TABLE_NAME " . " AND c.CONSTRAINT_NAME = pk.CONSTRAINT_NAME "; + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); + $sSQL = " SELECT c.COLUMN_NAME " . " FROM INFORMATION_SCHEMA.TABLE_CONSTRAINTS pk , " . " INFORMATION_SCHEMA.KEY_COLUMN_USAGE c " . " WHERE pk.TABLE_NAME = '%s' " . " AND CONSTRAINT_TYPE = 'PRIMARY KEY' " . " AND c.TABLE_NAME = pk.TABLE_NAME " . " AND c.CONSTRAINT_NAME = pk.CONSTRAINT_NAME "; + $sSQL = $filter->preventSqlInjection($sSQL, array(trim( $sTable ))); $oPrimaryKey = $this->executeQuery( $sSQL ); $aPrimaryKey = mssql_fetch_array( $oPrimaryKey ); mssql_free_result( $oPrimaryKey ); @@ -238,8 +241,10 @@ class database extends database_base public function getFieldConstraint ($sTable, $sField) { try { - $sSQL = " select a.name " . " from sysobjects a " . " inner join syscolumns b on a.id = b.cdefault " . " where a.xtype = 'D' " . " and a.parent_obj = (select id from sysobjects where xtype = 'U' and name = '" . trim( $sTable ) . "') " . " and b.name = '" . trim( $sField ) . "' "; - + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); + $sSQL = " select a.name " . " from sysobjects a " . " inner join syscolumns b on a.id = b.cdefault " . " where a.xtype = 'D' " . " and a.parent_obj = (select id from sysobjects where xtype = 'U' and name = '%s') " . " and b.name = '%s' "; + $sSQL = $filter->preventSqlInjection($sSQL, array(trim( $sTable ),trim( $sField ))); $oFieldConstraint = $this->executeQuery( $sSQL ); $aFieldConstraint = mssql_fetch_array( $oFieldConstraint ); mssql_free_result( $oFieldConstraint ); @@ -259,8 +264,11 @@ class database extends database_base public function dropFieldConstraint ($sTable, $sField) { try { + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); $sConstraint = $this->getFieldConstraint( $sTable, $sField ); - $sSQL = "ALTER TABLE " . $sTable . " DROP CONSTRAINT " . $sConstraint . $this->sEndLine; + $sSQL = "ALTER TABLE %s DROP CONSTRAINT %s"; + $sSQL = $filter->preventSqlInjection($sSQL, array($sTable,$sConstraint . $this->sEndLine)); $oFieldConstraint = $this->executeQuery( $sSQL ); return $oFieldConstraint; } catch (Exception $oException) { @@ -367,7 +375,10 @@ class database extends database_base if (! $this->oConnection) { return false; } - return $this->executeQuery( 'USE ' . $this->sDataBase ); + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); + $query = $filter->preventSqlInjection("USE %s", array($this->sDataBase)); + return $this->executeQuery( $query ); } public function logQuery ($sQuery) diff --git a/gulliver/system/class.dbMaintenance.php b/gulliver/system/class.dbMaintenance.php index edf866889..dbe90bdb0 100755 --- a/gulliver/system/class.dbMaintenance.php +++ b/gulliver/system/class.dbMaintenance.php @@ -254,6 +254,9 @@ class DataBaseMaintenance */ function dumpData ($table) { + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); + $table = $filter->validateInput($table, 'nosql'); $this->outfile = $this->tmpDir . $table . '.dump'; //if the file exists delete it @@ -261,7 +264,8 @@ class DataBaseMaintenance @unlink( $this->outfile ); } - $sql = "SELECT * INTO OUTFILE '{$this->outfile}' FIELDS TERMINATED BY '\t|\t' OPTIONALLY ENCLOSED BY '\"' LINES TERMINATED BY '\t\t\r\r\n' FROM $table"; + $sql = "SELECT * INTO OUTFILE '{%s}' FIELDS TERMINATED BY '\t|\t' OPTIONALLY ENCLOSED BY '\"' LINES TERMINATED BY '\t\t\r\r\n' FROM %s"; + $sql = $filter->preventSqlInjection($sql, array($this->outfile,$table)); // The mysql_escape_string function has been DEPRECATED as of PHP 5.3.0. // Commented that is not assigned to a variable. // mysql_escape_string("';"); @@ -281,8 +285,11 @@ class DataBaseMaintenance */ function restoreData ($backupFile) { + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); $tableName = str_replace( '.dump', '', basename( $backupFile ) ); - $sql = "LOAD DATA INFILE '$backupFile' INTO TABLE $tableName FIELDS TERMINATED BY '\t|\t' OPTIONALLY ENCLOSED BY '\"' LINES TERMINATED BY '\t\t\r\r\n'"; + $sql = "LOAD DATA INFILE '%s' INTO TABLE %s FIELDS TERMINATED BY '\t|\t' OPTIONALLY ENCLOSED BY '\"' LINES TERMINATED BY '\t\t\r\r\n'"; + $sql = $filter->preventSqlInjection($sql, array($backupFile,$tableName)); if (! @mysql_query( $sql )) { print mysql_error() . "\n"; return false; @@ -421,11 +428,15 @@ class DataBaseMaintenance function lockTables () { + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); $aTables = $this->getTablesList(); if (empty( $aTables )) return false; printf( "%-70s", "LOCK TABLES" ); - if (@mysql_query( "LOCK TABLES " . implode( " READ, ", $aTables ) . " READ; " )) { + $sQuery = "LOCK TABLES " . implode( " READ, ", $aTables ) . " READ; "; + $sQuery = $filter->preventSqlInjection($sQuery); + if (@mysql_query( $sQuery )) { echo " [OK]\n"; return true; } else { @@ -454,8 +465,13 @@ class DataBaseMaintenance function dumpSqlInserts ($table) { + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); + $table = $filter->validateInput($table, 'nosql'); $bytesSaved = 0; - $result = @mysql_query( "SELECT * FROM `$table`" ); + $query = "SELECT * FROM `%s`"; + $query = $filter->preventSqlInjection($query, array($table)); + $result = @mysql_query( $query ); $num_rows = mysql_num_rows( $result ); $num_fields = mysql_num_fields( $result ); @@ -624,11 +640,13 @@ class DataBaseMaintenance * @return string $tableSchema */ function getSchemaFromTable ($tablename) - { - //$tableSchema = "/* Structure for table `$tablename` */\n"; - //$tableSchema .= "DROP TABLE IF EXISTS `$tablename`;\n\n"; + { + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); + $tablename = $filter->validateInput($tablename, 'nosql'); $tableSchema = ""; - $sql = "show create table `$tablename`; "; + $sql = "show create table `%s`; "; + $sql = $filter->preventSqlInjection($sql, array($tablename)); $result = @mysql_query( $sql ); if ($result) { if ($row = mysql_fetch_assoc( $result )) { diff --git a/gulliver/system/class.g.php b/gulliver/system/class.g.php index e26f01cef..bfe345203 100755 --- a/gulliver/system/class.g.php +++ b/gulliver/system/class.g.php @@ -3317,10 +3317,10 @@ class G * * @author Erik A.O. */ - public function json_decode($Json) + public function json_decode($Json, $assoc = false) { if (function_exists('json_decode')) { - return json_decode($Json); + return json_decode($Json, $assoc); } else { G::LoadThirdParty('pear/json', 'class.json'); $oJSON = new Services_JSON(); diff --git a/gulliver/system/class.inputfilter.php b/gulliver/system/class.inputfilter.php index 44a44e688..2dde19327 100644 --- a/gulliver/system/class.inputfilter.php +++ b/gulliver/system/class.inputfilter.php @@ -436,7 +436,7 @@ class InputFilter $inputFiltered = str_replace('&','&',$inputFiltered); } } else { - $jsArray = (array)G::json_decode($val); + $jsArray = G::json_decode($val,true); if(is_array($jsArray) && sizeof($jsArray)) { foreach($jsArray as $j => $jsVal){ if(is_array($jsVal) && sizeof($jsVal)) { @@ -472,7 +472,7 @@ class InputFilter $input = str_replace('&','&',$input); } } else { - $jsArray = (array)G::json_decode($input); + $jsArray = G::json_decode($input,true); if(is_array($jsArray) && sizeof($jsArray)) { foreach($jsArray as $j => $jsVal){ if(is_array($jsVal) && sizeof($jsVal)) { @@ -526,34 +526,43 @@ class InputFilter * @access protected * @param String $value * @param String or Array $types + * @param String $valType * @return String $value */ - function validateInput($value, $types = 'string') + function validateInput($value, $types = 'string', $valType = 'sanitize') { - if(!isset($value) || trim($value) === '' || $value === NULL ) { + if(!isset($value) || empty($value)) { return ''; } - if($pos = strpos($value,";")) { - $value = substr($value,0,$pos); - } - if(is_array($types) && sizeof($types)){ foreach($types as $type){ - $value = $this->validateInputValue($value, $type); + if($valType == 'sanitize') { + $value = $this->sanitizeInputValue($value, $type); + } else { + $value = $this->validateInputValue($value, $type); + } } } elseif(is_string($types)) { - $value = $this->validateInputValue($value, $types); + if($types == 'sanitize' || $types == 'validate') { + $valType = $types; + $types = 'string'; + } + if($valType == 'sanitize') { + $value = $this->sanitizeInputValue($value, $types); + } else { + $value = $this->validateInputValue($value, $types); + } } return $value; } - function validateInputValue($value, $type) { + function sanitizeInputValue($value, $type) { switch($type) { case 'float': - $value = (float)filter_var($value, FILTER_SANITIZE_NUMBER_FLOAT); + $value = filter_var($value, FILTER_SANITIZE_NUMBER_FLOAT, FILTER_FLAG_ALLOW_FRACTION | FILTER_FLAG_ALLOW_THOUSAND); break; case 'int': $value = (int)filter_var($value, FILTER_SANITIZE_NUMBER_INT); @@ -568,16 +577,53 @@ class InputFilter break; case 'nosql': $value = (string)filter_var($value, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH); - if(preg_match('/\b(or|and|xor|drop|insert|update|delete|select)\b/i' , $value)) { - $value = ''; + if(preg_match('/\b(or|and|xor|drop|insert|update|delete|select)\b/i' , $value, $matches, PREG_OFFSET_CAPTURE)) { + $value = substr($value,0,$matches[0][1]); } break; - case 'db': - break; default: $value = (string)filter_var($value, FILTER_SANITIZE_STRING, FILTER_FLAG_STRIP_LOW | FILTER_FLAG_STRIP_HIGH); } return $value; } + + + function validateInputValue($value, $type) { + + switch($type) { + case 'float': + $value = str_replace(',', '.', $value); + if(!filter_var($value, FILTER_VALIDATE_FLOAT)) { + throw new Exception('not a float value'); + } + break; + case 'int': + if(!filter_var($value, FILTER_VALIDATE_INT)) { + throw new Exception('not a int value'); + } + break; + case 'boolean': + if(!preg_match('/\b(yes|no|false|true|1|0)\b/i' , $value)) { + throw new Exception('not a boolean value'); + } + break; + case 'path': + if(!file_exists($value)) { + throw new Exception('not a valid path'); + } + break; + case 'nosql': + if(preg_match('/\b(or|and|xor|drop|insert|update|delete|select)\b/i' , $value)) { + throw new Exception('sql command found'); + } + break; + default: + if(!is_string($value)) { + throw new Exception('not a string value'); + } + } + + + } } diff --git a/workflow/engine/classes/class.case.php b/workflow/engine/classes/class.case.php index 5b67922fa..18d797232 100755 --- a/workflow/engine/classes/class.case.php +++ b/workflow/engine/classes/class.case.php @@ -1065,7 +1065,7 @@ class Cases $Fields['DEL_INDEX'] = 1; } $inbox = new ListInbox(); - $inbox->update($Fields); + $inbox->update($Fields); /*----------------------------------********---------------------------------*/ //Return @@ -1175,7 +1175,26 @@ class Cases if ($this->appSolr != null) { $this->appSolr->deleteApplicationSearchIndex($sAppUid); } + /*----------------------------------********---------------------------------*/ + $criteria = new Criteria(); + $criteria->addSelectColumn( ListInboxPeer::USR_UID ); + $criteria->add( ListInboxPeer::APP_UID, $sAppUid, Criteria::EQUAL ); + $dataset = ApplicationPeer::doSelectRS($criteria); + $dataset->setFetchmode(ResultSet::FETCHMODE_ASSOC); + while($dataset->next()) { + $aRow = $dataset->getRow(); + $users = new Users(); + $users->refreshTotal($aRow['USR_UID'], 'remove', 'draft'); + $users->refreshTotal($aRow['USR_UID'], 'remove', 'participated'); + } + $oCriteria = new Criteria('workflow'); + $oCriteria->add(ListInboxPeer::APP_UID, $sAppUid); + ListInboxPeer::doDelete($oCriteria); + $oCriteria = new Criteria('workflow'); + $oCriteria->add(ListParticipatedLastPeer::APP_UID, $sAppUid); + ListParticipatedLastPeer::doDelete($oCriteria); + /*----------------------------------********---------------------------------*/ return $result; } catch (exception $e) { throw ($e); @@ -1237,6 +1256,12 @@ class Cases $appAssignSelfServiceValue = new AppAssignSelfServiceValue(); $appAssignSelfServiceValue->remove($sAppUid, $iDelIndex); + /*----------------------------------********---------------------------------*/ + $aFields = $oAppDel->toArray(BasePeer::TYPE_FIELDNAME); + $aFields['APP_STATUS'] = 'TO_DO'; + $inbox = new ListInbox(); + $inbox->update($aFields, true); + /*----------------------------------********---------------------------------*/ } catch (exception $e) { throw ($e); } @@ -1905,11 +1930,11 @@ class Cases $c->add(AppDelegationPeer::APP_UID, $sAppUid); $c->add(AppDelegationPeer::DEL_INDEX, $iDelIndex); $rowObj = AppDelegationPeer::doSelect($c); - G::LoadClass('dates'); - $oDates = new dates(); + $user = ''; foreach ($rowObj as $appDel) { $appDel->setDelThreadStatus('CLOSED'); $appDel->setDelFinishDate('now'); + $user = $appDel->getUsrUid(); if ($appDel->Validate()) { $appDel->Save(); } else { @@ -1926,7 +1951,7 @@ class Cases $data['DEL_THREAD_STATUS'] = 'CLOSED'; $data['APP_UID'] = $sAppUid; $data['DEL_INDEX'] = $iDelIndex; - $data['USR_UID'] = $appDel->getUsrUid(); + $data['USR_UID'] = $user; $listParticipatedLast = new ListParticipatedLast(); $listParticipatedLast->refresh($data); /*----------------------------------********---------------------------------*/ @@ -1981,7 +2006,7 @@ class Cases * @return Fields */ - public function startCase($sTasUid, $sUsrUid, $isSubprocess = false) + public function startCase($sTasUid, $sUsrUid, $isSubprocess = false, $dataPreviusApplication = array()) { if ($sTasUid != '') { try { @@ -2045,11 +2070,12 @@ class Cases $Fields['USR_UID'] = $sUsrUid; $Fields['DEL_INDEX'] = $iDelIndex; $Fields['APP_STATUS'] = 'TO_DO'; + $Fields['DEL_DELEGATE_DATE'] = $Fields['APP_INIT_DATE']; if(!$isSubprocess){ $Fields['APP_STATUS'] = 'DRAFT'; } $inbox = new ListInbox(); - $inbox->newRow($Fields, $sUsrUid); + $inbox->newRow($Fields, $sUsrUid, $isSubprocess, $dataPreviusApplication); /*----------------------------------********---------------------------------*/ } catch (exception $e) { throw ($e); @@ -4041,8 +4067,9 @@ class Cases $this->getExecuteTriggerProcess($sApplicationUID, "UNPAUSE"); /*----------------------------------********---------------------------------*/ + $aData = array_merge($aFieldsDel, $aData); $oListPaused = new ListPaused(); - $oListPaused->remove($sApplicationUID, $iDelegation, true); + $oListPaused->remove($sApplicationUID, $iDelegation, $aData); /*----------------------------------********---------------------------------*/ } @@ -4254,6 +4281,27 @@ class Cases $this->appSolr->updateApplicationSearchIndex($sApplicationUID); } + /*----------------------------------********---------------------------------*/ + $oCriteria = new Criteria('workflow'); + $oCriteria->add(ListParticipatedLastPeer::APP_UID, $aData['APP_UID']); + $oCriteria->add(ListParticipatedLastPeer::USR_UID, $sUserUID); + $oCriteria->add(ListParticipatedLastPeer::DEL_INDEX, $iDelegation); + ListParticipatedLastPeer::doDelete($oCriteria); + $users = new Users(); + $users->refreshTotal($sUserUID, 'remove', 'participated'); + + $aFieldsDel = array_merge($aData, $aFieldsDel); + $aFieldsDel['USR_UID'] = $newUserUID; + $inbox = new ListInbox(); + $inbox->newRow($aFieldsDel, $sUserUID); + $users = new Users(); + if ($aFields['APP_STATUS'] == 'DRAFT') { + $users->refreshTotal($sUserUID, 'remove', 'draft'); + } else if ($iDelegation == 2) { + $users->refreshTotal($sUserUID, 'add', 'draft'); + $users->refreshTotal($sUserUID, 'remove', 'inbox'); + } + /*----------------------------------********---------------------------------*/ $this->getExecuteTriggerProcess($sApplicationUID, 'REASSIGNED'); return true; } @@ -6646,7 +6694,6 @@ class Cases } } - require_once 'classes/model/Users.php'; $c = new Criteria('workflow'); $c->addSelectColumn(UsersPeer::USR_UID); $c->addSelectColumn(UsersPeer::USR_USERNAME); diff --git a/workflow/engine/classes/class.derivation.php b/workflow/engine/classes/class.derivation.php index 506c48c22..155aec556 100755 --- a/workflow/engine/classes/class.derivation.php +++ b/workflow/engine/classes/class.derivation.php @@ -748,14 +748,13 @@ class Derivation //SETS THE APP_PROC_CODE //if (isset($nextDel['TAS_DEF_PROC_CODE'])) //$appFields['APP_PROC_CODE'] = $nextDel['TAS_DEF_PROC_CODE']; - /*----------------------------------********---------------------------------*/ if (!empty($iNewDelIndex) && empty($aSP)) { $oAppDel = AppDelegationPeer::retrieveByPK( $appFields['APP_UID'], $iNewDelIndex ); $aFields = $oAppDel->toArray( BasePeer::TYPE_FIELDNAME ); $aFields['APP_STATUS'] = $currentDelegation['APP_STATUS']; $inbox = new ListInbox(); - $inbox->newRow($aFields, $nextDel['USR_UID']); + $inbox->newRow($aFields, $appFields['CURRENT_USER_UID'], false, array(), ($nextDel['TAS_ASSIGN_TYPE'] == 'SELF_SERVICE' ? true : false)); } /*----------------------------------********---------------------------------*/ unset( $aSP ); @@ -863,7 +862,7 @@ class Derivation if (isset( $aSP )) { //Create the new case in the sub-process // set the initial date to null the time its created - $aNewCase = $this->case->startCase( $aSP['TAS_UID'], $aSP['USR_UID'], true ); + $aNewCase = $this->case->startCase( $aSP['TAS_UID'], $aSP['USR_UID'], true, $appFields); //Copy case variables to sub-process case $aFields = unserialize( $aSP['SP_VARIABLES_OUT'] ); $aNewFields = array (); diff --git a/workflow/engine/classes/class.wsTools.php b/workflow/engine/classes/class.wsTools.php index ba7825bdb..08bc6c346 100755 --- a/workflow/engine/classes/class.wsTools.php +++ b/workflow/engine/classes/class.wsTools.php @@ -1970,6 +1970,39 @@ class workspaceTools } CLI::logging("> Completed table LIST_UNASSIGNED\n"); CLI::logging("> Completed table LIST_UNASSIGNED_GROUP\n"); + + // ADD LISTS COUNTS + $aTypes = array( + 'to_do', + 'draft', + 'cancelled', + 'sent', + 'paused', + 'completed', + 'selfservice' + ); + + $users = new Users(); + $criteria = new Criteria(); + $criteria->addSelectColumn(UsersPeer::USR_UID); + $dataset = UsersPeer::doSelectRS($criteria); + $dataset->setFetchmode(ResultSet::FETCHMODE_ASSOC); + while($dataset->next()) { + $aRow = $dataset->getRow(); + $oAppCache = new AppCacheView(); + $aCount = $oAppCache->getAllCounters( $aTypes, $aRow['USR_UID'] ); + $newData = array( + 'USR_UID' => $aRow['USR_UID'], + 'USR_TOTAL_INBOX' => $aCount['to_do'], + 'USR_TOTAL_DRAFT' => $aCount['draft'], + 'USR_TOTAL_CANCELLED' => $aCount['cancelled'], + 'USR_TOTAL_PARTICIPATED' => $aCount['sent'], + 'USR_TOTAL_PAUSED' => $aCount['paused'], + 'USR_TOTAL_COMPLETED' => $aCount['completed'], + 'USR_TOTAL_UNASSIGNED' => $aCount['selfservice'] + ); + $users->update($newData); + } $this->listFirstExecution('insert'); return true; } diff --git a/workflow/engine/classes/model/ListCanceled.php b/workflow/engine/classes/model/ListCanceled.php index 1871e6f25..f00fb46d7 100644 --- a/workflow/engine/classes/model/ListCanceled.php +++ b/workflow/engine/classes/model/ListCanceled.php @@ -103,6 +103,10 @@ class ListCanceled extends BaseListCanceled { $oListInbox = new ListInbox(); $oListInbox->removeAll($data['APP_UID']); + $users = new Users(); + $users->refreshTotal($data['USR_UID'], 'removed', 'inbox'); + $users->refreshTotal($data['USR_UID'], 'add', 'canceled'); + $con = Propel::getConnection( ListCanceledPeer::DATABASE_NAME ); try { $this->fromArray( $data, BasePeer::TYPE_FIELDNAME ); diff --git a/workflow/engine/classes/model/ListCompleted.php b/workflow/engine/classes/model/ListCompleted.php index 900d64baa..ddbbf299b 100644 --- a/workflow/engine/classes/model/ListCompleted.php +++ b/workflow/engine/classes/model/ListCompleted.php @@ -94,6 +94,14 @@ class ListCompleted extends BaseListCompleted $criteriaSet->add(ListParticipatedLastPeer::APP_STATUS, 'COMPLETED'); BasePeer::doUpdate($criteriaWhere, $criteriaSet, Propel::getConnection("workflow")); + $users = new Users(); + $users->refreshTotal($data['USR_UID'], 'add', 'completed'); + if ($data['DEL_PREVIOUS'] != 0) { + $users->refreshTotal($data['USR_UID'], 'remove', 'inbox'); + } else { + $users->refreshTotal($data['USR_UID'], 'remove', 'draft'); + } + $con = Propel::getConnection( ListCompletedPeer::DATABASE_NAME ); try { $this->fromArray( $data, BasePeer::TYPE_FIELDNAME ); diff --git a/workflow/engine/classes/model/ListInbox.php b/workflow/engine/classes/model/ListInbox.php index 2ad27b9c2..05e2cd51f 100644 --- a/workflow/engine/classes/model/ListInbox.php +++ b/workflow/engine/classes/model/ListInbox.php @@ -23,7 +23,7 @@ class ListInbox extends BaseListInbox * @return type * */ - public function create($data) + public function create($data, $isSelfService = false) { $con = Propel::getConnection( ListInboxPeer::DATABASE_NAME ); try { @@ -48,12 +48,27 @@ class ListInbox extends BaseListInbox $listMyInbox->refresh($data); // remove and create participated last - $listParticipatedLast = new ListParticipatedLast(); - $listParticipatedLast->remove($data['APP_UID'], $data['USR_UID']); - $listParticipatedLast = new ListParticipatedLast(); - $listParticipatedLast->create($data); - $listParticipatedLast = new ListParticipatedLast(); - $listParticipatedLast->refresh($data); + if (!$isSelfService) { + $listParticipatedLast = new ListParticipatedLast(); + $listParticipatedLast->remove($data['APP_UID'], $data['USR_UID']); + $listParticipatedLast = new ListParticipatedLast(); + $listParticipatedLast->create($data); + $listParticipatedLast = new ListParticipatedLast(); + $listParticipatedLast->refresh($data); + } else { + $data['USR_UID'] = $data['DEL_PREVIOUS_USR_UID']; + $data['DEL_CURRENT_USR_LASTNAME'] = ''; + $data['DEL_CURRENT_USR_USERNAME'] = ''; + $data['DEL_CURRENT_USR_FIRSTNAME'] = ''; + + $listParticipatedLast = new ListParticipatedLast(); + $listParticipatedLast->refresh($data, $isSelfService); + $data['USR_UID'] = 'SELF_SERVICES'; + $listParticipatedLast = new ListParticipatedLast(); + $listParticipatedLast->create($data); + $listParticipatedLast = new ListParticipatedLast(); + $listParticipatedLast->refresh($data, $isSelfService); + } return $result; } catch(Exception $e) { @@ -69,8 +84,31 @@ class ListInbox extends BaseListInbox * @return type * @throws type */ - public function update($data) + public function update($data, $isSelfService = false) { + if ($isSelfService) { + $users = new Users(); + $users->refreshTotal($data['USR_UID'], 'add', 'inbox'); + + $listParticipatedLast = new ListParticipatedLast(); + $listParticipatedLast->remove($data['APP_UID'], $data['USR_UID']); + + //Update - WHERE + $criteriaWhere = new Criteria("workflow"); + $criteriaWhere->add(ListParticipatedLastPeer::APP_UID, $data["APP_UID"], Criteria::EQUAL); + $criteriaWhere->add(ListParticipatedLastPeer::USR_UID, 'SELF_SERVICES', Criteria::EQUAL); + $criteriaWhere->add(ListParticipatedLastPeer::DEL_INDEX, $data["DEL_INDEX"], Criteria::EQUAL); + + //Update - SET + $criteriaSet = new Criteria("workflow"); + $criteriaSet->add(ListParticipatedLastPeer::USR_UID, $data['USR_UID']); + BasePeer::doUpdate($criteriaWhere, $criteriaSet, Propel::getConnection("workflow")); + + $listParticipatedLast = new ListParticipatedLast(); + $listParticipatedLast->refresh($data); + $users = new Users(); + $users->refreshTotal($data['USR_UID'], 'add', 'participated'); + } $con = Propel::getConnection( ListInboxPeer::DATABASE_NAME ); try { $con->begin(); @@ -141,7 +179,7 @@ class ListInbox extends BaseListInbox } } - public function newRow ($data, $delPreviusUsrUid) + public function newRow ($data, $delPreviusUsrUid, $isInitSubprocess = false, $dataPreviusApplication = array(), $isSelfService = false) { $data['DEL_PREVIOUS_USR_UID'] = $delPreviusUsrUid; if (isset($data['DEL_TASK_DUE_DATE'])) { @@ -211,7 +249,53 @@ class ListInbox extends BaseListInbox $data['DEL_PREVIOUS_USR_LASTNAME'] = $aRow['USR_LASTNAME']; } - self::create($data); + $users = new Users(); + $criteria = new Criteria(); + $criteria->addSelectColumn(SubApplicationPeer::DEL_INDEX_PARENT); + $criteria->add( SubApplicationPeer::APP_PARENT, $data['APP_UID'], Criteria::EQUAL ); + $dataset = SubApplicationPeer::doSelectRS($criteria); + $dataset->setFetchmode(ResultSet::FETCHMODE_ASSOC); + if ($dataset->next()) { + $aSub = $dataset->getRow(); + if ($aSub['DEL_INDEX_PARENT'] == $data['DEL_PREVIOUS'] && !$isSelfService) { + $users->refreshTotal($data['USR_UID'], 'add', 'inbox'); + self::create($data, $isSelfService); + return 1; + } + } + + if (!$isInitSubprocess) { + if ($data['APP_STATUS'] == 'DRAFT') { + $users->refreshTotal($data['USR_UID'], 'add', 'draft'); + } else { + $oRow = ApplicationPeer::retrieveByPK($data['APP_UID']); + $aFields = $oRow->toArray( BasePeer::TYPE_FIELDNAME ); + if ($data['DEL_INDEX'] == 2 || $aFields['APP_STATUS'] == 'DRAFT') { + $criteria = new Criteria(); + $criteria->addSelectColumn(SubApplicationPeer::APP_UID); + $criteria->add( SubApplicationPeer::APP_UID, $data['APP_UID'], Criteria::EQUAL ); + $dataset = SubApplicationPeer::doSelectRS($criteria); + if ($dataset->next()) { + $users->refreshTotal($delPreviusUsrUid, 'remove', 'inbox'); + } else { + $users->refreshTotal($delPreviusUsrUid, 'remove', 'draft'); + } + } else { + $users->refreshTotal($delPreviusUsrUid, 'remove', 'inbox'); + } + if (!$isSelfService) { + $users->refreshTotal($data['USR_UID'], 'add', 'inbox'); + } + } + } else { + $users->refreshTotal($data['USR_UID'], 'add', 'inbox'); + if ($dataPreviusApplication['APP_STATUS'] == 'DRAFT') { + $users->refreshTotal($dataPreviusApplication['CURRENT_USER_UID'], 'remove', 'draft'); + } else { + $users->refreshTotal($dataPreviusApplication['CURRENT_USER_UID'], 'remove', 'inbox'); + } + } + self::create($data, $isSelfService); } public function loadFilters (&$criteria, $filters) diff --git a/workflow/engine/classes/model/ListParticipatedLast.php b/workflow/engine/classes/model/ListParticipatedLast.php index e6432b170..ebcf6d959 100644 --- a/workflow/engine/classes/model/ListParticipatedLast.php +++ b/workflow/engine/classes/model/ListParticipatedLast.php @@ -26,19 +26,6 @@ class ListParticipatedLast extends BaseListParticipatedLast */ public function create($data) { - $criteria = new Criteria(); - $criteria->addSelectColumn(UsersPeer::USR_USERNAME); - $criteria->addSelectColumn(UsersPeer::USR_FIRSTNAME); - $criteria->addSelectColumn(UsersPeer::USR_LASTNAME); - $criteria->add( UsersPeer::USR_UID, $data['USR_UID'], Criteria::EQUAL ); - $dataset = UsersPeer::doSelectRS($criteria); - $dataset->setFetchmode(ResultSet::FETCHMODE_ASSOC); - $dataset->next(); - $aRow = $dataset->getRow(); - $data['DEL_CURRENT_USR_USERNAME'] = $aRow['USR_USERNAME']; - $data['DEL_CURRENT_USR_FIRSTNAME'] = $aRow['USR_FIRSTNAME']; - $data['DEL_CURRENT_USR_LASTNAME'] = $aRow['USR_LASTNAME']; - $criteria = new Criteria(); $criteria->addSelectColumn(ApplicationPeer::APP_STATUS); $criteria->add( ApplicationPeer::APP_UID, $data['APP_UID'], Criteria::EQUAL ); @@ -48,6 +35,24 @@ class ListParticipatedLast extends BaseListParticipatedLast $aRow = $dataset->getRow(); $data['APP_STATUS'] = $aRow['APP_STATUS']; + if ($data['USR_UID'] != 'SELF_SERVICES') { + $criteria = new Criteria(); + $criteria->addSelectColumn(UsersPeer::USR_USERNAME); + $criteria->addSelectColumn(UsersPeer::USR_FIRSTNAME); + $criteria->addSelectColumn(UsersPeer::USR_LASTNAME); + $criteria->add( UsersPeer::USR_UID, $data['USR_UID'], Criteria::EQUAL ); + $dataset = UsersPeer::doSelectRS($criteria); + $dataset->setFetchmode(ResultSet::FETCHMODE_ASSOC); + $dataset->next(); + $aRow = $dataset->getRow(); + $data['DEL_CURRENT_USR_USERNAME'] = $aRow['USR_USERNAME']; + $data['DEL_CURRENT_USR_FIRSTNAME'] = $aRow['USR_FIRSTNAME']; + $data['DEL_CURRENT_USR_LASTNAME'] = $aRow['USR_LASTNAME']; + + $users = new Users(); + $users->refreshTotal($data['USR_UID'], 'add', 'participated'); + } + $con = Propel::getConnection( ListParticipatedLastPeer::DATABASE_NAME ); try { $this->fromArray( $data, BasePeer::TYPE_FIELDNAME ); @@ -102,24 +107,32 @@ class ListParticipatedLast extends BaseListParticipatedLast * @throws type * */ - public function refresh ($data) + public function refresh ($data, $isSelfService = false) { $data['APP_STATUS'] = (empty($data['APP_STATUS'])) ? 'TO_DO' : $data['APP_STATUS']; - $criteria = new Criteria(); - $criteria->addSelectColumn(UsersPeer::USR_USERNAME); - $criteria->addSelectColumn(UsersPeer::USR_FIRSTNAME); - $criteria->addSelectColumn(UsersPeer::USR_LASTNAME); - $criteria->add( UsersPeer::USR_UID, $data['USR_UID'], Criteria::EQUAL ); - $dataset = UsersPeer::doSelectRS($criteria); - $dataset->setFetchmode(ResultSet::FETCHMODE_ASSOC); - $dataset->next(); - $aRow = $dataset->getRow(); - - $data['DEL_CURRENT_USR_UID'] = $data['USR_UID']; - $data['DEL_CURRENT_USR_USERNAME'] = $aRow['USR_USERNAME']; - $data['DEL_CURRENT_USR_FIRSTNAME'] = $aRow['USR_FIRSTNAME']; - $data['DEL_CURRENT_USR_LASTNAME'] = $aRow['USR_LASTNAME']; - $this->update($data); + if (!$isSelfService) { + $criteria = new Criteria(); + $criteria->addSelectColumn(UsersPeer::USR_USERNAME); + $criteria->addSelectColumn(UsersPeer::USR_FIRSTNAME); + $criteria->addSelectColumn(UsersPeer::USR_LASTNAME); + $criteria->add( UsersPeer::USR_UID, $data['USR_UID'], Criteria::EQUAL ); + $dataset = UsersPeer::doSelectRS($criteria); + $dataset->setFetchmode(ResultSet::FETCHMODE_ASSOC); + $dataset->next(); + $aRow = $dataset->getRow(); + + //Update - WHERE + $criteriaWhere = new Criteria("workflow"); + $criteriaWhere->add(ListParticipatedLastPeer::APP_UID, $data["APP_UID"], Criteria::EQUAL); + //Update - SET + $criteriaSet = new Criteria("workflow"); + $criteriaSet->add(ListParticipatedLastPeer::DEL_CURRENT_USR_USERNAME, $aRow['USR_USERNAME']); + $criteriaSet->add(ListParticipatedLastPeer::DEL_CURRENT_USR_FIRSTNAME, $aRow['USR_FIRSTNAME']); + $criteriaSet->add(ListParticipatedLastPeer::DEL_CURRENT_USR_LASTNAME, $aRow['USR_LASTNAME']); + BasePeer::doUpdate($criteriaWhere, $criteriaSet, Propel::getConnection("workflow")); + + } + $this->update($data); } /** @@ -132,6 +145,11 @@ class ListParticipatedLast extends BaseListParticipatedLast */ public function remove ($app_uid, $usr_uid) { + $existField = ListParticipatedLastPeer::retrieveByPK($app_uid, $usr_uid); + if (! is_null( $existField )) { + $users = new Users(); + $users->refreshTotal($usr_uid, 'removed', 'participated'); + } $con = Propel::getConnection( ListParticipatedLastPeer::DATABASE_NAME ); try { $this->setAppUid($app_uid); diff --git a/workflow/engine/classes/model/ListPaused.php b/workflow/engine/classes/model/ListPaused.php index b9539d64a..b029ba692 100644 --- a/workflow/engine/classes/model/ListPaused.php +++ b/workflow/engine/classes/model/ListPaused.php @@ -118,6 +118,14 @@ class ListPaused extends BaseListPaused { $oListInbox = new ListInbox(); $oListInbox->remove($data['APP_UID'], $data['DEL_INDEX']); + $users = new Users(); + if ($data['APP_STATUS'] == 'DRAFT') { + $users->refreshTotal($data['USR_UID'], 'removed', 'draft'); + } else { + $users->refreshTotal($data['USR_UID'], 'removed', 'inbox'); + } + $users->refreshTotal($data['USR_UID'], 'add', 'paused'); + $con = Propel::getConnection( ListPausedPeer::DATABASE_NAME ); try { $this->fromArray( $data, BasePeer::TYPE_FIELDNAME ); @@ -172,8 +180,20 @@ class ListPaused extends BaseListPaused { * @throws type * */ - public function remove ($app_uid, $del_index) + public function remove ($app_uid, $del_index, $data_inbox) { + $users = new Users(); + $users->refreshTotal($data_inbox['USR_UID'], 'removed', 'paused'); + + $oRow = ApplicationPeer::retrieveByPK($app_uid); + $aFields = $oRow->toArray( BasePeer::TYPE_FIELDNAME ); + $data_inbox['APP_STATUS'] = $aFields['APP_STATUS']; + if ($data_inbox['APP_STATUS'] == 'TO_DO') { + $users->refreshTotal($data_inbox['USR_UID'], 'add', 'inbox'); + } + $listInbox = new ListInbox(); + $listInbox->newRow($data_inbox, $data_inbox['USR_UID']); + $con = Propel::getConnection( ListPausedPeer::DATABASE_NAME ); try { $this->setAppUid($app_uid); diff --git a/workflow/engine/methods/cases/casesList_Ajax.php b/workflow/engine/methods/cases/casesList_Ajax.php index ed5a00827..8a4b48504 100755 --- a/workflow/engine/methods/cases/casesList_Ajax.php +++ b/workflow/engine/methods/cases/casesList_Ajax.php @@ -216,6 +216,7 @@ if ($actionAjax == "getUsersToReassign") { G::LoadClass( 'tasks' ); $task = new Task(); $tasks = $task->load($_SESSION['TASK']); + $result = new stdclass(); $result->data = $case->getUsersToReassign( $_SESSION['TASK'], $_SESSION['USER_LOGGED'], $tasks['PRO_UID'] ); print G::json_encode( $result ); } @@ -240,6 +241,7 @@ if ($actionAjax == 'reassignCase') { //print_r($caseData); $data['APP_NUMBER'] = $caseData['APP_NUMBER']; $data['USER'] = $userData['USR_LASTNAME'] . ' ' . $userData['USR_FIRSTNAME']; //TODO change with the farmated username from environment conf + $result = new stdclass(); $result->status = 0; $result->msg = G::LoadTranslation( 'ID_REASSIGNMENT_SUCCESS', SYS_LANG, $data ); } catch (Exception $e) { diff --git a/workflow/engine/methods/cases/main_init.php b/workflow/engine/methods/cases/main_init.php index e3097328b..2914007aa 100755 --- a/workflow/engine/methods/cases/main_init.php +++ b/workflow/engine/methods/cases/main_init.php @@ -80,9 +80,49 @@ if ($oServerConf->isRtl( SYS_LANG )) { $regionTreePanel = 'west'; $regionDebug = 'east'; } + +$urlProxy = 'casesMenuLoader?action=getAllCounters&r='; +/*----------------------------------********---------------------------------*/ +$urlProxy = '/api/1.0/' . SYS_SYS . '/system/counters-lists?r='; +$clientId = 'x-pm-local-client'; +$client = getClientCredentials($clientId); +$authCode = getAuthorizationCode($client); +$debug = false; //System::isDebugMode(); + +$loader = Maveriks\Util\ClassLoader::getInstance(); +$loader->add(PATH_TRUNK . 'vendor/bshaffer/oauth2-server-php/src/', "OAuth2"); + +$request = array( + 'grant_type' => 'authorization_code', + 'code' => $authCode +); +$server = array( + 'REQUEST_METHOD' => 'POST' +); +$headers = array( + "PHP_AUTH_USER" => $client['CLIENT_ID'], + "PHP_AUTH_PW" => $client['CLIENT_SECRET'], + "Content-Type" => "multipart/form-data;", + "Authorization" => "Basic " . base64_encode($client['CLIENT_ID'] . ":" . $client['CLIENT_SECRET']) +); + +$request = new \OAuth2\Request(array(), $request, array(), array(), array(), $server, null, $headers); +$oauthServer = new \ProcessMaker\Services\OAuth2\Server(); +$response = $oauthServer->postToken($request, true); + +$clientToken = $response->getParameters(); +$clientToken["client_id"] = $client['CLIENT_ID']; +$clientToken["client_secret"] = $client['CLIENT_SECRET']; +/*----------------------------------********---------------------------------*/ + + $oHeadPublisher->assign( 'regionTreePanel', $regionTreePanel ); $oHeadPublisher->assign( 'regionDebug', $regionDebug ); $oHeadPublisher->assign( "defaultOption", $defaultOption ); //User menu permissions +$oHeadPublisher->assign( 'urlProxy', $urlProxy ); //sending the urlProxy to make +/*----------------------------------********---------------------------------*/ +$oHeadPublisher->assign( 'credentials', $clientToken ); +/*----------------------------------********---------------------------------*/ $oHeadPublisher->assign( "_nodeId", isset( $confDefaultOption ) ? $confDefaultOption : "PM_USERS" ); //User menu permissions $oHeadPublisher->assign( "FORMATS", $conf->getFormats() ); @@ -90,3 +130,41 @@ $_SESSION["current_ux"] = "NORMAL"; G::RenderPage( "publish", "extJs" ); + +/*----------------------------------********---------------------------------*/ +function getClientCredentials($clientId) +{ + $oauthQuery = new ProcessMaker\Services\OAuth2\PmPdo(getDsn()); + return $oauthQuery->getClientDetails($clientId); +} + +function getDsn() +{ + list($host, $port) = strpos(DB_HOST, ':') !== false ? explode(':', DB_HOST) : array(DB_HOST, ''); + $port = empty($port) ? '' : ";port=$port"; + $dsn = DB_ADAPTER.':host='.$host.';dbname='.DB_NAME.$port; + + return array('dsn' => $dsn, 'username' => DB_USER, 'password' => DB_PASS); +} + + +function getAuthorizationCode($client) +{ + \ProcessMaker\Services\OAuth2\Server::setDatabaseSource(getDsn()); + \ProcessMaker\Services\OAuth2\Server::setPmClientId($client['CLIENT_ID']); + + $oauthServer = new \ProcessMaker\Services\OAuth2\Server(); + $userId = $_SESSION['USER_LOGGED']; + $authorize = true; + $_GET = array_merge($_GET, array( + 'response_type' => 'code', + 'client_id' => $client['CLIENT_ID'], + 'scope' => implode(' ', $oauthServer->getScope()) + )); + + $response = $oauthServer->postAuthorize($authorize, $userId, true); + $code = substr($response->getHttpHeader('Location'), strpos($response->getHttpHeader('Location'), 'code=')+5, 40); + + return $code; +} +/*----------------------------------********---------------------------------*/ \ No newline at end of file diff --git a/workflow/engine/methods/setup/appCacheViewAjax.php b/workflow/engine/methods/setup/appCacheViewAjax.php index 1cc649c1b..20219c812 100755 --- a/workflow/engine/methods/setup/appCacheViewAjax.php +++ b/workflow/engine/methods/setup/appCacheViewAjax.php @@ -26,6 +26,8 @@ function testConnection($type, $server, $user, $passwd, $port = 'none', $dbName G::LoadClass('net'); $Server = new NET($server); + G::LoadSystem('inputfilter'); + $filter = new InputFilter(); if ($Server->getErrno() == 0) { $Server->scannPort($port); @@ -40,18 +42,24 @@ function testConnection($type, $server, $user, $passwd, $port = 'none', $dbName $response = $Server->tryConnectServer($type); $connDatabase = @mysql_connect($server, $user, $passwd); $dbNameTest = "PROCESSMAKERTESTDC"; - $db = @mysql_query("CREATE DATABASE " . $dbNameTest, $connDatabase); + $dbNameTest = $filter->validateInput($dbNameTest, 'nosql'); + $query = "CREATE DATABASE %s"; + $query = $filter->preventSqlInjection($query, array($dbNameTest), $connDatabase); + $db = @mysql_query($query, $connDatabase); $success = false; if (!$db) { $message = mysql_error();; } else { $usrTest = "wfrbtest"; - $chkG = "GRANT ALL PRIVILEGES ON `" . $dbNameTest . "`.* TO " . $usrTest . "@'%' IDENTIFIED BY 'sample' WITH GRANT OPTION"; + $chkG = "GRANT ALL PRIVILEGES ON `%s`.* TO %s@'%%' IDENTIFIED BY 'sample' WITH GRANT OPTION"; + $chkG = $filter->preventSqlInjection($chkG, array($dbNameTest,$usrTest), $connDatabase); $ch = @mysql_query($chkG, $connDatabase); if (!$ch) { $message = mysql_error(); } else { - $sqlCreateUser = "CREATE USER '" . $user . "_usertest'@'%' IDENTIFIED BY 'sample'"; + $sqlCreateUser = "CREATE USER '%s'@'%%' IDENTIFIED BY '%s'"; + $user = $filter->validateInput($user, 'nosql'); + $sqlCreateUser = $filter->preventSqlInjection($sqlCreateUser, array($user."_usertest","sample"), $connDatabase); $result = @mysql_query($sqlCreateUser, $connDatabase); if (!$result) { $message = mysql_error(); @@ -59,12 +67,20 @@ function testConnection($type, $server, $user, $passwd, $port = 'none', $dbName $success = true; $message = G::LoadTranslation('ID_SUCCESSFUL_CONNECTION'); } - $sqlDropUser = "DROP USER '" . $user . "_usertest'@'%'"; + $sqlDropUser = "DROP USER '%s'@'%%'"; + $user = $filter->validateInput($user, 'nosql'); + $sqlDropUser = $filter->preventSqlInjection($sqlDropUser, array($user."_usertest"), $connDatabase); + @mysql_query($sqlDropUser, $connDatabase); + + $sqlDropUser = "DROP USER %s@'%%'"; + $usrTest = $filter->validateInput($usrTest, 'nosql'); + $sqlDropUser = $filter->preventSqlInjection($sqlDropUser, array($usrTest), $connDatabase); @mysql_query($sqlDropUser, $connDatabase); - - @mysql_query("DROP USER " . $usrTest . "@'%'", $connDatabase); } - @mysql_query("DROP DATABASE " . $dbNameTest, $connDatabase); + $sqlDropDb = "DROP DATABASE %s"; + $dbNameTest = $filter->validateInput($dbNameTest, 'nosql'); + $sqlDropDb = $filter->preventSqlInjection($sqlDropDb, array($dbNameTest), $connDatabase); + @mysql_query($sqlDropDb, $connDatabase); } return array($success, ($message != "")? $message : $Server->error); } else { diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/Light.php b/workflow/engine/src/ProcessMaker/BusinessModel/Light.php index f8b476545..c2015ae7d 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/Light.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/Light.php @@ -723,6 +723,7 @@ class Light */ public function documentUploadFiles($userUid, $app_uid, $app_doc_uid, $request_data) { + $response = array("status" => "fail"); if (isset( $_FILES["form"]["name"] ) && count( $_FILES["form"]["name"] ) > 0) { $arrayField = array (); $arrayFileName = array (); @@ -773,6 +774,7 @@ class Light $sPathName = PATH_DOCUMENT . $pathUID . PATH_SEP; $sFileName = $sAppDocUid . "_" . $iDocVersion . "." . $sExtension; G::uploadFile( $arrayFileTmpName[$i], $sPathName, $sFileName ); + $response = array("status" => "ok"); } } } @@ -780,4 +782,31 @@ class Light return $response; } + + /** + * claim case + * + * @param $userUid + * @param $Fields + * @param $type + * @throws \Exception + */ + public function claimCaseUser($userUid, $sAppUid) + { + $response = array("status" => "fail"); + $oCase = new \Cases(); + $iDelIndex = $oCase->getCurrentDelegation( $sAppUid, $userUid ); + + $oAppDelegation = new \AppDelegation(); + $aDelegation = $oAppDelegation->load( $sAppUid, $iDelIndex ); + + //if there are no user in the delegation row, this case is still in selfservice + if ($aDelegation['USR_UID'] == "") { + $oCase->setCatchUser( $sAppUid,$iDelIndex, $userUid ); + $response = array("status" => "ok"); + } else { + //G::SendMessageText( G::LoadTranslation( 'ID_CASE_ALREADY_DERIVATED' ), 'error' ); + } + return $response; + } } diff --git a/workflow/engine/src/ProcessMaker/BusinessModel/Lists.php b/workflow/engine/src/ProcessMaker/BusinessModel/Lists.php index 0c70c0e1d..6ed830437 100644 --- a/workflow/engine/src/ProcessMaker/BusinessModel/Lists.php +++ b/workflow/engine/src/ProcessMaker/BusinessModel/Lists.php @@ -1,6 +1,8 @@ @@ -180,4 +182,45 @@ class Lists { } return $response; } + + /** + * Get counters for lists + * + * @access public + * @param array $userId, User Uid + * @return array + * + * @author Brayan Pereyra (Cochalo) + * @copyright Colosa - Bolivia + */ + public function getCounters($userId) + { + $criteria = new Criteria(); + $criteria->addSelectColumn(UsersPeer::USR_TOTAL_INBOX); + $criteria->addSelectColumn(UsersPeer::USR_TOTAL_DRAFT); + $criteria->addSelectColumn(UsersPeer::USR_TOTAL_CANCELLED); + $criteria->addSelectColumn(UsersPeer::USR_TOTAL_PARTICIPATED); + $criteria->addSelectColumn(UsersPeer::USR_TOTAL_PAUSED); + $criteria->addSelectColumn(UsersPeer::USR_TOTAL_COMPLETED); + $criteria->add( UsersPeer::USR_UID, $userId, Criteria::EQUAL ); + $dataset = UsersPeer::doSelectRS($criteria); + $dataset->setFetchmode(\ResultSet::FETCHMODE_ASSOC); + $dataset->next(); + $aRow = $dataset->getRow(); + + $oAppCache = new \AppCacheView(); + $totalUnassigned = $oAppCache->getListCounters('selfservice', $userId, false); + + $response = array( + array('count' => $aRow['USR_TOTAL_INBOX'], 'item' => 'CASES_INBOX'), + array('count' => $aRow['USR_TOTAL_DRAFT'], 'item' => 'CASES_DRAFT'), + array('count' => $aRow['USR_TOTAL_CANCELLED'], 'item' => 'CASES_CANCELLED'), + array('count' => $aRow['USR_TOTAL_PARTICIPATED'], 'item' => 'CASES_SENT'), + array('count' => $aRow['USR_TOTAL_PAUSED'], 'item' => 'CASES_PAUSED'), + array('count' => $aRow['USR_TOTAL_COMPLETED'], 'item' => 'CASES_COMPLETED'), + array('count' => $totalUnassigned, 'item' => 'CASES_SELFSERVICE') + ); + + return $response; + } } \ No newline at end of file diff --git a/workflow/engine/src/ProcessMaker/Services/Api/Light.php b/workflow/engine/src/ProcessMaker/Services/Api/Light.php index 1e3f7687d..c3421e0c6 100644 --- a/workflow/engine/src/ProcessMaker/Services/Api/Light.php +++ b/workflow/engine/src/ProcessMaker/Services/Api/Light.php @@ -794,10 +794,28 @@ class Light extends Api try { $userUid = $this->getUserId(); $oMobile = new \ProcessMaker\BusinessModel\Light(); - $filesUids = $oMobile->documentUploadFiles($userUid, $app_uid, $app_doc_uid, $request_data); + $response = $oMobile->documentUploadFiles($userUid, $app_uid, $app_doc_uid, $request_data); } catch (\Exception $e) { throw (new RestException(Api::STAT_APP_EXCEPTION, $e->getMessage())); } - return $filesUids; + return $response; + } + + /** + * @url POST /case/:app_uid/claim + * + * @param $app_uid + * @return mixed + */ + public function claimCaseUser($app_uid) + { + try { + $userUid = $this->getUserId(); + $oMobile = new \ProcessMaker\BusinessModel\Light(); + $response = $oMobile->claimCaseUser($userUid, $app_uid); + } catch (\Exception $e) { + throw (new RestException(Api::STAT_APP_EXCEPTION, $e->getMessage())); + } + return $response; } } diff --git a/workflow/engine/src/ProcessMaker/Services/Api/System.php b/workflow/engine/src/ProcessMaker/Services/Api/System.php index aba83efad..ab2dc0298 100644 --- a/workflow/engine/src/ProcessMaker/Services/Api/System.php +++ b/workflow/engine/src/ProcessMaker/Services/Api/System.php @@ -29,5 +29,27 @@ class System extends Api throw (new RestException(Api::STAT_APP_EXCEPTION, $e->getMessage())); } } + + /** + * Get count for all lists + * + * @return array + * + * @author Brayan Pereyra (Cochalo) + * @copyright Colosa - Bolivia + * + * @url GET /counters-lists + */ + public function doGetCountersLists() + { + try { + $userId = $this->getUserId(); + $lists = new \ProcessMaker\BusinessModel\Lists(); + $response = $lists->getCounters($userId); + return $response; + } catch (\Exception $e) { + throw (new RestException(Api::STAT_APP_EXCEPTION, $e->getMessage())); + } + } } diff --git a/workflow/engine/src/ProcessMaker/Services/OAuth2/Server.php b/workflow/engine/src/ProcessMaker/Services/OAuth2/Server.php index 6ff57df53..9a85d0a5a 100644 --- a/workflow/engine/src/ProcessMaker/Services/OAuth2/Server.php +++ b/workflow/engine/src/ProcessMaker/Services/OAuth2/Server.php @@ -57,7 +57,7 @@ class Server implements iAuthenticate } // Pass a storage object or array of storage objects to the OAuth2 server class - $this->server = new \OAuth2\Server($this->storage, array('allow_implicit' => true)); + $this->server = new \OAuth2\Server($this->storage, array('allow_implicit' => true, 'access_lifetime' => 86400)); $this->server->setConfig('enforce_state', false); diff --git a/workflow/engine/templates/cases/main.js b/workflow/engine/templates/cases/main.js index e9dd0ac25..8fc08d81e 100755 --- a/workflow/engine/templates/cases/main.js +++ b/workflow/engine/templates/cases/main.js @@ -573,7 +573,14 @@ function updateCasesTree() { ReloadTreeMenuItemDetail({item:currentSelectedTreeMenuItem}); } Ext.Ajax.request({ - url: 'casesMenuLoader?action=getAllCounters&r='+Math.random(), + url: urlProxy + Math.random(), + /*----------------------------------********---------------------------------*/ + headers: { + 'Content-Type': 'application/json', + 'Authorization': 'Bearer ' + credentials.access_token + }, + method: 'GET', + /*----------------------------------********---------------------------------*/ success: function(response){ result = Ext.util.JSON.decode(response.responseText);