2012-10-09 09:46:24 +00:00
|
|
|
|
<?php
|
|
|
|
|
|
/**
|
|
|
|
|
|
* Implementation of access restricitions
|
|
|
|
|
|
*
|
|
|
|
|
|
* @category DMS
|
2013-02-14 11:10:53 +00:00
|
|
|
|
* @package SeedDMS
|
2012-10-09 09:46:24 +00:00
|
|
|
|
* @license GPL 2
|
|
|
|
|
|
* @version @version@
|
|
|
|
|
|
* @author Uwe Steinmann <uwe@steinmann.cx>
|
|
|
|
|
|
* @copyright Copyright (C) 2010-2012 Uwe Steinmann
|
|
|
|
|
|
* @version Release: @package_version@
|
|
|
|
|
|
*/
|
|
|
|
|
|
|
2016-03-03 06:39:04 +00:00
|
|
|
|
require_once "inc.ClassAcl.php";
|
|
|
|
|
|
|
2012-10-09 09:46:24 +00:00
|
|
|
|
/**
|
|
|
|
|
|
* Class to check certain access restrictions
|
|
|
|
|
|
*
|
|
|
|
|
|
* @category DMS
|
2013-02-14 11:10:53 +00:00
|
|
|
|
* @package SeedDMS
|
2012-10-09 09:46:24 +00:00
|
|
|
|
* @author Uwe Steinmann <uwe@steinmann.cx>
|
|
|
|
|
|
* @copyright Copyright (C) 2010-2012 Uwe Steinmann
|
|
|
|
|
|
* @version Release: @package_version@
|
|
|
|
|
|
*/
|
2013-02-14 11:10:53 +00:00
|
|
|
|
class SeedDMS_AccessOperation {
|
2015-08-07 11:11:50 +00:00
|
|
|
|
/**
|
|
|
|
|
|
* @var object $dms reference to dms
|
|
|
|
|
|
* @access protected
|
|
|
|
|
|
*/
|
2015-08-07 11:16:30 +00:00
|
|
|
|
private $dms;
|
2015-08-07 11:11:50 +00:00
|
|
|
|
|
2012-10-09 09:46:24 +00:00
|
|
|
|
/**
|
|
|
|
|
|
* @var object $user user requesting the access
|
|
|
|
|
|
* @access protected
|
|
|
|
|
|
*/
|
|
|
|
|
|
private $user;
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
2013-02-14 11:10:53 +00:00
|
|
|
|
* @var object $settings SeedDMS Settings
|
2012-10-09 09:46:24 +00:00
|
|
|
|
* @access protected
|
|
|
|
|
|
*/
|
|
|
|
|
|
private $settings;
|
|
|
|
|
|
|
2016-03-03 06:39:04 +00:00
|
|
|
|
function __construct($dms, $user, $settings) { /* {{{ */
|
2015-08-07 11:11:50 +00:00
|
|
|
|
$this->dms = $dms;
|
2012-10-09 09:46:24 +00:00
|
|
|
|
$this->user = $user;
|
|
|
|
|
|
$this->settings = $settings;
|
|
|
|
|
|
} /* }}} */
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
|
* Check if removal of version is allowed
|
|
|
|
|
|
*
|
|
|
|
|
|
* This check can only be done for documents. Removal of versions is
|
|
|
|
|
|
* only allowed if this is turned on in the settings and there are
|
|
|
|
|
|
* at least 2 versions avaiable. Everybody with write access on the
|
|
|
|
|
|
* document may delete versions. The admin may even delete a version
|
|
|
|
|
|
* even if is disallowed in the settings.
|
|
|
|
|
|
*/
|
2016-03-03 06:39:04 +00:00
|
|
|
|
function mayRemoveVersion($document) { /* {{{ */
|
|
|
|
|
|
if(get_class($document) == $this->dms->getClassname('document')) {
|
|
|
|
|
|
$versions = $document->getContent();
|
|
|
|
|
|
if ((($this->settings->_enableVersionDeletion && ($document->getAccessMode($this->user) == M_ALL)) || $this->user->isAdmin() ) && (count($versions) > 1)) {
|
2012-10-09 09:46:24 +00:00
|
|
|
|
return true;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
return false;
|
|
|
|
|
|
} /* }}} */
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
|
* Check if document status may be overwritten
|
|
|
|
|
|
*
|
|
|
|
|
|
* This check can only be done for documents. Overwriting the document
|
|
|
|
|
|
* status is
|
|
|
|
|
|
* only allowed if this is turned on in the settings and the current
|
|
|
|
|
|
* status is either 'releaѕed' or 'obsoleted'.
|
|
|
|
|
|
* The admin may even modify the status
|
|
|
|
|
|
* even if is disallowed in the settings.
|
|
|
|
|
|
*/
|
2016-03-03 06:39:04 +00:00
|
|
|
|
function mayOverrideStatus($document) { /* {{{ */
|
|
|
|
|
|
if(get_class($document) == $this->dms->getClassname('document')) {
|
|
|
|
|
|
$latestContent = $document->getLatestContent();
|
2012-10-09 09:46:24 +00:00
|
|
|
|
$status = $latestContent->getStatus();
|
2016-03-03 06:39:04 +00:00
|
|
|
|
if ((($this->settings->_enableVersionModification && ($document->getAccessMode($this->user) == M_ALL)) || $this->user->isAdmin()) && ($status["status"]==S_DRAFT || $status["status"]==S_RELEASED || $status["status"]==S_OBSOLETE)) {
|
2012-10-09 09:46:24 +00:00
|
|
|
|
return true;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
return false;
|
|
|
|
|
|
} /* }}} */
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
|
* Check if reviewers/approvers may be edited
|
|
|
|
|
|
*
|
|
|
|
|
|
* This check can only be done for documents. Overwriting the document
|
|
|
|
|
|
* reviewers/approvers is only allowed if version modification is turned on
|
|
|
|
|
|
* in the settings and the document is in 'draft review' status. The
|
2013-01-24 08:33:03 +00:00
|
|
|
|
* admin may even set reviewers/approvers if is disallowed in the
|
2012-10-09 09:46:24 +00:00
|
|
|
|
* settings.
|
|
|
|
|
|
*/
|
2016-03-03 06:39:04 +00:00
|
|
|
|
function maySetReviewersApprovers($document) { /* {{{ */
|
|
|
|
|
|
if(get_class($document) == $this->dms->getClassname('document')) {
|
|
|
|
|
|
$latestContent = $document->getLatestContent();
|
2012-10-09 09:46:24 +00:00
|
|
|
|
$status = $latestContent->getStatus();
|
2016-03-03 06:39:04 +00:00
|
|
|
|
if ((($this->settings->_enableVersionModification && ($document->getAccessMode($this->user) == M_ALL)) || $this->user->isAdmin()) && ($status['status']==S_DRAFT || $status["status"]==S_DRAFT_REV || $status["status"]==S_DRAFT_APP && $this->settings->_workflowMode == 'traditional_only_approval')) {
|
2012-10-09 09:46:24 +00:00
|
|
|
|
return true;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
return false;
|
|
|
|
|
|
} /* }}} */
|
|
|
|
|
|
|
2015-04-20 11:44:13 +00:00
|
|
|
|
/**
|
|
|
|
|
|
* Check if recipients may be edited
|
|
|
|
|
|
*
|
|
|
|
|
|
* This check can only be done for documents. Setting the document
|
|
|
|
|
|
* recipients is only allowed if version modification is turned on
|
|
|
|
|
|
* in the settings. The
|
2015-04-22 09:41:39 +00:00
|
|
|
|
* admin may even set recipients if is disallowed in the
|
2015-04-20 11:44:13 +00:00
|
|
|
|
* settings.
|
|
|
|
|
|
*/
|
2016-03-03 06:39:04 +00:00
|
|
|
|
function maySetRecipients($document) { /* {{{ */
|
|
|
|
|
|
if(get_class($document) == $this->dms->getClassname('document')) {
|
|
|
|
|
|
$latestContent = $document->getLatestContent();
|
2015-04-20 11:44:13 +00:00
|
|
|
|
$status = $latestContent->getStatus();
|
2016-03-03 06:39:04 +00:00
|
|
|
|
if ((($this->settings->_enableVersionModification && ($document->getAccessMode($this->user) == M_ALL)) || $this->user->isAdmin()) && ($status["status"]==S_RELEASED)) {
|
2015-04-20 11:44:13 +00:00
|
|
|
|
return true;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
return false;
|
|
|
|
|
|
} /* }}} */
|
|
|
|
|
|
|
2015-04-22 09:41:39 +00:00
|
|
|
|
/**
|
2015-05-11 07:30:13 +00:00
|
|
|
|
* Check if revisors may be edited
|
2015-04-22 09:41:39 +00:00
|
|
|
|
*
|
|
|
|
|
|
* This check can only be done for documents. Setting the document
|
2015-05-11 07:30:13 +00:00
|
|
|
|
* revisors is only allowed if version modification is turned on
|
2015-04-22 09:41:39 +00:00
|
|
|
|
* in the settings. The
|
2015-05-11 07:30:13 +00:00
|
|
|
|
* admin may even set revisors if is disallowed in the
|
2015-04-22 09:41:39 +00:00
|
|
|
|
* settings.
|
|
|
|
|
|
*/
|
2016-03-03 06:39:04 +00:00
|
|
|
|
function maySetRevisors($document) { /* {{{ */
|
|
|
|
|
|
if(get_class($document) == $this->dms->getClassname('document')) {
|
|
|
|
|
|
$latestContent = $document->getLatestContent();
|
2015-04-22 09:41:39 +00:00
|
|
|
|
$status = $latestContent->getStatus();
|
2016-03-03 06:39:04 +00:00
|
|
|
|
if (($this->settings->_enableVersionModification && ($document->getAccessMode($this->user) == M_ALL)) || $this->user->isAdmin() /* && ($status["status"]==S_RELEASED || $status["status"]==S_IN_REVISION)*/) {
|
2015-04-22 09:41:39 +00:00
|
|
|
|
return true;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
return false;
|
|
|
|
|
|
} /* }}} */
|
|
|
|
|
|
|
2013-01-24 08:33:03 +00:00
|
|
|
|
/**
|
|
|
|
|
|
* Check if workflow may be edited
|
|
|
|
|
|
*
|
|
|
|
|
|
* This check can only be done for documents. Overwriting the document
|
|
|
|
|
|
* workflow is only allowed if version modification is turned on
|
|
|
|
|
|
* in the settings and the document is in it's initial status. The
|
|
|
|
|
|
* admin may even set the workflow if is disallowed in the
|
|
|
|
|
|
* settings.
|
|
|
|
|
|
*/
|
2016-03-03 06:39:04 +00:00
|
|
|
|
function maySetWorkflow($document) { /* {{{ */
|
|
|
|
|
|
if(get_class($document) == $this->dms->getClassname('document')) {
|
|
|
|
|
|
$latestContent = $document->getLatestContent();
|
2013-01-24 08:33:03 +00:00
|
|
|
|
$workflow = $latestContent->getWorkflow();
|
2016-03-03 06:39:04 +00:00
|
|
|
|
if ((($this->settings->_enableVersionModification && ($document->getAccessMode($this->user) == M_ALL)) || $this->user->isAdmin()) && (!$workflow || ($workflow->getInitState()->getID() == $latestContent->getWorkflowState()->getID()))) {
|
2013-01-24 08:33:03 +00:00
|
|
|
|
return true;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
return false;
|
|
|
|
|
|
} /* }}} */
|
|
|
|
|
|
|
2012-10-09 09:46:24 +00:00
|
|
|
|
/**
|
|
|
|
|
|
* Check if expiration date may be set
|
|
|
|
|
|
*
|
|
|
|
|
|
* This check can only be done for documents. Setting the documents
|
2013-04-30 15:23:24 +00:00
|
|
|
|
* expiration date is only allowed if the document has not been obsoleted.
|
2012-10-09 09:46:24 +00:00
|
|
|
|
*/
|
2016-03-03 06:39:04 +00:00
|
|
|
|
function maySetExpires($document) { /* {{{ */
|
|
|
|
|
|
if(get_class($document) == $this->dms->getClassname('document')) {
|
|
|
|
|
|
$latestContent = $document->getLatestContent();
|
2012-10-09 09:46:24 +00:00
|
|
|
|
$status = $latestContent->getStatus();
|
2016-03-03 06:39:04 +00:00
|
|
|
|
if ((($document->getAccessMode($this->user) == M_ALL) || $this->user->isAdmin()) && ($status["status"]!=S_OBSOLETE)) {
|
2012-10-09 09:46:24 +00:00
|
|
|
|
return true;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
return false;
|
|
|
|
|
|
} /* }}} */
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
|
* Check if comment may be edited
|
|
|
|
|
|
*
|
|
|
|
|
|
* This check can only be done for documents. Setting the documents
|
|
|
|
|
|
* comment date is only allowed if version modification is turned on in
|
|
|
|
|
|
* the settings and the document has not been obsoleted.
|
|
|
|
|
|
* The admin may set the comment even if is
|
|
|
|
|
|
* disallowed in the settings.
|
|
|
|
|
|
*/
|
2016-03-03 06:39:04 +00:00
|
|
|
|
function mayEditComment($document) { /* {{{ */
|
|
|
|
|
|
if(get_class($document) == $this->dms->getClassname('document')) {
|
|
|
|
|
|
if($document->isLocked()) {
|
|
|
|
|
|
$lockingUser = $document->getLockingUser();
|
|
|
|
|
|
if (($lockingUser->getID() != $this->user->getID()) && ($document->getAccessMode($this->user) != M_ALL)) {
|
2014-06-03 15:50:58 +00:00
|
|
|
|
return false;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
2016-03-03 06:39:04 +00:00
|
|
|
|
$latestContent = $document->getLatestContent();
|
2012-10-09 09:46:24 +00:00
|
|
|
|
$status = $latestContent->getStatus();
|
2016-03-03 06:39:04 +00:00
|
|
|
|
if ((($this->settings->_enableVersionModification && ($document->getAccessMode($this->user) >= M_READWRITE)) || $this->user->isAdmin()) && ($status["status"]!=S_OBSOLETE)) {
|
2012-10-09 09:46:24 +00:00
|
|
|
|
return true;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
return false;
|
|
|
|
|
|
} /* }}} */
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
|
* Check if attributes may be edited
|
|
|
|
|
|
*
|
|
|
|
|
|
* Setting the object attributes
|
|
|
|
|
|
* is only allowed if version modification is turned on in
|
|
|
|
|
|
* the settings and the document has not been obsoleted.
|
|
|
|
|
|
* The admin may set the comment even if is
|
|
|
|
|
|
* disallowed in the settings.
|
|
|
|
|
|
*/
|
2016-03-03 06:39:04 +00:00
|
|
|
|
function mayEditAttributes($document) { /* {{{ */
|
|
|
|
|
|
if(get_class($document) == $this->dms->getClassname('document')) {
|
|
|
|
|
|
$latestContent = $document->getLatestContent();
|
2012-10-09 09:46:24 +00:00
|
|
|
|
$status = $latestContent->getStatus();
|
2013-01-24 08:33:03 +00:00
|
|
|
|
$workflow = $latestContent->getWorkflow();
|
2016-03-03 06:39:04 +00:00
|
|
|
|
if ((($this->settings->_enableVersionModification && ($document->getAccessMode($this->user) >= M_READWRITE)) || $this->user->isAdmin()) && ($status["status"]==S_DRAFT_REV || ($workflow && $workflow->getInitState()->getID() == $latestContent->getWorkflowState()->getID()))) {
|
2012-10-09 09:46:24 +00:00
|
|
|
|
return true;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
return false;
|
|
|
|
|
|
} /* }}} */
|
2012-10-23 09:17:07 +00:00
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
|
* Check if document content may be reviewed
|
|
|
|
|
|
*
|
|
|
|
|
|
* Reviewing a document content is only allowed if the document was not
|
|
|
|
|
|
* obsoleted. There are other requirements which are not taken into
|
|
|
|
|
|
* account here.
|
|
|
|
|
|
*/
|
2016-03-03 06:39:04 +00:00
|
|
|
|
function mayReview($document) { /* {{{ */
|
|
|
|
|
|
if(get_class($document) == $this->dms->getClassname('document')) {
|
|
|
|
|
|
$latestContent = $document->getLatestContent();
|
2012-10-23 09:17:07 +00:00
|
|
|
|
$status = $latestContent->getStatus();
|
|
|
|
|
|
if ($status["status"]!=S_OBSOLETE) {
|
|
|
|
|
|
return true;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
return false;
|
|
|
|
|
|
} /* }}} */
|
|
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
|
* Check if document content may be approved
|
|
|
|
|
|
*
|
|
|
|
|
|
* Approving a document content is only allowed if the document was not
|
2015-06-15 06:53:39 +00:00
|
|
|
|
* obsoleted and the document is not in review status.
|
|
|
|
|
|
* There are other requirements which are not taken into
|
2012-10-23 09:17:07 +00:00
|
|
|
|
* account here.
|
|
|
|
|
|
*/
|
2016-03-03 06:39:04 +00:00
|
|
|
|
function mayApprove($document) { /* {{{ */
|
|
|
|
|
|
if(get_class($document) == $this->dms->getClassname('document')) {
|
|
|
|
|
|
$latestContent = $document->getLatestContent();
|
2012-10-23 09:17:07 +00:00
|
|
|
|
$status = $latestContent->getStatus();
|
2015-08-07 12:21:32 +00:00
|
|
|
|
if ($status["status"]!=S_OBSOLETE && $status["status"]!=S_DRAFT_REV && $status["status"]!=S_REJECTED) {
|
2012-10-23 09:17:07 +00:00
|
|
|
|
return true;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
return false;
|
|
|
|
|
|
} /* }}} */
|
2015-05-11 07:30:13 +00:00
|
|
|
|
|
2015-06-15 12:13:38 +00:00
|
|
|
|
/**
|
|
|
|
|
|
* Check if document content may be receipted
|
|
|
|
|
|
*
|
|
|
|
|
|
* Reviewing a document content is only allowed if the document was not
|
|
|
|
|
|
* obsoleted. There are other requirements which are not taken into
|
|
|
|
|
|
* account here.
|
|
|
|
|
|
*/
|
2016-03-03 06:39:04 +00:00
|
|
|
|
function mayReceipt($document) { /* {{{ */
|
|
|
|
|
|
if(get_class($document) == $this->dms->getClassname('document')) {
|
|
|
|
|
|
$latestContent = $document->getLatestContent();
|
2015-06-15 12:13:38 +00:00
|
|
|
|
$status = $latestContent->getStatus();
|
|
|
|
|
|
if ($status["status"]!=S_OBSOLETE) {
|
|
|
|
|
|
return true;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
return false;
|
|
|
|
|
|
} /* }}} */
|
|
|
|
|
|
|
2015-05-11 07:30:13 +00:00
|
|
|
|
/**
|
|
|
|
|
|
* Check if document content may be revised
|
|
|
|
|
|
*
|
|
|
|
|
|
* Revising a document content is only allowed if the document was not
|
|
|
|
|
|
* obsoleted. There are other requirements which are not taken into
|
|
|
|
|
|
* account here.
|
|
|
|
|
|
*/
|
2016-03-03 06:39:04 +00:00
|
|
|
|
function mayRevise($document) { /* {{{ */
|
|
|
|
|
|
if(get_class($document) == $this->dms->getClassname('document')) {
|
|
|
|
|
|
$latestContent = $document->getLatestContent();
|
2015-05-11 07:30:13 +00:00
|
|
|
|
$status = $latestContent->getStatus();
|
|
|
|
|
|
if ($status["status"]!=S_OBSOLETE) {
|
|
|
|
|
|
return true;
|
|
|
|
|
|
}
|
|
|
|
|
|
}
|
|
|
|
|
|
return false;
|
|
|
|
|
|
} /* }}} */
|
|
|
|
|
|
|
2016-03-03 06:39:04 +00:00
|
|
|
|
/**
|
|
|
|
|
|
* Check for access permission
|
|
|
|
|
|
*
|
|
|
|
|
|
* @param object $dms Instanz of dms
|
|
|
|
|
|
* @param object $role role of currently logged in user
|
|
|
|
|
|
* @param string $scope 'Views', 'Controllers'
|
|
|
|
|
|
* @param string $script Scriptname without 'out.' and '.php'
|
|
|
|
|
|
* @param string $get query parameters
|
|
|
|
|
|
* @return boolean true if access is allowed otherwise false
|
|
|
|
|
|
*/
|
|
|
|
|
|
function check_view_access($view, $get=array()) { /* {{{ */
|
|
|
|
|
|
$scope = 'Views';
|
|
|
|
|
|
$script = $view->getParam('class');
|
|
|
|
|
|
$action = (isset($get['action']) && $get['action']) ? $get['action'] : 'show';
|
|
|
|
|
|
$acl = new SeedDMS_Acl($this->dms);
|
|
|
|
|
|
$aro = SeedDMS_Aro::getInstance($this->user->getRole(), $this->dms);
|
|
|
|
|
|
$aco = SeedDMS_Aco::getInstance($scope.'/'.$script.'/'.$action, $this->dms);
|
|
|
|
|
|
return $acl->check($aro, $aco);
|
|
|
|
|
|
} /* }}} */
|
2012-10-09 09:46:24 +00:00
|
|
|
|
}
|
|
|
|
|
|
?>
|
