2012-10-09 09:46:24 +00:00
|
|
|
|
<?php
|
|
|
|
|
/**
|
|
|
|
|
* Implementation of access restricitions
|
|
|
|
|
*
|
|
|
|
|
* @category DMS
|
2013-02-14 11:10:53 +00:00
|
|
|
|
* @package SeedDMS
|
2012-10-09 09:46:24 +00:00
|
|
|
|
* @license GPL 2
|
|
|
|
|
* @version @version@
|
|
|
|
|
* @author Uwe Steinmann <uwe@steinmann.cx>
|
|
|
|
|
* @copyright Copyright (C) 2010-2012 Uwe Steinmann
|
|
|
|
|
* @version Release: @package_version@
|
|
|
|
|
*/
|
|
|
|
|
|
2016-03-03 06:39:04 +00:00
|
|
|
|
require_once "inc.ClassAcl.php";
|
|
|
|
|
|
2012-10-09 09:46:24 +00:00
|
|
|
|
/**
|
|
|
|
|
* Class to check certain access restrictions
|
|
|
|
|
*
|
|
|
|
|
* @category DMS
|
2013-02-14 11:10:53 +00:00
|
|
|
|
* @package SeedDMS
|
2012-10-09 09:46:24 +00:00
|
|
|
|
* @author Uwe Steinmann <uwe@steinmann.cx>
|
|
|
|
|
* @copyright Copyright (C) 2010-2012 Uwe Steinmann
|
|
|
|
|
* @version Release: @package_version@
|
|
|
|
|
*/
|
2013-02-14 11:10:53 +00:00
|
|
|
|
class SeedDMS_AccessOperation {
|
2015-08-07 11:11:50 +00:00
|
|
|
|
/**
|
|
|
|
|
* @var object $dms reference to dms
|
|
|
|
|
* @access protected
|
|
|
|
|
*/
|
2019-09-06 12:32:14 +00:00
|
|
|
|
private $dms;
|
2015-08-07 11:11:50 +00:00
|
|
|
|
|
2012-10-09 09:46:24 +00:00
|
|
|
|
/**
|
|
|
|
|
* @var object $user user requesting the access
|
|
|
|
|
* @access protected
|
|
|
|
|
*/
|
2016-03-04 08:27:29 +00:00
|
|
|
|
protected $user;
|
2012-10-09 09:46:24 +00:00
|
|
|
|
|
|
|
|
|
/**
|
2013-02-14 11:10:53 +00:00
|
|
|
|
* @var object $settings SeedDMS Settings
|
2012-10-09 09:46:24 +00:00
|
|
|
|
* @access protected
|
|
|
|
|
*/
|
2016-03-04 08:27:29 +00:00
|
|
|
|
protected $settings;
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* @var object $aro access request object for caching
|
|
|
|
|
* @access protected
|
|
|
|
|
*/
|
|
|
|
|
private $_aro;
|
2012-10-09 09:46:24 +00:00
|
|
|
|
|
2023-10-13 11:33:14 +00:00
|
|
|
|
/**
|
2024-04-29 11:05:59 +00:00
|
|
|
|
* @var array $legacy_access list of objects with access use for view and controller
|
2023-10-13 11:33:14 +00:00
|
|
|
|
* @access protected
|
|
|
|
|
*/
|
|
|
|
|
private $legacy_access;
|
|
|
|
|
|
2016-03-03 06:39:04 +00:00
|
|
|
|
function __construct($dms, $user, $settings) { /* {{{ */
|
2015-08-07 11:11:50 +00:00
|
|
|
|
$this->dms = $dms;
|
2012-10-09 09:46:24 +00:00
|
|
|
|
$this->user = $user;
|
|
|
|
|
$this->settings = $settings;
|
2023-10-13 11:33:14 +00:00
|
|
|
|
$this->legacy_access['guest'] = array(
|
|
|
|
|
'Calendar',
|
2024-05-02 16:12:10 +00:00
|
|
|
|
'Download',
|
2023-10-13 11:33:14 +00:00
|
|
|
|
'ErrorDlg',
|
|
|
|
|
'Help',
|
|
|
|
|
'Login',
|
|
|
|
|
'Search',
|
|
|
|
|
'ViewDocument',
|
|
|
|
|
'ViewFolder',
|
2024-04-29 11:05:59 +00:00
|
|
|
|
'ViewOnline',
|
2023-10-13 11:33:14 +00:00
|
|
|
|
);
|
|
|
|
|
$this->legacy_access['user'] = array(
|
|
|
|
|
'AddDocument',
|
|
|
|
|
'AddDocumentLink',
|
|
|
|
|
'AddEvent',
|
|
|
|
|
'AddFile',
|
|
|
|
|
'AddSubFolder',
|
|
|
|
|
'AddToTransmittal',
|
|
|
|
|
'ApprovalSummary',
|
|
|
|
|
'ApproveDocument',
|
|
|
|
|
'Calendar',
|
|
|
|
|
'CategoryChooser',
|
|
|
|
|
'ChangePassword',
|
|
|
|
|
'CheckInDocument',
|
|
|
|
|
'Clipboard',
|
|
|
|
|
'Dashboard',
|
|
|
|
|
'DocumentAccess',
|
|
|
|
|
'DocumentChooser',
|
|
|
|
|
'DocumentNotify',
|
|
|
|
|
'DocumentVersionDetail',
|
2024-05-02 16:12:10 +00:00
|
|
|
|
'Download',
|
2023-10-13 11:33:14 +00:00
|
|
|
|
'DropFolderChooser',
|
|
|
|
|
'EditAttributes',
|
|
|
|
|
'EditComment',
|
|
|
|
|
'EditDocumentFile',
|
|
|
|
|
'EditDocument',
|
|
|
|
|
'EditEvent',
|
|
|
|
|
'EditFolder',
|
|
|
|
|
'EditOnline',
|
|
|
|
|
'EditUserData',
|
|
|
|
|
'ErrorDlg',
|
|
|
|
|
'FolderAccess',
|
|
|
|
|
'FolderChooser',
|
|
|
|
|
'FolderNotify',
|
|
|
|
|
'ForcePasswordChange',
|
|
|
|
|
'GroupView',
|
|
|
|
|
'Help',
|
|
|
|
|
'KeywordChooser',
|
|
|
|
|
'Login',
|
|
|
|
|
'ManageNotify',
|
|
|
|
|
'MoveDocument',
|
|
|
|
|
'MoveFolder',
|
|
|
|
|
'MyAccount',
|
|
|
|
|
'MyDocuments',
|
|
|
|
|
'OpensearchDesc',
|
|
|
|
|
'OverrideContentStatus',
|
|
|
|
|
'PasswordForgotten',
|
|
|
|
|
'PasswordSend',
|
|
|
|
|
'ReceiptDocument',
|
|
|
|
|
'ReceiptSummary',
|
|
|
|
|
'RemoveDocumentFile',
|
|
|
|
|
'RemoveDocument',
|
|
|
|
|
'RemoveEvent',
|
|
|
|
|
'RemoveFolderFiles',
|
|
|
|
|
'RemoveFolder',
|
|
|
|
|
'RemoveTransmittal',
|
|
|
|
|
'RemoveVersion',
|
|
|
|
|
'RemoveWorkflowFromDocument',
|
|
|
|
|
'ReturnFromSubWorkflow',
|
|
|
|
|
'ReviewDocument',
|
|
|
|
|
'ReviewSummary',
|
|
|
|
|
'ReviseDocument',
|
|
|
|
|
'RevisionSummary',
|
|
|
|
|
'RewindWorkflow',
|
|
|
|
|
'RunSubWorkflow',
|
|
|
|
|
'Search',
|
|
|
|
|
'Session',
|
|
|
|
|
'SetExpires',
|
|
|
|
|
'SetRecipients',
|
|
|
|
|
'SetReviewersApprovers',
|
|
|
|
|
'SetRevisors',
|
|
|
|
|
'SetWorkflow',
|
|
|
|
|
'SubstituteUser',
|
|
|
|
|
'Tasks',
|
|
|
|
|
'TransmittalMgr',
|
|
|
|
|
'TriggerWorkflow',
|
|
|
|
|
'UpdateDocument',
|
|
|
|
|
'UserDefaultKeywords',
|
|
|
|
|
'UserImage',
|
|
|
|
|
'UsrView',
|
|
|
|
|
'ViewDocument',
|
|
|
|
|
'ViewEvent',
|
|
|
|
|
'ViewFolder',
|
2024-05-02 16:12:10 +00:00
|
|
|
|
'ViewOnline',
|
2023-10-13 11:33:14 +00:00
|
|
|
|
'WorkflowGraph',
|
|
|
|
|
'WorkflowSummary');
|
2012-10-09 09:46:24 +00:00
|
|
|
|
} /* }}} */
|
|
|
|
|
|
2016-03-09 06:44:12 +00:00
|
|
|
|
/**
|
|
|
|
|
* Check if editing of version is allowed
|
|
|
|
|
*
|
|
|
|
|
* This check can only be done for documents. Removal of versions is
|
|
|
|
|
* only allowed if this is turned on in the settings and there are
|
|
|
|
|
* at least 2 versions avaiable. Everybody with write access on the
|
|
|
|
|
* document may delete versions. The admin may even delete a version
|
|
|
|
|
* even if is disallowed in the settings.
|
|
|
|
|
*/
|
2017-08-02 10:14:14 +00:00
|
|
|
|
function mayEditVersion($document, $vno=0) { /* {{{ */
|
2019-09-06 12:51:21 +00:00
|
|
|
|
if($document->isType('document')) {
|
2017-08-02 04:46:44 +00:00
|
|
|
|
if($vno)
|
2017-08-02 10:14:14 +00:00
|
|
|
|
$version = $document->getContentByVersion($vno);
|
2017-08-02 04:46:44 +00:00
|
|
|
|
else
|
2017-08-02 10:14:14 +00:00
|
|
|
|
$version = $document->getLatestContent();
|
2020-05-28 05:59:57 +00:00
|
|
|
|
if (!isset($this->settings->_editOnlineFileTypes) || !is_array($this->settings->_editOnlineFileTypes) || (!in_array(strtolower($version->getFileType()), $this->settings->_editOnlineFileTypes) && !in_array(strtolower($version->getMimeType()), $this->settings->_editOnlineFileTypes)))
|
2016-03-09 06:44:12 +00:00
|
|
|
|
return false;
|
2017-08-02 10:14:14 +00:00
|
|
|
|
if ($document->getAccessMode($this->user) == M_ALL || $this->user->isAdmin()) {
|
2016-03-09 06:44:12 +00:00
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return false;
|
|
|
|
|
} /* }}} */
|
|
|
|
|
|
2012-10-09 09:46:24 +00:00
|
|
|
|
/**
|
|
|
|
|
* Check if removal of version is allowed
|
|
|
|
|
*
|
|
|
|
|
* This check can only be done for documents. Removal of versions is
|
|
|
|
|
* only allowed if this is turned on in the settings and there are
|
|
|
|
|
* at least 2 versions avaiable. Everybody with write access on the
|
|
|
|
|
* document may delete versions. The admin may even delete a version
|
|
|
|
|
* even if is disallowed in the settings.
|
|
|
|
|
*/
|
2016-03-03 06:39:04 +00:00
|
|
|
|
function mayRemoveVersion($document) { /* {{{ */
|
2019-09-06 12:51:21 +00:00
|
|
|
|
if($document->isType('document')) {
|
2016-03-03 06:39:04 +00:00
|
|
|
|
$versions = $document->getContent();
|
2023-10-13 11:36:10 +00:00
|
|
|
|
if ((($this->settings->_enableVersionDeletion && ($document->getAccessMode($this->user, 'removeVersion') == M_ALL)) || $this->user->isAdmin() ) && (count($versions) > 1)) {
|
2012-10-09 09:46:24 +00:00
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return false;
|
|
|
|
|
} /* }}} */
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Check if document status may be overwritten
|
|
|
|
|
*
|
|
|
|
|
* This check can only be done for documents. Overwriting the document
|
|
|
|
|
* status is
|
|
|
|
|
* only allowed if this is turned on in the settings and the current
|
|
|
|
|
* status is either 'releaѕed' or 'obsoleted'.
|
|
|
|
|
* The admin may even modify the status
|
|
|
|
|
* even if is disallowed in the settings.
|
|
|
|
|
*/
|
2016-03-03 06:39:04 +00:00
|
|
|
|
function mayOverrideStatus($document) { /* {{{ */
|
2019-09-06 12:51:21 +00:00
|
|
|
|
if($document->isType('document')) {
|
2016-04-12 05:54:22 +00:00
|
|
|
|
if($latestContent = $document->getLatestContent()) {
|
|
|
|
|
$status = $latestContent->getStatus();
|
2018-02-20 05:15:15 +00:00
|
|
|
|
if ((($this->settings->_enableVersionModification && ($document->getAccessMode($this->user) == M_ALL)) || $this->user->isAdmin()) && ($status["status"]==S_DRAFT || $status["status"]==S_RELEASED || $status["status"]==S_REJECTED || $status["status"]==S_OBSOLETE || $status["status"]==S_NEEDS_CORRECTION)) {
|
2016-04-12 05:54:22 +00:00
|
|
|
|
return true;
|
|
|
|
|
}
|
2012-10-09 09:46:24 +00:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return false;
|
|
|
|
|
} /* }}} */
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Check if reviewers/approvers may be edited
|
|
|
|
|
*
|
|
|
|
|
* This check can only be done for documents. Overwriting the document
|
|
|
|
|
* reviewers/approvers is only allowed if version modification is turned on
|
2017-08-02 08:53:50 +00:00
|
|
|
|
* in the settings and the document has not been reviewed/approved by any
|
|
|
|
|
* user/group already.
|
2019-02-01 08:00:16 +00:00
|
|
|
|
* The admin may even set reviewers/approvers after the review/approval
|
|
|
|
|
* process has been started, but only if _allowChangeRevAppInProcess
|
|
|
|
|
* explicitly allows it.
|
2012-10-09 09:46:24 +00:00
|
|
|
|
*/
|
2016-03-03 06:39:04 +00:00
|
|
|
|
function maySetReviewersApprovers($document) { /* {{{ */
|
2019-09-06 12:51:21 +00:00
|
|
|
|
if($document->isType('document')) {
|
2016-04-12 05:54:22 +00:00
|
|
|
|
if($latestContent = $document->getLatestContent()) {
|
|
|
|
|
$status = $latestContent->getStatus();
|
2017-08-02 10:14:14 +00:00
|
|
|
|
$reviewstatus = $latestContent->getReviewStatus();
|
|
|
|
|
$hasreview = false;
|
|
|
|
|
foreach($reviewstatus as $r) {
|
|
|
|
|
if($r['status'] == 1 || $r['status'] == -1)
|
|
|
|
|
$hasreview = true;
|
|
|
|
|
}
|
|
|
|
|
$approvalstatus = $latestContent->getApprovalStatus();
|
|
|
|
|
$hasapproval = false;
|
|
|
|
|
foreach($approvalstatus as $r) {
|
|
|
|
|
if($r['status'] == 1 || $r['status'] == -1)
|
|
|
|
|
$hasapproval = true;
|
|
|
|
|
}
|
2019-02-01 08:00:16 +00:00
|
|
|
|
if ((($this->settings->_enableVersionModification && ($document->getAccessMode($this->user) == M_ALL)) || $this->user->isAdmin()) && (($status["status"]==S_DRAFT_REV && (!$hasreview || ($this->user->isAdmin() && $this->settings->_allowChangeRevAppInProcess))) || ($status["status"]==S_DRAFT_APP && ((!$hasreview && !$hasapproval) || ($this->user->isAdmin() && $this->settings->_allowChangeRevAppInProcess))) || $status["status"]==S_DRAFT)) {
|
2016-04-12 05:54:22 +00:00
|
|
|
|
return true;
|
|
|
|
|
}
|
2012-10-09 09:46:24 +00:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return false;
|
|
|
|
|
} /* }}} */
|
|
|
|
|
|
2015-04-20 11:44:13 +00:00
|
|
|
|
/**
|
|
|
|
|
* Check if recipients may be edited
|
|
|
|
|
*
|
|
|
|
|
* This check can only be done for documents. Setting the document
|
|
|
|
|
* recipients is only allowed if version modification is turned on
|
|
|
|
|
* in the settings. The
|
2015-04-22 09:41:39 +00:00
|
|
|
|
* admin may even set recipients if is disallowed in the
|
2015-04-20 11:44:13 +00:00
|
|
|
|
* settings.
|
|
|
|
|
*/
|
2016-03-03 06:39:04 +00:00
|
|
|
|
function maySetRecipients($document) { /* {{{ */
|
2019-09-06 12:51:21 +00:00
|
|
|
|
if($document->isType('document')) {
|
2016-04-12 05:54:22 +00:00
|
|
|
|
if($latestContent = $document->getLatestContent()) {
|
|
|
|
|
$status = $latestContent->getStatus();
|
2019-01-31 14:06:45 +00:00
|
|
|
|
if (($this->settings->_enableVersionModification && ($document->getAccessMode($this->user) >= M_READWRITE)) || $this->user->isAdmin()) {
|
2016-04-12 05:54:22 +00:00
|
|
|
|
return true;
|
|
|
|
|
}
|
2015-04-20 11:44:13 +00:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return false;
|
|
|
|
|
} /* }}} */
|
|
|
|
|
|
2015-04-22 09:41:39 +00:00
|
|
|
|
/**
|
2015-05-11 07:30:13 +00:00
|
|
|
|
* Check if revisors may be edited
|
2015-04-22 09:41:39 +00:00
|
|
|
|
*
|
|
|
|
|
* This check can only be done for documents. Setting the document
|
2015-05-11 07:30:13 +00:00
|
|
|
|
* revisors is only allowed if version modification is turned on
|
2015-04-22 09:41:39 +00:00
|
|
|
|
* in the settings. The
|
2015-05-11 07:30:13 +00:00
|
|
|
|
* admin may even set revisors if is disallowed in the
|
2015-04-22 09:41:39 +00:00
|
|
|
|
* settings.
|
|
|
|
|
*/
|
2016-03-03 06:39:04 +00:00
|
|
|
|
function maySetRevisors($document) { /* {{{ */
|
2019-09-06 12:51:21 +00:00
|
|
|
|
if($document->isType('document')) {
|
2016-04-12 05:54:22 +00:00
|
|
|
|
if($latestContent = $document->getLatestContent()) {
|
|
|
|
|
$status = $latestContent->getStatus();
|
2019-11-07 20:59:02 +00:00
|
|
|
|
if ((($this->settings->_enableVersionModification && ($document->getAccessMode($this->user) == M_ALL)) || $this->user->isAdmin()) && ($status["status"]==S_RELEASED || $status["status"]==S_IN_REVISION)) {
|
2016-04-12 05:54:22 +00:00
|
|
|
|
return true;
|
|
|
|
|
}
|
2015-04-22 09:41:39 +00:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return false;
|
|
|
|
|
} /* }}} */
|
|
|
|
|
|
2013-01-24 08:33:03 +00:00
|
|
|
|
/**
|
|
|
|
|
* Check if workflow may be edited
|
|
|
|
|
*
|
|
|
|
|
* This check can only be done for documents. Overwriting the document
|
|
|
|
|
* workflow is only allowed if version modification is turned on
|
|
|
|
|
* in the settings and the document is in it's initial status. The
|
|
|
|
|
* admin may even set the workflow if is disallowed in the
|
|
|
|
|
* settings.
|
|
|
|
|
*/
|
2016-03-03 06:39:04 +00:00
|
|
|
|
function maySetWorkflow($document) { /* {{{ */
|
2019-09-06 12:51:21 +00:00
|
|
|
|
if($document->isType('document')) {
|
2016-04-12 05:54:22 +00:00
|
|
|
|
if($latestContent = $document->getLatestContent()) {
|
|
|
|
|
$workflow = $latestContent->getWorkflow();
|
2021-06-01 09:02:45 +00:00
|
|
|
|
$workflowstate = $latestContent->getWorkflowState();
|
|
|
|
|
if ((($this->settings->_enableVersionModification && ($document->getAccessMode($this->user) == M_ALL)) || $this->user->isAdmin()) && (!$workflow || ($workflowstate && ($workflow->getInitState()->getID() == $workflowstate->getID())))) {
|
2016-04-12 05:54:22 +00:00
|
|
|
|
return true;
|
|
|
|
|
}
|
2013-01-24 08:33:03 +00:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return false;
|
|
|
|
|
} /* }}} */
|
|
|
|
|
|
2012-10-09 09:46:24 +00:00
|
|
|
|
/**
|
|
|
|
|
* Check if expiration date may be set
|
|
|
|
|
*
|
|
|
|
|
* This check can only be done for documents. Setting the documents
|
2013-04-30 15:23:24 +00:00
|
|
|
|
* expiration date is only allowed if the document has not been obsoleted.
|
2012-10-09 09:46:24 +00:00
|
|
|
|
*/
|
2016-03-03 06:39:04 +00:00
|
|
|
|
function maySetExpires($document) { /* {{{ */
|
2019-09-06 12:51:21 +00:00
|
|
|
|
if($document->isType('document')) {
|
2016-04-12 05:54:22 +00:00
|
|
|
|
if($latestContent = $document->getLatestContent()) {
|
|
|
|
|
$status = $latestContent->getStatus();
|
2018-02-05 07:48:53 +00:00
|
|
|
|
if ((($document->getAccessMode($this->user) >= M_READWRITE) || $this->user->isAdmin()) && ($status["status"]!=S_OBSOLETE)) {
|
2016-04-12 05:54:22 +00:00
|
|
|
|
return true;
|
|
|
|
|
}
|
2012-10-09 09:46:24 +00:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return false;
|
|
|
|
|
} /* }}} */
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Check if comment may be edited
|
|
|
|
|
*
|
|
|
|
|
* This check can only be done for documents. Setting the documents
|
|
|
|
|
* comment date is only allowed if version modification is turned on in
|
2021-06-25 06:54:05 +00:00
|
|
|
|
* the settings and the document has not been obsoleted or expired.
|
2012-10-09 09:46:24 +00:00
|
|
|
|
* The admin may set the comment even if is
|
|
|
|
|
* disallowed in the settings.
|
|
|
|
|
*/
|
2016-03-03 06:39:04 +00:00
|
|
|
|
function mayEditComment($document) { /* {{{ */
|
2019-09-06 12:51:21 +00:00
|
|
|
|
if($document->isType('document')) {
|
2021-06-25 06:59:18 +00:00
|
|
|
|
if($document->getAccessMode($this->user) < M_READWRITE)
|
2021-06-25 06:54:05 +00:00
|
|
|
|
return false;
|
2016-03-03 06:39:04 +00:00
|
|
|
|
if($document->isLocked()) {
|
|
|
|
|
$lockingUser = $document->getLockingUser();
|
|
|
|
|
if (($lockingUser->getID() != $this->user->getID()) && ($document->getAccessMode($this->user) != M_ALL)) {
|
2014-06-03 15:50:58 +00:00
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
}
|
2016-04-12 05:54:22 +00:00
|
|
|
|
if($latestContent = $document->getLatestContent()) {
|
|
|
|
|
$status = $latestContent->getStatus();
|
2021-06-25 06:59:18 +00:00
|
|
|
|
if (($this->settings->_enableVersionModification || $this->user->isAdmin()) && !in_array($status["status"], array(S_OBSOLETE, S_EXPIRED))) {
|
2016-04-12 05:54:22 +00:00
|
|
|
|
return true;
|
|
|
|
|
}
|
2012-10-09 09:46:24 +00:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return false;
|
|
|
|
|
} /* }}} */
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Check if attributes may be edited
|
|
|
|
|
*
|
|
|
|
|
* Setting the object attributes
|
|
|
|
|
* is only allowed if version modification is turned on in
|
2021-06-25 06:54:05 +00:00
|
|
|
|
* the settings or the document is still in an approval/review
|
|
|
|
|
* or intial workflow step.
|
2012-10-09 09:46:24 +00:00
|
|
|
|
*/
|
2016-03-03 06:39:04 +00:00
|
|
|
|
function mayEditAttributes($document) { /* {{{ */
|
2019-09-06 12:51:21 +00:00
|
|
|
|
if($document->isType('document')) {
|
2016-04-12 05:54:22 +00:00
|
|
|
|
if($latestContent = $document->getLatestContent()) {
|
|
|
|
|
$status = $latestContent->getStatus();
|
|
|
|
|
$workflow = $latestContent->getWorkflow();
|
2021-06-01 09:02:45 +00:00
|
|
|
|
$workflowstate = $latestContent->getWorkflowState();
|
2021-06-25 06:59:18 +00:00
|
|
|
|
if($document->getAccessMode($this->user) < M_READWRITE)
|
|
|
|
|
return false;
|
|
|
|
|
if ($this->settings->_enableVersionModification || in_array($status["status"], array(S_DRAFT_REV, S_DRAFT_APP, S_IN_REVISION)) || ($workflow && $workflowstate && $workflow->getInitState()->getID() == $workflowstate->getID())) {
|
2016-04-12 05:54:22 +00:00
|
|
|
|
return true;
|
|
|
|
|
}
|
2012-10-09 09:46:24 +00:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return false;
|
|
|
|
|
} /* }}} */
|
2012-10-23 09:17:07 +00:00
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Check if document content may be reviewed
|
|
|
|
|
*
|
2018-01-08 09:49:36 +00:00
|
|
|
|
* Reviewing a document content is only allowed if the document is in
|
|
|
|
|
* review. There are other requirements which are not taken into
|
2012-10-23 09:17:07 +00:00
|
|
|
|
* account here.
|
|
|
|
|
*/
|
2016-03-03 06:39:04 +00:00
|
|
|
|
function mayReview($document) { /* {{{ */
|
2019-09-06 12:51:21 +00:00
|
|
|
|
if($document->isType('document')) {
|
2016-04-12 05:54:22 +00:00
|
|
|
|
if($latestContent = $document->getLatestContent()) {
|
|
|
|
|
$status = $latestContent->getStatus();
|
2018-02-05 07:48:53 +00:00
|
|
|
|
if ($document->getAccessMode($this->user) >= M_READ && $status["status"]==S_DRAFT_REV) {
|
2016-04-12 05:54:22 +00:00
|
|
|
|
return true;
|
|
|
|
|
}
|
2012-10-23 09:17:07 +00:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return false;
|
|
|
|
|
} /* }}} */
|
|
|
|
|
|
2017-01-16 11:59:41 +00:00
|
|
|
|
/**
|
|
|
|
|
* Check if a review maybe edited
|
|
|
|
|
*
|
|
|
|
|
* A review may only be updated by the user who originaly addedd the
|
|
|
|
|
* review and if it is allowed in the settings
|
|
|
|
|
*/
|
2017-01-16 14:52:19 +00:00
|
|
|
|
function mayUpdateReview($document, $updateUser) { /* {{{ */
|
2019-09-06 12:51:21 +00:00
|
|
|
|
if($document->isType('document')) {
|
2018-02-05 07:48:53 +00:00
|
|
|
|
if($this->settings->_enableUpdateRevApp && ($updateUser == $this->user) && $document->getAccessMode($this->user) >= M_READ && !$document->hasExpired()) {
|
2017-01-16 14:52:19 +00:00
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return false;
|
|
|
|
|
} /* }}} */
|
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Check if a approval maybe edited
|
|
|
|
|
*
|
|
|
|
|
* An approval may only be updated by the user who originaly addedd the
|
|
|
|
|
* approval and if it is allowed in the settings
|
|
|
|
|
*/
|
|
|
|
|
function mayUpdateApproval($document, $updateUser) { /* {{{ */
|
2019-09-06 12:51:21 +00:00
|
|
|
|
if($document->isType('document')) {
|
2018-02-05 07:48:53 +00:00
|
|
|
|
if($this->settings->_enableUpdateRevApp && ($updateUser == $this->user) && $document->getAccessMode($this->user) >= M_READ && !$document->hasExpired()) {
|
2017-01-16 11:59:41 +00:00
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return false;
|
|
|
|
|
} /* }}} */
|
|
|
|
|
|
2012-10-23 09:17:07 +00:00
|
|
|
|
/**
|
|
|
|
|
* Check if document content may be approved
|
|
|
|
|
*
|
2018-01-08 09:49:36 +00:00
|
|
|
|
* Approving a document content is only allowed if the document is either
|
|
|
|
|
* in approval status or released. In the second case the approval can be
|
|
|
|
|
* edited.
|
2015-06-15 06:53:39 +00:00
|
|
|
|
* There are other requirements which are not taken into
|
2012-10-23 09:17:07 +00:00
|
|
|
|
* account here.
|
|
|
|
|
*/
|
2016-03-03 06:39:04 +00:00
|
|
|
|
function mayApprove($document) { /* {{{ */
|
2019-09-06 12:51:21 +00:00
|
|
|
|
if($document->isType('document')) {
|
2016-04-12 05:54:22 +00:00
|
|
|
|
if($latestContent = $document->getLatestContent()) {
|
|
|
|
|
$status = $latestContent->getStatus();
|
2018-02-05 07:48:53 +00:00
|
|
|
|
if ($document->getAccessMode($this->user) >= M_READ && $status["status"]==S_DRAFT_APP) {
|
2016-04-12 05:54:22 +00:00
|
|
|
|
return true;
|
|
|
|
|
}
|
2012-10-23 09:17:07 +00:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return false;
|
|
|
|
|
} /* }}} */
|
2015-05-11 07:30:13 +00:00
|
|
|
|
|
2015-06-15 12:13:38 +00:00
|
|
|
|
/**
|
|
|
|
|
* Check if document content may be receipted
|
|
|
|
|
*
|
|
|
|
|
* Reviewing a document content is only allowed if the document was not
|
|
|
|
|
* obsoleted. There are other requirements which are not taken into
|
|
|
|
|
* account here.
|
|
|
|
|
*/
|
2016-03-03 06:39:04 +00:00
|
|
|
|
function mayReceipt($document) { /* {{{ */
|
2019-09-06 12:51:21 +00:00
|
|
|
|
if($document->isType('document')) {
|
2016-04-12 05:54:22 +00:00
|
|
|
|
if($latestContent = $document->getLatestContent()) {
|
|
|
|
|
$status = $latestContent->getStatus();
|
2018-02-05 07:48:53 +00:00
|
|
|
|
if ($document->getAccessMode($this->user) >= M_READ && $status["status"]==S_RELEASED) {
|
2016-04-12 05:54:22 +00:00
|
|
|
|
return true;
|
|
|
|
|
}
|
2015-06-15 12:13:38 +00:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return false;
|
|
|
|
|
} /* }}} */
|
|
|
|
|
|
2017-01-17 13:20:33 +00:00
|
|
|
|
/**
|
|
|
|
|
* Check if a review maybe edited
|
|
|
|
|
*
|
|
|
|
|
* A review may only be updated by the user who originaly addedd the
|
|
|
|
|
* review and if it is allowed in the settings
|
|
|
|
|
*/
|
|
|
|
|
function mayUpdateReceipt($document, $updateUser) { /* {{{ */
|
2019-09-06 12:51:21 +00:00
|
|
|
|
if($document->isType('document')) {
|
2018-02-05 07:48:53 +00:00
|
|
|
|
if($this->settings->_enableUpdateReceipt && ($updateUser == $this->user) && $document->getAccessMode($this->user) >= M_READ && !$document->hasExpired()) {
|
2017-01-17 13:20:33 +00:00
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return false;
|
|
|
|
|
} /* }}} */
|
|
|
|
|
|
2015-05-11 07:30:13 +00:00
|
|
|
|
/**
|
|
|
|
|
* Check if document content may be revised
|
|
|
|
|
*
|
|
|
|
|
* Revising a document content is only allowed if the document was not
|
2016-03-23 16:56:34 +00:00
|
|
|
|
* obsoleted. There may be other requirements which are not taken into
|
2015-05-11 07:30:13 +00:00
|
|
|
|
* account here.
|
|
|
|
|
*/
|
2016-03-03 06:39:04 +00:00
|
|
|
|
function mayRevise($document) { /* {{{ */
|
2019-09-06 12:51:21 +00:00
|
|
|
|
if($document->isType('document')) {
|
2016-04-12 05:54:22 +00:00
|
|
|
|
if($latestContent = $document->getLatestContent()) {
|
|
|
|
|
$status = $latestContent->getStatus();
|
2018-02-05 07:48:53 +00:00
|
|
|
|
if ($document->getAccessMode($this->user) >= M_READ && $status["status"]!=S_OBSOLETE) {
|
2016-04-12 05:54:22 +00:00
|
|
|
|
return true;
|
|
|
|
|
}
|
2015-05-11 07:30:13 +00:00
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return false;
|
|
|
|
|
} /* }}} */
|
|
|
|
|
|
2023-03-13 09:18:14 +00:00
|
|
|
|
/**
|
|
|
|
|
* Check if document content may be checked in
|
|
|
|
|
*
|
|
|
|
|
*
|
|
|
|
|
*/
|
|
|
|
|
function mayCheckIn($document) { /* {{{ */
|
|
|
|
|
if($document->isType('document')) {
|
|
|
|
|
$checkoutinfo = $document->getCheckOutInfo();
|
|
|
|
|
if(!$checkoutinfo)
|
|
|
|
|
return false;
|
|
|
|
|
$info = $checkoutinfo[0];
|
|
|
|
|
if($this->user->getID() == $info['userID'] || $document->getAccessMode($this->user) == M_ALL) {
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
return false;
|
|
|
|
|
} /* }}} */
|
|
|
|
|
|
2023-10-13 11:33:14 +00:00
|
|
|
|
public function allowLegacyAccess($access, $role) { /* {{{ */
|
|
|
|
|
if($role == 'user' || $role == 'guest') {
|
|
|
|
|
$this->legacy_access[$role][] = $access;
|
|
|
|
|
}
|
|
|
|
|
} /* }}} */
|
|
|
|
|
|
2019-11-25 08:31:56 +00:00
|
|
|
|
protected function check_view_legacy_access($view, $get=array()) { /* {{{ */
|
2019-11-20 12:12:11 +00:00
|
|
|
|
if($this->user->isAdmin())
|
|
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
if(is_string($view)) {
|
|
|
|
|
$scripts = array($view);
|
|
|
|
|
} elseif(is_array($view)) {
|
|
|
|
|
$scripts = $view;
|
|
|
|
|
} elseif(is_subclass_of($view, 'SeedDMS_View_Common')) {
|
|
|
|
|
$scripts = array($view->getParam('class'));
|
|
|
|
|
} else {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
2019-11-25 08:31:56 +00:00
|
|
|
|
|
|
|
|
|
if($this->user->isGuest()) {
|
2023-10-13 11:33:14 +00:00
|
|
|
|
$user_allowed = $this->legacy_access['guest'];
|
2019-11-25 08:31:56 +00:00
|
|
|
|
} else {
|
2023-10-13 11:33:14 +00:00
|
|
|
|
$user_allowed = $this->legacy_access['user'];
|
2019-11-25 08:31:56 +00:00
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if(array_intersect($scripts, $user_allowed))
|
2019-11-20 12:12:11 +00:00
|
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
return false;
|
|
|
|
|
} /* }}} */
|
|
|
|
|
|
2024-04-29 11:05:59 +00:00
|
|
|
|
protected function check_controller_legacy_access($controller, $get=array()) { /* {{{ */
|
|
|
|
|
if($this->user->isAdmin())
|
|
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
if(is_string($controller)) {
|
|
|
|
|
$scripts = array($controller);
|
|
|
|
|
} elseif(is_array($controller)) {
|
|
|
|
|
$scripts = $controller;
|
|
|
|
|
} elseif(is_subclass_of($controller, 'SeedDMS_Controller_Common')) {
|
|
|
|
|
$scripts = array($controller->getParam('class'));
|
|
|
|
|
} else {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if($this->user->isGuest()) {
|
|
|
|
|
$user_allowed = $this->legacy_access['guest'];
|
|
|
|
|
} else {
|
|
|
|
|
$user_allowed = $this->legacy_access['user'];
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if(array_intersect($scripts, $user_allowed))
|
|
|
|
|
return true;
|
|
|
|
|
|
|
|
|
|
return false;
|
|
|
|
|
} /* }}} */
|
|
|
|
|
|
2016-03-03 06:39:04 +00:00
|
|
|
|
/**
|
2016-03-04 14:44:11 +00:00
|
|
|
|
* Check for access permission on view
|
2016-03-03 06:39:04 +00:00
|
|
|
|
*
|
2016-03-04 08:27:29 +00:00
|
|
|
|
* If the parameter $view is an array then each element is considered the
|
2016-04-22 06:21:18 +00:00
|
|
|
|
* name of a view and true will be returned if one of them is accessible.
|
2016-04-13 06:48:23 +00:00
|
|
|
|
* Whether access is allowed also depends on the currently logged in user
|
|
|
|
|
* stored in the view object. If the user is an admin the access
|
|
|
|
|
* on a view must be explicitly disallowed. For regular users the access
|
|
|
|
|
* must be explicitly allowed.
|
2016-03-04 08:27:29 +00:00
|
|
|
|
*
|
2016-04-22 06:21:18 +00:00
|
|
|
|
* If advanced access control is turn off, this function will always return
|
|
|
|
|
* true for admins and false for other users.
|
|
|
|
|
*
|
2016-03-04 08:27:29 +00:00
|
|
|
|
* @param mixed $view Instanz of view, name of view or array of view names
|
2016-04-22 06:21:18 +00:00
|
|
|
|
* @param string $get query parameters possible containing the element 'action'
|
2016-04-13 06:48:23 +00:00
|
|
|
|
* @return boolean true if access is allowed, false if access is disallowed
|
|
|
|
|
* no specific access right is set, otherwise false
|
2016-03-03 06:39:04 +00:00
|
|
|
|
*/
|
|
|
|
|
function check_view_access($view, $get=array()) { /* {{{ */
|
2016-04-21 15:19:58 +00:00
|
|
|
|
if(!$this->settings->_advancedAcl) {
|
2019-11-25 08:31:56 +00:00
|
|
|
|
return $this->check_view_legacy_access($view, $get);
|
2016-04-21 15:19:58 +00:00
|
|
|
|
}
|
2016-03-04 08:27:29 +00:00
|
|
|
|
if(is_string($view)) {
|
|
|
|
|
$scripts = array($view);
|
|
|
|
|
} elseif(is_array($view)) {
|
|
|
|
|
$scripts = $view;
|
|
|
|
|
} elseif(is_subclass_of($view, 'SeedDMS_View_Common')) {
|
|
|
|
|
$scripts = array($view->getParam('class'));
|
|
|
|
|
} else {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
2016-03-03 06:39:04 +00:00
|
|
|
|
$scope = 'Views';
|
|
|
|
|
$action = (isset($get['action']) && $get['action']) ? $get['action'] : 'show';
|
|
|
|
|
$acl = new SeedDMS_Acl($this->dms);
|
2016-03-04 08:27:29 +00:00
|
|
|
|
if(!$this->_aro)
|
|
|
|
|
$this->_aro = SeedDMS_Aro::getInstance($this->user->getRole(), $this->dms);
|
|
|
|
|
foreach($scripts as $script) {
|
|
|
|
|
$aco = SeedDMS_Aco::getInstance($scope.'/'.$script.'/'.$action, $this->dms);
|
2016-04-13 06:48:23 +00:00
|
|
|
|
$ll = $acl->check($this->_aro, $aco);
|
|
|
|
|
if($ll === 1 && !$this->user->isAdmin() || $ll !== -1 && $this->user->isAdmin())
|
2016-03-04 08:27:29 +00:00
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
return false;
|
2016-03-03 06:39:04 +00:00
|
|
|
|
} /* }}} */
|
2016-03-04 14:44:11 +00:00
|
|
|
|
|
|
|
|
|
/**
|
|
|
|
|
* Check for access permission on controller
|
|
|
|
|
*
|
|
|
|
|
* If the parameter $controller is an array then each element is considered the
|
|
|
|
|
* name of a controller and true will be returned if one is accesible.
|
2018-03-31 12:40:05 +00:00
|
|
|
|
* If advanced access controll is turn off, this function will return false
|
|
|
|
|
* for guest users and true otherwise.
|
2016-03-04 14:44:11 +00:00
|
|
|
|
*
|
|
|
|
|
* @param mixed $controller Instanz of controller, name of controller or array of controller names
|
|
|
|
|
* @param string $get query parameters
|
|
|
|
|
* @return boolean true if access is allowed otherwise false
|
|
|
|
|
*/
|
|
|
|
|
function check_controller_access($controller, $get=array()) { /* {{{ */
|
2018-03-31 12:28:57 +00:00
|
|
|
|
if(!$this->settings->_advancedAcl) {
|
2024-04-29 11:05:59 +00:00
|
|
|
|
return $this->check_controller_legacy_access($controller, $get);
|
|
|
|
|
/*
|
2018-03-31 12:28:57 +00:00
|
|
|
|
if($this->user->isGuest())
|
|
|
|
|
return false;
|
2021-03-25 15:37:56 +00:00
|
|
|
|
elseif($this->user->isAdmin())
|
|
|
|
|
return true;
|
|
|
|
|
else {
|
|
|
|
|
if($controller == 'AddDocument' && isset($get['action']) && $get['action'] == 'setOwner')
|
|
|
|
|
return false;
|
2018-03-31 12:28:57 +00:00
|
|
|
|
return true;
|
2021-03-25 15:37:56 +00:00
|
|
|
|
}
|
2024-04-29 11:05:59 +00:00
|
|
|
|
*/
|
2018-03-31 12:28:57 +00:00
|
|
|
|
}
|
2016-03-04 14:44:11 +00:00
|
|
|
|
if(is_string($controller)) {
|
|
|
|
|
$scripts = array($controller);
|
|
|
|
|
} elseif(is_array($controller)) {
|
|
|
|
|
$scripts = $controller;
|
|
|
|
|
} elseif(is_subclass_of($controller, 'SeedDMS_Controller_Common')) {
|
|
|
|
|
$scripts = array($controller->getParam('class'));
|
|
|
|
|
} else {
|
|
|
|
|
return false;
|
|
|
|
|
}
|
|
|
|
|
$scope = 'Controllers';
|
|
|
|
|
$action = (isset($get['action']) && $get['action']) ? $get['action'] : 'run';
|
|
|
|
|
$acl = new SeedDMS_Acl($this->dms);
|
|
|
|
|
if(!$this->_aro)
|
|
|
|
|
$this->_aro = SeedDMS_Aro::getInstance($this->user->getRole(), $this->dms);
|
|
|
|
|
foreach($scripts as $script) {
|
|
|
|
|
$aco = SeedDMS_Aco::getInstance($scope.'/'.$script.'/'.$action, $this->dms);
|
2016-04-13 16:29:58 +00:00
|
|
|
|
$ll = $acl->check($this->_aro, $aco);
|
|
|
|
|
if($ll === 1 && !$this->user->isAdmin() || $ll !== -1 && $this->user->isAdmin())
|
2016-03-04 14:44:11 +00:00
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
return false;
|
|
|
|
|
} /* }}} */
|
2012-10-09 09:46:24 +00:00
|
|
|
|
}
|