diff --git a/CHANGELOG b/CHANGELOG index f78ccd3b3..3000592e4 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -195,6 +195,7 @@ - reviewers/approvers can only be modified by users with unrestricted access and as long as no reviewer/approver has reviewed/approved the document - use only svg icons for mimetypes +- add check for processes (reviews/approvals) where the user/group is deleted -------------------------------------------------------------------------------- Changes in version 4.3.35 diff --git a/SeedDMS_Core/Core/inc.ClassDMS.php b/SeedDMS_Core/Core/inc.ClassDMS.php index 6d84fc36e..87ae6af8c 100644 --- a/SeedDMS_Core/Core/inc.ClassDMS.php +++ b/SeedDMS_Core/Core/inc.ClassDMS.php @@ -3099,6 +3099,44 @@ class SeedDMS_Core_DMS { return $this->db->getResultArray($queryStr); } /* }}} */ + /** + * Removes all reviews, approvals which are not linked + * to a user, group anymore + * + * This method is for removing all reviews or approvals whose user + * or group was deleted and not just removed from the process. + * If the optional parameter $id is set, only this user/group id is removed. + */ + function removeProcessWithoutUserGroup($process, $usergroup, $id=0) { /* {{{ */ + /* Entries of tblDocumentReviewLog or tblDocumentApproveLog are deleted + * because of CASCADE ON + */ + switch($process) { + case 'review': + $queryStr = "DELETE FROM tblDocumentReviewers"; + break; + case 'approval': + $queryStr = "DELETE FROM tblDocumentApprovers"; + break; + } + $queryStr .= " WHERE"; + switch($usergroup) { + case 'user': + $queryStr .= " type=0 AND"; + if($id) + $queryStr .= " required=".((int) $id)." AND"; + $queryStr .= " required NOT IN (SELECT id FROM tblUsers)"; + break; + case 'group': + $queryStr .= " type=1 AND"; + if($id) + $queryStr .= " required=".((int) $id)." AND"; + $queryStr .= " required NOT IN (SELECT id FROM tblGroups)"; + break; + } + return $this->db->getResultArray($queryStr); + } /* }}} */ + /** * Returns statitical information * diff --git a/out/out.Timeline.php b/out/out.Timeline.php index fe2f91210..8ab9eb86d 100644 --- a/out/out.Timeline.php +++ b/out/out.Timeline.php @@ -30,7 +30,7 @@ $tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME'])); $view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user)); $accessop = new SeedDMS_AccessOperation($dms, $user, $settings); if (!$accessop->check_view_access($view, $_GET)) { - UI::exitError(getMLText("admin_tools"),getMLText("access_denied")); + $view->exitError(getMLText("admin_tools"),getMLText("access_denied")); } $rootfolder = $dms->getFolder($settings->_rootFolderID); @@ -53,6 +53,8 @@ if(isset($_GET['version']) && $_GET['version'] && is_numeric($_GET['version'])) $content = null; if($view) { + $view->setParam('dms', $dms); + $view->setParam('user', $user); $view->setParam('fromdate', isset($_GET['fromdate']) ? $_GET['fromdate'] : ''); $view->setParam('todate', isset($_GET['todate']) ? $_GET['todate'] : ''); $view->setParam('skip', $skip);