gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-02-11 09:35:00 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge branch 'seeddms-5.1.x' into seeddms-6.0.x

Browse Source
This commit is contained in:
Uwe Steinmann 2023-10-13 13:36:10 +02:00
commit 04b63531c7
2 changed files with 113 additions and 95 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

200
inc/inc.ClassAccessOperation.php
View File

@ -47,10 +47,108 @@ class SeedDMS_AccessOperation {
*/
private $_aro;
/**
* @var array $legacy_access list of objects with access
* @access protected
*/
private $legacy_access;
function __construct($dms, $user, $settings) { /* {{{ */
$this->dms = $dms;
$this->user = $user;
$this->settings = $settings;
$this->legacy_access['guest'] = array(
'Calendar',
'ErrorDlg',
'Help',
'Login',
'Search',
'ViewDocument',
'ViewFolder',
);
$this->legacy_access['user'] = array(
'AddDocument',
'AddDocumentLink',
'AddEvent',
'AddFile',
'AddSubFolder',
'AddToTransmittal',
'ApprovalSummary',
'ApproveDocument',
'Calendar',
'CategoryChooser',
'ChangePassword',
'CheckInDocument',
'Clipboard',
'Dashboard',
'DocumentAccess',
'DocumentChooser',
'DocumentNotify',
'DocumentVersionDetail',
'DropFolderChooser',
'EditAttributes',
'EditComment',
'EditDocumentFile',
'EditDocument',
'EditEvent',
'EditFolder',
'EditOnline',
'EditUserData',
'ErrorDlg',
'FolderAccess',
'FolderChooser',
'FolderNotify',
'ForcePasswordChange',
'GroupView',
'Help',
'KeywordChooser',
'Login',
'ManageNotify',
'MoveDocument',
'MoveFolder',
'MyAccount',
'MyDocuments',
'OpensearchDesc',
'OverrideContentStatus',
'PasswordForgotten',
'PasswordSend',
'ReceiptDocument',
'ReceiptSummary',
'RemoveDocumentFile',
'RemoveDocument',
'RemoveEvent',
'RemoveFolderFiles',
'RemoveFolder',
'RemoveTransmittal',
'RemoveVersion',
'RemoveWorkflowFromDocument',
'ReturnFromSubWorkflow',
'ReviewDocument',
'ReviewSummary',
'ReviseDocument',
'RevisionSummary',
'RewindWorkflow',
'RunSubWorkflow',
'Search',
'Session',
'SetExpires',
'SetRecipients',
'SetReviewersApprovers',
'SetRevisors',
'SetWorkflow',
'SubstituteUser',
'Tasks',
'TransmittalMgr',
'TriggerWorkflow',
'UpdateDocument',
'UserDefaultKeywords',
'UserImage',
'UsrView',
'ViewDocument',
'ViewEvent',
'ViewFolder',
'WorkflowGraph',
'WorkflowSummary');
} /* }}} */
/**
@ -89,7 +187,7 @@ class SeedDMS_AccessOperation {
function mayRemoveVersion($document) { /* {{{ */
if($document->isType('document')) {
$versions = $document->getContent();
if ((($this->settings->_enableVersionDeletion && ($document->getAccessMode($this->user) == M_ALL)) || $this->user->isAdmin() ) && (count($versions) > 1)) {
if ((($this->settings->_enableVersionDeletion && ($document->getAccessMode($this->user, 'removeVersion') == M_ALL)) || $this->user->isAdmin() ) && (count($versions) > 1)) {
return true;
}
}
@ -429,6 +527,12 @@ class SeedDMS_AccessOperation {
return false;
} /* }}} */
public function allowLegacyAccess($access, $role) { /* {{{ */
if($role == 'user' || $role == 'guest') {
$this->legacy_access[$role][] = $access;
}
} /* }}} */
protected function check_view_legacy_access($view, $get=array()) { /* {{{ */
if($this->user->isAdmin())
return true;
@ -444,99 +548,9 @@ class SeedDMS_AccessOperation {
}
if($this->user->isGuest()) {
$user_allowed = array(
'Calendar',
'ErrorDlg',
'Help',
'Login',
'Search',
'ViewDocument',
'ViewFolder',
);
$user_allowed = $this->legacy_access['guest'];
} else {
$user_allowed = array(
'AddDocument',
'AddDocumentLink',
'AddEvent',
'AddFile',
'AddSubFolder',
'AddToTransmittal',
'ApprovalSummary',
'ApproveDocument',
'Calendar',
'CategoryChooser',
'ChangePassword',
'CheckInDocument',
'Clipboard',
'Dashboard',
'DocumentAccess',
'DocumentChooser',
'DocumentNotify',
'DocumentVersionDetail',
'DropFolderChooser',
'EditAttributes',
'EditComment',
'EditDocumentFile',
'EditDocument',
'EditEvent',
'EditFolder',
'EditOnline',
'EditUserData',
'ErrorDlg',
'FolderAccess',
'FolderChooser',
'FolderNotify',
'ForcePasswordChange',
'GroupView',
'Help',
'KeywordChooser',
'Login',
'ManageNotify',
'MoveDocument',
'MoveFolder',
'MyAccount',
'MyDocuments',
'OpensearchDesc',
'OverrideContentStatus',
'PasswordForgotten',
'PasswordSend',
'ReceiptDocument',
'ReceiptSummary',
'RemoveDocumentFile',
'RemoveDocument',
'RemoveEvent',
'RemoveFolderFiles',
'RemoveFolder',
'RemoveTransmittal',
'RemoveVersion',
'RemoveWorkflowFromDocument',
'ReturnFromSubWorkflow',
'ReviewDocument',
'ReviewSummary',
'ReviseDocument',
'RevisionSummary',
'RewindWorkflow',
'RunSubWorkflow',
'Search',
'Session',
'SetExpires',
'SetRecipients',
'SetReviewersApprovers',
'SetRevisors',
'SetWorkflow',
'SubstituteUser',
'Tasks',
'TransmittalMgr',
'TriggerWorkflow',
'UpdateDocument',
'UserDefaultKeywords',
'UserImage',
'UsrView',
'ViewDocument',
'ViewEvent',
'ViewFolder',
'WorkflowGraph',
'WorkflowSummary');
$user_allowed = $this->legacy_access['user'];
}
if(array_intersect($scripts, $user_allowed))

8
op/op.RemoveVersion.php
View File

@ -43,8 +43,12 @@ if (!is_object($document)) {
UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id"));
}
if (!$settings->_enableVersionDeletion && !$user->isAdmin()) {
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("access_denied"));
/* Create object for checking access to certain operations */
$accessop = new SeedDMS_AccessOperation($dms, $document, $user, $settings);
// verify if document may be reviewed
if (!$accessop->mayRemoveVersion()){
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
}
if ($document->getAccessMode($user, 'removeVersion') < M_ALL) {