Merge branch 'seeddms-5.1.x' into seeddms-6.0.x

inc/inc.ClassAccessOperation.php

@@ -47,10 +47,108 @@ class SeedDMS_AccessOperation {
 	 */
 	private $_aro;
 
+	/**
+	 * @var array $legacy_access list of objects with access
+	 * @access protected
+	 */
+	private $legacy_access;
+
 	function __construct($dms, $user, $settings) { /* {{{ */
 		$this->dms = $dms;
 		$this->user = $user;
 		$this->settings = $settings;
+		$this->legacy_access['guest'] = array(
+			'Calendar',
+			'ErrorDlg',
+			'Help',
+			'Login',
+			'Search',
+			'ViewDocument',
+			'ViewFolder',
+		);
+		$this->legacy_access['user'] = array(
+			'AddDocument',
+			'AddDocumentLink',
+			'AddEvent',
+			'AddFile',
+			'AddSubFolder',
+			'AddToTransmittal',
+			'ApprovalSummary',
+			'ApproveDocument',
+			'Calendar',
+			'CategoryChooser',
+			'ChangePassword',
+			'CheckInDocument',
+			'Clipboard',
+			'Dashboard',
+			'DocumentAccess',
+			'DocumentChooser',
+			'DocumentNotify',
+			'DocumentVersionDetail',
+			'DropFolderChooser',
+			'EditAttributes',
+			'EditComment',
+			'EditDocumentFile',
+			'EditDocument',
+			'EditEvent',
+			'EditFolder',
+			'EditOnline',
+			'EditUserData',
+			'ErrorDlg',
+			'FolderAccess',
+			'FolderChooser',
+			'FolderNotify',
+			'ForcePasswordChange',
+			'GroupView',
+			'Help',
+			'KeywordChooser',
+			'Login',
+			'ManageNotify',
+			'MoveDocument',
+			'MoveFolder',
+			'MyAccount',
+			'MyDocuments',
+			'OpensearchDesc',
+			'OverrideContentStatus',
+			'PasswordForgotten',
+			'PasswordSend',
+			'ReceiptDocument',
+			'ReceiptSummary',
+			'RemoveDocumentFile',
+			'RemoveDocument',
+			'RemoveEvent',
+			'RemoveFolderFiles',
+			'RemoveFolder',
+			'RemoveTransmittal',
+			'RemoveVersion',
+			'RemoveWorkflowFromDocument',
+			'ReturnFromSubWorkflow',
+			'ReviewDocument',
+			'ReviewSummary',
+			'ReviseDocument',
+			'RevisionSummary',
+			'RewindWorkflow',
+			'RunSubWorkflow',
+			'Search',
+			'Session',
+			'SetExpires',
+			'SetRecipients',
+			'SetReviewersApprovers',
+			'SetRevisors',
+			'SetWorkflow',
+			'SubstituteUser',
+			'Tasks',
+			'TransmittalMgr',
+			'TriggerWorkflow',
+			'UpdateDocument',
+			'UserDefaultKeywords',
+			'UserImage',
+			'UsrView',
+			'ViewDocument',
+			'ViewEvent',
+			'ViewFolder',
+			'WorkflowGraph',
+			'WorkflowSummary');
 	} /* }}} */
 
 	/**
@@ -89,7 +187,7 @@ class SeedDMS_AccessOperation {
 	function mayRemoveVersion($document) { /* {{{ */
 		if($document->isType('document')) {
 			$versions = $document->getContent();
-			if ((($this->settings->_enableVersionDeletion && ($document->getAccessMode($this->user) == M_ALL)) || $this->user->isAdmin() ) && (count($versions) > 1)) {
+			if ((($this->settings->_enableVersionDeletion && ($document->getAccessMode($this->user, 'removeVersion') == M_ALL)) || $this->user->isAdmin() ) && (count($versions) > 1)) {
 				return true;
 			}
 		}
@@ -429,6 +527,12 @@ class SeedDMS_AccessOperation {
 		return false;
 	} /* }}} */
 
+	public function allowLegacyAccess($access, $role) { /* {{{ */
+		if($role == 'user' || $role == 'guest') {
+			$this->legacy_access[$role][] = $access;
+		}
+	} /* }}} */
+
 	protected function check_view_legacy_access($view, $get=array()) { /* {{{ */
 		if($this->user->isAdmin())
 			return true;
@@ -444,99 +548,9 @@ class SeedDMS_AccessOperation {
 		}
 
 		if($this->user->isGuest()) {
-			$user_allowed = array(
+			$user_allowed = $this->legacy_access['guest'];
-				'Calendar',
-				'ErrorDlg',
-				'Help',
-				'Login',
-				'Search',
-				'ViewDocument',
-				'ViewFolder',
-			);
 		} else {
-			$user_allowed = array(
+			$user_allowed = $this->legacy_access['user'];
-				'AddDocument',
-				'AddDocumentLink',
-				'AddEvent',
-				'AddFile',
-				'AddSubFolder',
-				'AddToTransmittal',
-				'ApprovalSummary',
-				'ApproveDocument',
-				'Calendar',
-				'CategoryChooser',
-				'ChangePassword',
-				'CheckInDocument',
-				'Clipboard',
-				'Dashboard',
-				'DocumentAccess',
-				'DocumentChooser',
-				'DocumentNotify',
-				'DocumentVersionDetail',
-				'DropFolderChooser',
-				'EditAttributes',
-				'EditComment',
-				'EditDocumentFile',
-				'EditDocument',
-				'EditEvent',
-				'EditFolder',
-				'EditOnline',
-				'EditUserData',
-				'ErrorDlg',
-				'FolderAccess',
-				'FolderChooser',
-				'FolderNotify',
-				'ForcePasswordChange',
-				'GroupView',
-				'Help',
-				'KeywordChooser',
-				'Login',
-				'ManageNotify',
-				'MoveDocument',
-				'MoveFolder',
-				'MyAccount',
-				'MyDocuments',
-				'OpensearchDesc',
-				'OverrideContentStatus',
-				'PasswordForgotten',
-				'PasswordSend',
-				'ReceiptDocument',
-				'ReceiptSummary',
-				'RemoveDocumentFile',
-				'RemoveDocument',
-				'RemoveEvent',
-				'RemoveFolderFiles',
-				'RemoveFolder',
-				'RemoveTransmittal',
-				'RemoveVersion',
-				'RemoveWorkflowFromDocument',
-				'ReturnFromSubWorkflow',
-				'ReviewDocument',
-				'ReviewSummary',
-				'ReviseDocument',
-				'RevisionSummary',
-				'RewindWorkflow',
-				'RunSubWorkflow',
-				'Search',
-				'Session',
-				'SetExpires',
-				'SetRecipients',
-				'SetReviewersApprovers',
-				'SetRevisors',
-				'SetWorkflow',
-				'SubstituteUser',
-				'Tasks',
-				'TransmittalMgr',
-				'TriggerWorkflow',
-				'UpdateDocument',
-				'UserDefaultKeywords',
-				'UserImage',
-				'UsrView',
-				'ViewDocument',
-				'ViewEvent',
-				'ViewFolder',
-				'WorkflowGraph',
-				'WorkflowSummary');
 		}
 
 		if(array_intersect($scripts, $user_allowed))

op/op.RemoveVersion.php

@@ -43,8 +43,12 @@ if (!is_object($document)) {
 	UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id"));
 }
 
-if (!$settings->_enableVersionDeletion && !$user->isAdmin()) {
+/* Create object for checking access to certain operations */
-	UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("access_denied"));
+$accessop = new SeedDMS_AccessOperation($dms, $document, $user, $settings);
+
+// verify if document may be reviewed
+if (!$accessop->mayRemoveVersion()){
+	UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
 }
 
 if ($document->getAccessMode($user, 'removeVersion') < M_ALL) {