allow removal of reviews

2025-02-06 07:04:57 +00:00 · 2021-07-01 12:17:04 +02:00 · 2021-07-01 12:17:04 +02:00 · 1360fbc478
commit 1360fbc478
parent d6419d38ef
5 changed files with 317 additions and 0 deletions
--- a/op/op.RemoveReviewLog.php
+++ b/op/op.RemoveReviewLog.php
@ -0,0 +1,99 @@
+<?php
+//    MyDMS. Document Management System
+//    Copyright (C) 2002-2005  Markus Westphal
+//    Copyright (C) 2006-2008 Malcolm Cowe
+//    Copyright (C) 2010 Matteo Lucarelli
+//    Copyright (C) 2010-2021 Uwe Steinmann
+//
+//    This program is free software; you can redistribute it and/or modify
+//    it under the terms of the GNU General Public License as published by
+//    the Free Software Foundation; either version 2 of the License, or
+//    (at your option) any later version.
+//
+//    This program is distributed in the hope that it will be useful,
+//    but WITHOUT ANY WARRANTY; without even the implied warranty of
+//    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+//    GNU General Public License for more details.
+//
+//    You should have received a copy of the GNU General Public License
+//    along with this program; if not, write to the Free Software
+//    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+
+include("../inc/inc.Settings.php");
+include("../inc/inc.LogInit.php");
+include("../inc/inc.Utils.php");
+include("../inc/inc.Language.php");
+include("../inc/inc.Init.php");
+include("../inc/inc.Extension.php");
+include("../inc/inc.DBInit.php");
+include("../inc/inc.ClassAccessOperation.php");
+include("../inc/inc.Authentication.php");
+include("../inc/inc.ClassUI.php");
+
+/* Check if the form data comes from a trusted request */
+if(!checkFormKey('removereviewlog')) {
+	UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_request_token"))),getMLText("invalid_request_token"));
+}
+
+if (!isset($_POST["documentid"]) || !is_numeric($_POST["documentid"]) || intval($_POST["documentid"])<1) {
+	UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id"));
+}
+
+$documentid = $_POST["documentid"];
+$document = $dms->getDocument($documentid);
+
+if (!is_object($document)) {
+	UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id"));
+}
+
+if (!$user->isAdmin() || $document->getAccessMode($user) < M_ALL) {
+	UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
+}
+
+if (!isset($_POST["version"]) || !is_numeric($_POST["version"]) || intval($_POST["version"])<1) {
+	UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_version"));
+}
+
+$version = $_POST["version"];
+$content = $document->getContentByVersion($version);
+
+if (!is_object($content)) {
+	UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_version"));
+}
+
+// operation is only allowed for the last document version
+$latestContent = $document->getLatestContent();
+if ($latestContent->getVersion()!=$version) {
+	UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_version"));
+}
+
+if (!isset($_POST["reviewid"]) || !is_numeric($_POST["reviewid"]) || intval($_POST["reviewid"])<1) {
+	UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("invalid_reviewid"));
+}
+$reviewid = $_POST['reviewid'];
+$reviews = $latestContent->getReviewStatus();
+$reviewStatus = null;
+foreach($reviews as $review) {
+	if($review['reviewID'] == $reviewid) {
+		$reviewStatus = $review;
+		break;
+	}
+}
+if(!$reviewStatus) {
+	UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("invalid_reviewid"));
+}
+
+if($reviewStatus['type'] == 0) {
+	$ruser = $dms->getUser($reviewStatus['required']);
+	$msg = getMLText('ind_review_removed', array('name'=>$ruser->getFullName()));
+} elseif($reviewStatus['type'] == 1) {
+	$rgroup = $dms->getGroup($reviewStatus['required']);
+	$msg = getMLText('group_review_removed', array('name'=>$rgroup->getName()));
+} else
+	UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("invalid_reviewid"));
+
+$comment = $_POST["comment"];
+if(0 == $latestContent->removeReview($reviewid, $user, $comment)) {
+	$latestContent->verifyStatus(true, $user, $msg);
+}
+header("Location:../out/out.ViewDocument.php?documentid=".$documentid."&currenttab=revapp");
--- a/out/out.RemoveReviewLog.php
+++ b/out/out.RemoveReviewLog.php
@ -0,0 +1,88 @@
+<?php
+//    MyDMS. Document Management System
+//    Copyright (C) 2002-2005 Markus Westphal
+//    Copyright (C) 2006-2008 Malcolm Cowe
+//    Copyright (C) 2010 Matteo Lucarelli
+//    Copyright (C) 2010-2016 Uwe Steinmann
+//
+//    This program is free software; you can redistribute it and/or modify
+//    it under the terms of the GNU General Public License as published by
+//    the Free Software Foundation; either version 2 of the License, or
+//    (at your option) any later version.
+//
+//    This program is distributed in the hope that it will be useful,
+//    but WITHOUT ANY WARRANTY; without even the implied warranty of
+//    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+//    GNU General Public License for more details.
+//
+//    You should have received a copy of the GNU General Public License
+//    along with this program; if not, write to the Free Software
+//    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+
+if(!isset($settings))
+	require_once("../inc/inc.Settings.php");
+require_once("inc/inc.LogInit.php");
+require_once("inc/inc.Utils.php");
+require_once("inc/inc.Language.php");
+require_once("inc/inc.Init.php");
+require_once("inc/inc.Extension.php");
+require_once("inc/inc.DBInit.php");
+require_once("inc/inc.ClassUI.php");
+require_once("inc/inc.ClassAccessOperation.php");
+require_once("inc/inc.Authentication.php");
+
+if (!isset($_GET["documentid"]) || !is_numeric($_GET["documentid"]) || intval($_GET["documentid"])<1) {
+	UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id"));
+}
+
+$document = $dms->getDocument(intval($_GET["documentid"]));
+
+if (!is_object($document)) {
+	UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id"));
+}
+
+$folder = $document->getFolder();
+
+if (!$user->isAdmin() || $document->getAccessMode($user) < M_ALL) {
+	UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("access_denied"));
+}
+
+if (!isset($_GET["version"]) || !is_numeric($_GET["version"]) || intval($_GET["version"])<1) {
+	UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("invalid_version"));
+}
+$version = $_GET["version"];
+$content = $document->getContentByVersion($version);
+if (!is_object($content)) {
+	UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("invalid_version"));
+}
+
+// operation is admitted only for last document version
+$latestContent = $document->getLatestContent();
+if ($latestContent->getVersion()!=$version) {
+	UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("invalid_version"));
+}
+
+if (!isset($_GET["reviewid"]) || !is_numeric($_GET["reviewid"]) || intval($_GET["reviewid"])<1) {
+	UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("invalid_reviewid"));
+}
+$reviewid = $_GET['reviewid'];
+
+/* Create object for checking access to certain operations */
+$accessop = new SeedDMS_AccessOperation($dms, $document, $user, $settings);
+
+$reviews = $content->getReviewStatus();
+if(!$reviews) {
+	UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("no_action"));
+}
+
+$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
+$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
+if($view) {
+	$view->setParam('folder', $folder);
+	$view->setParam('document', $document);
+	$view->setParam('version', $content);
+	$view->setParam('reviewid', $reviewid);
+	$view->setParam('accessobject', $accessop);
+	$view($_GET);
+	exit;
+}
--- a/out/out.ViewDocument.php
+++ b/out/out.ViewDocument.php
@ -71,6 +71,7 @@ if($view) {
 	$view->setParam('accessobject', $accessop);
 	$view->setParam('viewonlinefiletypes', $settings->_viewOnlineFileTypes);
 	$view->setParam('enableownerrevapp', $settings->_enableOwnerRevApp);
+	$view->setParam('enableremoverevapp', $settings->_enableRemoveRevApp);
 	$view->setParam('cachedir', $settings->_cacheDir);
 	$view->setParam('workflowmode', $settings->_workflowMode);
 	$view->setParam('previewWidthList', $settings->_previewWidthList);
--- a/views/bootstrap/class.RemoveReviewLog.php
+++ b/views/bootstrap/class.RemoveReviewLog.php
@ -0,0 +1,126 @@
+<?php
+/**
+ * Implementation of ReviewDocument view
+ *
+ * @category   DMS
+ * @package    SeedDMS
+ * @license    GPL 2
+ * @version    @version@
+ * @author     Uwe Steinmann <uwe@steinmann.cx>
+ * @copyright  Copyright (C) 2002-2005 Markus Westphal,
+ *             2006-2008 Malcolm Cowe, 2010 Matteo Lucarelli,
+ *             2010-2012 Uwe Steinmann
+ * @version    Release: @package_version@
+ */
+
+/**
+ * Include parent class
+ */
+//require_once("class.Bootstrap.php");
+
+/**
+ * Class which outputs the html page for ReviewDocument view
+ *
+ * @category   DMS
+ * @package    SeedDMS
+ * @author     Markus Westphal, Malcolm Cowe, Uwe Steinmann <uwe@steinmann.cx>
+ * @copyright  Copyright (C) 2002-2005 Markus Westphal,
+ *             2006-2008 Malcolm Cowe, 2010 Matteo Lucarelli,
+ *             2010-2012 Uwe Steinmann
+ * @version    Release: @package_version@
+ */
+class SeedDMS_View_RemoveReviewLog extends SeedDMS_Theme_Style {
+
+	function js() { /* {{{ */
+		header('Content-Type: application/javascript; charset=UTF-8');
+		parent::jsTranslations(array('js_form_error', 'js_form_errors'));
+?>
+$(document).ready(function() {
+	$("#form1").validate({
+		rules: {
+			comment: {
+				required: true
+			},
+		},
+		messages: {
+			comment: "<?php printMLText("js_no_comment");?>",
+		},
+	});
+});
+<?php
+		$this->printFileChooserJs();
+	} /* }}} */
+
+	function show() { /* {{{ */
+		$dms = $this->params['dms'];
+		$user = $this->params['user'];
+		$folder = $this->params['folder'];
+		$document = $this->params['document'];
+		$content = $this->params['version'];
+		$reviewid = $this->params['reviewid'];
+
+		$reviews = $content->getReviewStatus();
+		foreach($reviews as $review) {
+			if($review['reviewID'] == $reviewid) {
+				$reviewStatus = $review;
+				break;
+			}
+		}
+
+		$this->htmlAddHeader('<script type="text/javascript" src="../views/'.$this->theme.'/vendors/jquery-validation/jquery.validate.js"></script>'."\n", 'js');
+		$this->htmlAddHeader('<script type="text/javascript" src="../views/'.$this->theme.'/styles/validation-default.js"></script>'."\n", 'js');
+
+		$this->htmlStartPage(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))));
+		$this->globalNavigation($folder);
+		$this->contentStart();
+		$this->pageNavigation($this->getFolderPathHTML($folder, true, $document), "view_document", $document);
+		$this->contentHeading(getMLText("remove_review_log"));
+		$this->warningMsg(getMLText('warning_remove_review_log'));
+
+		// Display the Review form.
+		if($reviewStatus["status"]!=0) {
+
+			print "<table class=\"table table-content table-sm\"><thead><tr>";
+			print "<th>".getMLText("status")."</th>";
+			print "<th>".getMLText("comment")."</th>";
+			print "<th>".getMLText("last_update")."</th>";
+			print "</tr></thead><tbody><tr>";
+			print "<td>";
+			printReviewStatusText($reviewStatus["status"]);
+			print "</td>";
+			print "<td>".htmlspecialchars($reviewStatus["comment"])."</td>";
+			$indUser = $dms->getUser($reviewStatus["userID"]);
+			print "<td>".$reviewStatus["date"]." - ". htmlspecialchars($indUser->getFullname()) ."</td>";
+			print "</tr></tbody></table><br>\n";
+		}
+?>
+	<form method="post" action="../op/op.RemoveReviewLog.php" id="form1" name="form1">
+	<?php echo createHiddenFieldWithKey('removereviewlog'); ?>
+<?php
+		$this->contentContainerStart();
+
+		$this->formField(
+			getMLText("comment"),
+			array(
+				'element'=>'textarea',
+				'name'=>'comment',
+				'required'=>true,
+				'rows'=>4,
+				'cols'=>80
+			)
+		);
+		$this->contentContainerEnd();
+
+		$this->formSubmit('<i class="fa fa-remove"></i> '.getMLText('remove_review_log'));
+?>
+	<input type='hidden' name='reviewid' value='<?= $reviewid ?>'/>
+	<input type='hidden' name='documentid' value='<?= $document->getID() ?>'/>
+	<input type='hidden' name='version' value='<?= $content->getVersion() ?>'/>
+	</form>
+<?php
+		$this->contentEnd();
+		$this->htmlEndPage();
+	} /* }}} */
+}
+?>
+
--- a/views/bootstrap/class.ViewDocument.php
+++ b/views/bootstrap/class.ViewDocument.php
@ -647,6 +647,7 @@ $(document).ready( function() {
 		$accessop = $this->params['accessobject'];
 		$viewonlinefiletypes = $this->params['viewonlinefiletypes'];
 		$enableownerrevapp = $this->params['enableownerrevapp'];
+		$enableremoverevapp = $this->params['enableremoverevapp'];
 		$workflowmode = $this->params['workflowmode'];
 		$cachedir = $this->params['cachedir'];
 		$previewwidthlist = $this->params['previewWidthList'];
@ -945,6 +946,8 @@ $(document).ready( function() {
 							}
 						}
 					}
+				if($enableremoverevapp && $user->isAdmin() && ($r['status'] == 1 || $r['status'] == -1))
+					echo '<li><a href="../out/out.RemoveReviewLog.php?documentid='.$document->getID().'&version='.$latestContent->getVersion().'&reviewid='.$r['reviewID'].'" title="'.getMLText('remove_review_log').'"><i class="fa fa-remove"></i></a></li>';
 	
 					print "</ul></td>\n";	
 					print "</tr>\n";