From 1f1fe940f8d316ff49b7add59618715fc704b092 Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Mon, 1 Mar 2021 18:37:49 +0100
Subject: [PATCH] use same user selection as on UsrMgr page

---
 op/op.TransferDocument.php                 |  6 +--
 views/bootstrap/class.AddDocument.php      |  2 +-
 views/bootstrap/class.GroupMgr.php         | 50 +++++++++++++---------
 views/bootstrap/class.TransferDocument.php |  5 ++-
 4 files changed, 37 insertions(+), 26 deletions(-)

diff --git a/op/op.TransferDocument.php b/op/op.TransferDocument.php
index 6d8c43461..69056506a 100644
--- a/op/op.TransferDocument.php
+++ b/op/op.TransferDocument.php
@@ -30,9 +30,9 @@ include("../inc/inc.Authentication.php");
 
 $tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
 $controller = Controller::factory($tmp[1], array('dms'=>$dms, 'user'=>$user));
-
-if (!$user->isAdmin()) {
-	UI::exitError(getMLText("document"),getMLText("access_denied"));
+$accessop = new SeedDMS_AccessOperation($dms, $user, $settings);
+if (!$accessop->check_controller_access($controller, $_POST)) {
+	UI::exitError(getMLText("document_title", array("documentname" => "")),getMLText("access_denied"));
 }
 
 /* Check if the form data comes from a trusted request */
diff --git a/views/bootstrap/class.AddDocument.php b/views/bootstrap/class.AddDocument.php
index ff54a73c4..c7ed1204e 100644
--- a/views/bootstrap/class.AddDocument.php
+++ b/views/bootstrap/class.AddDocument.php
@@ -296,7 +296,7 @@ $(document).ready(function() {
 		$allUsers = $dms->getAllUsers($sortusersinlist);
 		foreach ($allUsers as $currUser) {
 			if (!$currUser->isGuest())
-				$options[] = array($currUser->getID(), htmlspecialchars($currUser->getLogin()), ($currUser->getID()==$user->getID()), array(array('data-subtitle', htmlspecialchars($currUser->getFullName()))));
+				$options[] = array($currUser->getID(), htmlspecialchars($currUser->getLogin().' - '.$currUser->getFullName()), ($currUser->getID()==$user->getID()), array(array('data-subtitle', htmlspecialchars($currUser->getEmail()))));
 		}
 		$this->formField(
 			getMLText("owner"),
diff --git a/views/bootstrap/class.GroupMgr.php b/views/bootstrap/class.GroupMgr.php
index 632491660..af9359f02 100644
--- a/views/bootstrap/class.GroupMgr.php
+++ b/views/bootstrap/class.GroupMgr.php
@@ -247,30 +247,38 @@ $(document).ready( function() {
 			$this->contentSubHeading(getMLText("add_member"));
 ?>
 		
-		<form class="form-inline" action="../op/op.GroupMgr.php" method="POST" name="form_2" id="form_2">
+		<form class="form-horizontal" action="../op/op.GroupMgr.php" method="POST" name="form_2" id="form_2">
 		<?php echo createHiddenFieldWithKey('addmember'); ?>
 		<input type="Hidden" name="action" value="addmember">
 		<input type="Hidden" name="groupid" value="<?php print $group->getID();?>">
-		<table class="table-condensed">
-			<tr>
-				<td>
-					<select name="userid" id="userid">
-						<option value="-1"><?php printMLText("select_one");?></option>
-						<?php
-							foreach ($allUsers as $currUser)
-								if (!$group->isMember($currUser))
-									print "<option value=\"".$currUser->getID()."\">" . htmlspecialchars($currUser->getLogin()." - ".$currUser->getFullName()) . "</option>\n";
-						?>
-					</select>
-				</td>
-				<td>
-					<label class="checkbox"><input type="checkbox" name="manager" value="1"><?php printMLText("manager");?></label>
-				</td>
-				<td>
-					<input type="submit" class="btn" value="<?php printMLText("add");?>">
-				</td>
-			</tr>
-		</table>
+<?php
+		$options = array();
+		$allUsers = $dms->getAllUsers($sortusersinlist);
+		foreach ($allUsers as $currUser) {
+			if (!$group->isMember($currUser))
+				$options[] = array($currUser->getID(), htmlspecialchars($currUser->getLogin().' - '.$currUser->getFullName()), ($currUser->getID()==$user->getID()), array(array('data-subtitle', htmlspecialchars($currUser->getEmail()))));
+		}
+		$this->formField(
+			getMLText("user"),
+			array(
+				'element'=>'select',
+				'id'=>'userid',
+				'name'=>'userid',
+				'class'=>'chzn-select',
+				'options'=>$options
+			)
+		);
+		$this->formField(
+			getMLText("manager"),
+			array(
+				'element'=>'input',
+				'type'=>'checkbox',
+				'name'=>'manager',
+				'value'=>1
+			)
+		);
+		$this->formSubmit("<i class=\"fa fa-save\"></i> ".getMLText('add'));
+?>
 		</form>
 <?php
 		}
diff --git a/views/bootstrap/class.TransferDocument.php b/views/bootstrap/class.TransferDocument.php
index fb4f51f16..bda1085ad 100644
--- a/views/bootstrap/class.TransferDocument.php
+++ b/views/bootstrap/class.TransferDocument.php
@@ -33,6 +33,7 @@ class SeedDMS_View_TransferDocument extends SeedDMS_Bootstrap_Style {
 		$allusers = $this->params['allusers'];
 		$document = $this->params['document'];
 		$folder = $this->params['folder'];
+		$accessobject = $this->params['accessobject'];
 
 		$this->htmlStartPage(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))));
 		$this->globalNavigation($folder);
@@ -63,7 +64,9 @@ class SeedDMS_View_TransferDocument extends SeedDMS_Bootstrap_Style {
 			getMLText("transfer_to_user"),
 			$html
 		);
-		$this->formSubmit("<i class=\"fa fa-exchange\"></i> ".getMLText('transfer_document'));
+		if($accessobject->check_controller_access('TransferDocument', array('action'=>'run'))) {
+			$this->formSubmit("<i class=\"fa fa-exchange\"></i> ".getMLText('transfer_document'));
+		}
 ?>
 </form>
 <?php