diff --git a/op/op.ApproveDocument.php b/op/op.ApproveDocument.php index b49f779e6..e9da967e2 100644 --- a/op/op.ApproveDocument.php +++ b/op/op.ApproveDocument.php @@ -33,6 +33,7 @@ include("../inc/inc.ClassController.php"); $tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME'])); $controller = Controller::factory($tmp[1]); +$accessop = new SeedDMS_AccessOperation($dms, $user, $settings); /* Check if the form data comes from a trusted request */ if(!checkFormKey('approvedocument')) { @@ -50,12 +51,13 @@ if (!is_object($document)) { UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id")); } -$folder = $document->getFolder(); - -if ($document->getAccessMode($user) < M_READ) { +// verify if document may be approved +if (!$accessop->mayApprove($document)){ UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied")); } +$folder = $document->getFolder(); + if (!isset($_POST["version"]) || !is_numeric($_POST["version"]) || intval($_POST["version"])<1) { UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_version")); } @@ -73,14 +75,7 @@ if ($latestContent->getVersion()!=$version) { UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_version")); } -/* Create object for checking access to certain operations */ -$accessop = new SeedDMS_AccessOperation($dms, $user, $settings); - $olddocstatus = $content->getStatus(); -// verify if document may be approved -if (!$accessop->mayApprove($document)){ - UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied")); -} if (!isset($_POST["approvalStatus"]) || !is_numeric($_POST["approvalStatus"]) || (intval($_POST["approvalStatus"])!=1 && intval($_POST["approvalStatus"])!=-1)) { diff --git a/op/op.ReceiptDocument.php b/op/op.ReceiptDocument.php index e973019f6..a978a7a2f 100644 --- a/op/op.ReceiptDocument.php +++ b/op/op.ReceiptDocument.php @@ -32,6 +32,7 @@ include("../inc/inc.ClassController.php"); $tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME'])); $controller = Controller::factory($tmp[1]); +$accessop = new SeedDMS_AccessOperation($dms, $user, $settings); /* Check if the form data comes for a trusted request */ if(!checkFormKey('receiptdocument')) { @@ -49,12 +50,13 @@ if (!is_object($document)) { UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id")); } -$folder = $document->getFolder(); - -if ($document->getAccessMode($user) < M_READ) { +// verify if document may be receÑ–pted +if (!$accessop->mayReceipt($document)){ UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied")); } +$folder = $document->getFolder(); + if (!isset($_POST["version"]) || !is_numeric($_POST["version"]) || intval($_POST["version"])<1) { UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_version")); } @@ -72,14 +74,6 @@ if ($latestContent->getVersion()!=$version) { UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_version")); } -/* Create object for checking access to certain operations */ -$accessop = new SeedDMS_AccessOperation($dms, $user, $settings); - -// verify if document may be receÑ–pted -if (!$accessop->mayReceipt($document)){ - UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied")); -} - if (!isset($_POST["receiptStatus"]) || !is_numeric($_POST["receiptStatus"]) || (intval($_POST["receiptStatus"])!=1 && intval($_POST["receiptStatus"])!=-1)) { UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_receipt_status")); diff --git a/op/op.ReviewDocument.php b/op/op.ReviewDocument.php index 2e43716bf..da2a1e160 100644 --- a/op/op.ReviewDocument.php +++ b/op/op.ReviewDocument.php @@ -33,6 +33,7 @@ include("../inc/inc.ClassController.php"); $tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME'])); $controller = Controller::factory($tmp[1]); +$accessop = new SeedDMS_AccessOperation($dms, $user, $settings); /* Check if the form data comes from a trusted request */ if(!checkFormKey('reviewdocument')) { @@ -50,12 +51,13 @@ if (!is_object($document)) { UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id")); } -$folder = $document->getFolder(); - -if ($document->getAccessMode($user) < M_READ) { +// verify if document may be reviewed +if (!$accessop->mayReview($document)){ UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied")); } +$folder = $document->getFolder(); + if (!isset($_POST["version"]) || !is_numeric($_POST["version"]) || intval($_POST["version"])<1) { UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_version")); } @@ -73,14 +75,7 @@ if ($latestContent->getVersion()!=$version) { UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_version")); } -/* Create object for checking access to certain operations */ -$accessop = new SeedDMS_AccessOperation($dms, $user, $settings); - $olddocstatus = $content->getStatus(); -// verify if document may be reviewed -if (!$accessop->mayReview($document)){ - UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied")); -} if (!isset($_POST["reviewStatus"]) || !is_numeric($_POST["reviewStatus"]) || (intval($_POST["reviewStatus"])!=1 && intval($_POST["reviewStatus"])!=-1)) { diff --git a/op/op.ReviseDocument.php b/op/op.ReviseDocument.php index f3b99fe6c..307550976 100644 --- a/op/op.ReviseDocument.php +++ b/op/op.ReviseDocument.php @@ -32,6 +32,7 @@ include("../inc/inc.ClassController.php"); $tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME'])); $controller = Controller::factory($tmp[1]); +$accessop = new SeedDMS_AccessOperation($dms, $user, $settings); /* Check if the form data comes for a trusted request */ if(!checkFormKey('revisedocument')) { @@ -49,12 +50,13 @@ if (!is_object($document)) { UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id")); } -$folder = $document->getFolder(); - -if ($document->getAccessMode($user) < M_READ) { +// verify if document maybe revised +if (!$accessop->mayRevise($document)){ UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied")); } +$folder = $document->getFolder(); + if (!isset($_POST["version"]) || !is_numeric($_POST["version"]) || intval($_POST["version"])<1) { UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_version")); } @@ -72,14 +74,7 @@ if ($latestContent->getVersion()!=$version) { UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_version")); } -/* Create object for checking access to certain operations */ -$accessop = new SeedDMS_AccessOperation($dms, $user, $settings); - $olddocstatus = $content->getStatus(); -// verify if document maybe revised -if (!$accessop->mayRevise($document)){ - UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied")); -} if (!isset($_POST["revisionStatus"]) || !is_numeric($_POST["revisionStatus"]) || (!in_array(intval($_POST["revisionStatus"]), array(1, -1, 6)))) {