diff --git a/CHANGELOG b/CHANGELOG index e83810882..af4268138 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -153,6 +153,7 @@ - reviewers/approvers can only be modified by users with unrestricted access and as long as no reviewer/approver has reviewed/approved the document - use only svg icons for mimetypes +- add check for processes (reviews/approvals) where the user/group is deleted -------------------------------------------------------------------------------- Changes in version 4.3.35 diff --git a/SeedDMS_Core/Core/inc.ClassDMS.php b/SeedDMS_Core/Core/inc.ClassDMS.php index 5a3393c84..9dc7dece0 100644 --- a/SeedDMS_Core/Core/inc.ClassDMS.php +++ b/SeedDMS_Core/Core/inc.ClassDMS.php @@ -2516,6 +2516,44 @@ class SeedDMS_Core_DMS { return $this->db->getResultArray($queryStr); } /* }}} */ + /** + * Removes all reviews, approvals which are not linked + * to a user, group anymore + * + * This method is for removing all reviews or approvals whose user + * or group was deleted and not just removed from the process. + * If the optional parameter $id is set, only this user/group id is removed. + */ + function removeProcessWithoutUserGroup($process, $usergroup, $id=0) { /* {{{ */ + /* Entries of tblDocumentReviewLog or tblDocumentApproveLog are deleted + * because of CASCADE ON + */ + switch($process) { + case 'review': + $queryStr = "DELETE FROM tblDocumentReviewers"; + break; + case 'approval': + $queryStr = "DELETE FROM tblDocumentApprovers"; + break; + } + $queryStr .= " WHERE"; + switch($usergroup) { + case 'user': + $queryStr .= " type=0 AND"; + if($id) + $queryStr .= " required=".((int) $id)." AND"; + $queryStr .= " required NOT IN (SELECT id FROM tblUsers)"; + break; + case 'group': + $queryStr .= " type=1 AND"; + if($id) + $queryStr .= " required=".((int) $id)." AND"; + $queryStr .= " required NOT IN (SELECT id FROM tblGroups)"; + break; + } + return $this->db->getResultArray($queryStr); + } /* }}} */ + /** * Returns statitical information * diff --git a/install/update-3.4.0/update.sql b/install/update-3.4.0/update.sql index dfc4b7a75..1858d49b2 100644 --- a/install/update-3.4.0/update.sql +++ b/install/update-3.4.0/update.sql @@ -99,7 +99,7 @@ CALL DROPFK('tblDocuments', 'tblDocuments_folder'); ALTER TABLE tblDocuments ADD CONSTRAINT `tblDocuments_folder` FOREIGN KEY (`folder`) REFERENCES `tblFolders` (`id`); -CALL DROPFK('tblDocumentContent', 'tblDocumentDocument_document'); +CALL DROPFK('tblDocumentContent', 'tblDocumentContent_document'); ALTER TABLE tblDocumentContent DROP PRIMARY KEY; diff --git a/out/out.Timeline.php b/out/out.Timeline.php index d8696ec62..7365abccc 100644 --- a/out/out.Timeline.php +++ b/out/out.Timeline.php @@ -26,8 +26,13 @@ include("../inc/inc.DBInit.php"); include("../inc/inc.ClassUI.php"); include("../inc/inc.Authentication.php"); +$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME'])); +$view = UI::factory($theme, $tmp[1]); +if(!$view) { +} + if (!$user->isAdmin()) { - UI::exitError(getMLText("admin_tools"),getMLText("access_denied")); + $view->exitError(getMLText("admin_tools"),getMLText("access_denied")); } $rootfolder = $dms->getFolder($settings->_rootFolderID); @@ -49,9 +54,9 @@ if(isset($_GET['version']) && $_GET['version'] && is_numeric($_GET['version'])) } else $content = null; -$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME'])); -$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user)); if($view) { + $view->setParam('dms', $dms); + $view->setParam('user', $user); $view->setParam('fromdate', isset($_GET['fromdate']) ? $_GET['fromdate'] : ''); $view->setParam('todate', isset($_GET['todate']) ? $_GET['todate'] : ''); $view->setParam('skip', $skip);