gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-02-11 09:35:00 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge branch 'seeddms-5.1.x' into seeddms-6.0.x

Browse Source
This commit is contained in:
Uwe Steinmann 2021-06-25 08:59:18 +02:00
commit 371f348d88
2 changed files with 13 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
CHANGELOG
View File

@ -221,7 +221,10 @@
- secure unlocking/locking of a documents with form token to prevent CSRF attacks
- append referuri to base url to prevent redirects to arbitraty sites in op.Login.php
- theme can be set in user manager
- fields in configuration can be omitted from display
- fields in configuration can be omitted from display and saving
- comment of document version may not be modified when document has expired
- attributes of document version may be edited if enableVersionModification is true
even if the document has been released, obsoleted or has been expired
--------------------------------------------------------------------------------
Changes in version 5.1.22

15
inc/inc.ClassAccessOperation.php
View File

@ -240,12 +240,14 @@ class SeedDMS_AccessOperation {
*
* This check can only be done for documents. Setting the documents
* comment date is only allowed if version modification is turned on in
* the settings and the document has not been obsoleted.
* the settings and the document has not been obsoleted or expired.
* The admin may set the comment even if is
* disallowed in the settings.
*/
function mayEditComment($document) { /* {{{ */
if($document->isType('document')) {
if($document->getAccessMode($this->user) < M_READWRITE)
return false;
if($document->isLocked()) {
$lockingUser = $document->getLockingUser();
if (($lockingUser->getID() != $this->user->getID()) && ($document->getAccessMode($this->user) != M_ALL)) {
@ -254,7 +256,7 @@ class SeedDMS_AccessOperation {
}
if($latestContent = $document->getLatestContent()) {
$status = $latestContent->getStatus();
if ((($this->settings->_enableVersionModification && ($document->getAccessMode($this->user) >= M_READWRITE)) || $this->user->isAdmin()) && ($status["status"]!=S_OBSOLETE)) {
if (($this->settings->_enableVersionModification || $this->user->isAdmin()) && !in_array($status["status"], array(S_OBSOLETE, S_EXPIRED))) {
return true;
}
}
@ -267,9 +269,8 @@ class SeedDMS_AccessOperation {
*
* Setting the object attributes
* is only allowed if version modification is turned on in
* the settings and the document has not been obsoleted.
* The admin may set the comment even if is
* disallowed in the settings.
* the settings or the document is still in an approval/review
* or intial workflow step.
*/
function mayEditAttributes($document) { /* {{{ */
if($document->isType('document')) {
@ -277,7 +278,9 @@ class SeedDMS_AccessOperation {
$status = $latestContent->getStatus();
$workflow = $latestContent->getWorkflow();
$workflowstate = $latestContent->getWorkflowState();
if ((($this->settings->_enableVersionModification && ($document->getAccessMode($this->user) >= M_READWRITE)) || $this->user->isAdmin()) && (in_array($status["status"], array(S_DRAFT_REV, S_DRAFT_APP, S_IN_REVISION)) || ($workflow && $workflowstate && $workflow->getInitState()->getID() == $workflowstate->getID()))) {
if($document->getAccessMode($this->user) < M_READWRITE)
return false;
if ($this->settings->_enableVersionModification || in_array($status["status"], array(S_DRAFT_REV, S_DRAFT_APP, S_IN_REVISION)) || ($workflow && $workflowstate && $workflow->getInitState()->getID() == $workflowstate->getID())) {
return true;
}
}