gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-02-06 07:04:57 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

use access operation to check if operation is allowed

Browse Source
This commit is contained in:
Uwe Steinmann 2015-06-15 08:54:33 +02:00
parent b69f91cf12
commit 4215532a9c
2 changed files with 12 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
op/op.ReviewDocument.php
View File

@ -24,6 +24,7 @@ include("../inc/inc.ClassEmail.php");
include("../inc/inc.DBInit.php");
include("../inc/inc.Language.php");
include("../inc/inc.ClassUI.php");
include("../inc/inc.ClassAccessOperation.php");
include("../inc/inc.Authentication.php");
/* Check if the form data comes for a trusted request */
@ -63,8 +64,11 @@ if ($latestContent->getVersion()!=$version) {
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_version"));
}
// verify if document has expired
if ($document->hasExpired()){
/* Create object for checking access to certain operations */
$accessop = new SeedDMS_AccessOperation($document, $user, $settings);
// verify if document may be reviewed
if ($accessop->mayReview()){
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
}

11
out/out.ReviewDocument.php
View File

@ -56,8 +56,12 @@ $latestContent = $document->getLatestContent();
if ($latestContent->getVersion()!=$version) {
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("invalid_version"));
}
// verify if document has expired
if ($document->hasExpired()){
/* Create object for checking access to certain operations */
$accessop = new SeedDMS_AccessOperation($document, $user, $settings);
// verify if document may be reviewed
if ($accessop->mayReview()){
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("access_denied"));
}
@ -66,9 +70,6 @@ if(!$reviews) {
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("no_action"));
}
/* Create object for checking access to certain operations */
$accessop = new SeedDMS_AccessOperation($document, $user, $settings);
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user, 'folder'=>$folder, 'document'=>$document, 'version'=>$content));
if($view) {