gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-02-06 15:14:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

use access operation to check if approval is allowed

Browse Source
This commit is contained in:
Uwe Steinmann 2015-06-15 08:55:20 +02:00
parent 4215532a9c
commit 48442f3947
2 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
op/op.ApproveDocument.php
View File

@ -25,6 +25,7 @@ include("../inc/inc.ClassEmail.php");
include("../inc/inc.DBInit.php"); include("../inc/inc.DBInit.php");
include("../inc/inc.Language.php"); include("../inc/inc.Language.php");
include("../inc/inc.ClassUI.php"); include("../inc/inc.ClassUI.php");
include("../inc/inc.ClassAccessOperation.php");
include("../inc/inc.Authentication.php"); include("../inc/inc.Authentication.php");
/* Check if the form data comes for a trusted request */ /* Check if the form data comes for a trusted request */
@ -67,8 +68,11 @@ if ($latestContent->getVersion()!=$version) {
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_version")); UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_version"));
} }
// verify if document has expired /* Create object for checking access to certain operations */
if ($document->hasExpired()){ $accessop = new SeedDMS_AccessOperation($document, $user, $settings);
// verify if document may be approved
if ($accessop->mayApprove()){
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied")); UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
} }

5
out/out.ApproveDocument.php
View File

@ -59,8 +59,9 @@ $latestContent = $document->getLatestContent();
if ($latestContent->getVersion()!=$version) { if ($latestContent->getVersion()!=$version) {
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("invalid_version")); UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("invalid_version"));
} }
// verify if document has expired
if ($document->hasExpired()){ // verify if document may be approved
if ($accessop->mayApprove()){
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("access_denied")); UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("access_denied"));
} }