mirror of
https://git.code.sf.net/p/seeddms/code
synced 2025-02-06 15:14:58 +00:00
Merge branch 'seeddms-4.3.x' into seeddms-5.0.x
This commit is contained in:
Uwe Steinmann
commit
4aef48e5f7
|
|
@ -106,6 +106,8 @@
|
||||||
- remove empty lines at end of view/bootstrap/class.*.php files (Closes #329)
|
- remove empty lines at end of view/bootstrap/class.*.php files (Closes #329)
|
||||||
- make sure contentDir ends with DIRECTORY_SEPARATOR (Closes #323)
|
- make sure contentDir ends with DIRECTORY_SEPARATOR (Closes #323)
|
||||||
- minor improvements of installation
|
- minor improvements of installation
|
||||||
|
- better checking in out/*.php for allowed operation (e.g. EditOnline,
|
||||||
|
RemoveVersion, SetReviewersApprovers, ...)
|
||||||
|
|
||||||
--------------------------------------------------------------------------------
|
--------------------------------------------------------------------------------
|
||||||
Changes in version 4.3.35
|
Changes in version 4.3.35
|
||||||
|
|
|
||||||
|
|
@ -61,8 +61,11 @@ class SeedDMS_AccessOperation {
|
||||||
* document may delete versions. The admin may even delete a version
|
* document may delete versions. The admin may even delete a version
|
||||||
* even if is disallowed in the settings.
|
* even if is disallowed in the settings.
|
||||||
*/
|
*/
|
||||||
function mayEditVersion() { /* {{{ */
|
function mayEditVersion($vno=0) { /* {{{ */
|
||||||
if(get_class($this->obj) == $this->dms->getClassname('document')) {
|
if(get_class($this->obj) == $this->dms->getClassname('document')) {
|
||||||
|
if($vno)
|
||||||
|
$version = $this->obj->getContentByVersion($vno);
|
||||||
|
else
|
||||||
$version = $this->obj->getLatestContent();
|
$version = $this->obj->getLatestContent();
|
||||||
if (!isset($this->settings->_editOnlineFileTypes) || !is_array($this->settings->_editOnlineFileTypes) || !in_array(strtolower($version->getFileType()), $this->settings->_editOnlineFileTypes))
|
if (!isset($this->settings->_editOnlineFileTypes) || !is_array($this->settings->_editOnlineFileTypes) || !in_array(strtolower($version->getFileType()), $this->settings->_editOnlineFileTypes))
|
||||||
return false;
|
return false;
|
||||||
|
|
|
||||||
|
|
@ -48,6 +48,9 @@ $folder = $document->getFolder();
|
||||||
|
|
||||||
/* Create object for checking access to certain operations */
|
/* Create object for checking access to certain operations */
|
||||||
$accessop = new SeedDMS_AccessOperation($dms, $document, $user, $settings);
|
$accessop = new SeedDMS_AccessOperation($dms, $document, $user, $settings);
|
||||||
|
if(!$accessop->mayEditAttributes()) {
|
||||||
|
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
|
||||||
|
}
|
||||||
|
|
||||||
$attrdefs = $dms->getAllAttributeDefinitions(array(SeedDMS_Core_AttributeDefinition::objtype_documentcontent, SeedDMS_Core_AttributeDefinition::objtype_all));
|
$attrdefs = $dms->getAllAttributeDefinitions(array(SeedDMS_Core_AttributeDefinition::objtype_documentcontent, SeedDMS_Core_AttributeDefinition::objtype_all));
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -53,6 +53,9 @@ $folder = $document->getFolder();
|
||||||
|
|
||||||
/* Create object for checking access to certain operations */
|
/* Create object for checking access to certain operations */
|
||||||
$accessop = new SeedDMS_AccessOperation($dms, $document, $user, $settings);
|
$accessop = new SeedDMS_AccessOperation($dms, $document, $user, $settings);
|
||||||
|
if(!$accessop->mayEditComment()) {
|
||||||
|
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
|
||||||
|
}
|
||||||
|
|
||||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||||
|
|
|
||||||
|
|
@ -55,6 +55,7 @@ if(isset($_GET["version"])) {
|
||||||
$lc = $document->getLatestContent();
|
$lc = $document->getLatestContent();
|
||||||
|
|
||||||
} else {
|
} else {
|
||||||
|
$version = 0;
|
||||||
$content = $document->getLatestContent();
|
$content = $document->getLatestContent();
|
||||||
$lc = $document->getLatestContent();
|
$lc = $document->getLatestContent();
|
||||||
}
|
}
|
||||||
|
|
@ -76,6 +77,9 @@ if (!isset($settings->_editOnlineFileTypes) || !is_array($settings->_editOnlineF
|
||||||
|
|
||||||
/* Create object for checking access to certain operations */
|
/* Create object for checking access to certain operations */
|
||||||
$accessop = new SeedDMS_AccessOperation($dms, $document, $user, $settings);
|
$accessop = new SeedDMS_AccessOperation($dms, $document, $user, $settings);
|
||||||
|
if(!$accessop->mayEditVersion($version)) {
|
||||||
|
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
|
||||||
|
}
|
||||||
|
|
||||||
$folder = $document->getFolder();
|
$folder = $document->getFolder();
|
||||||
|
|
||||||
|
|
|
||||||
|
|
@ -52,17 +52,13 @@ if (!is_object($content)) {
|
||||||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("invalid_version"));
|
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("invalid_version"));
|
||||||
}
|
}
|
||||||
|
|
||||||
$overallStatus = $content->getStatus();
|
|
||||||
|
|
||||||
// status change control
|
|
||||||
if ($overallStatus["status"] == S_REJECTED || $overallStatus["status"] == S_EXPIRED || $overallStatus["status"] == S_DRAFT_REV || $overallStatus["status"] == S_DRAFT_APP ) {
|
|
||||||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("cannot_change_final_states"));
|
|
||||||
}
|
|
||||||
|
|
||||||
$folder = $document->getFolder();
|
$folder = $document->getFolder();
|
||||||
|
|
||||||
/* Create object for checking access to certain operations */
|
/* Create object for checking access to certain operations */
|
||||||
$accessop = new SeedDMS_AccessOperation($dms, $document, $user, $settings);
|
$accessop = new SeedDMS_AccessOperation($dms, $document, $user, $settings);
|
||||||
|
if(!$accessop->mayOverwriteStatus()) {
|
||||||
|
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("cannot_change_final_states"));
|
||||||
|
}
|
||||||
|
|
||||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||||
|
|
|
||||||
|
|
@ -62,6 +62,9 @@ $folder = $document->getFolder();
|
||||||
|
|
||||||
/* Create object for checking access to certain operations */
|
/* Create object for checking access to certain operations */
|
||||||
$accessop = new SeedDMS_AccessOperation($dms, $document, $user, $settings);
|
$accessop = new SeedDMS_AccessOperation($dms, $document, $user, $settings);
|
||||||
|
if(!$accessop->mayRemoveVersion()) {
|
||||||
|
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("access_denied"));
|
||||||
|
}
|
||||||
|
|
||||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||||
|
|
|
||||||
|
|
@ -57,15 +57,13 @@ if(!$settings->_enableVersionModification) {
|
||||||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("no_version_modification"));
|
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("no_version_modification"));
|
||||||
}
|
}
|
||||||
|
|
||||||
$overallStatus = $content->getStatus();
|
|
||||||
if ($overallStatus["status"]!=S_DRAFT_REV && $overallStatus["status"]!=S_DRAFT_APP) {
|
|
||||||
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("cannot_assign_invalid_state"));
|
|
||||||
}
|
|
||||||
|
|
||||||
$folder = $document->getFolder();
|
$folder = $document->getFolder();
|
||||||
|
|
||||||
/* Create object for checking access to certain operations */
|
/* Create object for checking access to certain operations */
|
||||||
$accessop = new SeedDMS_AccessOperation($dms, $document, $user, $settings);
|
$accessop = new SeedDMS_AccessOperation($dms, $document, $user, $settings);
|
||||||
|
if(!$accessop->maySetReviewersApprovers()) {
|
||||||
|
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("cannot_assign_invalid_state"));
|
||||||
|
}
|
||||||
|
|
||||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||||
|
|
|
||||||
|
|
@ -53,6 +53,9 @@ $folder = $document->getFolder();
|
||||||
|
|
||||||
/* Create object for checking access to certain operations */
|
/* Create object for checking access to certain operations */
|
||||||
$accessop = new SeedDMS_AccessOperation($dms, $document, $user, $settings);
|
$accessop = new SeedDMS_AccessOperation($dms, $document, $user, $settings);
|
||||||
|
if(!$accessop->maySetWorkflow()) {
|
||||||
|
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
|
||||||
|
}
|
||||||
|
|
||||||
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
|
||||||
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
|
||||||
|
|
|
||||||
Loading…
Reference in New Issue
Block a user