gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-02-06 15:14:58 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Merge branch 'seeddms-4.3.x' into seeddms-5.0.x

Browse Source
This commit is contained in:
Uwe Steinmann 2017-08-02 07:02:58 +02:00
commit 4aef48e5f7
9 changed files with 29 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGELOG
View File

@ -106,6 +106,8 @@
- remove empty lines at end of view/bootstrap/class.*.php files (Closes #329) - remove empty lines at end of view/bootstrap/class.*.php files (Closes #329)
- make sure contentDir ends with DIRECTORY_SEPARATOR (Closes #323) - make sure contentDir ends with DIRECTORY_SEPARATOR (Closes #323)
- minor improvements of installation - minor improvements of installation
- better checking in out/*.php for allowed operation (e.g. EditOnline,
RemoveVersion, SetReviewersApprovers, ...)
-------------------------------------------------------------------------------- --------------------------------------------------------------------------------
Changes in version 4.3.35 Changes in version 4.3.35

7
inc/inc.ClassAccessOperation.php
View File

@ -61,9 +61,12 @@ class SeedDMS_AccessOperation {
* document may delete versions. The admin may even delete a version * document may delete versions. The admin may even delete a version
* even if is disallowed in the settings. * even if is disallowed in the settings.
*/ */
function mayEditVersion() { /* {{{ */ function mayEditVersion($vno=0) { /* {{{ */
if(get_class($this->obj) == $this->dms->getClassname('document')) { if(get_class($this->obj) == $this->dms->getClassname('document')) {
$version = $this->obj->getLatestContent(); if($vno)
$version = $this->obj->getContentByVersion($vno);
else
$version = $this->obj->getLatestContent();
if (!isset($this->settings->_editOnlineFileTypes) || !is_array($this->settings->_editOnlineFileTypes) || !in_array(strtolower($version->getFileType()), $this->settings->_editOnlineFileTypes)) if (!isset($this->settings->_editOnlineFileTypes) || !is_array($this->settings->_editOnlineFileTypes) || !in_array(strtolower($version->getFileType()), $this->settings->_editOnlineFileTypes))
return false; return false;
if ($this->obj->getAccessMode($this->user) == M_ALL || $this->user->isAdmin()) { if ($this->obj->getAccessMode($this->user) == M_ALL || $this->user->isAdmin()) {

3
out/out.EditAttributes.php
View File

@ -48,6 +48,9 @@ $folder = $document->getFolder();
/* Create object for checking access to certain operations */ /* Create object for checking access to certain operations */
$accessop = new SeedDMS_AccessOperation($dms, $document, $user, $settings); $accessop = new SeedDMS_AccessOperation($dms, $document, $user, $settings);
if(!$accessop->mayEditAttributes()) {
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
}
$attrdefs = $dms->getAllAttributeDefinitions(array(SeedDMS_Core_AttributeDefinition::objtype_documentcontent, SeedDMS_Core_AttributeDefinition::objtype_all)); $attrdefs = $dms->getAllAttributeDefinitions(array(SeedDMS_Core_AttributeDefinition::objtype_documentcontent, SeedDMS_Core_AttributeDefinition::objtype_all));

3
out/out.EditComment.php
View File

@ -53,6 +53,9 @@ $folder = $document->getFolder();
/* Create object for checking access to certain operations */ /* Create object for checking access to certain operations */
$accessop = new SeedDMS_AccessOperation($dms, $document, $user, $settings); $accessop = new SeedDMS_AccessOperation($dms, $document, $user, $settings);
if(!$accessop->mayEditComment()) {
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
}
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME'])); $tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user)); $view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));

4
out/out.EditOnline.php
View File

@ -55,6 +55,7 @@ if(isset($_GET["version"])) {
$lc = $document->getLatestContent(); $lc = $document->getLatestContent();
} else { } else {
$version = 0;
$content = $document->getLatestContent(); $content = $document->getLatestContent();
$lc = $document->getLatestContent(); $lc = $document->getLatestContent();
} }
@ -76,6 +77,9 @@ if (!isset($settings->_editOnlineFileTypes) || !is_array($settings->_editOnlineF
/* Create object for checking access to certain operations */ /* Create object for checking access to certain operations */
$accessop = new SeedDMS_AccessOperation($dms, $document, $user, $settings); $accessop = new SeedDMS_AccessOperation($dms, $document, $user, $settings);
if(!$accessop->mayEditVersion($version)) {
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
}
$folder = $document->getFolder(); $folder = $document->getFolder();

10
out/out.OverrideContentStatus.php
View File

@ -52,17 +52,13 @@ if (!is_object($content)) {
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("invalid_version")); UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("invalid_version"));
} }
$overallStatus = $content->getStatus();
// status change control
if ($overallStatus["status"] == S_REJECTED || $overallStatus["status"] == S_EXPIRED || $overallStatus["status"] == S_DRAFT_REV || $overallStatus["status"] == S_DRAFT_APP ) {
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("cannot_change_final_states"));
}
$folder = $document->getFolder(); $folder = $document->getFolder();
/* Create object for checking access to certain operations */ /* Create object for checking access to certain operations */
$accessop = new SeedDMS_AccessOperation($dms, $document, $user, $settings); $accessop = new SeedDMS_AccessOperation($dms, $document, $user, $settings);
if(!$accessop->mayOverwriteStatus()) {
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("cannot_change_final_states"));
}
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME'])); $tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user)); $view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));

3
out/out.RemoveVersion.php
View File

@ -62,6 +62,9 @@ $folder = $document->getFolder();
/* Create object for checking access to certain operations */ /* Create object for checking access to certain operations */
$accessop = new SeedDMS_AccessOperation($dms, $document, $user, $settings); $accessop = new SeedDMS_AccessOperation($dms, $document, $user, $settings);
if(!$accessop->mayRemoveVersion()) {
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("access_denied"));
}
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME'])); $tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user)); $view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));

8
out/out.SetReviewersApprovers.php
View File

@ -57,15 +57,13 @@ if(!$settings->_enableVersionModification) {
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("no_version_modification")); UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("no_version_modification"));
} }
$overallStatus = $content->getStatus();
if ($overallStatus["status"]!=S_DRAFT_REV && $overallStatus["status"]!=S_DRAFT_APP) {
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("cannot_assign_invalid_state"));
}
$folder = $document->getFolder(); $folder = $document->getFolder();
/* Create object for checking access to certain operations */ /* Create object for checking access to certain operations */
$accessop = new SeedDMS_AccessOperation($dms, $document, $user, $settings); $accessop = new SeedDMS_AccessOperation($dms, $document, $user, $settings);
if(!$accessop->maySetReviewersApprovers()) {
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("cannot_assign_invalid_state"));
}
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME'])); $tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user)); $view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));

3
out/out.SetWorkflow.php
View File

@ -53,6 +53,9 @@ $folder = $document->getFolder();
/* Create object for checking access to certain operations */ /* Create object for checking access to certain operations */
$accessop = new SeedDMS_AccessOperation($dms, $document, $user, $settings); $accessop = new SeedDMS_AccessOperation($dms, $document, $user, $settings);
if(!$accessop->maySetWorkflow()) {
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
}
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME'])); $tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user)); $view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));