approvals can be removed by admins

CHANGELOG

@@ -24,7 +24,7 @@
 - comment of document version may not be modified when document has expired
 - attributes of document version may be edited if enableVersionModification is true
   even if the document has been released, obsoleted or has been expired
-- review can be removed by admin
+- reviews and approvals can be removed by admin
 
 --------------------------------------------------------------------------------
                      Changes in version 5.1.22

op/op.RemoveApprovalLog.php

@@ -0,0 +1,99 @@
+<?php
+//    MyDMS. Document Management System
+//    Copyright (C) 2002-2005  Markus Westphal
+//    Copyright (C) 2006-2008 Malcolm Cowe
+//    Copyright (C) 2010 Matteo Lucarelli
+//    Copyright (C) 2010-2021 Uwe Steinmann
+//
+//    This program is free software; you can redistribute it and/or modify
+//    it under the terms of the GNU General Public License as published by
+//    the Free Software Foundation; either version 2 of the License, or
+//    (at your option) any later version.
+//
+//    This program is distributed in the hope that it will be useful,
+//    but WITHOUT ANY WARRANTY; without even the implied warranty of
+//    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+//    GNU General Public License for more details.
+//
+//    You should have received a copy of the GNU General Public License
+//    along with this program; if not, write to the Free Software
+//    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+
+include("../inc/inc.Settings.php");
+include("../inc/inc.LogInit.php");
+include("../inc/inc.Utils.php");
+include("../inc/inc.Language.php");
+include("../inc/inc.Init.php");
+include("../inc/inc.Extension.php");
+include("../inc/inc.DBInit.php");
+include("../inc/inc.ClassAccessOperation.php");
+include("../inc/inc.Authentication.php");
+include("../inc/inc.ClassUI.php");
+
+/* Check if the form data comes from a trusted request */
+if(!checkFormKey('removeapprovallog')) {
+	UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_request_token"))),getMLText("invalid_request_token"));
+}
+
+if (!isset($_POST["documentid"]) || !is_numeric($_POST["documentid"]) || intval($_POST["documentid"])<1) {
+	UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id"));
+}
+
+$documentid = $_POST["documentid"];
+$document = $dms->getDocument($documentid);
+
+if (!is_object($document)) {
+	UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id"));
+}
+
+if (!$user->isAdmin() || $document->getAccessMode($user) < M_ALL) {
+	UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
+}
+
+if (!isset($_POST["version"]) || !is_numeric($_POST["version"]) || intval($_POST["version"])<1) {
+	UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_version"));
+}
+
+$version = $_POST["version"];
+$content = $document->getContentByVersion($version);
+
+if (!is_object($content)) {
+	UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_version"));
+}
+
+// operation is only allowed for the last document version
+$latestContent = $document->getLatestContent();
+if ($latestContent->getVersion()!=$version) {
+	UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_version"));
+}
+
+if (!isset($_POST["approveid"]) || !is_numeric($_POST["approveid"]) || intval($_POST["approveid"])<1) {
+	UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("invalid_approveid"));
+}
+$approveid = $_POST['approveid'];
+$approves = $latestContent->getApprovalStatus();
+$approveStatus = null;
+foreach($approves as $approve) {
+	if($approve['approveID'] == $approveid) {
+		$approveStatus = $approve;
+		break;
+	}
+}
+if(!$approveStatus) {
+	UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("invalid_approveid"));
+}
+
+if($approveStatus['type'] == 0) {
+	$ruser = $dms->getUser($approveStatus['required']);
+	$msg = getMLText('ind_approval_removed', array('name'=>$ruser->getFullName()));
+} elseif($approveStatus['type'] == 1) {
+	$rgroup = $dms->getGroup($approveStatus['required']);
+	$msg = getMLText('group_approval_removed', array('name'=>$rgroup->getName()));
+} else
+	UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("invalid_approveid"));
+
+$comment = $_POST["comment"];
+if(0 == $latestContent->removeApproval($approveid, $user, $comment)) {
+	$latestContent->verifyStatus(true, $user, $msg);
+}
+header("Location:../out/out.ViewDocument.php?documentid=".$documentid."&currenttab=revapp");

out/out.RemoveApprovalLog.php

@@ -0,0 +1,88 @@
+<?php
+//    MyDMS. Document Management System
+//    Copyright (C) 2002-2005 Markus Westphal
+//    Copyright (C) 2006-2008 Malcolm Cowe
+//    Copyright (C) 2010 Matteo Lucarelli
+//    Copyright (C) 2010-2016 Uwe Steinmann
+//
+//    This program is free software; you can redistribute it and/or modify
+//    it under the terms of the GNU General Public License as published by
+//    the Free Software Foundation; either version 2 of the License, or
+//    (at your option) any later version.
+//
+//    This program is distributed in the hope that it will be useful,
+//    but WITHOUT ANY WARRANTY; without even the implied warranty of
+//    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+//    GNU General Public License for more details.
+//
+//    You should have received a copy of the GNU General Public License
+//    along with this program; if not, write to the Free Software
+//    Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+
+if(!isset($settings))
+	require_once("../inc/inc.Settings.php");
+require_once("inc/inc.LogInit.php");
+require_once("inc/inc.Utils.php");
+require_once("inc/inc.Language.php");
+require_once("inc/inc.Init.php");
+require_once("inc/inc.Extension.php");
+require_once("inc/inc.DBInit.php");
+require_once("inc/inc.ClassUI.php");
+require_once("inc/inc.ClassAccessOperation.php");
+require_once("inc/inc.Authentication.php");
+
+if (!isset($_GET["documentid"]) || !is_numeric($_GET["documentid"]) || intval($_GET["documentid"])<1) {
+	UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id"));
+}
+
+$document = $dms->getDocument(intval($_GET["documentid"]));
+
+if (!is_object($document)) {
+	UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id"));
+}
+
+$folder = $document->getFolder();
+
+if (!$user->isAdmin() || $document->getAccessMode($user) < M_ALL) {
+	UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("access_denied"));
+}
+
+if (!isset($_GET["version"]) || !is_numeric($_GET["version"]) || intval($_GET["version"])<1) {
+	UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("invalid_version"));
+}
+$version = $_GET["version"];
+$content = $document->getContentByVersion($version);
+if (!is_object($content)) {
+	UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("invalid_version"));
+}
+
+// operation is admitted only for last document version
+$latestContent = $document->getLatestContent();
+if ($latestContent->getVersion()!=$version) {
+	UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("invalid_version"));
+}
+
+if (!isset($_GET["approveid"]) || !is_numeric($_GET["approveid"]) || intval($_GET["approveid"])<1) {
+	UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("invalid_approveid"));
+}
+$approveid = $_GET['approveid'];
+
+/* Create object for checking access to certain operations */
+$accessop = new SeedDMS_AccessOperation($dms, $document, $user, $settings);
+
+$approvals = $content->getApprovalStatus();
+if(!$approvals) {
+	UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("no_action"));
+}
+
+$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
+$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user));
+if($view) {
+	$view->setParam('folder', $folder);
+	$view->setParam('document', $document);
+	$view->setParam('version', $content);
+	$view->setParam('approveid', $approveid);
+	$view->setParam('accessobject', $accessop);
+	$view($_GET);
+	exit;
+}

views/bootstrap/class.RemoveApprovalLog.php

@@ -0,0 +1,126 @@
+<?php
+/**
+ * Implementation of RemoveApprovalLog view
+ *
+ * @category   DMS
+ * @package    SeedDMS
+ * @license    GPL 2
+ * @version    @version@
+ * @author     Uwe Steinmann <uwe@steinmann.cx>
+ * @copyright  Copyright (C) 2002-2005 Markus Westphal,
+ *             2006-2008 Malcolm Cowe, 2010 Matteo Lucarelli,
+ *             2010-2012 Uwe Steinmann
+ * @version    Release: @package_version@
+ */
+
+/**
+ * Include parent class
+ */
+//require_once("class.Bootstrap.php");
+
+/**
+ * Class which outputs the html page for RemoveApprovalLog view
+ *
+ * @category   DMS
+ * @package    SeedDMS
+ * @author     Markus Westphal, Malcolm Cowe, Uwe Steinmann <uwe@steinmann.cx>
+ * @copyright  Copyright (C) 2002-2005 Markus Westphal,
+ *             2006-2008 Malcolm Cowe, 2010 Matteo Lucarelli,
+ *             2010-2012 Uwe Steinmann
+ * @version    Release: @package_version@
+ */
+class SeedDMS_View_RemoveApprovalLog extends SeedDMS_Theme_Style {
+
+	function js() { /* {{{ */
+		header('Content-Type: application/javascript; charset=UTF-8');
+		parent::jsTranslations(array('js_form_error', 'js_form_errors'));
+?>
+$(document).ready(function() {
+	$("#form1").validate({
+		rules: {
+			comment: {
+				required: true
+			},
+		},
+		messages: {
+			comment: "<?php printMLText("js_no_comment");?>",
+		},
+	});
+});
+<?php
+		$this->printFileChooserJs();
+	} /* }}} */
+
+	function show() { /* {{{ */
+		$dms = $this->params['dms'];
+		$user = $this->params['user'];
+		$folder = $this->params['folder'];
+		$document = $this->params['document'];
+		$content = $this->params['version'];
+		$approveid = $this->params['approveid'];
+
+		$approves = $content->getApprovalStatus();
+		foreach($approves as $approve) {
+			if($approve['approveID'] == $approveid) {
+				$approveStatus = $approve;
+				break;
+			}
+		}
+
+		$this->htmlAddHeader('<script type="text/javascript" src="../views/'.$this->theme.'/vendors/jquery-validation/jquery.validate.js"></script>'."\n", 'js');
+		$this->htmlAddHeader('<script type="text/javascript" src="../views/'.$this->theme.'/styles/validation-default.js"></script>'."\n", 'js');
+
+		$this->htmlStartPage(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))));
+		$this->globalNavigation($folder);
+		$this->contentStart();
+		$this->pageNavigation($this->getFolderPathHTML($folder, true, $document), "view_document", $document);
+		$this->contentHeading(getMLText("remove_approval_log"));
+		$this->warningMsg(getMLText('warning_remove_approval_log'));
+
+		// Display the Approval form.
+		if($approveStatus["status"]!=0) {
+
+			print "<table class=\"table table-content table-sm\"><thead><tr>";
+			print "<th>".getMLText("status")."</th>";
+			print "<th>".getMLText("comment")."</th>";
+			print "<th>".getMLText("last_update")."</th>";
+			print "</tr></thead><tbody><tr>";
+			print "<td>";
+			printApprovalStatusText($approveStatus["status"]);
+			print "</td>";
+			print "<td>".htmlspecialchars($approveStatus["comment"])."</td>";
+			$indUser = $dms->getUser($approveStatus["userID"]);
+			print "<td>".$approveStatus["date"]." - ". htmlspecialchars($indUser->getFullname()) ."</td>";
+			print "</tr></tbody></table><br>\n";
+		}
+?>
+	<form method="post" action="../op/op.RemoveApprovalLog.php" id="form1" name="form1">
+	<?php echo createHiddenFieldWithKey('removeapprovallog'); ?>
+<?php
+		$this->contentContainerStart();
+
+		$this->formField(
+			getMLText("comment"),
+			array(
+				'element'=>'textarea',
+				'name'=>'comment',
+				'required'=>true,
+				'rows'=>4,
+				'cols'=>80
+			)
+		);
+		$this->contentContainerEnd();
+
+		$this->formSubmit('<i class="fa fa-remove"></i> '.getMLText('remove_approval_log'));
+?>
+	<input type='hidden' name='approveid' value='<?= $approveid ?>'/>
+	<input type='hidden' name='documentid' value='<?= $document->getID() ?>'/>
+	<input type='hidden' name='version' value='<?= $content->getVersion() ?>'/>
+	</form>
+<?php
+		$this->contentEnd();
+		$this->htmlEndPage();
+	} /* }}} */
+}
+?>
+

views/bootstrap/class.ViewDocument.php

@@ -946,8 +946,8 @@ $(document).ready( function() {
 							}
 						}
 					}
-				if($enableremoverevapp && $user->isAdmin() && ($r['status'] == 1 || $r['status'] == -1))
+					if($enableremoverevapp && $user->isAdmin() && ($r['status'] == 1 || $r['status'] == -1))
-					echo '<li><a href="../out/out.RemoveReviewLog.php?documentid='.$document->getID().'&version='.$latestContent->getVersion().'&reviewid='.$r['reviewID'].'" title="'.getMLText('remove_review_log').'"><i class="fa fa-remove"></i></a></li>';
+						echo '<li><a href="../out/out.RemoveReviewLog.php?documentid='.$document->getID().'&version='.$latestContent->getVersion().'&reviewid='.$r['reviewID'].'" title="'.getMLText('remove_review_log').'"><i class="fa fa-remove"></i></a></li>';
 	
 					print "</ul></td>\n";	
 					print "</tr>\n";
@@ -1050,6 +1050,8 @@ $(document).ready( function() {
 							}
 						}
 					}
+					if($enableremoverevapp && $user->isAdmin() && ($a['status'] == 1 || $a['status'] == -1))
+						echo '<li><a href="../out/out.RemoveApprovalLog.php?documentid='.$document->getID().'&version='.$latestContent->getVersion().'&approveid='.$a['approveID'].'" title="'.getMLText('remove_approval_log').'"><i class="fa fa-remove"></i></a></li>';
 
 					print "</ul>";
 					print "</td>\n";