From 7892498d979232e931ae11fad8d73981ec2e34d7 Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Thu, 1 Feb 2018 14:42:30 +0100 Subject: [PATCH] create view at beginning of file --- out/out.EditComment.php | 16 ++++++++-------- out/out.SetReviewersApprovers.php | 16 ++++++---------- 2 files changed, 14 insertions(+), 18 deletions(-) diff --git a/out/out.EditComment.php b/out/out.EditComment.php index 23dac5b2b..ff7884d2b 100644 --- a/out/out.EditComment.php +++ b/out/out.EditComment.php @@ -30,6 +30,9 @@ include("../inc/inc.ClassUI.php"); include("../inc/inc.ClassAccessOperation.php"); include("../inc/inc.Authentication.php"); +$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME'])); +$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user)); + if (!isset($_GET["documentid"]) || !is_numeric($_GET["documentid"]) || intval($_GET["documentid"])<1) { UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id")); } @@ -38,6 +41,11 @@ if (!is_object($document)) { UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id")); } +$accessop = new SeedDMS_AccessOperation($dms, $document, $user, $settings); +if(!$accessop->mayEditComment()) { + UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied")); +} + if($document->isLocked()) { $lockingUser = $document->getLockingUser(); if (($lockingUser->getID() != $user->getID()) && ($document->getAccessMode($user) != M_ALL)) { @@ -52,14 +60,6 @@ if (!is_object($version)) { $folder = $document->getFolder(); -/* Create object for checking access to certain operations */ -$accessop = new SeedDMS_AccessOperation($dms, $document, $user, $settings); -if(!$accessop->mayEditComment()) { - UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied")); -} - -$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME'])); -$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user)); if($view) { $view->setParam('folder', $folder); $view->setParam('document', $document); diff --git a/out/out.SetReviewersApprovers.php b/out/out.SetReviewersApprovers.php index ef8adba90..ceca25a3c 100644 --- a/out/out.SetReviewersApprovers.php +++ b/out/out.SetReviewersApprovers.php @@ -30,6 +30,9 @@ include("../inc/inc.ClassUI.php"); include("../inc/inc.ClassAccessOperation.php"); include("../inc/inc.Authentication.php"); +$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME'])); +$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user)); + if (!isset($_GET["documentid"]) || !is_numeric($_GET["documentid"]) || intval($_GET["documentid"])<1) { UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id")); } @@ -39,8 +42,9 @@ if (!is_object($document)) { UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id")); } -if ($document->getAccessMode($user) < M_ALL) { - UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("access_denied")); +$accessop = new SeedDMS_AccessOperation($dms, $document, $user, $settings); +if(!$accessop->maySetReviewersApprovers()) { + UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("no_version_modification")); } if (!isset($_GET["version"]) || !is_numeric($_GET["version"]) || intval($_GET["version"]<1)) { @@ -54,14 +58,6 @@ if (!is_object($content)) { $folder = $document->getFolder(); -/* Create object for checking access to certain operations */ -$accessop = new SeedDMS_AccessOperation($dms, $document, $user, $settings); -if(!$accessop->maySetReviewersApprovers()) { - UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("no_version_modification")); -} - -$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME'])); -$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user)); if($view) { $view->setParam('folder', $folder); $view->setParam('document', $document);