From 68ae8c17a5d9103c8cabd3be8e40787855725da2 Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Wed, 16 Dec 2020 16:47:49 +0100 Subject: [PATCH 1/2] check if folder/document is below rootDir can be turned on (default off) --- SeedDMS_Core/Core/inc.ClassDMS.php | 19 +++++++++++ SeedDMS_Core/Core/inc.ClassDocument.php | 2 ++ SeedDMS_Core/Core/inc.ClassFolder.php | 45 ++++++++++++++++++++----- SeedDMS_Core/package.xml | 1 + 4 files changed, 58 insertions(+), 9 deletions(-) diff --git a/SeedDMS_Core/Core/inc.ClassDMS.php b/SeedDMS_Core/Core/inc.ClassDMS.php index 88ee61414..e39ab82c8 100644 --- a/SeedDMS_Core/Core/inc.ClassDMS.php +++ b/SeedDMS_Core/Core/inc.ClassDMS.php @@ -161,6 +161,13 @@ class SeedDMS_Core_DMS { */ public $noReadForStatus; + /** + * @var boolean $checkWithinRootDir check if folder/document being accessed + * is within the rootdir + * @access public + */ + public $checkWithinRootDir; + /** * @var string $version version of pear package * @access public @@ -383,6 +390,7 @@ class SeedDMS_Core_DMS { $this->rootFolderID = 1; $this->maxDirID = 0; //31998; $this->forceRename = false; + $this->checkWithinRootDir = false; $this->enableConverting = false; $this->convertFileTypes = array(); $this->noReadForStatus = array(); @@ -1472,6 +1480,10 @@ class SeedDMS_Core_DMS { $searchFolder = ""; if ($startFolder) { $searchFolder = "`tblFolders`.`folderList` LIKE '%:".$startFolder->getID().":%'"; + if($this->checkWithinRootDir) + $searchFolder = '('.$searchFolder." AND `tblFolders`.`folderList` LIKE '%:".$this->rootFolderID.":%')"; + } elseif($this->checkWithinRootDir) { + $searchFolder = "`tblFolders`.`folderList` LIKE '%:".$this->rootFolderID.":%'"; } // Check to see if the search has been restricted to a particular @@ -1634,6 +1646,10 @@ class SeedDMS_Core_DMS { $searchFolder = ""; if ($startFolder) { $searchFolder = "`tblDocuments`.`folderList` LIKE '%:".$startFolder->getID().":%'"; + if($this->checkWithinRootDir) + $searchFolder = '('.$searchFolder." AND `tblDocuments`.`folderList` LIKE '%:".$this->rootFolderID.":%')"; + } elseif($this->checkWithinRootDir) { + $searchFolder = "`tblDocuments`.`folderList` LIKE '%:".$this->rootFolderID.":%'"; } // Check to see if the search has been restricted to a particular @@ -1920,6 +1936,9 @@ class SeedDMS_Core_DMS { * @return SeedDMS_Core_Folder|boolean found folder or false */ function getFolderByName($name, $folder=null) { /* {{{ */ + $classname = $this->classnames['folder']; + return $classname::getInstanceByName($name, $folder, $this); + if (!$name) return false; $queryStr = "SELECT * FROM `tblFolders` WHERE `name` = " . $this->db->qstr($name); diff --git a/SeedDMS_Core/Core/inc.ClassDocument.php b/SeedDMS_Core/Core/inc.ClassDocument.php index 343b0c94b..5b155171b 100644 --- a/SeedDMS_Core/Core/inc.ClassDocument.php +++ b/SeedDMS_Core/Core/inc.ClassDocument.php @@ -294,6 +294,8 @@ class SeedDMS_Core_Document extends SeedDMS_Core_Object { /* {{{ */ // $queryStr = "SELECT * FROM `tblDocuments` WHERE `id` = " . (int) $id; $queryStr = "SELECT `tblDocuments`.*, `tblDocumentLocks`.`userID` as `lock` FROM `tblDocuments` LEFT JOIN `tblDocumentLocks` ON `tblDocuments`.`id` = `tblDocumentLocks`.`document` WHERE `id` = " . (int) $id; + if($dms->checkWithinRootDir) + $queryStr .= " AND `folderList` LIKE '%:".$dms->rootFolderID.":%'"; $resArr = $db->getResultArray($queryStr); if (is_bool($resArr) && $resArr == false) return false; diff --git a/SeedDMS_Core/Core/inc.ClassFolder.php b/SeedDMS_Core/Core/inc.ClassFolder.php index 3602a4f54..25b01e6f1 100644 --- a/SeedDMS_Core/Core/inc.ClassFolder.php +++ b/SeedDMS_Core/Core/inc.ClassFolder.php @@ -205,21 +205,48 @@ class SeedDMS_Core_Folder extends SeedDMS_Core_Object { $db = $dms->getDB(); $queryStr = "SELECT * FROM `tblFolders` WHERE `id` = " . (int) $id; + if($dms->checkWithinRootDir && ($id != $dms->rootFolderID)) + $queryStr .= " AND `folderList` LIKE '%:".$dms->rootFolderID.":%'"; $resArr = $db->getResultArray($queryStr); if (is_bool($resArr) && $resArr == false) return false; - else if (count($resArr) != 1) + elseif (count($resArr) != 1) return null; return self::getInstanceByData($resArr[0], $dms); - - $resArr = $resArr[0]; - $classname = $dms->getClassname('folder'); - /** @var SeedDMS_Core_Folder $folder */ - $folder = new $classname($resArr["id"], $resArr["name"], $resArr["parent"], $resArr["comment"], $resArr["date"], $resArr["owner"], $resArr["inheritAccess"], $resArr["defaultAccess"], $resArr["sequence"]); - $folder->setDMS($dms); - $folder = $folder->applyDecorators(); - return $folder; + } /* }}} */ + + /** + * Return a folder by its name + * + * This function retrieves a folder from the database by its name. The + * search covers the whole database. If + * the parameter $folder is not null, it will search for the name + * only within this parent folder. It will not be done recursively. + * + * @param string $name name of the folder + * @param SeedDMS_Core_Folder $folder parent folder + * @return SeedDMS_Core_Folder|boolean found folder or false + */ + public static function getInstanceByName($name, $folder=null, $dms) { /* {{{ */ + if (!$name) return false; + + $db = $dms->getDB(); + $queryStr = "SELECT * FROM `tblFolders` WHERE `name` = " . $db->qstr($name); + if($folder) + $queryStr .= " AND `parent` = ". $folder->getID(); + if($dms->checkWithinRootDir && ($id != $dms->rootFolderID)) + $queryStr .= " AND `folderList` LIKE '%:".$dms->rootFolderID.":%'"; + $queryStr .= " LIMIT 1"; + $resArr = $db->getResultArray($queryStr); + + if (is_bool($resArr) && $resArr == false) + return false; + + if(!$resArr) + return false; + + return self::getInstanceByData($resArr[0], $dms); } /* }}} */ /** diff --git a/SeedDMS_Core/package.xml b/SeedDMS_Core/package.xml index ee584ce80..87fc2511f 100644 --- a/SeedDMS_Core/package.xml +++ b/SeedDMS_Core/package.xml @@ -27,6 +27,7 @@ - SeedDMS_Folder_DMS::getAccessList() and getDefaultAccess() do not return fals anymore if the parent does not exists. They just stop inheritance. - pass attribute value to callback 'onAttributeValidate' - new paramter 'new' of methode SeedDMЅ_Core_AttributeDefinition::validate() +- check if folder/document is below rootDir can be turned on (default off) From 22cf24250c25824685839f076db4e84bc991798f Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Wed, 16 Dec 2020 16:48:30 +0100 Subject: [PATCH 2/2] check if getting document succeeded --- views/bootstrap/class.Tasks.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/views/bootstrap/class.Tasks.php b/views/bootstrap/class.Tasks.php index cbc919f72..86492413f 100644 --- a/views/bootstrap/class.Tasks.php +++ b/views/bootstrap/class.Tasks.php @@ -55,7 +55,7 @@ class SeedDMS_View_Tasks extends SeedDMS_Bootstrap_Style { $docs = array(); foreach ($resArr as $res) { $document = $dms->getDocument($res["id"]); - if($document->getAccessMode($user) >= M_READ && $document->getLatestContent()) { + if($document && $document->getAccessMode($user) >= M_READ && $document->getLatestContent()) { $docs[] = $document; // $tasks['approval'][] = array('id'=>$res['id'], 'name'=>$res['name']); } @@ -71,7 +71,7 @@ class SeedDMS_View_Tasks extends SeedDMS_Bootstrap_Style { $docs = array(); foreach ($resArr as $res) { $document = $dms->getDocument($res["id"]); - if($document->getAccessMode($user) >= M_READ && $document->getLatestContent()) { + if($document && $document->getAccessMode($user) >= M_READ && $document->getLatestContent()) { $docs[] = $document; // $tasks['review'][] = array('id'=>$res['id'], 'name'=>$res['name']); } @@ -88,7 +88,7 @@ class SeedDMS_View_Tasks extends SeedDMS_Bootstrap_Style { $docs = array(); foreach ($resArr as $res) { $document = $dms->getDocument($res["id"]); - if($document->getAccessMode($user) >= M_READ && $document->getLatestContent()) { + if($document && $document->getAccessMode($user) >= M_READ && $document->getLatestContent()) { $docs[] = $document; // $tasks['workflow'][] = array('id'=>$res['id'], 'name'=>$res['name']); } @@ -104,7 +104,7 @@ class SeedDMS_View_Tasks extends SeedDMS_Bootstrap_Style { $docs = array(); foreach ($resArr as $res) { $document = $dms->getDocument($res["id"]); - if($document->getAccessMode($user) >= M_READ && $document->getLatestContent()) { + if($document && $document->getAccessMode($user) >= M_READ && $document->getLatestContent()) { $docs[] = $document; } }