gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-03-11 00:15:34 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

use access operation to check if operation is allowed

Browse Source 
Conflicts:
	op/op.ReviewDocument.php
This commit is contained in:
Uwe Steinmann 2015-06-15 08:54:33 +02:00
parent d02c06a87f
commit ba74861ae7
2 changed files with 12 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
op/op.ReviewDocument.php
View File

@ -26,6 +26,7 @@ include("../inc/inc.Init.php");
include("../inc/inc.Extension.php"); include("../inc/inc.Extension.php");
include("../inc/inc.ClassEmail.php"); include("../inc/inc.ClassEmail.php");
include("../inc/inc.DBInit.php"); include("../inc/inc.DBInit.php");
include("../inc/inc.ClassAccessOperation.php");
include("../inc/inc.Authentication.php"); include("../inc/inc.Authentication.php");
include("../inc/inc.ClassUI.php"); include("../inc/inc.ClassUI.php");
@ -66,8 +67,11 @@ if ($latestContent->getVersion()!=$version) {
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_version")); UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_version"));
} }
// verify if document has expired /* Create object for checking access to certain operations */
if ($document->hasExpired()){ $accessop = new SeedDMS_AccessOperation($document, $user, $settings);
// verify if document may be reviewed
if ($accessop->mayReview()){
UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied")); UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
} }

11
out/out.ReviewDocument.php
View File

@ -58,8 +58,12 @@ $latestContent = $document->getLatestContent();
if ($latestContent->getVersion()!=$version) { if ($latestContent->getVersion()!=$version) {
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("invalid_version")); UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("invalid_version"));
} }
// verify if document has expired
if ($document->hasExpired()){ /* Create object for checking access to certain operations */
$accessop = new SeedDMS_AccessOperation($document, $user, $settings);
// verify if document may be reviewed
if ($accessop->mayReview()){
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("access_denied")); UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("access_denied"));
} }
@ -68,9 +72,6 @@ if(!$reviews) {
UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("no_action")); UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("no_action"));
} }
/* Create object for checking access to certain operations */
$accessop = new SeedDMS_AccessOperation($document, $user, $settings);
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME'])); $tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user, 'folder'=>$folder, 'document'=>$document, 'version'=>$content)); $view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user, 'folder'=>$folder, 'document'=>$document, 'version'=>$content));
if($view) { if($view) {