gnh1201/seeddms-code
1
0
Fork 0
mirror of https://git.code.sf.net/p/seeddms/code synced 2025-10-31 05:11:27 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

add missing access operation check

Browse Source
This commit is contained in:
Uwe Steinmann 2014-08-20 16:35:38 +02:00
parent a1fae7a6f6
commit ca6b3c3795
2 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
out/out.RemoveWorkflowFromDocument.php
View File

@ -23,6 +23,7 @@ include("../inc/inc.Utils.php");
include("../inc/inc.DBInit.php"); include("../inc/inc.DBInit.php");
include("../inc/inc.Language.php"); include("../inc/inc.Language.php");
include("../inc/inc.ClassUI.php"); include("../inc/inc.ClassUI.php");
include("../inc/inc.ClassAccessOperation.php");
include("../inc/inc.Authentication.php"); include("../inc/inc.Authentication.php");
if (!$user->isAdmin()) { if (!$user->isAdmin()) {
@ -56,9 +57,13 @@ if (!is_object($workflow)) {
$folder = $document->getFolder(); $folder = $document->getFolder();
/* Create object for checking access to certain operations */
$accessop = new SeedDMS_AccessOperation($document, $user, $settings);
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME'])); $tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user, 'folder'=>$folder, 'document'=>$document, 'version'=>$version)); $view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user, 'folder'=>$folder, 'document'=>$document, 'version'=>$version));
if($view) { if($view) {
$view->setParam('accessobject', $accessop);
$view->show(); $view->show();
exit; exit;
} }

5
out/out.SetWorkflow.php
View File

@ -23,6 +23,7 @@ include("../inc/inc.Utils.php");
include("../inc/inc.DBInit.php"); include("../inc/inc.DBInit.php");
include("../inc/inc.Language.php"); include("../inc/inc.Language.php");
include("../inc/inc.ClassUI.php"); include("../inc/inc.ClassUI.php");
include("../inc/inc.ClassAccessOperation.php");
include("../inc/inc.Authentication.php"); include("../inc/inc.Authentication.php");
if (!isset($_GET["documentid"]) || !is_numeric($_GET["documentid"]) || intval($_GET["documentid"])<1) { if (!isset($_GET["documentid"]) || !is_numeric($_GET["documentid"]) || intval($_GET["documentid"])<1) {
@ -47,9 +48,13 @@ if (!is_object($version)) {
$folder = $document->getFolder(); $folder = $document->getFolder();
/* Create object for checking access to certain operations */
$accessop = new SeedDMS_AccessOperation($document, $user, $settings);
$tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME'])); $tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
$view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user, 'folder'=>$folder, 'document'=>$document, 'version'=>$version)); $view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user, 'folder'=>$folder, 'document'=>$document, 'version'=>$version));
if($view) { if($view) {
$view->setParam('accessobject', $accessop);
$view->show(); $view->show();
exit; exit;
} }