From d070f6da85f362737e81a9ddaa971f620c963101 Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Fri, 26 Jun 2015 12:23:09 +0200
Subject: [PATCH] use access operations to check if operation is allowed

before, this was some own code which did not same the same
check as maySetReviewerApprover()
---
 out/out.SetReviewersApprovers.php | 10 +++-------
 1 file changed, 3 insertions(+), 7 deletions(-)

diff --git a/out/out.SetReviewersApprovers.php b/out/out.SetReviewersApprovers.php
index a9ee8a4fc..daeecb1f3 100644
--- a/out/out.SetReviewersApprovers.php
+++ b/out/out.SetReviewersApprovers.php
@@ -54,18 +54,14 @@ if(!$settings->_enableVersionModification) {
 	UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("no_version_modification"));
 }
 
-// control for document state. Must correspond to check in
-// SeedDMS_AccessOperation::maySetReviewersApprovers()
-$overallStatus = $content->getStatus();
-if ($overallStatus["status"]!=S_DRAFT_REV && $overallStatus["status"]!=S_DRAFT_APP) {
+/* Create object for checking access to certain operations */
+$accessop = new SeedDMS_AccessOperation($document, $user, $settings);
+if (!$accessop->maySetReviewersApprovers()) {
 	UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("cannot_assign_invalid_state"));
 }
 
 $folder = $document->getFolder();
 
-/* Create object for checking access to certain operations */
-$accessop = new SeedDMS_AccessOperation($document, $user, $settings);
-
 $tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME']));
 $view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user, 'folder'=>$folder, 'document'=>$document, 'version'=>$content, 'enableadminrevapp'=>$settings->_enableAdminRevApp, 'enableownerrevapp'=>$settings->_enableOwnerRevApp, 'enableselfrevapp'=>$settings->_enableSelfRevApp));
 if($view) {