From c8167d62ed4233cff5afc5e1e1abfaeac5aa6318 Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Mon, 6 May 2024 08:06:01 +0200 Subject: [PATCH 1/2] check if document is locked when updating it --- restapi/index.php | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/restapi/index.php b/restapi/index.php index 9efa113c7..a4cafb2e4 100644 --- a/restapi/index.php +++ b/restapi/index.php @@ -852,6 +852,14 @@ class RestapiController { /* {{{ */ $document = $dms->getDocument($args['id']); if($document) { + if($document->isLocked()) { + $lockingUser = $document->getLockingUser(); + if(($lockingUser->getID() != $userobj->getID()) && ($document->getAccessMode($userobj) != M_ALL)) { + return $response->withJson(array('success'=>false, 'message'=>'Document is locked', 'data'=>''), 400); + } + else $document->setLocked(false); + } + if ($document->getAccessMode($userobj, 'updateDocument') >= M_READWRITE) { $params = $request->getParsedBody(); $origfilename = isset($params['origfilename']) ? $params['origfilename'] : null; From 024f47367a048d27bb78387ae4341eb5e067661b Mon Sep 17 00:00:00 2001 From: Uwe Steinmann Date: Mon, 6 May 2024 12:31:40 +0200 Subject: [PATCH 2/2] use controller in updateDocument --- restapi/index.php | 163 +++++++++++++++++++++++++++++++--------------- 1 file changed, 111 insertions(+), 52 deletions(-) diff --git a/restapi/index.php b/restapi/index.php index a4cafb2e4..cf251d832 100644 --- a/restapi/index.php +++ b/restapi/index.php @@ -834,6 +834,7 @@ class RestapiController { /* {{{ */ $userobj = $this->container->userobj; $settings = $this->container->config; $notifier = $this->container->notifier; + $fulltextservice = $this->container->fulltextservice; if(!$userobj) { return $response->withJson(array('success'=>false, 'message'=>'Not logged in', 'data'=>''), 403); @@ -852,6 +853,44 @@ class RestapiController { /* {{{ */ $document = $dms->getDocument($args['id']); if($document) { + if ($document->getAccessMode($userobj, 'updateDocument') < M_READWRITE) { + return $response->withJson(array('success'=>false, 'message'=>'No access', 'data'=>''), 403); + } + + $params = $request->getParsedBody(); + $origfilename = isset($params['origfilename']) ? $params['origfilename'] : null; + $comment = isset($params['comment']) ? $params['comment'] : null; + $attributes = isset($params["attributes"]) ? $params["attributes"] : array(); + foreach($attributes as $attrdefid=>$attribute) { + if((is_int($attrdefid) || ctype_digit($attrdefid)) && ((int) $attrdefid) > 0) + $attrdef = $dms->getAttributeDefinition((int) $attrdefid); + else + $attrdef = $dms->getAttributeDefinitionByName($attrdefid); + if($attrdef) { + if($attribute) { + if(!$attrdef->validate($attribute)) { + return $response->withJson(array('success'=>false, 'message'=>getAttributeValidationText($attrdef->getValidationError(), $attrdef->getName(), $attribute), 'data'=>''), 400); + } + } elseif($attrdef->getMinValues() > 0) { + return $response->withJson(array('success'=>false, 'message'=>getMLText("attr_min_values", array("attrname"=>$attrdef->getName())), 'data'=>''), 400); + } + } + } + $uploadedFiles = $request->getUploadedFiles(); + if (count($uploadedFiles) == 0) { + return $response->withJson(array('success'=>false, 'message'=>'No file detected', 'data'=>''), 400); + } + $file_info = array_pop($uploadedFiles); + if ($origfilename == null) + $origfilename = $file_info->getClientFilename(); + $temp = $file_info->file; + + /* Check if the uploaded file is identical to last version */ + $lc = $document->getLatestContent(); + if($lc->getChecksum() == SeedDMS_Core_File::checksum($temp)) { + return $response->withJson(array('success'=>false, 'message'=>'Uploaded file identical to last version', 'data'=>''), 400); + } + if($document->isLocked()) { $lockingUser = $document->getLockingUser(); if(($lockingUser->getID() != $userobj->getID()) && ($document->getAccessMode($userobj) != M_ALL)) { @@ -860,65 +899,85 @@ class RestapiController { /* {{{ */ else $document->setLocked(false); } - if ($document->getAccessMode($userobj, 'updateDocument') >= M_READWRITE) { - $params = $request->getParsedBody(); - $origfilename = isset($params['origfilename']) ? $params['origfilename'] : null; - $comment = isset($params['comment']) ? $params['comment'] : null; - $attributes = isset($params["attributes"]) ? $params["attributes"] : array(); - foreach($attributes as $attrdefid=>$attribute) { - if((is_int($attrdefid) || ctype_digit($attrdefid)) && ((int) $attrdefid) > 0) - $attrdef = $dms->getAttributeDefinition((int) $attrdefid); - else - $attrdef = $dms->getAttributeDefinitionByName($attrdefid); - if($attrdef) { - if($attribute) { - if(!$attrdef->validate($attribute)) { - return $response->withJson(array('success'=>false, 'message'=>getAttributeValidationText($attrdef->getValidationError(), $attrdef->getName(), $attribute), 'data'=>''), 400); - } - } elseif($attrdef->getMinValues() > 0) { - return $response->withJson(array('success'=>false, 'message'=>getMLText("attr_min_values", array("attrname"=>$attrdef->getName())), 'data'=>''), 400); - } - } - } - $uploadedFiles = $request->getUploadedFiles(); - if (count($uploadedFiles) == 0) { - return $response->withJson(array('success'=>false, 'message'=>'No file detected', 'data'=>''), 400); - } - $file_info = array_pop($uploadedFiles); - if ($origfilename == null) - $origfilename = $file_info->getClientFilename(); - $temp = $file_info->file; + $folder = $document->getFolder(); - /* Check if the uploaded file is identical to last version */ - $lc = $document->getLatestContent(); - if($lc->getChecksum() == SeedDMS_Core_File::checksum($temp)) { - return $response->withJson(array('success'=>false, 'message'=>'Uploaded file identical to last version', 'data'=>''), 400); + // Get the list of reviewers and approvers for this document. + $reviewers = array(); + $approvers = array(); + $reviewers["i"] = array(); + $reviewers["g"] = array(); + $approvers["i"] = array(); + $approvers["g"] = array(); + $workflow = null; + if($settings->_workflowMode == 'traditional' || $settings->_workflowMode == 'traditional_only_approval') { + // add mandatory reviewers/approvers + if($settings->_workflowMode == 'traditional') { + $mreviewers = getMandatoryReviewers($folder, null, $userobj); + if($mreviewers['i']) + $reviewers['i'] = array_merge($reviewers['i'], $mreviewers['i']); + if($mreviewers['g']) + $reviewers['g'] = array_merge($reviewers['g'], $mreviewers['g']); } - $finfo = finfo_open(FILEINFO_MIME_TYPE); - $userfiletype = finfo_file($finfo, $temp); - $fileType = ".".pathinfo($origfilename, PATHINFO_EXTENSION); - finfo_close($finfo); - $oldexpires = $document->getExpires(); - $res=$document->addContent($comment, $userobj, $temp, $origfilename, $fileType, $userfiletype, array(), array(), 0, $attributes); + $mapprovers = getMandatoryApprovers($folder, null, $userobj); + if($mapprovers['i']) + $approvers['i'] = array_merge($approvers['i'], $mapprovers['i']); + if($mapprovers['g']) + $approvers['g'] = array_merge($approvers['g'], $mapprovers['g']); + } elseif($settings->_workflowMode == 'advanced') { + if($workflows = $userobj->getMandatoryWorkflows()) { + $workflow = array_shift($workflows); + } + } + $finfo = finfo_open(FILEINFO_MIME_TYPE); + $userfiletype = finfo_file($finfo, $temp); + $fileType = ".".pathinfo($origfilename, PATHINFO_EXTENSION); + finfo_close($finfo); + + $controller = Controller::factory('UpdateDocument'); + $controller->setParam('documentsource', 'restapi'); + $controller->setParam('documentsourcedetails', null); + $controller->setParam('dms', $dms); + $controller->setParam('user', $userobj); + $controller->setParam('folder', $folder); + $controller->setParam('document', $document); + $controller->setParam('fulltextservice', $fulltextservice); + $controller->setParam('comment', $comment); + $controller->setParam('userfiletmp', $temp); + $controller->setParam('userfilename', $origfilename); + $controller->setParam('filetype', $fileType); + $controller->setParam('userfiletype', $userfiletype); + $controller->setParam('reviewers', $reviewers); + $controller->setParam('approvers', $approvers); + $controller->setParam('attributes', $attributes); + $controller->setParam('workflow', $workflow); + $controller->setParam('maxsizeforfulltext', $settings->_maxSizeForFullText); + + if(!$content = $controller()) { unlink($temp); - if($res) { - if($notifier) { - $notifier->sendNewDocumentVersionMail($document, $userobj); - - /* Actually there is not need to even try sending this mail - * because the expiration date cannot be set when calling - * this rest api endpoint. - */ - $notifier->sendChangedExpiryMail($document, $userobj, $oldexpires); - } - $rec = array('id'=>(int)$document->getId(), 'name'=>$document->getName(), 'version'=>$document->getLatestContent()->getVersion()); - return $response->withJson(array('success'=>true, 'message'=>'Upload succeded', 'data'=>$rec), 200); + $err = $controller->getErrorMsg(); + if(is_string($err)) + $errmsg = getMLText($err); + elseif(is_array($err)) { + $errmsg = getMLText($err[0], $err[1]); } else { - return $response->withJson(array('success'=>false, 'message'=>'Upload failed', 'data'=>''), 500); + $errmsg = $err; } + return $response->withJson(array('success'=>false, 'message'=>'Upload failed: '.$errmsg, 'data'=>''), 500); } else { - return $response->withJson(array('success'=>false, 'message'=>'No access', 'data'=>''), 403); + unlink($temp); + if($controller->hasHook('cleanUpDocument')) { + $controller->callHook('cleanUpDocument', $document, $file_info); + } + // Send notification to subscribers. + if($notifier) { + $notifier->sendNewDocumentVersionMail($document, $userobj); + + //$notifier->sendChangedExpiryMail($document, $user, $oldexpires); + } + + $rec = array('id'=>(int)$document->getId(), 'name'=>$document->getName(), 'version'=>$document->getLatestContent()->getVersion()); + return $response->withJson(array('success'=>true, 'message'=>'Upload succeded', 'data'=>$rec), 200); } } else { return $response->withJson(array('success'=>false, 'message'=>'No document', 'data'=>''), 404);