From efb9173815af4e188f36ec780893146e01240963 Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Mon, 15 Jun 2015 08:55:20 +0200
Subject: [PATCH] use access operation to check if approval is allowed

Conflicts:
	op/op.ApproveDocument.php
---
 op/op.ApproveDocument.php   | 8 ++++++--
 out/out.ApproveDocument.php | 5 +++--
 2 files changed, 9 insertions(+), 4 deletions(-)

diff --git a/op/op.ApproveDocument.php b/op/op.ApproveDocument.php
index 09f057e0b..102c34f58 100644
--- a/op/op.ApproveDocument.php
+++ b/op/op.ApproveDocument.php
@@ -27,6 +27,7 @@ include("../inc/inc.Init.php");
 include("../inc/inc.Extension.php");
 include("../inc/inc.ClassEmail.php");
 include("../inc/inc.DBInit.php");
+include("../inc/inc.ClassAccessOperation.php");
 include("../inc/inc.Authentication.php");
 include("../inc/inc.ClassUI.php");
 
@@ -70,8 +71,11 @@ if ($latestContent->getVersion()!=$version) {
 	UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_version"));
 }
 
-// verify if document has expired
-if ($document->hasExpired()){
+/* Create object for checking access to certain operations */
+$accessop = new SeedDMS_AccessOperation($document, $user, $settings);
+
+// verify if document may be approved
+if ($accessop->mayApprove()){
 	UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied"));
 }
 
diff --git a/out/out.ApproveDocument.php b/out/out.ApproveDocument.php
index dc343eb95..4b9efa878 100644
--- a/out/out.ApproveDocument.php
+++ b/out/out.ApproveDocument.php
@@ -61,8 +61,9 @@ $latestContent = $document->getLatestContent();
 if ($latestContent->getVersion()!=$version) {
 	UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("invalid_version"));
 }
-// verify if document has expired
-if ($document->hasExpired()){
+
+// verify if document may be approved
+if ($accessop->mayApprove()){
 	UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("access_denied"));
 }