Merge branch 'seeddms-4.3.x' into seeddms-5.0.x

2024-11-26 15:32:13 +00:00 · 2017-08-02 10:57:10 +02:00 · 2017-08-02 10:57:10 +02:00 · efbc30c0dd
commit efbc30c0dd
parent ac184a030a 0dbf05334d
4 changed files with 133 additions and 17 deletions
--- a/3
+++ b/3
@ -108,6 +108,9 @@
 - minor improvements of installation
 - better checking in out/*.php for allowed operation (e.g. EditOnline,
  RemoveVersion, SetReviewersApprovers, ...)
+- SetReviewersApprovers checks for mandatory reviewers/approvers
+- reviewers/approvers can only be modified by users with unrestricted access
+  and as long as no reviewer/approver has reviewed/approved the document

 --------------------------------------------------------------------------------
                     Changes in version 4.3.35
--- a/inc/inc.ClassAccessOperation.php
+++ b/inc/inc.ClassAccessOperation.php
@ -121,15 +121,28 @@ class SeedDMS_AccessOperation {
 	 *
 	 * This check can only be done for documents. Overwriting the document
 	 * reviewers/approvers is only allowed if version modification is turned on
-	 * in the settings and the document is in 'draft review' status.  The
-	 * admin may even set reviewers/approvers if is disallowed in the
+	 * in the settings and the document has not been reviewed/approved by any
+	 * user/group already.
+	 * The admin may even set reviewers/approvers if is disallowed in the
 	 * settings.
 	 */
 	function maySetReviewersApprovers() { /* {{{ */
 		if(get_class($this->obj) == $this->dms->getClassname('document')) {
 			$latestContent = $this->obj->getLatestContent();
 			$status = $latestContent->getStatus();
-			if ((($this->settings->_enableVersionModification && ($this->obj->getAccessMode($this->user) == M_ALL)) || $this->user->isAdmin()) && ($status["status"]==S_DRAFT_REV || $status["status"]==S_DRAFT_APP && $this->settings->_workflowMode == 'traditional_only_approval')) {
+			$reviewstatus = $latestContent->getReviewStatus();
+			$hasreview = false;
+			foreach($reviewstatus as $r) {
+				if($r['status'] == 1 || $r['status'] == -1)
+					$hasreview = true;
+			}
+			$approvalstatus = $latestContent->getApprovalStatus();
+			$hasapproval = false;
+			foreach($approvalstatus as $r) {
+				if($r['status'] == 1 || $r['status'] == -1)
+					$hasapproval = true;
+			}
+			if ((($this->settings->_enableVersionModification && ($this->obj->getAccessMode($this->user) == M_ALL)) || $this->user->isAdmin()) && (($status["status"]==S_DRAFT_REV && !$hasreview) || ($status["status"]==S_DRAFT_APP && !$hasreview && !$hasapproval))) {
 				return true;
 			}
 		}
--- a/op/op.SetReviewersApprovers.php
+++ b/op/op.SetReviewersApprovers.php
@ -62,6 +62,7 @@ if ($overallStatus["status"]==S_REJECTED || $overallStatus["status"]==S_OBSOLETE
 }

 $folder = $document->getFolder();
+$owner = $document->getOwner();

 // Retrieve a list of all users and groups that have review / approve
 // privileges.
@ -106,6 +107,18 @@ foreach ($approvalStatus as $i=>$rs) {
 // Get the list of proposed reviewers, stripping out any duplicates.
 $pIndRev = (isset($_POST["indReviewers"]) ? array_values(array_unique($_POST["indReviewers"])) : array());
 $pGrpRev = (isset($_POST["grpReviewers"]) ? array_values(array_unique($_POST["grpReviewers"])) : array());
+if($user->getID() != $owner->getID()) {
+	$res=$owner->getMandatoryReviewers();
+	if($user->isAdmin())
+		$res = array();
+} else
+	$res=$user->getMandatoryReviewers();
+foreach ($res as $r) {
+	if(!in_array($r['reviewerUserID'], $pIndRev))
+		$pIndRev[] = $r['reviewerUserID'];
+	if(!in_array($r['reviewerGroupID'], $pGrpRev))
+		$pGrpRev[] = $r['reviewerGroupID'];
+}
 foreach ($pIndRev as $p) {
 	if (is_numeric($p)) {
 		if (isset($accessIndex["i"][$p])) {
@ -326,6 +339,18 @@ if (count($reviewIndex["g"]) > 0) {
 // Get the list of proposed approvers, stripping out any duplicates.
 $pIndApp = (isset($_POST["indApprovers"]) ? array_values(array_unique($_POST["indApprovers"])) : array());
 $pGrpApp = (isset($_POST["grpApprovers"]) ? array_values(array_unique($_POST["grpApprovers"])) : array());
+if($user->getID() != $owner->getID()) {
+	$res=$owner->getMandatoryApprovers();
+	if($user->isAdmin())
+		$res = array();
+} else
+	$res=$user->getMandatoryApprovers();
+foreach ($res as $r) {
+	if(!in_array($r['approverUserID'], $pIndApp))
+		$pIndApp[] = $r['approverUserID'];
+	if(!in_array($r['approverGroupID'], $pGrpApp))
+		$pGrpApp[] = $r['approverGroupID'];
+}
 foreach ($pIndApp as $p) {
 	if (is_numeric($p)) {
 		if (isset($accessIndex["i"][$p])) {
--- a/views/bootstrap/class.SetReviewersApprovers.php
+++ b/views/bootstrap/class.SetReviewersApprovers.php
@ -43,6 +43,7 @@ class SeedDMS_View_SetReviewersApprovers extends SeedDMS_Bootstrap_Style {
 		$enableselfrevapp = $this->params['enableselfrevapp'];

 		$overallStatus = $content->getStatus();
+		$owner = $document->getOwner();

 		$this->htmlStartPage(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))));
 		$this->globalNavigation($folder);
@ -92,7 +93,12 @@ class SeedDMS_View_SetReviewersApprovers extends SeedDMS_Bootstrap_Style {
  <select class="chzn-select span9" name="indReviewers[]" multiple="multiple" data-placeholder="<?php printMLText('select_ind_reviewers'); ?>" data-no_results_text="<?php printMLText('unknown_owner'); ?>">
 <?php

-		$res=$user->getMandatoryReviewers();
+		if($user->getID() != $owner->getID()) {
+			$res=$owner->getMandatoryReviewers();
+			if($user->isAdmin())
+				$res = array();
+		} else
+			$res=$user->getMandatoryReviewers();
 		foreach ($docAccess["users"] as $usr) {
 			$mandatory=false;
 			foreach ($res as $r) if ($r['reviewerUserID']==$usr->getID()) $mandatory=true;
@ -100,7 +106,7 @@ class SeedDMS_View_SetReviewersApprovers extends SeedDMS_Bootstrap_Style {
 			if ($mandatory){

 				print "<option value=\"".$usr->getID()."\" disabled=\"disabled\">". htmlspecialchars($usr->getLogin() . " - ". $usr->getFullName())." &lt;".$usr->getEmail()."&gt;</option>";
-				print "<input id='revInd".$usr->getID()."' type='hidden' name='indReviewers[]' value='". $usr->getID() ."'>";
+//				print "<input id='revInd".$usr->getID()."' type='hidden' name='indReviewers[]' value='". $usr->getID() ."'>";

 			} elseif (isset($reviewIndex["i"][$usr->getID()])) {

@ -121,8 +127,24 @@ class SeedDMS_View_SetReviewersApprovers extends SeedDMS_Bootstrap_Style {
 			}
 		}
 ?>
-  </select>
-
+	</select>
+<?php
+			/* List all mandatory reviewers */
+			if($res) {
+				$tmp = array();
+				foreach ($res as $r) {
+					if($r['reviewerUserID'] > 0) {
+						$u = $dms->getUser($r['reviewerUserID']);
+						$tmp[] =  htmlspecialchars($u->getFullName().' ('.$u->getLogin().')');
+					}
+				}
+				if($tmp) {
+					echo '<div class="mandatories"><span>'.getMLText('mandatory_reviewers').':</span> ';
+					echo implode(', ', $tmp);
+					echo "</div>\n";
+				}
+			}
+?>
  <div class="cbSelectTitle"><?php printMLText("groups")?>:</div>
  <select class="chzn-select span9" name="grpReviewers[]" multiple="multiple" data-placeholder="<?php printMLText('select_grp_reviewers'); ?>" data-no_results_text="<?php printMLText('unknown_group'); ?>">
 <?php
@ -134,7 +156,7 @@ class SeedDMS_View_SetReviewersApprovers extends SeedDMS_Bootstrap_Style {
 			if ($mandatory){

 				print "<option value=\"".$group->getID()."\" disabled='disabled'>".htmlspecialchars($group->getName())."</option>";
-				print "<input id='revGrp".$group->getID()."' type='hidden' name='grpReviewers[]' value='". $group->getID() ."' />";
+//				print "<input id='revGrp".$group->getID()."' type='hidden' name='grpReviewers[]' value='". $group->getID() ."' />";

 			} elseif (isset($reviewIndex["g"][$group->getID()])) {

@ -154,8 +176,25 @@ class SeedDMS_View_SetReviewersApprovers extends SeedDMS_Bootstrap_Style {
 			}
 		}
 ?>
-  </select>
-<?php } ?>
+	</select>
+<?php
+			/* List all mandatory groups of reviewers */
+			if($res) {
+				$tmp = array();
+				foreach ($res as $r) {
+					if($r['reviewerGroupID'] > 0) {
+						$u = $dms->getGroup($r['reviewerGroupID']);
+						$tmp[] =  htmlspecialchars($u->getName());
+					}
+				}
+				if($tmp) {
+					echo '<div class="mandatories"><span>'.getMLText('mandatory_reviewergroups').':</span> ';
+					echo implode(', ', $tmp);
+					echo "</div>\n";
+				}
+			}
+		}
+?>

 <?php $this->contentSubHeading(getMLText("update_approvers"));?>

@ -163,8 +202,12 @@ class SeedDMS_View_SetReviewersApprovers extends SeedDMS_Bootstrap_Style {
  <select class="chzn-select span9" name="indApprovers[]" multiple="multiple" data-placeholder="<?php printMLText('select_ind_approvers'); ?>" data-no_results_text="<?php printMLText('unknown_owner'); ?>">
 <?php

-		$res=$user->getMandatoryApprovers();
-
+		if($user->getID() != $owner->getID()) {
+			$res=$owner->getMandatoryApprovers();
+			if($user->isAdmin())
+				$res = array();
+		} else
+			$res=$user->getMandatoryApprovers();
 		foreach ($docAccess["users"] as $usr) {

 			$mandatory=false;
@ -173,7 +216,7 @@ class SeedDMS_View_SetReviewersApprovers extends SeedDMS_Bootstrap_Style {
 			if ($mandatory){
 			
 				print "<option value='". $usr->getID() ."' disabled='disabled'>". htmlspecialchars($usr->getLogin() . " - ". $usr->getFullName())." &lt;".$usr->getEmail()."&gt;</option>";
-				print "<input id='appInd".$usr->getID()."' type='hidden' name='indApprovers[]' value='". $usr->getID() ."'>";
+//				print "<input id='appInd".$usr->getID()."' type='hidden' name='indApprovers[]' value='". $usr->getID() ."'>";

 			} elseif (isset($approvalIndex["i"][$usr->getID()])) {
 			
@ -195,7 +238,23 @@ class SeedDMS_View_SetReviewersApprovers extends SeedDMS_Bootstrap_Style {
 			}
 		}
 ?>
-  </select>
+	</select>
+<?php
+		if($res) {
+			$tmp = array();
+			foreach ($res as $r) {
+				if($r['approverUserID'] > 0) {
+					$u = $dms->getUser($r['approverUserID']);
+					$tmp[] =  htmlspecialchars($u->getFullName().' ('.$u->getLogin().')');
+				}
+			}
+			if($tmp) {
+				echo '<div class="mandatories"><span>'.getMLText('mandatory_approvers').':</span> ';
+				echo implode(', ', $tmp);
+				echo "</div>\n";
+			}
+		}
+?>
  <div class="cbSelectTitle"><?php printMLText("groups")?>:</div>

  <select class="chzn-select span9" name="grpApprovers[]" multiple="multiple" data-placeholder="<?php printMLText('select_grp_approvers'); ?>" data-no_results_text="<?php printMLText('unknown_group'); ?>">
@ -208,7 +267,7 @@ class SeedDMS_View_SetReviewersApprovers extends SeedDMS_Bootstrap_Style {
 			if ($mandatory){

 				print "<option type='checkbox' checked='checked' disabled='disabled'>".htmlspecialchars($group->getName())."</option>";
-				print "<input id='appGrp".$group->getID()."' type='hidden' name='grpApprovers[]' value='". $group->getID() ."'>";
+//				print "<input id='appGrp".$group->getID()."' type='hidden' name='grpApprovers[]' value='". $group->getID() ."'>";

 			} elseif (isset($approvalIndex["g"][$group->getID()])) {

@ -229,8 +288,24 @@ class SeedDMS_View_SetReviewersApprovers extends SeedDMS_Bootstrap_Style {
 			}
 		}
 ?>
-  </select>
-
+	</select>
+<?php
+		/* List all mandatory groups of approvers */
+		if($res) {
+			$tmp = array();
+			foreach ($res as $r) {
+				if($r['approverGroupID'] > 0) {
+					$u = $dms->getGroup($r['approverGroupID']);
+					$tmp[] =  htmlspecialchars($u->getName());
+				}
+			}
+			if($tmp) {
+				echo '<div class="mandatories"><span>'.getMLText('mandatory_approvergroups').':</span> ';
+				echo implode(', ', $tmp);
+				echo "</div>\n";
+			}
+		}
+?>
 <p>
 <input type='hidden' name='documentid' value='<?php echo $document->getID() ?>'/>
 <input type='hidden' name='version' value='<?php echo $content->getVersion() ?>'/>