From 857519033dc712c5b8bb11c707a08556b83cbf0a Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Tue, 6 Aug 2013 14:21:40 +0200
Subject: [PATCH 1/3] do not allow to change workflow if it is mandatory

---
 op/op.AddDocument.php                    | 13 +++++++----
 op/op.UpdateDocument.php                 |  4 +++-
 views/bootstrap/class.AddDocument.php    | 29 ++++++++++++++++--------
 views/bootstrap/class.UpdateDocument.php | 29 ++++++++++++++++--------
 4 files changed, 51 insertions(+), 24 deletions(-)

diff --git a/op/op.AddDocument.php b/op/op.AddDocument.php
index 65d301c12..4c32f5dd1 100644
--- a/op/op.AddDocument.php
+++ b/op/op.AddDocument.php
@@ -87,11 +87,6 @@ foreach($attributes_version as $attrdefid=>$attribute) {
 }
 
 
-if(isset($_POST["workflow"]))
-	$workflow = $dms->getWorkflow($_POST["workflow"]);
-else
-	$workflow = null;
-
 $reqversion = (int)$_POST["reqversion"];
 if ($reqversion<1) $reqversion=1;
 
@@ -183,6 +178,14 @@ foreach ($res as $r){
 	}
 }
 
+if(!$workflow = $user->getMandatoryWorkflow()) {
+	if(isset($_POST["workflow"]))
+		$workflow = $dms->getWorkflow($_POST["workflow"]);
+	else
+		$workflow = null;
+}
+
+
 if($settings->_dropFolderDir) {
 	if(isset($_POST["dropfolderfileform1"]) && $_POST["dropfolderfileform1"]) {
 		$fullfile = $settings->_dropFolderDir.'/'.$user->getLogin().'/'.$_POST["dropfolderfileform1"];
diff --git a/op/op.UpdateDocument.php b/op/op.UpdateDocument.php
index 277ee883a..6d749c39d 100644
--- a/op/op.UpdateDocument.php
+++ b/op/op.UpdateDocument.php
@@ -168,6 +168,8 @@ if ($_FILES['userfile']['error'] == 0) {
 		}
 	}
 
+	$workflow = $user->getMandatoryWorkflow();
+
 	if(isset($_POST["attributes"]) && $_POST["attributes"]) {
 		$attributes = $_POST["attributes"];
 		foreach($attributes as $attrdefid=>$attribute) {
@@ -184,7 +186,7 @@ if ($_FILES['userfile']['error'] == 0) {
 		$attributes = array();
 	}
 
-	$contentResult=$document->addContent($comment, $user, $userfiletmp, basename($userfilename), $fileType, $userfiletype, $reviewers, $approvers, $version=0, $attributes);
+	$contentResult=$document->addContent($comment, $user, $userfiletmp, basename($userfilename), $fileType, $userfiletype, $reviewers, $approvers, $version=0, $attributes, $workflow);
 	if (is_bool($contentResult) && !$contentResult) {
 		UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("error_occured"));
 	}
diff --git a/views/bootstrap/class.AddDocument.php b/views/bootstrap/class.AddDocument.php
index 7bb6aa4a3..3cefbbb67 100644
--- a/views/bootstrap/class.AddDocument.php
+++ b/views/bootstrap/class.AddDocument.php
@@ -215,19 +215,30 @@ function addFiles()
 			<div class="cbSelectTitle"><?php printMLText("workflow");?>:</div>
       </td>
       <td>
-        <select class="_chzn-select-deselect span9" name="workflow" data-placeholder="<?php printMLText('select_workflow'); ?>">
 <?php
 				$mandatoryworkflow = $user->getMandatoryWorkflow();
-				$workflows=$dms->getAllWorkflows();
-				print "<option value=\"\">"."</option>";
-				foreach ($workflows as $workflow) {
-					print "<option value=\"".$workflow->getID()."\"";
-					if($mandatoryworkflow && $mandatoryworkflow->getID() == $workflow->getID())
-						echo " selected=\"selected\"";
-					print ">". htmlspecialchars($workflow->getName())."</option>";
-				}
+				if($mandatoryworkflow) {
+?>
+				<?php echo $mandatoryworkflow->getName(); ?>
+				<input type="hidden" name="workflow" value="<?php echo $mandatoryworkflow->getID(); ?>">
+<?php
+				} else {
+?>
+        <select class="_chzn-select-deselect span9" name="workflow" data-placeholder="<?php printMLText('select_workflow'); ?>">
+<?php
+					$workflows=$dms->getAllWorkflows();
+					print "<option value=\"\">"."</option>";
+					foreach ($workflows as $workflow) {
+						print "<option value=\"".$workflow->getID()."\"";
+						if($mandatoryworkflow && $mandatoryworkflow->getID() == $workflow->getID())
+							echo " selected=\"selected\"";
+						print ">". htmlspecialchars($workflow->getName())."</option>";
+					}
 ?>
         </select>
+<?php
+				}
+?>
       </td>
     </tr>
 		<tr>	
diff --git a/views/bootstrap/class.UpdateDocument.php b/views/bootstrap/class.UpdateDocument.php
index 537e44a07..913d87102 100644
--- a/views/bootstrap/class.UpdateDocument.php
+++ b/views/bootstrap/class.UpdateDocument.php
@@ -274,19 +274,30 @@ function checkForm()
 			<div class="cbSelectTitle"><?php printMLText("workflow");?>:</div>
       </td>
       <td>
-        <select class="_chzn-select-deselect span9" name="workflow" data-placeholder="<?php printMLText('select_workflow'); ?>">
 <?php
 				$mandatoryworkflow = $user->getMandatoryWorkflow();
-				$workflows=$dms->getAllWorkflows();
-				print "<option value=\"\">"."</option>";
-				foreach ($workflows as $workflow) {
-					print "<option value=\"".$workflow->getID()."\"";
-					if($mandatoryworkflow && $mandatoryworkflow->getID() == $workflow->getID())
-						echo " selected=\"selected\"";
-					print ">". htmlspecialchars($workflow->getName())."</option>";
-				}
+				if($mandatoryworkflow) {
+?>
+				<?php echo $mandatoryworkflow->getName(); ?>
+				<input type="hidden" name="workflow" value="<?php echo $mandatoryworkflow->getID(); ?>">
+<?php
+				} else {
+?>
+        <select class="_chzn-select-deselect span9" name="workflow" data-placeholder="<?php printMLText('select_workflow'); ?>">
+<?php
+					$workflows=$dms->getAllWorkflows();
+					print "<option value=\"\">"."</option>";
+					foreach ($workflows as $workflow) {
+						print "<option value=\"".$workflow->getID()."\"";
+						if($mandatoryworkflow && $mandatoryworkflow->getID() == $workflow->getID())
+							echo " selected=\"selected\"";
+						print ">". htmlspecialchars($workflow->getName())."</option>";
+					}
 ?>
         </select>
+<?php
+				}
+?>
       </td>
     </tr>
 		<tr>	

From 68e1d995b174641f7d54b9b37fd56ee11c469333 Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Wed, 7 Aug 2013 08:55:36 +0200
Subject: [PATCH 2/3] fix setting password when simple password strength is set

no matter what password strength algorthm was set, the advanced
algorithm was used.
---
 op/op.UsrMgr.php | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/op/op.UsrMgr.php b/op/op.UsrMgr.php
index e05d01aad..52ebacadf 100644
--- a/op/op.UsrMgr.php
+++ b/op/op.UsrMgr.php
@@ -202,9 +202,12 @@ else if ($action == "edituser") {
 		if($settings->_passwordStrength) {
 			$ps = new Password_Strength();
 			$ps->set_password($_POST["pwd"]);
-			$ps->calculate();
+			if($settings->_passwordStrengthAlgorithm == 'simple')
+				$ps->simple_calculate();
+			else
+				$ps->calculate();
 			$score = $ps->get_score();
-			if($score > $settings->_passwordStrength) {
+			if($score >= $settings->_passwordStrength) {
 				$editedUser->setPwd(md5($pwd));
 				$editedUser->setPwdExpiration($pwdexpiration);
 			} else {

From 67e676349de9f87589e66add75f81c17c40844f4 Mon Sep 17 00:00:00 2001
From: Uwe Steinmann <steinm@debian.org>
Date: Wed, 7 Aug 2013 08:57:32 +0200
Subject: [PATCH 3/3] more entries for 4.3.0

---
 CHANGELOG | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/CHANGELOG b/CHANGELOG
index c7845affc..785fc9273 100644
--- a/CHANGELOG
+++ b/CHANGELOG
@@ -28,6 +28,10 @@
 - set encoding of terms when adding document to full text index (Bug #66)
 - droped support for myisam database engine
 - add support for connecting to ldap servers without anonymous bind
+- if user has a mandatory workflow, don't him/her set a workflow on
+  insert/update of a document
+- fixed calculation of password strength when simple password strength
+  is set and user data is saved (Bug #69)
 
 --------------------------------------------------------------------------------
                      Changes in version 4.2.2