$dms, 'user'=>$user)); $accessop = new SeedDMS_AccessOperation($dms, $user, $settings); /* Check if the form data comes from a trusted request */ if(!checkFormKey('approvedocument')) { UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_request_token"))),getMLText("invalid_request_token")); } if (!isset($_POST["documentid"]) || !is_numeric($_POST["documentid"]) || intval($_POST["documentid"])<1) { UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id")); } $documentid = $_POST["documentid"]; $document = $dms->getDocument($documentid); if (!is_object($document)) { UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id")); } if ($document->getAccessMode($user) < M_READ) { UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied")); } $folder = $document->getFolder(); if (!isset($_POST["version"]) || !is_numeric($_POST["version"]) || intval($_POST["version"])<1) { UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_version")); } $version = $_POST["version"]; $content = $document->getContentByVersion($version); if (!is_object($content)) { UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_version")); } // operation is only allowed for the last document version $latestContent = $document->getLatestContent(); if ($latestContent->getVersion()!=$version) { UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_version")); } // verify if document may be approved if (!$accessop->mayApprove($document)){ UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied")); } if (!isset($_POST["approvalStatus"]) || !is_numeric($_POST["approvalStatus"]) || (intval($_POST["approvalStatus"])!=1 && intval($_POST["approvalStatus"])!=-1)) { UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_approval_status")); } if($_FILES["approvalfile"]["tmp_name"]) { if (is_uploaded_file($_FILES["approvalfile"]["tmp_name"]) && $_FILES['approvalfile']['error']!=0){ UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("uploading_failed")); } } $controller->setParam('comment', $_POST['comment']); $controller->setParam('type', $_POST['approvalType']); $controller->setParam('status', $_POST['approvalStatus']); $controller->setParam('content', $latestContent); $controller->setParam('file', !empty($_FILES["approvalfile"]["tmp_name"]) ? $_FILES["approvalfile"]["tmp_name"] : ''); $controller->setParam('group', !empty($_POST['approvalGroup']) ? $dms->getGroup($_POST['approvalGroup']) : null); if(!$controller()) { $err = $controller->getErrorMsg(); if(is_string($err)) $errmsg = getMLText($err); elseif(is_array($err)) { $errmsg = getMLText($err[0], $err[1]); } else { $errmsg = $err; } UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),$errmsg); } else { if($notifier) { $approvelog = $latestContent->getApproveLog(); $notifier->sendSubmittedApprovalMail($latestContent, $user, $approvelog ? $approvelog[0] : false); if($controller->oldstatus != $controller->newstatus) $notifier->sendChangedDocumentStatusMail($latestContent, $user, $controller->oldstatus); } } add_log_line("?documentid=".$documentid."&version=".$version."&approvalType=".$_POST['approvalType']."&approvalStatus=".$_POST['approvalStatus']); header("Location:../out/out.ViewDocument.php?documentid=".$documentid."¤ttab=revapp");