$dms, 'user'=>$user)); $accessop = new SeedDMS_AccessOperation($dms, $user, $settings); /* Check if the form data comes from a trusted request */ if(!checkFormKey('reviewdocument')) { UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_request_token"))),getMLText("invalid_request_token")); } if (!isset($_POST["documentid"]) || !is_numeric($_POST["documentid"]) || intval($_POST["documentid"])<1) { UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id")); } $documentid = $_POST["documentid"]; $document = $dms->getDocument($documentid); if (!is_object($document)) { UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id")); } // verify if document may be reviewed if (!$accessop->mayReview($document)){ UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied")); } $folder = $document->getFolder(); if (!isset($_POST["version"]) || !is_numeric($_POST["version"]) || intval($_POST["version"])<1) { UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_version")); } $version = $_POST["version"]; $content = $document->getContentByVersion($version); if (!is_object($content)) { UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_version")); } // operation is only allowed for the last document version $latestContent = $document->getLatestContent(); if ($latestContent->getVersion()!=$version) { UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_version")); } $olddocstatus = $content->getStatus(); if (!isset($_POST["reviewStatus"]) || !is_numeric($_POST["reviewStatus"]) || (intval($_POST["reviewStatus"])!=1 && intval($_POST["reviewStatus"])!=-1)) { UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_review_status")); } if($_FILES["reviewfile"]["tmp_name"]) { if (is_uploaded_file($_FILES["reviewfile"]["tmp_name"]) && $_FILES['reviewfile']['error']!=0){ UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("uploading_failed")); } } $controller->setParam('document', $document); $controller->setParam('content', $content); $controller->setParam('reviewstatus', $_POST["reviewStatus"]); $controller->setParam('reviewtype', $_POST["reviewType"]); if ($_POST["reviewType"] == "grp") { $group = $dms->getGroup($_POST['reviewGroup']); } else { $group = null; } if($_FILES["reviewfile"]["tmp_name"]) $file = $_FILES["reviewfile"]["tmp_name"]; else $file = ''; $controller->setParam('group', $group); $controller->setParam('comment', $_POST["comment"]); $controller->setParam('file', $file); if(!$controller->run()) { UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText($controller->getErrorMsg())); } if ($_POST["reviewType"] == "ind" || $_POST["reviewType"] == "grp") { if($notifier) { $reviewlog = $latestContent->getReviewLog(); $notifier->sendSubmittedReviewMail($latestContent, $user, $reviewlog ? $reviewlog[0] : false); } } /* Send notification about status change only if status has actually changed */ $newdocstatus = $content->getStatus(); if($olddocstatus['status'] != $newdocstatus['status']) { // Send notification to subscribers. if($notifier) { $nl=$document->getNotifyList(); $subject = "document_status_changed_email_subject"; $message = "document_status_changed_email_body"; $params = array(); $params['name'] = $document->getName(); $params['folder_path'] = $folder->getFolderPathPlain(); $params['status'] = getOverallStatusText($olddocstatus['status']).' → '.getReviewStatusText($newdocstatus['status']); $params['new_status_code'] = $newdocstatus['status']; $params['old_status_code'] = $olddocstatus['status']; $params['username'] = $user->getFullName(); $params['url'] = getBaseUrl().$settings->_httpRoot."out/out.ViewDocument.php?documentid=".$document->getID(); $params['sitename'] = $settings->_siteName; $params['http_root'] = $settings->_httpRoot; $notifier->toList($user, $nl["users"], $subject, $message, $params, SeedDMS_NotificationService::RECV_NOTIFICATION); foreach ($nl["groups"] as $grp) { $notifier->toGroup($user, $grp, $subject, $message, $params, SeedDMS_NotificationService::RECV_NOTIFICATION); } // $notifier->toIndividual($user, $content->getUser(), $subject, $message, $params, SeedDMS_NotificationService::RECV_OWNER); } } // Notify approvers, if necessary. if ($newdocstatus['status'] == S_DRAFT_APP) { $requestUser = $document->getOwner(); if($notifier) { if($docApprovalStatus = $content->getApprovalStatus()) { $subject = "approval_request_email_subject"; $message = "approval_request_email_body"; $params = array(); $params['name'] = $document->getName(); $params['folder_path'] = $folder->getFolderPathPlain(); $params['version'] = $version; $params['username'] = $user->getFullName(); $params['sitename'] = $settings->_siteName; $params['http_root'] = $settings->_httpRoot; $params['url'] = getBaseUrl().$settings->_httpRoot."out/out.ViewDocument.php?documentid=".$document->getID()."¤ttab=revapp"; foreach ($docApprovalStatus as $dastat) { if ($dastat["status"] == 0) { if ($dastat["type"] == 0) { $approver = $dms->getUser($dastat["required"]); $notifier->toIndividual($document->getOwner(), $approver, $subject, $message, $params, SeedDMS_NotificationService::RECV_APPROVER); } elseif ($dastat["type"] == 1) { $group = $dms->getGroup($dastat["required"]); $notifier->toGroup($document->getOwner(), $group, $subject, $message, $params, SeedDMS_NotificationService::RECV_APPROVER); } } } } } } header("Location:../out/out.ViewDocument.php?documentid=".$documentid."¤ttab=revapp"); ?>