getMLText("invalid_doc_id"))),getMLText("invalid_doc_id")); } $documentid = $_POST["documentid"]; $document = $dms->getDocument($documentid); if (!is_object($document)) { UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id")); } if ($document->getAccessMode($user) < M_READ) { UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied")); } if (!isset($_POST["version"]) || !is_numeric($_POST["version"]) || intval($_POST["version"])<1) { UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_version")); } $version = $_POST["version"]; $content = $document->getContentByVersion($version); if (!is_object($content)) { UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_version")); } // operation is admitted only for last deocument version $latestContent = $document->getLatestContent(); if ($latestContent->getVersion()!=$version) { UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_version")); } // verify if document has expired if ($document->hasExpired()){ UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied")); } if (!isset($_POST["reviewStatus"]) || !is_numeric($_POST["reviewStatus"]) || (intval($_POST["reviewStatus"])!=1 && intval($_POST["reviewStatus"])!=-1)) { UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("invalid_review_status")); } // retrieve the review status for the current user. $reviewStatus = $user->getReviewStatus($documentid, $version); if (count($reviewStatus["indstatus"]) == 0 && count($reviewStatus["grpstatus"]) == 0) { UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied")); } if ($_POST["reviewType"] == "ind") { $indReviewer = true; if (count($reviewStatus["indstatus"])==0) { UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied")); } if ($reviewStatus["indstatus"][0]["status"]==-2) { UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied")); } // User is eligible to make this update. $comment = sanitizeString($_POST["comment"]); $queryStr = "INSERT INTO `tblDocumentReviewLog` (`reviewID`, `status`, `comment`, `date`, `userID`) ". "VALUES ('". $reviewStatus["indstatus"][0]["reviewID"] ."', '". $_POST["reviewStatus"] ."', '". $comment ."', NOW(), '". $user->getID() ."')"; $res=$db->getResult($queryStr); if (is_bool($res) && !res) { UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("review_update_failed")); } else { // Send an email notification to the document updater. $subject = $settings->_siteName.": ".$document->getName().", v.".$version." - ".getMLText("review_submit_email"); $message = getMLText("review_submit_email")."\r\n"; $message .= getMLText("name").": ".$document->getName()."\r\n". getMLText("version").": ".$version."\r\n". getMLText("user").": ".$user->getFullName()." <". $user->getEmail() .">\r\n". getMLText("status").": ".getReviewStatusText($_POST["reviewStatus"])."\r\n". getMLText("comment").": ".$comment."\r\n". "URL: http".((isset($_SERVER['HTTPS']) && (strcmp($_SERVER['HTTPS'],'off')!=0)) ? "s" : "")."://".$_SERVER['HTTP_HOST'].$settings->_httpRoot."out/out.ViewDocument.php?documentid=".$documentid."\r\n"; $subject=mydmsDecodeString($subject); $message=mydmsDecodeString($message); LetoDMS_Email::toIndividual($user, $content->getUser(), $subject, $message); // Send notification to subscribers. $nl=$document->getNotifyList(); LetoDMS_Email::toList($user, $nl["users"], $subject, $message); foreach ($nl["groups"] as $grp) { LetoDMS_Email::toGroup($user, $grp, $subject, $message); } } } else if ($_POST["reviewType"] == "grp") { $grpReviewer=false; foreach ($reviewStatus["grpstatus"] as $gs) { if ($_POST["reviewGroup"] == $gs["required"]) { if ($gs["status"]==-2) { UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied")); } $grpStatus=$gs; $grpReviewer=true; break; } } if (!$grpReviewer) { UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("access_denied")); } // User is eligible to make this update. $comment = sanitizeString($_POST["comment"]); $queryStr = "INSERT INTO `tblDocumentReviewLog` (`reviewID`, `status`, `comment`, `date`, `userID`) ". "VALUES ('". $grpStatus["reviewID"] ."', '". $_POST["reviewStatus"] ."', '". $comment ."', NOW(), '". $user->getID() ."')"; $res=$db->getResult($queryStr); if (is_bool($res) && !res) { UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("review_update_failed")); } else { // Send an email notification to the document updater. $grp = $dms->getGroup($grpStatus["required"]); $subject = $settings->_siteName.": ".$document->getName().", v.".$version." - ".getMLText("review_submit_email"); $message = getMLText("review_submit_email")."\r\n"; $message .= getMLText("name").": ".$document->getName()."\r\n". getMLText("user").": ".$user->getFullName()." <". $user->getEmail() .">\r\n". getMLText("version").": ".$version."\r\n". getMLText("status").": ".getReviewStatusText($_POST["reviewStatus"])."\r\n". getMLText("comment").": ".$comment."\r\n". "URL: http".((isset($_SERVER['HTTPS']) && (strcmp($_SERVER['HTTPS'],'off')!=0)) ? "s" : "")."://".$_SERVER['HTTP_HOST'].$settings->_httpRoot."out/out.ViewDocument.php?documentid=".$documentid."\r\n"; $subject=mydmsDecodeString($subject); $message=mydmsDecodeString($message); LetoDMS_Email::toIndividual($user, $content->getUser(), $subject, $message); // Send notification to subscribers. $nl=$document->getNotifyList(); LetoDMS_Email::toList($user, $nl["users"], $subject, $message); foreach ($nl["groups"] as $grp) { LetoDMS_Email::toGroup($user, $grp, $subject, $message); } } } // // Check to see if the overall status for the document version needs to be // updated. // if ($_POST["reviewStatus"]==-1){ $content->setStatus(S_REJECTED,$comment,$user); }else{ $docReviewStatus = $content->getReviewStatus(true); if (is_bool($docReviewStatus) && !$docReviewStatus) { UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("cannot_retrieve_review_snapshot")); } $reviewCT = 0; $reviewTotal = 0; foreach ($docReviewStatus as $drstat) { if ($drstat["status"] == 1) { $reviewCT++; } if ($drstat["status"] != -2) { $reviewTotal++; } } // If all reviews have been received and there are no rejections, retrieve a // count of the approvals required for this document. if ($reviewCT == $reviewTotal) { $docApprovalStatus = $content->getApprovalStatus(true); if (is_bool($docApprovalStatus) && !$docApprovalStatus) { UI::exitError(getMLText("document_title", array("documentname" => $document->getName())),getMLText("cannot_retrieve_approval_snapshot")); } $approvalCT = 0; $approvalTotal = 0; foreach ($docApprovalStatus as $dastat) { if ($dastat["status"] == 1) { $approvalCT++; } if ($dastat["status"] != -2) { $approvalTotal++; } } // If the approvals received is less than the approvals total, then // change status to pending approval. if ($approvalCT<$approvalTotal) { $newStatus=1; } else { // Otherwise, change the status to released. $newStatus=2; } if ($content->setStatus($newStatus, getMLText("automatic_status_update"), $user)) { // Notify approvers, if necessary. if ($newStatus == S_DRAFT_APP) { $requestUser = $document->getOwner(); $subject = $settings->_siteName.": ".$document->getName().", v.".$version." - ".getMLText("approval_request_email"); $message = getMLText("approval_request_email")."\r\n"; $message .= getMLText("name").": ".$content->getOriginalFileName()."\r\n". getMLText("version").": ".$version."\r\n". getMLText("comment").": ".$content->getComment()."\r\n". "URL: http".((isset($_SERVER['HTTPS']) && (strcmp($_SERVER['HTTPS'],'off')!=0)) ? "s" : "")."://".$_SERVER['HTTP_HOST'].$settings->_httpRoot."out/out.ViewDocument.php?documentid=".$documentid."&version=".$version."\r\n"; $subject=mydmsDecodeString($subject); $message=mydmsDecodeString($message); foreach ($docApprovalStatus as $dastat) { if ($dastat["status"] == 0) { if ($dastat["type"] == 0) { $approver = $dms->getUser($dastat["required"]); LetoDMS_Email::toIndividual($document->getOwner(), $approver, $subject, $message); } else if ($dastat["type"] == 1) { $group = $dms->getGroup($dastat["required"]); LetoDMS_Email::toGroup($document->getOwner(), $group, $subject, $message); } } } } } } } header("Location:../out/out.ViewDocument.php?documentid=".$documentid); ?>