getMLText("invalid_doc_id"))),getMLText("invalid_doc_id")); } $document = $dms->getDocument($_GET["documentid"]); if (!is_object($document)) { UI::exitError(getMLText("document_title", array("documentname" => getMLText("invalid_doc_id"))),getMLText("invalid_doc_id")); } $folder = $document->getFolder(); /* Create object for checking access to certain operations */ $accessop = new SeedDMS_AccessOperation($dms, $document, $user, $settings); if ($document->getAccessMode($user) < M_READ) { UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("access_denied")); } if (!isset($_GET["version"]) || !is_numeric($_GET["version"]) || intval($_GET["version"])<1) { UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("invalid_version")); } $version = $_GET["version"]; $content = $document->getContentByVersion($version); if (!is_object($content)) { UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("invalid_version")); } // operation is admitted only for last document version $latestContent = $document->getLatestContent(); if ($latestContent->getVersion()!=$version) { UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("invalid_version")); } // verify if document may be approved if (!$accessop->mayApprove()){ UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("access_denied")); } $approvals = $latestContent->getApprovalStatus(); if(!$approvals) { UI::exitError(getMLText("document_title", array("documentname" => htmlspecialchars($document->getName()))),getMLText("no_action")); } $tmp = explode('.', basename($_SERVER['SCRIPT_FILENAME'])); $view = UI::factory($theme, $tmp[1], array('dms'=>$dms, 'user'=>$user)); if($view) { $view->setParam('folder', $folder); $view->setParam('document', $document); $view->setParam('accessobject', $accessop); $view($_GET); exit; }