From a71e71e0b9b0b3eea0f72f72a4cbb9b858caecd4 Mon Sep 17 00:00:00 2001
From: "florian.azizian" <florian.azizian@maarch.org>
Date: Tue, 19 Mar 2019 12:43:23 +0100
Subject: [PATCH] FIX #9899 hasRightByResId in mass
---
modules/notes/notes.php | 362 +++++++++---------
rest/index.php | 2 +-
.../AcknowledgementReceiptController.php | 54 +--
.../PreProcessActionController.php | 5 +-
.../controllers/AttachmentController.php | 8 +-
.../controllers/ReconciliationController.php | 7 +-
src/app/email/controllers/EmailController.php | 4 +-
.../controllers/ListInstanceController.php | 10 +-
src/app/note/controllers/NoteController.php | 10 +-
.../resource/controllers/ResController.php | 23 +-
.../controllers/SignatureBookController.php | 8 +-
src/app/user/controllers/UserController.php | 2 +-
...cknowledgement-receipt-action.component.ts | 2 +-
13 files changed, 242 insertions(+), 255 deletions(-)
diff --git a/modules/notes/notes.php b/modules/notes/notes.php
index 7696681bcb9..9e358220143 100755
--- a/modules/notes/notes.php
+++ b/modules/notes/notes.php
@@ -22,7 +22,7 @@ require_once "modules" . DIRECTORY_SEPARATOR . "notes" . DIRECTORY_SEPARATOR
$core_tools = new core_tools();
$request = new request();
-$list = new lists();
+$list = new lists();
$notes_tools = new notes();
$identifier = '';
@@ -30,7 +30,9 @@ $origin = '';
$parameters = '';
//Collection ID
-if(isset($_REQUEST['coll_id']) && !empty($_REQUEST['coll_id'])) $parameters = "&coll_id=".$_REQUEST['coll_id'];
+if (isset($_REQUEST['coll_id']) && !empty($_REQUEST['coll_id'])) {
+ $parameters = "&coll_id=".$_REQUEST['coll_id'];
+}
//Identifier
if (isset($_REQUEST['identifier']) && !empty($_REQUEST['identifier'])) {
@@ -46,63 +48,73 @@ if (isset($_REQUEST['origin']) && !empty($_REQUEST['origin'])) {
}
if (empty($origin) || $origin != 'folder') {
- $right = \Resource\controllers\ResController::hasRightByResId(['resId' => $identifier, 'userId' => $_SESSION['user']['UserId']]);
+ $right = \Resource\controllers\ResController::hasRightByResId(['resId' => [$identifier], 'userId' => $_SESSION['user']['UserId']]);
if (!$right) {
exit(_NO_RIGHT_TXT);
}
}
//Extra parameters
-if (isset($_REQUEST['size']) && !empty($_REQUEST['size'])) $parameters .= '&size='.$_REQUEST['size'];
-if (isset($_REQUEST['order']) && !empty($_REQUEST['order'])) $parameters .= '&order='.$_REQUEST['order'];
-if (isset($_REQUEST['order_field']) && !empty($_REQUEST['order_field'])) $parameters .= '&order_field='.$_REQUEST['order_field'];
-if (isset($_REQUEST['what']) && !empty($_REQUEST['what'])) $parameters .= '&what='.$_REQUEST['what'];
+if (isset($_REQUEST['size']) && !empty($_REQUEST['size'])) {
+ $parameters .= '&size='.$_REQUEST['size'];
+}
+if (isset($_REQUEST['order']) && !empty($_REQUEST['order'])) {
+ $parameters .= '&order='.$_REQUEST['order'];
+}
+if (isset($_REQUEST['order_field']) && !empty($_REQUEST['order_field'])) {
+ $parameters .= '&order_field='.$_REQUEST['order_field'];
+}
+if (isset($_REQUEST['what']) && !empty($_REQUEST['what'])) {
+ $parameters .= '&what='.$_REQUEST['what'];
+}
if (isset($_REQUEST['load'])) {
$core_tools->load_lang();
$core_tools->load_html();
- $core_tools->load_header('', true, false);
-
- ?><body><?php
+ $core_tools->load_header('', true, false); ?>
+
+<body><?php
$core_tools->load_js();
//Load list
if (!empty($identifier) && !empty($origin)) {
-
- $target = $_SESSION['config']['businessappurl']
+ $target = $_SESSION['config']['businessappurl']
.'index.php?module=notes&page=notes&identifier='
.$identifier.'&origin='.$origin.$parameters;
- $listContent = $list->loadList($target);
- echo $listContent;
+ $listContent = $list->loadList($target);
+ echo $listContent;
} else {
echo '<span class="error">'._ERROR_IN_PARAMETERS.'</span>';
- }
- ?><div id="container" style="width:100%;min-height:0px;height:0px;"></div></body></html><?php
+ } ?>
+ <div id="container" style="width:100%;min-height:0px;height:0px;"></div>
+</body>
+
+</html><?php
} else {
- //If size is full change some parameters
- if (isset($_REQUEST['size'])
+ //If size is full change some parameters
+ if (isset($_REQUEST['size'])
&& ($_REQUEST['size'] == "full")
) {
- $sizeUser = "10";
- $sizeText = "40";
- $css = "listing spec";
- $cutString = 150;
- } else if (isset($_REQUEST['size'])
+ $sizeUser = "10";
+ $sizeText = "40";
+ $css = "listing spec";
+ $cutString = 150;
+ } elseif (isset($_REQUEST['size'])
&& ($_REQUEST['size'] == "medium")
) {
- $sizeUser = "15";
- $sizeText = "30";
- $css = "listingsmall";
- $cutString = 100;
- } else {
- $sizeUser = "10";
- $sizeText = "10";
- $css = "listingsmall";
- $cutString = 20;
- }
+ $sizeUser = "15";
+ $sizeText = "30";
+ $css = "listingsmall";
+ $cutString = 100;
+ } else {
+ $sizeUser = "10";
+ $sizeText = "10";
+ $css = "listingsmall";
+ $cutString = 20;
+ }
- //Table or view
+ //Table or view
$select[NOTES_TABLE] = array(); //Notes
$select[USERS_TABLE] = array(); //Users
@@ -111,144 +123,152 @@ if (isset($_REQUEST['load'])) {
array_push($select[USERS_TABLE], "user_id", "lastname || ' ' || firstname as user", "lastname as visibleBy"); //Users
//Where clause
- $where_tab = array();
- //
- $where_tab[] = "identifier = ?";
- $where_tab[] = "type = ?";
- $where_tab[] = "notes.id in (select notes.id from notes left join note_entities on notes.id = note_entities.note_id where item_id IS NULL OR item_id = '".$_SESSION['user']['primaryentity']['id']."' or notes.user_id = '".$_SESSION['user']['UserId']."')";
- $arrayPDO = array($identifier);
- if (empty($origin) || $origin != 'folder') {
- $arrayPDO[] = 'resource';
- } else {
- $arrayPDO[] = 'folder';
- }
+ $where_tab = array();
+ //
+ $where_tab[] = "identifier = ?";
+ $where_tab[] = "type = ?";
+ $where_tab[] = "notes.id in (select notes.id from notes left join note_entities on notes.id = note_entities.note_id where item_id IS NULL OR item_id = '".$_SESSION['user']['primaryentity']['id']."' or notes.user_id = '".$_SESSION['user']['UserId']."')";
+ $arrayPDO = array($identifier);
+ if (empty($origin) || $origin != 'folder') {
+ $arrayPDO[] = 'resource';
+ } else {
+ $arrayPDO[] = 'folder';
+ }
- //Build where
- $where = implode(' and ', $where_tab);
+ //Build where
+ $where = implode(' and ', $where_tab);
- //Order
- $order = $order_field = '';
- $order = $list->getOrder();
- $order_field = $list->getOrderField();
- if (!empty($order_field) && !empty($order))
- $orderstr = "order by ".$order_field." ".$order;
- else {
- $list->setOrder();
- $list->setOrderField('creation_date');
- $orderstr = "order by creation_date desc";
- }
+ //Order
+ $order = $order_field = '';
+ $order = $list->getOrder();
+ $order_field = $list->getOrderField();
+ if (!empty($order_field) && !empty($order)) {
+ $orderstr = "order by ".$order_field." ".$order;
+ } else {
+ $list->setOrder();
+ $list->setOrderField('creation_date');
+ $orderstr = "order by creation_date desc";
+ }
- if (isset($_REQUEST['start']) && !empty($_REQUEST['start'])) {
- $parameters .= '&start='.$_REQUEST['start'];
- $start = $_REQUEST['start'];
- } else {
- $start = $list->getStart();
- $parameters .= '&start='.$start;
- }
+ if (isset($_REQUEST['start']) && !empty($_REQUEST['start'])) {
+ $parameters .= '&start='.$_REQUEST['start'];
+ $start = $_REQUEST['start'];
+ } else {
+ $start = $list->getStart();
+ $parameters .= '&start='.$start;
+ }
- //Request
- $tabNotes=$request->PDOselect(
- $select, $where, $arrayPDO, $orderstr,
- $_SESSION['config']['databasetype'], "default", true, NOTES_TABLE, USERS_TABLE,
- "user_id", true, false, false, $start
+ //Request
+ $tabNotes=$request->PDOselect(
+ $select,
+ $where,
+ $arrayPDO,
+ $orderstr,
+ $_SESSION['config']['databasetype'],
+ "default",
+ true,
+ NOTES_TABLE,
+ USERS_TABLE,
+ "user_id",
+ true,
+ false,
+ false,
+ $start
);
- // $request->show_array($tabNotes);
- for ($indNotes1 = 0; $indNotes1 < count($tabNotes); $indNotes1 ++ ) {
- for ($indNotes2 = 0; $indNotes2 < count($tabNotes[$indNotes1]); $indNotes2 ++) {
- foreach (array_keys($tabNotes[$indNotes1][$indNotes2]) as $value) {
- if ($tabNotes[$indNotes1][$indNotes2][$value] == "id") {
- $tabNotes[$indNotes1][$indNotes2]["id"] = $tabNotes[$indNotes1][$indNotes2]['value'];
- $tabNotes[$indNotes1][$indNotes2]["label"] = 'ID';
- $tabNotes[$indNotes1][$indNotes2]["size"] = 1;
- $tabNotes[$indNotes1][$indNotes2]["label_align"] = "left";
- $tabNotes[$indNotes1][$indNotes2]["align"] = "left";
- $tabNotes[$indNotes1][$indNotes2]["valign"] = "bottom";
- $tabNotes[$indNotes1][$indNotes2]["show"] = false;
- $tabNotes[$indNotes1][$indNotes2]["order"] = "id";
- $indNotes1d = $tabNotes[$indNotes1][$indNotes2]['value'];
- }
- if ($tabNotes[$indNotes1][$indNotes2][$value] == "user_id") {
- $tabNotes[$indNotes1][$indNotes2]["user_id"] = $tabNotes[$indNotes1][$indNotes2]['value'];
- $tabNotes[$indNotes1][$indNotes2]["label"] = _ID;
- $tabNotes[$indNotes1][$indNotes2]["size"] = 5;
- $tabNotes[$indNotes1][$indNotes2]["label_align"] = "left";
- $tabNotes[$indNotes1][$indNotes2]["align"] = "left";
- $tabNotes[$indNotes1][$indNotes2]["valign"] = "bottom";
- $tabNotes[$indNotes1][$indNotes2]["show"] = false;
- $tabNotes[$indNotes1][$indNotes2]["order"] = "user_id";
- }
+ // $request->show_array($tabNotes);
+ for ($indNotes1 = 0; $indNotes1 < count($tabNotes); $indNotes1 ++) {
+ for ($indNotes2 = 0; $indNotes2 < count($tabNotes[$indNotes1]); $indNotes2 ++) {
+ foreach (array_keys($tabNotes[$indNotes1][$indNotes2]) as $value) {
+ if ($tabNotes[$indNotes1][$indNotes2][$value] == "id") {
+ $tabNotes[$indNotes1][$indNotes2]["id"] = $tabNotes[$indNotes1][$indNotes2]['value'];
+ $tabNotes[$indNotes1][$indNotes2]["label"] = 'ID';
+ $tabNotes[$indNotes1][$indNotes2]["size"] = 1;
+ $tabNotes[$indNotes1][$indNotes2]["label_align"] = "left";
+ $tabNotes[$indNotes1][$indNotes2]["align"] = "left";
+ $tabNotes[$indNotes1][$indNotes2]["valign"] = "bottom";
+ $tabNotes[$indNotes1][$indNotes2]["show"] = false;
+ $tabNotes[$indNotes1][$indNotes2]["order"] = "id";
+ $indNotes1d = $tabNotes[$indNotes1][$indNotes2]['value'];
+ }
+ if ($tabNotes[$indNotes1][$indNotes2][$value] == "user_id") {
+ $tabNotes[$indNotes1][$indNotes2]["user_id"] = $tabNotes[$indNotes1][$indNotes2]['value'];
+ $tabNotes[$indNotes1][$indNotes2]["label"] = _ID;
+ $tabNotes[$indNotes1][$indNotes2]["size"] = 5;
+ $tabNotes[$indNotes1][$indNotes2]["label_align"] = "left";
+ $tabNotes[$indNotes1][$indNotes2]["align"] = "left";
+ $tabNotes[$indNotes1][$indNotes2]["valign"] = "bottom";
+ $tabNotes[$indNotes1][$indNotes2]["show"] = false;
+ $tabNotes[$indNotes1][$indNotes2]["order"] = "user_id";
+ }
- if ($tabNotes[$indNotes1][$indNotes2][$value] == "creation_date") {
- $tabNotes[$indNotes1][$indNotes2]["creation_date"] = $tabNotes[$indNotes1][$indNotes2]['value'];
- $tabNotes[$indNotes1][$indNotes2]["value"] = $core_tools->format_date_db($tabNotes[$indNotes1][$indNotes2]['value'], false, '', true);
- $tabNotes[$indNotes1][$indNotes2]["label"] = _DATE;
- $tabNotes[$indNotes1][$indNotes2]["size"] = 10;
- $tabNotes[$indNotes1][$indNotes2]["label_align"] = "left";
- $tabNotes[$indNotes1][$indNotes2]["align"] = "left";
- $tabNotes[$indNotes1][$indNotes2]["valign"] = "bottom";
- $tabNotes[$indNotes1][$indNotes2]["show"] = true;
- $tabNotes[$indNotes1][$indNotes2]["order"] = "creation_date";
- }
- if ($tabNotes[$indNotes1][$indNotes2][$value] == "user") {
- $tabNotes[$indNotes1][$indNotes2]["user"] = $tabNotes[$indNotes1][$indNotes2]['value'];
- $tabNotes[$indNotes1][$indNotes2]["label"] = _USER;
- $tabNotes[$indNotes1][$indNotes2]["size"] = 10;
- $tabNotes[$indNotes1][$indNotes2]["label_align"] = "left";
- $tabNotes[$indNotes1][$indNotes2]["align"] = "left";
- $tabNotes[$indNotes1][$indNotes2]["valign"] = "bottom";
- $tabNotes[$indNotes1][$indNotes2]["show"] = true;
- $tabNotes[$indNotes1][$indNotes2]["order"] = "lastname";
- }
- if ($tabNotes[$indNotes1][$indNotes2][$value] == "note_text") {
- //$tabNotes[$indNotes1][$indNotes2]["note_text"] = $tabNotes[$indNotes1][$indNotes2]['value'];
- $tabNotes[$indNotes1][$indNotes2]["note_text"] = $request->cut_string($request->show_string($tabNotes[$indNotes1][$indNotes2]['value']), $cutString);
- $tabNotes[$indNotes1][$indNotes2]["label"] = _NOTES;
- $tabNotes[$indNotes1][$indNotes2]["size"] = 60;
- $tabNotes[$indNotes1][$indNotes2]["label_align"] = "left";
- $tabNotes[$indNotes1][$indNotes2]["align"] = "left";
- $tabNotes[$indNotes1][$indNotes2]["valign"] = "bottom";
- $tabNotes[$indNotes1][$indNotes2]["show"] = true;
- $tabNotes[$indNotes1][$indNotes2]["order"] = "note_text";
- }
-
- if ($tabNotes[$indNotes1][$indNotes2][$value] == "visibleby") {
+ if ($tabNotes[$indNotes1][$indNotes2][$value] == "creation_date") {
+ $tabNotes[$indNotes1][$indNotes2]["creation_date"] = $tabNotes[$indNotes1][$indNotes2]['value'];
+ $tabNotes[$indNotes1][$indNotes2]["value"] = $core_tools->format_date_db($tabNotes[$indNotes1][$indNotes2]['value'], false, '', true);
+ $tabNotes[$indNotes1][$indNotes2]["label"] = _DATE;
+ $tabNotes[$indNotes1][$indNotes2]["size"] = 10;
+ $tabNotes[$indNotes1][$indNotes2]["label_align"] = "left";
+ $tabNotes[$indNotes1][$indNotes2]["align"] = "left";
+ $tabNotes[$indNotes1][$indNotes2]["valign"] = "bottom";
+ $tabNotes[$indNotes1][$indNotes2]["show"] = true;
+ $tabNotes[$indNotes1][$indNotes2]["order"] = "creation_date";
+ }
+ if ($tabNotes[$indNotes1][$indNotes2][$value] == "user") {
+ $tabNotes[$indNotes1][$indNotes2]["user"] = $tabNotes[$indNotes1][$indNotes2]['value'];
+ $tabNotes[$indNotes1][$indNotes2]["label"] = _USER;
+ $tabNotes[$indNotes1][$indNotes2]["size"] = 10;
+ $tabNotes[$indNotes1][$indNotes2]["label_align"] = "left";
+ $tabNotes[$indNotes1][$indNotes2]["align"] = "left";
+ $tabNotes[$indNotes1][$indNotes2]["valign"] = "bottom";
+ $tabNotes[$indNotes1][$indNotes2]["show"] = true;
+ $tabNotes[$indNotes1][$indNotes2]["order"] = "lastname";
+ }
+ if ($tabNotes[$indNotes1][$indNotes2][$value] == "note_text") {
+ //$tabNotes[$indNotes1][$indNotes2]["note_text"] = $tabNotes[$indNotes1][$indNotes2]['value'];
+ $tabNotes[$indNotes1][$indNotes2]["note_text"] = $request->cut_string($request->show_string($tabNotes[$indNotes1][$indNotes2]['value']), $cutString);
+ $tabNotes[$indNotes1][$indNotes2]["label"] = _NOTES;
+ $tabNotes[$indNotes1][$indNotes2]["size"] = 60;
+ $tabNotes[$indNotes1][$indNotes2]["label_align"] = "left";
+ $tabNotes[$indNotes1][$indNotes2]["align"] = "left";
+ $tabNotes[$indNotes1][$indNotes2]["valign"] = "bottom";
+ $tabNotes[$indNotes1][$indNotes2]["show"] = true;
+ $tabNotes[$indNotes1][$indNotes2]["order"] = "note_text";
+ }
- $noteEntities = $notes_tools->getNotesEntities($indNotes1d);
- $tabEntityLabel = [];
- $tabEntityId = [];
- $allEntities = '';
- $allEntitiesId = '';
+ if ($tabNotes[$indNotes1][$indNotes2][$value] == "visibleby") {
+ $noteEntities = $notes_tools->getNotesEntities($indNotes1d);
+ $tabEntityLabel = [];
+ $tabEntityId = [];
+ $allEntities = '';
+ $allEntitiesId = '';
- foreach ($noteEntities as $value) {
- $tabEntityLabel[] = $value->short_label;
- $tabEntityId[] = $value->entity_id;
- }
+ foreach ($noteEntities as $value) {
+ $tabEntityLabel[] = $value->short_label;
+ $tabEntityId[] = $value->entity_id;
+ }
- if (!empty($tabEntityLabel)) {
- $allEntities = implode(' - ', $tabEntityLabel);
- if(count($tabEntityId) > 3){
- $allEntitiesId = $tabEntityId[0] .'<br/>'.$tabEntityId[1].'<br/>'.$tabEntityId[2].'<br/>...';
- }else{
- $allEntitiesId = implode('<br/>', $tabEntityId);
+ if (!empty($tabEntityLabel)) {
+ $allEntities = implode(' - ', $tabEntityLabel);
+ if (count($tabEntityId) > 3) {
+ $allEntitiesId = $tabEntityId[0] .'<br/>'.$tabEntityId[1].'<br/>'.$tabEntityId[2].'<br/>...';
+ } else {
+ $allEntitiesId = implode('<br/>', $tabEntityId);
+ }
}
-
- }
- $tabNotes[$indNotes1][$indNotes2]['value'] = '<div style="cursor:pointer;text-overflow: ellipsis;clear:both;white-space: nowrap;overflow: hidden;"><i title="'.$allEntities.'" >'.$allEntitiesId.'</i></div>';
- $tabNotes[$indNotes1][$indNotes2]["label"] = _VISIBLEBY;
- $tabNotes[$indNotes1][$indNotes2]["size"] = 10;
- $tabNotes[$indNotes1][$indNotes2]["label_align"] = "left";
- $tabNotes[$indNotes1][$indNotes2]["align"] = "left";
- $tabNotes[$indNotes1][$indNotes2]["valign"] = "bottom";
- $tabNotes[$indNotes1][$indNotes2]["show"] = true;
-
+ $tabNotes[$indNotes1][$indNotes2]['value'] = '<div style="cursor:pointer;text-overflow: ellipsis;clear:both;white-space: nowrap;overflow: hidden;"><i title="'.$allEntities.'" >'.$allEntitiesId.'</i></div>';
+ $tabNotes[$indNotes1][$indNotes2]["label"] = _VISIBLEBY;
+ $tabNotes[$indNotes1][$indNotes2]["size"] = 10;
+ $tabNotes[$indNotes1][$indNotes2]["label_align"] = "left";
+ $tabNotes[$indNotes1][$indNotes2]["align"] = "left";
+ $tabNotes[$indNotes1][$indNotes2]["valign"] = "bottom";
+ $tabNotes[$indNotes1][$indNotes2]["show"] = true;
+ }
}
}
}
- }
- //var_dump($tabNotes);
+
//List
$listKey = 'id'; //Clé de la liste
$paramsTab = array(); //Initialiser le tableau de paramètres
@@ -257,14 +277,14 @@ if (isset($_REQUEST['load'])) {
$paramsTab['bool_bigPageTitle'] = false; //Affichage du titre en grand
$paramsTab['urlParameters'] = 'identifier='.$identifier
."&origin=".$origin.'&display=true'.$parameters; //Parametres d'url supplementaires
- $paramsTab['filters'] = array(); //Filtres
+ $paramsTab['filters'] = array(); //Filtres
$paramsTab['listHeight'] = '100%'; //Hauteur de la liste
$paramsTab['start'] = $start;
- $paramsTab['listCss'] = $css; //CSS
+ $paramsTab['listCss'] = $css; //CSS
$paramsTab['tools'] = array(); //Icones dans la barre d'outils
$add = array(
- "script" => "showNotesForm('".$_SESSION['config']['businessappurl']
+ "script" => "showNotesForm('".$_SESSION['config']['businessappurl']
. "index.php?display=true&module=notes&page=notes_ajax_content"
. "&mode=add&identifier=".$identifier."&origin=".$origin
. $parameters."')",
@@ -272,12 +292,12 @@ if (isset($_REQUEST['load'])) {
"tooltip" => _ADD_NOTE,
"alwaysVisible" => true
);
- array_push($paramsTab['tools'], $add);
+ array_push($paramsTab['tools'], $add);
- //Action icons array
- $paramsTab['actionIcons'] = array();
+ //Action icons array
+ $paramsTab['actionIcons'] = array();
- $read = array(
+ $read = array(
"script" => "showNotesForm('".$_SESSION['config']['businessappurl']
."index.php?display=true&module=notes&page=notes_ajax_content"
."&mode=up&id=@@id@@&identifier=".$identifier."&origin=".$origin
@@ -288,15 +308,11 @@ if (isset($_REQUEST['load'])) {
"tooltip" => _UPDATE.'/'._DELETION,
"disabledRules" => "@@user_id@@ != '".$_SESSION['user']['UserId']."'"
);
- array_push($paramsTab['actionIcons'], $read);
+ array_push($paramsTab['actionIcons'], $read);
- //Output
- $status = 0;
- //$content = $list->showList($tab, $paramsTab, $listKey);
- //var_dump($tabNotes);
- $content = $list->showList($tabNotes, $paramsTab, $listKey);
- //$debug = $list->debug();
-
- echo "{status : " . $status . ", content : '" . addslashes($debug.$content) . "', error : '" . addslashes($error) . "'}";
-}
+ //Output
+ $status = 0;
+ $content = $list->showList($tabNotes, $paramsTab, $listKey);
+ echo "{status : " . $status . ", content : '" . addslashes($debug.$content) . "', error : '" . addslashes($error) . "'}";
+ }
diff --git a/rest/index.php b/rest/index.php
index e5e21cf1069..43840896540 100755
--- a/rest/index.php
+++ b/rest/index.php
@@ -274,7 +274,7 @@ $app->put('/resourcesList/users/{userId}/groups/{groupId}/baskets/{basketId}/exp
$app->post('/resourcesList/users/{userId}/groups/{groupId}/baskets/{basketId}/summarySheets', \Resource\controllers\SummarySheetController::class . ':createList');
$app->put('/resourcesList/users/{userId}/groups/{groupId}/baskets/{basketId}/actions/{actionId}', \Resource\controllers\ResourceListController::class . ':setAction');
$app->get('/resourcesList/exportTemplate', \Resource\controllers\ExportController::class . ':getExportTemplates');
-$app->post('/resourcesList/users/{userId}/groups/{groupId}/baskets/{basketId}/acknowledgementReceipt', \AcknowledgementReceipt\controllers\AcknowledgementReceiptController::class . ':createPaperAcknowledgement');
+$app->post('/acknowledgementReceipt', \AcknowledgementReceipt\controllers\AcknowledgementReceiptController::class . ':createPaperAcknowledgement');
//PreProcess
$app->post('/resourcesList/users/{userId}/groups/{groupId}/baskets/{basketId}/checkAcknowledgementReceipt', \Action\controllers\PreProcessActionController::class . ':checkAcknowledgementReceipt');
$app->get('/resourcesList/users/{userId}/groups/{groupId}/baskets/{basketId}/actions/{actionId}/getRedirect', \Action\controllers\PreProcessActionController::class . ':getRedirectInformations');
diff --git a/src/app/acknowledgementReceipt/controllers/AcknowledgementReceiptController.php b/src/app/acknowledgementReceipt/controllers/AcknowledgementReceiptController.php
index b77eeb91bd7..0b79984bbb8 100644
--- a/src/app/acknowledgementReceipt/controllers/AcknowledgementReceiptController.php
+++ b/src/app/acknowledgementReceipt/controllers/AcknowledgementReceiptController.php
@@ -14,32 +14,23 @@
namespace AcknowledgementReceipt\controllers;
-use Slim\Http\Request;
-use Slim\Http\Response;
-use User\models\UserModel;
-use Resource\models\ResModel;
-use setasign\Fpdi\Tcpdf\Fpdi;
-use Basket\models\BasketModel;
-use Respect\Validation\Validator;
+use AcknowledgementReceipt\models\AcknowledgementReceiptModel;
use Docserver\models\DocserverModel;
+use History\controllers\HistoryController;
use Resource\controllers\ResController;
use Resource\controllers\StoreController;
-use History\controllers\HistoryController;
-use Resource\controllers\ResourceListController;
-use SrcCore\controllers\PreparedClauseController;
-use AcknowledgementReceipt\models\AcknowledgementReceiptModel;
+use Respect\Validation\Validator;
+use setasign\Fpdi\Tcpdf\Fpdi;
+use Slim\Http\Request;
+use Slim\Http\Response;
+use User\models\UserModel;
class AcknowledgementReceiptController
{
- public function createPaperAcknowledgement(Request $request, Response $response, array $aArgs)
+ public function createPaperAcknowledgement(Request $request, Response $response)
{
$currentUser = UserModel::getByLogin(['login' => $GLOBALS['userId'], 'select' => ['id']]);
- $errors = ResourceListController::listControl(['groupId' => $aArgs['groupId'], 'userId' => $aArgs['userId'], 'basketId' => $aArgs['basketId'], 'currentUserId' => $currentUser['id']]);
- if (!empty($errors['errors'])) {
- return $response->withStatus($errors['code'])->withJson(['errors' => $errors['errors']]);
- }
-
$bodyData = $request->getParsedBody();
if (!Validator::arrayType()->notEmpty()->validate($bodyData['resources'])) {
@@ -47,8 +38,6 @@ class AcknowledgementReceiptController
}
$bodyData['resources'] = array_slice($bodyData['resources'], 0, 500);
- $basket = BasketModel::getById(['id' => $aArgs['basketId'], 'select' => ['basket_clause', 'basket_res_order', 'basket_name']]);
- $user = UserModel::getById(['id' => $aArgs['userId'], 'select' => ['user_id']]);
$acknowledgements = AcknowledgementReceiptModel::getByIds([
'select' => ['res_id', 'docserver_id', 'path', 'filename', 'fingerprint', 'send_date', 'format'],
@@ -58,23 +47,10 @@ class AcknowledgementReceiptController
$resourcesInBasket = [];
foreach ($acknowledgements as $acknowledgement) {
- $resourcesInBasket[$acknowledgement['res_id']] = $acknowledgement['res_id'];
+ $resourcesInBasket[] = $acknowledgement['res_id'];
}
- $whereClause = PreparedClauseController::getPreparedClause(['clause' => $basket['basket_clause'], 'login' => $user['user_id']]);
- $rawResourcesInBasket = ResModel::getOnView([
- 'select' => ['res_id'],
- 'where' => [$whereClause, 'res_view_letterbox.res_id in (?)'],
- 'data' => [$resourcesInBasket]
- ]);
-
- $allResourcesInBasket = [];
- foreach ($rawResourcesInBasket as $rawResourceInBasket) {
- $allResourcesInBasket[$rawResourceInBasket['res_id']] = $rawResourceInBasket['res_id'];
- }
-
- $aDiff = array_diff($resourcesInBasket, $allResourcesInBasket);
- if (!empty($aDiff)) {
+ if (!ResController::hasRightByResId(['resId' => $resourcesInBasket, 'userId' => $GLOBALS['userId']])) {
return $response->withStatus(403)->withJson(['errors' => 'Documents out of perimeter']);
}
@@ -119,19 +95,13 @@ class AcknowledgementReceiptController
public function getAcknowledgementReceipt(Request $request, Response $response, array $aArgs)
{
- if (!Validator::intVal()->validate($aArgs['resId']) || !ResController::hasRightByResId(['resId' => $aArgs['resId'], 'userId' => $GLOBALS['userId']])) {
+ if (!Validator::intVal()->validate($aArgs['resId']) || !ResController::hasRightByResId(['resId' => [$aArgs['resId']], 'userId' => $GLOBALS['userId']])) {
return $response->withStatus(403)->withJson(['errors' => 'Document out of perimeter']);
}
- $mainDocument = ResModel::getById(['select' => ['docserver_id', 'path', 'filename', 'fingerprint'], 'resId' => $aArgs['resId']]);
- $extDocument = ResModel::getExtById(['select' => ['category_id', 'alt_identifier'], 'resId' => $aArgs['resId']]);
- if (empty($mainDocument) || empty($extDocument)) {
- return $response->withStatus(400)->withJson(['errors' => 'Document does not exist']);
- }
-
$document = AcknowledgementReceiptModel::getByIds([
'select' => ['docserver_id', 'path', 'filename', 'fingerprint'],
- 'ids' => [$aArgs['id']]
+ 'ids' => [$aArgs['id']]
]);
$docserver = DocserverModel::getByDocserverId(['docserverId' => $document[0]['docserver_id'], 'select' => ['path_template', 'docserver_type_id']]);
diff --git a/src/app/action/controllers/PreProcessActionController.php b/src/app/action/controllers/PreProcessActionController.php
index 0ef14dac6c6..42fae7c5dc8 100644
--- a/src/app/action/controllers/PreProcessActionController.php
+++ b/src/app/action/controllers/PreProcessActionController.php
@@ -63,7 +63,6 @@ class PreProcessActionController
$allEntities = [];
foreach (['ENTITY', 'USERS'] as $mode) {
-
$entityRedirects = GroupBasketRedirectModel::get([
'select' => ['entity_id', 'keyword'],
'where' => ['basket_id = ?', 'group_id = ?', 'action_id = ?', 'redirect_mode = ?'],
@@ -185,7 +184,7 @@ class PreProcessActionController
continue;
}
- if (!ResController::hasRightByResId(['resId' => $resId, 'userId' => $GLOBALS['userId']])) {
+ if (!ResController::hasRightByResId(['resId' => [$resId], 'userId' => $GLOBALS['userId']])) {
$noSendAR['number'] += 1;
$noSendAR['list'][] = ['resId' => $resId, 'alt_identifier' => $ext['alt_identifier'], 'info' => _DOCUMENT_OUT_PERIMETER ];
continue;
@@ -331,7 +330,7 @@ class PreProcessActionController
public function isDestinationChanging(Request $request, Response $response, array $args)
{
- if (!ResController::hasRightByResId(['resId' => $args['resId'], 'userId' => $GLOBALS['userId']])) {
+ if (!ResController::hasRightByResId(['resId' => [$args['resId']], 'userId' => $GLOBALS['userId']])) {
return $response->withStatus(403)->withJson(['errors' => 'Document out of perimeter']);
}
diff --git a/src/app/attachment/controllers/AttachmentController.php b/src/app/attachment/controllers/AttachmentController.php
index 3828ab96b9e..6056b8fcbcf 100755
--- a/src/app/attachment/controllers/AttachmentController.php
+++ b/src/app/attachment/controllers/AttachmentController.php
@@ -69,7 +69,7 @@ class AttachmentController
public function getAttachmentsListById(Request $request, Response $response, array $aArgs)
{
- if (!Validator::intVal()->validate($aArgs['resId']) || !ResController::hasRightByResId(['resId' => $aArgs['resId'], 'userId' => $GLOBALS['userId']])) {
+ if (!Validator::intVal()->validate($aArgs['resId']) || !ResController::hasRightByResId(['resId' => [$aArgs['resId']], 'userId' => $GLOBALS['userId']])) {
return $response->withStatus(403)->withJson(['errors' => 'Document out of perimeter']);
}
@@ -100,7 +100,7 @@ class AttachmentController
public function getThumbnailContent(Request $request, Response $response, array $aArgs)
{
- if (!Validator::intVal()->validate($aArgs['resId']) || !Validator::intVal()->validate($aArgs['resIdMaster']) || !ResController::hasRightByResId(['resId' => $aArgs['resIdMaster'], 'userId' => $GLOBALS['userId']])) {
+ if (!Validator::intVal()->validate($aArgs['resId']) || !Validator::intVal()->validate($aArgs['resIdMaster']) || !ResController::hasRightByResId(['resId' => [$aArgs['resIdMaster']], 'userId' => $GLOBALS['userId']])) {
return $response->withStatus(403)->withJson(['errors' => 'Document out of perimeter']);
}
@@ -169,7 +169,7 @@ class AttachmentController
public function getFileContent(Request $request, Response $response, array $aArgs)
{
- if (!Validator::intVal()->validate($aArgs['resIdMaster']) || !ResController::hasRightByResId(['resId' => $aArgs['resIdMaster'], 'userId' => $GLOBALS['userId']])) {
+ if (!Validator::intVal()->validate($aArgs['resIdMaster']) || !ResController::hasRightByResId(['resId' => [$aArgs['resIdMaster']], 'userId' => $GLOBALS['userId']])) {
return $response->withStatus(403)->withJson(['errors' => 'Document out of perimeter']);
}
@@ -495,7 +495,7 @@ class AttachmentController
public static function isMailingAttach(array $aArgs)
{
- if (!Validator::intVal()->validate($aArgs['resIdMaster']) || !ResController::hasRightByResId(['resId' => $aArgs['resIdMaster'], 'userId' => $aArgs['userId']])) {
+ if (!Validator::intVal()->validate($aArgs['resIdMaster']) || !ResController::hasRightByResId(['resId' => [$aArgs['resIdMaster']], 'userId' => $aArgs['userId']])) {
return ['errors' => 'Document out of perimeter'];
}
diff --git a/src/app/attachment/controllers/ReconciliationController.php b/src/app/attachment/controllers/ReconciliationController.php
index bd58f3622e1..31314bb9a3e 100755
--- a/src/app/attachment/controllers/ReconciliationController.php
+++ b/src/app/attachment/controllers/ReconciliationController.php
@@ -53,7 +53,7 @@ class ReconciliationController
'orderBy' => ['res_id DESC']
])[0];
- if (!Validator::intVal()->validate($info['res_id_master']) || !ResController::hasRightByResId(['resId' => $info['res_id_master'], 'userId' => $GLOBALS['userId']])) {
+ if (!Validator::intVal()->validate($info['res_id_master']) || !ResController::hasRightByResId(['resId' => [$info['res_id_master']], 'userId' => $GLOBALS['userId']])) {
return ['errors' => 'Document out of perimeter'];
}
@@ -181,15 +181,14 @@ class ReconciliationController
'orderBy' => ['res_id DESC']
])[0];
- if (!Validator::intVal()->validate($attachment['res_id_master']) || !ResController::hasRightByResId(['resId' => $attachment['res_id_master'], 'userId' => $GLOBALS['userId']])) {
+ if (!Validator::intVal()->validate($attachment['res_id_master']) || !ResController::hasRightByResId(['resId' => [$attachment['res_id_master']], 'userId' => $GLOBALS['userId']])) {
return $response->withStatus(403)->withJson(['errors' => 'Document out of perimeter']);
}
if ($attachment == false) {
return $response->withStatus(500)->withJson(['errors' => '[ReconciliationController checkAttachment] ' . _NO_ATTACHMENT_CHRONO]);
- }else{
+ } else {
return $response->withJson(array('result' => 'OK'));
}
-
}
}
diff --git a/src/app/email/controllers/EmailController.php b/src/app/email/controllers/EmailController.php
index 7584aa4f3db..9a4a1b1d98e 100644
--- a/src/app/email/controllers/EmailController.php
+++ b/src/app/email/controllers/EmailController.php
@@ -111,7 +111,7 @@ class EmailController
$emailArray = EmailModel::getById(['id' => $args['id']]);
$document = (array)json_decode($emailArray['document']);
- if (!ResController::hasRightByResId(['resId' => $document['id'], 'userId' => $GLOBALS['userId']])) {
+ if (!ResController::hasRightByResId(['resId' => [$document['id']], 'userId' => $GLOBALS['userId']])) {
return ['errors' => 'Document out of perimeter', 'code' => 403];
}
@@ -379,7 +379,7 @@ class EmailController
if (!$check) {
return ['errors' => 'Data document errors', 'code' => 400];
}
- if (!ResController::hasRightByResId(['resId' => $args['data']['document']['id'], 'userId' => $args['login']])) {
+ if (!ResController::hasRightByResId(['resId' => [$args['data']['document']['id']], 'userId' => $args['login']])) {
return ['errors' => 'Document out of perimeter', 'code' => 403];
}
if (!empty($args['data']['document']['attachments'])) {
diff --git a/src/app/entity/controllers/ListInstanceController.php b/src/app/entity/controllers/ListInstanceController.php
index ff1adb6c520..4c512161fe1 100755
--- a/src/app/entity/controllers/ListInstanceController.php
+++ b/src/app/entity/controllers/ListInstanceController.php
@@ -39,7 +39,7 @@ class ListInstanceController
public function getByResId(Request $request, Response $response, array $args)
{
- if (!Validator::intVal()->validate($args['resId']) || !ResController::hasRightByResId(['resId' => $args['resId'], 'userId' => $GLOBALS['userId']])) {
+ if (!Validator::intVal()->validate($args['resId']) || !ResController::hasRightByResId(['resId' => [$args['resId']], 'userId' => $GLOBALS['userId']])) {
return $response->withStatus(403)->withJson(['errors' => 'Document out of perimeter']);
}
@@ -59,7 +59,7 @@ class ListInstanceController
public function getVisaCircuitByResId(Request $request, Response $response, array $aArgs)
{
- if (!Validator::intVal()->validate($aArgs['resId']) || !ResController::hasRightByResId(['resId' => $aArgs['resId'], 'userId' => $GLOBALS['userId']])) {
+ if (!Validator::intVal()->validate($aArgs['resId']) || !ResController::hasRightByResId(['resId' => [$aArgs['resId']], 'userId' => $GLOBALS['userId']])) {
return $response->withStatus(403)->withJson(['errors' => 'Document out of perimeter']);
}
$listinstances = ListInstanceModel::getVisaCircuitByResId(['select' => ['listinstance_id', 'sequence', 'item_id', 'item_type', 'firstname as item_firstname', 'lastname as item_lastname', 'entity_label as item_entity', 'viewed', 'process_date', 'process_comment', 'signatory', 'requested_signature'], 'id' => $aArgs['resId']]);
@@ -69,7 +69,7 @@ class ListInstanceController
public function getAvisCircuitByResId(Request $request, Response $response, array $aArgs)
{
- if (!Validator::intVal()->validate($aArgs['resId']) || !ResController::hasRightByResId(['resId' => $aArgs['resId'], 'userId' => $GLOBALS['userId']])) {
+ if (!Validator::intVal()->validate($aArgs['resId']) || !ResController::hasRightByResId(['resId' => [$aArgs['resId']], 'userId' => $GLOBALS['userId']])) {
return $response->withStatus(403)->withJson(['errors' => 'Document out of perimeter']);
}
$listinstances = ListInstanceModel::getAvisCircuitByResId(['select' => ['listinstance_id', 'sequence', 'item_id', 'item_type', 'firstname as item_firstname', 'lastname as item_lastname', 'entity_label as item_entity', 'viewed', 'process_date', 'process_comment'], 'id' => $aArgs['resId']]);
@@ -108,7 +108,7 @@ class ListInstanceController
return ['errors' => 'resId is empty', 'code' => 400];
}
- if (!Validator::intVal()->validate($ListInstanceByRes['resId']) || !ResController::hasRightByResId(['resId' => $ListInstanceByRes['resId'], 'userId' => $GLOBALS['userId']])) {
+ if (!Validator::intVal()->validate($ListInstanceByRes['resId']) || !ResController::hasRightByResId(['resId' => [$ListInstanceByRes['resId']], 'userId' => $GLOBALS['userId']])) {
DatabaseModel::rollbackTransaction();
return ['errors' => 'Document out of perimeter', 'code' => 403];
}
@@ -129,7 +129,7 @@ class ListInstanceController
foreach ($ListInstanceByRes['listInstances'] as $instance) {
$listControl = ['res_id', 'item_id', 'item_type', 'item_mode', 'difflist_type'];
- foreach($listControl as $itemControl){
+ foreach ($listControl as $itemControl) {
if (empty($instance[$itemControl])) {
return ['errors' => $itemControl . ' are empty', 'code' => 400];
}
diff --git a/src/app/note/controllers/NoteController.php b/src/app/note/controllers/NoteController.php
index b96e5a8e395..9a760e8a5e0 100755
--- a/src/app/note/controllers/NoteController.php
+++ b/src/app/note/controllers/NoteController.php
@@ -38,14 +38,14 @@ class NoteController
return $response->withStatus(400)->withJson(['errors' => 'resId is empty or not an integer']);
}
- if (!ResController::hasRightByResId(['resId' => $aArgs['resId'], 'userId' => $GLOBALS['userId']])) {
+ if (!ResController::hasRightByResId(['resId' => [$aArgs['resId']], 'userId' => $GLOBALS['userId']])) {
return $response->withStatus(403)->withJson(['errors' => 'Document out of perimeter']);
}
$user = UserModel::getByLogin(['select' => ['id'], 'login' => $GLOBALS['userId']]);
$aNotes = NoteModel::getByUserIdForResource(['select' => ['*'], 'resId' => $aArgs['resId'], 'userId' => $user['id']]);
- foreach($aNotes as $key => $aNote) {
+ foreach ($aNotes as $key => $aNote) {
$aUser = UserModel::getByLogin(['select' => ['firstname', 'lastname'], 'login' => $aNote['user_id']]);
$primaryEntity = UserModel::getPrimaryEntityByUserId(['userId' => $aNote['user_id']]);
$aNotes[$key]['firstname'] = $aUser['firstname'];
@@ -65,7 +65,7 @@ class NoteController
return $response->withStatus(400)->withJson(['errors' => 'Data note_text is empty or not a string']);
}
- if (!ResController::hasRightByResId(['resId' => $aArgs['resId'], 'userId' => $GLOBALS['userId']])) {
+ if (!ResController::hasRightByResId(['resId' => [$aArgs['resId']], 'userId' => $GLOBALS['userId']])) {
return $response->withStatus(403)->withJson(['errors' => 'Document out of perimeter']);
}
@@ -78,7 +78,7 @@ class NoteController
return $response->withStatus(400)->withJson(['errors' => 'Bad Request entities chosen']);
}
- $entity = entitymodel::getByEntityId(['select' => ['id'], 'entityId' => $entityId]);
+ $entity = Entitymodel::getByEntityId(['select' => ['id'], 'entityId' => $entityId]);
if (empty($entity['id'])) {
return $response->withStatus(400)->withJson(['errors' => 'Bad Request entities chosen']);
}
@@ -140,7 +140,7 @@ class NoteController
$query = $request->getQueryParams();
if (!empty($query['resId']) && is_numeric($query['resId'])) {
- if (!ResController::hasRightByResId(['resId' => $query['resId'], 'userId' => $GLOBALS['userId']])) {
+ if (!ResController::hasRightByResId(['resId' => [$query['resId']], 'userId' => $GLOBALS['userId']])) {
return $response->withStatus(403)->withJson(['errors' => 'Document out of perimeter']);
}
diff --git a/src/app/resource/controllers/ResController.php b/src/app/resource/controllers/ResController.php
index e64c15e184a..e1a550e9b7e 100755
--- a/src/app/resource/controllers/ResController.php
+++ b/src/app/resource/controllers/ResController.php
@@ -207,7 +207,7 @@ class ResController
if (empty($document)) {
return $response->withStatus(400)->withJson(['errors' => _DOCUMENT_NOT_FOUND]);
}
- if (!ResController::hasRightByResId(['resId' => $document['res_id'], 'userId' => $GLOBALS['userId']])) {
+ if (!ResController::hasRightByResId(['resId' => [$document['res_id']], 'userId' => $GLOBALS['userId']])) {
return $response->withStatus(403)->withJson(['errors' => 'Document out of perimeter']);
}
@@ -228,7 +228,7 @@ class ResController
public function getFileContent(Request $request, Response $response, array $aArgs)
{
- if (!Validator::intVal()->validate($aArgs['resId']) || !ResController::hasRightByResId(['resId' => $aArgs['resId'], 'userId' => $GLOBALS['userId']])) {
+ if (!Validator::intVal()->validate($aArgs['resId']) || !ResController::hasRightByResId(['resId' => [$aArgs['resId']], 'userId' => $GLOBALS['userId']])) {
return $response->withStatus(403)->withJson(['errors' => 'Document out of perimeter']);
}
@@ -397,7 +397,7 @@ class ResController
}
$pathToThumbnail = 'apps/maarch_entreprise/img/noThumbnail.png';
- if (ResController::hasRightByResId(['resId' => $aArgs['resId'], 'userId' => $GLOBALS['userId']])) {
+ if (ResController::hasRightByResId(['resId' => [$aArgs['resId']], 'userId' => $GLOBALS['userId']])) {
$tnlAdr = AdrModel::getTypedDocumentAdrByResId([
'select' => ['docserver_id', 'path', 'filename'],
'resId' => $aArgs['resId'],
@@ -483,7 +483,7 @@ class ResController
if (empty($document)) {
return $response->withStatus(400)->withJson(['errors' => _DOCUMENT_NOT_FOUND]);
}
- if (!ResController::hasRightByResId(['resId' => $document['res_id'], 'userId' => $GLOBALS['userId']])) {
+ if (!ResController::hasRightByResId(['resId' => [$document['res_id']], 'userId' => $GLOBALS['userId']])) {
return $response->withStatus(403)->withJson(['errors' => 'Document out of perimeter']);
}
ResModel::update(['set' => ['external_id' => $mail['external_id'] , 'external_link' => $mail['external_link'], 'status' => $data['status']], 'where' => ['res_id = ?'], 'data' => [$document['res_id']]]);
@@ -581,7 +581,10 @@ class ResController
{
ValidatorModel::notEmpty($aArgs, ['resId', 'userId']);
ValidatorModel::stringType($aArgs, ['userId']);
- ValidatorModel::intVal($aArgs, ['resId']);
+ ValidatorModel::arrayType($aArgs, ['resId']);
+
+ $aArgs['resId'] = array_unique($aArgs['resId']);
+ $nbResId = count($aArgs['resId']);
if ($aArgs['userId'] == 'superadmin') {
return true;
@@ -599,8 +602,8 @@ class ResController
}
if (!empty($groupsClause)) {
- $res = ResModel::getOnView(['select' => [1], 'where' => ['res_id = ?', "({$groupsClause})"], 'data' => [$aArgs['resId']]]);
- if (!empty($res)) {
+ $res = ResModel::getOnView(['select' => [1], 'where' => ['res_id in (?)', "({$groupsClause})"], 'data' => [$aArgs['resId']]]);
+ if (!empty($res) && count($res) == $nbResId) {
return true;
}
}
@@ -631,8 +634,8 @@ class ResController
if (!empty($basketsClause)) {
try {
- $res = ResModel::getOnView(['select' => [1], 'where' => ['res_id = ?', "({$basketsClause})"], 'data' => [$aArgs['resId']]]);
- if (!empty($res)) {
+ $res = ResModel::getOnView(['select' => [1], 'where' => ['res_id in (?)', "({$basketsClause})"], 'data' => [$aArgs['resId']]]);
+ if (!empty($res) && count($res) == $nbResId) {
return true;
}
} catch (\Exception $e) {
@@ -714,7 +717,7 @@ class ResController
public function isAllowedForCurrentUser(Request $request, Response $response, array $aArgs)
{
- if (!Validator::intVal()->validate($aArgs['resId']) || !ResController::hasRightByResId(['resId' => $aArgs['resId'], 'userId' => $GLOBALS['userId']])) {
+ if (!Validator::intVal()->validate($aArgs['resId']) || !ResController::hasRightByResId(['resId' => [$aArgs['resId']], 'userId' => $GLOBALS['userId']])) {
return $response->withJson(['isAllowed' => false]);
}
diff --git a/src/app/signatureBook/controllers/SignatureBookController.php b/src/app/signatureBook/controllers/SignatureBookController.php
index 88eac7ff256..0ac004d02c0 100755
--- a/src/app/signatureBook/controllers/SignatureBookController.php
+++ b/src/app/signatureBook/controllers/SignatureBookController.php
@@ -43,7 +43,7 @@ class SignatureBookController
{
$resId = $aArgs['resId'];
- if (!ResController::hasRightByResId(['resId' => $resId, 'userId' => $GLOBALS['userId']])) {
+ if (!ResController::hasRightByResId(['resId' => [$resId], 'userId' => $GLOBALS['userId']])) {
return $response->withStatus(403)->withJson(['errors' => 'Document out of perimeter']);
}
@@ -124,7 +124,7 @@ class SignatureBookController
return $response->withStatus(400)->withJson(['errors' => 'Bad Request']);
}
- if (!ResController::hasRightByResId(['resId' => $aArgs['resId'], 'userId' => $GLOBALS['userId']])) {
+ if (!ResController::hasRightByResId(['resId' => [$aArgs['resId']], 'userId' => $GLOBALS['userId']])) {
return $response->withStatus(403)->withJson(['errors' => 'Document out of perimeter']);
}
@@ -146,7 +146,7 @@ class SignatureBookController
public function getIncomingMailAndAttachmentsById(Request $request, Response $response, array $aArgs)
{
- if (!ResController::hasRightByResId(['resId' => $aArgs['resId'], 'userId' => $GLOBALS['userId']])) {
+ if (!ResController::hasRightByResId(['resId' => [$aArgs['resId']], 'userId' => $GLOBALS['userId']])) {
return $response->withStatus(403)->withJson(['errors' => 'Document out of perimeter']);
}
@@ -155,7 +155,7 @@ class SignatureBookController
public function getAttachmentsById(Request $request, Response $response, array $aArgs)
{
- if (!ResController::hasRightByResId(['resId' => $aArgs['resId'], 'userId' => $GLOBALS['userId']])) {
+ if (!ResController::hasRightByResId(['resId' => [$aArgs['resId']], 'userId' => $GLOBALS['userId']])) {
return $response->withStatus(403)->withJson(['errors' => 'Document out of perimeter']);
}
diff --git a/src/app/user/controllers/UserController.php b/src/app/user/controllers/UserController.php
index c6360946c9a..001104ce093 100755
--- a/src/app/user/controllers/UserController.php
+++ b/src/app/user/controllers/UserController.php
@@ -260,7 +260,7 @@ class UserController
$listInstanceResIds = [];
$listInstances = ListInstanceModel::getWhenOpenMailsByLogin(['select' => ['listinstance.res_id', 'res_letterbox.destination'], 'login' => $user['user_id'], 'itemMode' => 'dest']);
foreach ($listInstances as $listInstance) {
- if (!ResController::hasRightByResId(['resId' => $listInstance['res_id'], 'userId' => $GLOBALS['userId']])) {
+ if (!ResController::hasRightByResId(['resId' => [$listInstance['res_id']], 'userId' => $GLOBALS['userId']])) {
$isListInstanceDeletable = false;
}
$listInstanceResIds[] = $listInstance['res_id'];
diff --git a/src/frontend/app/actions/create-acknowledgement-receipt-action/create-acknowledgement-receipt-action.component.ts b/src/frontend/app/actions/create-acknowledgement-receipt-action/create-acknowledgement-receipt-action.component.ts
index 13045decf1a..504b49e3a93 100644
--- a/src/frontend/app/actions/create-acknowledgement-receipt-action/create-acknowledgement-receipt-action.component.ts
+++ b/src/frontend/app/actions/create-acknowledgement-receipt-action/create-acknowledgement-receipt-action.component.ts
@@ -63,7 +63,7 @@ export class CreateAcknowledgementReceiptActionComponent implements OnInit {
downloadAcknowledgementReceipt(data : any) {
this.loadingExport = true;
- this.http.post('../../rest/resourcesList/users/' + this.data.currentBasketInfo.ownerId + '/groups/' + this.data.currentBasketInfo.groupId + '/baskets/' + this.data.currentBasketInfo.basketId + '/acknowledgementReceipt', { 'resources' : data }, { responseType: "blob" })
+ this.http.post('../../rest/acknowledgementReceipt', { 'resources' : data }, { responseType: "blob" })
.subscribe((data) => {
let downloadLink = document.createElement('a');
downloadLink.href = window.URL.createObjectURL(data);
--
GitLab