Skip to content
Snippets Groups Projects
Commit af4236c3 authored by Guillaume Heurtier's avatar Guillaume Heurtier
Browse files

FIX #11691 TIME 0:10 fixed delete attachments

parent 3ce68a4b
No related branches found
No related tags found
No related merge requests found
Hide whitespace changes
Inline Side-by-side
src/app/attachment/controllers/AttachmentController.php
+ 11
17
View file @ af4236c3
...@@ -452,37 +452,31 @@ class AttachmentController ...@@ -452,37 +452,31 @@ class AttachmentController
return $response->withStatus(400)->withJson(['errors' => 'Route id must be an integer val']); return $response->withStatus(400)->withJson(['errors' => 'Route id must be an integer val']);
} }
$attachment = AttachmentModel::getById(['id' => $args['id'], 'select' => ['origin_id', 'res_id_master', 'attachment_type', 'res_id', 'title', 'typist']]); $attachment = AttachmentModel::getById(['id' => $args['id'], 'select' => ['origin_id', 'res_id_master', 'attachment_type', 'res_id', 'title', 'typist', 'status']]);
if (empty($attachment)) { if (empty($attachment) || $attachment['status'] == 'DEL') {
return $response->withStatus(400)->withJson(['errors' => 'Attachment not found']); return $response->withStatus(400)->withJson(['errors' => 'Attachment not found']);
} }
$user = UserModel::getById(['id' => $GLOBALS['id']]); $user = UserModel::getById(['id' => $GLOBALS['id']]);
if ($user['user_id'] != $attachment['typist'] if ($user['user_id'] != $attachment['typist']
&& !PrivilegeController::hasPrivilege(['privilegeId' => 'manage_attachments', 'userId' => $GLOBALS['id']])) { && !PrivilegeController::hasPrivilege(['privilegeId' => 'manage_attachments', 'userId' => $GLOBALS['id']])) {
return $response->withStatus(403)->withJson(['errors' => 'Document out of perimeter2']); return $response->withStatus(403)->withJson(['errors' => 'Document out of perimeter']);
} }
if (!ResController::hasRightByResId(['resId' => [$attachment['res_id_master']], 'userId' => $GLOBALS['id']])) { if (!ResController::hasRightByResId(['resId' => [$attachment['res_id_master']], 'userId' => $GLOBALS['id']])) {
return $response->withStatus(403)->withJson(['errors' => 'Document out of perimeter']); return $response->withStatus(403)->withJson(['errors' => 'Document out of perimeter']);
} }
if ($attachment['attachment_type'] == 'signed_response') { if (empty($attachment['origin_id'])) {
AttachmentModel::delete([ $idToDelete = $attachment['res_id'];
'where' => ['res_id = ?'],
'data' => [$attachment['res_id']]
]);
} else { } else {
if (empty($attachment['origin_id'])) { $idToDelete = $attachment['origin_id'];
$idToDelete = $attachment['res_id'];
} else {
$idToDelete = $attachment['origin_id'];
}
AttachmentModel::delete([
'where' => ['res_id = ? or origin_id = ?'],
'data' => [$idToDelete, $idToDelete]
]);
} }
AttachmentModel::delete([
'where' => ['res_id = ? or origin_id = ?'],
'data' => [$idToDelete, $idToDelete]
]);
HistoryController::add([ HistoryController::add([
'tableName' => 'res_attachments', 'tableName' => 'res_attachments',
'recordId' => $args['id'], 'recordId' => $args['id'],
......
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment