From ddf7d674f8d36759af058197f36fdbddf7a0253f Mon Sep 17 00:00:00 2001
From: Damien <damien.burel@maarch.org>
Date: Wed, 5 Feb 2020 12:13:57 +0100
Subject: [PATCH] FEAT #12091 TIME 1:10 Fix list template circuit if not enough
privileges
---
rest/index.php | 1 -
.../controllers/ConvertPdfController.php | 8 +-
.../controllers/ListTemplateController.php | 83 ++++++-------------
.../resource/controllers/ResController.php | 3 +-
.../app/visa/visa-workflow.component.ts | 2 +
5 files changed, 32 insertions(+), 65 deletions(-)
diff --git a/rest/index.php b/rest/index.php
index 6d317d4f734..d7cdfab3ad1 100755
--- a/rest/index.php
+++ b/rest/index.php
@@ -295,7 +295,6 @@ $app->get('/listTemplates/{id}', \Entity\controllers\ListTemplateController::cla
$app->put('/listTemplates/{id}', \Entity\controllers\ListTemplateController::class . ':update');
$app->delete('/listTemplates/{id}', \Entity\controllers\ListTemplateController::class . ':delete');
$app->get('/listTemplates/entities/{entityId}', \Entity\controllers\ListTemplateController::class . ':getByEntityId');
-$app->get('/listTemplates/entities/{entityId}/maarchParapheur', \Entity\controllers\ListTemplateController::class . ':getByEntityIdWithMaarchParapheur');
$app->put('/listTemplates/entityDest/itemId/{itemId}', \Entity\controllers\ListTemplateController::class . ':updateByUserWithEntityDest');
$app->get('/listTemplates/types/{typeId}/roles', \Entity\controllers\ListTemplateController::class . ':getTypeRoles');
$app->put('/listTemplates/types/{typeId}/roles', \Entity\controllers\ListTemplateController::class . ':updateTypeRoles');
diff --git a/src/app/convert/controllers/ConvertPdfController.php b/src/app/convert/controllers/ConvertPdfController.php
index ace73a6407f..304ac739ab4 100755
--- a/src/app/convert/controllers/ConvertPdfController.php
+++ b/src/app/convert/controllers/ConvertPdfController.php
@@ -191,10 +191,10 @@ class ConvertPdfController
$convertedDocument = $convertedDocument[0] ?? null;
} else {
$convertedDocument = AdrModel::getConvertedDocumentById([
- 'select' => ['docserver_id','path', 'filename', 'fingerprint'],
- 'resId' => $args['resId'],
- 'collId' => 'attachment',
- 'type' => 'PDF'
+ 'select' => ['docserver_id','path', 'filename', 'fingerprint'],
+ 'resId' => $args['resId'],
+ 'collId' => 'attachment',
+ 'type' => 'PDF'
]);
}
diff --git a/src/app/entity/controllers/ListTemplateController.php b/src/app/entity/controllers/ListTemplateController.php
index 34019d74a9f..52e838ba503 100755
--- a/src/app/entity/controllers/ListTemplateController.php
+++ b/src/app/entity/controllers/ListTemplateController.php
@@ -138,7 +138,7 @@ class ListTemplateController
}
}
- $control = ListTemplateController::controlItems(['items' => $body['items']]);
+ $control = ListTemplateController::controlItems(['items' => $body['items'], 'type' => $body['type']]);
if (!empty($control['errors'])) {
return $response->withStatus(400)->withJson(['errors' => $control['errors']]);
}
@@ -204,7 +204,7 @@ class ListTemplateController
}
}
- $control = ListTemplateController::controlItems(['items' => $body['items']]);
+ $control = ListTemplateController::controlItems(['items' => $body['items'], 'type' => $listTemplate['type']]);
if (!empty($control['errors'])) {
return $response->withStatus(400)->withJson(['errors' => $control['errors']]);
}
@@ -307,10 +307,21 @@ class ListTemplateController
}
}
+ $itemsRemoved = false;
$listTemplates = ListTemplateModel::get(['select' => ['*'], 'where' => $where, 'data' => $data]);
foreach ($listTemplates as $key => $listTemplate) {
$listTemplateItems = ListTemplateItemModel::get(['select' => ['*'], 'where' => ['list_template_id = ?'], 'data' => [$listTemplate['id']]]);
foreach ($listTemplateItems as $itemKey => $value) {
+ if ($listTemplate['type'] == 'visaCircuit' && !PrivilegeController::hasPrivilege(['privilegeId' => 'visa_documents', 'userId' => $value['item_id']]) && !PrivilegeController::hasPrivilege(['privilegeId' => 'sign_document', 'userId' => $value['item_id']])) {
+ unset($listTemplateItems[$itemKey]);
+ $itemsRemoved = true;
+ continue;
+ } elseif ($listTemplate['type'] == 'opinionCircuit' && !PrivilegeController::hasPrivilege(['privilegeId' => 'avis_documents', 'userId' => $value['item_id']])) {
+ unset($listTemplateItems[$itemKey]);
+ $itemsRemoved = true;
+ continue;
+ }
+
if ($value['item_type'] == 'entity') {
$listTemplateItems[$itemKey]['labelToDisplay'] = Entitymodel::getById(['id' => $value['item_id'], 'select' => ['entity_label']])['entity_label'];
$listTemplateItems[$itemKey]['descriptionToDisplay'] = '';
@@ -342,63 +353,13 @@ class ListTemplateController
}
}
}
-
}
}
$listTemplates[$key]['items'] = $listTemplateItems;
}
- return $response->withJson(['listTemplates' => $listTemplates]);
- }
-
- public function getByEntityIdWithMaarchParapheur(Request $request, Response $response, array $args)
- {
- $entity = EntityModel::getById(['select' => ['entity_id'], 'id' => $args['entityId']]);
- if (empty($entity)) {
- return $response->withStatus(400)->withJson(['errors' => 'Entity does not exist']);
- }
-
- $queryParams = $request->getQueryParams();
-
- $listTemplates = ListTemplateModel::get(['select' => ['*'], 'where' => ['entity_id = ?'], 'data' => [$args['entityId']]]);
-
- foreach ($listTemplates as $key => $value) {
- if ($value['item_type'] == 'entity_id') {
- $listTemplates[$key]['labelToDisplay'] = Entitymodel::getByEntityId(['entityId' => $value['item_id'], 'select' => ['entity_label']])['entity_label'];
- $listTemplates[$key]['descriptionToDisplay'] = '';
- } else {
- $listTemplates[$key]['labelToDisplay'] = UserModel::getLabelledUserById(['login' => $value['item_id']]);
- $listTemplates[$key]['descriptionToDisplay'] = UserModel::getPrimaryEntityByUserId(['userId' => $value['item_id']])['entity_label'];
-
- $userInfos = UserModel::getByLowerLogin(['login' => $value['item_id'], 'select' => ['external_id']]);
- $listTemplates[$key]['externalId'] = json_decode($userInfos['external_id'], true);
- if (!empty($listTemplates[$key]['externalId']['maarchParapheur'])) {
- $loadedXml = CoreConfigModel::getXmlLoaded(['path' => 'modules/visa/xml/remoteSignatoryBooks.xml']);
- if ($loadedXml->signatoryBookEnabled == 'maarchParapheur') {
- foreach ($loadedXml->signatoryBook as $signatoryBook) {
- if ($signatoryBook->id == "maarchParapheur") {
- $url = $signatoryBook->url;
- $userId = $signatoryBook->userId;
- $password = $signatoryBook->password;
- break;
- }
- }
- $curlResponse = CurlModel::execSimple([
- 'url' => rtrim($url, '/') . '/rest/users/'.$listTemplates[$key]['externalId']['maarchParapheur'],
- 'basicAuth' => ['user' => $userId, 'password' => $password],
- 'headers' => ['content-type:application/json'],
- 'method' => 'GET'
- ]);
- if (empty($curlResponse['response']['user'])) {
- unset($listTemplates[$key]['externalId']['maarchParapheur']);
- }
- }
- }
- }
- }
-
- return $response->withJson(['listTemplate' => $listTemplates]);
+ return $response->withJson(['listTemplates' => $listTemplates, 'itemsRemoved' => $itemsRemoved]);
}
public function updateByUserWithEntityDest(Request $request, Response $response, array $args)
@@ -650,8 +611,9 @@ class ListTemplateController
private static function controlItems(array $args)
{
- ValidatorModel::notEmpty($args, ['items']);
+ ValidatorModel::notEmpty($args, ['items', 'type']);
ValidatorModel::arrayType($args, ['items']);
+ ValidatorModel::stringType($args, ['type']);
$destFound = false;
foreach ($args['items'] as $item) {
@@ -660,18 +622,21 @@ class ListTemplateController
}
if (empty($item['id'])) {
return ['errors' => 'id is empty'];
- }
- if (empty($item['type'])) {
+ } elseif (empty($item['type'])) {
return ['errors' => 'type is empty'];
- }
- if (empty($item['mode'])) {
+ } elseif (empty($item['mode'])) {
return ['errors' => 'mode is empty'];
}
if ($item['item_mode'] == 'dest') {
$destFound = true;
}
+ if ($args['type'] == 'visaCircuit' && !PrivilegeController::hasPrivilege(['privilegeId' => 'visa_documents', 'userId' => $item['id']]) && !PrivilegeController::hasPrivilege(['privilegeId' => 'sign_document', 'userId' => $item['id']])) {
+ return ['errors' => 'item has not enough privileges'];
+ } elseif ($args['type'] == 'opinionCircuit' && !PrivilegeController::hasPrivilege(['privilegeId' => 'avis_documents', 'userId' => $item['id']])) {
+ return ['errors' => 'item has not enough privileges'];
+ }
}
- return ['success' => 'success'];
+ return true;
}
}
diff --git a/src/app/resource/controllers/ResController.php b/src/app/resource/controllers/ResController.php
index 0de9ba3d385..5bfbf653bb0 100755
--- a/src/app/resource/controllers/ResController.php
+++ b/src/app/resource/controllers/ResController.php
@@ -450,7 +450,8 @@ class ResController extends ResourceControlController
$convertedDocuments = AdrModel::getDocuments([
'select' => ['type', 'version'],
'where' => ['res_id = ?', 'type in (?)'],
- 'data' => [$args['resId'], ['PDF', 'SIGN', 'NOTE']]
+ 'data' => [$args['resId'], ['PDF', 'SIGN', 'NOTE']],
+ 'orderBy' => ['versions ASC']
]);
if (empty($convertedDocuments)) {
return $response->withJson(['PDF' => $pdfVersions, 'SIGN' => $signedVersions, 'NOTE' => $noteVersions]);
diff --git a/src/frontend/app/visa/visa-workflow.component.ts b/src/frontend/app/visa/visa-workflow.component.ts
index 518dd736d66..a27d4bd13f6 100644
--- a/src/frontend/app/visa/visa-workflow.component.ts
+++ b/src/frontend/app/visa/visa-workflow.component.ts
@@ -38,6 +38,7 @@ export class VisaWorkflowComponent implements OnInit {
filteredPrivateModels: Observable<string[]>;
loading: boolean = false;
+ itemsRemoved: boolean = false;
visaModelListNotLoaded: boolean = true;
data: any;
@@ -95,6 +96,7 @@ export class VisaWorkflowComponent implements OnInit {
}
});
this.loading = false;
+ this.itemsRemoved = data.itemsRemoved;
}
this.visaWorkflow.items.forEach((element: any, key: number) => {
if (!this.functions.empty(element['externalId'])) {
--
GitLab