FIX #12070 TIME 0:15 Destination and initiator are integer in webservice

ebbc506d · Damien · 7b7db495 · ebbc506d · ebbc506d
Verified Commit ebbc506d authored 5 years ago by Damien
--- a/src/app/resource/controllers/ResController.php
+++ b/src/app/resource/controllers/ResController.php
@@ -781,7 +781,7 @@ class ResController
            if (!empty($body['initiator'])) {
                $userEntities = UserModel::getEntitiesByLogin(['login' => $GLOBALS['userId']]);
-                $userEntities = array_column($userEntities, 'entity_id');
+                $userEntities = array_column($userEntities, 'id');
                if (!in_array($body['initiator'], $userEntities)) {
                    return ['errors' => "Body initiator does not belong to your entities"];
                }
@@ -1011,16 +1011,15 @@ class ResController
                $allowedEntities = array_unique($allowedEntities);
            }
-            $preparedClause = '';
            if (!empty($clauseToProcess)) {
                $preparedClause = PreparedClauseController::getPreparedClause(['clause' => $clauseToProcess, 'login' => $GLOBALS['userId']]);
-            }
+                $preparedEntities = EntityModel::get(['select' => ['id'], 'where' => ['enabled = ?', "entity_id in {$preparedClause}"], 'data' => ['Y']]);
-            if (!empty($allowedEntities)) {
+                $preparedEntities = array_column($preparedEntities, 'id');
-                $preparedEntities = EntityModel::get(['select' => ['entity_id'], 'where' => ['enabled = ?', 'id in (?)'], 'data' => ['Y', $allowedEntities]]);
+                $allowedEntities = array_merge($allowedEntities, $preparedEntities);
-                $allowedEntities = array_column($preparedEntities, 'entity_id');
+                $allowedEntities = array_unique($allowedEntities);
            }
-            if (!in_array($body['destination'], $allowedEntities) && strpos($preparedClause, $body['destination']) === false) {
+            if (!in_array($body['destination'], $allowedEntities)) {
                return ['errors' => "Body destination is out of your indexing parameters"];
            }
        }

--- a/src/app/resource/controllers/StoreController.php
+++ b/src/app/resource/controllers/StoreController.php
@@ -17,6 +17,7 @@ namespace Resource\controllers;
 use Attachment\models\AttachmentModel;
 use Docserver\controllers\DocserverController;
+use Entity\models\EntityModel;
 use IndexingModel\models\IndexingModelModel;
 use Resource\models\ChronoModel;
 use SrcCore\models\DatabaseModel;
@@ -125,6 +126,15 @@ class StoreController
            $chrono = ChronoModel::getChrono(['id' => $indexingModel['category'], 'entityId' => $args['destination'], 'typeId' => $args['doctype'], 'resId' => $args['resId']]);
        }
+        if (!empty($args['initiator'])) {
+            $entity = EntityModel::getById(['id' => $args['initiator'], 'select' => ['entity_id']]);
+            $args['initiator'] = $entity['entity_id'];
+        }
+        if (!empty($args['destination'])) {
+            $entity = EntityModel::getById(['id' => $args['destination'], 'select' => ['entity_id']]);
+            $args['destination'] = $entity['entity_id'];
+        }
        if (!empty($args['processLimitDate']) && !empty($args['priority'])) {
            $args['priority'] = IndexingController::calculatePriorityWithProcessLimitDate(['processLimitDate' => $args['processLimitDate']]);
        }