Commit af4236c3 authored by Guillaume Heurtier's avatar Guillaume Heurtier

FIX #11691 TIME 0:10 fixed delete attachments

parent 3ce68a4b
......@@ -452,37 +452,31 @@ class AttachmentController
return $response->withStatus(400)->withJson(['errors' => 'Route id must be an integer val']);
}
$attachment = AttachmentModel::getById(['id' => $args['id'], 'select' => ['origin_id', 'res_id_master', 'attachment_type', 'res_id', 'title', 'typist']]);
if (empty($attachment)) {
$attachment = AttachmentModel::getById(['id' => $args['id'], 'select' => ['origin_id', 'res_id_master', 'attachment_type', 'res_id', 'title', 'typist', 'status']]);
if (empty($attachment) || $attachment['status'] == 'DEL') {
return $response->withStatus(400)->withJson(['errors' => 'Attachment not found']);
}
$user = UserModel::getById(['id' => $GLOBALS['id']]);
if ($user['user_id'] != $attachment['typist']
&& !PrivilegeController::hasPrivilege(['privilegeId' => 'manage_attachments', 'userId' => $GLOBALS['id']])) {
return $response->withStatus(403)->withJson(['errors' => 'Document out of perimeter2']);
return $response->withStatus(403)->withJson(['errors' => 'Document out of perimeter']);
}
if (!ResController::hasRightByResId(['resId' => [$attachment['res_id_master']], 'userId' => $GLOBALS['id']])) {
return $response->withStatus(403)->withJson(['errors' => 'Document out of perimeter']);
}
if ($attachment['attachment_type'] == 'signed_response') {
AttachmentModel::delete([
'where' => ['res_id = ?'],
'data' => [$attachment['res_id']]
]);
if (empty($attachment['origin_id'])) {
$idToDelete = $attachment['res_id'];
} else {
if (empty($attachment['origin_id'])) {
$idToDelete = $attachment['res_id'];
} else {
$idToDelete = $attachment['origin_id'];
}
AttachmentModel::delete([
'where' => ['res_id = ? or origin_id = ?'],
'data' => [$idToDelete, $idToDelete]
]);
$idToDelete = $attachment['origin_id'];
}
AttachmentModel::delete([
'where' => ['res_id = ? or origin_id = ?'],
'data' => [$idToDelete, $idToDelete]
]);
HistoryController::add([
'tableName' => 'res_attachments',
'recordId' => $args['id'],
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment