Verified Commit 50485636 authored by Alexis Ragot's avatar Alexis Ragot
Browse files

fix bug with the possibility to make some archive actions on communicable archives

parent 69e534df
......@@ -609,8 +609,17 @@ class archive
$currentOrganization = \laabs::getToken("ORGANIZATION");
//$userOrgList = [];
$positionController = null;
$positionController = \laabs::newController('organization/userPosition');
$descandantServices = $positionController->readDescandantService($currentOrganization->orgId);
$descandantRegNumber = [];
$descandantRegNumber[] = $currentOrganization->registrationNumber;
foreach ($descandantServices as $descandantService) {
$descandantRegNumber[] = $descandantService;
}
if (!$currentOrganization) {
return false;
......@@ -620,7 +629,7 @@ class archive
return true;
}
if (($archive->originatorOrgRegNumber != $currentOrganization->registrationNumber) && ($archive->archiverOrgRegNumber != $currentOrganization->registrationNumber)) {
if (!in_array($archive->originatorOrgRegNumber, $descandantRegNumber) && ($archive->archiverOrgRegNumber != $currentOrganization->registrationNumber)) {
throw \laabs::newException('recordsManagement/accessDeniedException', "Permission denied");
}
......
......@@ -138,6 +138,7 @@ class archive
}
$orgController = \laabs::newController('organization/organization');
$archiveController = \laabs::newController('recordsManagement/archive');
$orgsByRegNumber = $orgController->orgList();
$currentDate = \laabs::newDate();
......@@ -155,6 +156,12 @@ class archive
if (isset($orgsByRegNumber[$archive->originatorOrgRegNumber])) {
$archive->originatorOrgName = $orgsByRegNumber[$archive->originatorOrgRegNumber]->displayName;
try {
$archive->hasRights = $archiveController->checkRights($archive);
} catch(\Exception $e) {
$archive->hasRights = false;
}
}
}
......
......@@ -30,6 +30,7 @@
<?merge archive ?>
<tr id="[?merge .archiveId ?]" name="[?merge .archiveName ?]" class="[?merge .disposable.bool().then('danger') ?]">
<td>
<?merge .hasRights.bool() ?>
<input type="checkbox"
data-archive-status="[?merge .status ?]"
data-final-disposition='[?merge .finalDisposition ?]'
......@@ -47,6 +48,7 @@
<div class="btn-group pull-right">
<!--button type="button" class="btn btn-success btn-sm requestDelivery" id="requestCom" data-archiveid='[?merge .archiveId?]' title="Request of communication"><span class="fa fa-cloud-upload">&nbsp;</span></button-->
<button type="button" class="btn btn-success btn-sm viewArchive" title="Info"><span class="fa fa-info-circle">&nbsp;</span></button>
<?merge .hasRights.bool().not() @disabled ?>
<button class="btn btn-warning btn-sm dropdown-toggle" type="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
<i class="fa fa-edit">&nbsp;</i>&nbsp;
<span class="caret"></span>
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment