Commit 6e48ad4f authored by Alexandre Morin's avatar Alexandre Morin

Merge branch 'hotfix/2.2.2' into 'master'

Hotfix/2.2.2

See merge request !103
parents d0358722 50485636
......@@ -609,8 +609,17 @@ class archive
$currentOrganization = \laabs::getToken("ORGANIZATION");
//$userOrgList = [];
$positionController = null;
$positionController = \laabs::newController('organization/userPosition');
$descandantServices = $positionController->readDescandantService($currentOrganization->orgId);
$descandantRegNumber = [];
$descandantRegNumber[] = $currentOrganization->registrationNumber;
foreach ($descandantServices as $descandantService) {
$descandantRegNumber[] = $descandantService;
}
if (!$currentOrganization) {
return false;
......@@ -620,7 +629,7 @@ class archive
return true;
}
if (($archive->originatorOrgRegNumber != $currentOrganization->registrationNumber) && ($archive->archiverOrgRegNumber != $currentOrganization->registrationNumber)) {
if (!in_array($archive->originatorOrgRegNumber, $descandantRegNumber) && ($archive->archiverOrgRegNumber != $currentOrganization->registrationNumber)) {
throw \laabs::newException('recordsManagement/accessDeniedException', "Permission denied");
}
......
......@@ -102,6 +102,9 @@ trait archiveCommunicationTrait
$queryParts = array();
$queryParams = array();
$currentDate = \laabs::newDate();
$currentDateString = $currentDate->format('Y-m-d');
if (!empty($description) || !empty($text)) {
$searchClasses = [];
......@@ -181,8 +184,6 @@ trait archiveCommunicationTrait
$queryParts['depositDate'] = "depositDate <= :depositEndDate";
}
if($archiveExpired){
$currentDate = \laabs::newDate();
$currentDateString = $currentDate->format('Y-m-d');
if ($archiveExpired == "true") {
$queryParams['disposalDate'] = $currentDateString;
......@@ -202,6 +203,11 @@ trait archiveCommunicationTrait
$queryParams['descriptionClass'] = 'recordsManagement/log';
$queryParts['descriptionClass'] = "(descriptionClass != :descriptionClass OR descriptionClass=NULL)";
$accessRuleAssert = $this->getAccessRuleAssert($currentDateString);
if ($accessRuleAssert) {
$queryParts[] = $accessRuleAssert;
}
$queryString = \laabs\implode(' AND ', $queryParts);
$archives = $this->sdoFactory->find('recordsManagement/archive', $queryString, $queryParams, false, false, 300);
......
......@@ -71,6 +71,7 @@ class digitalResource
}
break;
case 'text/html' :
case 'text/plain':
$contents = substr($contents, 0, 65536);
break;
......@@ -78,6 +79,14 @@ class digitalResource
} catch (\Exception $exception) {
\laabs::setResponseCode('500');
}
} else {
switch ($resource->mimetype) {
case 'text/html' :
case 'text/plain':
$contents = strip_tags($contents);
break;
}
}
$url = \laabs::createPublicResource($contents);
......
......@@ -138,6 +138,7 @@ class archive
}
$orgController = \laabs::newController('organization/organization');
$archiveController = \laabs::newController('recordsManagement/archive');
$orgsByRegNumber = $orgController->orgList();
$currentDate = \laabs::newDate();
......@@ -155,6 +156,12 @@ class archive
if (isset($orgsByRegNumber[$archive->originatorOrgRegNumber])) {
$archive->originatorOrgName = $orgsByRegNumber[$archive->originatorOrgRegNumber]->displayName;
try {
$archive->hasRights = $archiveController->checkRights($archive);
} catch(\Exception $e) {
$archive->hasRights = false;
}
}
}
......
......@@ -30,6 +30,7 @@
<?merge archive ?>
<tr id="[?merge .archiveId ?]" name="[?merge .archiveName ?]" class="[?merge .disposable.bool().then('danger') ?]">
<td>
<?merge .hasRights.bool() ?>
<input type="checkbox"
data-archive-status="[?merge .status ?]"
data-final-disposition='[?merge .finalDisposition ?]'
......@@ -47,6 +48,7 @@
<div class="btn-group pull-right">
<!--button type="button" class="btn btn-success btn-sm requestDelivery" id="requestCom" data-archiveid='[?merge .archiveId?]' title="Request of communication"><span class="fa fa-cloud-upload">&nbsp;</span></button-->
<button type="button" class="btn btn-success btn-sm viewArchive" title="Info"><span class="fa fa-info-circle">&nbsp;</span></button>
<?merge .hasRights.bool().not() @disabled ?>
<button class="btn btn-warning btn-sm dropdown-toggle" type="button" data-toggle="dropdown" aria-haspopup="true" aria-expanded="false">
<i class="fa fa-edit">&nbsp;</i>&nbsp;
<span class="caret"></span>
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment