Commit bae28baf40880fb22c2a7467c5cd0b2f820a56df
1 parent
0a663b22
- KTS-445: view.php should boot non-admin-mode users out on deleted and archived docs
- KTS-473: final place where a MD object wasn't checked for error. git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@5016 c91229c3-7414-0410-bfa2-8a42b809f60b
Showing
3 changed files
with
30 additions
and
1 deletions
lib/actions/documentaction.inc.php
| ... | ... | @@ -53,6 +53,9 @@ class KTDocumentAction extends KTStandardDispatcher { |
| 53 | 53 | if (!KTWorkflowUtil::actionEnabledForDocument($this->oDocument, $this->sName)) { |
| 54 | 54 | return false; |
| 55 | 55 | } |
| 56 | + // be nasty in archive/delete status. | |
| 57 | + $status = $this->oDocument->getStatusID(); | |
| 58 | + if (($status == DELETED) || ($status == ARCHIVED)) { return false; } | |
| 56 | 59 | return KTPermissionUtil::userHasPermissionOnItem($this->oUser, $oPermission, $this->oDocument); |
| 57 | 60 | } |
| 58 | 61 | ... | ... |
plugins/ktcore/admin/documentFields.php
| ... | ... | @@ -300,6 +300,9 @@ class KTDocumentFieldDispatcher extends KTAdminDispatcher { |
| 300 | 300 | } |
| 301 | 301 | foreach ($_REQUEST['metadata'] as $iMetaDataId) { |
| 302 | 302 | $oMetaData =& MetaData::get($iMetaDataId); |
| 303 | + if (PEAR::isError($oMetaData)) { | |
| 304 | + $this->errorRedirectTo('editField', _('Invalid lookup selected'), 'fFieldsetId=' . $oFieldset->getId() . '&fFieldId=' . $oField->getId()); | |
| 305 | + } | |
| 303 | 306 | $oMetaData->delete(); |
| 304 | 307 | } |
| 305 | 308 | $this->successRedirectTo('editField', _('Lookups removed'), 'fFieldsetId=' . $oFieldset->getId() . '&fFieldId=' . $oField->getId()); |
| ... | ... | @@ -723,6 +726,9 @@ class KTDocumentFieldDispatcher extends KTAdminDispatcher { |
| 723 | 726 | |
| 724 | 727 | function subact_unlinkKeyword(&$constructedTree, $keyword) { |
| 725 | 728 | $oKW = MetaData::get($keyword); |
| 729 | + if (PEAR::isError($oKW)) { | |
| 730 | + return true; | |
| 731 | + } | |
| 726 | 732 | $constructedTree->reparentKeyword($oKW->getId(), 0); |
| 727 | 733 | return true; |
| 728 | 734 | } | ... | ... |
view.php
| ... | ... | @@ -37,6 +37,14 @@ class ViewDocumentDispatcher extends KTStandardDispatcher { |
| 37 | 37 | |
| 38 | 38 | parent::KTStandardDispatcher(); |
| 39 | 39 | } |
| 40 | + | |
| 41 | + function check() { | |
| 42 | + if (!parent::check()) { return false; } | |
| 43 | + | |
| 44 | + | |
| 45 | + | |
| 46 | + return true; | |
| 47 | + } | |
| 40 | 48 | |
| 41 | 49 | // FIXME identify the current location somehow. |
| 42 | 50 | function addPortlets($currentaction = null) { |
| ... | ... | @@ -69,10 +77,22 @@ class ViewDocumentDispatcher extends KTStandardDispatcher { |
| 69 | 77 | } |
| 70 | 78 | |
| 71 | 79 | if (!KTBrowseUtil::inAdminMode($this->oUser, $oDocument->getFolderId())) { |
| 72 | - if (!Permission::userHasDocumentReadPermission($oDocument)) { | |
| 80 | + if ($oDocument->getStatusID() == ARCHIVED) { | |
| 81 | + $this->oPage->addError(_('This document has been archived. Please contact the system administrator to have it restored if it is still needed.')); | |
| 82 | + return $this->do_error(); | |
| 83 | + } else if ($oDocument->getStatusID() == DELETED) { | |
| 84 | + $this->oPage->addError(_('This document has been deleted. Please contact the system administrator to have it restored if it is still needed.')); | |
| 85 | + return $this->do_error(); | |
| 86 | + } else if (!Permission::userHasDocumentReadPermission($oDocument)) { | |
| 73 | 87 | $this->oPage->addError(_('You are not allowed to view this document')); |
| 74 | 88 | return $this->do_error(); |
| 75 | 89 | } |
| 90 | + } | |
| 91 | + | |
| 92 | + if ($oDocument->getStatusID() == ARCHIVED) { | |
| 93 | + $this->oPage->addError(_('This document has been archived.')); | |
| 94 | + } else if ($oDocument->getStatusID() == DELETED) { | |
| 95 | + $this->oPage->addError(_('This document has been deleted.')); | |
| 76 | 96 | } |
| 77 | 97 | |
| 78 | 98 | $this->oPage->setSecondaryTitle($oDocument->getName()); | ... | ... |