Commit bae28baf40880fb22c2a7467c5cd0b2f820a56df
1 parent
0a663b22
- KTS-445: view.php should boot non-admin-mode users out on deleted and archived docs
- KTS-473: final place where a MD object wasn't checked for error. git-svn-id: https://kt-dms.svn.sourceforge.net/svnroot/kt-dms/trunk@5016 c91229c3-7414-0410-bfa2-8a42b809f60b
Showing
3 changed files
with
30 additions
and
1 deletions
lib/actions/documentaction.inc.php
| @@ -53,6 +53,9 @@ class KTDocumentAction extends KTStandardDispatcher { | @@ -53,6 +53,9 @@ class KTDocumentAction extends KTStandardDispatcher { | ||
| 53 | if (!KTWorkflowUtil::actionEnabledForDocument($this->oDocument, $this->sName)) { | 53 | if (!KTWorkflowUtil::actionEnabledForDocument($this->oDocument, $this->sName)) { |
| 54 | return false; | 54 | return false; |
| 55 | } | 55 | } |
| 56 | + // be nasty in archive/delete status. | ||
| 57 | + $status = $this->oDocument->getStatusID(); | ||
| 58 | + if (($status == DELETED) || ($status == ARCHIVED)) { return false; } | ||
| 56 | return KTPermissionUtil::userHasPermissionOnItem($this->oUser, $oPermission, $this->oDocument); | 59 | return KTPermissionUtil::userHasPermissionOnItem($this->oUser, $oPermission, $this->oDocument); |
| 57 | } | 60 | } |
| 58 | 61 |
plugins/ktcore/admin/documentFields.php
| @@ -300,6 +300,9 @@ class KTDocumentFieldDispatcher extends KTAdminDispatcher { | @@ -300,6 +300,9 @@ class KTDocumentFieldDispatcher extends KTAdminDispatcher { | ||
| 300 | } | 300 | } |
| 301 | foreach ($_REQUEST['metadata'] as $iMetaDataId) { | 301 | foreach ($_REQUEST['metadata'] as $iMetaDataId) { |
| 302 | $oMetaData =& MetaData::get($iMetaDataId); | 302 | $oMetaData =& MetaData::get($iMetaDataId); |
| 303 | + if (PEAR::isError($oMetaData)) { | ||
| 304 | + $this->errorRedirectTo('editField', _('Invalid lookup selected'), 'fFieldsetId=' . $oFieldset->getId() . '&fFieldId=' . $oField->getId()); | ||
| 305 | + } | ||
| 303 | $oMetaData->delete(); | 306 | $oMetaData->delete(); |
| 304 | } | 307 | } |
| 305 | $this->successRedirectTo('editField', _('Lookups removed'), 'fFieldsetId=' . $oFieldset->getId() . '&fFieldId=' . $oField->getId()); | 308 | $this->successRedirectTo('editField', _('Lookups removed'), 'fFieldsetId=' . $oFieldset->getId() . '&fFieldId=' . $oField->getId()); |
| @@ -723,6 +726,9 @@ class KTDocumentFieldDispatcher extends KTAdminDispatcher { | @@ -723,6 +726,9 @@ class KTDocumentFieldDispatcher extends KTAdminDispatcher { | ||
| 723 | 726 | ||
| 724 | function subact_unlinkKeyword(&$constructedTree, $keyword) { | 727 | function subact_unlinkKeyword(&$constructedTree, $keyword) { |
| 725 | $oKW = MetaData::get($keyword); | 728 | $oKW = MetaData::get($keyword); |
| 729 | + if (PEAR::isError($oKW)) { | ||
| 730 | + return true; | ||
| 731 | + } | ||
| 726 | $constructedTree->reparentKeyword($oKW->getId(), 0); | 732 | $constructedTree->reparentKeyword($oKW->getId(), 0); |
| 727 | return true; | 733 | return true; |
| 728 | } | 734 | } |
view.php
| @@ -37,6 +37,14 @@ class ViewDocumentDispatcher extends KTStandardDispatcher { | @@ -37,6 +37,14 @@ class ViewDocumentDispatcher extends KTStandardDispatcher { | ||
| 37 | 37 | ||
| 38 | parent::KTStandardDispatcher(); | 38 | parent::KTStandardDispatcher(); |
| 39 | } | 39 | } |
| 40 | + | ||
| 41 | + function check() { | ||
| 42 | + if (!parent::check()) { return false; } | ||
| 43 | + | ||
| 44 | + | ||
| 45 | + | ||
| 46 | + return true; | ||
| 47 | + } | ||
| 40 | 48 | ||
| 41 | // FIXME identify the current location somehow. | 49 | // FIXME identify the current location somehow. |
| 42 | function addPortlets($currentaction = null) { | 50 | function addPortlets($currentaction = null) { |
| @@ -69,10 +77,22 @@ class ViewDocumentDispatcher extends KTStandardDispatcher { | @@ -69,10 +77,22 @@ class ViewDocumentDispatcher extends KTStandardDispatcher { | ||
| 69 | } | 77 | } |
| 70 | 78 | ||
| 71 | if (!KTBrowseUtil::inAdminMode($this->oUser, $oDocument->getFolderId())) { | 79 | if (!KTBrowseUtil::inAdminMode($this->oUser, $oDocument->getFolderId())) { |
| 72 | - if (!Permission::userHasDocumentReadPermission($oDocument)) { | 80 | + if ($oDocument->getStatusID() == ARCHIVED) { |
| 81 | + $this->oPage->addError(_('This document has been archived. Please contact the system administrator to have it restored if it is still needed.')); | ||
| 82 | + return $this->do_error(); | ||
| 83 | + } else if ($oDocument->getStatusID() == DELETED) { | ||
| 84 | + $this->oPage->addError(_('This document has been deleted. Please contact the system administrator to have it restored if it is still needed.')); | ||
| 85 | + return $this->do_error(); | ||
| 86 | + } else if (!Permission::userHasDocumentReadPermission($oDocument)) { | ||
| 73 | $this->oPage->addError(_('You are not allowed to view this document')); | 87 | $this->oPage->addError(_('You are not allowed to view this document')); |
| 74 | return $this->do_error(); | 88 | return $this->do_error(); |
| 75 | } | 89 | } |
| 90 | + } | ||
| 91 | + | ||
| 92 | + if ($oDocument->getStatusID() == ARCHIVED) { | ||
| 93 | + $this->oPage->addError(_('This document has been archived.')); | ||
| 94 | + } else if ($oDocument->getStatusID() == DELETED) { | ||
| 95 | + $this->oPage->addError(_('This document has been deleted.')); | ||
| 76 | } | 96 | } |
| 77 | 97 | ||
| 78 | $this->oPage->setSecondaryTitle($oDocument->getName()); | 98 | $this->oPage->setSecondaryTitle($oDocument->getName()); |