// get ID of the last record in workflow
$WF_ID = CIBlockElement::WF_GetLast($ID);
// check for edit permissions
$STATUS_ID = CIBlockElement::WF_GetCurrentStatus($WF_ID, $STATUS_TITLE);
$STATUS_PERMISSION = CIBlockElement::WF_GetStatusPermission($STATUS_ID);
if($STATUS_ID>1 && $STATUS_PERMISSION<2)
{
$error = new _CIBlockError(1, "ACCESS_DENIED", GetMessage("IBLOCK_ACCESS_DENIED_STATUS"));
$errorTriger = true;
}
elseif($STATUS_ID==1)
{
$WF_ID = $ID;
$STATUS_ID = CIBlockElement::WF_GetCurrentStatus($WF_ID, $STATUS_TITLE);
$STATUS_PERMISSION = CIBlockElement::WF_GetStatusPermission($STATUS_ID);
}
if (!$errorTriger)
{
// check if document is locked
$isLocked = CIBlockElement::WF_IsLocked($ID, $locked_by, $date_lock);
if($isLocked)
{
if($locked_by > 0)
{
$rsUser = CUser::GetList(($by="ID"), ($order="ASC"), array("ID_EQUAL_EXACT" => $locked_by));
if($arUser = $rsUser->GetNext())
$locked_by = rtrim("[".$arUser["ID"]."] (".$arUser["LOGIN"].") ".$arUser["NAME"]." ".$arUser["LAST_NAME"]);
}
if (!CModule::IncludeModule("iblock")) {
$this->AbortResultCache();
ShowError(GetMessage("IBLOCK_MODULE_NOT_INSTALLED"));
return;
}
if ($arParams["ELEMENT_ID"] > 0) {
$ELEMENT_ID = $arParams["ELEMENT_ID"];
} else {
//Handle case when ELEMENT_CODE used
$ELEMENT_ID = CIBlockFindTools::GetElementID($arParams["ELEMENT_ID"], $arParams["ELEMENT_CODE"], false, false, array("IBLOCK_ACTIVE" => "Y", "IBLOCK_ID" => $arParams["IBLOCK_ID"], "ACTIVE_DATE" => "Y", "ACTIVE" => "Y", "CHECK_PERMISSIONS" => "Y"));
}
if ($ELEMENT_ID) {
$WF_SHOW_HISTORY = "N";
if ($arParams["SHOW_WORKFLOW"] && CModule::IncludeModule("workflow")) {
$WF_ELEMENT_ID = CIBlockElement::WF_GetLast($ELEMENT_ID);
$WF_STATUS_ID = CIBlockElement::WF_GetCurrentStatus($WF_ELEMENT_ID, $WF_STATUS_TITLE);
$WF_STATUS_PERMISSION = CIBlockElement::WF_GetStatusPermission($WF_STATUS_ID);
if ($WF_STATUS_ID == 1 || $WF_STATUS_PERMISSION < 1) {
$WF_ELEMENT_ID = $ELEMENT_ID;
} else {
$WF_SHOW_HISTORY = "Y";
}
$ELEMENT_ID = $WF_ELEMENT_ID;
}
//SELECT
$arSelect = array_merge($arParams["FIELD_CODE"], array("ID", "CODE", "IBLOCK_ID", "IBLOCK_SECTION_ID", "SECTION_PAGE_URL", "NAME", "DETAIL_PICTURE", "PREVIEW_PICTURE", "DETAIL_TEXT", "DETAIL_PAGE_URL", "PREVIEW_TEXT_TYPE", "DETAIL_TEXT_TYPE"));
$bGetProperty = count($arParams["PROPERTY_CODE"]) > 0 || $arParams["BROWSER_TITLE"] != "-" || $arParams["META_KEYWORDS"] != "-" || $arParams["META_DESCRIPTION"] != "-";
if ($bGetProperty) {
$arSelect[] = "PROPERTY_*";
}
//WHERE
function CheckWebRights($method = "", $arParams = array(), $simple = true)
{
if ($this->withoutAuthorization) {
return true;
}
$strong = $method !== "";
$path = '';
if (is_array($arParams['arElement'])) {
$path = isset($arParams['arElement']['item_id']) ? $arParams['arElement']['item_id'] : '';
} elseif (is_string($arParams['arElement'])) {
$path = $arParams['arElement'];
}
$result = $this->CheckRights($method, $strong, $path);
if (!$result || $simple) {
return $result;
}
$arError = array();
$action = strtolower(is_set($arParams, "action") ? $arParams["action"] : $arParams["ACTION"]);
$arElement = is_set($arParams, "arElement") ? $arParams["arElement"] : array();
static $arErrors = array();
$static_id = md5(serialize(array($action, $arElement["ID"], $GLOBALS["USER"]->GetID())));
if (array_key_exists($static_id, $arErrors)) {
$arError = $arErrors[$static_id];
} else {
if ($this->e_rights) {
foreach (array('arElement', 'from', 'to') as $elm) {
if (is_set($arParams, $elm)) {
if ((!isset($arParams[$elm]['not_found']) || $arParams[$elm]['not_found'] === true) && !in_array($action, array('create', 'copy', 'move', 'mkcol'))) {
$arError[] = array("id" => "bad_element", "text" => GetMessage("WD_FILE_ERROR105"));
}
}
}
if (empty($arError)) {
if ($action == 'copy') {
//from[]
//to[]
$arTo = isset($arParams['to']) ? $arParams['to'] : array();
$arFrom = isset($arParams['from']) ? $arParams['from'] : array();
$nCount = min(sizeof($arTo), sizeof($arFrom));
for ($i = 0; $i < $nCount; $i++) {
$To = $arTo[$i];
$From = $arFrom[$i];
$type = $To['is_file'] ? 'ELEMENT' : 'SECTION';
$id = $To['not_found'] ? $To['parent_id'] : $To['item_id'];
$op = $From['is_file'] ? 'section_element_bind' : 'section_section_bind';
if (!$this->GetPermission($type, $id, $op)) {
$arError[] = array("id" => "", "text" => GetMessage("WD_ACCESS_DENIED"));
}
}
} elseif ($action == 'create' || $action == 'mkcol') {
//arElement
//null
if (empty($arElement)) {
$arParent = $this->GetObject();
$bAllowEdit = false;
if ($arParent['not_found'] === false) {
$bAllowEdit = $this->GetPermission($arParent['is_file'] ? 'ELEMENT' : 'SECTION', $arParent['item_id'], 'element_edit');
}
return $bAllowEdit;
} else {
$type = 'SECTION';
if (isset($arElement['parent_id']) && $arElement['parent_id'] > 0) {
$id = $arElement['parent_id'];
} else {
$id = $this->IBLOCK_ID;
$type = 'IBLOCK';
}
if ($action == 'mkcol') {
return $this->GetPermission($type, $id, 'section_section_bind');
}
if ($arElement['is_dir']) {
if (!$this->GetPermission($type, $id, 'section_section_bind')) {
$arError[] = array("id" => "", "text" => GetMessage("WD_ACCESS_DENIED"));
}
} else {
if (!empty($arParams['create_element_in_section']) || $this->workflow != "workflow" && $this->workflow != "bizproc") {
if (!$this->GetPermission($type, $id, 'section_element_bind')) {
$arError[] = array("id" => "cannot_create", "text" => GetMessage("WD_ACCESS_DENIED"));
}
} elseif ($this->workflow == "workflow") {
$db_res = CWorkflowStatus::GetDropDownList("N", "desc");
if (!($db_res && ($res = $db_res->Fetch()))) {
$arError[] = array("id" => "bad_wf_statuses", "text" => GetMessage("WD_ACCESS_DENIED"));
}
} elseif ($this->workflow == 'bizproc') {
$arDocumentStates = CBPDocument::GetDocumentStates($this->wfParams['DOCUMENT_TYPE'], null);
$arUserGroups = $this->USER["GROUPS"];
$arUserGroups[] = "Author";
$canWrite = false;
if (!CBPDocument::CanUserOperateDocumentType(CBPCanUserOperateOperation::WriteDocument, $GLOBALS["USER"]->GetID(), $this->wfParams['DOCUMENT_TYPE'], array("IBlockPermission" => $this->permission, "AllUserGroups" => $arUserGroups, "DocumentStates" => $arDocumentStates))) {
$arError[] = array("id" => "bad_bizproc_permision", "text" => GetMessage("WD_ACCESS_DENIED"));
}
}
}
}
} elseif ($action == 'delete' || $action == 'undelete') {
//arElement
$type = $arElement['is_dir'] ? 'SECTION' : 'ELEMENT';
if ($type == 'ELEMENT') {
$res = $this->GetPermission($type, $arElement['item_id'], 'element_delete');
if (!$res) {
$arError[] = array("id" => "", "text" => GetMessage("WD_ACCESS_DENIED"));
}
} else {
$res = $this->GetPermission($type, $arElement['item_id'], 'section_delete', false);
if (!$res) {
$arError[] = array("id" => "", "text" => GetMessage("WD_ACCESS_DENIED"));
}
}
} elseif ($action == 'destroy') {
//arElement
$id = $arElement['item_id'];
$type = $arElement['is_dir'] ? 'SECTION' : 'ELEMENT';
$op = $arElement['is_dir'] ? 'section_delete' : 'element_delete';
if (!$this->GetPermission($type, $id, $op, false)) {
$arError[] = array("id" => "", "text" => GetMessage("WD_ACCESS_DENIED"));
}
} elseif ($action == 'edit' || $action == 'lock' || $action == 'proppatch' || $action == 'delete_dropped') {
//arElement
$id = $arElement['item_id'];
$type = $arElement['is_dir'] ? 'SECTION' : 'ELEMENT';
if ($arElement['is_dir']) {
if (!$this->GetPermission($type, $id, 'section_edit')) {
$arError[] = array("id" => "", "text" => GetMessage("WD_ACCESS_DENIED"));
}
} else {
if ($arElement["LOCK_STATUS_BP"] == "red") {
$arError[] = array("id" => "locked", "text" => GetMessage("WD_FILE_ERROR107"));
} elseif ($this->check_creator && $arElement["CREATED_BY"] != $GLOBALS["USER"]->GetID()) {
$arError[] = array("id" => "bad_author", "text" => GetMessage("WD_FILE_ERROR108"));
} elseif ($this->GetPermission($type, $id, 'element_edit_any_wf_status')) {
true;
} elseif ($this->workflow == "workflow" && $this->GetPermission($type, $id, 'element_edit')) {
$arWorkFlow = array("LAST_ID" => CIBlockElement::WF_GetLast($arElement["item_id"]));
$arWorkFlow["STATUS_ID"] = CIBlockElement::WF_GetCurrentStatus($arWorkFlow["LAST_ID"], $arWorkFlow["STATUS_TITLE"]);
$arWorkFlow["STATUS_PERMISSION"] = CIBlockElement::WF_GetStatusPermission($arWorkFlow["STATUS_ID"]);
if ($arWorkFlow["STATUS_ID"] > 1 && $arWorkFlow["STATUS_PERMISSION"] < 2) {
$arError[] = array("id" => "bad_wf_status_permission", "text" => GetMessage("WD_FILE_ERROR109"));
}
} elseif ($this->workflow == 'bizproc' && $this->GetPermission($type, $id, 'element_edit')) {
$documentId = $this->wfParams['DOCUMENT_TYPE'];
$documentId[2] = $arElement["item_id"];
$arDocumentStates = CBPDocument::GetDocumentStates($this->wfParams['DOCUMENT_TYPE'], $documentId);
$arUserGroups = $this->USER["GROUPS"];
if ($arElement["CREATED_BY"] == $GLOBALS["USER"]->GetID()) {
$arUserGroups[] = "Author";
}
if (!CBPDocument::CanUserOperateDocument(CBPCanUserOperateOperation::WriteDocument, $GLOBALS["USER"]->GetID(), $documentId, array("IBlockPermission" => $this->permission, "AllUserGroups" => $arUserGroups, "DocumentStates" => $arDocumentStates))) {
$arError[] = array("id" => "bad_bizproc_permision", "text" => GetMessage("WD_ACCESS_DENIED"));
}
} else {
$arError[] = array("id" => "bad_permision", "text" => GetMessage("WD_ACCESS_DENIED"));
}
}
} elseif ($action == 'read' || $action == 'propfind') {
//arElement, null
if ($arElement) {
$id = $arElement['item_id'];
$type = $arElement['is_dir'] ? 'SECTION' : 'ELEMENT';
$op = $arElement['is_dir'] ? 'section_read' : 'element_read';
if (!$this->GetPermission($type, $id, $op)) {
$arError[] = array("id" => "bad_permision", "text" => GetMessage("WD_ACCESS_DENIED"));
}
if ($type == 'SECTION' && $id == $this->GetMetaID('TRASH')) {
if (!$this->GetPermission($type, $id, 'section_delete')) {
$arError[] = array("id" => "bad_permision", "text" => GetMessage("WD_ACCESS_DENIED"));
}
}
} else {
if (!$this->GetPermission('IBLOCK', $this->IBLOCK_ID, 'section_read')) {
$arError[] = array("id" => "bad_permision", "text" => GetMessage("WD_ACCESS_DENIED"));
}
}
} elseif ($action == 'move') {
//from // auto recusive
//to // auto recusive
$arTo = isset($arParams['to']) ? $arParams['to'] : array();
$arFrom = isset($arParams['from']) ? $arParams['from'] : array();
$nCount = min(sizeof($arTo), sizeof($arFrom));
for ($i = 0; $i < $nCount; $i++) {
$To = $arTo[$i];
$From = $arFrom[$i];
$type = $From['is_dir'] ? 'SECTION' : 'ELEMENT';
$id = $From['item_id'];
$op = $From['is_dir'] ? 'section_edit' : 'element_edit';
if (!$this->GetPermission($type, $id, $op)) {
$arError[] = array("id" => "bad_permision", "text" => GetMessage("WD_ACCESS_DENIED"));
}
if ($To['not_found']) {
$type = 'SECTION';
$id = $To['parent_id'];
$op = $arFrom['is_dir'] ? 'section_section_bind' : 'section_element_bind';
// TODO: bizproc ?
if (!$this->GetPermission($type, $id, $op)) {
$arError[] = array("id" => "bad_permision", "text" => GetMessage("WD_ACCESS_DENIED"));
}
} else {
$type = $To['is_dir'] ? 'SECTION' : 'ELEMENT';
$id = $To['item_id'];
$op = $To['is_dir'] ? $arFrom['is_dir'] ? 'section_section_bind' : 'section_element_bind' : 'element_edit';
// TODO: bizproc ?
if (!$this->GetPermission($type, $id, $op)) {
$arError[] = array("id" => "bad_permision", "text" => GetMessage("WD_ACCESS_DENIED"));
}
}
}
}
}
} else {
// check iblock rights
if ($this->permission < "R") {
$arError[] = array("id" => "cannot_read", "text" => GetMessage("WD_ACCESS_DENIED"));
} elseif ($this->permission > "U") {
true;
} elseif ($action == "read" || $action == "propfind") {
true;
} elseif ($this->permission < "U") {
$arError[] = array("id" => "cannot_workflow", "text" => GetMessage("WD_ACCESS_DENIED"));
} elseif ($action == "create") {
if ($this->workflow != "workflow" && $this->workflow != "bizproc") {
$arError[] = array("id" => "cannot_write", "text" => GetMessage("WD_ACCESS_DENIED"));
} elseif ($this->workflow == "workflow") {
$db_res = CWorkflowStatus::GetDropDownList("N", "desc");
if (!($db_res && ($res = $db_res->Fetch()))) {
$arError[] = array("id" => "bad_wf_statuses", "text" => GetMessage("WD_ACCESS_DENIED"));
}
} elseif ($this->workflow == 'bizproc') {
$arDocumentStates = CBPDocument::GetDocumentStates($this->wfParams['DOCUMENT_TYPE'], null);
$arUserGroups = $this->USER["GROUPS"];
$arUserGroups[] = "Author";
$canWrite = false;
if (!CBPDocument::CanUserOperateDocumentType(CBPCanUserOperateOperation::WriteDocument, $GLOBALS["USER"]->GetID(), $this->wfParams['DOCUMENT_TYPE'], array("IBlockPermission" => $this->permission, "AllUserGroups" => $arUserGroups, "DocumentStates" => $arDocumentStates))) {
$arError[] = array("id" => "bad_bizproc_permision", "text" => GetMessage("WD_ACCESS_DENIED"));
}
}
} elseif (!is_array($arElement) || empty($arElement)) {
$arError[] = array("id" => "bad_element", "text" => GetMessage("WD_FILE_ERROR105"));
} elseif ($action == "clone") {
if ($this->workflow != "bizproc") {
$arError[] = array("id" => "bad_workflow", "text" => GetMessage("WD_FILE_ERROR106"));
} else {
// User has to have permissions to read parent document && to create new document
$arDocumentStates = CBPDocument::GetDocumentStates($this->wfParams['DOCUMENT_TYPE'], null);
if (!($arElement["PERMISSION"] >= "R" && CBPDocument::CanUserOperateDocumentType(CBPCanUserOperateOperation::WriteDocument, $GLOBALS["USER"]->GetID(), $this->wfParams['DOCUMENT_TYPE'], array("IBlockPermission" => $this->permission, "AllUserGroups" => array_merge($this->USER["GROUPS"], array("author")), "DocumentStates" => $arDocumentStates)))) {
$arError[] = array("id" => "bad_permission", "text" => GetMessage("WD_ACCESS_DENIED"));
}
}
} elseif (!in_array($action, array("delete", "move", "edit", "unlock", "lock"))) {
$arError[] = array("id" => "bad_action", "text" => GetMessage("WD_ERROR_BAD_ACTION"));
} else {
if ($arElement["LOCK_STATUS_BP"] == "red") {
$arError[] = array("id" => "locked", "text" => GetMessage("WD_FILE_ERROR107"));
} elseif ($arElement["LOCK_STATUS"] == "red" && ($action != "unlock" || $arElement["SHOW"]["UNLOCK"] != "Y")) {
$arError[] = array("id" => "locked", "text" => str_replace(array("#ID#", "#DATE#"), array($arElement["locked_by"], $arElement["date_lock"]), GetMessage("WD_ERROR_ELEMENT_LOCKED")));
} elseif ($this->check_creator && $arElement["CREATED_BY"] != $GLOBALS["USER"]->GetID()) {
$arError[] = array("id" => "bad_author", "text" => GetMessage("WD_FILE_ERROR108"));
} elseif ($this->workflow == "workflow") {
$arWorkFlow = array("LAST_ID" => CIBlockElement::WF_GetLast($arElement["item_id"]));
$arWorkFlow["STATUS_ID"] = CIBlockElement::WF_GetCurrentStatus($arWorkFlow["LAST_ID"], $arWorkFlow["STATUS_TITLE"]);
$arWorkFlow["STATUS_PERMISSION"] = CIBlockElement::WF_GetStatusPermission($arWorkFlow["STATUS_ID"]);
if ($arWorkFlow["STATUS_ID"] > 1 && $arWorkFlow["STATUS_PERMISSION"] < 2) {
$arError[] = array("id" => "bad_wf_status_permission", "text" => GetMessage("WD_FILE_ERROR109"));
}
} elseif ($this->workflow == 'bizproc') {
$documentId = $this->wfParams['DOCUMENT_TYPE'];
$documentId[2] = $arElement["item_id"];
$arDocumentStates = CBPDocument::GetDocumentStates($this->wfParams['DOCUMENT_TYPE'], $documentId);
$arUserGroups = $this->USER["GROUPS"];
if ($arElement["CREATED_BY"] == $GLOBALS["USER"]->GetID()) {
$arUserGroups[] = "Author";
}
if (!CBPDocument::CanUserOperateDocument(CBPCanUserOperateOperation::WriteDocument, $GLOBALS["USER"]->GetID(), $documentId, array("IBlockPermission" => $this->permission, "AllUserGroups" => $arUserGroups, "DocumentStates" => $arDocumentStates))) {
$arError[] = array("id" => "bad_bizproc_permision", "text" => GetMessage("WD_ACCESS_DENIED"));
}
}
}
}
$arErrors[$static_id] = $arError;
}
if (empty($arError)) {
$e = new CAdminException($arError);
$this->LAST_ERROR = $e->GetString();
if ($this->LAST_ERROR == '<br>') {
$this->LAST_ERROR = '';
}
return true;
} else {
$e = new CAdminException($arError);
$this->LAST_ERROR = $e->GetString();
if ($this->LAST_ERROR == '<br>') {
$this->LAST_ERROR = '';
}
return false;
}
}
