// get ID of the last record in workflow $WF_ID = CIBlockElement::WF_GetLast($ID); // check for edit permissions $STATUS_ID = CIBlockElement::WF_GetCurrentStatus($WF_ID, $STATUS_TITLE); $STATUS_PERMISSION = CIBlockElement::WF_GetStatusPermission($STATUS_ID); if($STATUS_ID>1 && $STATUS_PERMISSION<2) { $error = new _CIBlockError(1, "ACCESS_DENIED", GetMessage("IBLOCK_ACCESS_DENIED_STATUS")); $errorTriger = true; } elseif($STATUS_ID==1) { $WF_ID = $ID; $STATUS_ID = CIBlockElement::WF_GetCurrentStatus($WF_ID, $STATUS_TITLE); $STATUS_PERMISSION = CIBlockElement::WF_GetStatusPermission($STATUS_ID); } if (!$errorTriger) { // check if document is locked $isLocked = CIBlockElement::WF_IsLocked($ID, $locked_by, $date_lock); if($isLocked) { if($locked_by > 0) { $rsUser = CUser::GetList(($by="ID"), ($order="ASC"), array("ID_EQUAL_EXACT" => $locked_by)); if($arUser = $rsUser->GetNext()) $locked_by = rtrim("[".$arUser["ID"]."] (".$arUser["LOGIN"].") ".$arUser["NAME"]." ".$arUser["LAST_NAME"]); }
if (!CModule::IncludeModule("iblock")) { $this->AbortResultCache(); ShowError(GetMessage("IBLOCK_MODULE_NOT_INSTALLED")); return; } if ($arParams["ELEMENT_ID"] > 0) { $ELEMENT_ID = $arParams["ELEMENT_ID"]; } else { //Handle case when ELEMENT_CODE used $ELEMENT_ID = CIBlockFindTools::GetElementID($arParams["ELEMENT_ID"], $arParams["ELEMENT_CODE"], false, false, array("IBLOCK_ACTIVE" => "Y", "IBLOCK_ID" => $arParams["IBLOCK_ID"], "ACTIVE_DATE" => "Y", "ACTIVE" => "Y", "CHECK_PERMISSIONS" => "Y")); } if ($ELEMENT_ID) { $WF_SHOW_HISTORY = "N"; if ($arParams["SHOW_WORKFLOW"] && CModule::IncludeModule("workflow")) { $WF_ELEMENT_ID = CIBlockElement::WF_GetLast($ELEMENT_ID); $WF_STATUS_ID = CIBlockElement::WF_GetCurrentStatus($WF_ELEMENT_ID, $WF_STATUS_TITLE); $WF_STATUS_PERMISSION = CIBlockElement::WF_GetStatusPermission($WF_STATUS_ID); if ($WF_STATUS_ID == 1 || $WF_STATUS_PERMISSION < 1) { $WF_ELEMENT_ID = $ELEMENT_ID; } else { $WF_SHOW_HISTORY = "Y"; } $ELEMENT_ID = $WF_ELEMENT_ID; } //SELECT $arSelect = array_merge($arParams["FIELD_CODE"], array("ID", "CODE", "IBLOCK_ID", "IBLOCK_SECTION_ID", "SECTION_PAGE_URL", "NAME", "DETAIL_PICTURE", "PREVIEW_PICTURE", "DETAIL_TEXT", "DETAIL_PAGE_URL", "PREVIEW_TEXT_TYPE", "DETAIL_TEXT_TYPE")); $bGetProperty = count($arParams["PROPERTY_CODE"]) > 0 || $arParams["BROWSER_TITLE"] != "-" || $arParams["META_KEYWORDS"] != "-" || $arParams["META_DESCRIPTION"] != "-"; if ($bGetProperty) { $arSelect[] = "PROPERTY_*"; } //WHERE
function CheckWebRights($method = "", $arParams = array(), $simple = true) { if ($this->withoutAuthorization) { return true; } $strong = $method !== ""; $path = ''; if (is_array($arParams['arElement'])) { $path = isset($arParams['arElement']['item_id']) ? $arParams['arElement']['item_id'] : ''; } elseif (is_string($arParams['arElement'])) { $path = $arParams['arElement']; } $result = $this->CheckRights($method, $strong, $path); if (!$result || $simple) { return $result; } $arError = array(); $action = strtolower(is_set($arParams, "action") ? $arParams["action"] : $arParams["ACTION"]); $arElement = is_set($arParams, "arElement") ? $arParams["arElement"] : array(); static $arErrors = array(); $static_id = md5(serialize(array($action, $arElement["ID"], $GLOBALS["USER"]->GetID()))); if (array_key_exists($static_id, $arErrors)) { $arError = $arErrors[$static_id]; } else { if ($this->e_rights) { foreach (array('arElement', 'from', 'to') as $elm) { if (is_set($arParams, $elm)) { if ((!isset($arParams[$elm]['not_found']) || $arParams[$elm]['not_found'] === true) && !in_array($action, array('create', 'copy', 'move', 'mkcol'))) { $arError[] = array("id" => "bad_element", "text" => GetMessage("WD_FILE_ERROR105")); } } } if (empty($arError)) { if ($action == 'copy') { //from[] //to[] $arTo = isset($arParams['to']) ? $arParams['to'] : array(); $arFrom = isset($arParams['from']) ? $arParams['from'] : array(); $nCount = min(sizeof($arTo), sizeof($arFrom)); for ($i = 0; $i < $nCount; $i++) { $To = $arTo[$i]; $From = $arFrom[$i]; $type = $To['is_file'] ? 'ELEMENT' : 'SECTION'; $id = $To['not_found'] ? $To['parent_id'] : $To['item_id']; $op = $From['is_file'] ? 'section_element_bind' : 'section_section_bind'; if (!$this->GetPermission($type, $id, $op)) { $arError[] = array("id" => "", "text" => GetMessage("WD_ACCESS_DENIED")); } } } elseif ($action == 'create' || $action == 'mkcol') { //arElement //null if (empty($arElement)) { $arParent = $this->GetObject(); $bAllowEdit = false; if ($arParent['not_found'] === false) { $bAllowEdit = $this->GetPermission($arParent['is_file'] ? 'ELEMENT' : 'SECTION', $arParent['item_id'], 'element_edit'); } return $bAllowEdit; } else { $type = 'SECTION'; if (isset($arElement['parent_id']) && $arElement['parent_id'] > 0) { $id = $arElement['parent_id']; } else { $id = $this->IBLOCK_ID; $type = 'IBLOCK'; } if ($action == 'mkcol') { return $this->GetPermission($type, $id, 'section_section_bind'); } if ($arElement['is_dir']) { if (!$this->GetPermission($type, $id, 'section_section_bind')) { $arError[] = array("id" => "", "text" => GetMessage("WD_ACCESS_DENIED")); } } else { if (!empty($arParams['create_element_in_section']) || $this->workflow != "workflow" && $this->workflow != "bizproc") { if (!$this->GetPermission($type, $id, 'section_element_bind')) { $arError[] = array("id" => "cannot_create", "text" => GetMessage("WD_ACCESS_DENIED")); } } elseif ($this->workflow == "workflow") { $db_res = CWorkflowStatus::GetDropDownList("N", "desc"); if (!($db_res && ($res = $db_res->Fetch()))) { $arError[] = array("id" => "bad_wf_statuses", "text" => GetMessage("WD_ACCESS_DENIED")); } } elseif ($this->workflow == 'bizproc') { $arDocumentStates = CBPDocument::GetDocumentStates($this->wfParams['DOCUMENT_TYPE'], null); $arUserGroups = $this->USER["GROUPS"]; $arUserGroups[] = "Author"; $canWrite = false; if (!CBPDocument::CanUserOperateDocumentType(CBPCanUserOperateOperation::WriteDocument, $GLOBALS["USER"]->GetID(), $this->wfParams['DOCUMENT_TYPE'], array("IBlockPermission" => $this->permission, "AllUserGroups" => $arUserGroups, "DocumentStates" => $arDocumentStates))) { $arError[] = array("id" => "bad_bizproc_permision", "text" => GetMessage("WD_ACCESS_DENIED")); } } } } } elseif ($action == 'delete' || $action == 'undelete') { //arElement $type = $arElement['is_dir'] ? 'SECTION' : 'ELEMENT'; if ($type == 'ELEMENT') { $res = $this->GetPermission($type, $arElement['item_id'], 'element_delete'); if (!$res) { $arError[] = array("id" => "", "text" => GetMessage("WD_ACCESS_DENIED")); } } else { $res = $this->GetPermission($type, $arElement['item_id'], 'section_delete', false); if (!$res) { $arError[] = array("id" => "", "text" => GetMessage("WD_ACCESS_DENIED")); } } } elseif ($action == 'destroy') { //arElement $id = $arElement['item_id']; $type = $arElement['is_dir'] ? 'SECTION' : 'ELEMENT'; $op = $arElement['is_dir'] ? 'section_delete' : 'element_delete'; if (!$this->GetPermission($type, $id, $op, false)) { $arError[] = array("id" => "", "text" => GetMessage("WD_ACCESS_DENIED")); } } elseif ($action == 'edit' || $action == 'lock' || $action == 'proppatch' || $action == 'delete_dropped') { //arElement $id = $arElement['item_id']; $type = $arElement['is_dir'] ? 'SECTION' : 'ELEMENT'; if ($arElement['is_dir']) { if (!$this->GetPermission($type, $id, 'section_edit')) { $arError[] = array("id" => "", "text" => GetMessage("WD_ACCESS_DENIED")); } } else { if ($arElement["LOCK_STATUS_BP"] == "red") { $arError[] = array("id" => "locked", "text" => GetMessage("WD_FILE_ERROR107")); } elseif ($this->check_creator && $arElement["CREATED_BY"] != $GLOBALS["USER"]->GetID()) { $arError[] = array("id" => "bad_author", "text" => GetMessage("WD_FILE_ERROR108")); } elseif ($this->GetPermission($type, $id, 'element_edit_any_wf_status')) { true; } elseif ($this->workflow == "workflow" && $this->GetPermission($type, $id, 'element_edit')) { $arWorkFlow = array("LAST_ID" => CIBlockElement::WF_GetLast($arElement["item_id"])); $arWorkFlow["STATUS_ID"] = CIBlockElement::WF_GetCurrentStatus($arWorkFlow["LAST_ID"], $arWorkFlow["STATUS_TITLE"]); $arWorkFlow["STATUS_PERMISSION"] = CIBlockElement::WF_GetStatusPermission($arWorkFlow["STATUS_ID"]); if ($arWorkFlow["STATUS_ID"] > 1 && $arWorkFlow["STATUS_PERMISSION"] < 2) { $arError[] = array("id" => "bad_wf_status_permission", "text" => GetMessage("WD_FILE_ERROR109")); } } elseif ($this->workflow == 'bizproc' && $this->GetPermission($type, $id, 'element_edit')) { $documentId = $this->wfParams['DOCUMENT_TYPE']; $documentId[2] = $arElement["item_id"]; $arDocumentStates = CBPDocument::GetDocumentStates($this->wfParams['DOCUMENT_TYPE'], $documentId); $arUserGroups = $this->USER["GROUPS"]; if ($arElement["CREATED_BY"] == $GLOBALS["USER"]->GetID()) { $arUserGroups[] = "Author"; } if (!CBPDocument::CanUserOperateDocument(CBPCanUserOperateOperation::WriteDocument, $GLOBALS["USER"]->GetID(), $documentId, array("IBlockPermission" => $this->permission, "AllUserGroups" => $arUserGroups, "DocumentStates" => $arDocumentStates))) { $arError[] = array("id" => "bad_bizproc_permision", "text" => GetMessage("WD_ACCESS_DENIED")); } } else { $arError[] = array("id" => "bad_permision", "text" => GetMessage("WD_ACCESS_DENIED")); } } } elseif ($action == 'read' || $action == 'propfind') { //arElement, null if ($arElement) { $id = $arElement['item_id']; $type = $arElement['is_dir'] ? 'SECTION' : 'ELEMENT'; $op = $arElement['is_dir'] ? 'section_read' : 'element_read'; if (!$this->GetPermission($type, $id, $op)) { $arError[] = array("id" => "bad_permision", "text" => GetMessage("WD_ACCESS_DENIED")); } if ($type == 'SECTION' && $id == $this->GetMetaID('TRASH')) { if (!$this->GetPermission($type, $id, 'section_delete')) { $arError[] = array("id" => "bad_permision", "text" => GetMessage("WD_ACCESS_DENIED")); } } } else { if (!$this->GetPermission('IBLOCK', $this->IBLOCK_ID, 'section_read')) { $arError[] = array("id" => "bad_permision", "text" => GetMessage("WD_ACCESS_DENIED")); } } } elseif ($action == 'move') { //from // auto recusive //to // auto recusive $arTo = isset($arParams['to']) ? $arParams['to'] : array(); $arFrom = isset($arParams['from']) ? $arParams['from'] : array(); $nCount = min(sizeof($arTo), sizeof($arFrom)); for ($i = 0; $i < $nCount; $i++) { $To = $arTo[$i]; $From = $arFrom[$i]; $type = $From['is_dir'] ? 'SECTION' : 'ELEMENT'; $id = $From['item_id']; $op = $From['is_dir'] ? 'section_edit' : 'element_edit'; if (!$this->GetPermission($type, $id, $op)) { $arError[] = array("id" => "bad_permision", "text" => GetMessage("WD_ACCESS_DENIED")); } if ($To['not_found']) { $type = 'SECTION'; $id = $To['parent_id']; $op = $arFrom['is_dir'] ? 'section_section_bind' : 'section_element_bind'; // TODO: bizproc ? if (!$this->GetPermission($type, $id, $op)) { $arError[] = array("id" => "bad_permision", "text" => GetMessage("WD_ACCESS_DENIED")); } } else { $type = $To['is_dir'] ? 'SECTION' : 'ELEMENT'; $id = $To['item_id']; $op = $To['is_dir'] ? $arFrom['is_dir'] ? 'section_section_bind' : 'section_element_bind' : 'element_edit'; // TODO: bizproc ? if (!$this->GetPermission($type, $id, $op)) { $arError[] = array("id" => "bad_permision", "text" => GetMessage("WD_ACCESS_DENIED")); } } } } } } else { // check iblock rights if ($this->permission < "R") { $arError[] = array("id" => "cannot_read", "text" => GetMessage("WD_ACCESS_DENIED")); } elseif ($this->permission > "U") { true; } elseif ($action == "read" || $action == "propfind") { true; } elseif ($this->permission < "U") { $arError[] = array("id" => "cannot_workflow", "text" => GetMessage("WD_ACCESS_DENIED")); } elseif ($action == "create") { if ($this->workflow != "workflow" && $this->workflow != "bizproc") { $arError[] = array("id" => "cannot_write", "text" => GetMessage("WD_ACCESS_DENIED")); } elseif ($this->workflow == "workflow") { $db_res = CWorkflowStatus::GetDropDownList("N", "desc"); if (!($db_res && ($res = $db_res->Fetch()))) { $arError[] = array("id" => "bad_wf_statuses", "text" => GetMessage("WD_ACCESS_DENIED")); } } elseif ($this->workflow == 'bizproc') { $arDocumentStates = CBPDocument::GetDocumentStates($this->wfParams['DOCUMENT_TYPE'], null); $arUserGroups = $this->USER["GROUPS"]; $arUserGroups[] = "Author"; $canWrite = false; if (!CBPDocument::CanUserOperateDocumentType(CBPCanUserOperateOperation::WriteDocument, $GLOBALS["USER"]->GetID(), $this->wfParams['DOCUMENT_TYPE'], array("IBlockPermission" => $this->permission, "AllUserGroups" => $arUserGroups, "DocumentStates" => $arDocumentStates))) { $arError[] = array("id" => "bad_bizproc_permision", "text" => GetMessage("WD_ACCESS_DENIED")); } } } elseif (!is_array($arElement) || empty($arElement)) { $arError[] = array("id" => "bad_element", "text" => GetMessage("WD_FILE_ERROR105")); } elseif ($action == "clone") { if ($this->workflow != "bizproc") { $arError[] = array("id" => "bad_workflow", "text" => GetMessage("WD_FILE_ERROR106")); } else { // User has to have permissions to read parent document && to create new document $arDocumentStates = CBPDocument::GetDocumentStates($this->wfParams['DOCUMENT_TYPE'], null); if (!($arElement["PERMISSION"] >= "R" && CBPDocument::CanUserOperateDocumentType(CBPCanUserOperateOperation::WriteDocument, $GLOBALS["USER"]->GetID(), $this->wfParams['DOCUMENT_TYPE'], array("IBlockPermission" => $this->permission, "AllUserGroups" => array_merge($this->USER["GROUPS"], array("author")), "DocumentStates" => $arDocumentStates)))) { $arError[] = array("id" => "bad_permission", "text" => GetMessage("WD_ACCESS_DENIED")); } } } elseif (!in_array($action, array("delete", "move", "edit", "unlock", "lock"))) { $arError[] = array("id" => "bad_action", "text" => GetMessage("WD_ERROR_BAD_ACTION")); } else { if ($arElement["LOCK_STATUS_BP"] == "red") { $arError[] = array("id" => "locked", "text" => GetMessage("WD_FILE_ERROR107")); } elseif ($arElement["LOCK_STATUS"] == "red" && ($action != "unlock" || $arElement["SHOW"]["UNLOCK"] != "Y")) { $arError[] = array("id" => "locked", "text" => str_replace(array("#ID#", "#DATE#"), array($arElement["locked_by"], $arElement["date_lock"]), GetMessage("WD_ERROR_ELEMENT_LOCKED"))); } elseif ($this->check_creator && $arElement["CREATED_BY"] != $GLOBALS["USER"]->GetID()) { $arError[] = array("id" => "bad_author", "text" => GetMessage("WD_FILE_ERROR108")); } elseif ($this->workflow == "workflow") { $arWorkFlow = array("LAST_ID" => CIBlockElement::WF_GetLast($arElement["item_id"])); $arWorkFlow["STATUS_ID"] = CIBlockElement::WF_GetCurrentStatus($arWorkFlow["LAST_ID"], $arWorkFlow["STATUS_TITLE"]); $arWorkFlow["STATUS_PERMISSION"] = CIBlockElement::WF_GetStatusPermission($arWorkFlow["STATUS_ID"]); if ($arWorkFlow["STATUS_ID"] > 1 && $arWorkFlow["STATUS_PERMISSION"] < 2) { $arError[] = array("id" => "bad_wf_status_permission", "text" => GetMessage("WD_FILE_ERROR109")); } } elseif ($this->workflow == 'bizproc') { $documentId = $this->wfParams['DOCUMENT_TYPE']; $documentId[2] = $arElement["item_id"]; $arDocumentStates = CBPDocument::GetDocumentStates($this->wfParams['DOCUMENT_TYPE'], $documentId); $arUserGroups = $this->USER["GROUPS"]; if ($arElement["CREATED_BY"] == $GLOBALS["USER"]->GetID()) { $arUserGroups[] = "Author"; } if (!CBPDocument::CanUserOperateDocument(CBPCanUserOperateOperation::WriteDocument, $GLOBALS["USER"]->GetID(), $documentId, array("IBlockPermission" => $this->permission, "AllUserGroups" => $arUserGroups, "DocumentStates" => $arDocumentStates))) { $arError[] = array("id" => "bad_bizproc_permision", "text" => GetMessage("WD_ACCESS_DENIED")); } } } } $arErrors[$static_id] = $arError; } if (empty($arError)) { $e = new CAdminException($arError); $this->LAST_ERROR = $e->GetString(); if ($this->LAST_ERROR == '<br>') { $this->LAST_ERROR = ''; } return true; } else { $e = new CAdminException($arError); $this->LAST_ERROR = $e->GetString(); if ($this->LAST_ERROR == '<br>') { $this->LAST_ERROR = ''; } return false; } }