Esempio n. 1
0
			// get ID of the last record in workflow
			$WF_ID = CIBlockElement::WF_GetLast($ID);

			// check for edit permissions
			$STATUS_ID = CIBlockElement::WF_GetCurrentStatus($WF_ID, $STATUS_TITLE);
			$STATUS_PERMISSION = CIBlockElement::WF_GetStatusPermission($STATUS_ID);

			if($STATUS_ID>1 && $STATUS_PERMISSION<2)
			{
				$error = new _CIBlockError(1, "ACCESS_DENIED", GetMessage("IBLOCK_ACCESS_DENIED_STATUS"));
				$errorTriger = true;
			}
			elseif($STATUS_ID==1)
			{
				$WF_ID = $ID;
				$STATUS_ID = CIBlockElement::WF_GetCurrentStatus($WF_ID, $STATUS_TITLE);
				$STATUS_PERMISSION = CIBlockElement::WF_GetStatusPermission($STATUS_ID);
			}

			if (!$errorTriger)
			{
				// check if document is locked
				$isLocked = CIBlockElement::WF_IsLocked($ID, $locked_by, $date_lock);
				if($isLocked)
				{
					if($locked_by > 0)
					{
						$rsUser = CUser::GetList(($by="ID"), ($order="ASC"), array("ID_EQUAL_EXACT" => $locked_by));
						if($arUser = $rsUser->GetNext())
							$locked_by = rtrim("[".$arUser["ID"]."] (".$arUser["LOGIN"].") ".$arUser["NAME"]." ".$arUser["LAST_NAME"]);
					}
Esempio n. 2
0
 if (!CModule::IncludeModule("iblock")) {
     $this->AbortResultCache();
     ShowError(GetMessage("IBLOCK_MODULE_NOT_INSTALLED"));
     return;
 }
 if ($arParams["ELEMENT_ID"] > 0) {
     $ELEMENT_ID = $arParams["ELEMENT_ID"];
 } else {
     //Handle case when ELEMENT_CODE used
     $ELEMENT_ID = CIBlockFindTools::GetElementID($arParams["ELEMENT_ID"], $arParams["ELEMENT_CODE"], false, false, array("IBLOCK_ACTIVE" => "Y", "IBLOCK_ID" => $arParams["IBLOCK_ID"], "ACTIVE_DATE" => "Y", "ACTIVE" => "Y", "CHECK_PERMISSIONS" => "Y"));
 }
 if ($ELEMENT_ID) {
     $WF_SHOW_HISTORY = "N";
     if ($arParams["SHOW_WORKFLOW"] && CModule::IncludeModule("workflow")) {
         $WF_ELEMENT_ID = CIBlockElement::WF_GetLast($ELEMENT_ID);
         $WF_STATUS_ID = CIBlockElement::WF_GetCurrentStatus($WF_ELEMENT_ID, $WF_STATUS_TITLE);
         $WF_STATUS_PERMISSION = CIBlockElement::WF_GetStatusPermission($WF_STATUS_ID);
         if ($WF_STATUS_ID == 1 || $WF_STATUS_PERMISSION < 1) {
             $WF_ELEMENT_ID = $ELEMENT_ID;
         } else {
             $WF_SHOW_HISTORY = "Y";
         }
         $ELEMENT_ID = $WF_ELEMENT_ID;
     }
     //SELECT
     $arSelect = array_merge($arParams["FIELD_CODE"], array("ID", "CODE", "IBLOCK_ID", "IBLOCK_SECTION_ID", "SECTION_PAGE_URL", "NAME", "DETAIL_PICTURE", "PREVIEW_PICTURE", "DETAIL_TEXT", "DETAIL_PAGE_URL", "PREVIEW_TEXT_TYPE", "DETAIL_TEXT_TYPE"));
     $bGetProperty = count($arParams["PROPERTY_CODE"]) > 0 || $arParams["BROWSER_TITLE"] != "-" || $arParams["META_KEYWORDS"] != "-" || $arParams["META_DESCRIPTION"] != "-";
     if ($bGetProperty) {
         $arSelect[] = "PROPERTY_*";
     }
     //WHERE
Esempio n. 3
0
 function CheckWebRights($method = "", $arParams = array(), $simple = true)
 {
     if ($this->withoutAuthorization) {
         return true;
     }
     $strong = $method !== "";
     $path = '';
     if (is_array($arParams['arElement'])) {
         $path = isset($arParams['arElement']['item_id']) ? $arParams['arElement']['item_id'] : '';
     } elseif (is_string($arParams['arElement'])) {
         $path = $arParams['arElement'];
     }
     $result = $this->CheckRights($method, $strong, $path);
     if (!$result || $simple) {
         return $result;
     }
     $arError = array();
     $action = strtolower(is_set($arParams, "action") ? $arParams["action"] : $arParams["ACTION"]);
     $arElement = is_set($arParams, "arElement") ? $arParams["arElement"] : array();
     static $arErrors = array();
     $static_id = md5(serialize(array($action, $arElement["ID"], $GLOBALS["USER"]->GetID())));
     if (array_key_exists($static_id, $arErrors)) {
         $arError = $arErrors[$static_id];
     } else {
         if ($this->e_rights) {
             foreach (array('arElement', 'from', 'to') as $elm) {
                 if (is_set($arParams, $elm)) {
                     if ((!isset($arParams[$elm]['not_found']) || $arParams[$elm]['not_found'] === true) && !in_array($action, array('create', 'copy', 'move', 'mkcol'))) {
                         $arError[] = array("id" => "bad_element", "text" => GetMessage("WD_FILE_ERROR105"));
                     }
                 }
             }
             if (empty($arError)) {
                 if ($action == 'copy') {
                     //from[]
                     //to[]
                     $arTo = isset($arParams['to']) ? $arParams['to'] : array();
                     $arFrom = isset($arParams['from']) ? $arParams['from'] : array();
                     $nCount = min(sizeof($arTo), sizeof($arFrom));
                     for ($i = 0; $i < $nCount; $i++) {
                         $To = $arTo[$i];
                         $From = $arFrom[$i];
                         $type = $To['is_file'] ? 'ELEMENT' : 'SECTION';
                         $id = $To['not_found'] ? $To['parent_id'] : $To['item_id'];
                         $op = $From['is_file'] ? 'section_element_bind' : 'section_section_bind';
                         if (!$this->GetPermission($type, $id, $op)) {
                             $arError[] = array("id" => "", "text" => GetMessage("WD_ACCESS_DENIED"));
                         }
                     }
                 } elseif ($action == 'create' || $action == 'mkcol') {
                     //arElement
                     //null
                     if (empty($arElement)) {
                         $arParent = $this->GetObject();
                         $bAllowEdit = false;
                         if ($arParent['not_found'] === false) {
                             $bAllowEdit = $this->GetPermission($arParent['is_file'] ? 'ELEMENT' : 'SECTION', $arParent['item_id'], 'element_edit');
                         }
                         return $bAllowEdit;
                     } else {
                         $type = 'SECTION';
                         if (isset($arElement['parent_id']) && $arElement['parent_id'] > 0) {
                             $id = $arElement['parent_id'];
                         } else {
                             $id = $this->IBLOCK_ID;
                             $type = 'IBLOCK';
                         }
                         if ($action == 'mkcol') {
                             return $this->GetPermission($type, $id, 'section_section_bind');
                         }
                         if ($arElement['is_dir']) {
                             if (!$this->GetPermission($type, $id, 'section_section_bind')) {
                                 $arError[] = array("id" => "", "text" => GetMessage("WD_ACCESS_DENIED"));
                             }
                         } else {
                             if (!empty($arParams['create_element_in_section']) || $this->workflow != "workflow" && $this->workflow != "bizproc") {
                                 if (!$this->GetPermission($type, $id, 'section_element_bind')) {
                                     $arError[] = array("id" => "cannot_create", "text" => GetMessage("WD_ACCESS_DENIED"));
                                 }
                             } elseif ($this->workflow == "workflow") {
                                 $db_res = CWorkflowStatus::GetDropDownList("N", "desc");
                                 if (!($db_res && ($res = $db_res->Fetch()))) {
                                     $arError[] = array("id" => "bad_wf_statuses", "text" => GetMessage("WD_ACCESS_DENIED"));
                                 }
                             } elseif ($this->workflow == 'bizproc') {
                                 $arDocumentStates = CBPDocument::GetDocumentStates($this->wfParams['DOCUMENT_TYPE'], null);
                                 $arUserGroups = $this->USER["GROUPS"];
                                 $arUserGroups[] = "Author";
                                 $canWrite = false;
                                 if (!CBPDocument::CanUserOperateDocumentType(CBPCanUserOperateOperation::WriteDocument, $GLOBALS["USER"]->GetID(), $this->wfParams['DOCUMENT_TYPE'], array("IBlockPermission" => $this->permission, "AllUserGroups" => $arUserGroups, "DocumentStates" => $arDocumentStates))) {
                                     $arError[] = array("id" => "bad_bizproc_permision", "text" => GetMessage("WD_ACCESS_DENIED"));
                                 }
                             }
                         }
                     }
                 } elseif ($action == 'delete' || $action == 'undelete') {
                     //arElement
                     $type = $arElement['is_dir'] ? 'SECTION' : 'ELEMENT';
                     if ($type == 'ELEMENT') {
                         $res = $this->GetPermission($type, $arElement['item_id'], 'element_delete');
                         if (!$res) {
                             $arError[] = array("id" => "", "text" => GetMessage("WD_ACCESS_DENIED"));
                         }
                     } else {
                         $res = $this->GetPermission($type, $arElement['item_id'], 'section_delete', false);
                         if (!$res) {
                             $arError[] = array("id" => "", "text" => GetMessage("WD_ACCESS_DENIED"));
                         }
                     }
                 } elseif ($action == 'destroy') {
                     //arElement
                     $id = $arElement['item_id'];
                     $type = $arElement['is_dir'] ? 'SECTION' : 'ELEMENT';
                     $op = $arElement['is_dir'] ? 'section_delete' : 'element_delete';
                     if (!$this->GetPermission($type, $id, $op, false)) {
                         $arError[] = array("id" => "", "text" => GetMessage("WD_ACCESS_DENIED"));
                     }
                 } elseif ($action == 'edit' || $action == 'lock' || $action == 'proppatch' || $action == 'delete_dropped') {
                     //arElement
                     $id = $arElement['item_id'];
                     $type = $arElement['is_dir'] ? 'SECTION' : 'ELEMENT';
                     if ($arElement['is_dir']) {
                         if (!$this->GetPermission($type, $id, 'section_edit')) {
                             $arError[] = array("id" => "", "text" => GetMessage("WD_ACCESS_DENIED"));
                         }
                     } else {
                         if ($arElement["LOCK_STATUS_BP"] == "red") {
                             $arError[] = array("id" => "locked", "text" => GetMessage("WD_FILE_ERROR107"));
                         } elseif ($this->check_creator && $arElement["CREATED_BY"] != $GLOBALS["USER"]->GetID()) {
                             $arError[] = array("id" => "bad_author", "text" => GetMessage("WD_FILE_ERROR108"));
                         } elseif ($this->GetPermission($type, $id, 'element_edit_any_wf_status')) {
                             true;
                         } elseif ($this->workflow == "workflow" && $this->GetPermission($type, $id, 'element_edit')) {
                             $arWorkFlow = array("LAST_ID" => CIBlockElement::WF_GetLast($arElement["item_id"]));
                             $arWorkFlow["STATUS_ID"] = CIBlockElement::WF_GetCurrentStatus($arWorkFlow["LAST_ID"], $arWorkFlow["STATUS_TITLE"]);
                             $arWorkFlow["STATUS_PERMISSION"] = CIBlockElement::WF_GetStatusPermission($arWorkFlow["STATUS_ID"]);
                             if ($arWorkFlow["STATUS_ID"] > 1 && $arWorkFlow["STATUS_PERMISSION"] < 2) {
                                 $arError[] = array("id" => "bad_wf_status_permission", "text" => GetMessage("WD_FILE_ERROR109"));
                             }
                         } elseif ($this->workflow == 'bizproc' && $this->GetPermission($type, $id, 'element_edit')) {
                             $documentId = $this->wfParams['DOCUMENT_TYPE'];
                             $documentId[2] = $arElement["item_id"];
                             $arDocumentStates = CBPDocument::GetDocumentStates($this->wfParams['DOCUMENT_TYPE'], $documentId);
                             $arUserGroups = $this->USER["GROUPS"];
                             if ($arElement["CREATED_BY"] == $GLOBALS["USER"]->GetID()) {
                                 $arUserGroups[] = "Author";
                             }
                             if (!CBPDocument::CanUserOperateDocument(CBPCanUserOperateOperation::WriteDocument, $GLOBALS["USER"]->GetID(), $documentId, array("IBlockPermission" => $this->permission, "AllUserGroups" => $arUserGroups, "DocumentStates" => $arDocumentStates))) {
                                 $arError[] = array("id" => "bad_bizproc_permision", "text" => GetMessage("WD_ACCESS_DENIED"));
                             }
                         } else {
                             $arError[] = array("id" => "bad_permision", "text" => GetMessage("WD_ACCESS_DENIED"));
                         }
                     }
                 } elseif ($action == 'read' || $action == 'propfind') {
                     //arElement, null
                     if ($arElement) {
                         $id = $arElement['item_id'];
                         $type = $arElement['is_dir'] ? 'SECTION' : 'ELEMENT';
                         $op = $arElement['is_dir'] ? 'section_read' : 'element_read';
                         if (!$this->GetPermission($type, $id, $op)) {
                             $arError[] = array("id" => "bad_permision", "text" => GetMessage("WD_ACCESS_DENIED"));
                         }
                         if ($type == 'SECTION' && $id == $this->GetMetaID('TRASH')) {
                             if (!$this->GetPermission($type, $id, 'section_delete')) {
                                 $arError[] = array("id" => "bad_permision", "text" => GetMessage("WD_ACCESS_DENIED"));
                             }
                         }
                     } else {
                         if (!$this->GetPermission('IBLOCK', $this->IBLOCK_ID, 'section_read')) {
                             $arError[] = array("id" => "bad_permision", "text" => GetMessage("WD_ACCESS_DENIED"));
                         }
                     }
                 } elseif ($action == 'move') {
                     //from // auto recusive
                     //to // auto recusive
                     $arTo = isset($arParams['to']) ? $arParams['to'] : array();
                     $arFrom = isset($arParams['from']) ? $arParams['from'] : array();
                     $nCount = min(sizeof($arTo), sizeof($arFrom));
                     for ($i = 0; $i < $nCount; $i++) {
                         $To = $arTo[$i];
                         $From = $arFrom[$i];
                         $type = $From['is_dir'] ? 'SECTION' : 'ELEMENT';
                         $id = $From['item_id'];
                         $op = $From['is_dir'] ? 'section_edit' : 'element_edit';
                         if (!$this->GetPermission($type, $id, $op)) {
                             $arError[] = array("id" => "bad_permision", "text" => GetMessage("WD_ACCESS_DENIED"));
                         }
                         if ($To['not_found']) {
                             $type = 'SECTION';
                             $id = $To['parent_id'];
                             $op = $arFrom['is_dir'] ? 'section_section_bind' : 'section_element_bind';
                             // TODO: bizproc ?
                             if (!$this->GetPermission($type, $id, $op)) {
                                 $arError[] = array("id" => "bad_permision", "text" => GetMessage("WD_ACCESS_DENIED"));
                             }
                         } else {
                             $type = $To['is_dir'] ? 'SECTION' : 'ELEMENT';
                             $id = $To['item_id'];
                             $op = $To['is_dir'] ? $arFrom['is_dir'] ? 'section_section_bind' : 'section_element_bind' : 'element_edit';
                             // TODO: bizproc ?
                             if (!$this->GetPermission($type, $id, $op)) {
                                 $arError[] = array("id" => "bad_permision", "text" => GetMessage("WD_ACCESS_DENIED"));
                             }
                         }
                     }
                 }
             }
         } else {
             // check iblock rights
             if ($this->permission < "R") {
                 $arError[] = array("id" => "cannot_read", "text" => GetMessage("WD_ACCESS_DENIED"));
             } elseif ($this->permission > "U") {
                 true;
             } elseif ($action == "read" || $action == "propfind") {
                 true;
             } elseif ($this->permission < "U") {
                 $arError[] = array("id" => "cannot_workflow", "text" => GetMessage("WD_ACCESS_DENIED"));
             } elseif ($action == "create") {
                 if ($this->workflow != "workflow" && $this->workflow != "bizproc") {
                     $arError[] = array("id" => "cannot_write", "text" => GetMessage("WD_ACCESS_DENIED"));
                 } elseif ($this->workflow == "workflow") {
                     $db_res = CWorkflowStatus::GetDropDownList("N", "desc");
                     if (!($db_res && ($res = $db_res->Fetch()))) {
                         $arError[] = array("id" => "bad_wf_statuses", "text" => GetMessage("WD_ACCESS_DENIED"));
                     }
                 } elseif ($this->workflow == 'bizproc') {
                     $arDocumentStates = CBPDocument::GetDocumentStates($this->wfParams['DOCUMENT_TYPE'], null);
                     $arUserGroups = $this->USER["GROUPS"];
                     $arUserGroups[] = "Author";
                     $canWrite = false;
                     if (!CBPDocument::CanUserOperateDocumentType(CBPCanUserOperateOperation::WriteDocument, $GLOBALS["USER"]->GetID(), $this->wfParams['DOCUMENT_TYPE'], array("IBlockPermission" => $this->permission, "AllUserGroups" => $arUserGroups, "DocumentStates" => $arDocumentStates))) {
                         $arError[] = array("id" => "bad_bizproc_permision", "text" => GetMessage("WD_ACCESS_DENIED"));
                     }
                 }
             } elseif (!is_array($arElement) || empty($arElement)) {
                 $arError[] = array("id" => "bad_element", "text" => GetMessage("WD_FILE_ERROR105"));
             } elseif ($action == "clone") {
                 if ($this->workflow != "bizproc") {
                     $arError[] = array("id" => "bad_workflow", "text" => GetMessage("WD_FILE_ERROR106"));
                 } else {
                     // User has to have permissions to read parent document && to create new document
                     $arDocumentStates = CBPDocument::GetDocumentStates($this->wfParams['DOCUMENT_TYPE'], null);
                     if (!($arElement["PERMISSION"] >= "R" && CBPDocument::CanUserOperateDocumentType(CBPCanUserOperateOperation::WriteDocument, $GLOBALS["USER"]->GetID(), $this->wfParams['DOCUMENT_TYPE'], array("IBlockPermission" => $this->permission, "AllUserGroups" => array_merge($this->USER["GROUPS"], array("author")), "DocumentStates" => $arDocumentStates)))) {
                         $arError[] = array("id" => "bad_permission", "text" => GetMessage("WD_ACCESS_DENIED"));
                     }
                 }
             } elseif (!in_array($action, array("delete", "move", "edit", "unlock", "lock"))) {
                 $arError[] = array("id" => "bad_action", "text" => GetMessage("WD_ERROR_BAD_ACTION"));
             } else {
                 if ($arElement["LOCK_STATUS_BP"] == "red") {
                     $arError[] = array("id" => "locked", "text" => GetMessage("WD_FILE_ERROR107"));
                 } elseif ($arElement["LOCK_STATUS"] == "red" && ($action != "unlock" || $arElement["SHOW"]["UNLOCK"] != "Y")) {
                     $arError[] = array("id" => "locked", "text" => str_replace(array("#ID#", "#DATE#"), array($arElement["locked_by"], $arElement["date_lock"]), GetMessage("WD_ERROR_ELEMENT_LOCKED")));
                 } elseif ($this->check_creator && $arElement["CREATED_BY"] != $GLOBALS["USER"]->GetID()) {
                     $arError[] = array("id" => "bad_author", "text" => GetMessage("WD_FILE_ERROR108"));
                 } elseif ($this->workflow == "workflow") {
                     $arWorkFlow = array("LAST_ID" => CIBlockElement::WF_GetLast($arElement["item_id"]));
                     $arWorkFlow["STATUS_ID"] = CIBlockElement::WF_GetCurrentStatus($arWorkFlow["LAST_ID"], $arWorkFlow["STATUS_TITLE"]);
                     $arWorkFlow["STATUS_PERMISSION"] = CIBlockElement::WF_GetStatusPermission($arWorkFlow["STATUS_ID"]);
                     if ($arWorkFlow["STATUS_ID"] > 1 && $arWorkFlow["STATUS_PERMISSION"] < 2) {
                         $arError[] = array("id" => "bad_wf_status_permission", "text" => GetMessage("WD_FILE_ERROR109"));
                     }
                 } elseif ($this->workflow == 'bizproc') {
                     $documentId = $this->wfParams['DOCUMENT_TYPE'];
                     $documentId[2] = $arElement["item_id"];
                     $arDocumentStates = CBPDocument::GetDocumentStates($this->wfParams['DOCUMENT_TYPE'], $documentId);
                     $arUserGroups = $this->USER["GROUPS"];
                     if ($arElement["CREATED_BY"] == $GLOBALS["USER"]->GetID()) {
                         $arUserGroups[] = "Author";
                     }
                     if (!CBPDocument::CanUserOperateDocument(CBPCanUserOperateOperation::WriteDocument, $GLOBALS["USER"]->GetID(), $documentId, array("IBlockPermission" => $this->permission, "AllUserGroups" => $arUserGroups, "DocumentStates" => $arDocumentStates))) {
                         $arError[] = array("id" => "bad_bizproc_permision", "text" => GetMessage("WD_ACCESS_DENIED"));
                     }
                 }
             }
         }
         $arErrors[$static_id] = $arError;
     }
     if (empty($arError)) {
         $e = new CAdminException($arError);
         $this->LAST_ERROR = $e->GetString();
         if ($this->LAST_ERROR == '<br>') {
             $this->LAST_ERROR = '';
         }
         return true;
     } else {
         $e = new CAdminException($arError);
         $this->LAST_ERROR = $e->GetString();
         if ($this->LAST_ERROR == '<br>') {
             $this->LAST_ERROR = '';
         }
         return false;
     }
 }