protected function processBeforeAction($actionName) { parent::processBeforeAction($actionName); if (!CBPDocument::canUserOperateDocumentType(CBPCanUserOperateOperation::CreateWorkflow, $this->getUser()->getID(), $this->arParams['DOCUMENT_DATA']['DISK']['DOCUMENT_TYPE'], array())) { $this->showAccessDenied(); return false; } return true; }
protected function processBeforeAction($actionName) { parent::processBeforeAction($actionName); if (strlen($this->arParams['STORAGE_ID']) <= 0) { ShowError(Loc::getMessage('ACCESS_DENIED') . ' ' . Loc::getMessage('BIZPROC_WFEDIT_ERROR_TYPE')); return false; } if ($this->arResult['ID'] > 0) { $templatesList = CBPWorkflowTemplateLoader::getList(array(), array('ID' => $this->arResult['ID'])); if ($template = $templatesList->fetch()) { if (!CBPDocument::canUserOperateDocumentType(CBPCanUserOperateOperation::CreateWorkflow, $this->getUser()->getID(), $template['DOCUMENT_TYPE'])) { $this->showAccessDenied(); return false; } $this->arResult['TEMPLATE_NAME'] = $template['NAME']; $this->arResult['TEMPLATE_DESC'] = $template['DESCRIPTION']; $this->arResult['TEMPLATE_AUTOSTART'] = $template['AUTO_EXECUTE']; $this->arResult['TEMPLATE'] = $template['TEMPLATE']; $this->arResult['PARAMETERS'] = $template['PARAMETERS']; $this->arResult['VARIABLES'] = $template['VARIABLES']; $this->arResult['CONSTANTS'] = $template['CONSTANTS']; } else { $this->arResult['ID'] = 0; } if ($template["ENTITY"] == Bitrix\Disk\BizProcDocument::className()) { $this->arResult['DOCUMENT_COMPLEX_TYPE'] = \Bitrix\Disk\BizProcDocument::generateDocumentComplexType($this->arParams['STORAGE_ID']); $this->arResult['ENTITY'] = $template['ENTITY']; } else { $this->arResult['DOCUMENT_COMPLEX_TYPE'] = \Bitrix\Disk\BizProcDocumentCompatible::generateDocumentComplexType($this->arParams['STORAGE_ID']); $this->arResult['ENTITY'] = $template['ENTITY']; } } else { $this->arResult['ENTITY'] = Bitrix\Disk\BizProcDocument::className(); $this->arResult['DOCUMENT_COMPLEX_TYPE'] = \Bitrix\Disk\BizProcDocument::generateDocumentComplexType($this->arParams['STORAGE_ID']); if (!CBPDocument::canUserOperateDocumentType(CBPCanUserOperateOperation::CreateWorkflow, $this->getUser()->getID(), $this->arResult['DOCUMENT_COMPLEX_TYPE'])) { $this->showAccessDenied(); return false; } $this->arResult['TEMPLATE_NAME'] = Loc::getMessage("BIZPROC_WFEDIT_DEFAULT_TITLE"); $this->arResult['TEMPLATE_DESC'] = ''; $this->arResult['TEMPLATE_AUTOSTART'] = 1; $this->arResult['PARAMETERS'] = array(); $this->arResult['VARIABLES'] = array(); $this->arResult['CONSTANTS'] = array(); if ($this->request->getQuery('init') == 'statemachine') { $this->arResult['TEMPLATE'] = array(array('Type' => 'StateMachineWorkflowActivity', 'Name' => 'Template', 'Properties' => array(), 'Children' => array())); } else { $this->arResult['TEMPLATE'] = array(array('Type' => 'SequentialWorkflowActivity', 'Name' => 'Template', 'Properties' => array(), 'Children' => array())); } } return true; }
function CanUserOperateDocument($operation, $userId, $documentId, $parameters = array()) { $documentId = trim($documentId); if (strlen($documentId) <= 0) { return false; } if (!array_key_exists("IBlockId", $parameters) && (!array_key_exists("IBlockPermission", $parameters) || !array_key_exists("DocumentStates", $parameters) || !array_key_exists("IBlockRightsMode", $parameters) || array_key_exists("IBlockRightsMode", $parameters) && $parameters["IBlockRightsMode"] === "E") || !array_key_exists("CreatedBy", $parameters) && !array_key_exists("AllUserGroups", $parameters)) { $elementListQuery = CIBlockElement::getList(array(), array("ID" => $documentId, "SHOW_NEW" => "Y", "SHOW_HISTORY" => "Y"), false, false, array("ID", "IBLOCK_ID", "CREATED_BY")); $elements = $elementListQuery->fetch(); if (!$elements) { return false; } $parameters["IBlockId"] = $elements["IBLOCK_ID"]; $parameters["CreatedBy"] = $elements["CREATED_BY"]; } if (!array_key_exists("IBlockRightsMode", $parameters)) { $parameters["IBlockRightsMode"] = CIBlock::getArrayByID($parameters["IBlockId"], "RIGHTS_MODE"); } if ($parameters["IBlockRightsMode"] === "E") { if ($operation === CBPCanUserOperateOperation::ReadDocument) { return CIBlockElementRights::userHasRightTo($parameters["IBlockId"], $documentId, "element_read"); } elseif ($operation === CBPCanUserOperateOperation::WriteDocument) { return CIBlockElementRights::userHasRightTo($parameters["IBlockId"], $documentId, "element_edit"); } elseif ($operation === CBPCanUserOperateOperation::StartWorkflow || $operation === CBPCanUserOperateOperation::ViewWorkflow) { if (CIBlockElementRights::userHasRightTo($parameters["IBlockId"], $documentId, "element_edit")) { return true; } if (!array_key_exists("WorkflowId", $parameters)) { return false; } if (!CIBlockElementRights::userHasRightTo($parameters["IBlockId"], $documentId, "element_read")) { return false; } $userId = intval($userId); if (!array_key_exists("AllUserGroups", $parameters)) { if (!array_key_exists("UserGroups", $parameters)) { $parameters["UserGroups"] = CUser::getUserGroup($userId); } $parameters["AllUserGroups"] = $parameters["UserGroups"]; if ($userId == $parameters["CreatedBy"]) { $parameters["AllUserGroups"][] = "Author"; } } if (!array_key_exists("DocumentStates", $parameters)) { if ($operation === CBPCanUserOperateOperation::StartWorkflow) { $parameters["DocumentStates"] = CBPWorkflowTemplateLoader::getDocumentTypeStates(array('lists', get_called_class(), self::generateDocumentType($parameters["IBlockId"]))); } else { $parameters["DocumentStates"] = CBPDocument::getDocumentStates(array('lists', get_called_class(), self::generateDocumentType($parameters["IBlockId"])), array('lists', get_called_class(), $documentId)); } } if (array_key_exists($parameters["WorkflowId"], $parameters["DocumentStates"])) { $parameters["DocumentStates"] = array($parameters["WorkflowId"] => $parameters["DocumentStates"][$parameters["WorkflowId"]]); } else { return false; } $allowableOperations = CBPDocument::getAllowableOperations($userId, $parameters["AllUserGroups"], $parameters["DocumentStates"], true); if (!is_array($allowableOperations)) { return false; } if ($operation === CBPCanUserOperateOperation::ViewWorkflow && in_array("read", $allowableOperations) || $operation === CBPCanUserOperateOperation::StartWorkflow && in_array("write", $allowableOperations)) { return true; } $chop = $operation === CBPCanUserOperateOperation::ViewWorkflow ? "element_read" : "element_edit"; $tasks = self::getRightsTasks(); foreach ($allowableOperations as $op) { if (isset($tasks[$op])) { $op = $tasks[$op]['ID']; } $ar = CTask::getOperations($op, true); if (in_array($chop, $ar)) { return true; } } } elseif ($operation === CBPCanUserOperateOperation::CreateWorkflow) { return CBPDocument::canUserOperateDocumentType(CBPCanUserOperateOperation::CreateWorkflow, $userId, array('lists', get_called_class(), $documentId), $parameters); } return false; } if (!array_key_exists("IBlockPermission", $parameters)) { if (CModule::includeModule('lists')) { $parameters["IBlockPermission"] = CLists::getIBlockPermission($parameters["IBlockId"], $userId); } else { $parameters["IBlockPermission"] = CIBlock::getPermission($parameters["IBlockId"], $userId); } } if ($parameters["IBlockPermission"] <= "R") { return false; } elseif ($parameters["IBlockPermission"] >= "W") { return true; } $userId = intval($userId); if (!array_key_exists("AllUserGroups", $parameters)) { if (!array_key_exists("UserGroups", $parameters)) { $parameters["UserGroups"] = CUser::getUserGroup($userId); } $parameters["AllUserGroups"] = $parameters["UserGroups"]; if ($userId == $parameters["CreatedBy"]) { $parameters["AllUserGroups"][] = "Author"; } } if (!array_key_exists("DocumentStates", $parameters)) { $parameters["DocumentStates"] = CBPDocument::getDocumentStates(array("lists", get_called_class(), "iblock_" . $parameters["IBlockId"]), array('lists', get_called_class(), $documentId)); } if (array_key_exists("WorkflowId", $parameters)) { if (array_key_exists($parameters["WorkflowId"], $parameters["DocumentStates"])) { $parameters["DocumentStates"] = array($parameters["WorkflowId"] => $parameters["DocumentStates"][$parameters["WorkflowId"]]); } else { return false; } } $allowableOperations = CBPDocument::getAllowableOperations($userId, $parameters["AllUserGroups"], $parameters["DocumentStates"]); if (!is_array($allowableOperations)) { return false; } $r = false; switch ($operation) { case CBPCanUserOperateOperation::ViewWorkflow: $r = in_array("read", $allowableOperations); break; case CBPCanUserOperateOperation::StartWorkflow: $r = in_array("write", $allowableOperations); break; case CBPCanUserOperateOperation::CreateWorkflow: $r = false; break; case CBPCanUserOperateOperation::WriteDocument: $r = in_array("write", $allowableOperations); break; case CBPCanUserOperateOperation::ReadDocument: $r = in_array("read", $allowableOperations) || in_array("write", $allowableOperations); break; default: $r = false; } return $r; }