</tr> </thead> <tbody> <?php $pManager =& getPluginManager(); $pManager->loadPlugins('acl'); $k = 0; $config =& JFactory::getConfig(); $db =& JFactory::getDBO(); $now =& JFactory::getDate(); $nullDate = $db->getNullDate(); for ($i = 0, $n = count($this->items); $i < $n; $i++) { $row =& $this->items[$i]; //Only allow administrating groups to view item history $canViewHistory = false; if (canManageWorkflows()) { $canViewHistory = true; } else { list($adminAclSystem, $adminAclGroup) = explode('.', $row->administratingGroup); foreach ($this->aclPairs as $system => $gid) { if ($system == $adminAclSystem && in_array($adminAclGroup, array_keys($gid))) { $canViewHistory = true; } } } $link = JRoute::_('index.php?option=com_jwf&controller=item&task=edit&wid=' . $row->wid . '&iid=' . $row->iid); $historyLink = JRoute::_('index.php?option=com_jwf&controller=item&task=history&wid=' . $row->wid . '&iid=' . $row->iid); ?> <tr class="<?php echo "row{$k}"; ?>
/** * searches through items * * @access public * @param int starting records * @param int number of records to return * @param array containing all the GIDs of the current logged in user for all supported ACL systems * @param string keywords used for the LIKE clause * @param bool whether or not to return the last step for items * @return array Array('overallTotal' => total number of items<br />'requestTotal' => total number of items returned by the request<br />'items' => list of items) */ function search($start = 0, $count = 0, $aclPairs = null, $keyword = '', $onlyCurrent = false) { $db =& JFactory::getDBO(); $start = intval($start); $count = intval($count); $onlyCurrent = (bool) $onlyCurrent; $keyword = $db->getEscaped($keyword, true); $limit = ''; if ($count != 0) { $limit = "LIMIT {$start}, {$count} "; } $whereFragments = array(); if ($keyword != '') { $whereFragments['keyword'] = "w.name LIKE '%{$keyword}%'"; } if ($aclPairs != null && !canManageWorkflows()) { $whereFragments['acl'] = ''; $aclWhereFragments = array(); foreach ($aclPairs as $system => $gid) { $gids = implode(',', array_keys($gid)); $aclWhereFragments[] = "(w.acl = '{$system}' AND (w.admin_gid IN ({$gids}) OR s.group IN ({$gids}) ))"; } $whereFragments['acl'] = '(' . implode(' OR ', $aclWhereFragments) . ')'; } if ($onlyCurrent) { $whereFragments['current'] = ' h.current=1'; } $whereConditions = implode(' AND ', $whereFragments); $where = ''; if ($whereConditions != '') { $where = 'WHERE ' . $whereConditions; } $sql = "SELECT COUNT(*) FROM #__jwf_steps"; $db->setQuery($sql); $overallCount = $db->loadResult(); $sql = "SELECT COUNT(*)" . "\nFROM `#__jwf_steps` AS h" . "\nINNER JOIN `#__jwf_stations` AS s ON s.id = h.sid" . "\nINNER JOIN `#__jwf_workflows` AS w ON w.id = h.wid" . "\n" . $where; $db->setQuery($sql); $requestCount = $db->loadResult(); $sql = "SELECT h.* , CONCAT(w.acl, '.', w.admin_gid) as administratingGroup,s.allocatedTime as taskTime, s.task as currentTask, s.title as currentStation , s.order as position , w.title as workflowTitle, w.component as contentType" . "\nFROM `#__jwf_steps` AS h" . "\nINNER JOIN `#__jwf_stations` AS s ON s.id = h.sid" . "\nINNER JOIN `#__jwf_workflows` AS w ON w.id = h.wid" . "\n" . $where . "\n" . "ORDER BY h.created DESC" . "\n" . $limit; $db->setQuery($sql); return array('overallTotal' => $overallCount, 'requestTotal' => $requestCount, 'items' => $db->loadObjectList()); }
function save($workflow, $steps, $storedComments, $incomingComment) { $pManager =& getPluginManager(); $pManager->loadPlugins('acl'); $response = $pManager->invokeMethod('acl', 'getMyGroupId', array($workflow->acl), null); $myGroups = $response[$workflow->acl]; $user =& JFactory::getUser(); $isNew = intval($incomingComment['commentID']) == -1 ? true : false; $isAuthorized = false; //The HUGE Authorization routine /* Global Administrator -> Allowed to do everything Old Comment Workflow manager -> Allowed after making sure the supplied WID matches a workflow they have authority upon Normal user -> Allowed if s/he's the creator of the comment New Comment Workflow manager -> Allow if WID matches a workflow they have authority upon Normal user -> Allowed only if the item is in their station */ if (canManageWorkflows()) { $isAuthorized = true; } elseif (in_array($workflow->admin_gid, array_keys($myGroups))) { $isAuthorized = true; } else { if ($isNew) { //Allow normal users to add comments to the latest step ONLY $currentStep = searchObjectArray($steps, 'current', 1); foreach ($myGroups as $gid => $name) { if ($workflow->stations[$incomingComment['sid']]->group == $gid) { if ($currentStep->iid == $incomingComment['iid'] && $currentStep->id == $incomingComment['tid']) { $isAuthorized = true; } } } } else { $currentComment = searchObjectArray($storedComments, 'id', $incomingComment['commentID']); if ($currentComment != null && $user->get('id') == $currentComment->created_by) { $isAuthorized = true; } } } if (!$isAuthorized) { return 0; } $datenow =& JFactory::getDate(); $incomingComment['type'] = 'comments'; if (!$isNew) { $incomingComment['id'] = intval($incomingComment['commentID']); $incomingComment['modified'] = $datenow->toMySQL(); $incomingComment['modified_by'] = $user->get('id'); } else { $incomingComment['created'] = $datenow->toMySQL(); $incomingComment['modified'] = $datenow->toMySQL(); $incomingComment['created_by'] = $user->get('id'); $incomingComment['modified_by'] = $user->get('id'); } $incomingComment['value'] = base64_encode($incomingComment['text']); require_once JWF_BACKEND_PATH . DS . 'models' . DS . 'history.php'; $historyModel = new JWFModelHistory(); require_once JWF_BACKEND_PATH . DS . 'models' . DS . 'field.php'; $fieldModel = new JWFModelField(); if ($fieldModel->save($incomingComment)) { $historyObject = new stdClass(); if ($isNew) { $historyObject->type = 'create'; $historyObject->value = $incomingComment['value']; $historyModel->add($workflow->id, $workflow->stations[$incomingComment['sid']], $incomingComment['iid'], 'field.comments', JText::_('Comment Added'), $historyObject); } else { $historyObject->type = 'modify'; $historyObject->value = $incomingComment['value']; $historyModel->add($workflow->id, $workflow->stations[$incomingComment['sid']], $incomingComment['iid'], 'field.comments', JText::_('Comment Modified'), $historyObject); } return 1; } return 0; }
/** * Task Handler ( View history of a given item ) * * @return void */ function history() { $app =& JFactory::getApplication('site'); $document =& JFactory::getDocument(); $pManager =& getPluginManager(); $wid = JRequest::getInt('wid', 0); $iid = JRequest::getInt('iid', 0); $workflowModel =& $this->getModel('workflow'); $workflow = $workflowModel->get($wid); if (!$workflow) { JError::raiseError(404, JText::_("Workflow not found")); } /* Authorization */ $pManager->loadPlugins('acl'); $response = $pManager->invokeMethod('acl', 'getMyGroupId', array($workflow->acl), null); $userGroups = $response[$workflow->acl]; $user =& JFactory::getUser(); if ($user->guest) { JError::raiseError(403, JText::_("Access Forbidden")); } if (!canManageWorkflows() && !in_array($workflow->admin_gid, array_keys($userGroups))) { JError::raiseError(403, JText::_("Access Forbidden")); } /* User is autorized */ $historyModel =& $this->getModel('history'); $itemHistory = $historyModel->get($wid, $iid); if (!$itemHistory) { JError::raiseError(404, JText::_("Item not found or No history stored for this item")); } /* Prepare and display the view */ $viewType = $document->getType(); $viewName = 'history'; $viewLayout = 'default'; $view =& $this->getView($viewName, $viewType, '', array('base_path' => $this->_basePath)); // Set the layout $view->setLayout($viewLayout); //Display the view $view->display($itemHistory, $workflow); }