[kn00wlege]

1.Summary form was created and defined in process settings.
2.All fields is view only mode
3. no buttons

and when i try to open "More information" i see that
You do not have permission to access to the summary form

And when i want to add permission in process permissions , i can't see permission type "Summary form"

release 3.1.2b2-0

[rcgongora]

Dear kn00wlege:
Have you tried to setup in "Edit Process" section?? there is a filed "Dynaform to show a case summary", please tell me if you tried this.

Best Regards

[kn00wlege]

Dear kn00wlege:
Have you tried to setup in "Edit Process" section?? there is a filed "Dynaform to show a case summary", please tell me if you tried this.

Best Regards

Thank you for your response !
Yes, dynaform already defined in edit process .

[amosbatto]

Kn00ledge, I just checked this in version 3.1.2 and the "Summary Form" option is not working correctly. It is showing the generic summary information instead of the selected DynaForm. I have filed an internal bug report about it:
https://processmaker.atlassian.net/browse/TRI-2113

Thanks for noticing this. Hopefully it will get fixed in future versions, but for now there is no work-around except to use an older version of ProcessMaker.

[imushtaque]

Kn00ledge, I just checked this in version 3.1.2 and the "Summary Form" option is not working correctly. It is showing the generic summary information instead of the selected DynaForm. I have filed an internal bug report about it:
https://processmaker.atlassian.net/browse/TRI-2113

Thanks for noticing this. Hopefully it will get fixed in future versions, but for now there is no work-around except to use an older version of ProcessMaker.

Hi amosbatto,

I'm using PM 3.1.3 and it seems the bug still not fixed.
Would appreciate much if you please advise a work-around.
Thanks.

[shearern]

I too found this an issue. Seeing as it's important for users to be able to see the summary to use the tool, I went ahead and disabled that security check.

I modified line 52 of processmaker/workflow/engine/methods/cases/summary.php to

Code: Select all

if ($viewSummaryForm == 0 && false) {

to skip the security check.

I of course don't recommend this fix in any environment, because who knows what else it could effect.

--Nate

[amosbatto]

Nate, I can't find the variable $viewSummaryForm defined anywhere in the code for PM 3.0.1.8 or PM 3.1.3. What version of PM are you using?

[shearern]

Interesting. I'm running version 3.1.3-community. Installed just a week ago.

Here's a larger snippet for context:

Code: Select all

    G::LoadClass( 'case' );
    $case = new Cases();
    $viewSummaryForm = 0;
    $applicationFields = $case->loadCase( $_REQUEST['APP_UID'], $_REQUEST['DEL_INDEX'] );

    /*----------------------------------********---------------------------------*/

    //Check if the user has the Process Permissions - Summary Form
    if ($viewSummaryForm == 0 && false) {
        throw new Exception( G::LoadTranslation( 'ID_SUMMARY_FORM_NO_PERMISSIONS' ) );
    }

(I added the

Code: Select all

&& false

)

It looks like $viewSummaryForm is initialized to 0, but I don't see where it checks for access before checking the variable.

[amosbatto]

This is bizarre. Here is the content of my workflow/engine/methods/cases/summary.php file for PM 3.1.3 Community:

Code: Select all

<?php
/**
 * summary.php
 *
 * ProcessMaker Open Source Edition
 * Copyright (C) 2004 - 2011 Colosa Inc.
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program. If not, see <http://www.gnu.org/licenses/>.
 *
 * For more information, contact Colosa Inc, 2566 Le Jeune Rd.,
 * Coral Gables, FL, 33134, USA, or email info@colosa.com.
 */

try {
    global $RBAC;
    switch ($RBAC->userCanAccess( 'PM_CASES' )) {
        case - 2:
            throw new Exception( G::LoadTranslation( 'ID_USER_HAVENT_RIGHTS_SYSTEM' ) );
            break;
        case - 1:
            throw new Exception( G::LoadTranslation( 'ID_USER_HAVENT_RIGHTS_PAGE' ) );
            break;
    }

    if (! isset( $_REQUEST['APP_UID'] ) || ! isset( $_REQUEST['DEL_INDEX'] ) || ! isset( $_REQUEST['DYN_UID'] )) {
        throw new Exception( G::LoadTranslation( 'ID_REQUIRED_FIELDS_ERROR' ) . ' (APP_UID, DEL_INDEX, DYN_UID)' );
    }

    if ($_REQUEST['APP_UID'] == '' || $_REQUEST['DEL_INDEX'] == '' || $_REQUEST['DYN_UID'] == '') {
        throw new Exception( G::LoadTranslation( 'ID_REQUIRED_FIELDS_ERROR' ) . ' (APP_UID, DEL_INDEX, DYN_UID)' );
    }
    G::LoadClass( 'case' );
    $case = new Cases();
    if ($RBAC->userCanAccess( 'PM_ALLCASES' ) < 0 && $case->userParticipatedInCase( $_REQUEST['APP_UID'], $_SESSION['USER_LOGGED'] ) == 0) {
        throw new Exception( G::LoadTranslation( 'ID_NO_PERMISSION_NO_PARTICIPATED' ) );
    }
    $applicationFields = $case->loadCase( $_REQUEST['APP_UID'], $_REQUEST['DEL_INDEX'] );
    /*----------------------------------********---------------------------------*/
    $applicationFields['APP_DATA']['__DYNAFORM_OPTIONS']['PREVIOUS_STEP_LABEL'] = '';
    $applicationFields['APP_DATA']['__DYNAFORM_OPTIONS']['PREVIOUS_STEP'] = '#';
    $applicationFields['APP_DATA']['__DYNAFORM_OPTIONS']['NEXT_STEP_LABEL'] = '';
    $applicationFields['APP_DATA']['__DYNAFORM_OPTIONS']['NEXT_ACTION'] = '#';
    $applicationFields['APP_DATA']['__DYNAFORM_OPTIONS']['DYNUIDPRINT'] = $_REQUEST['DYN_UID'];

    $criteria = new Criteria();
    $criteria->addSelectColumn(DynaformPeer::DYN_CONTENT);
    $criteria->add(DynaformPeer::DYN_UID, $_REQUEST['DYN_UID']);
    $criteria->add(DynaformPeer::DYN_VERSION, 2);
    $result = DynaformPeer::doSelectRS($criteria);
    $result->setFetchmode(ResultSet::FETCHMODE_ASSOC);
    if ($result->next()) {
        G::LoadClass('pmDynaform');
        G::LoadClass('pmDynaform');
        $FieldsPmDynaform = $applicationFields;
        $FieldsPmDynaform["CURRENT_DYNAFORM"] = $_REQUEST['DYN_UID'];
        $a = new pmDynaform(\ProcessMaker\Util\DateTime::convertUtcToTimeZone($FieldsPmDynaform));
        $a->printView();
    }
    if (file_exists( PATH_DYNAFORM . $applicationFields['PRO_UID'] . PATH_SEP . $_REQUEST['DYN_UID'] . '.xml' )) {
        G::LoadClass( 'dbConnections' );
        $_SESSION['PROCESS'] = $applicationFields['PRO_UID'];
        $dbConnections = new dbConnections( $_SESSION['PROCESS'] );
        $dbConnections->loadAdditionalConnections();
        $_SESSION['CURRENT_DYN_UID'] = $_REQUEST['DYN_UID'];

        global $G_PUBLISH;
        $G_PUBLISH = new Publisher();
        $G_PUBLISH->AddContent( 'dynaform', 'xmlform', $applicationFields['PRO_UID'] . '/' . $_REQUEST['DYN_UID'], '', $applicationFields['APP_DATA'], '', '', 'view' );
        G::RenderPage( 'publish', 'blank' );
    } else {
        throw new Exception( G::LoadTranslation( 'INVALID_FILE' ) . ': ' . $_REQUEST['DYN_UID'] );
    }
} catch (Exception $error) {
    global $G_PUBLISH;
    $G_PUBLISH = new Publisher();
    $G_PUBLISH->AddContent( 'xmlform', 'xmlform', 'login/showMessage', '', array ('MESSAGE' => $error->getMessage()) );
    G::RenderPage( 'publish', 'blank' );
    die();
}

?>
<script type="text/javascript">
    leimnud.event.add(window,"load",function(){
        if (parent.document.getElementById('buttonOpenDynaform') != null) {
            parent.document.getElementById('buttonOpenDynaform').setAttribute('class', 'x-btn x-btn-noicon')
            parent.document.getElementById('buttonOpenDynaform').style = "width: auto;";
        }
    });
</script>
<?php

I don't see the $viewSummaryForm variable. I also can't find it if I grep all the code. I'm downloading a fresh copy of the code to see if I can find it.

[atuly7]

$viewSummaryForm variable is used in Bitnami-processmaker 3.1.2 community edition.

Code: Select all

<?php
/**
 * summary.php
 *
 * ProcessMaker Open Source Edition
 * Copyright (C) 2004 - 2011 Colosa Inc.
 *
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License as
 * published by the Free Software Foundation, either version 3 of the
 * License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License
 * along with this program. If not, see <http://www.gnu.org/licenses/>.
 *
 * For more information, contact Colosa Inc, 2566 Le Jeune Rd.,
 * Coral Gables, FL, 33134, USA, or email info@colosa.com.
 */

try {
    global $RBAC;
    switch ($RBAC->userCanAccess( 'PM_CASES' )) {
        case - 2:
            throw new Exception( G::LoadTranslation( 'ID_USER_HAVENT_RIGHTS_SYSTEM' ) );
            break;
        case - 1:
            throw new Exception( G::LoadTranslation( 'ID_USER_HAVENT_RIGHTS_PAGE' ) );
            break;
    }

    if (! isset( $_REQUEST['APP_UID'] ) || ! isset( $_REQUEST['DEL_INDEX'] ) || ! isset( $_REQUEST['DYN_UID'] )) {
        throw new Exception( G::LoadTranslation( 'ID_REQUIRED_FIELDS_ERROR' ) . ' (APP_UID, DEL_INDEX, DYN_UID)' );
    }

    if ($_REQUEST['APP_UID'] == '' || $_REQUEST['DEL_INDEX'] == '' || $_REQUEST['DYN_UID'] == '') {
        throw new Exception( G::LoadTranslation( 'ID_REQUIRED_FIELDS_ERROR' ) . ' (APP_UID, DEL_INDEX, DYN_UID)' );
    }

    G::LoadClass( 'case' );
    $case = new Cases();
    $viewSummaryForm = 0;
    $applicationFields = $case->loadCase( $_REQUEST['APP_UID'], $_REQUEST['DEL_INDEX'] );

    /*----------------------------------********---------------------------------*/

    //Check if the user has the Process Permissions - Summary Form
    if ($viewSummaryForm == 0) {
        throw new Exception( G::LoadTranslation( 'ID_SUMMARY_FORM_NO_PERMISSIONS' ) );
    }

    $applicationFields['APP_DATA']['__DYNAFORM_OPTIONS']['PREVIOUS_STEP_LABEL'] = '';
    $applicationFields['APP_DATA']['__DYNAFORM_OPTIONS']['PREVIOUS_STEP'] = '#';
    $applicationFields['APP_DATA']['__DYNAFORM_OPTIONS']['NEXT_STEP_LABEL'] = '';
    $applicationFields['APP_DATA']['__DYNAFORM_OPTIONS']['NEXT_ACTION'] = '#';
    $applicationFields['APP_DATA']['__DYNAFORM_OPTIONS']['DYNUIDPRINT'] = $_REQUEST['DYN_UID'];

    $criteria = new Criteria();
    $criteria->addSelectColumn(DynaformPeer::DYN_CONTENT);
    $criteria->add(DynaformPeer::DYN_UID, $_REQUEST['DYN_UID']);
    $criteria->add(DynaformPeer::DYN_VERSION, 2);
    $result = DynaformPeer::doSelectRS($criteria);
    $result->setFetchmode(ResultSet::FETCHMODE_ASSOC);
    if ($result->next()) {
        G::LoadClass('pmDynaform');
        G::LoadClass('pmDynaform');
        $FieldsPmDynaform = $applicationFields;
        $FieldsPmDynaform["CURRENT_DYNAFORM"] = $_REQUEST['DYN_UID'];
        $a = new pmDynaform(\ProcessMaker\Util\DateTime::convertUtcToTimeZone($FieldsPmDynaform));
        $a->printView();
    }
    if (file_exists( PATH_DYNAFORM . $applicationFields['PRO_UID'] . PATH_SEP . $_REQUEST['DYN_UID'] . '.xml' )) {
        G::LoadClass( 'dbConnections' );
        $_SESSION['PROCESS'] = $applicationFields['PRO_UID'];
        $dbConnections = new dbConnections( $_SESSION['PROCESS'] );
        $dbConnections->loadAdditionalConnections();
        $_SESSION['CURRENT_DYN_UID'] = $_REQUEST['DYN_UID'];

        global $G_PUBLISH;
        $G_PUBLISH = new Publisher();
        $G_PUBLISH->AddContent( 'dynaform', 'xmlform', $applicationFields['PRO_UID'] . '/' . $_REQUEST['DYN_UID'], '', $applicationFields['APP_DATA'], '', '', 'view' );
        G::RenderPage( 'publish', 'blank' );
    } else {
        throw new Exception( G::LoadTranslation( 'INVALID_FILE' ) . ': ' . $_REQUEST['DYN_UID'] );
    }
} catch (Exception $error) {
    global $G_PUBLISH;
    $G_PUBLISH = new Publisher();
    $G_PUBLISH->AddContent( 'xmlform', 'xmlform', 'login/showMessage', '', array ('MESSAGE' => $error->getMessage()) );
    G::RenderPage( 'publish', 'blank' );
    die();
}

?>
<script type="text/javascript">
    leimnud.event.add(window,"load",function(){
        if (parent.document.getElementById('buttonOpenDynaform') != null) {
            parent.document.getElementById('buttonOpenDynaform').setAttribute('class', 'x-btn x-btn-noicon')
            parent.document.getElementById('buttonOpenDynaform').style = "width: auto;";
        }
    });
</script>
<?php

[shearern]

Ahh! Interesting. Yes, I did use bitnami to install. Sorry, I had no idea the source would be different.

So, perhaps my bug only exists on the bitnami side?

[amosbatto]

Ahh! Interesting. Yes, I did use bitnami to install. Sorry, I had no idea the source would be different.

So, perhaps my bug only exists on the bitnami side?

The bug also exists in a manual install of PM 3.1.3, so it is not a Bitnami issue.

[amosbatto]

This bug still hasn't been fixed in PM 3.2. Really annoying!

[itslenny]

This bug still hasn't been fixed in PM 3.2. Really annoying!

Agreed!

[amosbatto]

I just tried the official PM 3.2 release and it has been fixed!

[StephanS]

Hi,

I made an upgrade from 3.1.3 community to 3.2 community on a testserver and the possibility to set the permission in a process is still missing.
Even when I create a new process (to avoid problems with old process-code ...)

screen-20170519_102449.png (21.88 KiB) Viewed 20842 times

EDIT: It also does not work, if you select the permission-type "Dynaform" shown in the screenshot above and then select the same dynaform as set as a CaseSummary in process-settings.

EDIT2: Re-done the upgrade and still no Setting "Case Summary" in the permissions dialog.

[amosbatto]

Stephan,
I talked to the developers about this. They tell me that the "Summary Form" process permission is only for the Enterprise Edition. It won't be included in the Community Edition. We need to update the wiki to indicate this.

The bug that got fixed in PM 3.2 was that when you select a DynaForm to be the Summary Form in the process properties, then that DynaForm will be displayed to the users instead of the generic summary form, but there is no option in the Community Edition to limit who can see the summary form. If a user has access to the case, then he/she can see the DynaForm which is used for the summary form.

If you need to block certain users from seeing the DynaForm Summary Form, then you can add JavaScript code to your DynaForm that will hide it if certain users are logged in.
For example, the following code hides users johndoe, sallyroe and billybow from seeing the DynaForm Summary Form:

Code: Select all

var aBlockedUsernames = [ 'johndoe', 'sallyroe', 'billybow'];
if (top.window.__usernameLogged__) {
  var username = top.window.__usernameLogged__;
  if (aBlockedUsernames.indexOf(username) != -1) {
     $("form").hide();
     $("form").parent().append("Restricted information.");
  }
}  

[StephanS]

Hello Amos,

thank you very much for the informations.

[itslenny]

I just tried the official PM 3.2 release and it has been fixed!

I just upgraded from PM3.1 to PM3.2 (Community) to check this. The Summary form is still not working

When click on the More Information tab, I get

Error
You do not have permission to access to the summary form

So I suspect in providing permissions for the summary form only in Enterprise Edition, they have in fact prevented the form from working at all in the Community edition. Based on your prior posts, I gather this Summary Form should be accessible in the Community edition by default but this does not appear to be the case still.

[erpnedir]

I request from ProcessMaker decision makers to reconsider allowing this feature in Community Edition.
Getting case info for participated cases is an important information when using the system. Personally, I generate output documents to give user info about past cases. There is no point generating unnecessary files only for information lookup.
We love ProcessMaker because it has an excellent balance between CE and EE. Hope that goes forever.

[amosbatto]

I request from ProcessMaker decision makers to reconsider allowing this feature in Community Edition.

I agree with you, but I have very little influence over the code development. I suggest that you file a report at http://bugs.processmaker.com and make your request there, since the developers read the bug reports, but don't read this forum.

[alexisjavier]

I request from ProcessMaker decision makers to reconsider allowing this feature in Community Edition.
Getting case info for participated cases is an important information when using the system. Personally, I generate output documents to give user info about past cases. There is no point generating unnecessary files only for information lookup.
We love ProcessMaker because it has an excellent balance between CE and EE. Hope that goes forever.

I Agree, leaving off this feature was really cheap. PDFs are starting to pile up

[erpnedir]

I opened a request on mantis. https://bugs.processmaker.com/view.php?id=24935
I request everyone to comment at mantis who is supporting this feature on CE.