Questions and discussion about developing processes and programming in PHP, JavaScript, web services & REST API.

Moderator: amosbatto

Forum rules: Please search to see if a question has already asked before creating a new topic. Please don't post the same question in multiple forums.
#822611
Hello all,

I have designed a workflow which contains sensible data that should not be seen by all the participants of the case.
On the other hand every participant of a case should be able to view the processmap of the case.

Is there a way to allow the user to see the processmap, but not the data change log.
I have googled a lot about Processmaker permissions, but could not find a hint.

Thank you for your help

Kind Regards,

Oliver
#822646
There is no easy way to deal with this.
You can comment out the code that shows the menu option Information > Change Log. Of course, none of the users would be able to use it. Is that what you want?

If so, I don't have time to look for it right now, but I will try to find it when I have some time.
#822653
Hello Amos,

thanks for your reply.
Yes, hiding the pulldown entry for the change log would be a possible solution for me.

But I have come accross another problem which seems to be related to the new 3.3 version. A user who is registered as an operator is not able to view the process map at all. I have compared this with an old 3.2 installation. In 3.2. this was not a problem at all.

With version 3.3 I am not able to see both the processmap and the change log.
Do I need to add extra permissions to the operator role in version 3.3 to be able to view the process-map?

Thanks for your help

Kind Regards,

Oliver
#822665
OliverWi wrote: Wed Jan 30, 2019 9:20 am But I have come accross another problem which seems to be related to the new 3.3 version. A user who is registered as an operator is not able to view the process map at all. I have compared this with an old 3.2 installation. In 3.2. this was not a problem at all.

With version 3.3 I am not able to see both the processmap and the change log.
Do I need to add extra permissions to the operator role in version 3.3 to be able to view the process-map?
Yes, I see the problem in PM 3.3.0 and 3.3.2. There is a bug when ProcessMaker tries to verify the login session of a user with the PROCESSMAKER_OPERATOR role. It shows the following error in the web browser debugger:
Code: Select all
Uncaught SyntaxError: Unexpected token <
    at doDecode (ext-all.js:2)
bugShowingProcessMap.png
bugShowingProcessMap.png (65.9 KiB) Viewed 383 times
Here is a way to workaround the problem for now. Edit your workflow/engine/templates/cases/open.js file with a plain text editor and change the code starting at line 475 from:
Code: Select all
  Actions.processMap = function()
  {     
        Actions.tabFrame('processMap');
        Ext.Ajax.request({
            url : 'ajaxListener' ,
            params : {action : 'verifySession'},
            success: function ( result, request ) {
              var data = Ext.util.JSON.decode(result.responseText);
              if( data.lostSession ) {
               Ext.Msg.show({
                      title: _('ID_ERROR'),
                      msg: data.message,
                      animEl: 'elId',
                      icon: Ext.MessageBox.ERROR,
                      buttons: Ext.MessageBox.OK,
                      fn : function(btn) {
                      try
                                  {
                                    prnt = parent.parent;
                                    top.location = top.location;
                                  }
                                catch (err)
                                  {
                                    parent.location = parent.location;
                                  }
                      }
                    });
              } else {
                 Actions.tabFrame('processMap');
              }
            },
            failure: function (result, request) {
              if (typeof(result.responseText) != 'undefined') {
                Ext.MessageBox.alert( _('ID_FAILED'), result.responseText);
              }
            }
       }); 
  }
To:
Code: Select all
  Actions.processMap = function()
  {     
        Actions.tabFrame('processMap');
        /*
	  Ext.Ajax.request({
            url : 'ajaxListener' ,
            params : {action : 'verifySession'},
            success: function ( result, request ) {
              var data = Ext.util.JSON.decode(result.responseText);
              if( data.lostSession ) {
               Ext.Msg.show({
                      title: _('ID_ERROR'),
                      msg: data.message,
                      animEl: 'elId',
                      icon: Ext.MessageBox.ERROR,
                      buttons: Ext.MessageBox.OK,
                      fn : function(btn) {
                      try
                                  {
                                    prnt = parent.parent;
                                    top.location = top.location;
                                  }
                                catch (err)
                                  {
                                    parent.location = parent.location;
                                  }
                      }
                    });
              } else {
                 Actions.tabFrame('processMap');
              }
            },
            failure: function (result, request) {
              if (typeof(result.responseText) != 'undefined') {
                Ext.MessageBox.alert( _('ID_FAILED'), result.responseText);
              }
            }
       }); 
    */
  }

You will have to clear the cache in your web browser after making this change to use the new code.

If you can't change the source code, then you can also get around the problem for now, by adding a button to your Dynaforms with the ID "showProcessMap". Then add the following JavaScript to the Dynaform:
Code: Select all
$("#showProcessMap").getControl().click( function() { 
   parent.Actions.tabFrame('processMap');
});
#822666
OliverWi wrote: Wed Jan 30, 2019 9:20 am Yes, hiding the pulldown entry for the change log would be a possible solution for me.
Edit your workflow/engine/templates/cases/open.js file with a plain text editor and change the code starting at line 785 from:
Code: Select all
    Actions.changeLogHistory = function ()
    {
        Ext.Ajax.request({
            url: 'ajaxListener',
            params: {action: 'verifySession'},
            success: function (result, request) {
                var data = Ext.util.JSON.decode(result.responseText);
                if (data.lostSession) {
                    Ext.Msg.show({
                        title: _('ID_ERROR'),
                        msg: data.message,
                        animEl: 'elId',
                        icon: Ext.MessageBox.ERROR,
                        buttons: Ext.MessageBox.OK,
                        fn: function (btn) {
                            try
                            {
                                prnt = parent.parent;
                                top.location = top.location;
                            } catch (err)
                            {
                                parent.location = parent.location;
                            }
                        }
                    });
                } else {
                    Actions.tabFrame('changeLogHistory');
                }
            },
            failure: function (result, request) {
                if (typeof (result.responseText) != 'undefined') {
                    Ext.MessageBox.alert(_('ID_FAILED'), result.responseText);
                }
            }
        });
    }
To:
Code: Select all
    Actions.changeLogHistory = function ()
    { /*
        Ext.Ajax.request({
            url: 'ajaxListener',
            params: {action: 'verifySession'},
            success: function (result, request) {
                var data = Ext.util.JSON.decode(result.responseText);
                if (data.lostSession) {
                    Ext.Msg.show({
                        title: _('ID_ERROR'),
                        msg: data.message,
                        animEl: 'elId',
                        icon: Ext.MessageBox.ERROR,
                        buttons: Ext.MessageBox.OK,
                        fn: function (btn) {
                            try
                            {
                                prnt = parent.parent;
                                top.location = top.location;
                            } catch (err)
                            {
                                parent.location = parent.location;
                            }
                        }
                    });
                } else {
                    Actions.tabFrame('changeLogHistory');
                }
            },
            failure: function (result, request) {
                if (typeof (result.responseText) != 'undefined') {
                    Ext.MessageBox.alert(_('ID_FAILED'), result.responseText);
                }
            }
        });
    */
    }
Then, clear the cache of your web browser. After that the users won't be able access the Information > Change Log.
#822667
I figured out how to fix the bug. It is not necessary to edit the code in your open.js file.
Instead, you should edit workflow/engine/methods/cases/ajaxListener.php and change lines 53-7 from:
Code: Select all
            if (
                $userAuthorization['rolesPermissions']['PM_REASSIGNCASE'] ||
                ($userAuthorization['rolesPermissions']['PM_REASSIGNCASE_SUPERVISOR'] && $userAuthorization['supervisor']) ||
                in_array($appUid, $userAuthorization['objectPermissions']['REASSIGN_MY_CASES'])
            ) {

To:
Code: Select all
            if (
                $userAuthorization['rolesPermissions']['PM_REASSIGNCASE'] ||
                ($userAuthorization['rolesPermissions']['PM_REASSIGNCASE_SUPERVISOR'] && $userAuthorization['supervisor']) ||
                (isset($userAuthorization['objectPermissions']) && in_array($appUid, $userAuthorization['objectPermissions']['REASSIGN_MY_CASES']))
            ) {
#822694
Hi Amos,

thanks for your help. The bug-fix works just fine.

Regarding the button which opens the process map, I have changed the code a little bit:

$("#btn_ChangeLog").find("button").click(function(){
parent.Actions.tabFrame('processMap');
});

I don't know why but it didn't work with "getcontrol".

Kind Regards,

Oliver
Custom Header on Dynaforms

Thanks for the reply. What I ended up doing, sinc[…]

If you press F12 to open the web browser's debug[…]

Error in api call with sso enabled

???

HI Amos, The users are internal users who can onl[…]