openDocument.js - доработка проверки прав при открытии документа

c5cac29e · Samir Sadyhov · f6cd1205 · c5cac29e
Commit c5cac29e authored Dec 26, 2025 by Samir Sadyhov 🤔
Hide whitespace changes
Inline Side-by-side

Showing with 44 additions and 9 deletions

constructor/scripts/openDocument/openDocument.js constructor/scripts/openDocument/openDocument.js +44 -9

No files found.
--- a/constructor/scripts/openDocument/openDocument.js
+++ b/constructor/scripts/openDocument/openDocument.js
@@ -52,6 +52,23 @@ const getRegistryRoute = async registryID => {
  });
 }

+const canEditFile = async (documentID) => {
+  return new Promise(async resolve => {
+    try {
+      const {login, password} = Cons.creds;
+      const auth = "Basic " + btoa(unescape(encodeURIComponent(`${login}:${password}`)));
+      const url = `../Synergy/rest/api/storage/canEditFile?documentId=${documentID}`;
+      const response = await fetch(url, {method: 'GET', headers: {"Authorization": auth}});
+
+      if(!response.ok) throw new Error(await response.text());
+      resolve(response.text());
+    } catch (err) {
+      console.log(`ERROR [ canEditFile ]: ${err.message}`);
+      resolve(false);
+    }
+  });
+}
+
 const getFileModels = player => {
  const result = [];
  player.model.models[0].modelBlocks[0].forEach(block => {
@@ -1971,6 +1988,23 @@ class ARMFooter {
    this.init();
  }

+  canEditDoc(_doc){
+    let canEdit = true;
+    if(_doc.dataUUID) {
+      if(!_doc.hasOwnProperty('registryInfo')) {
+        canEdit = false;
+      } else {
+        if(_doc.registryInfo.hasOwnProperty('rights') && _doc.registryInfo.rights == "no") {
+          canEdit = false;
+        } else if(_doc.registryInfo.rr_read != "Y") {
+          canEdit = false;
+        }
+      }
+    }
+    if(_doc.canEdit == "true") _doc.canEdit = true;
+    return canEdit || _doc.canEdit;
+  }
+
  async initParams(_doc){
    Cons.showLoader();
    try {
@@ -1989,6 +2023,7 @@ class ARMFooter {
      _doc.process = await AS.FORMS.ApiUtils.simpleAsyncGet(`rest/api/workflow/get_execution_process?documentID=${_doc.documentID}&locale=${AS.OPTIONS.locale}`);
      _doc.processResponsible = getResponsibleUserWork(_doc.process);
      _doc.process = getUserWork(_doc.process, AS.OPTIONS.currentUser.userid);
+      

      if(_doc.type == 'document') {
        if(_doc.process.length) {
@@ -2018,21 +2053,21 @@ class ARMFooter {

      if(_doc.dataUUID) {
        _doc.registryInfo = await appAPI.getRegistryInfoByID(_doc.docInfo.registryID);
-
-        _doc.registryInfo = await appAPI.getRegistryInfoByID(_doc.docInfo.registryID);
-        const msgErrorRead = 'Вам запрещен доступ к этому документу';
-        if(!_doc.registryInfo) throw new Error(msgErrorRead);
-        if(_doc.registryInfo.hasOwnProperty('rights') && _doc.registryInfo.rights == "no") throw new Error(msgErrorRead);
-        if(_doc.registryInfo.rr_read != "Y") throw new Error(msgErrorRead);
-
        _doc.form = await AS.FORMS.ApiUtils.simpleAsyncGet(`rest/api/asforms/form/${_doc.docInfo.formID}?locale=${AS.OPTIONS.locale}`);
+        _doc.canEdit = await canEditFile(_doc.documentID);
+
+        if(!this.canEditDoc(_doc)) throw new Error('Вам запрещен доступ к этому документу');

        _doc.formName = _doc.form.name;
-        _doc.registryCode = _doc.registryInfo.code;
+        _doc.registryCode = _doc?.registryInfo?.code;
        _doc.meaning = await appAPI.getDocMeaningContent(_doc.dataUUID);
+
        if(_doc.workInfo) _doc.workInfo.dataUUID = _doc.dataUUID;

-        _doc.registryRoute = await getRegistryRoute(_doc.registryInfo.registryID);
+        _doc.registryRoute = null;
+        if(_doc.hasOwnProperty('registryInfo') && _doc.registryInfo.hasOwnProperty('registryID') ) {
+          _doc.registryRoute = await getRegistryRoute(_doc.registryInfo.registryID);
+        }

        _doc.formPlayer = AS.FORMS.createPlayer();