mirror of
https://github.com/Combodo/iTop.git
synced 2026-05-19 23:32:17 +02:00
N°7423 - Forbid UserTokens to be able to connect to the backoffice (or any portal) - add context to users
This commit is contained in:
Eric Espie
@@ -11084,7 +11084,7 @@ class AttributeEnumSet extends AttributeSet
|
||||
return max(255, $iMaxSize);
|
||||
}
|
||||
|
||||
private function GetRawPossibleValues($aArgs = array(), $sContains = '')
|
||||
protected function GetRawPossibleValues($aArgs = array(), $sContains = '')
|
||||
{
|
||||
/** @var ValueSetEnumPadded $oValSetDef */
|
||||
$oValSetDef = $this->Get('possible_values');
|
||||
@@ -11317,6 +11317,65 @@ class AttributeEnumSet extends AttributeSet
|
||||
}
|
||||
}
|
||||
|
||||
/**
|
||||
* @since 3.2.0 N°7423
|
||||
*/
|
||||
class AttributeContextTagSet extends AttributeEnumSet
|
||||
{
|
||||
public static function ListExpectedParams()
|
||||
{
|
||||
// allowed_values and possible_values are replaced by context_type and excluded_contexts
|
||||
return array_diff(
|
||||
array_merge(parent::ListExpectedParams(), ['is_null_allowed', 'max_items', 'context_type', 'denied_contexts']),
|
||||
['allowed_values', 'possible_values']);
|
||||
}
|
||||
|
||||
protected function GetRawPossibleValues($aArgs = array(), $sContains = ''): array
|
||||
{
|
||||
$sType = $this->Get('context_type');
|
||||
$aExcludedContexts = $this->Get('denied_contexts');
|
||||
$aContexts = [];
|
||||
switch ($sType) {
|
||||
case 'authentication':
|
||||
$aContexts = ContextTag::GetTagsForConnection();
|
||||
break;
|
||||
|
||||
case 'all':
|
||||
$aContexts = ContextTag::GetTags();
|
||||
break;
|
||||
}
|
||||
|
||||
$aContexts = array_diff($aContexts, $aExcludedContexts);
|
||||
$oValSetDef = new ValueSetEnumPadded($aContexts);
|
||||
|
||||
return $oValSetDef->GetValues([], $sContains);
|
||||
}
|
||||
|
||||
public function GetPossibleValues($aArgs = array(), $sContains = '')
|
||||
{
|
||||
return $this->GetRawPossibleValues($aArgs, $sContains);
|
||||
}
|
||||
|
||||
public function GetValueLabel($sValue)
|
||||
{
|
||||
if ($sValue instanceof ormSet) {
|
||||
$sValue = implode(', ', $sValue->GetValues());
|
||||
}
|
||||
|
||||
$aValues = $this->GetRawPossibleValues();
|
||||
$sLabel = Dict::S('Enum:Undefined');
|
||||
if (is_string($sValue) && isset($aValues[$sValue])) {
|
||||
$sLabel = $aValues[$sValue];
|
||||
}
|
||||
|
||||
return $sLabel;
|
||||
}
|
||||
|
||||
public function GetValueDescription($sValue)
|
||||
{
|
||||
return '';
|
||||
}
|
||||
}
|
||||
|
||||
class AttributeClassAttCodeSet extends AttributeSet
|
||||
{
|
||||
|
||||
@@ -58,12 +58,15 @@ class ContextTag
|
||||
public const TAG_SETUP = 'Setup';
|
||||
public const TAG_SYNCHRO = 'Synchro';
|
||||
public const TAG_REST = 'REST/JSON';
|
||||
|
||||
/**
|
||||
* @since 3.2.0 N°7423
|
||||
*/
|
||||
public const TAG_GUI = 'GUI';
|
||||
/**
|
||||
* @since 3.1.0 N°6047
|
||||
*/
|
||||
public const TAG_IMPORT = 'Import';
|
||||
/**
|
||||
/**
|
||||
* @since 3.1.0 N°6047
|
||||
*/
|
||||
public const TAG_EXPORT = 'Export';
|
||||
@@ -101,11 +104,18 @@ class ContextTag
|
||||
|
||||
/**
|
||||
* Check if a given tag is present in the stack
|
||||
* @param string $sTag
|
||||
* or check if one of the tags in the array is present
|
||||
*
|
||||
* @param array|string $sTag
|
||||
*
|
||||
* @return bool
|
||||
*/
|
||||
public static function Check($sTag)
|
||||
public static function Check(array|string $sTag): bool
|
||||
{
|
||||
if (is_array($sTag)) {
|
||||
return (count(array_intersect($sTag, static::$aStack)) > 0);
|
||||
}
|
||||
|
||||
return in_array($sTag, static::$aStack);
|
||||
}
|
||||
|
||||
@@ -118,6 +128,25 @@ class ContextTag
|
||||
return static::$aStack;
|
||||
}
|
||||
|
||||
public static function GetTagsForConnection(): array
|
||||
{
|
||||
$aRawTags = array(
|
||||
ContextTag::TAG_GUI,
|
||||
ContextTag::TAG_REST,
|
||||
ContextTag::TAG_SYNCHRO,
|
||||
ContextTag::TAG_IMPORT,
|
||||
ContextTag::TAG_EXPORT);
|
||||
|
||||
$aTags = array();
|
||||
|
||||
foreach ($aRawTags as $sRawTag)
|
||||
{
|
||||
$aTags[$sRawTag] = Dict::S("Core:Context={$sRawTag}");
|
||||
}
|
||||
|
||||
return $aTags;
|
||||
}
|
||||
|
||||
/**
|
||||
* Get all the predefined context tags
|
||||
* @return array
|
||||
@@ -125,11 +154,14 @@ class ContextTag
|
||||
public static function GetTags()
|
||||
{
|
||||
$aRawTags = array(
|
||||
ContextTag::TAG_GUI,
|
||||
ContextTag::TAG_REST,
|
||||
ContextTag::TAG_SYNCHRO,
|
||||
ContextTag::TAG_SETUP,
|
||||
ContextTag::TAG_CONSOLE,
|
||||
ContextTag::TAG_CRON,
|
||||
ContextTag::TAG_IMPORT,
|
||||
ContextTag::TAG_EXPORT,
|
||||
ContextTag::TAG_PORTAL);
|
||||
|
||||
$aTags = array();
|
||||
|
||||
@@ -808,6 +808,29 @@
|
||||
</fields>
|
||||
</class>
|
||||
</classes>
|
||||
<attribute_definitions _delta="define">
|
||||
<attribute_definition id="AttributeContextTagSet">
|
||||
<properties>
|
||||
<property id="sql"/>
|
||||
<property id="is_null_allowed"/>
|
||||
<property id="max_items"/>
|
||||
<property id="default_value"/>
|
||||
<property id="context_type">
|
||||
<php_param>context_type</php_param>
|
||||
<mandatory>true</mandatory>
|
||||
<type>string</type>
|
||||
</property>
|
||||
<property id="denied_contexts">
|
||||
<php_param>denied_contexts</php_param>
|
||||
<mandatory>false</mandatory>
|
||||
<type>collection</type>
|
||||
<collection_element_name>denied_context</collection_element_name>
|
||||
<collection_type>id</collection_type>
|
||||
<default/>
|
||||
</property>
|
||||
</properties>
|
||||
</attribute_definition>
|
||||
</attribute_definitions>
|
||||
<attribute_properties_definition _delta="define">
|
||||
<properties>
|
||||
<property id="sql">
|
||||
@@ -830,11 +853,6 @@
|
||||
<mandatory>true</mandatory>
|
||||
<type>string</type>
|
||||
</property>
|
||||
<property id="sql">
|
||||
<php_param>sql</php_param>
|
||||
<mandatory>true</mandatory>
|
||||
<type>string</type>
|
||||
</property>
|
||||
<property id="class_attcode">
|
||||
<php_param>class_attcode</php_param>
|
||||
<mandatory>true</mandatory>
|
||||
|
||||
@@ -252,6 +252,8 @@ abstract class User extends cmdbAbstractObject
|
||||
MetaModel::Init_AddAttribute(new AttributeLinkedSetIndirect("profile_list",array("linked_class" => "URP_UserProfile", "ext_key_to_me" => "userid", "ext_key_to_remote" => "profileid", "allowed_values" => null, "count_min" => 1, "count_max" => 0, "depends_on" => array(), "display_style" => 'property', "with_php_constraint" => true, "with_php_computation" => true)));
|
||||
MetaModel::Init_AddAttribute(new AttributeLinkedSetIndirect("allowed_org_list", array("linked_class" => "URP_UserOrg", "ext_key_to_me" => "userid", "ext_key_to_remote" => "allowed_org_id", "allowed_values" => null, "count_min" => 1, "count_max" => 0, "depends_on" => array(), 'with_php_constraint' => true)));
|
||||
MetaModel::Init_AddAttribute(new AttributeCaseLog("log", array("sql" => 'log', "is_null_allowed" => true, "default_value" => '', "allowed_values" => null, "depends_on" => array(), "always_load_in_tables" => false)));
|
||||
$aTags = ContextTag::GetTagsForConnection();
|
||||
MetaModel::Init_AddAttribute(new AttributeEnumSet('allowed_contexts', array('allowed_values' => null, 'possible_values' => new ValueSetEnumPadded($aTags, true), 'sql' => 'allowed_contexts', 'depends_on' => array(), 'is_null_allowed' => true, 'max_items' => 12)));
|
||||
|
||||
// Display lists
|
||||
MetaModel::Init_SetZListItems('details', array('contactid', 'org_id', 'email', 'login', 'language', 'status', 'profile_list', 'allowed_org_list', 'log')); // Unused as it's an abstract class !
|
||||
|
||||
@@ -580,6 +580,7 @@ class ValueSetEnumPadded extends ValueSetEnum
|
||||
$aPaddedValues[$sKey] = $sVal;
|
||||
}
|
||||
$this->m_values = $aPaddedValues;
|
||||
$this->m_bIsLoaded = true;
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user