From 37ebb51a2b34a8d5f138eb62cb5afd60170d67bb Mon Sep 17 00:00:00 2001
From: Romain Quetiez <romain.quetiez@combodo.com>
Date: Thu, 16 Oct 2014 10:14:17 +0000
Subject: [PATCH] Computation of user rights: added a config flag to force the
 legacy algorithm (user_rights_legacy, defaulting to false)

SVN:trunk[3366]
---
 core/config.class.inc.php    | 8 ++++++++
 setup/compiler.class.inc.php | 6 ++++++
 2 files changed, 14 insertions(+)

diff --git a/core/config.class.inc.php b/core/config.class.inc.php
index e9388d13d..fcfa44c90 100644
--- a/core/config.class.inc.php
+++ b/core/config.class.inc.php
@@ -769,6 +769,14 @@ class Config
 			'source_of_value' => '',
 			'show_in_conf_sample' => false, 
 		),
+		'user_rights_legacy' => array(
+			'type' => 'bool',
+			'description' => 'Set to true to restore the buggy algorithm for the computation of user rights (within the same profile, ALLOW on the class itself has precedence on DENY of a parent class)',
+			'default' => false,
+			'value' => '',
+			'source_of_value' => '',
+			'show_in_conf_sample' => false,
+		),
 	);
 
 	public function IsProperty($sPropCode)
diff --git a/setup/compiler.class.inc.php b/setup/compiler.class.inc.php
index e7f7a96e3..0e3989bee 100644
--- a/setup/compiler.class.inc.php
+++ b/setup/compiler.class.inc.php
@@ -1650,6 +1650,8 @@ class ProfilesConfig
 
 	public static function GetProfileActionGrant(\$iProfileId, \$sClass, \$sAction)
 	{
+		\$bLegacyBehavior = MetaModel::GetConfig()->Get('user_rights_legacy');
+
 		// Search for a grant, stoping if any deny is encountered (allowance implies the verification of all paths)
 		\$bAllow = null;
 
@@ -1659,6 +1661,7 @@ class ProfilesConfig
 		if (isset(self::\$aGRANTS[\$sGrantKey]))
 		{
 			\$bAllow = self::\$aGRANTS[\$sGrantKey];
+			if (\$bLegacyBehavior) return \$bAllow;
 			if (!\$bAllow) return false;
 		}
 
@@ -1670,6 +1673,7 @@ class ProfilesConfig
 			if (isset(self::\$aGRANTS[\$sGrantKey]))
 			{
 				\$bAllow = self::\$aGRANTS[\$sGrantKey];
+				if (\$bLegacyBehavior) return \$bAllow;
 				if (!\$bAllow) return false;
 			}
 		}
@@ -1680,6 +1684,7 @@ class ProfilesConfig
 		if (!is_null(\$bGrant))
 		{
 			\$bAllow = \$bGrant;
+			if (\$bLegacyBehavior) return \$bAllow;
 			if (!\$bAllow) return false;
 		}
 
@@ -1689,6 +1694,7 @@ class ProfilesConfig
 		if (isset(self::\$aGRANTS[\$sGrantKey]))
 		{
 			\$bAllow = self::\$aGRANTS[\$sGrantKey];
+			if (\$bLegacyBehavior) return \$bAllow;
 			if (!\$bAllow) return false;
 		}