mirror of
https://github.com/Combodo/iTop.git
synced 2026-05-19 15:22:17 +02:00
N°4036 - User edition controls : the profiles selection should allow the User modification (when editing your own User)
This commit is contained in:
Eric
@@ -333,6 +333,7 @@ abstract class User extends cmdbAbstractObject
|
||||
{
|
||||
parent::DoCheckToWrite();
|
||||
|
||||
$oAddon = UserRights::GetModuleInstance();
|
||||
$aChanges = $this->ListChanges();
|
||||
if (array_key_exists('login', $aChanges)) {
|
||||
// Check login uniqueness
|
||||
@@ -368,11 +369,28 @@ abstract class User extends cmdbAbstractObject
|
||||
$aForbiddenProfiles = PortalDispatcherData::GetData('backoffice')['deny'];
|
||||
if ($this->IsCurrentUser()) {
|
||||
$oSet->Rewind();
|
||||
$aProfiles = [];
|
||||
while ($oUserProfile = $oSet->Fetch()) {
|
||||
$sProfile = $oUserProfile->Get('profile');
|
||||
if (in_array($sProfile, $aForbiddenProfiles)) {
|
||||
$this->m_aCheckIssues[] = Dict::Format('Class:User/Error:ProfileNotAllowed', $sProfile);
|
||||
}
|
||||
$aProfiles[$oUserProfile->Get('profileid')] = $sProfile;
|
||||
}
|
||||
|
||||
// Check if the user is yet allowed to modify Users
|
||||
if (method_exists($oAddon, 'ResetCache')) {
|
||||
$aCurrentProfiles = $_SESSION['profile_list'];
|
||||
// Set the current profiles into a session variable (not yet in the database)
|
||||
$_SESSION['profile_list'] = $aProfiles;
|
||||
|
||||
$oAddon->ResetCache();
|
||||
if (!$oAddon->IsActionAllowed($this, 'User', UR_ACTION_MODIFY, null)) {
|
||||
$this->m_aCheckIssues[] = Dict::S('Class:User/Error:CurrentProfilesHaveInsufficientRights');
|
||||
}
|
||||
$oAddon->ResetCache();
|
||||
|
||||
$_SESSION['profile_list'] = $aCurrentProfiles;
|
||||
}
|
||||
}
|
||||
}
|
||||
@@ -418,7 +436,6 @@ abstract class User extends cmdbAbstractObject
|
||||
}
|
||||
}
|
||||
|
||||
$oAddon = UserRights::GetModuleInstance();
|
||||
if (!UserRights::IsAdministrator()) {
|
||||
$oUser = UserRights::GetUserObject();
|
||||
if (!is_null($oUser) && method_exists($oAddon, 'GetUserOrgs')) {
|
||||
|
||||
@@ -129,6 +129,7 @@ Dict::Add('EN US', 'English', 'English', array(
|
||||
'Class:User/Error:ProfileNotAllowed' => 'Profile "%1$s" cannot be added it will deny the access to backoffice',
|
||||
'Class:User/Error:StatusChangeIsNotAllowed' => 'Changing status is not allowed for your own User',
|
||||
'Class:User/Error:AllowedOrgsMustContainUserOrg' => 'Allowed organizations must contain User organization',
|
||||
'Class:User/Error:CurrentProfilesHaveInsufficientRights' => 'The current list of profiles does not give sufficient access rights (Users are not modifiable anymore)',
|
||||
'Class:User/Error:AtLeastOneOrganizationIsNeeded' => 'At least one organization must be assigned to this user.',
|
||||
'Class:User/Error:OrganizationNotAllowed' => 'Organization not allowed.',
|
||||
'Class:User/Error:UserOrganizationNotAllowed' => 'The user account does not belong to your allowed organizations.',
|
||||
|
||||
@@ -113,6 +113,7 @@ Dict::Add('FR FR', 'French', 'Français', array(
|
||||
'Class:User/Error:ProfileNotAllowed' => 'Le profil "%1$s" ne peux pas être ajouté à son propre utilisateur, il interdit l\'accès à la console',
|
||||
'Class:User/Error:StatusChangeIsNotAllowed' => 'Impossible de changer l\'état de son propre utilisateur',
|
||||
'Class:User/Error:AllowedOrgsMustContainUserOrg' => 'Les organisations permises doivent contenir l\'organisation de l\'utilisateur',
|
||||
'Class:User/Error:CurrentProfilesHaveInsufficientRights' => 'Les profils existants ne permettent pas de modifier les utilisateurs',
|
||||
'Class:User/Error:AtLeastOneOrganizationIsNeeded' => 'L\'utilisateur doit avoir au moins une organisation.',
|
||||
'Class:User/Error:OrganizationNotAllowed' => 'Organisation non autorisée.',
|
||||
'Class:User/Error:UserOrganizationNotAllowed' => 'L\'utilisateur n\'appartient pas à vos organisations.',
|
||||
|
||||
Reference in New Issue
Block a user