')
@@ -744,10 +616,10 @@ class UserRightsProfile extends UserRightsAddOnAPI
//$oContact->Set('employee_number', '');
$iContactId = $oContact->DBInsertTrackedNoReload($oChange);
- $oUser = new URP_Users();
+ $oUser = new UserLocal();
$oUser->Set('login', $sAdminUser);
$oUser->Set('password', $sAdminPwd);
- $oUser->Set('userid', $iContactId);
+ $oUser->Set('contactid', $iContactId);
$oUser->Set('language', $sLanguage); // Language was chosen during the installation
$iUserId = $oUser->DBInsertTrackedNoReload($oChange);
@@ -760,9 +632,9 @@ class UserRightsProfile extends UserRightsAddOnAPI
return true;
}
- public function IsAdministrator($iUserId)
+ public function IsAdministrator($oUser)
{
- if (in_array($iUserId, $this->m_aAdmins))
+ if (in_array($oUser->GetKey(), $this->m_aAdmins))
{
return true;
}
@@ -787,15 +659,12 @@ class UserRightsProfile extends UserRightsAddOnAPI
MetaModel::RegisterPlugin('userrights', 'ACbyProfile', array($this, 'CacheData'));
}
- protected $m_aUsers = array(); // id -> object
protected $m_aDimensions = array(); // id -> object
protected $m_aClassProj = array(); // class,dimensionid -> object
protected $m_aProfiles = array(); // id -> object
protected $m_aUserProfiles = array(); // userid,profileid -> object
protected $m_aProPro = array(); // profileid,dimensionid -> object
- protected $m_aLogin2UserId = array(); // login -> id
-
protected $m_aAdmins = array(); // id of users being linked to the well-known admin profile
protected $m_aClassActionGrants = array(); // profile, class, action -> permission
@@ -806,15 +675,6 @@ class UserRightsProfile extends UserRightsAddOnAPI
{
// Could be loaded in a shared memory (?)
- $oUserSet = new DBObjectSet(DBObjectSearch::FromOQL("SELECT URP_Users"));
- $this->m_aUsers = array();
- $this->m_aLogin2UserId = array();
- while ($oUser = $oUserSet->Fetch())
- {
- $this->m_aUsers[$oUser->GetKey()] = $oUser;
- $this->m_aLogin2UserId[$oUser->Get('login')] = $oUser->GetKey();
- }
-
$oDimensionSet = new DBObjectSet(DBObjectSearch::FromOQL("SELECT URP_Dimensions"));
$this->m_aDimensions = array();
while ($oDimension = $oDimensionSet->Fetch())
@@ -857,7 +717,6 @@ class UserRightsProfile extends UserRightsAddOnAPI
/*
echo "\n";
- print_r($this->m_aUsers);
print_r($this->m_aDimensions);
print_r($this->m_aClassProjs);
print_r($this->m_aProfiles);
@@ -870,94 +729,6 @@ exit;
return true;
}
- public function CheckCredentials($sUserName, $sPassword)
- {
- $oSet = new DBObjectSet(DBObjectSearch::FromOQL("SELECT URP_Users WHERE login = :login"), array(), array('login' => $sUserName));
- if ($oSet->Count() < 1)
- {
- // todo: throw an exception?
- return false;
- }
-
- $oUser = $oSet->Fetch();
- if ($oUser->Get('password') == $sPassword)
- {
- return $oUser->GetKey();
- }
- // todo: throw an exception?
- return false;
- }
-
- public function CanChangePassword()
- {
- // For now everyone can change their password..
- return true;
- }
-
- public function ChangePassword($iUserId, $sOldPassword, $sNewPassword)
- {
- $oSet = new DBObjectSet(DBObjectSearch::FromOQL("SELECT URP_Users WHERE id = :user_id"), array(), array('user_id' => $iUserId));
- if ($oSet->Count() < 1)
- {
- return false;
- }
-
- $oLogin = $oSet->Fetch();
- if ($oLogin->Get('password') == $sOldPassword)
- {
- $oLogin->Set('password', $sNewPassword);
- $oChange = MetaModel::NewObject("CMDBChange");
- $oChange->Set("date", time());
- if (UserRights::GetUser() != UserRights::GetRealUser())
- {
- $sUserString = Dict::Format('UI:Archive_User_OnBehalfOf_User', UserRights::GetRealUser(), UserRights::GetUser());
- }
- else
- {
- $sUserString = UserRights::GetUser();
- }
- $oChange->Set("userinfo", $sUserString);
- $oLogin->DBUpdateTracked($oChange);
- return true;
- }
- return false;
- }
-
- public function GetUserId($sUserName)
- {
- if (array_key_exists($sUserName, $this->m_aLogin2UserId))
- {
- // This happens really when the list of users is being loaded into the cache!!!
- $iUserId = $this->m_aLogin2UserId[$sUserName];
- return $iUserId;
- }
- return null;
- }
-
- public function GetUserLanguage($sUserName)
- {
- if (array_key_exists($sUserName, $this->m_aLogin2UserId))
- {
- // This happens really when the list of users is being loaded into the cache!!!
- $iUserId = $this->m_aLogin2UserId[$sUserName];
- $oUser = $this->m_aUsers[$iUserId];
- return $oUser->Get('language');
- }
- return 'EN US';
- }
-
- public function GetContactId($sUserName)
- {
- if (array_key_exists($sUserName, $this->m_aLogin2UserId))
- {
- // This happens really when the list of users is being loaded into the cache!!!
- $iUserId = $this->m_aLogin2UserId[$sUserName];
- $oUser = $this->m_aUsers[$iUserId];
- return $oUser->Get('userid');
- }
- return null;
- }
-
public function GetFilter($sUserName, $sClass)
{
$oNullFilter = new DBObjectSearch($sClass);
@@ -1051,10 +822,8 @@ exit;
return $aRes;
}
- public function IsActionAllowed($iUserId, $sClass, $iActionCode, $oInstanceSet = null)
+ public function IsActionAllowed($oUser, $sClass, $iActionCode, $oInstanceSet = null)
{
- $oUser = $this->m_aUsers[$iUserId];
-
if (is_null($oInstanceSet))
{
$aObjectPermissions = $this->GetObjectActionGrant($oUser, $sClass, $iActionCode);
@@ -1092,10 +861,8 @@ exit;
}
}
- public function IsActionAllowedOnAttribute($iUserId, $sClass, $sAttCode, $iActionCode, $oInstanceSet = null)
+ public function IsActionAllowedOnAttribute($oUser, $sClass, $sAttCode, $iActionCode, $oInstanceSet = null)
{
- $oUser = $this->m_aUsers[$iUserId];
-
if (is_null($oInstanceSet))
{
$aObjectPermissions = $this->GetObjectActionGrant($oUser, $sClass, $iActionCode);
@@ -1173,10 +940,8 @@ exit;
return $oGrantRecord;
}
- public function IsStimulusAllowed($iUserId, $sClass, $sStimulusCode, $oInstanceSet = null)
+ public function IsStimulusAllowed($oUser, $sClass, $sStimulusCode, $oInstanceSet = null)
{
- $oUser = $this->m_aUsers[$iUserId];
-
// Note: this code is VERY close to the code of IsActionAllowed()
if (is_null($oInstanceSet))
diff --git a/application/displayblock.class.inc.php b/application/displayblock.class.inc.php
index 765a10d44..ed0f395bb 100644
--- a/application/displayblock.class.inc.php
+++ b/application/displayblock.class.inc.php
@@ -25,7 +25,6 @@
require_once('../application/webpage.class.inc.php');
require_once('../application/utils.inc.php');
-require_once('../core/userrights.class.inc.php');
/**
* Helper class to manage 'blocks' of HTML pieces that are parts of a page and contain some list of cmdb objects
*
diff --git a/application/itopwebpage.class.inc.php b/application/itopwebpage.class.inc.php
index 3744879c5..113d31372 100644
--- a/application/itopwebpage.class.inc.php
+++ b/application/itopwebpage.class.inc.php
@@ -251,7 +251,7 @@ EOF
// Add the admin menus
$oAdminMenu = new MenuGroup('AdminTools', 80 /* fRank */);
- new OQLMenuNode('UserAccountsMenu', 'SELECT URP_Users', $oAdminMenu->GetIndex(), 1 /* fRank */);
+ new OQLMenuNode('UserAccountsMenu', 'SELECT User', $oAdminMenu->GetIndex(), 1 /* fRank */);
new OQLMenuNode('ProfilesMenu', 'SELECT URP_Profiles', $oAdminMenu->GetIndex(), 2 /* fRank */);
new TemplateMenuNode('NotificationsMenu', '../business/templates/notifications_menu.html', $oAdminMenu->GetIndex(), 3 /* fRank */);
new WebPageMenuNode('RunQueriesMenu', '../pages/run_query.php', $oAdminMenu->GetIndex(), 8 /* fRank */);
diff --git a/application/user.preferences.class.inc.php b/application/user.preferences.class.inc.php
index 15bfd9d2e..a63472c57 100644
--- a/application/user.preferences.class.inc.php
+++ b/application/user.preferences.class.inc.php
@@ -154,7 +154,7 @@ class appUserPreferences extends DBObject
);
MetaModel::Init_Params($aParams);
- MetaModel::Init_AddAttribute(new AttributeExternalKey("userid", array("targetclass"=>"URP_Users", "allowed_values"=>null, "sql"=>"userid", "is_null_allowed"=>true, "on_target_delete"=>DEL_MANUAL, "depends_on"=>array())));
+ MetaModel::Init_AddAttribute(new AttributeExternalKey("userid", array("targetclass"=>"User", "allowed_values"=>null, "sql"=>"userid", "is_null_allowed"=>true, "on_target_delete"=>DEL_MANUAL, "depends_on"=>array())));
MetaModel::Init_AddAttribute(new AttributePropertySet("preferences", array("allowed_values"=>null, "sql"=>"preferences", "default_value"=>null, "is_null_allowed"=>true, "depends_on"=>array())));
}
diff --git a/application/usercontext.class.inc.php b/application/usercontext.class.inc.php
index e9ea9d8e4..e38195ff1 100644
--- a/application/usercontext.class.inc.php
+++ b/application/usercontext.class.inc.php
@@ -24,7 +24,6 @@
*/
require_once('../core/cmdbobject.class.inc.php');
-require_once('../core/userrights.class.inc.php');
/**
* Helper class to capture a user's restrictions (access rights, profiles...) as a set of limiting conditions
*
diff --git a/core/cmdbobject.class.inc.php b/core/cmdbobject.class.inc.php
index 6b36dd009..c99c260f8 100644
--- a/core/cmdbobject.class.inc.php
+++ b/core/cmdbobject.class.inc.php
@@ -74,7 +74,6 @@ require_once('cmdbchangeop.class.inc.php');
require_once('csvparser.class.inc.php');
require_once('bulkchange.class.inc.php');
-require_once('userrights.class.inc.php');
//
// Error handling
diff --git a/core/config.class.inc.php b/core/config.class.inc.php
index 85388c5a2..2eb01ac68 100644
--- a/core/config.class.inc.php
+++ b/core/config.class.inc.php
@@ -119,6 +119,7 @@ class Config
'../core/event.class.inc.php',
'../core/action.class.inc.php',
'../core/trigger.class.inc.php',
+ '../addons/authentication/authent.local.inc.php',
);
$this->m_aDataModels = array();
$this->m_aAddons = array(
diff --git a/core/metamodel.class.php b/core/metamodel.class.php
index 9c3762303..a1664da28 100644
--- a/core/metamodel.class.php
+++ b/core/metamodel.class.php
@@ -1042,22 +1042,25 @@ abstract class MetaModel
// Add it to the ZLists where the external key is present
//foreach(self::$m_aListData[$sClass] as $sListCode => $aAttributes)
$sListCode = 'list';
- $aAttributes = self::$m_aListData[$sClass][$sListCode];
- // temporary.... no loop
+ if (isset(self::$m_aListData[$sClass][$sListCode]))
{
- if (in_array($sAttCode, $aAttributes))
+ $aAttributes = self::$m_aListData[$sClass][$sListCode];
+ // temporary.... no loop
{
- $aNewList = array();
- foreach($aAttributes as $iPos => $sAttToDisplay)
+ if (in_array($sAttCode, $aAttributes))
{
- if (is_string($sAttToDisplay) && ($sAttToDisplay == $sAttCode))
+ $aNewList = array();
+ foreach($aAttributes as $iPos => $sAttToDisplay)
{
- // Insert the final class right before
- $aNewList[] = $sClassRecallAttCode;
+ if (is_string($sAttToDisplay) && ($sAttToDisplay == $sAttCode))
+ {
+ // Insert the final class right before
+ $aNewList[] = $sClassRecallAttCode;
+ }
+ $aNewList[] = $sAttToDisplay;
}
- $aNewList[] = $sAttToDisplay;
+ self::$m_aListData[$sClass][$sListCode] = $aNewList;
}
- self::$m_aListData[$sClass][$sListCode] = $aNewList;
}
}
}
@@ -3136,6 +3139,10 @@ abstract class MetaModel
// Set the language... after the dictionaries have been loaded!
Dict::SetDefaultLanguage($oConfig->GetDefaultLanguage());
+ // Romain: this is the only way I've found to cope with the fact that
+ // classes have to be derived from cmdbabstract (to be editable in the UI)
+ require_once('../application/cmdbabstract.class.inc.php');
+
foreach ($oConfig->GetAppModules() as $sModule => $sToInclude)
{
self::Plugin($sConfigFile, 'application', $sToInclude);
diff --git a/core/userrights.class.inc.php b/core/userrights.class.inc.php
index a9e13c3e5..27b1b277a 100644
--- a/core/userrights.class.inc.php
+++ b/core/userrights.class.inc.php
@@ -54,21 +54,150 @@ abstract class UserRightsAddOnAPI
abstract public function CreateAdministrator($sAdminUser, $sAdminPwd, $sLanguage = 'EN US'); // could be used during initial installation
abstract public function Init(); // loads data (possible optimizations)
- abstract public function CheckCredentials($sLogin, $sPassword); // returns the id of the user or false
- abstract public function CanChangePassword(); // Whether or not a user can change her/his own password
- abstract public function ChangePassword($iUserId, $sOldPassword, $sNewPassword); // Change the password of the specified user
- abstract public function GetUserLanguage($sLogin); // returns the language code (e.g "EN US")
- abstract public function GetUserId($sLogin); // returns the id of the user or false
- abstract public function GetContactId($sLogin); // returns the id of the "business" user or false
+
+ // Cf UserContext...
abstract public function GetFilter($sLogin, $sClass); // returns a filter object
- abstract public function IsActionAllowed($iUserId, $sClass, $iActionCode, /*dbObjectSet*/ $oInstanceSet = null);
- abstract public function IsStimulusAllowed($iUserId, $sClass, $sStimulusCode, /*dbObjectSet*/ $oInstanceSet = null);
- abstract public function IsActionAllowedOnAttribute($iUserId, $sClass, $sAttCode, $iActionCode, /*dbObjectSet*/ $oInstanceSet = null);
- abstract public function IsAdministrator($iUserId);
+
+ abstract public function IsActionAllowed($oUser, $sClass, $iActionCode, /*dbObjectSet*/ $oInstanceSet = null);
+ abstract public function IsStimulusAllowed($oUser, $sClass, $sStimulusCode, /*dbObjectSet*/ $oInstanceSet = null);
+ abstract public function IsActionAllowedOnAttribute($oUser, $sClass, $sAttCode, $iActionCode, /*dbObjectSet*/ $oInstanceSet = null);
+ abstract public function IsAdministrator($oUser);
abstract public function FlushPrivileges();
}
+abstract class User extends cmdbAbstractObject
+{
+ public static function Init()
+ {
+ $aParams = array
+ (
+ "category" => "core",
+ "key_type" => "autoincrement",
+ "name_attcode" => "login",
+ "state_attcode" => "",
+ "reconc_keys" => array(),
+ "db_table" => "priv_user",
+ "db_key_field" => "id",
+ "db_finalclass_field" => "",
+ "display_template" => "",
+ );
+ MetaModel::Init_Params($aParams);
+ //MetaModel::Init_InheritAttributes();
+
+ MetaModel::Init_AddAttribute(new AttributeExternalKey("contactid", array("targetclass"=>"Person", "allowed_values"=>null, "sql"=>"contactid", "is_null_allowed"=>true, "on_target_delete"=>DEL_MANUAL, "depends_on"=>array())));
+ MetaModel::Init_AddAttribute(new AttributeExternalField("last_name", array("allowed_values"=>null, "extkey_attcode"=> 'contactid', "target_attcode"=>"name")));
+ MetaModel::Init_AddAttribute(new AttributeExternalField("first_name", array("allowed_values"=>null, "extkey_attcode"=> 'contactid', "target_attcode"=>"first_name")));
+ MetaModel::Init_AddAttribute(new AttributeExternalField("email", array("allowed_values"=>null, "extkey_attcode"=> 'contactid', "target_attcode"=>"email")));
+
+ MetaModel::Init_AddAttribute(new AttributeString("login", array("allowed_values"=>null, "sql"=>"login", "default_value"=>null, "is_null_allowed"=>false, "depends_on"=>array())));
+
+ MetaModel::Init_AddAttribute(new AttributeApplicationLanguage("language", array("sql"=>"language", "default_value"=>"EN US", "is_null_allowed"=>false, "depends_on"=>array())));
+
+ MetaModel::Init_AddAttribute(new AttributeLinkedSetIndirect("profile_list", array("linked_class"=>"URP_UserProfile", "ext_key_to_me"=>"userid", "ext_key_to_remote"=>"profileid", "allowed_values"=>null, "count_min"=>1, "count_max"=>0, "depends_on"=>array())));
+
+ // Display lists
+ MetaModel::Init_SetZListItems('details', array('contactid', 'first_name', 'email', 'login', 'language', 'profile_list')); // Attributes to be displayed for the complete details
+ MetaModel::Init_SetZListItems('list', array('first_name', 'last_name', 'login')); // Attributes to be displayed for a list
+ // Search criteria
+ MetaModel::Init_SetZListItems('standard_search', array('login', 'contactid')); // Criteria of the std search form
+ MetaModel::Init_SetZListItems('advanced_search', array('login', 'contactid')); // Criteria of the advanced search form
+ }
+
+ abstract public function CheckCredentials($sPassword);
+ abstract public function TrustWebServerContext();
+ abstract public function CanChangePassword();
+ abstract public function ChangePassword($sOldPassword, $sNewPassword);
+
+ function GetGrantAsHtml($sClass, $iAction)
+ {
+ if (UserRights::IsActionAllowed($sClass, $iAction, null, $this))
+ {
+ return ''.Dict::S('UI:UserManagement:ActionAllowed:Yes').'';
+ }
+ else
+ {
+ return ''.Dict::S('UI:UserManagement:ActionAllowed:No').'';
+ }
+ }
+
+ function DoShowGrantSumary($oPage, $sClassCategory)
+ {
+ if (UserRights::IsAdministrator($this))
+ {
+ // Looks dirty, but ok that's THE ONE
+ $oPage->p(Dict::S('UI:UserManagement:AdminProfile+'));
+ return;
+ }
+
+ $aDisplayData = array();
+ foreach (MetaModel::GetClasses($sClassCategory) as $sClass)
+ {
+ $aClassStimuli = MetaModel::EnumStimuli($sClass);
+ if (count($aClassStimuli) > 0)
+ {
+ $aStimuli = array();
+ foreach ($aClassStimuli as $sStimulusCode => $oStimulus)
+ {
+ if (UserRights::IsStimulusAllowed($sClass, $sStimulusCode, null, $this))
+ {
+ $aStimuli[] = ''.htmlentities($oStimulus->GetLabel()).'';
+ }
+ }
+ $sStimuli = implode(', ', $aStimuli);
+ }
+ else
+ {
+ $sStimuli = ''.Dict::S('UI:UserManagement:NoLifeCycleApplicable').'';
+ }
+
+ $aDisplayData[] = array(
+ 'class' => MetaModel::GetName($sClass),
+ 'read' => $this->GetGrantAsHtml($sClass, UR_ACTION_READ),
+ 'bulkread' => $this->GetGrantAsHtml($sClass, UR_ACTION_BULK_READ),
+ 'write' => $this->GetGrantAsHtml($sClass, UR_ACTION_MODIFY),
+ 'bulkwrite' => $this->GetGrantAsHtml($sClass, UR_ACTION_BULK_MODIFY),
+ 'stimuli' => $sStimuli,
+ );
+ }
+
+ $aDisplayConfig = array();
+ $aDisplayConfig['class'] = array('label' => Dict::S('UI:UserManagement:Class'), 'description' => Dict::S('UI:UserManagement:Class+'));
+ $aDisplayConfig['read'] = array('label' => Dict::S('UI:UserManagement:Action:Read'), 'description' => Dict::S('UI:UserManagement:Action:Read+'));
+ $aDisplayConfig['bulkread'] = array('label' => Dict::S('UI:UserManagement:Action:BulkRead'), 'description' => Dict::S('UI:UserManagement:Action:BulkRead+'));
+ $aDisplayConfig['write'] = array('label' => Dict::S('UI:UserManagement:Action:Modify'), 'description' => Dict::S('UI:UserManagement:Action:Modify+'));
+ $aDisplayConfig['bulkwrite'] = array('label' => Dict::S('UI:UserManagement:Action:BulkModify'), 'description' => Dict::S('UI:UserManagement:Action:BulkModify+'));
+ $aDisplayConfig['stimuli'] = array('label' => Dict::S('UI:UserManagement:Action:Stimuli'), 'description' => Dict::S('UI:UserManagement:Action:Stimuli+'));
+ $oPage->table($aDisplayConfig, $aDisplayData);
+ }
+
+ function DisplayBareRelations(WebPage $oPage, $bEditMode = false)
+ {
+ parent::DisplayBareRelations($oPage, $bEditMode);
+ if (!$bEditMode)
+ {
+ $oPage->SetCurrentTab(Dict::S('UI:UserManagement:GrantMatrix'));
+ $this->DoShowGrantSumary($oPage, 'bizmodel');
+
+ // debug
+ if (false)
+ {
+ $oPage->SetCurrentTab('More on user rigths (dev only)');
+ $oPage->add("User rights
\n");
+ $this->DoShowGrantSumary($oPage, 'addon/userrights');
+ $oPage->add("Change log
\n");
+ $this->DoShowGrantSumary($oPage, 'core/cmdb');
+ $oPage->add("Application
\n");
+ $this->DoShowGrantSumary($oPage, 'application');
+ $oPage->add("GUI
\n");
+ $this->DoShowGrantSumary($oPage, 'gui');
+
+ }
+ }
+ }
+}
+
+
/**
* User management core API
@@ -78,11 +207,8 @@ abstract class UserRightsAddOnAPI
class UserRights
{
protected static $m_oAddOn;
- protected static $m_sUser;
- protected static $m_sRealUser;
- protected static $m_iUserId;
- protected static $m_iRealUserId;
- protected static $m_sUserLanguage;
+ protected static $m_oUser;
+ protected static $m_oRealUser;
public static function SelectModule($sModuleName)
{
@@ -98,11 +224,8 @@ class UserRights
}
self::$m_oAddOn = new $sModuleName;
self::$m_oAddOn->Init();
- self::$m_sUser = '';
- self::$m_sRealUser = '';
- self::$m_iUserId = 0;
- self::$m_iRealUserId = 0;
- self::$m_sUserLanguage = 'EN US';
+ self::$m_oUser = null;
+ self::$m_oRealUser = null;
}
public static function GetModuleInstance()
@@ -125,20 +248,39 @@ class UserRights
protected static function IsLoggedIn()
{
- return (!empty(self::$m_sUser));
+ if (self::$m_oUser == null)
+ {
+ return false;
+ }
+ else
+ {
+ return true;
+ }
}
public static function Login($sName, $sPassword)
{
- self::$m_iUserId = self::$m_oAddOn->CheckCredentials($sName, $sPassword);
- if (self::$m_iUserId !== false)
+ $oUser = self::FindUser($sName);
+ if (is_null($oUser))
{
- self::$m_sUser = $sName;
- self::$m_iRealUserId = self::$m_iUserId;
- self::$m_sRealUser = $sName;
- self::$m_sUserLanguage = self::$m_oAddOn->GetUserLanguage($sName);
- Dict::SetUserLanguage(self::GetUserLanguage());
- return true;
+ return false;
+ }
+
+ if (!$oUser->CheckCredentials($sPassword))
+ {
+ return false;
+ }
+ self::$m_oUser = $oUser;
+ self::$m_oRealUser = $oUser;
+ Dict::SetUserLanguage(self::GetUserLanguage());
+ return true;
+ }
+
+ public static function TrustWebServerContext()
+ {
+ if (!is_null(self::$m_oUser))
+ {
+ return self::$m_oUser->TrustWebServerContext();
}
else
{
@@ -148,9 +290,9 @@ class UserRights
public static function CanChangePassword()
{
- if (!is_null(self::$m_iUserId))
+ if (!is_null(self::$m_oUser))
{
- return self::$m_oAddOn->CanChangePassword(self::$m_iUserId);
+ return self::$m_oUser->CanChangePassword();
}
else
{
@@ -160,9 +302,9 @@ class UserRights
public static function ChangePassword($sCurrentPassword, $sNewPassword)
{
- if (!is_null(self::$m_iUserId))
+ if (!is_null(self::$m_oUser))
{
- return self::$m_oAddOn->ChangePassword(self::$m_iUserId, $sCurrentPassword, $sNewPassword);
+ return self::$m_oUser->ChangePassword($sCurrentPassword, $sNewPassword);
}
else
{
@@ -174,28 +316,45 @@ class UserRights
{
if (!self::CheckLogin()) return false;
- self::$m_iRealUserId = self::$m_oAddOn->CheckCredentials($sName, $sPassword);
- if (self::$m_iRealUserId !== false)
- {
- self::$m_sUser = $sName;
- self::$m_sUserLanguage = self::$m_oAddOn->GetUserLanguage($sName);
- Dict::SetUserLanguage(self::GetUserLanguage());
- return true;
- }
- else
+ $oUser = self::FindUser($sName);
+ if (is_null($oUser))
{
return false;
}
+ if (!$oUser->CheckCredentials($sPassword))
+ {
+ return false;
+ }
+
+ self::$m_oRealUser = self::$m_oUser;
+ self::$m_oUser = $oUser;
+ Dict::SetUserLanguage(self::GetUserLanguage());
+ return true;
}
public static function GetUser()
{
- return self::$m_sUser;
+ if (is_null(self::$m_oUser))
+ {
+ return '';
+ }
+ else
+ {
+ return self::$m_oUser->Get('login');
+ }
}
public static function GetUserLanguage()
{
- return self::$m_sUserLanguage;
+ if (is_null(self::$m_oUser))
+ {
+ return 'EN US';
+
+ }
+ else
+ {
+ return self::$m_oUser->Get('language');
+ }
}
public static function GetUserId($sName = '')
@@ -203,33 +362,66 @@ class UserRights
if (empty($sName))
{
// return current user id
- return self::$m_iUserId;
+ if (is_null(self::$m_oUser))
+ {
+ return null;
+ }
+ return self::$m_oUser->GetKey();
}
else
{
// find the id out of the login string
- return self::$m_oAddOn->GetUserId($sName);
+ $oUser = self::$m_oAddOn->FindUser($sName);
+ if (is_null($oUser))
+ {
+ return null;
+ }
+ return $oUser->GetKey();
}
}
public static function GetContactId($sName = '')
{
- // note: returns null if the user management module is not related to the business data model
if (empty($sName))
{
- $sName = self::$m_sUser;
+ $oUser = self::$m_oUser;
}
- return self::$m_oAddOn->GetContactId($sName);
+ else
+ {
+ $oUser = FindUser($sName);
+ }
+ if (is_null($oUser))
+ {
+ return '';
+ }
+ return $oUser->Get('contactid');
+ }
+
+ public static function IsImpersonated()
+ {
+ if (is_null(self::$m_oRealUser))
+ {
+ return false;
+ }
+ return true;
}
public static function GetRealUser()
{
- return self::$m_sRealUser;
+ if (is_null(self::$m_oRealUser))
+ {
+ return '';
+ }
+ return self::$m_oRealUser->Get('login');
}
public static function GetRealUserId()
{
- return self::$m_iRealUserId;
+ if (is_null(self::$m_oRealUser))
+ {
+ return '';
+ }
+ return self::$m_oRealUser->GetKey();
}
protected static function CheckLogin()
@@ -242,7 +434,6 @@ class UserRights
return true;
}
-
public static function GetFilter($sClass)
{
if (!self::CheckLogin()) return false;
@@ -254,13 +445,13 @@ class UserRights
// the rest is allowed (#@# to be improved)
if (!MetaModel::HasCategory($sClass, 'bizmodel')) return new DBObjectSearch($sClass);
- return self::$m_oAddOn->GetFilter(self::$m_iUserId, $sClass);
+ return self::$m_oAddOn->GetFilter(self::$m_oUser->GetKey(), $sClass);
}
- public static function IsActionAllowed($sClass, $iActionCode, /*dbObjectSet*/ $oInstanceSet = null, $iUserId = null)
+ public static function IsActionAllowed($sClass, $iActionCode, /*dbObjectSet*/ $oInstanceSet = null, $oUser = null)
{
if (!self::CheckLogin()) return false;
- if (self::IsAdministrator($iUserId)) return true;
+ if (self::IsAdministrator($oUser)) return true;
// this module is forbidden for non admins
if (MetaModel::HasCategory($sClass, 'addon/userrights')) return false;
@@ -268,20 +459,17 @@ class UserRights
// the rest is allowed (#@# to be improved)
if (!MetaModel::HasCategory($sClass, 'bizmodel')) return true;
- if (is_null($iUserId))
+ if (is_null($oUser))
{
- return self::$m_oAddOn->IsActionAllowed(self::$m_iUserId, $sClass, $iActionCode, $oInstanceSet);
- }
- else
- {
- return self::$m_oAddOn->IsActionAllowed($iUserId, $sClass, $iActionCode, $oInstanceSet);
+ $oUser = self::$m_oUser;
}
+ return self::$m_oAddOn->IsActionAllowed($oUser, $sClass, $iActionCode, $oInstanceSet);
}
- public static function IsStimulusAllowed($sClass, $sStimulusCode, /*dbObjectSet*/ $oInstanceSet = null, $iUserId = null)
+ public static function IsStimulusAllowed($sClass, $sStimulusCode, /*dbObjectSet*/ $oInstanceSet = null, $oUser = null)
{
if (!self::CheckLogin()) return false;
- if (self::IsAdministrator($iUserId)) return true;
+ if (self::IsAdministrator($oUser)) return true;
// this module is forbidden for non admins
if (MetaModel::HasCategory($sClass, 'addon/userrights')) return false;
@@ -289,20 +477,17 @@ class UserRights
// the rest is allowed (#@# to be improved)
if (!MetaModel::HasCategory($sClass, 'bizmodel')) return true;
- if (is_null($iUserId))
+ if (is_null($oUser))
{
- return self::$m_oAddOn->IsStimulusAllowed(self::$m_iUserId, $sClass, $sStimulusCode, $oInstanceSet);
- }
- else
- {
- return self::$m_oAddOn->IsStimulusAllowed($iUserId, $sClass, $sStimulusCode, $oInstanceSet);
+ $oUser = self::$m_oUser;
}
+ return self::$m_oAddOn->IsStimulusAllowed($oUser, $sClass, $sStimulusCode, $oInstanceSet);
}
- public static function IsActionAllowedOnAttribute($sClass, $sAttCode, $iActionCode, /*dbObjectSet*/ $oInstanceSet = null, $iUserId = null)
+ public static function IsActionAllowedOnAttribute($sClass, $sAttCode, $iActionCode, /*dbObjectSet*/ $oInstanceSet = null, $oUser = null)
{
if (!self::CheckLogin()) return false;
- if (self::IsAdministrator($iUserId)) return true;
+ if (self::IsAdministrator($oUser)) return true;
// this module is forbidden for non admins
if (MetaModel::HasCategory($sClass, 'addon/userrights')) return false;
@@ -310,28 +495,22 @@ class UserRights
// the rest is allowed (#@# to be improved)
if (!MetaModel::HasCategory($sClass, 'bizmodel')) return true;
- if (is_null($iUserId))
+ if (is_null($oUser))
{
- return self::$m_oAddOn->IsActionAllowedOnAttribute(self::$m_iUserId, $sClass, $sAttCode, $iActionCode, $oInstanceSet);
- }
- else
- {
- return self::$m_oAddOn->IsActionAllowedOnAttribute($iUserId, $sClass, $sAttCode, $iActionCode, $oInstanceSet);
+ $oUser = self::$m_oUser;
}
+ return self::$m_oAddOn->IsActionAllowedOnAttribute($oUser, $sClass, $sAttCode, $iActionCode, $oInstanceSet);
}
- public static function IsAdministrator($iUserId = null)
+ public static function IsAdministrator($oUser = null)
{
if (!self::CheckLogin()) return false;
- if (is_null($iUserId))
+ if (is_null($oUser))
{
- return self::$m_oAddOn->IsAdministrator(self::$m_iUserId);
- }
- else
- {
- return self::$m_oAddOn->IsAdministrator($iUserId);
+ $oUser = self::$m_oUser;
}
+ return self::$m_oAddOn->IsAdministrator($oUser);
}
public static function FlushPrivileges()
@@ -339,6 +518,22 @@ class UserRights
return self::$m_oAddOn->FlushPrivileges();
}
+ static $m_aCacheUsers;
+ protected static function FindUser($sLogin)
+ {
+ if (!isset(self::$m_aCacheUsers))
+ {
+ self::$m_aCacheUsers = array();
+ }
+ if (!isset(self::$m_aCacheUsers[$sLogin]))
+ {
+ $oSearch = DBObjectSearch::FromOQL("SELECT User WHERE login = :login");
+ $oSet = new DBObjectSet($oSearch, array(), array('login' => $sLogin));
+ $oUser = $oSet->fetch();
+ self::$m_aCacheUsers[$sLogin] = $oUser;
+ }
+ return self::$m_aCacheUsers[$sLogin];
+ }
}
diff --git a/dictionaries/dictionary.itop.ui.php b/dictionaries/dictionary.itop.ui.php
index 0088d2835..eaae4fe5f 100644
--- a/dictionaries/dictionary.itop.ui.php
+++ b/dictionaries/dictionary.itop.ui.php
@@ -115,32 +115,59 @@ Dict::Add('EN US', 'English', 'English', array(
//
//
-// Class: URP_Users
+// Class: User
//
Dict::Add('EN US', 'English', 'English', array(
- 'Class:URP_Users' => 'User',
- 'Class:URP_Users+' => 'Users and credentials',
- 'Class:URP_Users/Attribute:userid' => 'Contact (person)',
- 'Class:URP_Users/Attribute:userid+' => 'Personal details from the business data',
- 'Class:URP_Users/Attribute:last_name' => 'Last name',
- 'Class:URP_Users/Attribute:last_name+' => 'Name of the corresponding contact',
- 'Class:URP_Users/Attribute:first_name' => 'First name',
- 'Class:URP_Users/Attribute:first_name+' => 'First name of the corresponding contact',
- 'Class:URP_Users/Attribute:email' => 'Email',
- 'Class:URP_Users/Attribute:email+' => 'Email of the corresponding contact',
- 'Class:URP_Users/Attribute:login' => 'Login',
- 'Class:URP_Users/Attribute:login+' => 'user identification string',
- 'Class:URP_Users/Attribute:password' => 'Password',
- 'Class:URP_Users/Attribute:password+' => 'user authentication string',
- 'Class:URP_Users/Attribute:language' => 'Language',
- 'Class:URP_Users/Attribute:language+' => 'user language',
- 'Class:URP_Users/Attribute:language/Value:EN US' => 'English',
- 'Class:URP_Users/Attribute:language/Value:EN US+' => 'English U.S.',
- 'Class:URP_Users/Attribute:language/Value:FR FR' => 'French',
- 'Class:URP_Users/Attribute:language/Value:FR FR+' => 'FR FR',
- 'Class:URP_Users/Attribute:profile_list' => 'Profiles',
- 'Class:URP_Users/Attribute:profile_list+' => 'Roles, granting rights for that person',
+ 'Class:User' => 'User',
+ 'Class:User+' => 'User login',
+ 'Class:User/Attribute:contactid' => 'Contact (person)',
+ 'Class:User/Attribute:contactid+' => 'Personal details from the business data',
+ 'Class:User/Attribute:last_name' => 'Last name',
+ 'Class:User/Attribute:last_name+' => 'Name of the corresponding contact',
+ 'Class:User/Attribute:first_name' => 'First name',
+ 'Class:User/Attribute:first_name+' => 'First name of the corresponding contact',
+ 'Class:User/Attribute:email' => 'Email',
+ 'Class:User/Attribute:email+' => 'Email of the corresponding contact',
+ 'Class:User/Attribute:login' => 'Login',
+ 'Class:User/Attribute:login+' => 'user identification string',
+ 'Class:User/Attribute:language' => 'Language',
+ 'Class:User/Attribute:language+' => 'user language',
+ 'Class:User/Attribute:language/Value:EN US' => 'English',
+ 'Class:User/Attribute:language/Value:EN US+' => 'English U.S.',
+ 'Class:User/Attribute:language/Value:FR FR' => 'French',
+ 'Class:User/Attribute:language/Value:FR FR+' => 'FR FR',
+ 'Class:User/Attribute:profile_list' => 'Profiles',
+ 'Class:User/Attribute:profile_list+' => 'Roles, granting rights for that person',
+));
+
+//
+// Class: UserLocal
+//
+
+Dict::Add('EN US', 'English', 'English', array(
+ 'Class:UserLocal' => 'iTop user',
+ 'Class:UserLocal+' => 'User authentified by iTop',
+ 'Class:UserLocal/Attribute:contactid' => 'Contact (person)',
+ 'Class:UserLocal/Attribute:contactid+' => 'Personal details from the business data',
+ 'Class:UserLocal/Attribute:last_name' => 'Last name',
+ 'Class:UserLocal/Attribute:last_name+' => 'Name of the corresponding contact',
+ 'Class:UserLocal/Attribute:first_name' => 'First name',
+ 'Class:UserLocal/Attribute:first_name+' => 'First name of the corresponding contact',
+ 'Class:UserLocal/Attribute:email' => 'Email',
+ 'Class:UserLocal/Attribute:email+' => 'Email of the corresponding contact',
+ 'Class:UserLocal/Attribute:login' => 'Login',
+ 'Class:UserLocal/Attribute:login+' => 'user identification string',
+ 'Class:UserLocal/Attribute:password' => 'Password',
+ 'Class:UserLocal/Attribute:password+' => 'user authentication string',
+ 'Class:UserLocal/Attribute:language' => 'Language',
+ 'Class:UserLocal/Attribute:language+' => 'user language',
+ 'Class:UserLocal/Attribute:language/Value:EN US' => 'English',
+ 'Class:UserLocal/Attribute:language/Value:EN US+' => 'English U.S.',
+ 'Class:UserLocal/Attribute:language/Value:FR FR' => 'French',
+ 'Class:UserLocal/Attribute:language/Value:FR FR+' => 'FR FR',
+ 'Class:UserLocal/Attribute:profile_list' => 'Profiles',
+ 'Class:UserLocal/Attribute:profile_list+' => 'Roles, granting rights for that person',
));
//
diff --git a/dictionaries/fr.dictionary.itop.ui.php b/dictionaries/fr.dictionary.itop.ui.php
index 69fc3f80a..7e115a2d8 100644
--- a/dictionaries/fr.dictionary.itop.ui.php
+++ b/dictionaries/fr.dictionary.itop.ui.php
@@ -115,26 +115,47 @@ Dict::Add('FR FR', 'French', 'Français', array(
//
//
-// Class: URP_Users
+// Class: User
//
Dict::Add('FR FR', 'French', 'Français', array(
- 'Class:URP_Users' => 'Compte utilisateur',
- 'Class:URP_Users+' => 'Login utilisateur',
- 'Class:URP_Users/Attribute:userid' => 'Contact (personne)',
- 'Class:URP_Users/Attribute:userid+' => '',
- 'Class:URP_Users/Attribute:last_name' => 'Nom',
- 'Class:URP_Users/Attribute:last_name+' => '',
- 'Class:URP_Users/Attribute:first_name' => 'Prénom',
- 'Class:URP_Users/Attribute:first_name+' => '',
- 'Class:URP_Users/Attribute:email' => 'Adresse email',
- 'Class:URP_Users/Attribute:email+' => '',
- 'Class:URP_Users/Attribute:login' => 'Login',
- 'Class:URP_Users/Attribute:login+' => '',
- 'Class:URP_Users/Attribute:password' => 'Mot de passe',
- 'Class:URP_Users/Attribute:password+' => '',
- 'Class:URP_Users/Attribute:profile_list' => 'Profils',
- 'Class:URP_Users/Attribute:profile_list+' => 'Rôles, ouvrants les droits d\'accès',
+ 'Class:User' => 'Compte utilisateur',
+ 'Class:User+' => 'Login utilisateur',
+ 'Class:User/Attribute:contactid' => 'Contact (personne)',
+ 'Class:User/Attribute:contactid+' => '',
+ 'Class:User/Attribute:last_name' => 'Nom',
+ 'Class:User/Attribute:last_name+' => '',
+ 'Class:User/Attribute:first_name' => 'Prénom',
+ 'Class:User/Attribute:first_name+' => '',
+ 'Class:User/Attribute:email' => 'Adresse email',
+ 'Class:User/Attribute:email+' => '',
+ 'Class:User/Attribute:login' => 'Login',
+ 'Class:User/Attribute:login+' => '',
+ 'Class:User/Attribute:profile_list' => 'Profils',
+ 'Class:User/Attribute:profile_list+' => 'Rôles, ouvrants les droits d\'accès',
+));
+
+//
+// Class: UserLocal
+//
+
+Dict::Add('FR FR', 'French', 'Français', array(
+ 'Class:UserLocal' => 'Utilisateur iTop',
+ 'Class:UserLocal+' => 'Utilisateur authentifié par iTop',
+ 'Class:UserLocal/Attribute:contactid' => 'Contact (personne)',
+ 'Class:UserLocal/Attribute:contactid+' => '',
+ 'Class:UserLocal/Attribute:last_name' => 'Nom',
+ 'Class:UserLocal/Attribute:last_name+' => '',
+ 'Class:UserLocal/Attribute:first_name' => 'Prénom',
+ 'Class:UserLocal/Attribute:first_name+' => '',
+ 'Class:UserLocal/Attribute:email' => 'Adresse email',
+ 'Class:UserLocal/Attribute:email+' => '',
+ 'Class:UserLocal/Attribute:login' => 'Login',
+ 'Class:UserLocal/Attribute:login+' => '',
+ 'Class:UserLocal/Attribute:password' => 'Mot de passe',
+ 'Class:UserLocal/Attribute:password+' => '',
+ 'Class:UserLocal/Attribute:profile_list' => 'Profils',
+ 'Class:UserLocal/Attribute:profile_list+' => 'Rôles, ouvrants les droits d\'accès',
));
//
diff --git a/pages/UI.php b/pages/UI.php
index 4a4e7accc..9f49e5404 100644
--- a/pages/UI.php
+++ b/pages/UI.php
@@ -127,7 +127,7 @@ function DeleteObjects(WebPage $oP, $sClass, $aObjects, $bDeleteConfirmed)
//
$oMyChange = MetaModel::NewObject("CMDBChange");
$oMyChange->Set("date", time());
- if (UserRights::GetUser() != UserRights::GetRealUser())
+ if (UserRights::IsImpersonated())
{
$sUserString = Dict::Format('UI:Archive_User_OnBehalfOf_User', UserRights::GetRealUser(), UserRights::GetUser());
}
@@ -836,7 +836,7 @@ try
{
$oMyChange = MetaModel::NewObject("CMDBChange");
$oMyChange->Set("date", time());
- if (UserRights::GetUser() != UserRights::GetRealUser())
+ if (UserRights::IsImpersonated())
{
$sUserString = Dict::Format('UI:Archive_User_OnBehalfOf_User', UserRights::GetRealUser(), UserRights::GetUser());
}
@@ -942,7 +942,7 @@ try
$oObj = $oContext->GetObject($sClass, $iCloneId);
$oMyChange = MetaModel::NewObject("CMDBChange");
$oMyChange->Set("date", time());
- if (UserRights::GetUser() != UserRights::GetRealUser())
+ if (UserRights::IsImpersonated())
{
$sUserString = Dict::Format('UI:Archive_User_OnBehalfOf_User', UserRights::GetRealUser(), UserRights::GetUser());
}
@@ -985,7 +985,7 @@ try
$sClassLabel = MetaModel::GetName($sClass);
$oMyChange = MetaModel::NewObject("CMDBChange");
$oMyChange->Set("date", time());
- if (UserRights::GetUser() != UserRights::GetRealUser())
+ if (UserRights::IsImpersonated())
{
$sUserString = Dict::Format('UI:Archive_User_OnBehalfOf_User', UserRights::GetRealUser(), UserRights::GetUser());
}
@@ -1019,7 +1019,7 @@ try
$sClassLabel = MetaModel::GetName($sClass);
$oMyChange = MetaModel::NewObject("CMDBChange");
$oMyChange->Set("date", time());
- if (UserRights::GetUser() != UserRights::GetRealUser())
+ if (UserRights::IsImpersonated())
{
$sUserString = Dict::Format('UI:Archive_User_OnBehalfOf_User', UserRights::GetRealUser(), UserRights::GetUser());
}
@@ -1177,7 +1177,7 @@ EOF
{
$oMyChange = MetaModel::NewObject("CMDBChange");
$oMyChange->Set("date", time());
- if (UserRights::GetUser() != UserRights::GetRealUser())
+ if (UserRights::IsImpersonated())
{
$sUserString = Dict::Format('UI:Archive_User_OnBehalfOf_User', UserRights::GetRealUser(), UserRights::GetUser());
}
@@ -1229,7 +1229,7 @@ EOF
$sLinkingAttCode = utils::ReadParam('linking_attcode', '', 'post');
$oMyChange = MetaModel::NewObject("CMDBChange");
$oMyChange->Set("date", time());
- if (UserRights::GetUser() != UserRights::GetRealUser())
+ if (UserRights::IsImpersonated())
{
$sUserString = Dict::Format('UI:Archive_User_OnBehalfOf_User', UserRights::GetRealUser(), UserRights::GetUser());
}
diff --git a/setup/benchmark.php b/setup/benchmark.php
index cc8b69abe..e58b89422 100644
--- a/setup/benchmark.php
+++ b/setup/benchmark.php
@@ -129,12 +129,12 @@ class BenchmarkDataCreation
// User login
//
$aData = array(
- 'userid' => self::FindId('bizPerson'),
+ 'contactid' => self::FindId('bizPerson'),
'login' => 'foo',
'password' => 'foo',
'language' => 'EN US',
);
- $iLogin = $this->CreateObject('URP_Users', $aData, $oChange);
+ $iLogin = $this->CreateObject('User', $aData, $oChange);
// Assign profiles to the new login
//
diff --git a/setup/index.php b/setup/index.php
index ebbe84b76..5495bb442 100644
--- a/setup/index.php
+++ b/setup/index.php
@@ -360,6 +360,7 @@ function InitDataModel(SetupWebPage $oP, $sConfigFileName, $bModelOnly = true)
require_once('../core/dbobject.class.php');
require_once('../core/dbobjectsearch.class.php');
require_once('../core/dbobjectset.class.php');
+ require_once('../application/cmdbabstract.class.inc.php');
require_once('../core/userrights.class.inc.php');
$oP->log("Info - MetaModel::Startup from file '$sConfigFileName' (ModelOnly = $bModelOnly)");
diff --git a/setup/xmldataloader.class.inc.php b/setup/xmldataloader.class.inc.php
index d92880577..f849f3125 100644
--- a/setup/xmldataloader.class.inc.php
+++ b/setup/xmldataloader.class.inc.php
@@ -100,6 +100,7 @@ class XMLDataLoader
require_once('../core/dbobject.class.php');
require_once('../core/dbobjectsearch.class.php');
require_once('../core/dbobjectset.class.php');
+ require_once('../application/cmdbabstract.class.inc.php');
require_once('../core/userrights.class.inc.php');
MetaModel::Startup($sConfigFileName);
}