diff --git a/addons/userrights/userrightsprofile.class.inc.php b/addons/userrights/userrightsprofile.class.inc.php index 650b1bc74..95ab42665 100644 --- a/addons/userrights/userrightsprofile.class.inc.php +++ b/addons/userrights/userrightsprofile.class.inc.php @@ -1,5 +1,5 @@ AddConditionExpression($oCondition); - - if (self::HasSharing()) - { - if (($sAttCode == 'id') && isset($aSettings['bSearchMode']) && $aSettings['bSearchMode']) - { - // Querying organizations (or derived) - // and the expected list of organizations will be used as a search criteria - // Therefore the query can also return organization having objects shared with the allowed organizations - // - // 1) build the list of organizations sharing something with the allowed organizations - // Organization <== sharing_org_id == SharedObject having org_id IN {user orgs} - $oShareSearch = new DBObjectSearch('SharedObject'); - $oOrgField = new FieldExpression('org_id', 'SharedObject'); - $oShareSearch->AddConditionExpression(new BinaryExpression($oOrgField, 'IN', $oListExpr)); - - $oSearchSharers = new DBObjectSearch('Organization'); - $oSearchSharers->AllowAllData(); - $oSearchSharers->AddCondition_ReferencedBy($oShareSearch, 'sharing_org_id'); - $aSharers = array(); - foreach($oSearchSharers->ToDataArray(array('id')) as $aRow) - { - $aSharers[] = $aRow['id']; - } - // 2) Enlarge the overall results: ... OR id IN(id1, id2, id3) - if (count($aSharers) > 0) - { - $oSharersList = ListExpression::FromScalars($aSharers); - $oFilter->MergeConditionExpression(new BinaryExpression($oExpression, 'IN', $oSharersList)); - } - } - - $aShareProperties = SharedObject::GetSharedClassProperties($sClass); - if ($aShareProperties) - { - $sShareClass = $aShareProperties['share_class']; - $sShareAttCode = $aShareProperties['attcode']; - - $oSearchShares = new DBObjectSearch($sShareClass); - $oSearchShares->AllowAllData(); - - $sHierarchicalKeyCode = MetaModel::IsHierarchicalClass('Organization'); - $oOrgField = new FieldExpression('org_id', $sShareClass); - $oSearchShares->AddConditionExpression(new BinaryExpression($oOrgField, 'IN', $oListExpr)); - $aShared = array(); - foreach($oSearchShares->ToDataArray(array($sShareAttCode)) as $aRow) - { - $aShared[] = $aRow[$sShareAttCode]; - } - if (count($aShared) > 0) - { - $oObjId = new FieldExpression('id', $sClass); - $oSharedIdList = ListExpression::FromScalars($aShared); - $oFilter->MergeConditionExpression(new BinaryExpression($oObjId, 'IN', $oSharedIdList)); - } - } - } // if HasSharing - - return $oFilter; + return $this->MakeSelectFilter($sClass, $aUserOrgs, $aSettings, $sAttCode); } + // This verb has been made public to allow the development of an accurate feedback for the current configuration public function GetProfileActionGrant($iProfile, $sClass, $sAction) { diff --git a/addons/userrights/userrightsprofile.db.class.inc.php b/addons/userrights/userrightsprofile.db.class.inc.php index aa6879822..58bdda6de 100644 --- a/addons/userrights/userrightsprofile.db.class.inc.php +++ b/addons/userrights/userrightsprofile.db.class.inc.php @@ -1,5 +1,5 @@ AddConditionExpression($oCondition); - - if (self::HasSharing()) - { - if (($sAttCode == 'id') && isset($aSettings['bSearchMode']) && $aSettings['bSearchMode']) - { - // Querying organizations (or derived) - // and the expected list of organizations will be used as a search criteria - // Therefore the query can also return organization having objects shared with the allowed organizations - // - // 1) build the list of organizations sharing something with the allowed organizations - // Organization <== sharing_org_id == SharedObject having org_id IN {user orgs} - $oShareSearch = new DBObjectSearch('SharedObject'); - $oOrgField = new FieldExpression('org_id', 'SharedObject'); - $oShareSearch->AddConditionExpression(new BinaryExpression($oOrgField, 'IN', $oListExpr)); - - $oSearchSharers = new DBObjectSearch('Organization'); - $oSearchSharers->AllowAllData(); - $oSearchSharers->AddCondition_ReferencedBy($oShareSearch, 'sharing_org_id'); - $aSharers = array(); - foreach($oSearchSharers->ToDataArray(array('id')) as $aRow) - { - $aSharers[] = $aRow['id']; - } - // 2) Enlarge the overall results: ... OR id IN(id1, id2, id3) - if (count($aSharers) > 0) - { - $oSharersList = ListExpression::FromScalars($aSharers); - $oFilter->MergeConditionExpression(new BinaryExpression($oExpression, 'IN', $oSharersList)); - } - } - - $aShareProperties = SharedObject::GetSharedClassProperties($sClass); - if ($aShareProperties) - { - $sShareClass = $aShareProperties['share_class']; - $sShareAttCode = $aShareProperties['attcode']; - - $oSearchShares = new DBObjectSearch($sShareClass); - $oSearchShares->AllowAllData(); - - $sHierarchicalKeyCode = MetaModel::IsHierarchicalClass('Organization'); - $oOrgField = new FieldExpression('org_id', $sShareClass); - $oSearchShares->AddConditionExpression(new BinaryExpression($oOrgField, 'IN', $oListExpr)); - $aShared = array(); - foreach($oSearchShares->ToDataArray(array($sShareAttCode)) as $aRow) - { - $aShared[] = $aRow[$sShareAttCode]; - } - if (count($aShared) > 0) - { - $oObjId = new FieldExpression('id', $sClass); - $oSharedIdList = ListExpression::FromScalars($aShared); - $oFilter->MergeConditionExpression(new BinaryExpression($oObjId, 'IN', $oSharedIdList)); - } - } - } // if HasSharing - - return $oFilter; + return $this->MakeSelectFilter($sClass, $aUserOrgs, $aSettings, $sAttCode); } // This verb has been made public to allow the development of an accurate feedback for the current configuration diff --git a/core/userrights.class.inc.php b/core/userrights.class.inc.php index 93e0677b7..cce7c1d9e 100644 --- a/core/userrights.class.inc.php +++ b/core/userrights.class.inc.php @@ -1,5 +1,5 @@ GetOwnerOrganizationAttCode($sClass); + } + if (empty($sAttCode)) + { + return $oFilter = new DBObjectSearch($sClass); + } + + $oExpression = new FieldExpression($sAttCode, $sClass); + $oFilter = new DBObjectSearch($sClass); + $oListExpr = ListExpression::FromScalars($aAllowedOrgs); + + $oCondition = new BinaryExpression($oExpression, 'IN', $oListExpr); + $oFilter->AddConditionExpression($oCondition); + + if ($this->HasSharing()) + { + if (($sAttCode == 'id') && isset($aSettings['bSearchMode']) && $aSettings['bSearchMode']) + { + // Querying organizations (or derived) + // and the expected list of organizations will be used as a search criteria + // Therefore the query can also return organization having objects shared with the allowed organizations + // + // 1) build the list of organizations sharing something with the allowed organizations + // Organization <== sharing_org_id == SharedObject having org_id IN {user orgs} + $oShareSearch = new DBObjectSearch('SharedObject'); + $oOrgField = new FieldExpression('org_id', 'SharedObject'); + $oShareSearch->AddConditionExpression(new BinaryExpression($oOrgField, 'IN', $oListExpr)); + + $oSearchSharers = new DBObjectSearch('Organization'); + $oSearchSharers->AllowAllData(); + $oSearchSharers->AddCondition_ReferencedBy($oShareSearch, 'sharing_org_id'); + $aSharers = array(); + foreach($oSearchSharers->ToDataArray(array('id')) as $aRow) + { + $aSharers[] = $aRow['id']; + } + // 2) Enlarge the overall results: ... OR id IN(id1, id2, id3) + if (count($aSharers) > 0) + { + $oSharersList = ListExpression::FromScalars($aSharers); + $oFilter->MergeConditionExpression(new BinaryExpression($oExpression, 'IN', $oSharersList)); + } + } + + $aShareProperties = SharedObject::GetSharedClassProperties($sClass); + if ($aShareProperties) + { + $sShareClass = $aShareProperties['share_class']; + $sShareAttCode = $aShareProperties['attcode']; + + $oSearchShares = new DBObjectSearch($sShareClass); + $oSearchShares->AllowAllData(); + + $sHierarchicalKeyCode = MetaModel::IsHierarchicalClass('Organization'); + $oOrgField = new FieldExpression('org_id', $sShareClass); + $oSearchShares->AddConditionExpression(new BinaryExpression($oOrgField, 'IN', $oListExpr)); + $aShared = array(); + foreach($oSearchShares->ToDataArray(array($sShareAttCode)) as $aRow) + { + $aShared[] = $aRow[$sShareAttCode]; + } + if (count($aShared) > 0) + { + $oObjId = new FieldExpression('id', $sClass); + $oSharedIdList = ListExpression::FromScalars($aShared); + $oFilter->MergeConditionExpression(new BinaryExpression($oObjId, 'IN', $oSharedIdList)); + } + } + } // if HasSharing + + return $oFilter; + } } @@ -712,6 +792,7 @@ class UserRights } } + public static function IsActionAllowed($sClass, $iActionCode, /*dbObjectSet*/ $oInstanceSet = null, $oUser = null) { // When initializing, we need to let everything pass trough @@ -918,6 +999,11 @@ class UserRights } return $oUser; } + + public static function MakeSelectFilter($sClass, $aAllowedOrgs, $aSettings = array(), $sAttCode = null) + { + return self::$m_oAddOn->MakeSelectFilter($sClass, $aAllowedOrgs, $aSettings, $sAttCode); + } } /**