From 7da44233469b8d4544c3a074ebe063e4f0b31fb6 Mon Sep 17 00:00:00 2001
From: Guillaume Lajarige <guillaume.lajarige@combodo.com>
Date: Thu, 12 Oct 2017 08:55:01 +0000
Subject: [PATCH] =?UTF-8?q?(Retrofit=20from=20trunk)=20N=C2=B0642.2=20Port?=
 =?UTF-8?q?al:=20Lifecycle=20transitions=20security=20is=20now=20a=20black?=
 =?UTF-8?q?list=20instead=20of=20a=20white=20list.=20Making=20migration=20?=
 =?UTF-8?q?transparent=20and=20portal=20configuration=20easier.?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

SVN:2.4[5010]
---
 .../lifecyclevalidatorhelper.class.inc.php    | 33 +++++++++++--------
 1 file changed, 19 insertions(+), 14 deletions(-)

diff --git a/datamodels/2.x/itop-portal-base/portal/src/helpers/lifecyclevalidatorhelper.class.inc.php b/datamodels/2.x/itop-portal-base/portal/src/helpers/lifecyclevalidatorhelper.class.inc.php
index 65b8952aa1..25895a611b 100644
--- a/datamodels/2.x/itop-portal-base/portal/src/helpers/lifecyclevalidatorhelper.class.inc.php
+++ b/datamodels/2.x/itop-portal-base/portal/src/helpers/lifecyclevalidatorhelper.class.inc.php
@@ -161,10 +161,10 @@ class LifecycleValidatorHelper
                             }
 
                             // Retrieving profiles for the stimulus
-                            $oProfilesNode = $oStimulusNode->GetOptionalElement('allowed_profiles');
+                            $oProfilesNode = $oStimulusNode->GetOptionalElement('denied_profiles');
                             $aProfilesNames = array();
                             // If no profile is specified, we consider that it's for ALL the profiles
-                            if (($oProfilesNode === null) || ($oProfilesNode->GetNodes('./allowed_profile')->length === 0))
+                            if (($oProfilesNode === null) || ($oProfilesNode->GetNodes('./denied_profile')->length === 0))
                             {
                                 foreach (ProfilesConfig::GetProfilesValues() as $iKey => $aValue)
                                 {
@@ -173,13 +173,13 @@ class LifecycleValidatorHelper
                             }
                             else
                             {
-                                foreach ($oProfilesNode->GetNodes('./allowed_profile') as $oProfileNode)
+                                foreach ($oProfilesNode->GetNodes('./denied_profile') as $oProfileNode)
                                 {
                                     // Retrieving mandatory profile id attribute
                                     $sProfileId = $oProfileNode->getAttribute('id');
                                     if ($sProfileId === '')
                                     {
-                                        throw new DOMFormatException('Stimulus tag must have an id attribute.', null, null, $oProfileNode);
+                                        throw new DOMFormatException('Profile tag must have an id attribute.', null, null, $oProfileNode);
                                     }
                                     $aProfilesNames[] = $sProfileId;
                                 }
@@ -287,6 +287,12 @@ class LifecycleValidatorHelper
 	{
 		$aStimuli = array();
 
+		// Preparing available stimuli
+        foreach(MetaModel::EnumStimuli($sClass) as $sStimulusCode => $aData)
+        {
+            $aStimuli[$sStimulusCode] = true;
+        }
+
 		// Iterating on profiles to retrieving the different OQLs parts
 		foreach ($aProfiles as $sProfile)
 		{
@@ -297,19 +303,16 @@ class LifecycleValidatorHelper
 			$sLifecycleValuesClass = $this->sGeneratedClass;
 			$aProfileMatrix = $sLifecycleValuesClass::GetProfileStimuli($iProfileId, $sClass);
 
-			// If the profile / class tuple is not present (null), it means that all stimuli are allowed
-			if($aProfileMatrix === null)
+			foreach($aProfileMatrix as $sStimulusCode)
             {
-                $aImplicitStimuli = array_keys(MetaModel::EnumStimuli($sClass));
-                $aStimuli = array_merge_recursive($aStimuli, $aImplicitStimuli);
-            }
-            else
-            {
-                $aStimuli = array_merge_recursive($aStimuli, $aProfileMatrix);
+                if(array_key_exists($sStimulusCode, $aStimuli))
+                {
+                    unset($aStimuli[$sStimulusCode]);
+                }
             }
 		}
 
-		return $aStimuli;
+		return array_keys($aStimuli);
 	}
 
 	/**
@@ -374,7 +377,7 @@ class LifecycleValidatorHelper
 // File generated by LifeCycleValidatorHelper
 //
 // Please do not edit manually
-// List of constant lifecycles
+// List of denied stimuli by profiles in the lifecycles
 // - used by the portal LifecycleValidatorHelper
 //
 class $sClassName
@@ -382,6 +385,8 @@ class $sClassName
 	protected static \$aPROFILES = $sProfiles;
 
 	/**
+	* Returns the denied stimuli for a profile / class
+	*
 	* @param integer \$iProfileId
 	* @param string \$sClass
 	*/