composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-05-19 15:22:17 +02:00
Code Issues Packages Projects Releases Wiki Activity

(Retrofit from trunk) N°642.2 Portal: Lifecycle transitions security is now a blacklist instead of a white list. Making migration transparent and portal configuration easier.

Browse Source 
SVN:2.4[5010]
This commit is contained in:
Guillaume Lajarige
2017-10-12 08:55:01 +00:00
parent 2a770b9dc4
commit 7da4423346
1 changed files with 19 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

33
datamodels/2.x/itop-portal-base/portal/src/helpers/lifecyclevalidatorhelper.class.inc.php
View File

@@ -161,10 +161,10 @@ class LifecycleValidatorHelper
} }
// Retrieving profiles for the stimulus // Retrieving profiles for the stimulus
$oProfilesNode = $oStimulusNode->GetOptionalElement('allowed_profiles'); $oProfilesNode = $oStimulusNode->GetOptionalElement('denied_profiles');
$aProfilesNames = array(); $aProfilesNames = array();
// If no profile is specified, we consider that it's for ALL the profiles // If no profile is specified, we consider that it's for ALL the profiles
if (($oProfilesNode === null) || ($oProfilesNode->GetNodes('./allowed_profile')->length === 0)) if (($oProfilesNode === null) || ($oProfilesNode->GetNodes('./denied_profile')->length === 0))
{ {
foreach (ProfilesConfig::GetProfilesValues() as $iKey => $aValue) foreach (ProfilesConfig::GetProfilesValues() as $iKey => $aValue)
{ {
@@ -173,13 +173,13 @@ class LifecycleValidatorHelper
} }
else else
{ {
foreach ($oProfilesNode->GetNodes('./allowed_profile') as $oProfileNode) foreach ($oProfilesNode->GetNodes('./denied_profile') as $oProfileNode)
{ {
// Retrieving mandatory profile id attribute // Retrieving mandatory profile id attribute
$sProfileId = $oProfileNode->getAttribute('id'); $sProfileId = $oProfileNode->getAttribute('id');
if ($sProfileId === '') if ($sProfileId === '')
{ {
throw new DOMFormatException('Stimulus tag must have an id attribute.', null, null, $oProfileNode); throw new DOMFormatException('Profile tag must have an id attribute.', null, null, $oProfileNode);
} }
$aProfilesNames[] = $sProfileId; $aProfilesNames[] = $sProfileId;
} }
@@ -287,6 +287,12 @@ class LifecycleValidatorHelper
{ {
$aStimuli = array(); $aStimuli = array();
// Preparing available stimuli
foreach(MetaModel::EnumStimuli($sClass) as $sStimulusCode => $aData)
{
$aStimuli[$sStimulusCode] = true;
}
// Iterating on profiles to retrieving the different OQLs parts // Iterating on profiles to retrieving the different OQLs parts
foreach ($aProfiles as $sProfile) foreach ($aProfiles as $sProfile)
{ {
@@ -297,19 +303,16 @@ class LifecycleValidatorHelper
$sLifecycleValuesClass = $this->sGeneratedClass; $sLifecycleValuesClass = $this->sGeneratedClass;
$aProfileMatrix = $sLifecycleValuesClass::GetProfileStimuli($iProfileId, $sClass); $aProfileMatrix = $sLifecycleValuesClass::GetProfileStimuli($iProfileId, $sClass);
// If the profile / class tuple is not present (null), it means that all stimuli are allowed foreach($aProfileMatrix as $sStimulusCode)
if($aProfileMatrix === null)
{ {
$aImplicitStimuli = array_keys(MetaModel::EnumStimuli($sClass)); if(array_key_exists($sStimulusCode, $aStimuli))
$aStimuli = array_merge_recursive($aStimuli, $aImplicitStimuli); {
} unset($aStimuli[$sStimulusCode]);
else }
{
$aStimuli = array_merge_recursive($aStimuli, $aProfileMatrix);
} }
} }
return $aStimuli; return array_keys($aStimuli);
} }
/** /**
@@ -374,7 +377,7 @@ class LifecycleValidatorHelper
// File generated by LifeCycleValidatorHelper // File generated by LifeCycleValidatorHelper
// //
// Please do not edit manually // Please do not edit manually
// List of constant lifecycles // List of denied stimuli by profiles in the lifecycles
// - used by the portal LifecycleValidatorHelper // - used by the portal LifecycleValidatorHelper
// //
class $sClassName class $sClassName
@@ -382,6 +385,8 @@ class $sClassName
protected static \$aPROFILES = $sProfiles; protected static \$aPROFILES = $sProfiles;
/** /**
* Returns the denied stimuli for a profile / class
*
* @param integer \$iProfileId * @param integer \$iProfileId
* @param string \$sClass * @param string \$sClass
*/ */