From 8a2fbdfd5655fb6bbab6771bc3476bfd26d94c04 Mon Sep 17 00:00:00 2001
From: Guillaume Lajarige <guillaume.lajarige@combodo.com>
Date: Thu, 2 Jun 2016 09:29:14 +0000
Subject: [PATCH] Customer portal : Manage Brick : Now displays object from the
 oql_view scope instead of the oql_edit scope. However, opening an object will
 be in edition mode if the user is allowed to do so, iotherwise it will open
 in view mode

SVN:trunk[4174]
---
 .../managebrickcontroller.class.inc.php       | 32 +++++++++++++++----
 1 file changed, 26 insertions(+), 6 deletions(-)

diff --git a/datamodels/2.x/itop-portal-base/portal/src/controllers/managebrickcontroller.class.inc.php b/datamodels/2.x/itop-portal-base/portal/src/controllers/managebrickcontroller.class.inc.php
index 97efe6929..c54301086 100644
--- a/datamodels/2.x/itop-portal-base/portal/src/controllers/managebrickcontroller.class.inc.php
+++ b/datamodels/2.x/itop-portal-base/portal/src/controllers/managebrickcontroller.class.inc.php
@@ -23,6 +23,7 @@ use \Silex\Application;
 use \Symfony\Component\HttpFoundation\Request;
 use \UserRights;
 use \CMDBSource;
+use \IssueLog;
 use \MetaModel;
 use \AttributeDefinition;
 use \AttributeDate;
@@ -249,7 +250,8 @@ class ManageBrickController extends BrickController
 
 			// Restricting query to allowed scope on each classes
 			// Note : Will need to moved the scope restriction on queries elsewhere when we consider grouping on something else than finalclass
-			$oScopeQuery = $oApp['scope_validator']->GetScopeFilterForProfiles(UserRights::ListProfiles(), $aGroupingAreasValue['value'], UR_ACTION_MODIFY);
+			// Note : We now get view scope instead of edit scope as we allowed users to view/edit objects in the brick regarding their rights
+			$oScopeQuery = $oApp['scope_validator']->GetScopeFilterForProfiles(UserRights::ListProfiles(), $aGroupingAreasValue['value'], UR_ACTION_READ);
 			$oAreaQuery = ($oScopeQuery !== null) ? $oAreaQuery->Intersect($oScopeQuery) : null;
 
 			$aQueries[$sKey] = $oAreaQuery;
@@ -341,11 +343,29 @@ class ManageBrickController extends BrickController
 					//if ($sItemAttr === $sTitleAttrCode)
 					if ($sItemAttr === $sMainActionAttrCode)
 					{
-						$aActions[] = array(
-							'type' => ManageBrick::ENUM_ACTION_EDIT,
-							'class' => $sCurrentClass,
-							'id' => $oCurrentRow->GetKey()
-						);
+						// Checking if we can edit the object
+						if (SecurityHelper::IsActionAllowed($oApp, UR_ACTION_MODIFY, $sCurrentClass, $oCurrentRow->GetKey()))
+						{
+							$sActionType = ManageBrick::ENUM_ACTION_EDIT;
+						}
+						// - Otherwise, check if view is allowed
+						elseif (SecurityHelper::IsActionAllowed($oApp, UR_ACTION_READ, $sCurrentClass, $oCurrentRow->GetKey()))
+						{
+							$sActionType = ManageBrick::ENUM_ACTION_VIEW;
+						}
+						else
+						{
+							$sActionType = null;
+						}
+						// - Then set allowed action
+						if ($sActionType !== null)
+						{
+							$aActions[] = array(
+								'type' => $sActionType,
+								'class' => $sCurrentClass,
+								'id' => $oCurrentRow->GetKey()
+							);
+						}
 					}
 
 					$oAttDef = MetaModel::GetAttributeDef($sCurrentClass, $sItemAttr);