mirror of
https://github.com/Combodo/iTop.git
synced 2026-04-23 02:28:44 +02:00
Portal : Allowed Organizations Part II. Made sur that the AllowAllData flag was passed everywhere it was necessary, only when it was necessary. This has been tested but needs MORE testing !
SVN:trunk[4409]
This commit is contained in:
Guillaume Lajarige
@@ -86,7 +86,7 @@ class ObjectController extends AbstractController
|
||||
}
|
||||
|
||||
// Retrieving object
|
||||
$oObject = MetaModel::GetObject($sObjectClass, $sObjectId, false /* MustBeFound */);
|
||||
$oObject = MetaModel::GetObject($sObjectClass, $sObjectId, false /* MustBeFound */, $oApp['scope_validator']->IsAllDataAllowedForScope(UserRights::ListProfiles(), $sObjectClass));
|
||||
if ($oObject === null)
|
||||
{
|
||||
// We should never be there as the secuirty helper makes sure that the object exists, but just in case.
|
||||
@@ -158,7 +158,7 @@ class ObjectController extends AbstractController
|
||||
}
|
||||
|
||||
// Retrieving object
|
||||
$oObject = MetaModel::GetObject($sObjectClass, $sObjectId, false /* MustBeFound */);
|
||||
$oObject = MetaModel::GetObject($sObjectClass, $sObjectId, false /* MustBeFound */, $oApp['scope_validator']->IsAllDataAllowedForScope(UserRights::ListProfiles(), $sObjectClass));
|
||||
if ($oObject === null)
|
||||
{
|
||||
// We should never be there as the secuirty helper makes sure that the object exists, but just in case.
|
||||
@@ -278,8 +278,9 @@ class ObjectController extends AbstractController
|
||||
}
|
||||
|
||||
// Retrieving origin object
|
||||
$oOriginObject = MetaModel::GetObject($sObjectClass, $sObjectId);
|
||||
|
||||
// Note : AllowAllData set to true here instead of checking scope's flag because we are displaying a value that has been set and validated
|
||||
$oOriginObject = MetaModel::GetObject($sObjectClass, $sObjectId, true, true);
|
||||
|
||||
// Retrieving target object (We check if the method is a simple function or if it's part of a class in which case only static function are supported)
|
||||
if (!strpos($sMethodName, '::'))
|
||||
{
|
||||
@@ -332,7 +333,7 @@ class ObjectController extends AbstractController
|
||||
// }
|
||||
|
||||
// Retrieving object
|
||||
$oObject = MetaModel::GetObject($sObjectClass, $sObjectId, false /* MustBeFound */);
|
||||
$oObject = MetaModel::GetObject($sObjectClass, $sObjectId, false /* MustBeFound */, $oApp['scope_validator']->IsAllDataAllowedForScope(UserRights::ListProfiles(), $sObjectClass));
|
||||
if ($oObject === null)
|
||||
{
|
||||
// We should never be there as the secuirty helper makes sure that the object exists, but just in case.
|
||||
@@ -461,7 +462,7 @@ class ObjectController extends AbstractController
|
||||
}
|
||||
else
|
||||
{
|
||||
$oObject = MetaModel::GetObject($sObjectClass, $sObjectId);
|
||||
$oObject = MetaModel::GetObject($sObjectClass, $sObjectId, true, $oApp['scope_validator']->IsAllDataAllowedForScope(UserRights::ListProfiles(), $sObjectClass));
|
||||
}
|
||||
|
||||
// Preparing transitions only if we are currently going through one
|
||||
@@ -666,7 +667,8 @@ class ObjectController extends AbstractController
|
||||
// Retrieving host object for future DBSearch parameters
|
||||
if ($sHostObjectId !== null)
|
||||
{
|
||||
$oHostObject = MetaModel::GetObject($sHostObjectClass, $sHostObjectId);
|
||||
// Note : AllowAllData set to true here instead of checking scope's flag because we are displaying a value that has been set and validated
|
||||
$oHostObject = MetaModel::GetObject($sHostObjectClass, $sHostObjectId, true, true);
|
||||
}
|
||||
else
|
||||
{
|
||||
@@ -803,7 +805,8 @@ class ObjectController extends AbstractController
|
||||
// Retrieving host object for future DBSearch parameters
|
||||
if ($sHostObjectId !== null)
|
||||
{
|
||||
$oHostObject = MetaModel::GetObject($sHostObjectClass, $sHostObjectId);
|
||||
// Note : AllowAllData set to true here instead of checking scope's flag because we are displaying a value that has been set and validated
|
||||
$oHostObject = MetaModel::GetObject($sHostObjectClass, $sHostObjectId, true, true);
|
||||
}
|
||||
else
|
||||
{
|
||||
@@ -1121,7 +1124,8 @@ class ObjectController extends AbstractController
|
||||
// Retrieving host object for future DBSearch parameters
|
||||
if ($sHostObjectId !== null)
|
||||
{
|
||||
$oHostObject = MetaModel::GetObject($sHostObjectClass, $sHostObjectId);
|
||||
// Note : AllowAllData set to true here instead of checking scope's flag because we are displaying a value that has been set and validated
|
||||
$oHostObject = MetaModel::GetObject($sHostObjectClass, $sHostObjectId, true, true);
|
||||
}
|
||||
else
|
||||
{
|
||||
@@ -1427,7 +1431,12 @@ class ObjectController extends AbstractController
|
||||
}
|
||||
|
||||
// Building the search
|
||||
$bIgnoreSilos = $oApp['scope_validator']->IsAllDataAllowedForScope(UserRights::ListProfiles(), $sObjectClass);
|
||||
$oSearch = DBObjectSearch::FromOQL("SELECT " . $sObjectClass . " WHERE id IN ('" . implode("','", $aObjectIds) . "')");
|
||||
if ($bIgnoreSilos === true)
|
||||
{
|
||||
$oSearch->AllowAllData();
|
||||
}
|
||||
$oSet = new DBObjectSet($oSearch);
|
||||
$oSet->OptimizeColumnLoad($aObjectAttCodes);
|
||||
|
||||
|
||||
@@ -94,7 +94,8 @@ class ObjectFormManager extends FormManager
|
||||
}
|
||||
else
|
||||
{
|
||||
$oObject = MetaModel::GetObject($sObjectClass, $aJson['formobject_id'], true);
|
||||
// Note : AllowAllData set to true here instead of checking scope's flag because we are displaying a value that has been set and validated
|
||||
$oObject = MetaModel::GetObject($sObjectClass, $aJson['formobject_id'], true, true);
|
||||
}
|
||||
$oFormManager->SetObject($oObject);
|
||||
|
||||
@@ -945,7 +946,8 @@ class ObjectFormManager extends FormManager
|
||||
// LinkedSet
|
||||
if (!$oAttDef->IsIndirect())
|
||||
{
|
||||
$oLinkedObject = MetaModel::GetObject($sTargetClass, abs($iTargetId));
|
||||
// Note : AllowAllData set to true here instead of checking scope's flag because we are displaying a value that has been set and validated
|
||||
$oLinkedObject = MetaModel::GetObject($sTargetClass, abs($iTargetId), true, true);
|
||||
$oValueSet->AddObject($oLinkedObject);
|
||||
}
|
||||
// LinkedSetIndirect
|
||||
@@ -961,7 +963,8 @@ class ObjectFormManager extends FormManager
|
||||
// Existing relation
|
||||
else
|
||||
{
|
||||
$oLink = MetaModel::GetObject($sTargetClass, $iTargetId);
|
||||
// Note : AllowAllData set to true here instead of checking scope's flag because we are displaying a value that has been set and validated
|
||||
$oLink = MetaModel::GetObject($sTargetClass, $iTargetId, true, true);
|
||||
}
|
||||
$oValueSet->AddObject($oLink);
|
||||
}
|
||||
|
||||
@@ -544,6 +544,39 @@ class ScopeValidatorHelper
|
||||
return $oSearch;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns true if at least one of the $aProfiles has the ignore_silos flag set to true for the $sClass.
|
||||
*
|
||||
* @param array $aProfiles
|
||||
* @param string $sClass
|
||||
* @return boolean
|
||||
*/
|
||||
public function IsAllDataAllowedForScope($aProfiles, $sClass)
|
||||
{
|
||||
$bIgnoreSilos = false;
|
||||
|
||||
// Iterating on profiles to retrieving the different OQLs parts
|
||||
foreach ($aProfiles as $sProfile)
|
||||
{
|
||||
// Retrieving matrix informtions
|
||||
$iProfileId = $this->GetProfileIdFromProfileName($sProfile);
|
||||
|
||||
// Retrieving profile OQLs
|
||||
$sScopeValuesClass = $this->sGeneratedClass;
|
||||
$aProfileMatrix = $sScopeValuesClass::GetProfileScope($iProfileId, $sClass, static::ENUM_MODE_READ);
|
||||
if ($aProfileMatrix !== null)
|
||||
{
|
||||
// If a profile should ignore allowed org, we set it for all its queries no matter the profile
|
||||
if (isset($aProfileMatrix['ignore_silos']) && $aProfileMatrix['ignore_silos'] === true)
|
||||
{
|
||||
$bIgnoreSilos = true;
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
return $bIgnoreSilos;
|
||||
}
|
||||
|
||||
/**
|
||||
* Returns the profile id from a string being either a constant or its name.
|
||||
*
|
||||
|
||||
@@ -112,7 +112,7 @@ class SecurityHelper
|
||||
// Checking if the cmdbAbstractObject exists if id is specified
|
||||
if ($sObjectId !== null)
|
||||
{
|
||||
$oObject = MetaModel::GetObject($sObjectClass, $sObjectId, false /* MustBeFound */);
|
||||
$oObject = MetaModel::GetObject($sObjectClass, $sObjectId, false /* MustBeFound */, $oApp['scope_validator']->IsAllDataAllowedForScope(UserRights::ListProfiles(), $sObjectClass));
|
||||
if ($oObject === null)
|
||||
{
|
||||
if ($oApp['debug'])
|
||||
|
||||
@@ -229,6 +229,8 @@ EOF
|
||||
$sDeleteBtn = Dict::S('Portal:Button:Delete');
|
||||
|
||||
$oSearch = DBObjectSearch::FromOQL("SELECT Attachment WHERE item_class = :class AND item_id = :item_id");
|
||||
// Note : AllowAllData set to true here instead of checking scope's flag because we are displaying a value that has been set and validated
|
||||
$oSearch->AllowAllData();
|
||||
$oSet = new DBObjectSet($oSearch, array(), array('class' => $sObjectClass, 'item_id' => $this->oField->GetObject()->GetKey()));
|
||||
|
||||
// If in read only and no attachments, we display a short message
|
||||
|
||||
@@ -479,7 +479,8 @@ EOF
|
||||
// In case of indirect linked set, we must retrieve the remote object
|
||||
if ($this->oField->IsIndirect())
|
||||
{
|
||||
$oRemoteItem = MetaModel::GetObject($this->oField->GetTargetClass(), $oItem->Get($this->oField->GetExtKeyToRemote()));
|
||||
// Note : AllowAllData set to true here instead of checking scope's flag because we are displaying a value that has been set and validated
|
||||
$oRemoteItem = MetaModel::GetObject($this->oField->GetTargetClass(), $oItem->Get($this->oField->GetExtKeyToRemote()), true, true);
|
||||
}
|
||||
else
|
||||
{
|
||||
|
||||
@@ -143,7 +143,8 @@ EOF
|
||||
{
|
||||
try
|
||||
{
|
||||
$oFieldValue = MetaModel::GetObject($sFieldValueClass, $this->oField->GetCurrentValue());
|
||||
// Note : AllowAllData set to true here instead of checking scope's flag because we are displaying a value that has been set and validated
|
||||
$oFieldValue = MetaModel::GetObject($sFieldValueClass, $this->oField->GetCurrentValue(), true, true);
|
||||
}
|
||||
catch (CoreException $e)
|
||||
{
|
||||
@@ -298,7 +299,8 @@ EOF
|
||||
// Retrieving field value
|
||||
if ($this->oField->GetCurrentValue() !== null && $this->oField->GetCurrentValue() !== 0 && $this->oField->GetCurrentValue() !== '')
|
||||
{
|
||||
$oFieldValue = MetaModel::GetObject($sFieldValueClass, $this->oField->GetCurrentValue());
|
||||
// Note : AllowAllData set to true here instead of checking scope's flag because we are displaying a value that has been set and validated
|
||||
$oFieldValue = MetaModel::GetObject($sFieldValueClass, $this->oField->GetCurrentValue(), true, true);
|
||||
$sFieldValue = $oFieldValue->GetName();
|
||||
}
|
||||
else
|
||||
|
||||
Reference in New Issue
Block a user