composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-05-20 07:42:17 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'support/2.7' into feature/OAuthMail

Browse Source
This commit is contained in:
Eric Espie
2022-05-23 10:56:32 +02:00
parent a3f122184c da6621f2ff
commit a6580e3cd8
12 changed files with 141 additions and 110 deletions
Download Patch File Download Diff File Expand all files Collapse all files

21
datamodels/2.x/itop-portal-base/portal/src/Form/ObjectFormManager.php
View File

@@ -120,17 +120,6 @@ class ObjectFormManager extends FormManager
{
$aJson = static::DecodeFormManagerData($sJson);
$oConfig = utils::GetConfig();
$bIsContentCheckEnabled = $oConfig->GetModuleSetting(PORTAL_ID, 'enable_formmanager_content_check', true);
if ($bIsContentCheckEnabled && (false === $bTrustContent)) {
/** @noinspection NestedPositiveIfStatementsInspection */
if (isset($aJson['formproperties']['layout']['type']) && ($aJson['formproperties']['layout']['type'] === 'twig')) {
// There will be an IssueLog above in the hierarchy due to the exception, but we are logging here so that we can output the JSON data !
IssueLog::Error('Portal received a query with forbidden twig content!', \LogChannels::PORTAL, ['formmanager_data' => $aJson]);
throw new \SecurityException('Twig content not allowed in this context!');
}
}
/** @var \Combodo\iTop\Portal\Form\ObjectFormManager $oFormManager */
$oFormManager = parent::FromJSON($sJson);
@@ -1172,16 +1161,18 @@ class ObjectFormManager extends FormManager
$sObjectClass = get_class($this->oObject);
try {
// modification flags
$bIsNew = $this->oObject->IsNew();
$bWasModified = $this->oObject->IsModified();
$bActivateTriggers = (!$bIsNew && $bWasModified);
// Forcing allowed writing on the object if necessary. This is used in some particular cases.
$bAllowWrite = ($sObjectClass === 'Person' && $this->oObject->GetKey() == UserRights::GetContactId());
$bAllowWrite = $this->oContainer->get('security_helper')->IsActionAllowed($bIsNew ? UR_ACTION_CREATE : UR_ACTION_MODIFY, $sObjectClass, $this->oObject->GetKey());
if ($bAllowWrite) {
$this->oObject->AllowWrite(true);
}
// Writing object to DB
$bIsNew = $this->oObject->IsNew();
$bWasModified = $this->oObject->IsModified();
$bActivateTriggers = (!$bIsNew && $bWasModified);
try
{
$this->oObject->DBWrite();

6
datamodels/2.x/itop-portal-base/portal/src/Helper/SecurityHelper.php
View File

@@ -103,6 +103,12 @@ class SecurityHelper
return false;
}
// Forcing allowed writing on the object if necessary. This is used in some particular cases.
$bObjectIsCurrentUser = ($sObjectClass === 'Person' && $this->oObject->GetKey() == UserRights::GetContactId());
if(in_array($sAction , array(UR_ACTION_MODIFY, UR_ACTION_READ)) && $bObjectIsCurrentUser){
return true;
}
// Checking the scopes layer
// - Transforming scope action as there is only 2 values
$sScopeAction = ($sAction === UR_ACTION_READ) ? UR_ACTION_READ : UR_ACTION_MODIFY;

8
datamodels/2.x/itop-portal-base/portal/src/Twig/AppExtension.php
View File

@@ -99,7 +99,13 @@ class AppExtension extends AbstractExtension
return $sUrl;
});
//$filters[] = new TwigFilter('filter', 'twig_array_filter');
$filters[] = new Twig_SimpleFilter('filter', function ($array, $arrow) {
if ($arrow == 'system'){
return json_encode($array);
}
return twig_array_filter($array, $arrow);
});
return $filters;
}